Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Senior Project


ghost's Avatar
0 0

At my school we have this thing where we have to do a senior project on my career choice and I have to present it in front of a group of people that consist of the Superintendent of our school system, the principle of each of the four high schools in our school district and the director of the program that I go to since it isn't a traditional high school. I have to present this project after December of this year, so I have time to work on it, but I would like to rehearse and make sure I don't look like an idiot and ruin my chances of graduating early.

My career in mind is IT security, and I'm trying to think of a way that I can present this to the judges. I have thought of using our schools network as my project since I already know it inside and out, but I've already talked with the IT guy for our school system and he said that wouldn't work because someone on the board might find a 16 year old getting into the school system full of sensitive information as a threat.

But would anyone know how I could present this, or any ideas? Any help at all would be greatly appreciated.

If this is the wrong place for this, I apologize. I'll re-post this in the correct forum if someone would tell me where the correct place would be if this isn't it.


ghost's Avatar
0 0

To start with you should never show exploits on someone else's site/network and especially not in real time. But when you say "IT security" do you mean on websites or networks? If you know some PHP or Perl you could make your own website and show some common exploits there.


ghost's Avatar
0 0

I'm not really all that good with PHP or Perl to be totally honest. Only thing I really know fluently is HTML and CSS and they are the same thing and it's pretty sad. Everything else I just have secondhand knowledge off of. I thought about getting into my own personal network at home, but I live in a house full of Macs, and as far as I know, they are way out of my league.

I would really be fine with either networks or websites. I thought of making a LAN type network with a few other laptops or desktops, but I wasn't sure exactly how that would work out for me. I'm just open for ideas on both ends. I have a few months to figure out exactly what I'm doing and how to put it all into a presentation…

Thanks for telling me not to show them anything in real time :/ That'd probably save me a lot of trouble…


chess_rock's Avatar
Member
0 0

Maybe you could program a set of tools for security purposes, like a port-scanner, pinger and other easy to program tools. You could add information about their uses and so. Read about sockets if you like the idea. There are lots of information about that on the internet.

Anyway, that's just a suggestion…


ghost's Avatar
0 0

I most likely will make my own tools and things like that, but I'd want to have something to test them and and prove that they work. But that's a great idea.

I don't know if I should make my own network, make a website or use someone elses website.


spyware's Avatar
Banned
0 0

If you want to test shit out, either get two spare boxen and configure those, or go virtual.


WightBoy's Avatar
Member
0 0

Fre Quen C wrote: I most likely will make my own tools and things like that, but I'd want to have something to test them and and prove that they work. But that's a great idea.

I don't know if I should make my own network, make a website or use someone elses website.

You may use my site if you like… onewayexpress.ismywebsite.com. However, because i dont host the server, it is somewhat secure. And doesn't have a lot to hack. (Small site, small purpose. Use if it helps.) The whole idea it is a proxy may help you out aswell i guess…

You could make the portscanner, and ask the IT Security guy to open some ports to show that it does work. (Tell your audience the IT Security person allowed it beforehand of course :). If that wont lose his job…)

Goodluck


spyware's Avatar
Banned
0 0

WightBoy wrote: You may use my site if you like… onewayexpress.ismywebsite.com. However, because i dont host the server, it is somewhat secure. And doesn't have a lot to hack. (Small site, small purpose. Use if it helps.) The whole idea it is a proxy may help you out aswell i guess…

You could make the portscanner, and ask the IT Security guy to open some ports to show that it does work. (Tell your audience the IT Security person allowed it beforehand of course :). If that wont lose his job…)

Goodluck

Are you a complete, total idiot, or are you just trying to mess with that guy?


WightBoy's Avatar
Member
0 0

complete total idiot?

if its about the port scanner… just a suggestion… calm down if its about my site i seriously dont care.. ill make another one later if he fucks it up. Only get 1gig bandwidth anyways >.>


spyware's Avatar
Banned
0 0

WightBoy wrote: complete total idiot?

if its about the port scanner… just a suggestion… calm down if its about my site i seriously dont care.. ill make another one later if he fucks it up. Only get 1gig bandwidth anyways >.>

You_are_not_the_owner.

