Week 3 of 41151 Summer Studio B seems to be focusing on starting to break into vulnerable machines, it promises to be a fun week! I’ve only ever had experience with breaking into some easy machines on HackTheBox such as Jerry and Celestial, so I was really excited but slightly apprehensive about this week.
There was no need to define a new problem statement this week, so I saw fit to adapt my previous problem statement from last week to encompass the topics being covered this week. The problem statement for this week being:
"Insecure, outdated applications and systems used by businesses will negatively impact stakeholders reputation, finance and consumer trust if they are ever exploited."
Misconfigurations in systems and applications are the leading cause of system breaches, these systems are not usually misconfigured maliciously however these misconfigurations are the foothold that attackers use to compromise systems.
Things that went well this week:
- Presentation on WireShark and CyberChef went quite well, hope it enlightened some students to its usefulness
- Engagement with external industry professionals, Raaqim and Ed Farrell
- Better time management, was able to do more with my time that last week
- Group work with Bare Minimum Bandits, we worked together quite well and delivered a good presentation
- Documentation of daily events is going well, I’m taking notes of each event that happens
- Able to get user access on one machine and root access to two machines this week
- Applied for a job in cyber
- Collaborated well with other students in order to enumerate or find some head way with vulnerable machines
- Was able to learn about privilege escalation
Things that didn’t go well this week:
- Time management still not at a level that I need it to be at
- Documentation and write ups are okay, but need to do write ups while I’m attempting to do boxes, will be useful in case I take a break and need to know where to start up again
- Need to listen more about what is due, instead of working on vulnerable machines during lecture times
- Making the most of my time, read some more technical papers/tutorials in my down time, always be learning
Monday was spent mostly introducing us to the deliverables that were due this week. There were three deliverables due this week:
Wednesday (20 Feb)
- 6 - 7 minute group presentation on a tool that is used to penetrate complex/vulnerable machines
Friday (22 Feb)
- Own a vulnerable machine of your choice, i.e. pop a box
Sunday (24 Feb)
- Sprint submission for week 3
It seems that free-for-alls are replacing the daily scrums, so for the free-for-all, I grouped up with Brendan and Rowan, who were both working on getting to level 30 on Bandit and at least level 15 on Natas. Both Brendan and Rowan were busy with getting their reflections done on the weekend and were experiencing issues with the PHP code that they were encountering with higher levels of Natas.
Monday was also the first live demo that we were able to watch, it was a quick ‘boot2root’ box, specifically this box on VulnHub, VulnHub being a repository of vulnerable machines that you’re allowed to break into. The boot2root demo was quite interesting to watch, it was the first time I’ve seen privilege escalation. In this scenario, a root shell was gained through exploiting the outdated FTP version on the box and getting a reverse shell through the website of the box.
After the boot2root live demo, I started working on the presentation slides for the Wednesday deliverable, my group (Bare Minimum Bandits) consisted of Rowan, Andre, Chris, Junwei and Corey, and we chose to research about WireShark and CyberChef.
We chose those tools in particular because of their versatility, WireShark is able to be used actively in capturing packets on unsecured systems as well as passively to analyse .pcap files, which are saved sessions of packet captures. CyberChef on the other hand is a tool under active development created by the GCHQ, the GCHQ being an intelligence agency of the United Kingdom. CyberChef has a wide range of functions that may prove useful during CTF challenges including cryptographic, networking and forensics functionality.
We decided to split the tasks up with each member presenting one slide each for one minute.
Tuesday was spent mainly in the studio room working on completing my assigned portion of the presentation due Wednesday. I was responsible for explaining what kind of program WireShark was and its features and capabilities. I worked on the presentation with Chris and Junwei, we managed to finish our parts of the presentation and outline what was left for Rowan, Andre and Corey to complete.
After finishing my slides, I started working on the active machine
Access on HackTheBox, I was able to enumerate information on the machine by using the tools that we learned about in class like Nmap for enumerating information about open ports and the versions of the services running on those ports as well as look for exploits with SearchSploit. I wasn’t able to complete the box before leaving for SecTalks which is a security focused meetup that is held monthly, typically on the second Tuesday night of each month.
SecTalks is an amazing meetup to attend, it provides a great networking and learning opportunity for aspiring cyber security professionals, the environment is extremely welcoming to newcomers and seasoned professionals alike.
This was the first SecTalk of 2019 and the topic of presentation was
802.15.4 War Driving, presented by Ed Farrell, founder and CEO of Mercury ISS, an information security consulting organisation. The topic of the talk was about Ed’s research and exploration of the 802.15.4/Zigbee wireless protocol that is being increasingly used for low-power technology such as home automation, smoke detectors and remote monitoring systems.
It’s important to attend events like SecTalks or other security meetups/conventions to keep up to date with what is happening in industry, the trends and what other people are working on. At this SecTalks I met up with people like Raaqim Mohammed, a UTS alumni and UTS CSEC member who was kind enough to talk to me about methods of executing XSS attacks and provide me with some information about what I need to do to get my foothold in cyber security.
SecTalks inspired me enough that I attempted to gain user access on the
Access active box on HackTheBox on the train home. I made significant progress in gaining user access and I rushed home and got user access on
Access! I’ll be doing a write up for
Access soon with a password protected page.
The main event of the Wednesday class was the industry talk/presentation with the Deloitte team consisting of Viren Khatri, Simon Baeg and Nathan Jones. This talk was extremely valuable to me, I learned quite a lot about the industry that I want to enter, specifically the difference between a red teamer and a penetration tester and what each role entails.
