ASSIGNMENT

THE CYBERHOST Cyber Security Internship

Name:Indraja Ushakumari

Room: Linux Strength Training

This room is intended to further the understanding of basic Linux command line
skills for beginners.This new room on Linux is all about how to use commands
like find, mv, scp, less, grep etc. Also, a great way of learning about how to
generate hash (md4, md5, sha1, sha256) and crack the passwords from hashes
using JohnTheRipper tool. Moreover, it also covers encryption and decryption
using gpg files where one can crack gpg encrypted files. It also focuses on
base64 string encoding and decoding.Lastly, it includes basics of reading SQL
databases in Linux.
------------------------------------------------------------------------------------------------------------

TASK 2- Finding your way around linux- overview

Question 1 requires no answer.So, we move on to question 2.

2) What is the correct option for finding files based on group?

Ans: -group

3) What is the format for finding a file with the user named Francis and with a
size of 52 kilobytes in the directory /home/francis/ ?

Ans: find /home/francis -type f -user francis -size 52k

4) SSH as topson using his password topson. Go to the /home/topson/chatlogs
directory and type the following: grep -iRl 'keyword'. What is the name of the file
that you found using this command?

Ans: 2019-10-11

Explanation :

First we need to SSH into topson user

ssh topson@<machine IP>

Once logged in as topson, navigate to /home/topson/chatlogs directory and type

the following: grep -iRl ‘keyword’ to get your file:

5) Type: less [filename] to open the file. Then, before anything, type / before
typing: keyword followed by [ENTER]. Notice how that allowed us to search for
the first instance of that word in the entire document. For much larger documents
this can be useful and if there are many more instances of that word in the
document, we would be able to hit enter again to find the next instance in the
document.

Ans: No answer Needed

6)What are the characters subsequent to the word you found?

Ans: ttitor

Explanation :

This question is related to the previous one where we are supposed to use less
command : less 2019-10-11 to view the file and search for the keyword by typing
/keyword and press [ENTER].

Using the highlighted keyword , we can find the subsequent characters.

7)Read the file named 'ReadMeIfStuck.txt'. What is the Flag?

Ans: Flag{81726350827fe53g}

Explanation :

Use find command to find the location of file ‘ReadMeIfStuck.txt’.

find -type f -name ReadMeIfStuck.txt

Further, you need to find another file ‘additionalHINT’

find /home/topson -type f -name additionalHINT

Use cat command to view the contents of that file it will tell you to find a directory
named ‘telephone numbers’.

find /home/topson -type d -name ‘telephone numbers’

Navigate to that directory using cd command

cd /home/topson/corperateFiles/xch/”telephone numbers”/

This directory contains a file named ‘readME.txt’, that hints to find another file
with modified data. This could be done with the following command

find /home/topson -type f -newermt 2016–09–11 ! -newermt 2016–09–13

We find the location and name of a file: /home/topson/workflows/xft/eBQRhHvx

We can use the less command to view and navigate to the flag.

TASK 3- Working with Files

1)Hypothetically, you find yourself in a directory with many files and want to move
all these files to the directory of /home/francis/logs. What is the correct command
to do this?

Ans: mv * /home/francis/logs
2)Hypothetically, you want to transfer a file from your /home/james/Desktop/ with
the name script.py to the remote machine (192.168.10.5) directory of
/home/john/scripts using the username of john. What would be the full command
to do this?

Ans: scp /home/james/Desktop/script.py john@192.168.10.5:/home/john/scripts

3)How would you rename a folder named -logs to -newlogs?

Ans: mv -- -logs -newlogs

4)How would you copy the file named encryption keys to the directory of
/home/john/logs?

Ans:cp "encryption keys" /home/john/logs

5)Find a file named readME_hint.txt inside topson's directory and read it. Using
the instructions it gives you, get the second flag.

Ans: Flag{234@i4s87u5hbn$3}

Explanation :

first find the file readME_hint.txt using find command

find / -type f -name readME_hint.txt

The file instructs to move the MoveMe.txt file to the march folder and then
execute a bash program to reveal the second flag.

We can see that there is a -MoveMe.txt and -march folder in our current directory
and we need to do as instructed using the following command

mv -- -MoveMe.txt “-march folder”

Now we need to execute the bash file inside march folder directory using
./-runMe.sh command and we will get the second flag.
TASK 4- Hashing Introduction

1)Download the hash file attached to this task and attempt to crack the MD5
hash. What is the password?

Ans : secret123

Explanation :

Download the file hash.txt.Copy the contents of the file and use
hash-identifier.Hash-identifier will check the hash-type of file contents.
The most possible type turns out to be md5. We can use crackstation to decrypt
the hash.
2)SSH as sarah using: sarah@[MACHINE_IP] and use the password:
rainbowtree1230x

What is the hash type stored in the file hashA.txt ?

Ans : md4

Explanation :

Again use hash-identifier to identify the hash type after logging as sarah.
The most possible hash type was md4.

3)Crack hashA.txt using john the ripper, what is the password?

Ans : admin

Explanation :

Use john --format=raw-md4 MD4_hash.txt to crack the hash.

4)What is the hash type stored in the file hashB.txt?

Ans : sha-1

Explanation :

Again use hash-identifier to identify the hash type after logging as sarah.
The most possible hash type was sha1.

5)Find a wordlist with the file extention of '.mnf' and use it to crack the hash with
the filename hashC.txt. What is the password?

Ans: unacvaolipatnuggi

Explanation :
first, find the file hashC.txt

find / -type f -name “hashC.txt”

next, find the wordlist with an extension of .mnf

find / -type f -name “*.mnf”

Now we have both the hash and the wordlist which we will be using instead of
rockyou.txt and cracking the password, since this machine does not have john
installed we need those files inside our own machine. We can use the python
server for this purpose and then apply the following john command.

john --format=raw-sha256 SHA_hash.txt --wordlist=ww.mnf

6) Crack hashB.txt using john the ripper, what is the password?

