×


All Labs

WEP Cracking via Passive Listening
WEP Cracking via Passive Listening

The purpose of this lab is to understand and exploit the security vulnerabilities of an 802.11 WEP-secured network. You will passively collected enough WEP IV's (Initialization Vectors) to determine the WEP encryption key. After obtaining the key, you will need to masquerade as a legitimate WEP client on the network, access a server, and download a file.

Fundamental

mobile

WEP Cracking via Active Injection
WEP Cracking via Active Injection

The purpose of this lab is to continue exploring the vulnerabilities of the 802.11 WEP security protocol. It is well-known that the WEP protocol is crippled with numerous security flaws. In the WEP Cracking via passive Listening lab in the Eureka series, we explored the methods of exploiting these flaws when a large amount of data was present. However, it is unlikely that a sufficiently large data stream is present on a network when in regular usage. This makes the relatively easy WEP crack from the Basic lab considerably more difficult. In this lab, we will use more efficient techniques to continue exploiting the WEP protocol.

Fundamental

mobile

WPA-PSK Key Cracking via Handshake Capture
WPA-PSK Key Cracking via Handshake Capture

The first generation of the IEEE 802.11 Wired Equivalent Privacy (WEP) security standard was found to be vulnerable to various statistical weaknesses in the encryption algorithm. While at- tempts were made to correct the problem, it is still relatively simple to crack WEP and essentially obtain the password right out of thin air. As a result, the Wi-Fi Alliance created an interim stan- dard called Wi-Fi Protected Access (WPA). However, the WPA Pre-Shared Key (PSK) mode is crackable due to a flaw that exists in the au- thentication procedure. There is a human-friendly password and a user involved. Combined with the reality that most users select poor passwords, there is an opportunity that can be exploited. The TKIP cipher is not crackable, as it is a per-packet key. However, the initialization of the TKIP, which happens during client authentication, provides an opportunity to obtain the password. An effective way to crack WPA-PSK is to force a re-authentication of a legitimate client. By forcing an actively connected client to disconnect and reconnect, we can capture the WPA-PSK four-way handshake that protects the key exchange. A robust dictionary attack may take care of a lot of simple passwords. Consequently, it is potentially easier to crack WPA-PSK than it is to crack WEP, as we will discover in this lab.

Fundamental

mobile

"Unlock" Wi-Fi Protected Setup (WPS)
"Unlock" Wi-Fi Protected Setup (WPS)

Wi-Fi Protected Setup, or WPS, is a push-button authentication method for WPA2 Personal-secured networks. Have you ever been connecting to a network and seen an option underneath the ``Password" field that said ``Or push the button on the router to connect?" That is WPS at work. WPS relies mainly on physical security, or the idea that a potential attacker needs to be physically present to compromise the system. However, this lab will demonstrate how a remote WPS attack is still possible.

Advanced

mobile

Secure your WiFi with WPA2-Enterprise
Secure your WiFi with WPA2-Enterprise

The purpose of this lab is to setup a WPA/WPA2 Enterprise (TKIP/AES + EAP-TTLS/PEAP) wireless network using FreeRadius and OpenWRT on a router. In addition, you will configure Linux/Windows/Android clients to connect to the network.

Advanced

mobile

Mobile Lab Platform for Users (Updated)
Mobile Lab Platform for Users (Updated)

In this document, we first will introduce how to create a user lab platform to perform activities for our Eureka labs. Next, we will exercise with a few important wireless related commands. Lastly, we will perform a rudimentary wireless network survey with these tools and commands.

Fundamental

mobile

"Hide-and-Seek" in Wireless
"Hide-and-Seek" in Wireless

In this basic lab, we will setup a simple wireless network with SSID hiding enabled. Students will be tasked to perform wireless network ``hide-and-seek'' (a simple wireless penetration test).

Fundamental

mobile

Mischievous MAC?
Mischievous MAC?

Carrier Sense Multiple Access (CSMA) is a probabilistic media access control (MAC) protocol in which a node verifies the absence of other traffic before transmitting on a shared transmission medium. CSMA/CA (Collision Avoidance) is a protocol for carrier transmission in 802.11 networks. In this lab, we will observe how traffic is regulated by CSMA/CA. With this knowledge, we can detect abuses and misbehavior targeted at CMA/CA at the MAC layer.

Challenging

mobile

Evil Twin AP Attacks and Prevention
Evil Twin AP Attacks and Prevention

Evil twin is a malicious access point set up to copy the identity of a real access point, hence the name twin, in order to eavesdrop and steal sensitive information. This attack will trick unsuspected users to connect to it, and from there, the attacker can perform many other attacks like man-in- the-middle or phishing websites.

Advanced

mobile network

Passing on Passwords
Passing on Passwords

When passwords are compromised, they can lead to unintentional data access, putting users at risk.

Fundamental

network system

XSS Attack and Defense
XSS Attack and Defense

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Fundamental

network

Take My Coin!
Take My Coin!

A blockchain is a growing list of records, called blocks, that are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. In this lab, we will exercise coin mining and block creation.

Fundamental

network

Identity Demystified
Identity Demystified

In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the ownership of a public key. The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). If the signature is valid, and the software examining the certificate trusts the issuer, then it can use that key to communicate securely with the certificate's subject.

Advanced

network

Crypto Flickered!
Crypto Flickered!

Length extension attacks can cause serious vulnerabilities when people mistakenly try to construct something like an HMAC by using hash(secret || message)}. Many hash functions are subject to length extension. Such hash functions are built around a compression function and maintain an internal state, which is initialized to a fixed constant. Messages are processed in fixed-sized blocks by applying the compression function to the current state and current block to compute an updated internal state. The result of the final application of the compression function becomes the output of the hash function. A consequence of this design is that if we know the hash of an n-block message, we can find the hash of longer messages by applying the compression function for each block that we want to add. This process is called length extension, and it can be used to attack many applications of hash functions.

Advanced

system

Bleeding Heart
Bleeding Heart

The Heartbleed bug was a serious vulnerability in OpenSSL. The weakness allowed attackers to steal information that would be protected in normal conditions by the SSL/TLS encryption used to secure connections. The Heartbleed bug will take advantage of reading the memory of the systems protected by the exploitable versions of OpenSSL. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.

Advanced

network system

Not-so-Personal Data
Not-so-Personal Data

This document servers as a experiment guidance for the purpose of using Generative Adversarial Networks (GAN) on privacy attack and privacy protection.

Challenging

network

"Invisible" Surfing
"Invisible" Surfing

We all need safe access to the Internet to obtain information and communicate with friends free from technology-facilitated violent o enses such as cyberstalking and harassment. The learning objectives of this lab are for students to be aware of personal identifiable information. Students will experiment other technologies such as Virtual Private Networks (VPNs) that protect identify information via encryption.

Advanced

network system

Shell Shattered
Shell Shattered

Shellshock is a security bug in the Unix Bash shell that could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests. The bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environmental variables.

Fundamental

system

A “Leaky” Database
A “Leaky” Database

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Advanced

system

This POODLE Bites!
This POODLE Bites!

The Padding Oracle On Downgraded Legacy Encryption (POODLE ) attack, also known as CVE-2014-3566, is an exploit used to steal information from secure connections, including cookies, passwords and any of the other type of browser data that gets encrypted as a result of the secure sockets layer (SSL) protocol. It allows attackers to decrypt network traffic between a client and a server.

Challenging

network system

Intruder Hunt
Intruder Hunt

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system.

Advanced

network system