Cryptography 101
Let’s encrypt the World !!
You are assigned a task to crack the NTLM Password hashes captured by the internal security team. The password Hash has been stored in the document folder of the parrot security console machine. What is the password of the user james ?
Run the command after entering into the Directory where the Hash file is stored.
#john — — format=nt hashes.txt
You are assigned a task to crack the NTLM Password hashes captured by the internal security team. The Password hash has been stored in the document folder of the parrot security console machine. What is the password of the user jones ?
Run the command after entering into the Directory where the Hash file is stored.
#john — — format=nt hashes.txt
[ Resources for John - https://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats ]
You have given a task to audit the passwords of a server present in BCAPORG network. Findout the password of the user Adam and submit it. (Note that Use Administrator/CSCPa$$ when asked for credentials.)
Go to the windows machine and run the tool of system hacking which is [L0pht/ Lc7] for password cracking.
Step 1: Click “ Password Auditing Wizard”
Step 02: Click Next
Step 03: Select Windows
Step 04: Select “A remote Machine”
Step 05: Select “ Specific User Credentials”
Step 06: Fill up the credentials with provided resources. like — HOST: [ IP of the target Server] , Username [ Administrator ], Password [ CSCPa$$ ]
Step 07: Click Next
Step 08: Select “Quick Password Audit”
Step 09: Generate Report CSV and select others Display Option
Step 10: Select “Run this Job Immediately” and next to Finish
Take time to crack the password. & to Stop the operation after completing the attack, click the “Stop” option in the down right side
You have got a User level access to the machine with IP 172.16.0.108. Your task is to escalate the privileges to that of the root user on the machine and read the content in the rootflag.txt file. Note — Use LinuxPass when asked for machine password.
Step 01: Change the Directory to the Root Directory
Step 02: Run the command
#ssh ubuntu@172.16.0.108
Step 03: Enter the required Password of the machine.
Step 04: run $pwd command
Step 05: Change the Directory to the Home Directory
Step 06: Find the file [ rootflag.txt ] by running the command $ls
Step 07: Run the command to read the file $cat rootflag.txt
Step 08: That’s the answer.
The incident response team has intercepted some files from the employee’s system that they believe have hidden information. You are asked to investigate a file named Confidential.txt and extract hidden information. Find out the information from the hidden file. The file is located C:\users\Admin\Documents in Windows workstation.
To decode the hidden file we have to use the tool “Snow” in the whitespace file Steganography
Step 01: As the file is located in the “Documents” directory, so we have to go there and find the file named Confidential.txt
Step 02: Then we have to copy the file Confidential.txt and paste it to in the folder of Snow
Step 03: Write cmd in the “Searching directory” portion to Run the CMD Prompt
Step 04: Run the command
> Snow.exe -C Confidential.txt
The incident response team has intercepted an image file from a communication that is supposed to have just Text. You are asked to investigate and check if it contains any hidden information. So find out the hidden information. The Vacation.bmp file is located C:\users\Admin\Documents in Windows workstation.
To decode the hidden file we have to use the tool “OpenStego” in the image Steganography
Step 01: Run the Tool “OpenStego”
Step 02: Select Extract Data option and then select the Input Stego File option to select the file. Then click the Output Stego File to select the output file or create new folder to select.
Step 03: Select Extract Data option in the right side.
Step 04: Go to the Folder or directory where the Output Stego File is extracted and click to open.
Step 05: That’s the answer.
A disgruntled employee of BCAPORG has used the Covert_TCP utility to share a secret message with another user in the BCAPORG network. The employee used the IP id field to hide the message. The network captured file “Capture.pcapng” has been retained in the C:\users\Administrator\Documents directory in Windows workstation. Analyze the session to get the message that was transmitted.
Step 01: Go to the Windows machine and then move to Documents directory and find out the file named “Capture.pcapng” and double click it to open with wireshark.
Step 02: To analyze the session write the target IP with this command
ip.addr = =172.16.0.15 [ Windows Server IP]
Step 03: we have to analyze the ip 172.16.0.15 just in the Destination segment
Step 04: We have to look after the lower section of the page while clicking on the destination ip.
Step 05: after clicking from the first to one by one, we can analyze the hidden message.
As you are a Malware analyst of BCAPORG, during your assessment in you organization’s network you found a malware face.exe. The malware is extracted and faced at C:\users\Admin\Documents in Windows workstation. Analyze the Malware and findout the file pos for KERNEL32.dll text.
Step 01: Run the tool BinText
Step 02: Browse the file face.exe to scan. select and then click Go to start the operation.
Step 03: Then in the lower section write the file named KERNEL32.dll to search and find.
Step 04: Find out the exact match with the clue and Here is the POS answer.
Analyze the ELF executable file named Sample-ELF placed at C:\users\Admin\Documents in Windows workstation to determine the CPU architecture it was build for.
Step 01: Run the tool Ghidra
Step 02: Select File option in the top left side of the menu bar
Step 03: Follow the steps — New Project > Non Shared Project > Next > Project Name [ Any name] > Finish
Step 04: Drag and drop the Sample-ELF file from the Documents Folder
Step 05: Click Ok and then wait for the imported process.
Step 06: Find the CPU ( Processor) architecture format and that is the answer
0 Comments