The platform develops virtual classrooms that not only allow users to deploy training environments with the click of a button, but also reinforce learning by adding a question-answer approach. Its a comfortable experience to learn using pre-designed courses which include virtual machines (VM) hosted in the cloud.

TryHackMe Further Nmap Walkthrough


While using a question-answer model does make learning easier, TryHackMe allows users to create their own virtual classrooms to teach particular topics enabling them to become teachers. This not only provides other users with rich and varied content, but also helps creators reinforce their understanding of fundamental concepts.



Room :- https://tryhackme.com/room/furthernmap

 

Further Nmap

An in depth look at scanning with Nmap, a powerful network scanning tool.


Deploy the machine!

Please Note: This machine is for scanning purposes only. You do not need to log into it, or exploit any vulnerabilities to gain access.

 

Task 2 Introduction

When it comes to hacking, knowledge is power. The more knowledge you have about a target system or network, the more options you have available. This makes it imperative that proper enumeration is carried out before any exploitation attempts are made.

Say we have been given an IP (or multiple IP addresses) to perform a security audit on. Before we do anything else, we need to get an idea of the “landscape” we are attacking. What this means is that we need to establish which services are running on the targets. For example, perhaps one of them is running a webserver, and another is acting as a Windows Active Directory Domain Controller. The first stage in establishing this “map” of the landscape is something called port scanning. When a computer runs a network service, it opens a networking construct called a “port” to receive the connection.  Ports are necessary for making multiple network requests or having multiple services available. For example, when you load several webpages at once in a web browser, the program must have some way of determining which tab is loading which web page. This is done by establishing connections to the remote webservers using different ports on your local machine. Equally, if you want a server to be able to run more than one service (for example, perhaps you want your webserver to run both HTTP and HTTPS versions of the site), then you need some way to direct the traffic to the appropriate service. Once again, ports are the solution to this. Network connections are made between two ports – an open port listening on the server and a randomly selected port on your own computer. For example, when you connect to a web page, your computer may open port 49534 to connect to the server’s port 443.

As in the previous example, the diagram shows what happens when you connect to numerous websites at the same time. Your computer opens up a different, high-numbered port (at random), which it uses for all its communications with the remote server.

Every computer has a total of 65535 available ports; however, many of these are registered as standard ports. For example, a HTTP Webservice can nearly always be found on port 80 of the server. A HTTPS Webservice can be found on port 443. Windows NETBIOS can be found on port 139 and SMB can be found on port 445. It is important to note; however, that especially in a CTF setting, it is not unheard of for even these standard ports to be altered, making it even more imperative that we perform appropriate enumeration on the target.

If we do not know which of these ports a server has open, then we do not have a hope of successfully attacking the target; thus, it is crucial that we begin any attack with a port scan. This can be accomplished in a variety of ways – usually using a tool called nmap, which is the focus of this room. Nmap can be used to perform many different kinds of port scan – the most common of these will be introduced in upcoming tasks; however, the basic theory is this: nmap will connect to each port of the target in turn. Depending on how the port responds, it can be determined as being open, closed, or filtered (usually by a firewall). Once we know which ports are open, we can then look at enumerating which services are running on each port – either manually, or more commonly using nmap.

So, why nmap? The short answer is that it's currently the industry standard for a reason: no other port scanning tool comes close to matching its functionality (although some newcomers are now matching it for speed). It is an extremely powerful tool – made even more powerful by its scripting engine which can be used to scan for vulnerabilities, and in some cases even perform the exploit directly! Once again, this will be covered more in upcoming tasks.

For now, it is important that you understand: what port scanning is; why it is necessary; and that nmap is the tool of choice for any kind of initial enumeration.

1) What networking constructs are used to direct traffic to the right application on a server?

Ans :- Ports

 

2) How many of these are available on any network-enabled computer?

Ans :- 65535

3) [Research] How many of these are considered "well-known"? (These are the "standard" numbers mentioned in the task)


Ans :- 1024

Task 3 Nmap Switches

Like most pentesting tools, nmap is run from the terminal. There are versions available for both Windows and Linux. For this room we will assume that you are using Linux; however, the switches should be identical. Nmap is installed by default in both Kali Linux and the TryHackMe Attack Box.


Nmap can be accessed by typing nmap into the terminal command line, followed by some of the "switches" (command arguments which tell a program to do different things) we will be covering below.


All you'll need for this is the help menu for nmap (accessed with nmap -h) and/or the nmap man page (access with man nmap). For each answer, include all parts of the switch unless otherwise specified. This includes the hyphen at the start (-).



1) What is the first switch listed in the help menu for a 'Syn Scan' (more on this later!)?

Ans :- -sS


2) Which switch would you use for a "UDP scan"?


Ans :- -sU


3) If you wanted to detect which operating system the target is running on, which switch would you use?

Ans :- -O


4) Nmap provides a switch to detect the version of the services running on the target. What is this switch?

Ans :- -sV



5) The default output provided by nmap often does not provide enough information for a pentester. How would you increase the verbosity?

Ans :- -v




Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two?
(Note: it's highly advisable to always use at least this option)

We should always save the output of our scans -- this means that we only need to run the scan once (reducing network traffic and thus chance of detection), and gives us a reference to use when writing reports for clients.

6) What switch would you use to save the nmap results in three major formats?

Ans :- -oA



7) What switch would you use to save the nmap results in a "normal" format?

Ans :- -oN



8) A very useful output format: how would you save results in a "grepable" format?

Ans :- -oG


Sometimes the results we're getting just aren't enough. If we don't care about how loud we are, we can enable "aggressive" mode. This is a shorthand switch that activates service detection, operating system detection, a traceroute and common script scanning.

9)How would you activate this setting?

Ans :- -A



Nmap offers five levels of "timing" template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!

10) How would you set the timing template to level 5?

Ans :- -T5


We can also choose which port(s) to scan.

11) How would you tell nmap to only scan port 80?

Ans :- -p 80


12) How would you tell nmap to scan ports 1000-1500?

Ans :- -p 1000-1500


A very useful option that should not be ignored:

13) How would you tell nmap to scan all ports?

