Top Posts Tagged with #week04

Week04 HW #3 - 2 Flags

As someone with a growing collection of matcha tins, it would be ridiculous of me to not make a MATCHA FLAG.

On the left side is a design following flag rules. We have three colors: off-white, a shade of matcha green, and a darker shade of green. In the center of the flag is the handle and center of a matcha whisk. Surrounding these two whisk components are matcha leaves. The handle of the whisk also has a circle to represent matcha's Japanese origin. Finally for the background of the flag, we have a wave of green to represent matcha when it's whisked with water.

On the right side is a design breaking two flag rules: only using 2-3 colors and no lettering or seals. To represent the Japanese origin of matcha, I added Japan's signature red dot/sun into the background. And just in case someone is not familiar to matcha, I added the Japanese characters/translation for matcha in the upper left corner of the flag.

#medp250 #week04 #homework #flags #japan #japanese #matcha

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Week04 - Visual Journal #3

Personal Friend Zine

I don't have a specific design in mind this week, but I did make a lot of progress on a friendship zine this past weekend. Being new to the zine making world, I truly didn't know where to start or how to tackle this personal art project.

But after browsing through Pinterest, I was inspired by the collage aspect of certain designs. Instead of a clean cut, digitally designed zine- I was gravitating towards designs that reminded me junk journaling and crafting.

Layering of different papers. Pens. Markers. Pencils. Writing over images. Magazines. Paper bags. The list goes on!

#week04 #visual journal #zine #pinterest #crafting #inspiration #medp250

[Week 04 - Tech Thoughts]

Customer Discovery: Interview Planning and Hypothesis Testing

Week four’s discussion, which was also the first of the live lecture series was initiated by Ms Diane D. Eustaquio, an insightful discussion about customer discovery. She mentioned the critical points of formulating the right questions to familiarize better and know the target market of any startup company and how the hypothesis helps in visualizing the outcomes of the product/service from a customer’s point of view.

We were then tasked to interview three strangers to represent our general market and formulate the right questions and construct a hypothesis. Our team took time to interview these individuals and ask them the questions we thought would help us get to know them better as individuals and prospective consumers of our application - NavigaTour.

We asked about their demographics, why they visit malls in CDO, their choice of malls, their decision making processes, and their wants, desires, or goals. We then aligned our product according to the responses of the people we’ve interviewed. Further, we created a hypothesis that mentions what would have happened if our consumers utilize our product.

The task was sort of time-consuming as we had to take the time to understand their perspective and analyze their responses and ensure whether or not they aligned with the team/company’s goals and objectives.

Overall, it was an excellent way for us to realize where we can improve and what we can do to cater to our future consumers’ needs.

#Week04 #techthoughts #technopreneurship #customerdiscovery #livelectures

The Preconscious, Conscious, and Unconscious Minds

The Preconscious, Conscious, and Unconscious Minds by Kendra Cherry (2020).

This article identifies Sigmund Freud’s three different levels of awareness and stated that human behaviour and personality can be divided into these three levels of mind and linked these minds to the shape of an iceberg to understand their influence on each other.

The top of the iceberg above the water represents the conscious mind. The middle part of the iceberg that is submerged beneath the water but is still visible is the preconscious. The unseen part that lies below the water represents the unconscious.

The Conscious:

Its position above the surface level contains rational thoughts, feelings, wishes that we are aware of, and memories that can be easily recalled to bring into awareness.

The Preconscious:

Situated right below the conscious mind, below the surface yet still visible that consists of memories and things that we are actively aware of, but not in an immediate level of awareness. We extract the preconscious mind for a specific purpose and time, such as our own phone number.

The Unconscious:

Located below the preconscious mind that is repressed feelings, thoughts, urges and hidden memories often unacceptable or unpleasant such as feelings of pain, anxiety or conflict.

After reading this article, there seems to be a different point of view on the unconscious mind. As Breton signifies the unconscious mind as a way of releasing creativity that doesn’t necessarily associate with good or bad attributes, however through a psychological view as Freud stated that it links to the suppressed feelings that we don’t want to remember.

