NavMesh and Maze Generator

Short blog..

Working more on the random maze generator, I tried to implement the NavMesh, so that I could start working on the AI’s traversing states. But in order to bake the NavMesh the objects being baked need to be static objects, this was troublesome because the maze generator always implements a different map every time, meaning that if I did want to bake the maze, the only way it could possibly done would be via code, unfortunately I was unable to find information on that being possible, so in order to make this game more possible, I started the maze generator and I copied the maze that was built, and copied it into a new scene, getting rid of the gameobject that called the random maze generator, and making the new static maze into static objects, now when going forward with the navigation system, I was able to bake the inside of the tunnels as walkable areas.

Blue indicates the NavMesh, walkable areas.

This does change what I originally wanted, but a work around can be done, simply by running the maze generator I can make and abundance of mazes and save them into new scenes as a type of level system.



Pathfinding/Unity Nav Mesh


Unity Pathfinding and Navigation

Unity provide a navigation system inside of their development program that is extremely simple and useful to use when implementing pathfinding in a 3D game.

The navigation system allows users to create AI that can intelligently move around a 3D game world that has been created, using navigation meshes that are created automatically from the scene geometry.

Dynamic Obstacles allow you to alter the navigation of the characters at run time, while off-mesh links let you build specific actions like opening doors or jumping down from a ledge.

Navigation Overview

  • Built in navigation system
    • Allows characters intelligent & accurate movement
  • Traditional navigation around 3D objects in a scene is considered slow and inefficient due to the complexities of the models.
  • Unity us NavMesh
    • NavMesh is a very simple 3D mesh which is derived from the geometry of more complicated elements in a scene.
    • easier to navigate and pathfinding within.
  • Process of creating a NavMesh, called “Baking”.
  • Off-mesh links
    • Control movement across meshes.

NavMesh Baking

Navigation requires the use of a simplified geometrical plane, often called NavMesh.

  • Baking (Creating a NavMesh)
  • In order to bake a NavMesh, Unity must be told which objects are navigation static. (Objects that don’t move, e.g. floor, walls, obstacles), this is so an accurate calculation can be done to obtain the walkable areas of the scene.

NavMesh Agent

Responsible for moving of the characters around a scene and finding paths in a NavMesh.

  • Can easily navigate a game object with a NavMesh agent component.
  • Moving of the agent is done via code.

Off-mesh links

Provide simple paths between pieces of NavMesh.

  •  Connecting two NavMeshes together to allow movement between them.
  • Pathways that connect pieces of a NavMesh, so NavMesh agents can traverse them, e.g. Jumping off ledge.


Using Unity’s Navigation system, I should be able to get my game AI to traverse through the maze, the only thing that I am worried about, is the fact that because the actualo maze is made up of individual pieces coming together to form a random maze, is if I will need to add a navmesh to each piece of tunnels or if it possible to run the NavMesh after the maze has generated, this is something I will work on for the demo.

I have actually practiced using the NavMesh on other various prototypes AI games, and it was pretty straight forward. Implementing it will be a bit of a challenge for the maze.

Supervisor Discussion #3

Meeting with my supervisor on Wednesday 11th of October. We started off by talking about the report, Craig says I will have no problem writing up my report with the amount of research that I have done into this project. So the main focus was discussing how we can turn what I am doing into a poster, for the poster evening event at NMIT.

In order to get a general idea, we went through the research journey I have under gone for the project in order, from where I started to where I am at, in the present. This was helpful because if there were things that I had missed, I could quickly research into it.

Craig took down notes in order to create a visual graph of the project, this is to help me with the poster, but I also think it could help me with my report.


Web Application Vulnerabilities

Lab 14

“DVWA (Damn Vulnerable Web Application) is a web-based application that has been deliberately designed to include various vulnerabilities.In this lab, we will install the application and investigate some of the vulnerabilities.”

Exercise one: Installing Xampp

This slideshow requires JavaScript.

Exercise two: Installing DVWA

This slideshow requires JavaScript.

Exercise three: Exploiting a Command Execution Vulnerability

Size of the packets are only 32 bytes.1.PNG

We have set the amount of bytes for this one, so its 800.


If this is the correct thing that was meant to display from the command /?, then this basically works like a command prompt. -l we sent the size of the of the bytes to the server, this pings whatever we type in.


What was returned when typing in “server | dir” into the ip address text box, was information that looked like it regarded the extracting or editing of the DVWA files or the information log of me accessing the site via the browser. Because dir is a command used for file and directory listings?


Exercise four: Exploiting a SQL injection Vulnerability

During wokring on this website I noticed that when entering the commands given to us from the lab book, This worked like a database.


Entering the 1′ command into the textbox, gave me back admin information.


Exercise five: Exploiting a Cross Site Scripting Vulnerability

This part of the lab, worked like executable scripting.



LAB 13

“HTTP transfers are all in plain text or use simple encoding methods. This makes the protocol extremely vulnerable to packet sniffing. HTTP transfers can be protected by encrypting them with SSL/TLS.”

