vault backup: 2025-01-30 17:33:17

.obsidian/appearance.json

@@ -3,8 +3,10 @@
   "theme": "system",
   "cssTheme": "Tokyo Night",
   "nativeMenus": true,
-  "baseFontSize": 16,
+  "baseFontSize": 14,
-  "interfaceFontFamily": "AppleGothic,Apple SD Gothic Neo,Apple LiGothic",
+  "interfaceFontFamily": "AppleGothic,Inter",
-  "textFontFamily": "AppleGothic",
+  "textFontFamily": "AppleGothic,Inter",
-  "monospaceFontFamily": "PT Mono"
+  "monospaceFontFamily": "PT Mono,Andale Mono",
+  "baseFontSizeAction": false,
+  "translucency": true
 }

.obsidian/workspace.json

@@ -13,12 +13,12 @@
             "state": {
               "type": "markdown",
               "state": {
-                "file": "Penetration Testing/Week 20/Week 20 - Web Attacks.md",
+                "file": "AI & Data Mining/Week 20/Week 20 - Intro to Propositional Logic.md",
                 "mode": "source",
                 "source": false
               },
               "icon": "lucide-file",
-              "title": "Week 20 - Web Attacks"
+              "title": "Week 20 - Intro to Propositional Logic"
             }
           }
         ]
@@ -200,9 +200,21 @@
   },
   "active": "87fc52db0e53c854",
   "lastOpenFiles": [
-    "CWC 3 - Fit for Trade.md",
+    "AI & Data Mining/Week 20/Propositional Logic Examples.md",
+    "AI & Data Mining/Week 20/Week 20 - Intro to Propositional Logic.md",
+    "Networking and Security/Week 20/hashcat-exercise/test-dict",
+    "Networking and Security/Week 20/hashcat-exercise/view-sample-password.sh",
+    "Networking and Security/Week 20/hashcat-exercise/crack-these-please-sha512",
+    "Networking and Security/Week 20/hashcat-exercise/crack-these-please-sha256",
+    "Networking and Security/Week 20/hashcat-exercise/crack-these-please-md5",
+    "Networking and Security/Week 20/hashcat-exercise/500_passwords.txt",
+    "Networking and Security/Week 20/hashcat-exercise/50-crack-these-please",
+    "Networking and Security/Week 20/hashcat-exercise",
+    "Networking and Security/Week 20/hashcat-exercise-files.zip",
+    "Networking and Security/Week 20",
+    "AI & Data Mining/Week 19/Timeline of History.md",
     "Penetration Testing/Week 20/Week 20 - Web Attacks.md",
-    "Penetration Testing/Week 20",
+    "CWC 3 - Fit for Trade.md",
     "images/Pasted image 20250129154055.png",
     "CWC 1 - Consistency.md",
     "CWC 2 - Warm Welcome.md",
@@ -213,16 +225,6 @@
     "Data Structures/GPT Answers to Past Paper/Question 6.md",
     "Penetration Testing/Week 19/AI Summary.md",
     "Penetration Testing/Week 19/Week 19 -  Buffer Overflow.md",
-    "AI & Data Mining/Week 19/Timeline of History.md",
-    "Client Server Systems/PHPStorm Repo/js_workshop7/favicon.ico",
-    "Client Server Systems/PHPStorm Repo/js_workshop7/styles.css",
-    "Client Server Systems/PHPStorm Repo/js_workshop7/index.html",
-    "Client Server Systems/PHPStorm Repo/js_workshop7/index.js",
-    "Client Server Systems/PHPStorm Repo/js_workshop7",
-    "Client Server Systems/PHPStorm Repo/js_workshop6/styles.css",
-    "Client Server Systems/PHPStorm Repo/js_workshop6/index.js",
-    "Client Server Systems/PHPStorm Repo/js_workshop6/index.html",
-    "Client Server Systems/PHPStorm Repo/js_workshop6/favicon.ico",
     "Client Server Systems/PHPStorm Repo/php-s1/MVCtemplate-23-24/images/new_uos_logo.jpg",
     "Client Server Systems/PHPStorm Repo/php-s1/MVCtemplate-23-24/fonts/glyphicons-halflings-regular.svg",
     "Client Server Systems/PHPStorm Repo/php-s1/workshop6/images/new_uos_logo.jpg",
@@ -244,8 +246,6 @@
     "Data Structures/Focused Exam Revision.md",
     "Data Structures/GPT Answers to Past Paper/Question 3.md",
     "Data Structures/GPT Answers to Past Paper/Question 2.md",
-    "AI & Data Mining/Week 7/Chapter 13 - ID3.md",
-    "AI & Data Mining/Week 8/Lecture 16 - Evaluating Concept Descriptions.md",
     "Database Systems/Untitled.canvas",
     "Untitled 1.canvas",
     "Untitled.canvas"

