Scribd Logo
Upload

Welcome to Scribd!

  • 12 views

    Infosec Report A2

    Uploaded by

    Abtaal Aatif

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Infosec Report A2

    Uploaded by

    Abtaal Aatif
    12 views30 pages

    Original Title

    InfosecReportA2

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    12 views30 pages

    Infosec Report A2

    Uploaded by

    Abtaal Aatif

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 30

    Question 1

    Lab 1
    Setup, folder creation and generating certificate authority key

    mkdir demoCA
    cd demoCA
    mkdir certs crl newcerts
    touchindex . txt serial
    echo 01> serial
    cd . .
    openssl req−new−x 509−keyout ca . key −out ca . crt−config /etc/ ssl/openssl . cnf
    Viewing ca.key and ca.srt

    cat ca . key

    cat ca . srt
    Generating Server key

    openssl genrsa−aes 128−out server . key 1024

    cat server . key


    Viewing Server Key

    openssl rsa−¿ server . key−text

    Generating a Certificate Signing Request

    openssl req−new−key server . key −out server .csr−config/etc /ssl /openssl . cnf

    Signing the certificate signing request


    openssl ca−¿ server .csr−out server . crt−cert ca . crt −keyfile ca . key−config/etc /ssl /openssl . cnf

    cat server . crt


    cat demoCA /newcerts/01. pem

    Configuring DNS

    127.0 .0 .1i 210486. com


    Creating a combined server.pem from server.key and server.crt

    cp server .key server . pem


    cat server . crt ≫ server . pem

    Starting a webserver with server.pem certificate

    openssl s server −cert server . pem−www


    Security warning due to unknown CA created above

    Allowing Certificate Authority


    Opening website
    Setting up SSL and certificates in Apache2/SSL

    cp server .crt pkicert . pem

    cp server .key pkikey . pem

    sudo mv pkicert . pem/etc /apache 2 /ssl

    sudo mv pkikey . pem/etc /apache 2/ ssl


    Editing 0000-default.conf

    ¿ VirtualHost∗:80> ¿
    ServerName i210486. com
    DocumentRoot / var /www /html
    DirectoryIndex index . html
    ¿ /VirtualHost >¿
    Editing default-ssl.conf

    ¿ VirtualHost∗:443 >¿
    ServerName i210486. com
    DocumentRoot / var /www /html
    DirectoryIndex index . html
    SSLEngine on
    SSLCertificateFile/etc /apache 2 /ssl/ pkicert . pem

    SSLCertificateKeyFile/etc /apache 2/ ssl/ pkikey . pem

    ¿ /VirtualHost >¿
    Starting enabling ssl, checking config and starting server

    sudo apachectl configtest


    sudo systemctl restart apache 2

    Website Display
    Setup MIMT
    Adding replacing ssl certificate for nu.edu.pk with my created ssl certificate

    ¿ VirtualHost∗:443 >¿
    ServerName nu . edu . pk
    DocumentRoot / var /www /html
    DirectoryIndex index . html
    SSLEngine on
    SSLCertificateFile/etc /apache 2 /ssl/ pkicert . pem

    SSLCertificateKeyFile/etc /apache 2/ ssl/ pkikey . pem

    ¿ /VirtualHost >¿
    ¿ VirtualHost∗:80> ¿
    ServerName nu . edu . pk
    DocumentRoot / var /www /html
    DirectoryIndex index . html
    ¿ /VirtualHost >¿
    Editing /etc/hosts

    127.0 .0 .1nu . edu . pk

    Setting up fake mimt website via apache

    sudo apachectl configtest


    sudo systemctl restart apache 2
    Making a new key for nu.edu.pk

    openssl genrsa−aes 128−out nuedu . key 1024

    Creating Certificate Signing request

    openssl req−new−key nuedu .key −out nuedu . csr−config/etc /ssl /openssl . cnf
    Signing Certificate

    openssl ca−¿ nuedu . csr−out nuedu . crt−cert ca . crt−keyfile ca . key −config /etc/ssl /openssl . cnf
    Setting compromised SSL in apache

    cp nuedu . crt pki¿ . pem


    cp nuedu . key pki¿ . pem
    sudo mv pki¿ . pem/etc /apache 2/ ssl
    sudo mv pki¿ . pem/etc /apache 2/ ssl

    Setting ssl in default-ssl.conf


    Restarting apache and checking nu.edu.pk

    sudo apachectl configtest


    sudo systemctl restart apache 2
    Question 2
    Overview
    Common Functions between client & server
    Diffie Hellman Key Exchange
    def diffie_hellman(sock):
    # key between 1 and p-1
    private_key = random.randint(1, p-1)

    public_key = pow(g, private_key, p)

    sock.send(str(public_key).encode('utf-8'))

    server_public_key = int(sock.recv(256).decode('utf-8'))

    shared_secret = pow(server_public_key, private_key, p)


    return shared_secret

    The function above runs on both client and server, the function makes a privatekey between 1 and p-1,
    and calculates
    a
    publicKey=g mod P
    Where “a” is the random private integer that is decided on both client and server side. Then the
    calculated key is sent to each other via socket.send() and socket.recieve(). Before sending, the key is
    encoded into bytes to be sent, and decoded while received.

    Then to calculate the final key, the formula


    a
    SharedSecret=B mod P
    Here B is the key received from each side and is used to make the final shared secret key
    Password Storage
    Wireshark
    Diffie Hellman Key Exchange
    Encrypted Registration / login
    Email

    Username

    Password
    Registration Confirmation
    Encrypted Communication

    You might also like