Week 1 : Penetration Testing

Introduction
Week 1 (23 February 2018)

1.0 Definition
Penetration testing is a type of security testing that is used to to test the insecurity of an application. The goal of conducting / hiring a penetration tester is to find a security risks or vulneralibilites that might be present in the system.

2.0 Type of Penetration Testing

2.1 Black Box Penetration Testing
In black box penetration testing, tester has no given knowledge about the system, no internal help, no knowledge about network topology and so is the IT personnel that are going to be penetrated.

2.2 White Box Penetration Testing
White box penetration testing is the opposite of black box penetration testing. In white box penetration testing, the tester are well informed about the system and network schema, OS, IP address, source code, etc.

2.3 Grey Box Penetration Testing
Grey box penetration testing is the combination between black & white box penetration testing model. Tester are given partial information or limited information about the details of the system.

3.0 Hacking Cycle
10 Steps of Ethical Hacking
• Target scoping
• Information gathering
• Target discovery
• Enumerating target
• Vulnerability mapping
• Social engineering
• Target exploitation
• Privilege escalation
• Maintaining access
• Documentation and reporting

4.0 Kali Linux
Kali Linux can be downloaded from here.

4.1 Installing Kali in Virtual Machine
Oracle Virtual Box can be downloaded from here.
After download Oracle VB, install it in your computer.

Below is the step by step of to install Kali in Oracle VB.

  1. Create a New Virtual Machine by clicking new button in Oracle VB
    Create a name for the OS.

    In this case, the one we are going to install is Kali Linux, once you type Kali Linux, The Types and Version will automatically changed.
    Next is the allocation of Memory Size, the recommended is 1024 MB / 1GB.
  2.  Create Virtual Hard Disk

    Choose VDI
    Choose the name of the folder and the size of the allocation memory in your computer, the recommended is 8.00 GB.
    Choose Dynamically allocated, so it does not affect your computer’s performance too much.


    You do not have to worry, since we chose dynamically, not all 20 GB will be used.

  3. Installing the Kali Linux. First double click the Kali Linux, you can customize your settings.
    Select / Browse the Kali Linux that you have downloaded in your computer.
    Choose Graphic Install.
    Choose your language
    Since I am living in Indonesia, and it is not in the list, i chose the option other.
    Choose the default language again.
    Choose the keyboard type.
    Fill Name of your Server Address.
    Hostname is admin name.
    Choose your domain name, in my case, is my blog url.
    Set your password, make sure it’s a strong one.
    This just configuration of the time zone.
  4. Disk Partition, choose to use entire disk.
    Select the disk.
    This is your own configuration, but I’d recommend all files in one partition
    Make sure the partition is what you wanted, and click finish if done.
    Write the changes to the disks.
  5.  Network Mirror and GRUB.
    After the installation of partition, choose yes to use network mirror.
    Leave the HTTP proxy information blank.
    Install the GRUB.
    Install the GRUB boot loader and the master boot record, too.
    Reboot, and Kali Linux installation is finished.

Saving Princess Alice: User Documentation

Task Distribution

We divided the game into several layouts, there are mainMenu, startMenu, loadMenu, map1 to map7, and lv1 to lv9. We also added lvCompleted layout. Jeffrey do most the logic-related coding with Construct 2 while I’m more focused on front-end development. Most of the pictures and icons are original, while we use the music from website that provide free-license musics.

User Documentation

mainMenu Layout

 

In this layout, there are 4 buttons. startButton, loadButton, exitButton and creditButton.
If the user click startButton, they will be directed to startMenu layout.

If the user click loadButton, they will be directed to loadMenu layout.

If the user click exitButton, the browser will close and exit the game.