Ans :- -p-


14) How would you activate a script from the nmap scripting library (lots more on this later!)?

Ans :-  --script


18) How would you activate all of the scripts in the "vuln" category?

Ans :- --script=vuln

Task 4 [Scan Types] Overview

When port scanning with Nmap, there are three basic scan types. These are:

•     TCP Connect Scans (-sT)
•     SYN "Half-open" Scans (-sS)
•     UDP Scans (-sU)

Additionally there are several less common port scan types, some of which we will also cover (albeit in less detail). These are:

•     TCP Null Scans (-sN)
•     TCP FIN Scans (-sF)
•     TCP Xmas Scans (-sX)

Most of these (with the exception of UDP scans) are used for very similar purposes, however, the way that they work differs between each scan. This means that, whilst one of the first three scans are likely to be your go-to in most situations, it's worth bearing in mind that other scan types exist.

In terms of network scanning, we will also look briefly at ICMP (or "ping") scanning.

Task 5 [Scan Types] TCP Connect Scans

To understand TCP Connect scans (-sT), it's important that you're comfortable with the TCP three-way handshake. If this term is new to you then completing Introductory Networking before continuing would be advisable.


As a brief recap, the three-way handshake consists of three stages. First the connecting terminal (our attacking machine, in this instance) sends a TCP request to the target server with the SYN flag set. The server then acknowledges this packet with a TCP response containing the SYN flag, as well as the ACK flag. Finally, our terminal completes the handshake by sending a TCP request with the ACK flag set.

 

This is one of the fundamental principles of TCP/IP networking, but how does it relate to Nmap?

Well, as the name suggests, a TCP Connect scan works by performing the three-way handshake with each target port in turn. In other words, Nmap tries to connect to each specified TCP port, and determines whether the service is open by the response it receives.


For example, if a port is closed, RFC 793 states that:


"... If the connection does not exist (CLOSED) then a reset is sent in response to any incoming segment except another reset.  In particular, SYNs addressed to a non-existent connection are rejected by this means."


In other words, if Nmap sends a TCP request with the SYN flag set to a closed port, the target server will respond with a TCP packet with the RST (Reset) flag set. By this response, Nmap can establish that the port is closed.

If, however, the request is sent to an open port, the target will respond with a TCP packet with the SYN/ACK flags set. Nmap then marks this port as being open (and completes the handshake by sending back a TCP packet with ACK set).



This is all well and good, however, there is a third possibility.

What if the port is open, but hidden behind a firewall?

Many firewalls are configured to simply drop incoming packets. Nmap sends a TCP SYN request, and receives nothing back. This indicates that the port is being protected by a firewall and thus the port is considered to be filtered.

That said, it is very easy to configure a firewall to respond with a RST TCP packet. For example, in IPtables for Linux, a simple version of the command would be as follows:


iptables -I INPUT -p tcp --dport <port> -j REJECT --reject-with tcp-reset

This can make it extremely difficult (if not impossible) to get an accurate reading of the target(s).



1) Which RFC defines the appropriate behaviour for the TCP protocol?

Ans :- RFC 793



2) If a port is closed, which flag should the server send back to indicate this?

Ans :- RST

Task 6 [Scan Types] SYN Scans

As with TCP scans, SYN scans (-sS) are used to scan the TCP port-range of a target or targets; however, the two scan types work slightly differently. SYN scans are sometimes referred to as "Half-open" scans, or "Stealth" scans.


Where TCP scans perform a full three-way handshake with the target, SYN scans sends back a RST TCP packet after receiving a SYN/ACK from the server (this prevents the server from repeatedly trying to make the request). In other words, the sequence for scanning an open port looks like this:

This has a variety of advantages for us as hackers:

• It can be used to bypass older Intrusion Detection systems as they are looking out for a full three way handshake. This is often no longer the case with modern IDS solutions; it is for this reason that SYN scans are still frequently referred to as "stealth" scans.
•  
  
• SYN scans are often not logged by applications listening on open ports, as standard practice is to log a connection once it's been fully established. Again, this plays into the idea of SYN scans being stealthy.
•  
• Without having to bother about completing (and disconnecting from) a three-way handshake for every port, SYN scans are significantly faster than a standard TCP Connect scan.

There are, however, a couple of disadvantages to SYN scans, namely:

• They require sudo permissions[1] in order to work correctly in Linux. This is because SYN scans require the ability to create raw packets (as opposed to the full TCP handshake), which is a privilege only the root user has by default.
•  
  
• Unstable services are sometimes brought down by SYN scans, which could prove problematic if a client has provided a production environment for the test.

All in all, the pros outweigh the cons.

For this reason, SYN scans are the default scans used by Nmap if run with sudo permissions. If run without sudo permissions, Nmap defaults to the TCP Connect scan we saw in the previous task.



When using a SYN scan to identify closed and filtered ports, the exact same rules as with a TCP Connect scan apply.


If a port is closed then the server responds with a RST TCP packet. If the port is filtered by a firewall then the TCP SYN packet is either dropped, or spoofed with a TCP reset.


In this regard, the two scans are identical: the big difference is in how they handle open ports.


[1] SYN scans can also be made to work by giving Nmap the CAP_NET_RAW, CAP_NET_ADMIN and CAP_NET_BIND_SERVICE capabilities; however, this may not allow many of the NSE scripts to run properly.

1) There are two other names for a SYN scan, what are they?

Ans :- Half-Open, stealth



2) Can Nmap use a SYN scan without Sudo permissions (Y/N)?

Ans :- N

Task 7 [Scan Types] UDP Scans

Unlike TCP, UDP connections are stateless. This means that, rather than initiating a connection with a back-and-forth "handshake", UDP connections rely on sending packets to a target port and essentially hoping that they make it. This makes UDP superb for connections which rely on speed over quality (e.g. video sharing), but the lack of acknowledgement makes UDP significantly more difficult (and much slower) to scan. The switch for an Nmap UDP scan is (-sU)


When a packet is sent to an open UDP port, there should be no response. When this happens, Nmap refers to the port as being open|filtered. In other words, it suspects that the port is open, but it could be firewalled. If it gets a UDP response (which is very unusual), then the port is marked as open. More commonly there is no response, in which case the request is sent a second time as a double-check. If there is still no response then the port is marked open|filtered and Nmap moves on.