The Deloitte team also brought along with them a vulnerable VM, called Piper which was really awesome to play, you can find my (immense) struggle to root that here. Full credit to the Deloitte Cyber Attack Team for making this really fun box, I learned A LOT from getting root on this box, my first successful priv esc!
After the Deloitte team left, it was time to give our presentation. The presentation slides can be found here. I felt like the presentation went quite well, my team was able to get their points across and I hope that the other students were able to realise the usefulness of the tools that we presented on.
I didn’t get root on Piper till about 1:30am so in the meantime in my disappointment, I had a go at getting root on a box I found on VulnHub called Toppo. You can find the write up for that box here, huge thanks to Darsh for letting me know about HighOnCoffee’s amazing blog (also what an amazing domain name).
Inspired by Jai getting root, I decided to stay up for a little while and have another try at getting root on Piper and to my delight at 1:30am, I found the treasured
root.txt! Something that has really been reinforced by this box is the factor of human error and the want for convenience which plays a big part in why systems are easy to breach in the first place. The scenario for getting root in Piper was mainly due to password reuse and people not wanting to repeatedly type in passwords so they try and find ways around doing so, ways that are insecure and potentially damaging to businesses.
I ended up deciding to apply for a job opening for a Cyber Resilience Intern at The Star Entertainment Group. One of the goals I have for when I complete this subject is to be able to leverage the skills and experience that I’ve gained throughout this subject to be able to gain employment and I believe that this was a good opportunity to take given that it requires little experience, but instead a passion for cyber security and learning.
I wasn’t able to complete any of my write ups for the challenges I did this week although they will most likely be done on Sunday, time management and motivation has been a bit of an issue lately, getting root shells on two of the boxes was really awesome, but doing the write up and collecting screenshots and explaining your thought process seems really draining, definitely something I need to work on is documenting/writing up my process for rooting the box during my attempts to root the box.
Even until the last week, time management is still a problem, although my ability to manage my time properly has gotten slightly better, it’s not where I want/need it to be so that I can be as productive and efficient as possible.
Friday was focused on making sure that everyone had at least completed or had made progress on completing a box, since this was the first time that some people in the class had attempted to break into vulnerable machines, it wasn’t required that you had to own a machine this week, but definitely by next.
So for the free-for-all on Friday, I had a chat with David, Riley and Max about what they’ve been doing all week. David’s been on fire, he managed to get root on two active boxes on HackTheBox,
Curling and was definitely on the right track with getting root on the Piper machine, only having trouble with getting output from the dump on metasploit. Riley did quite well this week as well, he had an attempt on a few of the Kioptrix boxes, however these boxes are pretty old and might not work at all. He had some pretty annoying trouble with his VM’s, everything seems to be broken, especially the networking between his VM’s, he’d uninstalled and reinstalled both his VM’s and his VM software multiple times but things still seem to be a bit broken. Max was able to get root on Piper as well, he didn’t mention what else he was working on this week but it still seems like time management might be an issue for him and he was busy preparing for an interview with UTS IT Security.
After the free-for-alls, we were mainly going through the expectations for our deliverables and the expo for our final portfolios on Friday, then the one on one sessions to discuss how we were going this week and whether or not we’d met the deliverables.
So for my feedback, I had a one on one with Larry and he’d wanted to look at what I’d been doing this week and I showed him my completion of Toppo and I’d shown my previous completion of Piper on the projector earlier. We’d had a look at my feedback on UTS online for my previous submission and everything looks good, I’m passing the subject at the moment and the new format of the weekly sprint submissions seems to be working quite well.
On Friday I also had the opportunity along with Chris and Mitchell to watch Larry present to Justine Lawson and Rob Jarmon, both Associate Deans of teaching and learning at UTS about the subject that he was taking. It really gave me a clear insight into the motivations of why Larry was leading the subject in the first place and in the way that he chose to deliver the subject. The gap between industry and academia is quite large in some areas and sad to say buy security is one of those areas, Larry being able to leverage his professional industry experience was quite beneficial to the enjoyment I’ve experienced and the success that I’ve achieved during the subject. Watching the presentation and taking the subject has definitely sparked in me the drive and the want to have a career in the cyber security industry and the opportunities that such a career would provide in terms of learning and experience.
Being the second week that I’ve started a goals section it would probably be appropriate to also reflect on the goals that I’ve had last week before redefining or introducing new goals.
Last weeks goals:
Continue documenting everything, but document things as they happen for a more complete log of events
I was successful with this goal, I logged events as they happened, however this week I wasn’t able to do my write ups while I was trying to root boxes, I got really caught up in trying to get root access that I put less emphasis on recording my experience.
Never stop doing challenges or reading up on security material
Successful to a degree, I was able to do A LOT more challenges that last week, but not enough on security material
Time management, make a schedule, follow it, be more productive
Time management has been better, so slightly successful, I was able to do more with my time, but not to a point where I was satisfied with my progress during the week
Ideally if applicable, more engagement with external sources, find out more about what they do and ask for advice on what I can do to better myselfSuccess, I was able to talk to Raaqim about subjects like XSS and whether or not I should apply for the Cyber Resilience Intern position at The Star
Stop writing my reflections on Saturday and Sunday and start writing them during the week and updating them dailySuper unsuccessful, it got even worse considering I have to write up my challenge solutions during the weekend as well. Although I made some head way with starting my reflections on Monday, I didn’t update them during the week
What I need to do next week:
- Better time management AGAIN, I want to at the very least have made some progress on an existing or new box every day
- Do my write ups and log my progression through each box to help with an easier write up
- Collaborate with some of the other students who are struggling to help them through their own boxes (if that’s allowed?)
- Again make sure that I start and update my reflection throughout the week
PSA: Check the source code .-.