If the user click creditButton, it will display the references to the images that’s used in the game.

startMenu Layout


In this layout, the user are expected to fill the name for the saving process.
If the saving slots are already full, they can choose to override or back to mainMenu to load the game.

loadMenu Layout


In this layout, the user can choose one of the three slots provided to choose where to load the game.

lv1 layout

In this level, the user is going to help the Grandma finding apples in trees, the goal of this level is to informed the user about what is apple.

lv2 layout


In this level, the user is going to help feed Wolf, Wolf are carnivore, so the Wolf will not accept vegetables.

lv3 layout


In this level, the user is going to help Mama Sheep finding her kids. Little Sheeps are hidden in the cloud, tree, and one is not hiding at all.

lv4 layout

In this level, the user is going to cross the road, so they have to look around and see that many shapes that are not in their place. The user is expected to drag and drop the shapes into the right places.

lv5 layout


In this level, the user is going to help the grandma again finding her kitten. The user is expected to listen to the objects around to find where is the “meow” sound. Because meow is where the kitten is located.

lv6 layout


In this level, the user is going to help the breeder to locate what sound does the four animals speak.

lv7 layout


In this level, the user is going to help a man to colour a landscape picture by dragging and dropping from the colour pallete.

lv8 layout


In this leve, the user is supposed to be dealing with some mathemathical problems given by troll.

lv9 layout

 
In this level, the user is going to listen to follow the troll instruction, which is to sing along to “Twinkle Twinkle Little Star” song with the user’s parent or supervisor.

lvCompleted layout

This layout is used for transitition between levels.

map1 layout


This is the first map of the game, this map consist of lv1 Layout.

map2 layout

 
This is the second map of the game, this map consist of lv2 and lv3 Layout.

map3 layout


This is the third map of the game, this map consist of lv4 Layout.

map4 layout


This is the fourth map of the game, this map consist of lv5 and lvl6 Layout.

map5 layout


This is the fifth map of the game, this map consist of lv7 and lv8 Layout.

map6 layout


This is the sixth map of the game, this map consist another level, which is a maze map.

map7 layout

This is the last map of the game, this map consist of lv9 Layout

Conclusion

Overall, I want to conclude that creating a game is pretty hard, especially when the developer are dealing with some user specifications. But I want to thank Mr. Raymond Bahana, as our lecturer and facilitator that guide me and Jeff throughout this project, and our Teacher Assistant, Sindy Senorita that also helps us dealing with lots of bug. Also thanks to my friends for moral support. Please kindly leave any comments or suggestions regarding this project in the comment below, thanks!

Saving Princess Alice: Game Proposal

Course: Multimedia & Human Computer Interaction
Course Code: COMP6341
Lecturer: Raymond Bahana, S.T., M.Sc.

A. Background

The purpose of creating this game is intended to develop the intelligence of the user in logical-mathematical as well as linguistic unconsciously. In other words, since it is a game, the users will only focus on achieving the goal of the game, which is to rescue the princess who run away, hence they will not aware that they are actually learning while playing.

B. User Target (Persona)

The main target of this game is for the kindergarten kids, who just learned reading and counting. The reason for targeting them is to improve their skill and ability of a logical thinking and language as well. For more information about our Personas, please check this link.

C. Overview

Basically, this project was made in order to achieve a good grade in Multimedia And Human Computer Interaction Course. Because we were asked to create a game for kindergarten children who are under 6 years old. At first, we were thinking about math solving games. But after awhile, we realized that maths are too complex for kindergarten children, so we were thinking about some game that does not require question to test their capability. Instead of using maths as the standard of their knowledge, we were thinking to create a game that teaches the children but also helping them gain knowledge indirectly (unconsciously).

Me and My team member gather and brainstorm about what aspect of knowledge can we teach the children about. Here is the results of our brainstorming and some rough design:

.

Our idea is to create a story-based game which the user will play to complete a simple objective, to save the princess named Alice. In the process of saving her, there are lots of distraction. By distraction, it means that there are a lot of character that require help from the user. The help given by the user covers lots of knowledge indirectly, such as Counting, Direction, Crossing The Street, Animal Sounds, Animal Diets, Puzzle, Maze, Vocabulary, Singing, Colors, Shapes, and Music.

