Thursday, 5 March 2015

Hackception Exceptional!

Linux is Better than Windows!
Don't know if Linux (the Open source) is really better than windows in every aspect. Even though Linux is highly customizable , it is not highly reachable and is not user friendly when compared to windows,and also in 2014 the report of vulnerabilities in the OS, "Apple Mac OS X topped the ist, Linux 3rd and windows in 4th and other positions. 

But for developers and hackers Linux is must!

All of us use websites, we use our usernames and password to have our own profile. Now how does it actually work. we send the data that is ,the input to the server which is stored or used by the server. Now these inputs are not sent just like a plain text or the same way user sends it, it has to be modified in a way that no one understands it except the user and the server. So this is Encryption. 

Encryption basically is the conversation of data into another form , called cipher text, which cannot be easily understood by authorized people. 
Since we have encryption , to convert the data, we also have decryption to decode the data. and this encryption and decryption is called as cryptography

There are many types of cryptography. but before that there is something called public key and private key. 
The Public Key is what its name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.

Caesar cipher

Caesar was a Roman emperor ….Everyone knows…..!

He was one of the very first to use cyphers for secret communication….

Well not many know that do they…….?

How does it work……

  • The alphabets are taken in order.
  • The given text is written down.
  • The Shifting is done
  • Here's the trick….

      • Plain:      ABCDEFGHIJKLMNOPQRSTUVWXYZ
        Cipher:   DEFGHIJKLMNOPQRSTUVWXYZABC

      • The text is shifted to the right by 3

Thus “Kl wkhuh...Wklv lv pb iluvw fbskhu....

Is actually “Hi there...This is my first cypher....

What’s the point for coders if you Don’t Know the Math…
Encryption
            Y = (X + n) mod 26

Decryption
            X = (Y - n)  mod 26

Try this link : http://online-calculators.appspot.com/caesar_ext/

Here’s a part of history…. :-)

Caesar used this hardware for his cipher…. :-)

 Affine Cipher:

This is almost same as the Caesar's cipher
encryption is given as: f(x)= (ax+b)mod 26
decryption : y(x)=a^-1(x-b)mod 26
and when a is 1 it is Caesar's cipher
send many more methods... like Da Vinci code

MD5. 
 One way encryption. That is decoding is not possible!. and now we also have MD6  
 
Then we saw about the network. How to use Linux commands to check the details , like ip address and ports used for various purposes. etc etc..
used commands like ping, nmap to check the details of the server. and also used ftp, ssh to access other computer. and also monitor the other computers.
Post lunch session: After an hour of break, started with web , real cool things. but people actually dint understand it. only few know about php, html, css so it was hard for those people to get started quickly. 
Cracking into an website without an exact username and password, how to actually create pages and have it running perfectly, get and post methods, and some security issues with php scripts. and XSS 
Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques.
In the pie-chart below, created by the Web Hacking Incident Database for 2011 (WHID) clearly shows that whilst many different attack methods exist, SQL injection and XSS are the most popular.
                                                                                                                                                                                                                                                                                 



and Wire shark. A Tool where the list of details given for each and every packet.

At Last, Real cool hacking stuffs, hacking security cameras, bugs in intranet.amrita.edu and more. Hope to have more fun. Sessions should have been more interactive. It Lacked attention in the first session. Second session was more fun.