When a packet is sent to a closed UDP port, the target should respond with an ICMP (ping) packet containing a message that the port is unreachable. This clearly identifies closed ports, which Nmap marks as such and moves on.


Due to this difficulty in identifying whether a UDP port is actually open, UDP scans tend to be incredibly slow in comparison to the various TCP scans (in the region of 20 minutes to scan the first 1000 ports, with a good connection). For this reason it's usually good practice to run an Nmap scan with with --top-ports <number> enabled. For example, scanning with  nmap -sU --top-ports 20 <target>. Will scan the top 20 most commonly used UDP ports, resulting in a much more acceptable scan time.


When scanning UDP ports, Nmap usually sends completely empty requests -- just raw UDP packets. That said, for ports which are usually occupied by well-known services, it will instead send a protocol-specific payload which is more likely to elicit a response from which a more accurate result can be drawn.



1) If a UDP port doesn't respond to an Nmap scan, what will it be marked as?

Ans :- open|filtered



2) When a UDP port is closed, by convention the target should send back a "port unreachable" message. Which protocol would it use to do so?

Ans :- ICMP

Task 8 [Scan Types] NULL, FIN and Xmas

NULL, FIN and Xmas TCP port scans are less commonly used than any of the others we've covered already, so we will not go into a huge amount of depth here. All three are interlinked and are used primarily as they tend to be even stealthier, relatively speaking, than a SYN "stealth" scan. Beginning with NULL scans:


As the name suggests, NULL scans (-sN) are when the TCP request is sent with no flags set at all. As per the RFC, the target host should respond with a RST if the port is closed.

FIN scans (-sF) work in an almost identical fashion; however, instead of sending a completely empty packet, a request is sent with the FIN flag (usually used to gracefully close an active connection). Once again, Nmap expects a RST if the port is closed.

As with the other two scans in this class, Xmas scans (-sX) send a malformed TCP packet and expects a RST response for closed ports. It's referred to as an xmas scan as the flags that it sets (PSH, URG and FIN) give it the appearance of a blinking christmas tree when viewed as a packet capture in Wireshark.

The expected response for open ports with these scans is also identical, and is very similar to that of a UDP scan. If the port is open then there is no response to the malformed packet. Unfortunately (as with open UDP ports), that is also an expected behaviour if the port is protected by a firewall, so NULL, FIN and Xmas scans will only ever identify ports as being open|filtered, closed, or filtered. If a port is identified as filtered with one of these scans then it is usually because the target has responded with an ICMP unreachable packet.


It's also worth noting that while RFC 793 mandates that network hosts respond to malformed packets with a RST TCP packet for closed ports, and don't respond at all for open ports; this is not always the case in practice. In particular Microsoft Windows (and a lot of Cisco network devices) are known to respond with a RST to any malformed TCP packet -- regardless of whether the port is actually open or not. This results in all ports showing up as being closed.


That said, the goal here is, of course, firewall evasion. Many firewalls are configured to drop incoming TCP packets to blocked ports which have the SYN flag set (thus blocking new connection initiation requests). By sending requests which do not contain the SYN flag, we effectively bypass this kind of firewall. Whilst this is good in theory, most modern IDS solutions are savvy to these scan types, so don't rely on them to be 100% effective when dealing with modern systems.



1) Which of the three shown scan types uses the URG flag?

Ans :- xmas


2) Why are NULL, FIN and Xmas scans generally used?

Ans :- Firewall Evasion



3) Which common OS may respond to a NULL, FIN or Xmas scan with a RST for every port?

Ans :- Microsoft Windows

Task 9 [Scan Types] ICMP Network Scanning

On first connection to a target network in a black box assignment, our first objective is to obtain a "map" of the network structure -- or, in other words, we want to see which IP addresses contain active hosts, and which do not.


One way to do this is by using Nmap to perform a so called "ping sweep". This is exactly as the name suggests: Nmap sends an ICMP packet to each possible IP address for the specified network. When it receives a response, it marks the IP address that responded as being alive. For reasons we'll see in a later task, this is not always accurate; however, it can provide something of a baseline and thus is worth covering.



To perform a ping sweep, we use the -sn switch in conjunction with IP ranges which can be specified with either a hypen (-) or CIDR notation. i.e. we could scan the 192.168.0.x network using:



    nmap -sn 192.168.0.1-254

or

    nmap -sn 192.168.0.0/24



The -sn switch tells Nmap not to scan any ports -- forcing it to rely purely on ICMP packets (or ARP requests on a local network) to identify targets.


 

1) How would you perform a ping sweep on the 172.16.x.x network (Netmask: 255.255.0.0) using Nmap? (CIDR notation)

Ans :- nmap -sn 172.16.0.0/16

Task 10 [NSE Scripts] Overview

The Nmap Scripting Engine (NSE) is an incredibly powerful addition to Nmap, extending its functionality quite considerably. NSE Scripts are written in the Lua programming language, and can be used to do a variety of things: from scanning for vulnerabilities, to automating exploits for them. The NSE is particularly useful for reconnaisance, however, it is well worth bearing in mind how extensive the script library is.


There are many categories available. Some useful categories include:

•     safe:- Won't affect the target
•     intrusive:- Not safe: likely to affect the target
•     vuln:- Scan for vulnerabilities
•     exploit:- Attempt to exploit a vulnerability
•     auth:- Attempt to bypass authentication for running services (e.g. Log into an FTP server anonymously)
•     brute:- Attempt to bruteforce credentials for running services
•     discovery:- Attempt to query running services for further information about the network (e.g. query an SNMP server).

A more exhaustive list can be found here.


In the next task we'll look at how to interact with the NSE and make use of the scripts in these categories.


1) What language are NSE scripts written in?

Ans :- lua


2) Which category of scripts would be a very bad idea to run in a production environment?

Ans :-  intrusive

Task 11 [NSE Scripts] Working with the NSE

In Task 3 we looked very briefly at the --script switch for activating NSE scripts from the vuln category using --script=vuln. It should come as no surprise that the other categories work in exactly the same way. If the command --script=safe is run, then any applicable safe scripts will be run against the target (Note: only scripts which target an active service will be activated).



