GT OMSCS, CS 6035 - Project #1 (Man-in-the-Middle)

This project had us explore a Man-in-the-Middle attack, which is a cyberattack in which a malicious user intercepts and uses to their advantage a conversation between two parties without their knowledge. The attacker can eavesdrop on the conversation and take advantage of sensitive data being passed across the network such as credit card information or login credentials. They can also alter the messages being relayed to the involved parties with the motivation to change communication content, inject malicious code, or redirect funds.

For this project, we played the role of a FBI agent working to bust a hacking group by finding and studying messages from a packet capture (PCAP) file showcasing network traffic. We used Wireshark, which is a packet analyzer tool, and PyShark, a Python library wrapper for tshark, to analyze half a million data packets sent across a network by sifting through various networking protocols such as TCP/IP, FTP, IRC, DCC, HTTP, and DNS. By delving into protocols and other networking concepts such as port forwarding, it became clear from our packet analysis that there’s only so many actors at play and only so many ways they can communicate. This creates a tangible opportunity to exploit a network especially when we leverage tools such as nslookup. I used information I found on the network to lead me to the hackers’ file servers to download important keys used to get assignment flags. Network data I found were encrypted so I used CyberChef alongside a number of decryption algorithms like AES, RSA, and caesar ciphers to make the information human-readable. I also used a password cracker tool, John the Ripper, to hack into a password protected document.

This project was designed in a Capture the Flag (CTF) style similar to challenges you might find on TryHackMe, Hack The Box, or Carnegie Mellon University’s picoCTF. Having completed several of those challenges, I found they helped with CS 6035 by familiarizing me with the concept of CTF; however, the tasks in CS 6035 felt much more layered and complex. Unlike CTF challenges, which were typically standalone, the CS 6035 tasks built on each other and involved many subtasks. Overall, I enjoyed this project and learned a ton about computer networks having limited exposure to the topic previously. Since we were only given a week to complete the project, I’m getting a lot of practice in quickly picking up new tools and information to then use right away to successfully carry out exploits. Beyond gaining domain expertise, my ability to tackle unfamiliar, complex topics and complete tasks under tight deadlines is growing stronger, and I’m really enjoying the added strength to this skill.