You cannot give permission.


ghost's Avatar
0 0

I'm trying to see what I can do about buying my own website and bringing two computers with an internet connection using one to show what I could use to deface the site and the other to fix what was defaced through totally different methods. I might just use one computer if I can't get my idea to work out right…

Talked with a few friends and they said messing with a website would probably be the easiest way, and it'd keep me from having to set up my own network. Gotta figure out how to buy a domain to set it up though.

Thanks for offering to let me use your site, but I'm going to have to decline. I wouldn't want to get in trouble for it.


fashizzlepop's Avatar
Member
0 0
  1. DVL
  2. Your PC

Show 'em what you know.


stealth-'s Avatar
Ninja Extreme
0 0

Personally, If I was in your situation, I'd set up a video recording session on my desktop and record me breaking into a linux box with a few pre set up vulnerabilities, and make it really realistic. Such as trying a few vulnerabilities that dont work, then getting access to a user level account and running a permissions upgrade vulnerability to root the box. Perhaps there are other things that could be demonstrated aswell, such as WEP encryption breaking and packet sniffing. Then you could just show the video and explain it as it goes along, pausing if necessary.

EDIT: Don't forget that by "pre set up vulnerabilities" I mean use a box you have permission to use, cause obviously it would be a bad idea to show crime evidence to your school principal ;)


WightBoy's Avatar
Member
0 0

spyware wrote: [quote]WightBoy wrote: complete total idiot?

if its about the port scanner… just a suggestion… calm down if its about my site i seriously dont care.. ill make another one later if he fucks it up. Only get 1gig bandwidth anyways >.>

You_are_not_the_owner.

You cannot give permission.[/quote] I am the owner of what is mine.. i DID NOT mean going that deeply into the server. Anyway he declined so eh…

To the op: You could simulate the hacking of a wireless network. So write a program looking and behaving like aircrack but not actually doing anything wirelessly, just showing the processes of hacking using particular software, then of course show the best methods in which secure the network.


spyware's Avatar
Banned
0 0

WightBoy wrote: I am the owner of what is mine.. i did not mean going that deeply into the server.

You are an idiot.


ghost's Avatar
0 0

I actually didn't even consider using DVL shizzlepop. Probably going to try and use that with some other things. I'm going to try and cram as much in the presentation as I can.

I haven't gotten to where I know much about programming… Kinda feel bad about it. But if I'm going to simulate a wireless network what language should I try to use to make one?


fashizzlepop's Avatar
Member
0 0

You can't really program a wireless network… you would actually need the real deal. You can find a cheap(cheap at Best Buy or Frys) wireless router and ask the tech guy if you can set it up and show a quick demo of breaking the security and accessing a box of yours. This will take a lot of planning. But you can make the box you break into run DVL.


ghost's Avatar
0 0

I agree with the above posts. Setting up an insecure network and breaking into it and explaining would be alright. Just keep legal, as previously said: you don't want to simply show crime evidence to the principle and admins.


ghost's Avatar
0 0

I'm going to see what I can do about going to Best Buy tomorrow and buying a router and making my own little network. Would I need to get two, or would one suffice? I don't know much about actually setting up a network, I apologize…


WightBoy's Avatar
Member
0 0

MoshBat wrote: [quote]spyware wrote: [quote]WightBoy wrote: I am the owner of what is mine.. i did not mean going that deeply into the server.

You are an idiot.[/quote] Seconded.

From what I've managed to translate from something that I can only assume is known as "utter shite", you're trying to hand out permission for people to fuck with a server that isn't yours, even if it's just the bit you pay(?) for. Well, let's see if that holds up in a court of law should anyone be so stupid as to take the "permission".[/quote]

Can you read? i didn't mean the server… i meant entirely what is mine. Hacking isn't all about hacking solely the server… correct me if im wrong.

I basically meant the OP could start with the most basic methods and build to more technical ones.

Such example of one so simple is a comment injecting some javascript… (ie: <script>alert("XSS");</script>). Yes i know it is nothing big and technical, but it is still a form of hacking, not affecting a server just the page, and may also be a method which is skipped over by particular people.