#Week04 #AcademicResearch

Something Awesome Progress - Research

Vulnerabilities of a Drone:

Physical Attacks

802.11 Wifi Link (WEP Encryption)

The connection between the phone/tablet application and telemetry module uses WEP protocol which can easily be cracked.

Man-in-the Middle (MitM) Attacks

Many drones use Zigbee/Xbee module

To increase responsiveness between user and drone, the encryption functions are usually not implemented.

Module converts wi-fi commands sent by an application using low-frequency radio waves then transmitted to the Xbee chip.

Attacker can send commands to the Xbee chip and reroute the packets on the network.

Sensor Spoofing

Affecting drones that are use the environment - sensors include GPS, vision, radar, IR sensors, magnetimeter.

Buffer Overflow Attack

Prevents the hardware in behaving the way it is suppose to.

The attack forces the system to reset loading code from the attacker.

Malware – e.g. MalDrone

Creates a backdoor to the drone

It can take over auto pilot

#week04 #somethingawesome

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Week 4: Bits of Penguin

For this activity it is to determine the number of unique penguins that can be identified with the set of colours below.

Possible colours:

Right foot: Yellow, Purple, Blue, Green, Red, Brown

Left foot: Green, Blue, Yellow, Brown, Red

Left Wing: Blue

Right Wing: Yellow, Brown

To find the combinations:

Right foot: 6 + 1 (no colour)

Left foot: 5 + 1

Left wing: 1 + 1

Right Wing: 2 + 1

Therefore the total would be: 8 x 6 x 2 x 3 = 252; rounding up to the nearest power of 2 would be 256, which is 2^8.

Therefore there are 8 bits of penguin.

#week04 #activity

Week 04: Something Awesome Bandit Game Levels 18 - 19

Level 18 -> 19

Logged in and was immediately kicked out with a message byebye! Hmm

Password for the next level is stored in a file called readme in the homedirectory

Someone modified .bashrc to log you out when you log in with ssh

Does this mean I have to work on this level while logged into bandit17?

So I logged back into level 17, but I couldn’t find find readme

I tried cd .. to go back a directory, and cd /bandit18 to get into the bandit18 folder

I can see the file but I can’t open it

Taking a break 6:30pm

Back at 6:50pm, I’m stumped

Update 7:03pm - So I googled how to stop .bashrc from running

I found a forum page with this exact scenario, where .bashrc disconnected you once you ssh’d in. It didn’t mention CTF bandit game at all, so maybe it was just a coincidence.

I tried su bandit18, it didn’t work

I tried ctrl+c the moment I logged on, but that didn’t work

Someone in the forum said you can pass commands after the ssh line so I tried

ssh [email protected] -p 2220 cat readme

It worked! Got the password

Level 19 -> 20

I read up on setuid

There’s a file called bandit20-do, which can allow you to run a command as bandit20?

So I guess I need to find my id? and bandit20′s id?

I tried id, it said my uid was 11019, I assume bandit20′s uid is 11020

./bandit20-do 11020 doesn’t do anything, says there’s no such file

Huh, I tried ./bandit20-do cat /etc/bandit_pass/bandit20 and I got the password

Reflection: What did I learn

You can pass in commands after the ssh commands, on the same line

setuid, allows temporary elevated privileges to perform some tasks

#Week04 #SomethingAwesome

Week 04: Something Awesome Bandit Game Levels 12 - 17

Level 12 -> 13

Started 8:30pm 29/06/19

data.txt is a hexdump of a file that has been repeatedly compressed??

It said to do mkdir /tmp/myname123 but the folder already exists

I’m curious, does everybody that plays this level make their own directory, so I can’t make one that already exists?

Aha yes that’s it, I made a new folder

mkdir /tmp/nowayyouhavethesamefolder/

I copied over the file, it’s telling me to rename the file? But to what

Aha, xxd can reverse a hexdump file into regular binary

I thought that I had to do xxd -r data.txt | xxd -r data.txt | xxd -r data.txt a bunch of times, but that didn’t work

Stopped at 8:55pm, started again at 10:30pm

I tried decompressing the file with bzip2, but “it’s not a bzip type”

10:45pm - I’m stuck

I tried xxd -rp data.txt test and then mv test test.gz, followed by gzip -d test.gz, and I got a couple of letters/numbers, maybe I’m getting somewhere?