AI & Data Mining/Week 20/Week 20 - Intro to Propositional Logic.md

@@ -0,0 +1,126 @@
+# Propositions
+
+  - Declarative sentences with truth values (T or F)
+  - Atomic propositions (basic building blocks)
+  - Compound propositions (combinations of atomic propositions)
+
+### Argument Form: Modus Ponens (Affirming the Antecedent)
+
+- Content: If it’s raining, then the ground is wet. The ground is wet. Therefore, it was raining.
+
+### Argument Form: Disjunctive Syllogism
+
+- Content: Either it’s raining or the plants need water. It’s not raining. Therefore, the plants need water.
+
+## Propositional Connectives
+
+  - Negation (¬): p is true if and only if ¬p is false
+  - Conjunction (∧): p ∧ q is true if and only if both p and q are true
+  - Disjunction (∨): p ∨ q is true if and only if at least one of p or q is true
+  - Implication (⇒): p ⇒ q is false if and only if p is true and q is false
+  - Equivalence (⇔): p ⇔ q is true if and only if p and q have the same truth value
+## Precedence Order of Connectives
+1. Negation (¬)
+2. Conjunction (∧)
+3. Disjunction (∨)
+4. Implication (⇒)
+5. Equivalence (⇔)
+
+This means that in a formula without parentheses, ¬ takes precedence over ∧ and ∨, ∧ and ∨ have the same precedence but associativity to the left, and ⇒ and ⇔ also have the same precedence but associativity to the right. For example, p ∧ q ⇒ r is equivalent to (p ∧ q) ⇒ r, not p ∧ (q ⇒ r).
+### Propositions and Connectives (Examples)
+
+#### Atomic Propositions:
+
+- p: The cat is on the mat.
+- q: The dog is sleeping.
+
+#### Compound Propositions Using Connectives:
+
+- p ∧ q: The cat is on the mat and the dog is sleeping.
+- ¬p: It’s not the case that the cat is on the mat.
+- p ∨ q: Either the cat is on the mat or the dog is sleeping (or both).
+- p ⇒ q: If the cat is on the mat, then the dog is sleeping.
+- p ⇔ q: The cat is on the mat if and only if the dog is sleeping.
+
+#### Natural Language Statements
+
+- Natural language statement: If you study hard, then you will pass the exam.
+	- Formalized as: p ⇒ q
+- Natural language statement: Either you will go to the party or stay home and study.
+	- Formalized as: p ∨ ¬q
+
+#### Logic Formulae
+
+- Formula: (p ∧ q) ⇒ ¬r
+    - Interpretation: If both p and q are true, then r is false.
+- Formula: ¬(p ∨ ¬q)
+    - Interpretation: It’s not the case that either p is true or q is false.
+
+## Truth Tables for Connectives
+
+  - Negation: T|F, F|T
+  - Conjunction: T&T|TT, F&F|FT, TT|T
+  - Disjunction: T∨T|TT, F∨F|FF, TF|TF
+  - Implication: T⇒T|TT, F⇒T|FT, TT|F
+  - Equivalence: T⇔T|TT, F⇔F|FF, TT|T
+
+#### Truth Table for P ⇒ Q:
+
+| P   | Q   | P ⇒ Q |
+| --- | --- | ----- |
+| T   | T   | T     |
+| T   | F   | F     |
+| F   | T   | T     |
+| F   | F   | T     |
+
+## Classes of Propositions
+
+  - Tautologies: Always true (e.g., p ∨ ¬p)
+  - Contradictions: Always false (e.g., p ∧ ¬p)
+  - Contingent propositions: Neither tautology nor contradiction
+
+### Logical Equivalence (≡)
+
+- Two formulae are logically equivalent if their equivalence is a tautology
+
+#### Examples
+
+- p ∧ q ≡ q ∧ p
+- ¬(p ∨ q) ≡ ¬p ∧ ¬q
+
+### Logical Implication or Entailment (|=)
+
+- Formula p entails q if and only if the implication p ⇒ q is a tautology
+
+#### Examples
+
+- p ∧ q |= q
+- ¬(p ∨ ¬q) |= ¬p ⇒ q
+
+# Ambiguous and Vague Sentences
+
+- Ambiguity: A sentence with multiple distinct meanings.
+	- Ambiguous sentence: “I want to have dinner with you or your friend.”
+	    - Interpretation 1: You can choose between having dinner with me or my friend.
+	    - Interpretation 2: I want to have dinner with you and your friend together.
+- Vagueness: A sentence with only one meaning, but the distinction between truth and falsity is unclear.
+	- Vague sentence: “The book is heavy.”
+	    - Vague because no quantitative measure of heaviness is provided.
+
+# Logic as a Formal Language
+
+ - Alphabet: Symbols for denoting propositions, identifiers, punctuation symbols ((), propositional connectives).
+ - Syntax: Rules defining the order of symbols in sentences, precedence order of connectives.
+ - Semantics: Assignment of meaning to correctly written sentences.
+
+### Examples of Logical Structures
+
+- Argument: If the train has six carriages and serves a rural community, then it is not overcrowded.
+	- Formalized as: p ∧ q ⇒ ¬r
+- Argument: If Bob eats carrots, then he will be able to see in the dark. Therefore, if Bob can’t see in the dark, then he hasn’t eaten carrots.
+	- Formalized as: p ⇒ q ≡ ¬q ⇒ ¬p
+# Summary
+
+  - Logicians focus on argument form
+  - Deduction involves justifying conclusions based solely on premises
+  - Connectives join atomic propositions to form compound propositions

Networking and Security/Week 20/hashcat-exercise/50-crack-these-please

@@ -0,0 +1,50 @@
+bike
+bloody
+blue
+bonjour
+bread
+bueno
+cowboy
+ddd
+dejavu
+dog
+perro
+fido
+Clinton
+hello
+into
+japan
+kaput
+1337
+linux
+mind
+money
+more
+abcdefghijk
+pass
+really
+smc
+stir
+tall
+test
+usa
+sayonara
+H4XOR
+wtaddtsbtk
+w7@DD7sb7k
+hastalavista
+hackme
+09112001
+R2D2
+nauj
+guadalajara
+w
+ww
+www
+www
+wwww
+wwwww
+wwwwww
+wwwwwww
+wwwwwwww
+wwwwwwwww

