GET and POST are by far the most importantConnect the Opera browser to the Tor network (through a suitable SOCKS5 proxy). In Opera navigate to the following address (which can only be reached through Tor):
https://www.facebookcorewwwi.onion/In the second tab open:
https://whatismyipaddress.com/Note where your Tor traffic enters the usual internet (i.e., where your tor exit node is located).
Virtual machines dedicated to these classes are available at tin-sXXXXXX.vm.wmi.amu.edu.pl. Before their first use, some configuration is required. The following steps should be taken:
Log into https://cloud.wmi.amu.edu.pl using your LABS credentials.
In the left panel (pool view), find your machine. In the Network tab, we can get the IP address of your machine. In the Console tab we have access to logging in directly to the machine.
Start the machine and then log in (via Console) to theroot account using the password tin2019.
Change password using passwd command.
To perform the next task, it is necessary to enable login by ssh forroot. To do this, edit the /etc/ssh/sshd_config file. Change permitRootLogin to yes.
Restart sshd service
# systemctl restart sshd.serviceWe check if changes have been taken into account by trying to connect to our virtual machine from a local computer.
$ ssh root@tin-sXXXXXX.vm.wmi.amu.edu.plWe will be asked for our password. If we are able to log in correctly, the configuration has been completed.
On your computer generate a public/private key pair. Examples here will use so called Ed25519 keys which are believed to be secure and robust. This is a rather new standard for SSH keys and older software using SSH might not support it. One then has to use other key algorithm (RSA, ECDSA).
$ ssh-keygen -t ed25519The key pair is automatically saved to .ssh/id_ed25519 and .ssh/id_ed25519.pub. The first one is private, the second one can be shared with the world. One can optionally encrypt the key with a password.
To log into servers without having to type a password every time, one has to add the the public key to the file .ssh/authorized_keys on the server. One can have many keys authorized to access the server.
Fortunately there is an automatic tool just for the job. Typing:
$ ssh-copy-id -i ~/.ssh/id_ed25519 root@tin-s123456.vm.wmi.amu.edu.plwith your VM address will authorize you to access the server. Now to make things a little shorter, add the following to .ssh/config:
Host lts
HostName lts.wmi.amu.edu.pl
User sXXXXXX
Host tin
HostName tin-s123456.vm.wmi.amu.edu.pl
User root
ProxyJump ltsNow you can log into server by typing just ssh tin. Because we also included the section on lts and the line with ProxyJump, you can log into tin from anywhere in the world, even though tin is unreachable. SSH will first log into lts and only then to tin.
Afterwards you may want to disallow logging in with a password for root on the server. To do this make sure you have:
PermitRootLogin prohibit-passwordin /etc/ssh/sshd_config. To take into effect one has to restart the SSH server:
# systemctl restart sshdSSH keys are by no means restricted to accessing shell servers. One can use SSH keys, e.g., to login without password to GitHub or git.wmi.amu.edu.pl.
Configure the SSH server on your virtual machine in such a way, that it presents a Ed25519 public key (it should be different the one that was installed during VM creation, generate a new one).
In order for this task to be checked, send an email to bikol@wmi.amu.edu.pl with the subject “[DTIN] Z3.1 ######” (with your student ID number, which is a part of your VM address).
Configure firewall on your virtual machine (container) in such a way, that it drops all connections attempts to ports 1–1000 except ports 22, 80 and 443. Let it still answer to the usual PING request.
In order for this task to be checked, send an email to bikol@wmi.amu.edu.pl with the subject “[DTIN] Z3.2 ######” (with your student ID number, which is a part of your VM address).
Using your usual LABS username and password login to the application running at https://kino.vm.wmi.amu.edu.pl:1031/ in such a way, that the server believes your IP address is the IP address of the server lts.wmi.amu.edu.pl.
Hint: Because of how the faculty network is configured, port 1031 is not reachable from outside the campus. Use an SSH tunnel or use SSH as a SOCKS5 proxy.
Using your usual LABS username and password login to the application running at https://kino.vm.wmi.amu.edu.pl:1032/. The port is normally blocked, you must first knock under ports 37366 and 22908 (in this order). Then the port 1032 will be accepting connections for 10 seconds. During this time you need to establish the connection. Further traffic will be accepted by the connection state tracking in the firewall. Make sure your IP address is different than the IP address of lts.wmi.amu.edu.pl.
Hint: Because of how the faculty network is configured, port 1032 is not reachable from outside the campus. Normally a solution would be to use SSH tunneling (like above), but the task requires another server than lts. You can solve this problem by either solving this from the campus, using a tunnel to your VM or using the faculty VPN. Details on how to configure the VPN can be found here (unfortunately only in Polish, but with screenshots).
Configure port knocking at your virtual machine (container).
Create a sequence of files comprising a simple blockchain in the following manner:
0.txt, 1.txt, 2.txt. Each of these files is the same and contains just one line of text: your name, surname and student ID number in parentheses, eg. Michał Goliński (123456). Use UTF-8 encoding and make sure the files end with a single newline character (Unix style).0.txt on the blockchain find a string of 32 hexadecimal digits (use lowercase letters a-f), such that when appended to the file 0.txt as the second line (once again ending with a single newline character), the MD5 hash of the whole file starts and ends with 2 zeros (i.e. four zeros altogether).1.txt after 0.txt in our blockchain we proceed as follows. First add the MD5 hash calculated above (the one starting and ending with zeros) as the second line of 1.txt. Now find a string of 32 hexadecimal digits (use lowercase letters a-f), such that when appended to the file 1.txt as the third line (once again ending with a single newline character), the MD5 hash of the whole file starts and ends with 2 zeros.2.txt to the blockchain: first add a line with the hash of the second file and find a string of 32 hexadecimal characters in the third line that makes the MD5 hash start and end with 2 zeros.