Reflections - wAlber47/Tech-Journal GitHub Wiki
11/18/2021: Enjoyed setting up these Virtual Machines, nothing was really that tough. It's good to have this for the future.
11/17/2021: Working with Metasploit was something new for me. But after watching Mohammed's video, it was pretty clear how to utilize it at a basic level. I definitely preferred using Metasploit over working with my own exploits. However, I definitely think that without working with my own exploits at first I wouldn't have grasped Metasploit that well.
11/15/2021: I spent a lot of time on the lab portion of this module, hence why the report may be a little lacking. Exploiting Nan Curunir wasn't an easy task, and even though I wasn't able to get the root flag I'm still fairly happy with the progress that I did make. With that said, I'm pretty sure that the steps that I was attempting to take were the correct ones, just with most likely a small error that was preventing me from progressing. I did reach out to a classmate to talk things through but didn't gain anything from that conversation in terms of progress.
11/8/2021: Exploiting Gloin was pretty tough, I'm fairly inexperienced with SQL injections so that made it fairly tough to find a URL injection that would work to give me the correct information. I used a lot of online resources to find one that would work. Overall it wasn't too hard but just a lot of trial and error.
10/26/2021: For the reverse shell lab, I definitely found it easier than some of the previous labs we've had. The only struggle for me came with the script piece and even that wasn't too challenging. All of the setup stuff and steps that were repeated from last labs were also easier as I had decent notes within my tech journal.
10/19/2021: The main issue with the Shire's system administrator is leaving the FTP server open. It doesn't really seem like it needs to be that way for any reason, and if it was you should definitely configure it so that anonymous people cannot sign in. Besides that, many of the passwords were very unsecure. Especially "pass1234", as this was cracked by hashcat within five seconds. As for the hint videos, the parts that I had questions about were when you went to the /usr/share folder and grabbed some of the scripts or one other thing in the video. Just confused about how I should know when to look for these as well as how to an extent. With the backdoor for example, I would've never known to look in that specific spot and grab that file, but I did know that I needed to upload some sort of script to the upload directory. Reflection Video
10/5/2021: I've worked with John the Ripper in the past, just messing around, however I've never worked with Hashcat. It definitely seems like it has a lot of options than that of JTR. I'm curious to see how much faster than JTR it is. As of now, it does not seem to be going at a speed that's comparable to JTR. I think when it comes to password managers and generators, you really have to research into their methodologies. Whether it's how they are storing the passwords or just the encryption method in general. Even though these passwords aren't the most secure, they still are passwords at the end of the day. These tools cracked them in really no time at all in the grand scheme of them. From a quick search, it seems like LastPass uses AES encryption, which is much more secure than that of SHA512. Seems like that's a good one to continue using.
10/4/2021: For the reflection aspect of this week, there were some given questions in the lab:
- Are your own passwords guessable?
- For the most part, I would say no, however when I make throwaway accounts or an account for something that isn't of the upmost importance they are probably guessable.
- Are they repeated over multiple systems and services?
- Yeah, I think that most people do this, and definitely is the worst aspect of my password crafting. The worst part is, is that I have LastPass set up and on my browser. If it was just my PC and maybe one other that I worked on, then I would probably be better. But having to install the add-on and login for every computer I'm on on campus gets tedious.
- Are they included in lists such as
rockyou.txt?- After looking through, I couldn't find any of my passwords or anything similar on
rockyou.txt.
- After looking through, I couldn't find any of my passwords or anything similar on
- How can you improve your password tradecraft?
- Easiest way I can think would be to make them longer, I keep them pretty complex but normally don't go over ten or twelve characters.
- What are you doing right?
- Using the password manager is a step in the right direction, but should be more thoroughly implemented.
9/27/2021: The lab based on exploiting cupcake was really interesting and enjoyable. The only part I didn't like was the final part about privilege escalation. The reason I liked the other pieces of the lab so much is because they were self guided, whereas this last piece was just sort of following a video for 15 minutes. It makes sense as the exploit is probably more advanced than I would've figured out. But overall, I think my favorite piece of the lab was using Hydra as it's something that I've never used before.
9/14/2021: Starting with the DNS module definitely took a step in more tough territory for me. The overall structure of this first DNS Enumeration activity seemed to be lesser than that of past labs. In addition to this, a lot of the concepts got more complicated as well, (grep, cut, bash). Some of the hardest parts of this lab for me came with the grep'ing and cutting of output.
9/13/2021: The second lab of the two Port Scanning labs were fairly straightforward. In my eyes, I seem to be doing pretty good with NMAP. At least with the basic scans, I didn't have any issues running them on the first try. The only thing that I feel I need to look more into is the output of the -A command. There's so much information there that it's going to take a couple times to really understand what is going on with that. It seems like the -A command just runs a whole bunch of different NMAP flags instead of individually listing them out in the syntax.
9/7/2021: For the first activity, I was fairly surprised that the NMAP commands were much easier to write than the ping/fping ones. At least for me, this is most likely due to my familiarity of the ping command at it's base. However I rarely do much more than use the command to find out what the IP Address is or some other basic commands. Another interest thing from the first activity, was how much NMAP can do. I haven't used it since some of the basic Cybersecurity classes my Freshman or Sophomore year, but it definitely is going to be a really important piece to this class. After completing the first activity, I moved onto Lab #1. Similarly to the first activity, this came fairly easy as well. Modifying the bash script, while a little difficult at first, wasn't too tough in the end. Most likely, this is due to my background in programming. I've worked a lot with object oriented languages, which don't translate too well to scripting, but I've also worked a lot with Python, which helped out a lot in this activity.