Networking and Security/Week 20/hashcat-exercise/500_passwords.txt

@@ -0,0 +1,500 @@
+123456
+password
+12345678
+1234
+pussy
+12345
+dragon
+qwerty
+696969
+mustang
+letmein
+baseball
+master
+michael
+football
+shadow
+monkey
+abc123
+pass
+fuckme
+6969
+jordan
+harley
+ranger
+iwantu
+jennifer
+hunter
+fuck
+2000
+test
+batman
+trustno1
+thomas
+tigger
+robert
+access
+love
+buster
+1234567
+soccer
+hockey
+killer
+george
+sexy
+andrew
+charlie
+superman
+asshole
+fuckyou
+dallas
+jessica
+panties
+pepper
+1111
+austin
+william
+daniel
+golfer
+summer
+heather
+hammer
+yankees
+joshua
+maggie
+biteme
+enter
+ashley
+thunder
+cowboy
+silver
+richard
+fucker
+orange
+merlin
+michelle
+corvette
+bigdog
+cheese
+matthew
+121212
+patrick
+martin
+freedom
+ginger
+blowjob
+nicole
+sparky
+yellow
+camaro
+secret
+dick
+falcon
+taylor
+111111
+131313
+123123
+bitch
+hello
+scooter
+please
+porsche
+guitar
+chelsea
+black
+diamond
+nascar
+jackson
+cameron
+654321
+computer
+amanda
+wizard
+xxxxxxxx
+money
+phoenix
+mickey
+bailey
+knight
+iceman
+tigers
+purple
+andrea
+horny
+dakota
+aaaaaa
+player
+sunshine
+morgan
+starwars
+boomer
+cowboys
+edward
+charles
+girls
+booboo
+coffee
+xxxxxx
+bulldog
+ncc1701
+rabbit
+peanut
+john
+johnny
+gandalf
+spanky
+winter
+brandy
+compaq
+carlos
+tennis
+james
+mike
+brandon
+fender
+anthony
+blowme
+ferrari
+cookie
+chicken
+maverick
+chicago
+joseph
+diablo
+sexsex
+hardcore
+666666
+willie
+welcome
+chris
+panther
+yamaha
+justin
+banana
+driver
+marine
+angels
+fishing
+david
+maddog
+hooters
+wilson
+butthead
+dennis
+fucking
+captain
+bigdick
+chester
+smokey
+xavier
+steven
+viking
+snoopy
+blue
+eagles
+winner
+samantha
+house
+miller
+flower
+jack
+firebird
+butter
+united
+turtle
+steelers
+tiffany
+zxcvbn
+tomcat
+golf
+bond007
+bear
+tiger
+doctor
+gateway
+gators
+angel
+junior
+thx1138
+porno
+badboy
+debbie
+spider
+melissa
+booger
+1212
+flyers
+fish
+porn
+matrix
+teens
+scooby
+jason
+walter
+cumshot
+boston
+braves
+yankee
+lover
+barney
+victor
+tucker
+princess
+mercedes
+5150
+doggie
+zzzzzz
+gunner
+horney
+bubba
+2112
+fred
+johnson
+xxxxx
+tits
+member
+boobs
+donald
+bigdaddy
+bronco
+penis
+voyager
+rangers
+birdie
+trouble
+white
+topgun
+bigtits
+bitches
+green
+super
+qazwsx
+magic
+lakers
+rachel
+slayer
+scott
+2222
+asdf
+video
+london
+7777
+marlboro
+srinivas
+internet
+action
+carter
+jasper
+monster
+teresa
+jeremy
+11111111
+bill
+crystal
+peter
+pussies
+cock
+beer
+rocket
+theman
+oliver
+prince
+beach
+amateur
+7777777
+muffin
+redsox
+star
+testing
+shannon
+murphy
+frank
+hannah
+dave
+eagle1
+11111
+mother
+nathan
+raiders
+steve
+forever
+angela
+viper
+ou812
+jake
+lovers
+suckit
+gregory
+buddy
+whatever
+young
+nicholas
+lucky
+helpme
+jackie
+monica
+midnight
+college
+baby
+cunt
+brian
+mark
+startrek
+sierra
+leather
+232323
+4444
+beavis
+bigcock
+happy
+sophie
+ladies
+naughty
+giants
+booty
+blonde
+fucked
+golden
+0
+fire
+sandra
+pookie
+packers
+einstein
+dolphins
+0
+chevy
+winston
+warrior
+sammy
+slut
+8675309
+zxcvbnm
+nipples
+power
+victoria
+asdfgh
+vagina
+toyota
+travis
+hotdog
+paris
+rock
+xxxx
+extreme
+redskins
+erotic
+dirty
+ford
+freddy
+arsenal
+access14
+wolf
+nipple
+iloveyou
+alex
+florida
+eric
+legend
+movie
+success
+rosebud
+jaguar
+great
+cool
+cooper
+1313
+scorpio
+mountain
+madison
+987654
+brazil
+lauren
+japan
+naked
+squirt
+stars
+apple
+alexis
+aaaa
+bonnie
+peaches
+jasmine
+kevin
+matt
+qwertyui
+danielle
+beaver
+4321
+4128
+runner
+swimming
+dolphin
+gordon
+casper
+stupid
+shit
+saturn
+gemini
+apples
+august
+3333
+canada
+blazer
+cumming
+hunting
+kitty
+rainbow
+112233
+arthur
+cream
+calvin
+shaved
+surfer
+samson
+kelly
+paul
+mine
+king
+racing
+5555
+eagle
+hentai
+newyork
+little
+redwings
+smith
+sticky
+cocacola
+animal
+broncos
+private
+skippy
+marvin
+blondes
+enjoy
+girl
+apollo
+parker
+qwert
+time
+sydney
+women
+voodoo
+magnum
+juice
+abgrtyu
+777777
+dreams
+maxwell
+music
+rush2112
+russia
+scorpion
+rebecca
+tester
+Mistress
+phantom
+billy
+6666
+albert