Im sorry if what i meant didn't make sense at first (lack of sleep + constant training don't mix)


fashizzlepop's Avatar
Member
0 0

One wireless router is enough. Ask the IT guy to allow you to hook up the wireless router and then set up a box running DVL to use the wireless. Then, take a laptop and walk in the room and show 'em your shit.


ghost's Avatar
0 0

If I go to Best Buy and buy a router, would I be able to set it up in multiple places? Such as setting it up in school, if allowed, and then bring the router home to practice on, or would it be to tedious to do something such as that? I'm not as experienced with things like this as I'd like to be, and I apologize.

If I were to set up a website to go along with the presentation if I had time, should I use Dreamweaver or something like Editpad and if I were to add software to it, should I use something like PHP and throw java in there just because, or keep it a simple HTML website?


spyware's Avatar
Banned
0 0

Dude, if you want to demonstrate something, you'll have to demonstrate something you can demonstrate.

"I'm doing this project, how do this project" doesn't make a lot of sense to me.

If you can't do the demonstration, don't do it.


ghost's Avatar
0 0

It's not that I can't demonstrate it, it's just that I want to make sure I demonstrate it the correct way. I apologize if it came off that way, which now that I read over it it does.

Thanks for all the help though. Thankful for all the help I was given.


fashizzlepop's Avatar
Member
0 0

A cheap wireless router is easy to plug in and unplug. That's all you have to do. Now if you don't already know that a wireless router i(usually is for private purposes) small and only needs to plug into the wall and an internet connection, I don't see how you can figure out how to break the security and root a box… :(


ghost's Avatar
0 0

fashizzlepop wrote: A cheap wireless router is easy to plug in and unplug. That's all you have to do. Now if you don't already know that a wireless router i(usually is for private purposes) small and only needs to plug into the wall and an internet connection, I don't see how you can figure out how to break the security and root a box… :(

You dont need an internet connection to set up a LAN using a router.

Edit: Only mention it because if you were to set up a LAN for a demonstration on rooting a box at school, you may or may not actually connect to the internet.


WightBoy's Avatar
Member
0 0

MoshBat wrote: XSS is still technically illegal. I quote "It is an offense to make a computer perform a function and for that function to be deemed unauthorised by the owner of that computer". Yeah, you still can't give permission for anyone to do that. Oh, and I can read, write and speak more fluently than you could even dream of, and you've already proven that. Okay i see your point… i think. I shall keep that in mind along wiht the speaking (typing) more clearly.


WightBoy's Avatar
Member
0 0

MoshBat wrote: [quote]WightBoy wrote: [quote]MoshBat wrote: XSS is still technically illegal. I quote "It is an offense to make a computer perform a function and for that function to be deemed unauthorised by the owner of that computer". Yeah, you still can't give permission for anyone to do that. Oh, and I can read, write and speak more fluently than you could even dream of, and you've already proven that. Okay i see your point… i think. I shall keep that in mind along wiht the speaking (typing) more clearly.[/quote] My point was that you can't giver permission to someone to screw around with things you don't own, even if you believe you own the files in question, as the illegal activities in question take place on something you don't own, see? For example, you "own" your own back yard, so you can give permission to someone to chuck glow-in-the-dark paint all over it. However, you can't tell them then can in someone else's yard, which contains some of your property, like a chair you lent them… Also, you capitalize all referances to yourself in the form of "I", even if it isn't at the start of sentence.[/quote]

Yes.. I got that, hence why I said I got your point. I am also aware of capitalizing all references to myself in the form of "I" (both my parents are english teachers… I am not stupid) but people get lazy… including myself even if it is something as small as capitalizing particular letters in particular contexts.


WightBoy's Avatar
Member
0 0

MoshBat wrote: Well, I clarified, as you added "i think" after you confirmed you understood me… And not bothering with standard grammar and punctuation makes you look like the average "i just discovored the internet, it haz facebook on it.." person. It's better to make yourself come across as more intelligent than that; people will listen. Also, you get into the habit of doing it, and chances are, it won't take you any longer than ignoring the shift button… Okay then, I think I might shut up now… getting a bit sick of these lectures from you Mosh xD Note: I don't think I would ever spell "has" the way you did in that example, seriously, it is almost as bad as speaking in 1337 >.>.