Ans: letmein

Explanation :

Using the following john command, we can decrypt the hash

john --format=raw-sha1 SHA1.txt

TASK 5- Decoding Base64

1) What is the name of the tool which allows us to decode base64 strings?

Ans : base64

2) find a file called encoded.txt. What is the special answer?

Ans : john

Explanation :

first, find the file encoded.txt

find / -type f -name “encoded.txt”

And decode the file using base64 -d encoded.txt > decode

Open the file using less command. We get know that we have to look for the
keyword ‘special’ inside this file.Type /special and hit enter, now scroll down to
the file you will get ‘special’ highlighted. Here they have mentioned a file named
ent.txt. Navigate to this file using find command.

Once you find the file, you’ll see that there’s a hash inside the file, copy the hash
and paste it to https://crackstation.net/ to get the final answer.

TASK 6- Encryption/Decryption using gpg

1) You wish to encrypt a file called history_logs.txt using the AES-128 scheme.
What is the full command to do this?

Ans : gpg -cipher-algo AES-128 symmetric history_logs.txt

2) What is the command to decrypt the file you just encrypted?

Ans : gpg history_logs.txt.gpg

3) Find an encrypted file called layer4.txt, its password is bob. Use this to locate
the flag. What is the flag?

Ans : Flag{B07$f854f5ghg4s37}

Explanation :

Locate layer4.txt. Since layer4.txt is encrypted, we need to decrypt it using gpg

with bob as password

gpg layer4.txt

it will prompt for passphrase, entering bob as passphrase will decrypt the file now
cat the file

It will lead you to find layer3.txt and decrypting it using passphrase james
find the file and decrypt it via the same steps we just did for layer4.txt

layer3.txt will lead you to layer2.txt with a passphrase of tony

layer2.txt will give a string of encoded data, so we have to decode it using

base64

This leads to layer1.txt with the passphrase hacked. We then get our final flag by
decrypting layer1.txt.
TASK 7- Cracking encrypted gpg files

1) Find an encrypted file called personal.txt.gpg and find a wordlist called

data.txt. Use tac to reverse the wordlist before brute-forcing it against the
encrypted file. What is the password to the encrypted file?

Ans : valamanezivonia

Explanation :

find the file personal.txt.gpg as well as the wordlist data.txt

gpg2john is not there inside this machine so we have to get those files inside our
own machine. I used the python server to get files to my own machine.
After getting both files on our machine, use gpg2john to extract the hash from
personal.txt.gpg, to do this, use:

gpg2john personal.txt.gpg > hash.txt

Reverse the wordlist using

tac data.txt > wordrev.txt

Now use the john tool to decrypt the hash using the wordlist.

john --wordlist=wordrev.txt --format=gpg hash.txt

2) What is written in this now decrypted file?

Ans : Getting stronger Linux

Explanation :

After getting the password, simply run gpg personal.txt.gpg and enter the
passphrase valamanezivonia will successfully decrypt the file, use cat to open
the file to view the contents.
TASK 8- Reading SQL databases

1)Find a file called employees.sql and read the SQL database. (Sarah and
Sameer can log both into mysql using the password: password). Find the flag
contained in one of the tables. What is the flag?

Ans : Flag{13490AB8}

Explanation :

find the file employees.sql and go inside the directory where employees.sql
resides
run the command to open mysql:

mysql -u sarah -p

-u is used for user and -p will prompt for the password, enter the password
password will log you in to the mysql console

set the source database as employees.sql

source employees.sql

use show databases; to show the available databases.

use the employees database, for this, enter the command use employees;

use show tables; to show the tables in this database

Use describe employees; to see if it gives any valuable results

It gives us a field for the first_name which we can use to search if Lobel is there
or not, for this, use the following command:

select * from employees where first_name like ‘Lobel’;

Over the last_name column, the flag can be viewed.

TASK 9- Final Challenge

1) What is Sameer's SSH password?

Ans : thegreatestpasswordever000

Explanation :

After reading the first chat we know that we need to find the next chat related to
sameer. Use grep command to find the chat in that directory.

grep -iRl "SSH"

2) What is the password for the sql database back-up copy

Ans : ebqattle

Explanation :

We need to find a file inside /home/shared/sql/conf directory which is around

50mb in size
So after going inside the /home/shared/sql/conf directory, if we do an ls -lah here,
we’ll find a file named JKpN sized 50mb.
We get an encoded string. Decoding this shows us a path which contains the
directory where the wordlist is stored, as Michael said that the password begins
with ebq

for this, we need to SSH as Sameer

ssh sameer@[machine_ip] using the password thegreatestpasswordever000

let’s cd inside the directory /home/sameer/History

LB/labmind/latestBuild/configBDB/ and run the following command:

grep -iRl ebq

3) Find the SSH password of the user James. What is the password?
Ans : vuimaxcullings

Explanation :

Michael said the backup file should be name with 2020–08–13, which will be in
/home/shared/”sql directory”

lets move that also into sameer’s home directory

Now decrypt the file using the wordlist and then unzip the file.

cd into the file and notice that it has employees.sql database file, lets open mysql
as sarah and use the following commands:

mysql -u sarah -p (enter password for password)

source employees.sql
show databases;
use employees;
describe employees;
select * from employees where first_name like ‘James’;

The last name is the password for James.

4) What is the root flag?

Ans : Flag{6$8$hyJSJ3KDJ3881}

Explanation :

After logging in as james simply give a sudo su followed by james’ password you
will get root access.The root flag will be in the root directory.