-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
248 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| --- | ||
| layout: post | ||
| title: "30 Days of THM: Day 1" | ||
| date: 2024-06-05 10:00:00 +0000 | ||
| categories: [post, hacking, tryhackme] | ||
| tags: [post, hacking, tryhackme] | ||
| --- | ||
|
|
||
|
|
||
| 30 Days of TryHackMe: Day 1 | ||
| Welcome to 30 Days of TryHackMe, where I try to complete a section in TryHackMe every single day for the next 30 days. The purpose of this is to build up a streak of learning, and also as a review of things that may have slipped my mind. This is Day 1, so I am starting right at the beginning and I am going to work my way through. | ||
|
|
||
| The path I selected is the Complete Beginner Pathway. I have used TryHackMe before, but I want to get the complete experience of someone coming to this website with no experience. | ||
|
|
||
| The first section in this pathway is the Complete Beginner Introduction. The first section, aptly called Tutorial, goes over how to use the AttackBox, which is the machine a user would use while learning. You start up the machine, wait a few minutes for it to load, and then follow a simple set of instructions to get your first flag. A flag is a string of text that you get after completing cybersecurity challenges. Once you submit your flag, then you complete the room and move on to the next one. | ||
|
|
||
| All of the other rooms follow the same formula, although obviously some of the other rooms won’t be as easy as the first one. | ||
|
|
||
|
|
||
| After you finish Tutorial, the next room is Starting Out In Cyber Sec. This room goes over two different sides of cybersecurity: offensive and defensive. Both sides require an analytical mind, but there are some kety differences. Offensive security is all about attacking different applications and discovering where there are vulnerabilities. Defensive security is all about discovering and fixing those vulnerabilities. | ||
|
|
||
|
|
||
| After reading the description and answering some questions, you move on to the next room, Introductory Researching. The aim of this room is to encourage research into the field. Everyone in cybersecurity needs to research, no one knows everything. | ||
|
|
||
|
|
||
| Since the room required research, I aimed to do that for every question even if I knew the answers. It was kind of hard to do that with Google’s AI able to answer everything, so I had to improvise a little, to try to ask questions that someone who had just stumbled upon these subjects for the first time would ask. | ||
|
|
||
|
|
||
| I thought this was a pretty effective way of keeping me on my toes, because even for questions that I knew the answer to, understanding the why was an equally important concept. I thought this room did an excellent job emphasizing that. | ||
|
|
||
| Although in my research I did find people who just posted the questions to Quora or Reddit or some other website, and I do wonder if that is a form of cheating. | ||
|
|
||
| This room goes through general research questions and more specific vulnerability research, and using the Linux man command to figure out how to do specific things. | ||
|
|
||
|
|
||
| Overall this room was a great introduction to TryHackMe, and I had a lot of fun doing some research and learning a little bit more. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| --- | ||
| layout: post | ||
| title: "30 Days of THM: Day 2" | ||
| date: 2024-06-05 10:00:00 +0000 | ||
| categories: [post, hacking, tryhackme] | ||
| tags: [post, hacking, tryhackme] | ||
| --- | ||
|
|
||
| 30 Days of TryHackMe: Day 2 | ||
| Welcome to 30 Days of TryHackMe, where I try to complete a section of TryHackMe every single day for 30 days. Today is the second day of this challenge I gave myself, and I am going to be picking up where I left off with the Complete Beginner Pathway. This series is not going to be a walkthrough or a writeup, but more a way of tracking my progress and some thoughts I have about the website along the way. If you are looking for answers, then you can stop reading here. | ||
|
|
||
| Yesterday, I worked on the tutorial section. Today, the section I will be working on is Linux Fundamentals. Linux is a free and open source operating system based on the UNIX operating system, and it is named after creator Linus Torvalds. Most people will know about MacOS or Windows, but Linux is important to know because so many servers run on it. Free means you can use it without paying for it, and open source means anyone can work on it. | ||
|
|
||
|
|
||
| Part One is a good introduction to Linux and its command line. It gives a bit of background about the operating system, and then it allows you to deploy a virtual machine so you can mess around with it. The machine you’re given is a Command Line Interface, which is just you typing commands. So no clicking around, just you and the commands you know. | ||
|
|
||
|
|
||
| Part Two explores SSH, Secure Shell. That is a way of remotely accessing another machine, very important in the context of hacking. In this room we open up the AttackBox and use the ‘ssh’ command in order to access another machine. It also introduces a few flags and switches that you would want to use to add more functionality to the commands. For example, the ‘ls’ command has the ‘-a’ argument, which will list all files in the directory, including any hidden files. | ||