To run a specific script, we would use --script=<script-name> , e.g. --script=http-fileupload-exploiter.



Multiple scripts can be run simultaneously in this fashion by separating them by a comma. For example: --script=smb-enum-users,smb-enum-shares.



Some scripts require arguments (for example, credentials, if they're exploiting an authenticated vulnerability). These can be given with the --script-args Nmap switch. An example of this would be with the http-put script (used to upload files using the PUT method). This takes two arguments: the URL to upload the file to, and the file's location on disk. 


For example:

nmap -p 80 --script http-put --script-args http-put.url='/dav/shell.php',http-put.file='./shell.php'


Note that the arguments are separated the commas, and connected to the corresponding script with periods (i.e.  <script-name>.<argument>).



A full list of scripts and their corresponding arguments (along with example use cases) can be found here.



Nmap scripts come with built-in help menus, which can be accessed using nmap --script-help <script-name>. This tends not to be as extensive as in the link given above, however, it can still be useful when working locally.



1) What optional argument can the ftp-anon.nse script take?

Ans :- maxlist

Task 12 [NSE Scripts] Searching for Scripts

Ok, so we know how to use the scripts in Nmap, but we don't yet know how to find these scripts.


We have two options for this, which should ideally be used in conjunction with each other. The first is the page on the Nmap website (mentioned in the previous task) which contains a list of all official scripts. The second is the local storage on your attacking machine. Nmap stores its scripts on Linux at /usr/share/nmap/scripts. All of the NSE scripts are stored in this directory by default -- this is where Nmap looks for scripts when you specify them.

There are two ways to search for installed scripts. One is by using the /usr/share/nmap/scripts/script.db file. Despite the extension, this isn't actually a database so much as a formatted text file containing filenames and categories for each available script.


Nmap uses this file to keep track of (and utilise) scripts for the scripting engine; however, we can also grep through it to look for scripts. For example: grep "ftp" /usr/share/nmap/scripts/script.db.


The second way to search for scripts is quite simply to use the ls command. For example, we could get the same results as in the previous screenshot by using ls -l /usr/share/nmap/scripts/*ftp*:


Note the use of asterisks (*) on either side of the search term


The same techniques can also be used to search for categories of script. For example:

grep "safe" /usr/share/nmap/scripts/script.db

Installing New Scripts

We mentioned previously that the Nmap website contains a list of scripts, so, what happens if one of these is missing in the scripts directory locally? A standard sudo apt update && sudo apt install nmap should fix this; however, it's also possible to install the scripts manually by downloading the script from Nmap (sudo wget -O /usr/share/nmap/scripts/<script-name>.nse https://svn.nmap.org/nmap/scripts/<script-name>.nse). This must then be followed up with nmap --script-updatedb, which updates the script.db file to contain the newly downloaded script.



It's worth noting that you would require the same "updatedb" command if you were to make your own NSE script and add it into Nmap -- a more than manageable task with some basic knowledge of Lua!


Search for "smb" scripts in the /usr/share/nmap/scripts/ directory using either of the demonstrated methods.



1) What is the filename of the script which determines the underlying OS of the SMB server?

Ans :- smb-os-discovery.nse


2) Read through this script. What does it depend on?
 
Ans :-  smb-brute

Task 13 Firewall Evasion

We have already seen some techniques for bypassing firewalls (think stealth scans, along with NULL, FIN and Xmas scans); however, there is another very common firewall configuration which it's imperative we know how to bypass.

Your typical Windows host will, with its default firewall, block all ICMP packets. This presents a problem: not only do we often use ping to manually establish the activity of a target, Nmap does the same thing by default. This means that Nmap will register a host with this firewall configuration as dead and not bother scanning it at all.

So, we need a way to get around this configuration. Fortunately Nmap provides an option for this: -Pn, which tells Nmap to not bother pinging the host before scanning it. This means that Nmap will always treat the target host(s) as being alive, effectively bypassing the ICMP block; however, it comes at the price of potentially taking a very long time to complete the scan (if the host really is dead then Nmap will still be checking and double checking every specified port).

It's worth noting that if you're already directly on the local network, Nmap can also use ARP requests to determine host activity.

There are a variety of other switches which Nmap considers useful for firewall evasion. We will not go through these in detail, however, they can be found here.



The following switches are of particular note:


-f:- Used to fragment the packets (i.e. split them into smaller pieces) making it less likely that the packets will be detected by a firewall or IDS.


An alternative to -f, but providing more control over the size of the packets: --mtu <number>, accepts a maximum transmission unit size to use for the packets sent. This must be a multiple of 8.


--scan-delay <time>ms:- used to add a delay between packets sent. This is very useful if the network is unstable, but also for evading any time-based firewall/IDS triggers which may be in place.
   
   
--badsum:- this is used to generate in invalid checksum for packets. Any real TCP/IP stack would drop this packet, however, firewalls may potentially respond automatically, without bothering to check the checksum of the packet. As such, this switch can be used to determine the presence of a firewall/IDS.



1) Which simple (and frequently relied upon) protocol is often blocked, requiring the use of the -Pn switch?

Ans :- ICMP



2) [Research] Which Nmap switch allows you to append an arbitrary length of random data to the end of packets?

Ans :-  --data-length

Task 14 Practical

Use what you've learnt to scan the target machine and answer the following questions!


1) Does the target (10.10.99.0)respond to ICMP (ping) requests (Y/N)?


Ans :- N


2) Perform an Xmas scan on the first 999 ports of the target -- how many ports are shown to be open or filtered?


Ans :- 999

3) There is a reason given for this -- what is it?
 
 

Ans :- No Response

4) Perform a TCP SYN scan on the first 10000 ports of the target -- how many ports are shown to be open?


Ans :- 5


5) Open Wireshark (see Cryillic's Wireshark Room for instructions) and perform a TCP Connect scan against port 80 on the target, monitoring the results. Make sure you understand what's going on.


