Introduction

Week 4 of 41151 Summer Studio B is essentially a continuation of the material and deliverables learned last week, however there is a requirement this week of being able to get root access on an active machine on HackTheBox or if they weren’t able to get root access, to at least make some headway to getting root access and document their experience.

I found that last weeks problem statement of "Insecure, outdated applications and systems used by businesses will negatively impact stakeholders reputation, finance and consumer trust if they are ever exploited." was still applicable this week as some of the vulnerable machines on HackTheBox greatly resemble machines that are in ‘the wild’ and being used by companies. The machines themselves incorporate misconfigurations that arise as a result of users prioritising convenience over security, i.e. letting users run commands without using sudo (pip).

This further reinforces my belief that human error is complicit in almost all data breaches, regardless of whether the error was malicious or not. Greater effort needs to be made to educate users about the attacks that can be leveraged against them and the importance of following proper security policies.


Summary (TL;DR)

Things that went well this week:

  • Root on 4 boxes, 3 of them active on HackTheBox, Access, Curling and Irked
  • Collaborate with other students to help them achieve root on machines
  • Presentation at the Summer Studio Expo went pretty well
  • Engagement with students in other studios and telling them about security and why it’s important
  • Did more with my time, reading books on reverse engineering in my spare time

Things that didn’t go well this week:

  • Time management again to no surprise, staying up at 3:00am doing work does nobody any favours
  • Documentation and reflection as a progressive task, neither of this happened which makes write ups and submissions harder, which is bad
  • Motivation was hard, I had a personal goal at the beginning of the studio to get root access on at least one box and I’ve blown that out of the water, unfortunately, that’s led me lose a bit of motivation considering that I achieved that goal earlier than expected and didn’t manage to redefine a proper challenging goal

Weekly Rundown

Monday

On Monday we were lucky enough to have an industry visitor, Ruben Thijssen from Symantec. Ruben was kind enough to give us a presentation on Reverse Engineering and bring along some beginner reversing challenges that we could test ourselves with. The presentation was quite enlightening, reverse engineering is a really difficult subject to understand at the beginning and it’s one of those disciplines that you really have to dive in and immerse yourself in to understand, it’s easier to learn by doing that by reading a manual, and reading a manual for assembly language is generally something that most don’t want to do. From the presentation, we also learned a bit about control flows in disassembled programs, the difference between the heap and the stack and some general op codes. I’ve set myself a personal goal to learn more about reverse engineering and to attempt some CTF challenges that incorporate reverse engineering.

After the presentation, Darsh told us about the agenda for the rest of the week:

  • Friday (1 Mar)

    • Summer Studio Expo - Presentation about what you learned and did throughout the studio, a good opportunity to see what other studios have done as well
  • Monday (4 Mar)

    • Final portfolio - Complete a portfolio outlining how you’ve managed to satisfy the SLO’s and what you’ve taken away from the studio

There wasn’t a designated free-for-all today, but I still managed to talk to other students about what they were working on this week and what had done during the previous week. Quite a lot of students had made significant progress on some of the machines on HackTheBox, Oliver had managed to get root on Access another active machine on HackTheBox and Cameron was working on the Kioptrix series of boxes.

Once class was finished, I started working on the active machine Curling on HackTheBox alongside Frank. I ran into a lot of issues particularly with getting the challenge to render properly. I was able to get user access (with great difficulty), due to lots of help with Darsh (thanks for putting up with my screams of rage). Something that I did learn is that with HackTheBox and VPN’s, when deploying reverse shells, you need to use the IP of the VPN (Oops 😔). Since Curling is an active machine on HackTheBox, I won’t be able to release a write up for it just yet.

I was also able to go through my feedback for the previous sprint, so far I’m been passing every week and my feedback has been quite good, I’m quite happy with the format of my reflections and I feel that this layout is really beneficial for making my points.

Tuesday

On Tuesday, I was focused on brainstorming content that I wanted to display on the expo on Friday, I wasn’t able to come up with what I’d like to do in terms of a practical demonstration, but I did manage to get a list of my highlights, lowlights and insights out. I was also looking for a vulnerable machine on VulnHub that was relatively easy to understand and could effectively demonstrate the impacts of a successful attack a system. I didn’t manage to find a suitable machine either, so I decided to keep working on getting root access on Curling. After not making any progress, I decided to call it a night, however when Jai told me he got root on Curling, I decided to have another crack at it and got root on Curling!