|
|
||
| This section also goes over a few other commands, like ‘touch’, ‘mv’, and ‘file’, as well as file permissions. File permissions tell users who can do what with a file. Can they read it, write to it, execute it? | ||
|
|
||
| It also goes over the common directories and what goes in them. The /etc directory has files important to the operating system, including the ‘passwd’ and ‘shadow’ files, which contains the passwords for all the users on the system. The /var directory, which contains data from different applications running. /var/log is an important directory as it contains all the log files. The root directory, which is just the home for the root user. And the /tmp directory, short for temporary, which is world-writeable and anything in there will disappear after being restarted. | ||
|
|
||
|
|
||
| The third section introduces some other stuff that is useful to know. It goes over text editors, such as Nano and Vim. It goes over downloading files and transferring files using ‘wget’ and ‘scp’ respectively. Starting up webservers (it recommended I read the documentation for python’s HTTPServer module). | ||
|
|
||
| The next few sections I really appreciated because this stuff never really came easily to me. It goes over processes. How to look at processes using the ‘ps’ and ‘ps aux’ commands, starting and killing processes, and backgrounding and foregrounding. It goes over package management and system logs. | ||
|
|
||
| This section was an excellent introduction to Linux, and it was nice to go over all of this again. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| --- | ||
| layout: post | ||
| title: "30 Days of THM: Day 3" | ||
| date: 2024-06-08 10:00:00 +0000 | ||
| categories: [post, hacking, tryhackme] | ||
| tags: [post, hacking, tryhackme] | ||
| --- | ||
|
|
||
| 30 Days of TryHackMe: Day 3 | ||
| Welcome to 30 Days of TryHackMe, where I try to complete a section of TryHackMe every day for 30 days. Today is the 3rd day of the challenge, and I will be picking up right where I left off on the Complete Beginner Pathway. This is not a writeup or a walkthrough, this is more of a way of tracking my own progress and documenting my own thoughts as I go on. | ||
|
|
||
|
|
||
| Today’s section is the Network Exploitation Basics section. This section is an overview of networking. It isn’t promising to teach you everything about networking, just a rough overview to get you started. | ||
|
|
||
|
|
||
| And the first room is exactly that, titled Introductory Networking. The first section of this room, after the introduction, is all about the OSI model. The OSI model is a way of abstracting the way information is sent across networks. There are 7 layers of the OSI model: | ||
|
|
||
| Physical: the hardware and electrical pulses | ||
| Data Link: Responsible for physical addressing (think MAC addresses) | ||
| Network: Responsible for logical addressing (think IP addresses) | ||
| Transport: chooses which protocol to send the data over. TCP- for cases when you need every last bit data to be sent over — think web pages, file downloads. Or UDP — for cases when a little bit of packet loss is acceptable — think live video streaming. | ||
| Session: sets up and maintains the connection. | ||
| Presentation: receives the data from the application layer and translates the data into a standardised format. | ||
| Application: provides applications an interface to transmit data. | ||
| I remember the OSI model through the helpful mnemonic, Please Do Not Throw Sausage Pizza Away. | ||
|
|
||
| The next section goes over encapsulation, which is the process of data moving down the OSI model, starting from the application layer and moving all the way down to the physical layer. At each layer, a header is added. De-encapsulation is the reverse, and that happens when a computer is on the receiving end. | ||
|
|
||
| The next section after that goes over the TCP/IP model, which is like the OSI in that it is a way of abstracting the way information moves across a network. It also goes over the three way TCP handshake, which consists of a SYN, a SYN ACK, and an ACK. And the next few sections go over some networking tools like ping, traceroute, whois, and dig. | ||
|
|
||
|
|
||
| The next room is Nmap. Nmap is a tool used for security and port scanning, and it is really useful for information gathering about a target. If you want to know what services are running on a target, what kind of machine they’re using, what ports are open, nmap is the tool to use. | ||
|
|
||
| This room goes into a lot of detail about nmap, and there is a lot to know about it. For some of the answers, I was going to either the man page or nmap.org to learn more about it. There are a lot of things that no one is going to be able to memorize, so knowing about those two resources are beneficial. | ||
|
|
||
|
|
||
|
|
||
| The third room is Network Services. This room goes over different services and the various misconfigurations those services can potentially have. First on the list to go over is Server Message Block, a communication protocol meant for sharing access to resources on a server. After learning a little bit about it, I went on to enumerate a machine running SMB, and learned a little bit about exploiting it to get a flag. | ||
|
|
||