Ans :- Noa nswer needed


6) Deploy the ftp-anon script against the box. Can Nmap login successfully to the FTP server on port 21? (Y/N)

Ans :- Y

Task 15 Conclusion

You have now completed the Further Nmap room -- hopefully you enjoyed it, and learnt something new!

There are lots of great resources for learning more about Nmap on your own. Front and center are Nmaps own (highly extensive) docs which have already been mentioned several times throughout the room. These are a superb resource, so, whilst reading through them line-by-line and learning them by rote is entirely unnecessary, it would be highly advisable to use them as a point of reference, should you need it

Disclaimer

8th student e-mail hacked; 27-year-old hacker said - talk about love, otherwise I will defame

In Bhopal, the accused hacked the e-mail ID from the mobile number of the 8th student. He took out his personal messages and photos and started sending them. Threatening to discredit, he said that if she does not talk lovingly, he will discredit her. In fact, the girl kept the password of her email as her mobile phone number. The accused took advantage of this. Cybercrime team caught the accused from Telangana on the complaint of a minor who has suffered mental torture for almost two months. Although the female partner of the accused is absconding.

Cybercrime ASP Neetu Singh said that the minor girl studying in 8th class had complained. The student said that the young man with fake ID had hacked his email by befriending him. He was blackmailing her by taking out her personal photos. He was threatening to discredit her for not having spoken affectionately for two months. On the complaint of the student, the team of Cybercrime Branch arrested the accused Turupu Sai Kumar, father Chandrashekhar Reddy, 27, from village Gagna Gudham police station Durg district Ranga Reddy Telangana. He along with his partner Kumari Shravani used to create fake Instagram IDs. Kumari is absconding.

This is how hacking used

Accused Turupu said that he used to send fake request to girls by creating fake ID on Instagram. After friendship, he used to take out his mobile phone number and open his email ID. This gave him personal information about them. In the same way, he implicated this umbrella of Bhopal. 8th student e-mail hacked; 27-year-old hacker said

 

Used to control mobile

After blocking the e-mail ID, he used to extract all the information from him like personal photos and videos and other information. The victim then blackmailed Instagram ID and started asking him to talk loving things. He used to control even his mobile phone.

Worst Password :- Click Here

Password you should never use :-

1. Don't make short passwords.
2. Don't store your password where it can be easily found.
3. Don't make a password that's easy to guess.
4. Don't use a phone number to make a password
5. Don't use the Date of Your Wedding (or Birthday, or Child’s Birthday…)

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

TryHackMe CC Steganography 

Steganography is the art of concealing data within some other data. A common example of this is embedding hidden text in an image file.
This blog serves as an introduction to steganography and some of the tools you can use to embed and extract data within other data. TryHackMe CC Steganography

To complete this every task you will need the following tools available to you:

    steghide
    zsteg
    exiftool
    stegoveritas
    sonic-visualiser

Make sure you download the files needed to complete these tasks. You cannot answer some of the questions without them. Unzip spect.zip and you should have the files below.

Note: Basic linux knowledge required.


TryHackMe Website :- Cilck Here

Steghide

Steghide is one of the most famous steganography tools, and for good reason. It's a classic method, hiding a message inside an image, and steghide does it effectively and efficiently. A downside of steghide is that it only works on jpgs; however, that means that if you believe there is a hidden message inside a jpg, then steghide is a probable option.


One of the greatest benefits of stegohide, is that it can encrypt data with a passphrase. Meaning that if they don't have the password then they can't extract any data.



steghide can be installed with the command sudo apt install steghide


You can find the answers to questions 1-6 by reading the man page or by running steghide –help.

steghide includes 7 commands;

    embed
    extract
    info
    encinfo
    version
    license
    help




encinfo, version, license, and help do not require arguments and are informational. embed, extract and info are the functional commands within steghide. Each has their own     set of arguments. These arguments can be found in the documentation.

steghide command [ arguments ]

 

To find the hidden message in jpeg1.jpeg, we need to use steghide’s extract command with the -sf argument. We can optionally specify the -p argument to skip the passphrase prompt, and the -xf argument to specify an output filename (default: a.txt).


steghide extract -sf jpeg1.jpeg -p password123




1. What argument allows you to embed data(such as files) into other files?

Ans :- embed


2. What flag let's you set the file to embed?

Ans :- -ef

3. What flag allows you to set the "cover file"?(i.e  the jpg)

Ans :- -cf


4. How do you set the password to use for the cover file?

Ans :- -p


5. What argument allows you to extract data from files?

Ans :- extract


6. How do you select the file that you want to extract data from?

Ans :- -sf


7. Given the passphrase "password123", what is the hidden message in the included "jpeg1" file.

Ans :- pinguftw

zsteg

zsteg works much in the same way as steghide, except it is used for png and bmp files. You can find the answers to questions 1-4 by running zsteg -h.


zsteg can work with a single argument; the filename. You can iterate over all known extraction methods with the -a flag. You can also specify parameters to constrain zsteg. There are many ways you can run a file through zsteg, but just specifying the filename is a good place to start.



zsteg can be installed by using ruby with the command gem install zsteg


To find png1.png’s hidden message, and the payload used to encrypt it,  you do not need to use any arguments with zsteg.


zsteg png1.png



1. How do you specify that the least significant bit comes first

Ans :- --lsb

2. What about the most significant bit?

Ans :- --msb


3. How do you specify verbose mode?

Ans :- -v


4. How do you extract the data from a specific payload?

Ans :- -E


5. In the included file "png1" what is the hidden message?

Ans :- nootnoot$


6. What about the payload used to encrypt it.

Ans :- b1,bgr,lsb,xy

exiftool

exiftool is a great tool for working with metadata in image, audio, and video files. exiftool enables you to read, write, copy, and edit the metadata. It is interesting to note that exiftool can write to read-only files if the user has write permission in the directory.


For more information about exiftool, including a full list of options, please see the man page, github page or author’s website.



