Lab 3 - CYB 608 - Two Python exercises, the purpose of of which is to test skills with programming PDF

Title	Lab 3 - CYB 608 - Two Python exercises, the purpose of of which is to test skills with programming
Course	Ethical Hacking
Institution	National University (US)
Pages	3
File Size	84.4 KB
File Type	PDF
Total Downloads	18
Total Views	138

Preview

CLICK TO PREVIEW PDF

Summary

Two Python exercises, the purpose of of which is to test skills with programming when it comes to exploitation...

Description

CYB 608 – Ethical Hacking Week 3 Lab 10/19/2017

Purpose The purpose of these two exercises was to test our skills with programming when it comes to exploitation. One of its purposes was to familiarize us with the ASCII character tables, if we aren’t already familiar with it. Specifically, it was to see if we understood enough about Python to be able to read and understand basic logic in the language. Luckily, I’m a computer programmer, so these challenges weren’t that difficult for me.

Lessons Learned Though I have a lot of experience in programming, I have virtually none in Python. However, when it comes to logic, all programming languages are generally the same. I had to look up what a couple of the commands in the script meant, such as “ord”, which ended up being a command that converted a character into its ASCII value. I also don’t have a lot of experience at looking at other people’s code, so that was something I got with these exercises. It felt good being able to translate it into English. The first one was relatively straight-forward, but the second one was a little bit tricky, especially with that one ‘if’ statement that I’m sure was intended to throw the reader off (more information below).

Enumeration and Exploitation

Python 1 (Easy)

The python script is taking a single argument, and the only way it’ll print “correct” is if the total number of characters in that argument is 10, the sum of the ASCII character values for each character totals 1,000, and the ASCII character value of the character at position 1 in the array (the second character) is 83, which is an uppercase S. With that said, I took the ASCII character value of an uppercase S, which is 83, then grabbed whatever the character is for an ASCII value of 117 (in order to compliment the two to a sum of 200), and for the last eight characters, I used whatever the character for ASCII value 100 was, which was the lowercase letter d. The final answer was as follows: uSdddddddd

Python 2 (Easy)

Since I was given a compiled Python program for this problem (a pyc file), I had to decompile it. I downloaded a tool from online called Easy Python Decompiler v1.3.2, which decompiled it to its original code (in py file format). The program is asking for an input of 21 characters – no more and no less. It is taking the input of each character of the parameter passed in, one by one, and adding seven to it, and then comparing that to the built-in list of characters. The program tried to throw me off with the “if x > ord(‘z’): x -= 26” statement, because it’s unnecessary. That made me think I was supposed to add seven to each ASCII value instead of subtracting it. Since the values passed in had to be seven short, that if statement will never be true to get the correct password. The correct answer ended up being the following: m_s[persecreZpass]ord...