| The next protocol is telnet, a protocol that allows for remote access similar to ssh. Unlike ssh though, telnet is unencrypted. This part goes through much of the same thing, where I first learn about the protocol, enumerate a machine that has it, and then exploit it. The last protocol in this section is FTP, file transfer protocol. | ||
|
|
||
|
|
||
| And the final section is a ‘sequel’ to the last one, where I also go over some protocols, go through enumerating a machine with the protocol, and learn how to exploit it. First up is NFS, network file system. NFS is a protocol that allows users to access files as if they were local to their systems. NFS does this by mounting the files on a server. | ||
|
|
||
| The next protocol it goes over is SMTP, Simple Mail Transfer Protocol. SMTP is responsible for three things: | ||
|
|
||
| Verifies who is sending emails | ||
| Sends the outgoing mail | ||
| Sends it back if it does not get delivered | ||
|
|
||
| It works with POP, post office protocol, and IMAP, internet message access protocol, which are used for retrieving emails. The last part is going over, enumerating, and exploiting MySQL, a database management system. | ||
|
|
||
| This section was a lot of fun, and a lot more challenging than the last two days. It was a great introduction to networking protocols, and I really liked using the last two sections to learn a little bit about each and how to exploit them. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| --- | ||
| layout: post | ||
| title: "30 Days of THM: Day 4" | ||
| date: 2024-06-11 10:00:00 +0000 | ||
| categories: [post, hacking, tryhackme] | ||
| tags: [post, hacking, tryhackme] | ||
| --- | ||
|
|
||
| 30 Days of TryHackMe: Day 4 | ||
| Welcome to 30 Days of TryHackMe, where I try to build up a streak of 30 days of learning using the popular website, TryHackMe. Today is Day 4, and I am still on the complete beginners pathway. Yesterday was the Network Exploitation Basics section. Today, I am doing the Web Hacking Fundamentals section, and I am excited to continue on this path. | ||
|
|
||
|
|
||
| The first section is the basic introduction of how websites work. The two major components are the front end (what you see), and the back end (the server processing the requests your browser makes). When you go to a website, you make a request through a browser. The browser can be called the client. The website’s server responds to that request. It goes over HTML, Javascript, and an HTML injection. | ||
|
|
||
|
|
||
| The second section goes over HTTP in detail. The Hyper Text Transfer Protocol, this is how we communicate with websites. There is also HTTPS, which is the secure version of HTTP (meaning it is encrypted). | ||
|
|
||
| It goes over HTTP requests, the different methods (GET, POST, PUT, and DELETE), the status codes, headers, cookies, and how to make requests. | ||
|
|
||
|
|
||
| And then the next room goes over the security tool Burp Suite. This room is all about learning what Burp Suite is and what it does, while future rooms (that are not part of this section) are more about using Burp Suite. At it’s most basic form, Burp Suite allows a user to intercept an HTTP request and manipulate it. There are a few version of Burp Suite, but the free one, Burp Suite Community Edition, is the one used in this room. | ||
|
|
||
|
|
||
| The features of Burp Suite Community are: | ||
| 1. Proxy: allows the interception and modification of HTTP requests. | ||
|
|
||
| 2. Repeater: allows the capture and resending of multiple requests. | ||
|
|
||
| 3. Intruder: allows spraying endpoints with requests, common in brute-force attacks. | ||
|
|
||
| 4. Decoder: Can decode captured information and encode payloads. | ||
|
|
||
| 5. Comparer: Can compare two pieces of data at either word or byte-level. | ||
|
|
||
| 6. Sequencer: Analyzes the randomness of things like cookies. | ||
|
|
||
| The room goes into the basics of Burp Suite, how to use it and configure it, but future rooms will go into greater detail. | ||
|
|
||
|
|
||
| The next room goes into detail about the OWASP Top 10, the 10 most critcal web vulnerabilities. Those vulnerabilities are: | ||
| 1. Broken Access Control: a user being able to view something on a website that they aren’t supposed to view. For example, being able to view an administrative page. | ||
|
|
||
| 2. Cryptographic Failure: Cryptography ensures that any data, either being sent or being stored, is encrypted. | ||
|
|
||
| 3. Injection: When the application interprets user controlled input as commands or parameters. SQL Injections and command injections are common types of injections. | ||
|
|
||
| 4. Insecure Design: The design of the application itself is flawed. | ||
|
|
||
| 5. Security Misconfiguration: There is a part of the application that has been configured incorrectly. | ||
|
|
||
| 6. Vulnerable and Outdated Components: Using a program with a well-known vulnerability. | ||
|
|
||
| 7. Identification and Authentication Failures: Gaining access to other user’s accounts through weak authentication. | ||
|
|
||
| 8. Software and Data Integrity Failures: The data has been modified in some way. | ||
|
|
||
| 9. Security Logging and Monitoring Failures: No logs to determine what an attacker might have done. | ||
|
|
||
| 10. Server-side request forgery: An attacker causes a server to send requests to unintended destinations. | ||
|
|
||
|
|
||