10:58pm - I found out a linux command called file [filename] which tells you the file type

After I ran xxd -r data.txt test, I ran file test, and it told me it was a gzip file, okay okay

So I renamed test to test.gz, and unzipped it with gzip -d test.gz

I kept on running file test, to find out what kind of compressed file it was, t hen I would rename it with the right extension and uncompress it

I did this a bunch of times and ended up with the password

Finished 11:11pm approx

I wonder if I should delete the folder or just leave it there

Level 13 -> 14

The helpful reading link sent me to a page about ssh and public/private keys :D

Starting 4:30pm ish

I think I understand - I need to pretend to be bandit14 and get the ssh key? And then do ssh [LONGKEY] [email protected] -p 2220?

Nevermind, I ls’d and found a file called sshkey.private

So I have an RSA key

I made a file called key.txt with the RSA key in it

I ran ssh -i key.txt.txt [email protected] -p 2220 and im in??!

Does that mean I don’t need the key from /etc/bandit_pass/bandit14??

Oh nevermind, I can just cat /etc/bandit_pass/bandit14

I guess I can login with both the password and the RSA key

Finished 5:03pm

Level 14 -> 15

I watched the 5minute internet TLDR video

Read up on ip addresses and ports

I tried echo “password” > localhost/30000 but it said no such file exists

I googled how to send data to local host port and got an askubuntu answer that said echo hello | nc localhost 2003

Not sure if that’s cheating or not ://

Anyways I tried: echo key | nc localhost 30000 and got the password

Correct!

“Key”

Finished 5:19pm

Level 15 -> 16

So I tried echo key | nc localhost 30001 first but nothing happened

I glanced through the two links provided

The second link said to do openssl s_client -connect www.feistyduck.com:443

So I tried openssl s_client -connect localhost:30001

It spat out a lot of text, on the website it said it would give an opportunity for input so I pasted in the password and got the new password!

Not too sure why... I’ll figure it out

Finished 5:36pm - break time

Level 16 -> 17

Starting 5:50pm ish

Okay so I need to send the password to a local host with port number somewhere between 31000 and 32000, should I manually go through 1000 ports? :))

I’m following tecminit.com/nmap-command-examples/

Running nmap localhost gives port 22, 113 and 30000

Aha, nmap -p T:31000-32000 localhost gives me 31518 and 31790

I’m not sure how to check which one speaks SSL, I could just try both?

I tried both, 31790 gave me the RSA key

Yep I’m into bandit17, I did cat /etc/bandit_pass/bandit17 and got the key

Finished 6:11pm

Level 17 -> 18

Phew, we’re past networking at least for now

I just did diff passwords.old passwords.new and got the new password

Finished 6:16pm

Reflection: What did I learn?

file [filename] is a useful command to give some info on what kind of file I’m dealing with

tar -xvf file.tar to uncompress tar files

gzip -d test.gz to uncompress gzip’d files

bzip2 -d test.bz2 to uncompress bzip2′d files

mv file1 file2 to rename files from file1 to file2

You can ssh in using an RSA key -> ssh -i key.txt [address]

To input data into local host, echo key | nc localhost 30000

Commands like openssl

nmap -p T:[number]-[number] to scan ports

diff file1 file2 to see the differences

I think lecturers use this in their autotesting for labs

#Week04 #SomethingAwesome

Week04 HW #3 - 2 Flags

As someone with a growing collection of matcha tins, it would be ridiculous of me to not make a MATCHA FLAG.

#medp250 #week04 #homework #flags #japan #japanese #matcha

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Week04 - Visual Journal #3

Personal Friend Zine

Layering of different papers. Pens. Markers. Pencils. Writing over images. Magazines. Paper bags. The list goes on!

#week04 #visual journal #zine #pinterest #crafting #inspiration #medp250

[Week 04 - Tech Thoughts]

Customer Discovery: Interview Planning and Hypothesis Testing

Overall, it was an excellent way for us to realize where we can improve and what we can do to cater to our future consumers’ needs.

