Cyber Security: An Offensive Mindset [Week 2 - Sprint]
Weekly Sprint
Tuesday
Guest 1: Patrick S Kelso
- Use the below command to find out which shell is being used (e.g. bash or zsh):
echo $SHELL
- The curl command is used providing a library and command-line tool for transferring data using various network protocols (e.g. html).
- To get the weather in command line use the below command:
curl wttr.in
- To find the OS and version used on the box you’re targeting:
cat /etc/os-release
- The command below is useful but more so used to show which kernal is used:
uname -a
- Which command is used to
which cat
which cd
- Enhanced cd is very useful for your main machine.
- Another tool is tmux.
- Another tool neofetch to show how many packages you have installed and other system details.
- Look at reddit —> unixporn.
- awesome-selfhosted on github.
- Unix system = a tree
- / is the root of a tree → don't have files here just folders.
- You can alias commands to another command.
alias vim = vi
- Digital ocean wiki —> have useful documentation for linux (mail server).
- Arch Linux distro —> Manjaro easier version.
- Distrowatch.com
- RedHat = distribution used for enterprise usually but it is always one step behind other open source alternatives. But it provides security and assurance to an organisation which is why it is quite reputably used in industry.
Guest 2: Robert Mitchell
- Curiousity and passion = Success in infosec
- Book: www.underground-book.com —> "The underground"
- The internet was initially built on openness, access, availability and implicit trust.
- Internet has gone from an academic network to a commerical one.
- "https://www.checkpoint.com/gen-v-cyber-security/"
- Large-scale "bugs" break the internet:
- Heardbleed
- Shellshock
- Types of risk:
- Commerical
- Technical
- Reputational
- Regulatory
- Operational
- Risk calculations:
- Assets/Data
- Impact
- Threats
- Likelihood
- Risk = Likelihood x Impact
- Industry tips:
- Core knowledge > Product skills
- Learn the Protocols/APIs, not the products.
- Understand infrastructure AND Application space.
- Learn to code! Learn to automate at scale, don't just use tools.
- Dev/Sec/Ops are all merging.
- Always play the other side.
- "Red" teams exists to make "Blue" teams better.
- www.nomorerandsomware.com
- Start at the bottom and leave being at the top, I may start at the bottom but I put the work in to get to to the top.
- Imposter syndrome.
Wednesday
Bandit - OverTheWire
- Level 7 —> 8
- Simply vim into the file using as shown:
- Then run this in the vim window this will show you where the word is, but you wont be able to copy the password.
- The simplest way to find the text is using grep:
- The below command will allow us to sort the text file and count unique occurrences.
- “Sort” command will sort contents of text file, line by line. It prints lines of its input or concatenation of all files listed in its argument list in sorted order.
- “Uniq -c” is used to count the unique occurrence of each line. If the similar lines aren’t adjacent, this wouldn’t have worked without sorting before.
- You can also at “-r” to have the sorted list reversed so you can see it at the bottom of terminal window.
- The use of “sort -n” will sort based on numeric (n) interpretation of uniq output.
- The “head -n 1” can also be used to just find the first result which is useful in our case scenario.
vim data.txt
?millionth
grep "millionth" data.txt
sort data.txt | uniq -c | sort -n | head -n 1
- Level 9 —> 10
- The best way to find readable strings in a document which is otherwise unreadable.
- We use the “strings” command:
- To refine the search to only show lines with more than one equal sign we do the following command:
- Level 10 —> 11
- To decode the contents of data.txt from base64 use the below command:
- If you were to actually encode in base64 use this command:
- Or for example to encode a command to use it for code execution:
strings data.txt
strings data.txt | grep “==“
base64 -d data.txt
base64 data.txt
echo 'cat /usr/local/bin/score' | base64
- Level 11 —> 12
- Tr command = used for translating. This utility not only translates it can also delete characters from stint input and write to stout.
