Cybersecurity Blog
📰 Posts 🗂️ Categories #️⃣ Tags 💬 About
Cybersecurity Blog

Contents

Become A Hacker

First Step to Become a Hacker - Haaga-Helia Assignment

Vincent Le included in Data Security Assignment
   796 words   4 minutes 
/assignment-1/featured-image.jpg

First Step to Become a Hacker - Haaga-Helia Assignment

Assignment 1

The questions for the assignment are here

Task Z

1. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains

Source: Hutchins et al 2011 - Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains

The paper introduces a new kill chain model that has 7 phases below:

  1. Reconnaissance - research, identification and selection of targets
  2. weaponization - data files such as PDF or Microsoft Office documents serve as the weaponized deliverable.
  3. Delivery - transmission of the weapon to the targeted environment.
  4. Exploitation - after the weapon is delivered to victim host, exploitation triggers intruders’ code.
  5. Installation - installation of a remote access trojan or backdoor on the victim system to maintain persistence inside the environment.
  6. Command and Control (C2) - compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel and intruders have “hands on the keyboard” access inside the target environment.
  7. Actions on Objectives - intruders take actions to achieve their original objectives.

The course of actions matrix

Course Of Actions Matrix

2. Command Line Basics Revisited

Source

  • Most used commands to explore around in Linux
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

pwd

ls 

cd dir/

cd ..

nano file.txt

mkdir newfolder

mv oldname newname

mv somefile newdir/

cp -r original copy

rm junk

rm -r folderofjunk
  • SSH Remote Control
1
2
3

ssh remotehost@example.com 

scp -r folder remotehost@example.com:public_html/
  • Administrative commands
1
2
3
4
5

sudo apt-get update

sudo apt-get -y install some-software

sudo apt-get purge some-software

3. Install Debian on Virtualbox

Source

  • To install Debian, one should install Virtualbox first
  • Update everything such as latest versions of all software and apps
1

sudo apt-get -y dist-upgrade

4. Install Webgoat 8 - Learn Web Pentesting

Source

  • Install latest Java and ufw if needed
  • Run Webgoat
1

java -jar webgoat-server-<version>.jar
  • Check Webgoat from http://localhost:8080/WebGoat/

Task A - Bandit oh-five

Over The Wire: Bandit Challenges

Level 0 + Level 0 -> Level 1

  • To access the remote host, I used the command below
1

ssh bandit0@bandit.labs.overthewire.org -p 2220
Bandit Level 0 
1

nano readme

Level 1 -> Level 2

1

ssh bandit1@bandit.labs.overthewire.org -p 2220
Bandit Level 1-2 
1

nano ./-

Level 2 -> Level 3

1

ssh bandit2@bandit.labs.overthewire.org -p 2220
Bandit Level 2-3 
1

nano "spaces in this file name"

Level 3 -> Level 4

1

ssh bandit3@bandit.labs.overthewire.org -p 2220
Bandit Level 3-4 
1
2
3
4
5

cd inhere

ls -a 

nano .hidden

Level 4 -> Level 5

1

ssh bandit4@bandit.labs.overthewire.org -p 2220
Bandit Level 4-5 
1

cd inhere

This level is not hard to figure out which file contains human-readable text. I could just open each file and check, or use the cat command on each file to check its content.

But I think there is a smarter way to do it by using this command

1

for file in *; do echo "$file"; cat ./"$file" | column -t; done

I loop through each file, echo the file name then check its content out. But the output looks really messy like this

Bandit Level 4-5

Therefore, I added this part | column -t in there to format the output and the result looks like this

Bandit Level 4-5

Task B

Debian

Task C

WebGoat

Task D

General: HTTP Basics

WebGoat HTTP Basics WebGoat HTTP Basics

General: Developer Tools

WebGoat Developer Tools WebGoat Developer Tools

Task M

Level 5 -> Level 6

1

ssh bandit5@bandit.labs.overthewire.org -p 2220
Bandit Level 5-6

This task is pretty tricky, I can’t loop over so many folders and check all the files in each folder. Initially, I came up with this code

1

for file in *; do echo ./"$file"; filesize=$(stat --format=%s ./"$file"); echo $filesize; done

Basically, I wanted to cd to each folder manually and check file size. This way is clearly not an efficient way. Moreover, the stat command can’t check hidden file. Therefore, I change my code to

1

find . -type f -readable ! -executable -size 1033c

Using find, it’s much easier to check everything based on the conditions given in the question. This command print out the path to the correct file. To check the file content, simply use this command

Level 6 -> Level 7

1

ssh bandit6@bandit.labs.overthewire.org -p 2220
Bandit Level 6-7

This task is a bit different that the remote server seems to simulate the real Linux system. First I had to cd to the home directory first

1

cd /

1

find . -user "bandit7" -group "bandit6" -size 33c

After running this we will see a bunch of permission denied, but there is 1 path indicates the location of the found file

Bandit Level 6-7

So we can simply check the file content using cat command and BOOM, we can see the password to the next level

Level 7 -> Level 8

1

ssh bandit7@bandit.labs.overthewire.org -p 2220
Bandit Level 7-8

My simple command

1

sed -e 's|./||g' -nE -e '/^(millionth)/p' data.txt
Updated on 24-08-2022
Read Markdown
 data-securityhaaga-helia
Back | Home