#Week04 #techthoughts #technopreneurship #customerdiscovery #livelectures

The Preconscious, Conscious, and Unconscious Minds

The Preconscious, Conscious, and Unconscious Minds by Kendra Cherry (2020).

The Conscious:

Its position above the surface level contains rational thoughts, feelings, wishes that we are aware of, and memories that can be easily recalled to bring into awareness.

The Preconscious:

The Unconscious:

Located below the preconscious mind that is repressed feelings, thoughts, urges and hidden memories often unacceptable or unpleasant such as feelings of pain, anxiety or conflict.

#Week04 #AcademicResearch

Something Awesome Progress - Research

Vulnerabilities of a Drone:

Physical Attacks

802.11 Wifi Link (WEP Encryption)

The connection between the phone/tablet application and telemetry module uses WEP protocol which can easily be cracked.

Man-in-the Middle (MitM) Attacks

Many drones use Zigbee/Xbee module

To increase responsiveness between user and drone, the encryption functions are usually not implemented.

Module converts wi-fi commands sent by an application using low-frequency radio waves then transmitted to the Xbee chip.

Attacker can send commands to the Xbee chip and reroute the packets on the network.

Sensor Spoofing

Affecting drones that are use the environment - sensors include GPS, vision, radar, IR sensors, magnetimeter.

Buffer Overflow Attack

Prevents the hardware in behaving the way it is suppose to.

The attack forces the system to reset loading code from the attacker.

Malware – e.g. MalDrone

Creates a backdoor to the drone

It can take over auto pilot

#week04 #somethingawesome

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Week 4: Bits of Penguin

For this activity it is to determine the number of unique penguins that can be identified with the set of colours below.

Possible colours:

Right foot: Yellow, Purple, Blue, Green, Red, Brown

Left foot: Green, Blue, Yellow, Brown, Red

Left Wing: Blue

Right Wing: Yellow, Brown

To find the combinations:

Right foot: 6 + 1 (no colour)

Left foot: 5 + 1

Left wing: 1 + 1

Right Wing: 2 + 1

Therefore the total would be: 8 x 6 x 2 x 3 = 252; rounding up to the nearest power of 2 would be 256, which is 2^8.

Therefore there are 8 bits of penguin.

#week04 #activity

Week 04: Something Awesome Bandit Game Levels 18 - 19

Level 18 -> 19

Logged in and was immediately kicked out with a message byebye! Hmm

Password for the next level is stored in a file called readme in the homedirectory

Someone modified .bashrc to log you out when you log in with ssh

Does this mean I have to work on this level while logged into bandit17?

So I logged back into level 17, but I couldn’t find find readme

I tried cd .. to go back a directory, and cd /bandit18 to get into the bandit18 folder

I can see the file but I can’t open it

Taking a break 6:30pm

Back at 6:50pm, I’m stumped

Update 7:03pm - So I googled how to stop .bashrc from running

I found a forum page with this exact scenario, where .bashrc disconnected you once you ssh’d in. It didn’t mention CTF bandit game at all, so maybe it was just a coincidence.

I tried su bandit18, it didn’t work

I tried ctrl+c the moment I logged on, but that didn’t work

Someone in the forum said you can pass commands after the ssh line so I tried

ssh [email protected] -p 2220 cat readme

It worked! Got the password

Level 19 -> 20

I read up on setuid

There’s a file called bandit20-do, which can allow you to run a command as bandit20?

So I guess I need to find my id? and bandit20′s id?

I tried id, it said my uid was 11019, I assume bandit20′s uid is 11020

./bandit20-do 11020 doesn’t do anything, says there’s no such file

Huh, I tried ./bandit20-do cat /etc/bandit_pass/bandit20 and I got the password

Reflection: What did I learn

You can pass in commands after the ssh commands, on the same line

setuid, allows temporary elevated privileges to perform some tasks

#Week04 #SomethingAwesome

Week 04: Something Awesome Bandit Game Levels 12 - 17

Level 12 -> 13

Started 8:30pm 29/06/19

data.txt is a hexdump of a file that has been repeatedly compressed??

It said to do mkdir /tmp/myname123 but the folder already exists

I’m curious, does everybody that plays this level make their own directory, so I can’t make one that already exists?