Networking and Security/Week 20/hashcat-exercise/crack-these-please-md5

@@ -0,0 +1,50 @@
+$1$kSapWzGk$ZOwMpaQwk7AYAw/1zjoFg0
+$1$JyEQpqRK$HLXmSB.dqfG6Og.yA2rc81
+$1$Jz5KKZGh$9gwhjg8wwIWONHylzZBa80
+$1$47AK83u4$DleqfafbMcYP6C3FOnAZO.
+$1$AE24ZWRZ$JpMpBSYPGN0dFTbNVPnFM/
+$1$8bTmD/uK$mKDlzhTMPOoEJoYBFBaDQ1
+$1$E7JVwmGr$wXtzdTDqiKBIhQmhrxcbc/
+$1$svw6ZOPp$xrrFkBVdH2A84/a6g5RZQ.
+$1$pOg/seG4$itt50wzBCg3aZ3/WO5Clo/
+$1$oFIOAcfO$bm5/aWMT91kl48UzGWacM0
+$1$Nrp2rIk6$izugX9m9C30HHB0n0Po731
+$1$wg4V1w7Q$eOFAlrlKkkAJcr2x4z9pj1
+$1$rry6DOY9$i4i7NwHyAyVeMQvz6w1D21
+$1$BpF7.ii.$LINCQ5iuE7A57VZR.kGcn0
+$1$C9Zknbsc$RRgMILNoLqqv05T3sVouW/
+$1$QUJpWaTm$6EpTJzanORP2lFU49H8E./
+$1$bEBj9N6t$HWFTHNoMvWjV/EPF0f8Xw1
+$1$keZpZ2/Z$kqDxo4IACeM7islU7gMmV.
+$1$ch7bsKOa$oJK.MXKsLskmN2G6PWiKf0
+$1$J4zRW/9B$dZqv7ar3d23sNnExUdcYI1
+$1$xs8/12p4$d4ces7l33QX4C18gwQir7.
+$1$E4QKh.T6$PuwcSWy0ptULxooY9Ld07.
+$1$vNi0DOmW$soFLDLuTAg/0ZPTjidZ8a.
+$1$nnminDPC$WhNjt2hoY//vDqES6q0Az1
+$1$G0lHQa96$3HtEoMAfDaEqEYmKqXsS71
+$1$w/L259NX$tm63/3xKHRbFgxoYlJ/Cw/
+$1$4ps/ugGZ$LQ/2hnr1l5qIfhznO7Evb.
+$1$PWvJYMjU$acxOr.nCwCK06aLvCqtdb/
+$1$0KQsuy7i$CGDlyrfjUUR93g40SZu1V.
+$1$BFjqCBcq$CAZBNwzZPDrEwHXwcsAUU/
+$1$Cjk0fbKl$0gSZ9HmzWJcWjLhn604Wk1
+$1$VEmdDcyG$SEIR6MQgxHy4cckblFoQx.
+$1$i/4lnSbC$rThuZlnQ6o7e84Ld2UEXG/
+$1$j7WWHdyH$Z33AaYOAiLXKFoSOYH3q4.
+$1$GeZp7MEO$s4i.Kwthy6DE5T4t42sn51
+$1$XgzLzGBo$/j3IozpLe0aIHxI5vaZRs0
+$1$XgQ.PfxG$76wosMbTg2UXmlT1y4tq21
+$1$RB5EkuFc$j9hXLzvee0zpWOH0FQdhR.
+$1$cuBXcJ6m$OpyGEuEto26iTwrI9Mx0b1
+$1$J8r5urjD$mV6SjAHztIZ.moTMT4Fte1
+$1$dN3LyTxE$ftr7v3QI1RCu/FXcdK.xk1
+$1$mSkgvuq7$MLRvfoQ.HapeKyv5oENh8/
+$1$RWMfi6Yi$6Nn.SDgfRDVbJ7LzfAMPA.
+$1$eSLh1c21$h/eidrfox4GZ6yGpmrSuV0
+$1$ADyUEe8m$bXxlyzKBIoBRoKLRxS3Qm.
+$1$rJBLsdCR$DRD8u4/a.FN2bFFns5LKH/
+$1$YGAAt8aP$5iEH80Rb6JjfMGv5RScAy/
+$1$oakrS648$E5paJvAwSmr2Y5uhAg.Px1
+$1$HQiMACUs$IHvH3rR/Dx4mrrP4ECaYx1
+$1$kAsxkGR8$Q2vtQKSf45kIDAJPeaNfj/

Networking and Security/Week 20/hashcat-exercise/crack-these-please-sha256

@@ -0,0 +1,50 @@
+$5$XjibHsb.$rm7DwCj7oboj/4q2HDybUrr/weTER.jcmd0z4bOrwX0
+$5$4fjJNL7q$amPmMnO0OA40YYJgkBjQ01Q9lPNZmqKJkFv.xYjxr12
+$5$Ttd94kOA$B1.Aq/qL51McBSPIp3Gb..59NI3EzRLM8i/o.Lj.pNC
+$5$amBJRSat$Z7abk64lLksEDjA.3tszqctaT7yFkxypL/pC/cow9T0
+$5$IDLg4DM7$DogXLx9EDTJy8J9RkKZcAG5eLCFEuxQ0PoKYdfitYv9
+$5$f0AhE34P$mg6C6W5BR6vsgMTckMGFf801H2KdvRr3FLBKK5F.UZ4
+$5$SwM7rFa0$wFv0QpMk24xqz0Wb9T3T2qyvj7Dmpg235Ompi1TDTT1
+$5$RTV5/E44$Ys6MeWrdpDGJIbrqztdlDhaGOlnEVu8ik.8RTvLRB6A
+$5$yGr0ACC/$x7JK4/IGRGiMZXn8BXYpdXXiUV9GHi005OzpbogYXS8
+$5$twDbO3mL$NSbHYAfaRQO5jPUqGWc3O81bq.BC2JYveDCitOC4q33
+$5$UkUr/9Uw$FEkKrO4lbRTBlvR72BYN2vWl8scvrwcz.7Bzgy4TfL1
+$5$zcpf9pwa$65Qqf.9/QwL0B95biNItHAEj/Q/c0SH1gmtkk0F.hO4
+$5$lgufr1Hd$Q0IeVF9gwMJ54MvdW2ukZ.pg2E56NGppRzHsU7GCwW.
+$5$NzLxqNL1$ctKoek0BoCC835Rp7Wfhy4qIjhWcSFj..VeRMJ55S0B
+$5$ZnzB7Qro$4pHEZFLcXLupktt0qC0XGCES/mgyYVEYt57OSjwb635
+$5$Skcg1Q88$HEu/aMDokndmA0MfXD5i7WIbCAzxNHAe1.zxVgkKSf3
+$5$zJ2D2yg7$aWYSN07mStHLuSkXGndOynPydY3VyqUROawx//Buyg.
+$5$miO4.kqU$RRxJemdP4w4W9q4AuOcuemTxq3ZFaX.qw8JlMHgoem.
+$5$rrHBRN1X$7D94N8HHsJOUFUvhziz0eP1k.GOLLfYximSc6h1miC0
+$5$C5J9qnEi$BtZOGNIKFpUFY5rvgw6JIwVqwsspVwar0bFDQqwmp0A
+$5$gmhO6xOa$1qujiFqQgSfte.Zkunh2jo9OXE2Zc2b2P7MTKFKRrO3
+$5$RRIpcR3W$D7Vr7U88j6OUIDXb6OAHWE/QiOX8H6.AMn2CTGH1EiD
+$5$z18Nq4q2$jfGp.DDgo5jI/zZBc6yZXoWUgS9vIZnMWts/HDtLkS3
+$5$rfKFGla.$l8HCwx6Qb2zQVs3Jlwcvj7z.UaaIQs6b.lm1gbMvp6C
+$5$kE1ioQsv$.Mhr.VxG1zFbQJp/AifC9lTcDYtBOlH3foMnpi7OBA2
+$5$DlfJCO7f$932ryzuBLIvwJxi6D5uhvEQUQ9AztqsBilzcwCO1NrA
+$5$HGVZZajB$4Hll3XIcnuef7xKYbVSyT5YXcW7tLHK9tst1UD7NR64
+$5$na4kJp3l$dDF0JNmsGECnow2HZmN0WBwZrVOa1V3zRqpKGgVG7B/
+$5$/wkDCEih$ylOj/w3psKtsinh47akaPAo9wqBbARNaRPaavqfCi65
+$5$0YxUfv/z$AuiD2xq8UarJdSekxCpyLxSpzkAPxz8uYTWIdyeGLi5
+$5$O2ysCOYN$p4iQO8ItqX76.RVR7m6j3IqCxEyntYEm/dRI13FXgg8
+$5$Y2KvSuyo$NUo8vLaTjIMrRKmjjB1jrrtNU0I/hSgfDotejSpnwJ0
+$5$Xb9Wzxjf$MKw9nht9gR3zAAe6WiRo2KoyOSQjY7fmqCli2CT0Rg4
+$5$3.mLApXb$Y7VqPKPJ3R3k0n7GN6yq/yTkcH.roOC87./8DPqby3C
+$5$SwwZRBPc$DA3FOtWPMkw3Mp1ca7uDs51MJri8TpihoOepufYjB12
+$5$UoM26I3y$rFy2YhjqPKmn0g.U2SbharPm0Yj7AuKuLDYNJLhWZZ3
+$5$PxfNTlVm$Ld9IytpTWKvboLGbGmBNRuLCbMfHEjL8HS5qj3seYRC
+$5$GucdFL1c$wpbhjiC2iMYzFd9TkYdZcdU8gIy52i70W2S/KAOwgd1
+$5$DeYiDSFc$Ys7GA0dFxFPc0RwNMv78qxQ5YIFMFC9ta39y/hjc9Z3
+$5$7Nv/LvNW$AuaL7YnNu81rcep.mtj5NNoceMsQn2xBQmQU6crQ3RC
+$5$d/SpC3uM$ehGMt8mwVaQaDPr9BKZOfEzXs1nLcHH5xveQ55poj14
+$5$QrsiOWcr$2uFNU.ML8Id3LpINxIgOvfgVRRqxyxXWRpMlnY.ZjW6
+$5$Vlaooomw$1yzeNimd5YQg1v/scUz6qYSzTgx2hTeYaiZc9j1pU4C
+$5$5z7fIlGg$RUFqpJbFMi6BTWTlP/6hRFbca4cLez2vGLE2n71NpD7
+$5$CV5FJ/Zk$dESyVqhqLUdz/CmNoG/ROKFkOFgojoY/UtEZI8WrV45
+$5$xKIdcgXN$HFweXuAxP5/mKKiNb7w5vWdgQxcN1pavM51PlXMTjj0
+$5$6KmciOPR$5duwKc4EaLzFWgEt14shKo/fQrRXJC9AtmHgolx4N77
+$5$jKCmaGAt$QbpB9FrdCygdkHootlTvm.O52.fx6d3tOFHg86sh4BD
+$5$1D77znFd$kujmKPuD7PO9tGDSU39cVV8qt1OUbdB5/WUfM9SciNA
+$5$xC8r.776$Xzaeic3plk1lqiOtzAm63xHSoLGiLIUuUTSXaW9ggZ/

