The platform develops virtual
classrooms that not only allow users to deploy training environments with the
click of a button, but also reinforce learning by adding a question-answer
approach. Its a comfortable experience to learn using pre-designed courses which include virtual machines (VM) hosted in the cloud.
TryHackMe Advent of Cyber 2 Day 1 Walkthrough
While using a question-answer model
does make learning easier, TryHackMe allows users to create their own virtual
classrooms to teach particular topics enabling them to become teachers. This
not only provides other users with rich and varied content, but also helps creators reinforce their understanding of fundamental concepts.
Room :-
https://tryhackme.com/room/adventofcyber2
Advent of Cyber 2
Get started with Cyber Security in 25 Days - Learn the basics by doing a
new, beginner friendly security challenge every day leading up to Christmas.
Task 6 [Day 1] Web Exploitation A Christmas Crisis
"The Best Festival Company's brand new OpenVPN server has been hacked.
This is a crisis!
The attacker has damaged various aspects of the
company infrastructure -- including using the Christmas Control Centre to shut
off the assembly line!
It's only 24 days until Christmas, and that
line has to be operational or there won't be any presents! You have to hack
your way back into Santa's account (blast that hacker changing the
password!) and getting the assembly line up and running again, or Christmas
will be ruined!"
The Web:
The Internet is one of those things that everyone uses, but few people
bother to learn about. As hackers, it is vital that we understand what exactly
the web is, and how it works.
When you open up your web browser and
navigate to a website, it seems so simple, but what is really happening behind
the scenes?
First of all, your computer communicates with a known DNS (Domain Name
System) server to find out where the website can be found on the internet. The
DNS server will then return an IP address for the remote server. This can be
used to go directly to the website. You can think of the internet as being
quite like the planet itself -- we have lots of locations, all over the
world.
These places all have a street address -- this is akin to the domain name of a website (i.e. tryhackme.com, or google.com); but they also have co-ordinates which can be used to pinpoint their location with absolute accuracy.
These co-ordinates are like the IP address of a website. If you know the street address of a location, you can enter it into Google Maps and be given the exact coordinates, which can then be put into a SatNav to take you there with pinpoint accuracy!
In the same way, your browser is given the address of a website (i.e.
tryhackme.com). It sends this address off to a DNS server, which tells it the
"co-ordinates" (the IP address) of the site. Your computer doesn't understand
the original, human-readable domain name, but it does understand what an IP
address is! The IP can then be used to find the server across the internet,
allowing your computer to request the content of the website. Of course, in
reality, this is a highly simplified analogy, so a more in-depth explanation
of this process can be found here.
HTTP(S):
Once your computer knows where it can find the target website, it sends
something called a HTTP (Hypertext Transfer Protocol) request to the
webserver.
This is just a standard network request, but it is
formatted in a way that both your web browser and the server can understand.
In practice, this means adding certain "headers" to the request which identify
it as a HTTP request, and tell the server a variety of other information about
the request, as well as your own browser. Amongst many other headers, HTTP
requests always have a method and a target. These specify what to retrieve
from the server (the target), and how to retrieve it (the method). The method
most commonly used to retrieve information is called the GET method. When
sending data to the server, it's more common to use a method called POST.
Cookies:
HTTP is an inherently stateless protocol. This means that no data
persists between connections; your computer could make two requests
immediately after each other, and, without relying on separate software, the
web server would have no way to know that it was you making both the requests.
This begs the important question: if HTTP is stateless, then how do login
systems work? The web server must have a way to identify that you have the
right level of access, and it can hardly ask you to enter your password every
time you request a new page!
The answer is cookies -- tiny little
pieces of information that get stored on your computer and get sent to the
server along with every request that you make. Authentication (or session)
cookies are used to identify you (these will be very important in your mission
today!). The server receives your request with the attached cookie, and checks
the cookie to see what level of access you are allowed to have. It then
returns a response appropriate to that level of access.
For
example, a standard user should be able to see (but not interact with) our
control panel; but Santa should be able to access everything! Cookies are also
often used for other purposes such as advertising and storing user preferences
(light/dark theme, for example); however, this will not be important in your
task today. Any site can set cookies with a variety of properties -- the most
important of these for today's task are the name and value of the cookies,
both of which will always be set. It's worth noting that a site can only
access cookies that are associated with its own domain (i.e. google.com can't
access any cookies stored by tryhackme.com, and vice versa).
It's
important to note that cookies are stored locally on your computer. This means
that they are under your control -- i.e. you can add, edit, or delete them as
you wish. There are a few ways to do this, however, it's most commonly done by
using your Browser Developer Tools, which can be accessed in most browsers by
pressing F12, or Ctrl + Shift + I. With the developer tools open,
navigate to the Storage tab in FireFox, or the Application tab
in Chrome/Edge and select the Cookies menu on the left hand side
of the console.
In the above image you can see a test cookie for a website. The important
attributes "Name" and "Value" are shown. The name of a cookie is used to
identify it to the server. The value of the cookie is the data stored by the
server. In this example the server would be looking for a cookie called
"Cookie Name". It would then retrieve the value "CookieValue" from this cookie.
These values can be edited by double-clicking
on them, which is great if you can edit a session or authorisation cookie, as
this can lead to an escalation of privileges, assuming you have access to an
Administrator's authorisation cookie.
Having read the lengthy
dossier, you get ready to hack your way back into Santa's Christmas
Control Centre! You enter the IP address at the top of the screen into your
browser search bar and press enter to load the page.
1) Register for an account, and then login.
What
is the name of the cookie used for authentication?
HINT :- Check your Browser's Developer tools. These can usually be accessed with F12 in most browsers, or Ctrl + Shift + I otherwise.
Ans :- auth
2) In what format is the value of this cookie encoded?
HINT :- Often used as a "shorthand for binary".
Ans :- Hexadecimal
3) Having decoded the cookie, what format is the data stored in?
HINT :- Use CyberChef to decode the cookie. The format is a very
common one, often linked to JavaScript. (https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto'))
First of all we will copy this cookies value (session's cookies ) and then decode it in cyberchef website. ( link in the above )
Check out this format, look like javascript object notation
{"company":"The Best Festival Company", "username":"whoiskumaratul"}
Ans :- JSON
4) Figure out how to bypass the authentication.
What is the value of Santa's cookie?
HINT :- Remember, you can edit your cookies value! Why not use the decoded
cookie you got in the last question, update the username with "santa" and
re-encode it?
Now, we will change the value of username, like whoiskumaratul, This is my
username, there may be something else in your case. so, You have to re-encode
the entire format by typing the Santa username in place of your username.
Before
{"company":"The Best Festival Company", "username":"whoiskumaratul"}
After
{"company":"The Best Festival Company", "username":"santa"}
let's decode the value in "To Hex" and Delimiter is NONE and Bytes per line is
0.
Ans :- 7b22636f6d70616e79223a22546865204265737420466573746976616c20436
f6d70616e79222c2022757365726e616d65223a2273616e7461227d
5) Now that you are the santa user, you can re-activate the assembly
line!
What is the flag you're given when the line is fully
active?
Now, replace your cookies to the santa's cookies and refresh the page. Then click to enable every Active button.
See you soon, with another task N day. So till then bookmark our website
Disclaimer
This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing malicious or damaging attacks. Performing any hacks without written permission is illegal ..!
All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.
All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)