Exercise one: Sniffing HTTP

This exercise involved capturing HTTP packets between the client vm and server vm, surprisingly this seems to be quite an easy process. Packet sniffing can be used to steal sensitive data, of people who become victims of identity theft, etc.

This practical example was very interesting to participate in, as I am not an expert in this field.

This slideshow requires JavaScript.

Exercise two: Securing HTTP

Being able to secure the the HTTP from the server, really shows the power you can have over a network.

This slideshow requires JavaScript.

Data Leakage Prevention

Lab 12


Exercise one: Installing Rights Management Services

There was an error that wouldn’t allow the install to go as planned, using the forum, was able to fix this by getting rid of the conflicting site that was done in a previous lab.

This slideshow requires JavaScript.

Exercise two: Exploring the DLP Options


Network Access Protection

Lab 11


Exercise one: Installing Network Access Protection

During this exercise I was forced to skip step 5, 6 and one step inside of 9, purey because they just would not appear as they instructed in the lab, I think the reason for this being that I may have done it once before in a previous lab and without a way to revert everything after each lab, it is hard to keep track of what I have done.

This slideshow requires JavaScript.

Exercise two: Configuring Network Access Protection

This slideshow requires JavaScript.

Exercise three: Configuring a NAP Client

This slideshow requires JavaScript.

Exercise four: Testing Network Access Protection

When asked to run the command prompt and type in ipconfig/release or ipconfig/renew, I am given the same error message “The operation failed as no adapter is in the state permissible for this operation”, this could be from the fact that I skipped those few steps in the beginning. I went back to try and redo them but the fact I could not do them, still remained the same.

I also did not know what the commands were trying to do, so I did a little research.
ipconfig /release is executed to force the client to immediately give up its lease by sending the server a DHCP release notification which updates the server’s status information and marks the old client’s IP address as “available”. Then, the command ipconfig /renew is executed to request a new IP address.

This slideshow requires JavaScript.

Exercise five: Circumventing Network Access Protection

When trying to ping the server, the ping request could not find the server, then when I check my ip address, it was changed by an auto-configuration.

Even after changing the IP address, I still could not ping the SERVER.

This slideshow requires JavaScript.

Attacks Against DHCP and DNS

Lab 10

Attacks against core network services such as DHCP and DNS can represent powerful exploits. In this lab, we will use a rogue DHCP server to misconfigure DNS settings on clients, thereby gaining the ability to hijack other services. We will demonstrate this by a website defacing attack, but it could as easily be used to facilitate a Man in the Middle attack against web services.”

Exercise one: Setting up the scenario

This slideshow requires JavaScript.

Exercise two: Preparing the Attack

This slideshow requires JavaScript.

Exercise three: Falling for the attack

I know why this website shows instead of what is meant to show up, The page that I edited in RogueVm was an error message, as the website which I’m guessing was this one that was meant to appear, did not appear due to it not being connected to a network. So when the editing happened I edited the error page, but the client doesn’t have any issues with the connection so it displayed the website which has not been edited.

I have tried going back and retrying the website connection, but to no success. Turns out the problem was because the DHCP was turned off, however even with the DHCP enabled for the ethernet0, the DNS server isn’t responding. I was able to reconnect the DNS server by changing the IP and subnet mask, but it still says that DHCP is not enable when it clearly is.

Not quite sure what is going on, the error seems to swap between the two.


Telnet and FTP

Lab 9


Exercise one: Configuring Telnet and FTP

This slideshow requires JavaScript.

Exercise two: Examining Telnet Traffic

The packets that I examined for there last characters spelt out my login and the password I used for logging into the telnet.

The last packet I had for mine, didn’t give anything away that I noticed, except for these characters “25; 24H . 25;24H”, and that was all that stood out.

This slideshow requires JavaScript.

Exercise three: Examining FTP Traffic

13. The packet of the first ftp-data filtered packets, contains the file information that was present in the web browser.

14. The second packet contains the actual information that appeared when one I clicked appeared.

This slideshow requires JavaScript.

Password Sniffing

Lab 7

Exercise one: Keyloggers

I remember my friend telling me that a Key-logging program was a good way to learn code. He even suggested I make one.

Due to unforeseen circumstances, I am unable to do this exercise, I don’t have the actualspy setup file in my gtslabs. I cannot find it in any of the folders either.

Actual Spy (Keylogger), Actual Spy is a background application that keeps track of what is happening on your computer, it automatically records what is being typed into your computer.

Exercise two: Cain and Abel

I have used Cain and Abel once before, on my own computer, more for pure interest on what a brute force attack was and how it works. I didn’t think it was that effective when I tried it, unless you are able to narrow down the characters used for the password on the computer you are doing it on, otherwise it takes forever to crack the password. Was unaware of the various ways getting a password could be done by cain and abel.

This slideshow requires JavaScript.

Exercise three: Cracking Windows Passwords

This exercise was definitely an interesting one, I’ve never really played around with this type of password cracking or any at all 0_0 . Seeing that Cain and Abel was able to capture my password was also very cool and concerning.

This slideshow requires JavaScript.