| The next room is OWASP Juice Shop, which goes over the different vulnerabilities in a web application. This one is kind of like a tutorial of a vulnerable machine, where you are being pointed to on where to go next. This also gives you more experience with Burp Suite. | ||
|
|
||
| The neat thing about this room is that it also has a score board, and if you want you can solve more challenges after the room is complete. | ||
|
|
||
|
|
||
| The next room is Upload Vulnerabilities, which is all about file upload vulnerabilities in websites. This section went into great detail about all the ways mechanisms for uploading files can be exploited. How files can be overwritten, used for RCE, how websites use client-side and server-side filtering to make sure the proper files are uploaded and how that can be worked around. It went over file signatures and how to manipulate that (for the challenge I used the Wikipedia article here). | ||
|
|
||
| And the final project in this room is using all of the above content to breach a room with no hand holding. I found this part to be really difficult, but when I finally got it I felt so good about it. | ||
|
|
||
|
|
||
| The final part of this section is Pickle Rick, a CTF where you have to find three flags in order to turn Rick back into a human. | ||
|
|
||
|
|
||
| As a bit of a mini-waltkthrough, here is mine: | ||
|
|
||
| Once I had the machine setup, I went to the web application to poke around. I opened up the page and looked at the HTML and found the username. | ||
|
|
||
|
|
||
| I then used nmap to look at the first 1000 ports, and saw that port 22 (ssh) and port 80 (http) were open. | ||
|
|
||
|
|
||
| With a few more scans of the website, I saw that there was a robots.txt file. | ||
|
|
||
|
|
||
| I have no idea what this means, I have seen maybe two episodes of Rick and Morty in my life. But, maybe a password? I tried to use ssh to get into the machine, but that was denied. So maybe there was another thing? | ||
|
|
||
| With a little bit more enumeration, I saw there was an /assets directory. In there, there was a file called portal.jpg. A little bit more enumeration showed me there was a /portal.php page. I imputed the credentials I found and was in. | ||
|
|
||
|
|
||
| A place I could execute some code. I first ran whoami, pwd, and ls to figure out which user I was, the directory I was in, and the contents of that directory, and I saw the first flag. | ||
|
|
||
| I tried to open the file, but I found that was disabled. At least with the cat command. With another command, I was able to open it. I used that same command to open the file clue.txt which says to look around the file system. I found the second ingredient in the home directory. I found the last ingredient in the root directory. | ||
|
|
||
| This section was a pretty involved section, and it did take me a lot longer to complete than just a day. I will still consider this ‘day 4’ because ’30 Sections of TryHackMe’ just didn’t sound as good. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| --- | ||
| layout: post | ||
| title: "30 Days of THM: Day 5" | ||
| date: 2024-06-13 10:00:00 +0000 | ||
| categories: [post, hacking, tryhackme] | ||
| tags: [post, hacking, tryhackme] | ||
| --- | ||
|
|
||
| 30 Days of TryHackMe: Day 5 | ||
| Welcome to 30 Days of TryHackMe, where I try to build a streak of learning through the website TryHackMe. Today I am picking up right where I left off on the Complete Beginner Path and tackle Cryptography. | ||
|
|
||
|
|
||
|
|
||
| The first room is Hashing — Crypto 101, a kind of introduction to the concept of cryptography. It goes over some definitions, and it goes over hashing. Hashing is taking an input of any size and creating a ‘digest’ of the input, of a fixed size. The output needs to be unique (even changing a little bit of the text should give out a new hash). A hash is, in theory, irreversible, but some hashes are more secure than others. | ||
|
|
||
| Passwords are stored in hashes, which is why they are useful to know about from a security perspective. | ||
|
|
||
| It then gives a few examples of how to find some hashes, some online and through other tools. | ||
|
|
||
|
|
||
| The next room is all about the password cracking tool John the Ripper. John the Ripper is a tool you can use in order to crack passwords, if you have the hash of the password. The room goes over a lot of the different ways to use John, and you will get a little bit of more experience with the tool through some challenges. | ||
|
|
||
|
|
||
| The final room of this section is Encryption — Crypto 101. This room is extremely theory heavy, and one of the first questions you ‘answer’ is to not complain about how theory heavy it is. | ||
|
|
||
|
|
||
| You are once again introduced to some definitions, but this room will go into the why of cryptography. Cryptography is essential for ensuring security in pretty much any context involving a computer. Doing this room also stresses the importance of the modulo operator (think something like 65 % 6) in cryptography. | ||
|
|
||
| This room also goes over the different kinds of encryption, keys and asymmetric cryptography, digital signatures, and a whole lot more. This is probably one of the more theory heavy rooms I’ve done so far, but it was good to learn a lot more about a topic I wasn’t too familiar with. | ||
|
|
||
| This section wasn’t too time consuming, but it did require a lot more thinking to be done than previous sections. | ||
|
|