Networking and Security/Week 20/hashcat-exercise/crack-these-please-sha512

@@ -0,0 +1,50 @@
+$6$To0oFk1u$QTxJC3bwqd3ruU8Dp9hqo7zHv/HtBqr/1jNnUuTdOwQe7SLURFTZmECHmnnjuJpjzPzEo37zOGMrte.VEsWvU0
+$6$DACcy/l/$flWFr0njR.V84W5J/eNNC54wtFgZpD.9ryPwlcUv.1sOgcg2QyT7.o2TVgJ/FprCzGMBRJ24SXnl4t7YLEQCQ0
+$6$V/KNbQiq$Bt4U40YniOUt1W1suWPes7CzwWrRjqWYkfqk8nBb5qq0uO3CeUG10RKbXNULTFjcL6C2.AmNiunR11tCakkQK1
+$6$fwcb/t.8$0G7wpJGk5gn.ieuBN0f8k96D4L/O6T2MoDnu5KJVsKPFJ7b3svLDqpwkYHkh0qdb1X7uneiLCZ62YX3t6qQEL/
+$6$oVUKAVBM$uezJtuCuEy36Elp5p/U9BzvmtFx4FulnbkWAwxssahjdpE79vSI2IZzZcYzxwV2Z96kZ2fVcN.oEnVkgyRiI91
+$6$2b1L4Gpy$z3jf2MdZ8oET7F8tUIR7w8q/VktsSTAjBJIKNMJjs3h92S8JaM7qwTiKkJkR9IeasM3jBOOHHR8WICyI1YwDv/
+$6$wwe3xs9l$2wIFwsvv9DAx3RQQqtog2Tbp7LmVTCuPcESI0l8OOuSFaCFt.NHM2w0J.n4qw6.0yeqq5cXdlOuad9J73zu8r.
+$6$DV1dQz1T$7lZfGTOZcv2roOCVErewqRrfzV5W3AkUP7BhfJ9toQqwfNkscdiZFcymxCQpquVJS7eBbKIqGpjGFmxa3CtpI/
+$6$YLNVMBMx$TdCw.z7dqgrkvm50TuHEHsw.Wvj7EcPtb4PAy57.4eSJST0zgXUv6b1nlgNrHOYgvz0ay1bSY5hvL7o5IEXX2/
+$6$xETKnL6j$zff9Wdxrz5SfHROrcT3ZZ9buIrJdb6kxi/aKOKONginECM3aXdk.1MYu3PwNwOeSZ8dbQ2kZUmuKpFKtSWvIJ1
+$6$IaGf7JHS$nCjuQ3ClnFiMVQb/.po4xjA2.BYytnNwnF5tjfUGhBvrZMokdnkklMeIEq4bSnjBmIthjTJ6zPg0cu6G4zBMU.
+$6$LVbBctYT$oHI/QYPL7JZzKvd2L/YgNYzq0.l18J4ob82QpT4TW9FW2Vrf/g2AcHIGsNIP/yhj489Mtav4F/gVJEVeXXMoI1
+$6$EJ.qhd6/$JtBytO61zXnP7QZZEqxJxkW1wbLxtBQugs1R2RVlxj.DDoGZ7Z.0mfMHG.JgJ9z8P71yuOX6A6RzwrbeWdTZ7/
+$6$mcHVC0mC$RsdjnjHlpTFWAhBV4vH/piKsFwfFJRYUL9ZtOMEf1/GBG/7TVX8WrkqHosotb4L0ZsxamC9F9Z0dwchB5cLCj/
+$6$c6v.ViCx$vaR.gyJabgyuLqfkwLU16HxK.lF2jnVM4ZQAEASkBYE3sv7CCGORD.D9VUsFtpNjkAj1hc3cNcIsWlcvwEevQ0
+$6$frlQJrCm$HRplQ1Jo5PLdfoKeB9ADJOY0Huz9qcPkBqZfdQNKTpyZfc6uKQL0Y1TA1bXS75bDOKFtYTQU0EhJXjeoVFYoy/
+$6$m7jSxu4g$B/B14uud1OQ0F5cD4RW7eXX95KtRKld7E0UrRCqi.Ms1eUlzckOo0uqR2oCXSPxlYF.tMk4j0xJyEwp9h4x5E0
+$6$f7/dDWsL$02oKjHBU7963D4c688.XKWg4YEHDPNgFGaFndeZqZO1Q85ENE/tDa9WJqJK9oUiSmvRpdTjusUJc9x.4AcqfI.
+$6$rVpLAQEu$W6T6D1EVSLOPbwFoiEzFaCdnZ7WlddL0rtEJ/.CeP0VDHF6YX.I72gcO1XUdhGn/XWEpf7XyW4BxEmgh8vYPf1
+$6$9OVqqKxz$lKXfyBrv02t.hdC5O.N8L2m6UHekGLOBLDzFaEkq0MVSbP3TqdW93oStFv/lzgBkAnELxlDb38j5c2nbC0JeD0
+$6$3pH4hVJ/$ck/AjPC/QiCIHzZpafSMaYkRJ2wsUDgV3miePdtxfkt5pAD1J.g42E0vJ3XwcDVfZ5RAwUKPGB0yjO.6VTLpx/
+$6$JA7AVzA4$oOVfIPxmM9VRIbF7Jwyw6WDF5D2QloH.CD/c52bFRzGl8daiiZBK7sMyP9yu8YbgEcc9kXoc5EmBcaqJna.nm/
+$6$Rznc8qgu$VvwSo8REYPV0TdqYad2e/be87tSNyulxECOfVSqniayIIwPPuBNx4SniEvuekndmKh80yLV.HTgpCycUmoMBz.
+$6$1SJbgYcu$O/OJn1Xz2B8xWqmahxkQbLH.lKi7tiCQUiaevyNTF0k9LbJHNOar6OEAHvu6uwR5kACtgT1XWSZmJiaR06Za50
+$6$ZVzScqGd$eadwbDbNhMZn0Fj8eOphMvaEbxWMZ5MG4/aPUOaSSHm3KIFbU2fju/vyFRqw.YYkZ9r55ZzV.6k8CTuam83FW.
