Sin 16 Activity
---------------
0) be on a linux VM, e.g. Ubuntu
1) make a world-readable file that only root can edit:
	$ sudo touch root_only_log
	$ sudo chmod 644 root_only_log
	$ ls -al
	-rw-r--r-- 1 root   root	 28 Nov 11 21:32 root_only_log
2) download skeleton_drop_privileges.py
	- http://faculty.cs.tamu.edu/ritchey/courses/csce489/spring20/homework/skeleton_drop_privileges.py
3) rename, read, make executable
	$ mv skeleton_drop_privileges.py drop_privileges.py
	$ nano drop_privileges.py
	$ chmod u+x drop_privileges.py
4) run it as unprivileged user:
	$ ./drop_privileges.py
	[FAIL] unable to do the root thing
	[INFO] drop_privileges: running as ubuntu/ubuntu
	[SUCCESS] unable to do the root thing
5) run it as root:
	$ sudo ./drop_privileges.py
	[SUCCESS] did the root thing
	[INFO] drop_privileges: running as root/root
	[FAIL] still able to do root thing
6) add the code required to drop privileges
	# TODO: if current user is already not root, warn and return
	# TODO: get user and  group IDs from input user and group names
	# TODO: try to set uid and gid (drop privileges)
7) run it as root:
	[SUCCESS] did the root thing
	[INFO] drop_privileges: running as nobody/nogroup
	[SUCCESS] unable to do the root thing


Sin 17 Activity
---------------
0) be on a linux VM, e.g. Ubuntu
1) install pycrypto for Python3
	$ sudo apt install python3 python3-pip
	$ pip3 install pycrypto
2) download skeleton_protected_file.py
	- http://faculty.cs.tamu.edu/ritchey/courses/csce489/spring20/homework/skeleton_protected_file.py
3) rename, read, make executable and restrict access
	$ mv skeleton_protected_file.py protected_file.py
	$ nano protected_file.py
	$ chmod u+x,go-rwx protected_file.py
4) run it:
	$ ./protected_file.py -p password filename -w string
	$ ./protected_file.py -p password filename -r
	string

5) prove that data is not protected
	$ cat filename
	string
	$ ls -l filename
	-rw-rw-r-- 1 ubuntu ubuntu 12 Nov 12 07:26 filename
6) add the code required to protect the stored data
	# TODO: try to verify and decrypt the file with the password
	# TODO: append to file data
	# TODO: generate a new random IV (16 bytes = 128 bits)
	# TODO: pad the data to 16 bytes
	# TODO: derive a 32-byte key for AES from password
	# TODO: AES-encrypt the padded data
	# TODO: compute HMAC of IV|ciphertext
	# TODO: write HMAC|IV|ciphertext to file
	# TODO: set file permissions: u=rw
7) run it:
	$ ./protected_file.py -p password protected_filename -w string
	$ ./protected_file.py -p password protected_filename -r
	string
	
8) show that data is protected:
	$ $ hexdump -C secrets
	00000000  0e 55 5b e2 2d 5c 90 f5  77 c7 59 13 75 e5 90 7e  |.U[.-\..w.Y.u..~|
	00000010  f6 e3 05 18 3c 21 e8 5b  90 69 b8 34 2f a7 69 62  |....<!.[.i.4/.ib|
	00000020  b8 90 48 91 87 21 2a 2f  f9 d9 df f2 a3 92 10 0d  |..H..!*/........|
	00000030  b6 45 45 94 91 7b 9e 55  1d 3c 52 1c 4b f3 32 6e  |.EE..{.U.<R.K.2n|
	00000040  4d 31 66 77 86 15 6d 3d  7d 2b 85 41 e3 bc 1a cf  |M1fw..m=}+.A....|
	00000050  85 94 c6 31 91 fc 97 3b  8f a1 54 0e b3 65 21 d1  |...1...;..T..e!.|
	00000060
	$ ls -l protected_file
	-rw------- 1 ubuntu ubuntu 96 Nov 12 09:19 protected_filename
	

Sin 21 Activity
---------------
0) doesn't matter where you do this, but rather when.  expect this one to take some time
	* c.f. xkcd#303 (https://xkcd.com/303)
1) compute a hash in Python:
	>>> import hashlib
	>>> h = hashlib.sha256()
	>>> h.update(b'correct horse battery staple')
	>>> h.hexdigest
	'c4bbcb1fbec99d65bf59d85c8cb62ee2db963f0fe106f483d9afa73bd4e39a8a'
2) download a dictionary of common words/passwords
	* https://github.com/danielmiessler/SecLists/tree/master/Passwords
3) crack this unsalted sha256 hash with a dictionary attack:
	* 8d7d5397f8842b4181d38bc57b85b9ff1860456f92872c43f991a904c45062d5
	* try every word in the dictionary until hash(word) == target_hash
4) if you're clever, you'll make a dictionary of hashes so you don't ever have to recompute a hash (because hashing is relatively expensive)
	* dictionary[hash(word)] = word
	* write out to file
	* if target_hash is in dictionary, then dictionary[target_hash] is word s.t. hash(word) = target_hash
		- i.e. hash is cracked
5) crack these salted sha256 hashes:
	* e68e583b1007e61cf014ab7f4c885b49027cc696f06ca71f82d2b000695dd783
		- salt = b'\xea$\xb3-'
	* ea477b2a180c34d58111abc83a05e2ff781658c78dafa8c0a6d7148fdedfcd18
		- salt = b'\xf8\xe4>\xbc'
	* 92473147eb60560a6909134121c90b9879d010cc979f1d0c3c5552c6247c00c0
		- salt = b'l\x11E,'
	* try every word in the dictionary until hash(word|salt) = target_hash
		- | means concatenation
6) crack this salted sha256 hash:
	* 033050ae8ea02d5550fcd6e0f169701588e314e0e012e44cc52e357800881c1b
		- salt is 32 bits and undisclosed
		- you should try to divide and conquer with the rest of the class
		- good luck!