Exiftool can be installed with sudo apt install exiftool


Using exiftool to extract metadata from jpeg3.jpeg is as simple as running the command with the filename as an argument.


exiftool jpeg3.jpeg




1. In the included jpeg3 file, what is the document name

Ans :- Hello :)

stegoveritas

stegoveritas is a very diverse steganography tool that can extract all types of data from nearly every image, audio, or video file types. stegoveritas has default actions for most image types and will attempt to run on any file. It can extract metadata like exiftool, perform color corrections and adjustments, extract frames from animated gifs, and it also includes an option for steghide. For more actions (and to answer questions 1-3), run stegoveritas -h.



Stegoveritas can be installed by running these two commands:

• sudo apt-get install python3-pip
• pip3 install stegoveritas
• stegoveritas_install_deps

To find jpeg2.jpeg’s hidden message we run the file as an argument into stegoveritas with no options specified.



stegoveritas jpeg2.jpeg


You will see that stegoveritas found something with steghide and placed it a newly created directory, results. This file contains our hidden message.





1. How do you check the file for metadata?

Ans :- -meta

 
2. How do you check for steghide hidden information

Ans :- -steghide

3. What flag allows you to extract LSB data from the image?

Ans :- extractls

 
4 . In the included image jpeg2 what is the hidden message?

Ans :- kekekekek

Spectrograms

Spectrogram stegonography is the art of hiding hidden an image inside in an audio file's spectogram. Therefore when ever dealing with audio stego it is always worth analyzing the spectrogram of the audio. To do this task we will be using Sonic Visualizer.

Download :- Sonic Visualizer

Note: This introduction will be done using the included wav1 file.


When you open Sonic Visualizer you should see this screen:

From there click File->Open and then select the included wav1 file and you should see a screen similar to this:

 

From there click Layer->Add Spectrogram and you should see this:

And that's it!

1. What is the hidden text in the included wav2 file?

Ans :- google

Final Task

Good luck and have fun!

# Key 1

Deploy your target machine and let's dig in. I did a port scan with nmap against the target and found port 80, a webserver running.

 

Here's a preview of it

I grabed the image file shown about to my local machine with wget. I found out that the image document name looks interesting.

It specified a password. Maybe that would be the password needed for steghide to extract the hidden data that is existing in the image. Now to steghide.
 

1. What is key 1?

Ans :- superkeykey

# Key 2

I entered the key 1 in the input field and proceed to the next stage. Here's a quick look at it.

 

 
There is a exam2.wav audio file to download. I downloaded the .wav file and open it with sonic-visualiser and added the spectrogram layer.

Looks like a link to an imgur image. I downloaded the imgur image to my local machine to do further computations. Since this is a png image file I used zsteg to extract any hidden data.

2. What is key 2?

Ans :- fatality

# Key 3

Submitted the Key 2 and I was redirected to a new page where I should get the key 3

This is a qrcode. Here is a veiw of it

I got a screen shot of this and uploaded it to an online QR Decoder which worked.

Finally found the key 3 Hooray !!!.

3. What is key 3?

Ans :-  killshot
 

Disclaimer

Google's 'biggest' update, will increase battery life and performance

Google, LLC is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, a search engine, cloud computing, software, and hardware. It is considered one of the Big Five technology companies in the U.S. information technology industry, alongside Amazon, Facebook, Apple, and Microsoft.


Google Chrome is a popular Internet browser, which is used from mobile to laptop. The company has released version 87 of the Chrome browser and is said to be one of Google's 'biggest releases' in terms of performance and security. This update is going to change the battery life of your device from Internet browsing experience. In such a situation, users have been advised to update their Chrome browser as soon as possible. Google's 'biggest' update, will increase battery life and performance in devices

Battery life will increase

The biggest change from the new update will be the performance of Chrome. Google claims that Chrome will prioritize active tabs, that is, tabs that are not active will go into sleep mode. This will reduce CPU usage by 5 times. It will also be 25 percent faster than before. The company found in testing that using the new chrome would increase the battery life by 1.25 hours.

In the address bar of Google Chrome, users will now get the facility to change the settings directly. For example, if you write edit passwords or delete history in the address bar, then you will be able to go directly to their settings. Google Cards is now being added to Chrome's New Tab page. By clicking on these cards, users will be able to open related content and recently visited pages. This will save users time.


In the new update, users have been given protection to avoid NAT Slipstream attack. This is a new type of cyber attack that recently surfaced. Through this attack, fraudsters help bypass firewalls and make connections to the internal network.


I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-

 

During this Article, we will be covering the basics of the programming language JavaScript.

The main purpose of this language is to implement interactiveness into webpages and web applications, but thanks to the millions of individuals in the community, we've been able to control more than just the interactiveness of web pages.
Thanks to the community, we can now use JavaScript to control servers, create video games, code mobile applications, and can even be used for cybersecurity in some scenarios. Learn JavaScript, the high-level, multi-paradigm language of the web. Learn JavaScript Basics

Here are a few things we will be covering during this Article:

    Variables
    Conditionals
    Functions
    Objects
    Loops
    Scripting)
    
    
Here is what you'll need before beginning this Article:

 

IDE or Text Editor of your choice (I recommend VS Code or Atom)

One final note. This Article will not cover everything JavaScript can do, not even close. This Article will be targeted towards beginners who are looking to learn basic programming logic and an easy to use, versatile language for obtaining a better understanding of how the web works. Remember to take your time and read carefully. Enjoy the Article and have fun learning about JavaScript!

Variables & Operators

Before diving into JavaScript, here are a few things to remember as we traverse through the Article:

 

Using "//" within your IDE or text editor are considered comments, use this to take notes directly in your JS file. Always take notes!
    

We will be using Chrome dev tools for this Article, so for this, we'll need to link our JavaScript file to an HTML file. We will not be covering much HTML in this Article, but you can easily link your JavaScript file by using a Script element. You can see an example here:

<body>

  <script src="script.js"></script>

</body>

Remember to put the script tag right before the closing body tag. This way our HTML code will execute before our external JavaScript document. There are some instances where it's better to have the script in the head tag or a certain order when working with multiple documents, but for this Article, we will only be focusing on the basics. You can see an example of how this is used in an HTML document here.

Variables

There are 3 types of variables in JavaScript: var, let, and const.