- The below version of Tr command will decode ROT13:
- In the command line to use the above command we need to cat the contents of data.txt first as shown:
tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
cat data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
Group Presentation
- Please follow link to Group Presentation:
https://drive.google.com/open?id=1ugD4t75gBMKKCI7O-rm6DoNxDdd2zTd8Jf9rZznAQyg
Thursday
PicoCTF
- Used CyberChef (online tool) → to solve base64 conversions.
- Used bless (hex editor) → to show hexadecimal in an image provided.
- NOTE: Hexeditor online is also a quick an easy way to do the same thing.
TryHackMe
- First signup to TryHackMe → Download the configuration file as shown below:
- Then go to Kali VM and run the following command to open a VPN connection to TryHackMe network.
- Next if you go back to the webpage and click refresh, you'll see this screen:
- Now that I've gained access into the network I can move to the tabs "My Rooms" → these two rooms were recommended by my summer studio facilitator Jason. Do in this order:
- UltraTech1
- Vulnversity
UltraTechMobile
- Below is the IP address that I was provided and I am able to do scans on is as follows:
- The First task for this room is to conduct an enumeration scan (I have used nmap).
- I first used the manual to see a common nmap command and I found these:
- To enumerate my target I used the following nmap command:
- After searching through the results of the scan I noticed the application on port 8081 was as follows:
- For the second task, the goal is to find non-standard ports in use, but my previous scan after I looked through the scan information I couldn't find unusual ports in use.
- After some research I uncovered some extra parameters that would help:
- So I then reattempted another nmap scan as shown below:
- The only down side to this scan is that is scanning a large amount of possible ports, this was taking WAY too long.
- I decided to do some more research and found a useful nmap scan explanations, which were very informative:
- Link is here: https://security.stackexchange.com/questions/185503/what-are-non-standard-ports-and-protocols
- I then attempted the below command:
- One of the scan results found a very unusual non-standard port '31331' as shown below:
- The third and fourth task then queried further information about the above '31331' port that was in use:
- The final question for enumeration is to:
- I was unsure how the answer to the final question was "2", so I did seek some guidance from one of my summer studios facilitators Jason as seen below:
- So I began to research first was what is an API, I've heard the acronym said quite a lot but I never understood what it meant.
- API (Application programming interface) = a set of routines, protocols and tools for building software applications.
- Specifies how software components should interact.
- Set of rules that allow programs to talk to each other.
- e.g. developer creates API on server and allows the client to talk to it.
- Rest API's on the other hand determines how the API looks like.
- REST = Representational State Transfer.
- It is a set of rules that developers follow when they create their API.
- One of these rules states that you should be able to get a piece of data (called a resource) → when you link to a specific URL.
- Each URL = called a request while data sent back to you is called a response.
- Resources used in research include:
nmap -v -A 10.10.103.186
nmap -v -A -p- 10.10.103.186
nmap -sS -A -Pn -T4 -p1-65535 10.10.106.21
Other Posts
CompTIA Security+ 601
BSides Canberra 2021
TryHackMe - Pre Security
Cyber Security: An Offensive Mindset [Week 1 - Sprint]
Cyber Security: An Offensive Mindset [Week 5 - Reflection]
Cyber Security: An Offensive Mindset [Week 4 - Reflection]
Cyber Security: An Offensive Mindset [Week 4 - Boiler CTF Write up]
Cyber Security: An Offensive Mindset [Week 4 - Sprint]
Cyber Security: An Offensive Mindset [Week 3 - Sprint]
Cyber Security: An Offensive Mindset [Week 2 - Reflection]
Cyber Security: An Offensive Mindset [Week 2 - Sprint]
Cyber Security: An Offensive Mindset [Week 1 - Reflection]
Cyber Security: An Offensive Mindset [Week 1 - Intro]
Cyber Security: An Offensive Mindset [Week 6 - Reflection]
GIAC Certified Incident Handler (GCIH)
BSides Canberra 2023
Crickey Con 2022
CSEC Con 2022
SecTalks Meet Up Event [UTS]
SecTalks Meet Up Event [PwC]
SecTalks Meet Up Event [TikTok]
SecTalks Meet Up Event [Google]
Blue Team Level 1 (BTL1)
Cyber Security: An Offensive Mindset [Week 6 - Portfolio]