Aha yes that’s it, I made a new folder

mkdir /tmp/nowayyouhavethesamefolder/

I copied over the file, it’s telling me to rename the file? But to what

Aha, xxd can reverse a hexdump file into regular binary

I thought that I had to do xxd -r data.txt | xxd -r data.txt | xxd -r data.txt a bunch of times, but that didn’t work

Stopped at 8:55pm, started again at 10:30pm

I tried decompressing the file with bzip2, but “it’s not a bzip type”

10:45pm - I’m stuck

I tried xxd -rp data.txt test and then mv test test.gz, followed by gzip -d test.gz, and I got a couple of letters/numbers, maybe I’m getting somewhere?

10:58pm - I found out a linux command called file [filename] which tells you the file type

After I ran xxd -r data.txt test, I ran file test, and it told me it was a gzip file, okay okay

So I renamed test to test.gz, and unzipped it with gzip -d test.gz

I kept on running file test, to find out what kind of compressed file it was, t hen I would rename it with the right extension and uncompress it

I did this a bunch of times and ended up with the password

Finished 11:11pm approx

I wonder if I should delete the folder or just leave it there

Level 13 -> 14

The helpful reading link sent me to a page about ssh and public/private keys :D

Starting 4:30pm ish

I think I understand - I need to pretend to be bandit14 and get the ssh key? And then do ssh [LONGKEY] [email protected] -p 2220?

Nevermind, I ls’d and found a file called sshkey.private

So I have an RSA key

I made a file called key.txt with the RSA key in it

I ran ssh -i key.txt.txt [email protected] -p 2220 and im in??!

Does that mean I don’t need the key from /etc/bandit_pass/bandit14??

Oh nevermind, I can just cat /etc/bandit_pass/bandit14

I guess I can login with both the password and the RSA key

Finished 5:03pm

Level 14 -> 15

I watched the 5minute internet TLDR video

Read up on ip addresses and ports

I tried echo “password” > localhost/30000 but it said no such file exists

I googled how to send data to local host port and got an askubuntu answer that said echo hello | nc localhost 2003

Not sure if that’s cheating or not ://

Anyways I tried: echo key | nc localhost 30000 and got the password

Correct!

“Key”

Finished 5:19pm

Level 15 -> 16

So I tried echo key | nc localhost 30001 first but nothing happened

I glanced through the two links provided

The second link said to do openssl s_client -connect www.feistyduck.com:443

So I tried openssl s_client -connect localhost:30001

It spat out a lot of text, on the website it said it would give an opportunity for input so I pasted in the password and got the new password!

Not too sure why... I’ll figure it out

Finished 5:36pm - break time

Level 16 -> 17

Starting 5:50pm ish

Okay so I need to send the password to a local host with port number somewhere between 31000 and 32000, should I manually go through 1000 ports? :))

I’m following tecminit.com/nmap-command-examples/

Running nmap localhost gives port 22, 113 and 30000

Aha, nmap -p T:31000-32000 localhost gives me 31518 and 31790

I’m not sure how to check which one speaks SSL, I could just try both?

I tried both, 31790 gave me the RSA key

Yep I’m into bandit17, I did cat /etc/bandit_pass/bandit17 and got the key

Finished 6:11pm

Level 17 -> 18

Phew, we’re past networking at least for now

I just did diff passwords.old passwords.new and got the new password

Finished 6:16pm

Reflection: What did I learn?

file [filename] is a useful command to give some info on what kind of file I’m dealing with

tar -xvf file.tar to uncompress tar files

gzip -d test.gz to uncompress gzip’d files

bzip2 -d test.bz2 to uncompress bzip2′d files

mv file1 file2 to rename files from file1 to file2

You can ssh in using an RSA key -> ssh -i key.txt [address]

To input data into local host, echo key | nc localhost 30000

Commands like openssl

nmap -p T:[number]-[number] to scan ports

diff file1 file2 to see the differences

I think lecturers use this in their autotesting for labs

#Week04 #SomethingAwesome

Trending Tags

Last Seen Tags

#week04

Trending Tags

Last Seen Tags

#week04