CS338 Computer Security Wednesday, 18 May 2022 + Debrief on pen-testing #1 - anything interesting about selected domains? - how does the host detection work? - how does port scanning work? + Use Wireshark to answer questions - nmap -sn local - nmap -sn remote - nmap -sn non-existent local - nmap -sn non-existent remote - nmap remote - nmap local - nmap other scans: FIN, NULL, Christmas Tree,... - ping - ... + netcat - search for "netcat examples" or "nc examples" - generic TCP client - use it to get to know a protocol (try it on HTTP) - generic TCP-based server - chat interface - port scanning - file transfer - ... + Prebrief on ARP spoofing - PITM: get Alice and Bob to send you their packets - Simplicity of ARP - Reading the Wikipedia page - Reading the RFC - What does Wireshark show? + Finally, Jeff gets a certificate - Look at a certificate - *.cer is DER-encoded certificate - ASN.1 description is in RFC 5280 (nice summary in Wikipedia for X.509) - use a browser - openssl x509 -inform der -in whatever.cer -text - multiple domains on one IP - my DNS records - what nginx does - nginx config files, sites-available, sites-enabled - the role of the HTTP Host: header - the Server Name Indication (SNI) extension to TLS - Overall plan - Set up an HTTP server at port 80 - Login as a user with permissions to write to the web directory - Run certbot (install first; comes from Let's Encrypt) sudo certbot certonly --webroot --webroot-path=/srv/www/example.com -d example.com - (What does it do? What files are created?) - Contacts the Let's Encrypt server/cert authority and says I want a cert for isruthscatstillalive.com - LE says "prove you control that domain; here's some crap to put in /.well-known/blah.txt" - Creates the file in /.well-known - Says "LE: I created the file!" - LE requests the file and checks its contents - OK? LE believes you're in charge of isruthscatstillalive.com, so it signs a cert for you and sends it back - Deletes blah.txt, puts the cert somewhere, etc.