+$6$0G4TcGgA$iUZ4LDAVy.gF6bHVODGxTtggDV32tjPilCRPi1rXEsud7NLScJEz.LUAUO7umOK9kMqYwqTDwvyjB8Zmd7NP6/
+$6$cqSHecUi$ajWgqWAD8Ubt5/xjlN.cDr1.4PrJPMmfk7/g3mkMvDh4sn5xSKlq5XTeJlOnqNGeh9JYO4o1lMMXoG8YEonrM1
+$6$0tSCf6Gl$OvoOb.BOl2Qdm1qrwYq/75t/Q0JW9wIVQq3VDMlveY9aEwQINOqgbbZqWYXnqOQPFpxG6WJIlwnVSL7JObQ7A0
+$6$rS3dLael$2NM/Gv2Ul8Uy/lEoni4cqtqVotsFcr.Zk0zPWSWAAwoOhsx/w7EIslVlJvHUn4eV4Bdn.MtXGvU2LSC65mxhf0
+$6$5LfXFm2s$qp3OiKADPZfXN9dsbt61B96Pq7ARvIGAIHk0J5A7DgxNrJhCq9hLSorfdOfTLcT/tds66LsBcKxH9svKbtOgq/
+$6$O8IYI/0l$dCxyXElAuXRm0tuJ/1vnNmCVmVbwn89oRwEKdW34aeC.p.eeJZQxdI3SrUcNSkbCHqiAVdCcggiIlp.IYhDWc/
+$6$8KClKaZW$F05lZMIvzhfwOqVjGfGwECXG1UZVig98Sepn/NcVg5uupv8rCZoevXfBP5wcUilboQ6OWA9s9zW0UKQveuQm30
+$6$Qe5eNHIf$2Zj8pNN3a4VoGp5OstmmgOH6folXbJw4RyWZPRzZ9gEAnbwV9zKHb/uK18eFEM4mVw6t1R7PAlJDAPFeSwt9p0
+$6$9JKzUVZs$iPub3qw2A2NpzPRoD6m3CVA1FLKzC6ptRuK/OP1gv0Gy1OmbUqHDkg1SlbWIMM39UO7z20x.3QVDZtGvSojKd/
+$6$ag0FhiE1$T1pzwlKjf/BZ6DIIIgNgEOez0WYOuLj.XpNDJy4xAsxZtROSKaKZwTAiTvp9pgFf7ZwcbUdrIga8aa0.ePUHy1
+$6$s32Fqf7A$RW.7NtuQaqa.JoIQYNThbss5vrLgfnpd20pEshZcJMpYgSCA9SpKAntynaibZ9ugMidY.qAl7L34p/jzAS96w/
+$6$vrTCpxLX$qct36P1YQaipM/nCaWMWCYJ8ENqKKZfdadGuDhFCGdALkKqLfJDStH25IdHG0SLF7cQ1scx9/hnOdk6eErC1C.
+$6$BxBCL4GL$fseFAVTI2/pa//pQYMP.zDa6BHQFcqV6nqZtl21fJdzQcNmOa9xwfdtXgklGU0O8hEF4yz2b6CYURPmmMXW8e/
+$6$I6zrzavP$FLGLGXmd4GkbX4RNzPxJxlWgg/MSSzaqpTRgOtbaWuXHslkBtc/e1zPljNeksckvArFkDOABT10FRDmnUwuPf.
+$6$RV9dR6yl$FKzQGVmc.qaV5y7AatyVL8YfafaOG3CuhykvwCIu5H.1/COFkdNbWL/R9aaEmV0AqJd5MRqWsxPPk9r5WkJ4o.
+$6$UeGAPzQ/$pBlpDgLkArw5vH5A/712Q61JkMF9W1B5nCauS.qz.2PYb98nB96rgMiTQul65hzb7Q47WPVr9D1gy/4iMXL6w0
+$6$GZVQsj3M$S5PUpVH6cOrEr7SQy2E0Hs5lEhQJ3GUAIs0.8.N3369oRdQMHBQFU1ugZ/jjmSGokD3YxUM84v5mgxFKIHwh//
+$6$vntmwJIB$WILkY5Sny8ZpssFNjilGmQjByrvJjG6n.5M2l/NgPSwhyRcNqqf82391btEVZw.cj6hZftOluyN4N4iQ4BM3G1
+$6$bQJoYEQn$4pfYd7fL5TSHBAbCCa8RSrUQlStVCjuMam9EwhoDUtvzkMdcB0diQ4fHrBxMKTohXdnxdbqzB1KXiRWZxFfTA/
+$6$upOSRrNM$1tkGsDzG2vAhcXoJnTzY.9J/WvXTE.NdlAUByVnaVoqvKs36JAsjQOmkbwlsdo8Y7BHU7z6dhGhIffzxOKLTJ0
+$6$ib7.F9E.$npclenIOM4JCj09gGjsVJwLGcCSbOCKa7h6l/S0y8dGRaexrFSOS/ivrXHNbLWA9tvxQ05ZuUO8cE.wbQ2EOV1
+$6$7MvcNYfg$8Wpkze.GrYievOPS8uWd3kH0YIMoYHYsNrOs04ApBkyW9jCWJpyjkJdD0PsunZaiilN98xJxer.d1UtRa9P9O0
+$6$D0oD8Gm9$dD3jR.zhHHUjjLusd3EPVB/4w4skLx/.t1kw/1VJKpAqSMmp9GcjNx9oothCbA2wHeU/B8eNqWN03oE3DZwCl0
+$6$3b5SOJkb$CxHISZJRp/wcvQUQ07J7PfS64jcqjmgJylAzv11lAaFN6eofdftNrsQT1Bcll/mt1Ay/wvR7MvaLJoZ5RtJmx.
+$6$uKOiLbfl$xxJNqrDF6PxtP1Mr192pzjNxHwtuWsDchzCVg2ZIx3fpIZNKvf5NjTQ3pOUlmTY4/EFmyzYNU5hGPSe.wVeeR0