Motivated by this success, I decided to also complete the Irked box on HackTheBox. I started the box at about 1:30am and was able to complete it by 4:00am. A good achievement, however it completely messed up my sleep schedule and I was really tired for class the next day. This was an example of some pretty poor time management, it goes against my goal of developing better time management goals, of which sleep is an important part of.

Wednesday

Wednesday was spent finalising the topics that I would be presenting at the Summer Studio Expo on Friday, I decided that I would be mostly talking about my approach to breaking into vulnerable machines and my thought process while doing so. In truth it was a pretty technical presentation, but I wanted the audience to be able to gain at least something from the presentation. After getting root on both Curling and Irked on HackTheBox, I decided to try and get root access on the Access machine. I had gotten user access on the box last week and this week I decided to try and get root access. I was working with both Rowan and Corey on getting root access, we were pretty unlucky, none of us managed to get root on the box, we had the command ready, however the syntax was wrong and we spend about 3 hours trying different combinations of commands to no effect.

I was feeling pretty bad after not getting root access on the box after spending 3 hours on it, but I still wanted to keep going and try to root the box. This ties in quite well to one of the insights that I wanted to present about on Friday. The trait of resilience is one that is required in anyone that wants a career in cyber security. Being able to not give up and to try even harder is vital in the industry, answers are not simply going to jump out at you and you need to be able to persevere and work through stressful situation in order to complete your objectives. It’s really important to take breaks or even ask colleagues when you do get stuck so that you can get a fresh perspective on the problem and possible solve it.

I realized that I wasn’t going to be able to complete that box, so I decided to log my activity for when I wanted to return and complete that box. Since the expo was on Friday, I decided that I needed to complete my presentation and practice so I could be ready for it.

Thursday

Thursday was spend purely on making sure that my presentation was ready to go for Friday. I had decided to talk about why we need security, what happens if we ignore security as well as give a brief overview of what has happened throughout the studio and what I learned. You can find my presentation slides here. I also found what vulnerable machine I’d use to to demonstrate impacts of vulnerabilities, I chose to use a box called wakanda: 1 from VulnHub which was rated as intermediate. The box was quite close to something that you could expect to find out in the wild, it contained a web page, different users on the machine with different privileges and some web vulnerabilities to give you a foothold. It took me approximately 5 hours to get root on wakanda: 1, but I didn’t manage to do a full write up while doing the box. The write up will be up soon.

Friday

Friday was the big day, the Summer Studio Expo! I was really excited to showcase what we’ve been doing in the studio this past month. I was really proud of everyone’s accomplishments, some students had gone from no security experience to being able to get root access to vulnerable machines within 1 month. My presentation was solo, I managed to present once to the studio leader for the IoT studio and the beginning half of my demo to Dr Eva Cheng. Although my demo went a little long, I felt that my audience was able to take something away from my presentation, whether it be technical or non-technical content. I also had the chance to check out the work of other studios, I decided to have a look at the neural networks and IoT studio and they were doing some really awesome stuff, including training a neural network to identify cancerous moles from a picture and some IoT appliances to detect if study spaces in Building 11 were heavily populated or not. It was also jokingly suggested that we could try and hack into the IoT appliances… 😏. All in all, I quite enjoyed seeing the progress of students both in our studio and in other studios, I feel like everyone has done quite well in their summer studio journey. Personally I’ve learned a lot over this past month and I would highly recommend studio subjects to everyone.

 


Goals

So considering that his is the last week of the studio, I thought it would be good to reflect on whether I hit the goals that I set for myself last week and set up goals for beyond the studio.

  • Better time management _**AGAIN**_, I want to at the very least have made some progress on an existing or new box every day Not successful, time management this week was not as good as last week, yes I did get more accomplished this week (Root access on 4 boxes), but specifying certain times for work and times for resting will be healthier for me overall.
  • Do my write ups and log my progression through each box to help with an easier write up Not successful, I was able to log important data for the vulnerable machines that I was working with, but I didn’t log my progression which will make it harder for me to complete my write ups.
  • Collaborate with some of the other students who are struggling to help them through their own boxes (if that's allowed?) Successful, I was able to help Frank with completing Curling on HackTheBox and help Rowan and Corey with getting user on Access.
  • Again make sure that I start and update my reflection throughout the week Super unsuccessful considering that I’m doing this reflections at 3:00am on Sunday. Again, I think I need better time management ._.

What I want to do from now on:

  • Keep hacking boxes, make sure to practice for that eventual OSCP one day
  • Keep applying for jobs, the experience gained from employment is phenomenal and I want to learn as much as possible
  • Make a damn schedule and follow it
  • Learn about reverse engineering and binary exploitation
  • Get into more advanced web application pen testing and eventually bug bounties