Winter 2023 CS Comps
Exploiting Security Vulnerabilities
Replicating Software Vulnerabilities
How to Change Your Grades, the Hard Way
No software is completely secure, not even against six undergrad CS majors with eight weeks on their hands.
We replicated existing attacks for historically significant software vulnerabilities and flaws in software used daily at Carleton. We set up vulnerable systems, performed penetration testing with existing POCs (Proof-Of-Concept), and then wrote our own exploits and added them to Metasploit.
Tools We Used
Here are some tools we used to perform penetration-testing and automate our exploits
Kali Linux
Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
Metasploit
The Metasploit Framework is a Ruby-based, penetration testing platform that enables you to write, test, and execute exploit code. It is a collection of commonly used tools, providing complete environment for penetration testing and exploit development.
Metasploitable2
Metasploitable 2 is an intentionally vulnerable Ubuntu Linux virtual machine that is designed for testing common vulnerabilities, compatible with VMWare, VirtualBox, and other common virtualization platforms.
CVEs We Exploited
CVE is short for Common Vulnerabilities and Exposures. It is a list of publicly disclosed computer security flaws. After studying the CVE database, we selected a small collection of CVEs for which to write exploits and set up automated attacks in Metasploit. Here are the list of CVEs we explored.
Cool Security Terms ...
It is hardly a surprise since whenever a new field of expertise arrives on the scene, it inevitably spawns new words, acronyms, and phrases.
Here are some cybersecurity terminology that you might want to know...
Exploit
A means of attack on a computer system, either a series of commands, malicious software, or piece of infected data. Note that in this context, “exploit” is a noun, not a verb, as in “The hacker used a malware exploit to gain access to the credit card’s server.”
Pen Test
Penetration test, commonly referred to as pen test, simulates a cyberattack on your system to look for weaknesses that could be exploited. Pen testing involves attempting to get into any number of systems to find security holes like that are vulnerable to code injection attacks.
Proof of Concept
A proof of concept (POC) is an exercise in which work is focused on determining whether an idea can be turned into a reality. In computer security this often means that hackers show that they have been able to make use of a security flaw in software or hardware.
Encode
Encoding is a reversible transformation of data format, used to preserve the usability of data. Note that it is different from Encryption whichis the process of securely encoding data in such a way that only authorized users with a key or password can decrypt the data to reveal the original.
Zero-day Exploit
Zero-day Exploit is used to define exploit code that has been written to take advantage of a vulnerability before the vendor knows about the vulnerability and can release a patch for it.
Ethical Hacking
Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating actions of malicious attackers. This practice helps to identify vulnerabilities which can be resolved before a malicious attack.
Ransomware
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
Remote Code Execution
Remote code execution (RCE) attacks allow an attacker to remotely execute malicious code on a computer. The impact of an RCE vulnerability can range from malware execution to an attacker gaining full control over a compromised machine.
Shellcode
Shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.