The var (variable) keyword was originally the only variable available, but thanks to the upgrade to ECMAScript 6 back in 2015, which is the specification that JavaScript conforms too, we now have multiple ways of declaring a variable or data types.

Quick Overview:

• let: If a variable is going to be reassigned later within the application, this is the ideal variable type to use.

• var: It's better to use either let or const for variables, but this variable type will still work and is still used in applications to this day. This variable can be updated and re-declared.

• const: If the variable will never change or won't be reassigned anywhere else in the application, this keyword is the best option.

Good things to remember:

•     The var variable is globally scoped and can be updated and re-declared.
•     The let variable is block-scoped and can be updated but not re-declared.
•     The const variable is block-scoped and cannot be updated or re-declared.

• Global Scope: A variable declared outside a function. This means all scripts and functions on a web application or webpage can access this variable.

• Block Scope: A variable declared inside a block. This means we can use these variables inside of loops, if statements, or other declarations within curly brackets and have them be only used for that declaration instead of the entire application having access to it.

Examples:

var variableOne = 'Linus Torvalds';

let variableTwo = 50;

const variableThree = 'Creator of the Linux Kernel';


Variables are very easy to use and understand in JavaScript, they can store a lot of information with very little code.

There are also arrays, objects, and many many more data types that we will touch upon during this Article. Variables are wonderful, but they aren't very powerful on their own, this is where arithmetic operators, comparison operators, and boolean operators come into play. It may sound complicated, but these tables should make everything a little easier to understand!

These two tables cover the majority of what we will be going over moving forward, but there are still so many more things that we won't be able to cover. Once you finish learning about the basics of JavaScript, I recommend researching more about operators as there are still boolean operators (true or false) and logical operators (AND, OR, NOT).


Let's move on to our final lesson for variables: extra data types. It's time to see the available types of data that we can store within our variables. This will cover some of the basics you'll be using for this Article.

    Strings: 'Morpheus'
    Arrays: [1, 2, 3]
    Objects: {Name: 'John', Occupation: 'Master Hacker'}
    Booleans: true (or false)
    Numbers: 455
    Floating-Point Numbers: 10.5

There may be a lot here, but you'll notice as we progress through the Article, it'll all be worth it and valuable information for later.

#1 What type of data type is this: 'Neo'?

Ans :- string
 

#2 What data type is true/false?
 

Ans :- boolean

#3 What is John's occupation? 

Ans :- Master Hacker

#4 What tag is used for linking a JavaScript file to HTML?

Ans :- script

Conditionals

Welcome to Conditionals!

Example:

if (5 === 5) {

    console.log('Hello World!'); // Prints Hello World! to the console

};

In plain English, if a condition is met, then the code will run. Remember all those operators we learned about in the first task? We can use those to define these conditions and plan our approach.


There are also else if statements, which look like this:

 

if (5 === 10) {

    console.log('Hello World!'); // Skips this code

} else if (10 === 10) {

    console.log('Hello World!'); // Prints Hello World! to the console

};


This way we can have multiple conditions before our code executes. Normally, we'd end our code with an else statement like this:

if (5 === 10) {

    console.log('Hello World!'); // Skips this code

} else if (10 === 10) {

    console.log('Hello World!'); // Prints Hello World! to the console

} else {

    console.log('ERROR ERROR ERROR');

};

Basically, the else keyword concludes our if conditional. We'll learn a better way of writing conditionals later, but for now, this is a clear way of using a condition to return a result.

Switch Cases

If you need to test multiple conditions, then most of the time switch cases are best for optimization and readability within your code. If, else if, else statements and switch cases can both do similar tasks, but switch cases are better for performing multiple different conditions. Here's how a switch case looks:

const animal = 3;

switch (animal) {

    case 1:

        document.write('Cow');

        break;

    case 2:

        document.write('Chicken');

        break;

    case 2:

        document.write('Monkey');

        break:

    default:

        document.write('Animal?');

} // Outputs Monkey

Cool, huh? We use each case to define a number, have our variable hold the number we're pulling from, and the break keyword is used for ending that specific case or switch block. The default keyword is there just in case our variable is equal to something that isn't present in our switch...case code.

Functions

Functions are one of the most vital parts of programming. Due to how important functions are, there will be a lot of things we don't cover, but remember that functions are going to be vital to any applications you write.

*ECMAScript 6 is the most popular version of JavaScript. There are a lot of important differences between ES5 and ES6, we focus mainly on ES6 in this Article, but knowing past versions can help improve your knowledge of the language and logic of JavaScript.

This is a function in ES6 (ECMAScript 6):

const func = (a, b) => {

    let nums = a * b;

    console.log(nums); // Outputs 250

}

func(25, 10);

ES5:

function func(a, b) // Everything inside of the parenthesis defines our parameter(s)

{

    let nums = a * b;

    console.log(nums); // Outputs 250

}

func(25, 10);

A few things that make up a function are the parameter(s), variables, and our executed code. Functions can contain if conditionals, defined variables, multiple parameters, and return statements. Functions are usually the same across programming languages with minor syntax changes.

Objects & Arrays

Learning about Objects and Arrays are heavy subjects, but let's try to break them into easy to understand sections.

Let's start with Objects.

Objects

The most important thing about objects is to remember that they're just another variation of variables. Here is a quick example of an object:

var choosePill = {
    pillOne: 'Red',
    pillTwo: 'Blue'
}

I know we've already used millions of tables, but they're the best way to learn! So, here's a table displaying the code object we just wrote:

var choosePill = {
    pillOne: 'Red',
    pillTwo: 'Blue',
    numberOfPills: 2
}
var choice = choosePill.pillOne; // This will access the Objects property

Arrays

Arrays are fairly similar to objects, they have different stored values and syntax, but can be used for almost anything.

Here is the same code from before, but in an array:

 

var choosePill = ['Red', 'Blue', 2];

var choice = choosePill[0];

console.log(choice); // Outputs 'Red'

 

* Reminder: Most programming languages start from 0, not 1, so when we access the choosePill variable, we grab the value from the 1st position.

 

Arrays are extremely important when storing multiple values within a variable. This way we don't have to write 100 variables and instead can store them all in a single variable, this is an array. There are multiple ways to write an array, but the simplest and most basic version is the example above.