Networking and Security/Week 20/hashcat-exercise/test-dict

@@ -0,0 +1,3 @@
+R2D2
+nauj
+guadalajara

Networking and Security/Week 20/hashcat-exercise/view-sample-password.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+#
+# create (and destroy) a user account, in order to
+# capture and display its password as stored in /etc/shadow
+# and compare it the the password's pure hash
+#
+# david morgan 8/2014
+#
+
+clear
+if [ $(id -u) -ne 0 ];then echo "This script must be run as root"; exit 1; fi
+
+echo -n "Please supply a password: "; read password
+
+user=testuser$RANDOM
+useradd $user
+echo -en "$password\n$password\n" | passwd $user &> /dev/null
+record=$( tail -1 /etc/shadow )
+userdel $user
+
+passfield=$( echo $record | awk -F : '{print $2}' )
+
+hashtype=$( echo $passfield | awk -F $ '{print $2}' )
+salt=$( echo $passfield | awk -F $ '{print $3}' )
+storedpass=$( echo $passfield | awk -F $ '{print $4}' )
+
+
+echo -en "\nThis is the password record generated in /etc/shadow for a new user with your chosen password: \n\t$record"
+echo -en "\nand this is its password related field: \n\t"; echo $record | awk -F : '{print $2}'
+echo -en "\n...and these are that password field's components:\n" 
+echo -en "hash-type code                $hashtype"
+case $hashtype in
+	1 )
+		echo ' (md5)'
+		;;
+	5 )
+		echo ' (sha-256)'
+		;;
+	6)
+		echo ' (sha-512)'
+		;;
+esac
+echo -e "salt                          $salt"
+echo -e "stored/scrambled password     $storedpass"
+echo
+
+
+
+saltedpassword=$( echo ${salt}${password} )
+echo -e "Salted password (password prefixed with salt):\n\t$saltedpassword"
+case $hashtype in
+	6 )
+	echo -en "pure sha512 hash of this salted password:\n\t"
+	purehash=$(echo -n $saltedpassword | sha512sum | cut -d " " -f 1)
+	;;
+	5 )
+	echo -en "pure sha256 hash of this salted password:\n\t"
+	purehash=$(echo -n $saltedpassword | sha256sum | cut -d " " -f 1)
+	;;
+	1 )
+	echo -en "pure md5 hash of this salted password:\n\t"
+	purehash=$(echo -n $saltedpassword | md5sum | cut -d " " -f 1) 
+	;;
+esac
+echo $purehash
+
+cat<<EOF
+
+Note that password processing with a given hash algorithm does something
+OTHER than merely hash with that algorithm, as shown by the fact that 
+the stored/processed password ($storedpass)
+and the pure hash ($purehash)
+are NOT the same.
+
+( see  man 3 crypt  and  man mkpasswd )
+
+EOF

Penetration Testing/Week 20/Week 20 - Web Attacks.md

@@ -2,48 +2,48 @@ Subtopics: Malicious Software, Attacks on Web Applications, Secure System Develo
 
