Immersive Labs Week 4 PDF

Title Immersive Labs Week 4
Course Ethical Hacking
Institution National University (US)
Pages 1
File Size 57.2 KB
File Type PDF
Total Downloads 37
Total Views 145
Preview
CLICK TO PREVIEW PDF
Summary

Write-up after having completed the following labs on Immersive Labs:
1. Immersive -> Originals -> Immersive Bank – Episode One: Open Source and Credentials
2. Immersive -> Originals -> Immersive Bank:Episode Two Gaining Access...

Description

CYB 632 5/22/2021 Immersive Labs – Week 4 The first question in the first lab asked for the CEO’s name. That was already given in the introduction to the lab, but it is also available on the bank’s website when you click on “Team”. The second question described the company’s guidelines for usernames and asked what the CEO’s username would be, so it was straightforward. The third question asked us what the CEO’s password was. The SHA25 hash of the password was provided. I know I could have plugged it into a reverse hash lookup online, but I know it is bad practice to do something like that because people can see what you do online, and so I used hashcat. I created a text file and put the hash in it. At first, I tried brute force, but I know that approach takes too long after seven alphanumeric character combinations, and so, when it passed seven, I broke and decided to try a dictionary attack. I used the popular, comprehensive rockyou.txt wordlist. running the command “hashcat -m 1400 -a 0 hash.txt rockyou.txt -o cracked.txt”, “m 1400” being for raw SHA256 (unsalted), “-a 0” being “straight” (using a wordlist), and “-o” outputting the results to “cracked.txt”. I should have used this dictionary attack to begin with because it was so much quicker. Going through seven alphanumeric combinations the brute force method took a little over an hour. To gain access to the CEO’s computer, I used rdesktop with his username and password along with the IP address of ILM bank and the port number given away in the blog. I accomplished this with “rdesktop -u carlof -p manunited 10.102.11.31:8877”. The first question asked about the animal depicted on the logo of the CEO’s daughter. On his desktop, there was a PDF file called “School Letter”. At first, I thought it was a swordfish, but it was not. I did a reverse image lookup on the internet and had no luck. I then decided to look up the school’s name. I think it is a made-up school, but apparently “narwhal” is an animal, and that is what it was. The second question asked for a specific word in a document on the CEO’s computer. It mentioned a “mergers” document. The first place I went to was the Documents folder. There I saw a document with the word “mergers” in it. It was a long document and I searched for the whole phrase “international bank of” with no luck, so I tried “bank of” and “international”, but still no luck. I continued looking around the Documents folder and found a directory that mentioned mergers. It led to subdirectories which led to another file that had to have been it. It was password protected. I tried “narwhal” and it got me in. This CEO needs to learn the importance of strong passwords and the company needs to have stronger password requirements....

Similar Free PDFs
Immersive Labs Week 4
  • 1 Pages
Labs 4 - Lecture Notes
  • 1 Pages
Week 7 - Assignment - Shavit Labs
  • 3 Pages
Week 4 - week 4 Prac
  • 9 Pages
Week 4 - Week 4 notes
  • 4 Pages
Labs Investigues
  • 36 Pages
Lab 4 Diffusion and Osmosis- eScience Labs
  • 12 Pages
Virtual Labs
  • 7 Pages
Week 4
  • 10 Pages
Chater 4 - WEEK 4
  • 3 Pages
BU5113 Port Week 4 - Portfolio Week 4
  • 4 Pages
Week 4 Cases - week 4 case summaries
  • 3 Pages
Week 4 solutions - week 4 solution
  • 5 Pages
Human Bio Labs - Lecture notes All Labs
  • 92 Pages
Final LABS BIOS251 Online Labs Week 3 Membrane Transport Lab (1)
  • 5 Pages
Contracts Week 4 Day 4
  • 2 Pages
Popular Institutions