Well, we had our first activity but Sir Comsec is not around 😦 sad……. But we still continue our lab exercise about Wireshark and with that, the exercise also have theoretical questions that will going to answer based on what we will going to do. Our groupmates divided the tasks, since we’re only 3, RJ said that he will be going to answer the theoretical and Adrian & I will be going to do the Wireshark. At first, nahirapan kami because we are just following the direction without analyzing it, e pag ganun pa naman Adrian and I are always arguing na “Mali ka, ako tama”, “Ganito nga kasi”, “Ay nako bahala ka dyan”, “Intindihin kasi yung question”. Hahahahaha then we got it! Yung sa 3 way handshake. Then, when we’re in the middle of the lab exercise, we found it interesting! Paunahan kami! Haha. In the last part, we are arguing again about bakit di nalabas yung HTTP… etc = POST. And still nagpapaunahan kami. Sa pinoy exchange lumabas naman yung = POST pero bakit sa tipidpc hindi 😦 sad.
We’re running out of time. Then we found out that when you type the pinoyexchange.com, wala siyang https, but the other one which is the tipidpc.com ay meron. Natawa kami!! Adrian said that dahil daw pop up yung ‘sign in’ sa pinoy exchange kaya nalabas yung = POST, sa tipidpc daw di pop up. HAHAHAHAHAHA so funny! Ayun pala ang dahilan because mas secure yung TipdPc while the pinoy exchange doesn’t have. YEHEY!!!!
Next meeting, we had our discussion with Sir Comsec. Wooooh! For me the discussion is fairly easy because some of the topic discussed was what we learn in ITCONCE, DATACOMM, and in INFOSEC. It is an advantage that we had our INFOSEC before, because the lessons are fresh from our minds but I had forgotten some of the topics and I need to review those lesson that I had forgotten. Hehe.
I also want to share about our recent lesson which is about Cryptology. When Sir discussed / reviewed the lesson, it was clear and more defined to me. I made more sense to me than before, because it was elaborated and studied upon.
Sir Comsec told us to download a new software called “Burp Suite” and tomorrow (July 1, 2016) we will explore what it does and what it is for. Yehey!!!
Finally, the activity today was about the decoding of the encoded message from the website given to us by Sir Comsec. It was a message that was encode into a Base64 link that was supposed to be associated to a link of a page. Sir explained that links or the URL of the pages of websites are encode for security reasons. After getting the message, the next task was to find out the password for the account. The account was from tipidpc and we had to do a dictionary attack so that we can access the site. A dictionary attack is an attack by guessing the password using a dictionary or collection of possible words that maybe the password itself. We had use Burp Suite to launch a dictionary attack and we found out that when the password has been presented, it had to have a different length compared to the other words. We retrieved the password and it was aardvarks. After that activity, there was one final task that Sir Comsec had given to us and it was to crack a zip file that has a txt file containing a plaintext. He said that there were clues on the site and we found out the hidden message in the message box. It was encrypted using the Caesar cipher and through trial and error, we crack the zip and successfully extracted the txt file.
Well…….. “LESSON FOR TODAY” …….. DO NOT OVER THINK 🙂