 # How Computers Get Compromised:
 
-  - Accessing malicious or infected websites
+- Accessing malicious or infected websites
-  - Downloading and installing malware from websites
+- Downloading and installing malware from websites
-  - Executing attachments to emails containing exploits and malware
+- Executing attachments to emails containing exploits and malware
-  - Plugging in external devices infected with malware
+- Plugging in external devices infected with malware
-  - Installing malware/infected software from media
+- Installing malware/infected software from media
-  - Direct attacks from the internet exploiting vulnerabilities in OS or applications
+- Direct attacks from the internet exploiting vulnerabilities in OS or applications
-  - Through delivery chain, during assembly or shipment
+- Through delivery chain, during assembly or shipment
 
 ## Malware Types:
 
-  - Backdoor/Trapdoor
+- Backdoor/Trapdoor
-  - Logic bomb
+- Logic bomb
-  - Trojan horse
+- Trojan horse
-  - Worm
+- Worm
-  - Virus (polymorphic, metamorphic)
+- Virus (polymorphic, metamorphic)
-  - Stealth virus
+- Stealth virus
-  - Exploit
+- Exploit
 
 ## Exploits:
 
-  - Exploit software/hardware vulnerability
+- Exploit software/hardware vulnerability
-  - Carried in common data formats like PDF, office documents, media files
+- Carried in common data formats like PDF, office documents, media files
-  - Contains corrupt data types
+- Contains corrupt data types
-  - Causes unintended behavior on computers
+- Causes unintended behavior on computers
 
 ## Backdoor/Trapdoor:
 
-  - Provides remote control capabilities
+- Provides remote control capabilities
-  - Can reside on the system for long periods before being used
+- Can reside on the system for long periods before being used
-  - Installed by exploit or user (tricked into installing malicious program)
+- Installed by exploit or user (tricked into installing malicious program)
-  - Can be installed during design for testing purposes, posing a threat if left in production software
+- Can be installed during design for testing purposes, posing a threat if left in production software
 
 # The Cyber Kill Chain (Hutchins Et Al., 2011):
 
-  - Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, Command & Control (C&C), Action/Exfiltration
+- Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, Command & Control (C&C), Action/Exfiltration
-  - Timescale for each phase varies from days, months, hours to seconds.
+- Timescale for each phase varies from days, months, hours to seconds.
-	  - Recon; Weaponisation; Delivery; Exploitation; Installation; Command & Control; Action/Exfil
+	- Recon; Weaponisation; Delivery; Exploitation; Installation; Command & Control; Action/Exfil
 
 ## Web Application Security Challenge:
 
-  - Firewall, App Server, Web Server, Hardened OS, Databases, Legacy Systems, Web Services, Directories, Human Resources, Billing, Custom-Developed Application Code
+- Firewall, App Server, Web Server, Hardened OS, Databases, Legacy Systems, Web Services, Directories, Human Resources, Billing, Custom-Developed Application Code
-  - Network layer and application layer security are crucial
+- Network layer and application layer security are crucial
 
 # Application Attacks
 
@@ -51,29 +51,62 @@ Subtopics: Malicious Software, Attacks on Web Applications, Secure System Develo
 
 ## SQL (Structured Query Language):
 
-  - Interface to relational databases
+- Interface to relational databases
-  - Used for inserting, updating, deleting, and retrieving data in a database
+- Used for inserting, updating, deleting, and retrieving data in a database
 
 ### SQL Injection:
 
-  - Databases system misinterpretation of input data
+- Databases system misinterpretation of input data
-  - Attacker disguises SQL commands as data input
+- Attacker disguises SQL commands as data input
-  - Vulnerability exists when web application fails to sanitise data input before sending it to the database
+- Vulnerability exists when web application fails to sanitise data input before sending it to the database
-  - Preventing SQL Injection and XSS: Validate all user-entered parameters, escape questionable characters, hide information about error handling
+
+### Preventing SQL Injection and XSS
+
+- Validate all user-entered parameters (data types and lengths)
+- Disallow unwanted data (html tags, JS, SQL commands)
+- Escape questionable characters (ticks, --, semicolons, quotes, etc)
+- Hide information about error handling
+
+#### Stored XSS
+
+Input script to website disguised as user content
+Store and display script on page
+User accesses page
+Malicious script sent to user
 
 ## Broken Authentication and Session Management:
 
-  - User authentication does not necessarily provide continuous assurance
+- User authentication does not necessarily provide continuous assurance
-  - Insecure implementation of session control with a static session ID passed in the URL
+- Insecure implementation of session control with a static session ID passed in the URL
-  - Recommendations for session IDs (OWASP)
+- Recommendations for session IDs (OWASP)
 
-## OWASP Top-10 Web Application Risks (as of 2017):
+### Method
+Log in to application
+Provide service, user stays logged in
+Email info about session ID
+Other user can access website as first user
 
-  - Injection, Broken Authentication, Sensitive Data Exposure, XML External Entity (XXE), Security Misconfiguration, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring, Underprotected APIs
+### Fixes
+- Authentication linked to time
+- OWASP recommendations followed
+- Link session ID to IP address, TLS session, etc.
+Reconnaissance Assignment
+## [OWASP Top-10](https://owasp.org/Top10/) Web Application Risks (as of 2017):
+
+- Injection, Broken Authentication, Sensitive Data Exposure, XML External Entity (XXE), Security Misconfiguration, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring
 
 ## Waterfall SDLC vs. Agile Software Development vs. Secure Agile:
 
-  - Waterfall SDLC: Sequential phases (Design, Requirements, Implementation, Verification, Maintenance)
+- Waterfall SDLC: Sequential phases (Design, Requirements, Implementation, Verification, Maintenance)
-  - Agile Software Development: Iterative sprint cycles based on user stories
+- Agile Software Development: Iterative sprint cycles based on user stories
-  - Secure Agile: Includes additional security steps during project startup, each sprint cycle, and final test and validation
+- Secure Agile: Includes additional security steps during project startup, each sprint cycle, and final test and validation
-  - Threat modeling in Secure Agile: Identify, analyze, and describe relevant threats using STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
+- Threat modeling in Secure Agile: Identify, analyze, and describe relevant threats using STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
+
+### STRIDE
+
+Spoofing - Can an attacker gain access with a false identity?
+Tampering - Can an attacker modify data as an application runs?
+Repudiation - If an attacker denies interaction, can we prove it?
+Information Disclosure - Can an attacker gain PII?
+Denial of Service - Can an attacker crash or reduce availability?
+Elevation of Privilege - Can an attacker assume the identity of a privileged user?