D. Developing Apps

In order to create such game, we will use Adobe Photoshop CC 2017, Adobe Illustrator CC 2017, Adobe Lightroom, Paint, Construct 2 as the IDE, and maybe Adobe Premiere Pro CC 2017 or Adobe After Effect CC 2017 for the end credit videos.

Database System Final Project: FastCabs

The Assignment

A private taxi company called FastCabs was established in Glasgow in 1992. Since then, the company has grown steadily and now has offices in most of the main cities of Scotland. However, the company is now so large that more and more administrative staff are being employed to cope with the ever-increasing amount of paperwork. Furthermore, the communication and sharing of information within the company is poor. The Director of the company, Paddy MacKay feels that too many mistakes are being made and that the success of his company will be short-lived if he does not do something to remedy the situation. He knows that a database could help in part to solve the problem and has approached you and your team to help in creating a database application to support the running of FastCabs.

Week 1

Given the assignment above, we were told to create a database to help the FastCabs company. Mr. Bahana told the class to form a group consist of 3 people. Me, Jeffrey and Mikha join to form a group together. Then we discuss what to do with the given data. We create a rough ER table that day.

From the table ER we created, we asked Mr. Bahana for advice and he gave us many feedbacks, he also told us where we went wrong and how to fix it.

Week 2

Although we were busy with other projects, we still manage some time to gather and do this FastCabs project. Creating the tables and its attributes are hard because we cannot imagine how this cab works in real life. So we compared this FastCabs with UBER application which is an online-transportation application similar to FastCabs.

 

The biggest problem we encountered is the relation between tables. We created a new table (not mentioned in the specification) External, which is a table that contain extID which later will be use to determine whether the owner is a driver or not. The relation between tables are also confusing, we spent the whole weekend to create a perfect’ Entity diagram.

Week 3

Creating the database is not eas    y. Although we use phpMyAdmin, the connection between foreign keys and primary keys are a bit confusing. My task here is to populate the database as much as I could. The requirements in this project are some questions that related to our database. The query for the requirements are created by Mikha, here are the lists of query Mikha has made:

  • The names and phone numbers of the Managers at each office.
SELECT o.name AS Office_Name, s.name AS Name, s.phone AS Phone 
FROM manager m 
JOIN staff s ON s.staffID = m.staffID
JOIN office o ON o.officeID = m.officeID
  • The names of all female drivers based in the Glasgow office.
SELECT ex.name AS Name FROM external ex
JOIN driver d ON d.extID = ex.extID
JOIN manager m ON m.staffID = d.staffID
JOIN office o ON o.officeID = m.officeID
WHERE o.name = 'Glasgow' AND ex.gender = 'female'
  • The total number of staff at each office.
SELECT o.name AS Name, (COUNT(a.staffID) + COUNT(m.staffID)) AS Total_Staff 
FROM office o, admin a, manager m
WHERE a.officeID = o.officeID AND m.officeID = o.officeID
GROUP BY o.name
  • The details of all taxis at the Glasgow office.
SELECT plateNumber AS Plate_Number, type AS Type, color AS Color, extID AS OwnerID 
FROM taxi WHERE extID IN(SELECT extID FROM owner 
 WHERE staffID IN(SELECT staffID FROM manager 
 WHERE officeID IN(SELECT officeID FROM office 
 WHERE name = 'Glasgow')))
  • The total number of registered taxis.
SELECT COUNT(platenumber) AS Total_Taxi FROM taxi
  • The number of drivers allocated to each taxi.
SELECT d.plateNumber AS Plate_Number, COUNT(extID) AS Drivers_Allocated 
FROM driver d 
GROUP BY plateNumber
  • The name and number of owners with more than one taxi.
SELECT ex.name AS Owner_Name, COUNT(t.plateNumber) AS Number_of_Taxi 
FROM external ex, taxi t 
WHERE ex.extID = t.extID 
GROUP BY ex.name 
HAVING COUNT(t.plateNumber)>1
  • The full address of all business clients in Glasgow.
SELECT c.name AS Client_Name, c.address AS Client_Address 
FROM client c
JOIN business b ON b.clientID = c.clientID
JOIN contract con ON con.contractID = b.contractID
JOIN manager m ON m.staffID = con.staffID
JOIN office of ON of.officeID = m.officeID
WHERE of.name = 'Glasgow'
  • The details of the current contracts with business clients in Glasgow.
SELECT con.contractID AS ContractID, con.staffID AS ManagerID, con.numberOfJob AS Number_of_Jobs, con.totalMilage AS Total_Mileage
FROM contract con
JOIN manager m ON m.staffID = con.staffID
JOIN office o ON o.officeID = m.officeID
WHERE o.name = 'Glasgow'
  • The total number of private clients in each city.
SELECT o.city AS City, COUNT(p.clientID) AS Total_Private_Clients 
FROM office o, private p, manager m 
WHERE p.staffID = m.staffID AND m.officeID = o.officeID
GROUP BY o.name
  • The details of jobs undertaken by a driver on a given day (June 3, 2017).
SELECT ex.name AS Driver_Name, j.jobID AS JobID, j.extID AS DriverID, j.clientID AS ClientID, j.date AS Date, j.pTime AS Pick_up_Time, j.dTime AS Drop_off_Time, j.pAddress AS Pick_up_Address, 
j.dAddress AS Drop_off_Address 
FROM external ex, job j 
WHERE date = '2017-06-03' AND ex.extID = j.extID AND ex.extID = 'ex33'
  • The names of drivers who are over 55 years old.
SELECT ex.name AS Driver_Name
FROM external ex, driver d 
WHERE ex.extID = d.extID AND ex.age > 55
  • The names and numbers of private clients who hired a taxi in November 2016.
  • SELECT c.name AS Client_Name, COUNT(j.jobID) AS Number_of_Jobs 
    FROM client c, job j 
    JOIN private p ON p.clientId = j.clientID 
    WHERE p.clientID = c.clientID AND (j.date BETWEEN '2016-10-31' AND '2016-12-01') GROUP BY c.name
  • The names and addresses of private clients who have hired a taxi more than three times.
  • SELECT c.name AS Client_Name, c.address AS Client_Address
    FROM client c
    JOIN private p ON p.clientID = c.clientID
    JOIN job j ON j.clientID = p.clientID
    HAVING COUNT(j.jobID) > 3
  • The average number of miles driven during a job.
SELECT AVG(mileage) AS Average_Milage FROM receipt
  • The total number of jobs allocated to each car.
SELECT d.plateNumber AS Plate_Number, COUNT(j.jobID) AS Total_Jobs
FROM driver d, job j
WHERE d.extID = j.extID
GROUP BY d.plateNumber
  • The total number of jobs allocated to each driver.
SELECT ext.name AS Driver_Name, COUNT(j.jobID) AS totalJob
FROM external ext, job j, driver d
WHERE d.extID = ext.extID AND d.extID = j.extID
GROUP BY ext.name
  • The total amount charged for each car in November 2016.
SELECT t.plateNumber, SUM(r.charge) AS TotalCharge 
FROM taxi t, receipt r 
JOIN job j ON j.jobID = r.jobID 
JOIN driver d ON d.extID = j.extID 
WHERE D.plateNumber = T.plateNumber 
GROUP BY t.plateNumber
  • The total number of jobs and miles driven for a given contract.

 

SELECT numberOfJob, totalMilage FROM contract

Week 4

We add some features which is a login page and a driving simulation with receipt

 

I created the GUI, connection to the database, passing the values between forms, and some debugging. The user manual is already explained in the report. The program can be found in here. Thanks to my group Jeffrey and Mikha so this project can be finished in time. And special thanks to Mr. Bahana and Marvin because of their guidance throughout the whole course (and after).