Quick Challenge

What is the output of this code (Question #3)?

var mrRobot = ['Elliot', 'Angela', 'Tyrell', 'Darlene'];

let character = mrRobot[2];

console.log(character); // What is the output?

#1 What type of brackets are used for arrays? 

Ans :- []

#2 What color pill did we choose? 

Ans :- red pill

#3 What is the output of this code?
 

Ans :- Tyrell

Loops

Loops can be complicated, there are for loops, while loops, and do...while loops. Due to the complex nature of looping, I will be explaining the basic logic behind them and then give multiple examples of how they look and work. They are important in every programming language and every aspect of programming in general.

Let's begin with for loops!

For Loop

We will be creating a few mini-projects that will loop through a set of numbers.

Here is how a for loop appears in a code editor:

Let's break this code down line by line:

for (a = 1; a <= 10; a++) {
    console.log(`Number: ${a}`); // Outputs 1-10 in our console
}

What does this code do? This code takes a, our variable, and loops through our specified range (1-10) and prints this to the console. By running this loop, we save our counter, or our range of numbers, to the variable a.

You'll notice that we have three statements (or components). Here is a quick list of what each one does:

•     The first component (a = 1): Executes before the loop starts.
•     The second component (a <= 10): Defines the condition for our loop.
•     The third component (a++): Executes each time after the loop starts.

* IMPORTANT: Each statement must be separated by a semi-colon. We can have more than one value within our first statement, but they must be separated by commas: for (a = 1, b = 2; component-2; component-3) {}

While Loop

The while loop is similar to the for loop, with a few minor differences:

let x = 0;

while (x <= 3) {

console.log(x++); // Prints 0-3

}

This code will loop through x as long as it is less than or equal to three. This loop will continuing running until the desired outcome is met. Loops can be dangerous if the syntax is incorrectly written, then you can easily start an infinite loop, which isn't good for anyone in most cases. To avoid this, make sure that the loop eventually becomes false.

Do...While Loop

The basics of the do...while loop is the code will execute the loop before checking if the condition is true.

Example:

let c = 10;

do {

console.log(c++); // Outputs 10-50

} while (c <= 50);

This code will ALWAYS execute at least once. It does this because loops normally require the conditions to be true, but a do...while loop doesn't require this as it executes before checking if the condition is truthy.

Loops are complicated but fairly simple once you understand the basics. There are still some things we haven't covered yet, but for the most part, loops have similar logic across programming languages. The thing about loops is that they have numerous variations that can do the same thing, but that's pretty much all of programming.

#1 Loops repeat until the written code is finished running (true/false)
 

Ans :- true

#2 What loop doesn't require the condition to be true for it execute at least once?

Ans :- do..while

Document Object Model (DOM)

DOM

 
Here is what we will be covering in the DOM section (keep in mind that these are just a few lines of code, DOM manipulation is a vast subject):

• document.getElementByID('Name_of_ID'); // Grabs the element with the ID name from the connected HTML file

• document.getElementByClassName('Name_of_Class'); // Grabs the element with the class name from the connected HTML file

• document.getElementByTagName('Name_of_Tag'); // Grabs a specific tag name from the connected HTML file

There are also methods we can use to access different things within our HTML files such as addEventListener, removeEventListener, and many more. Most of what the DOM does is change, replace, edit, or in some form, manipulate the HTML file or webpage that you're working on. For us to successfully manipulate the DOM, we use events. These events are added to HTML tags to work with our JavaScript file. Some of the more important events that are used a lot, you can find here:

•     onclick: Activates when a user clicks on the specific element
•     onmouseover: Activates when a user hovers over a specific element
•     onload: Activates when the element has loaded

and many more that are used. You can find a complete list here: 

https://www.w3schools.com/js/js_htmldom_events.asp

 

Code example:

Now when a user clicks on the Click Me button, an alert pops up that says POP!!!
 

The Document Object Model (DOM) has a ton of resources, and combining that with CSS will help your webpage POP. Eventually, if you take on web development or front-end programming, then you'll not only gain knowledge around the DOM, but you'll be able to manipulate a virtual DOM using React, cut your code in half using jQuery, and even combine your skills with PHP or Nodejs files for server manipulation. Good luck with your continued journey to learn JavaScript, and remember it can do so much more than just create webpages and add interactiveness.

#1 What is the DOM?

Ans :- Document Object Model

XSS

In this section, we'll be covering a few things that JavaScript can be used for in the information security industry.

Here is what we'll be covering:

XSS (Cross-Site Scripting) & Web Application Penetration

XSS

Cross-Site Scripting is a security vulnerability that's typically found in web applications which can be used to execute a malicious script on the target's machine. We will only be covering some of the basics.

There are multiple types of attack when talking about XSS, here are some of my favorites:

•     Keylogging
•     Stealing Cookies
•     Phishing
•     and many more

A keylogger is used by setting up an event listener on the target's keyboard, which will track their keystrokes and save them on the attacker's server.

When an attacker steals a target's cookies, they can use that information to log in as the user without needing advanced authentication or even just find information stored in the cookies that could lead to devastating effects on the target's online saved accounts. This is why so many websites use SSL or some other form of protection against these attacks.

Phishing is an interesting type of exploitation, an attacker can clone the website you're logging into and steal your credentials without you ever knowing. Another form of phishing is an attacker can insert code directly onto the webpage to change forms or input fields to steal the target's information.

The three most common types that I've seen of XSS are DOM-Based XSS (type-0 XSS), Reflected XSS (Non-Persistent XSS), and Stored XSS (Persistent XSS):

• DOM-Based XSS: This is when an attack payload is executed by manipulating the DOM (Document Object Model) in the target's browser. This type uses the client-side code instead of server-side code.

• Reflected XSS: This is when a malicious script bounces off another website onto the target's web application or website. Normally, these are passed in the URL as a query, and it's easy as making the target click a link. This type originates from the target's request.

• Stored XSS: This is when a malicious script is directly injected into the webpage or web application. This type originates from the website's database.

As a final note, learning JavaScript will help you manipulate the DOM to gain the target's information, creating a keylogger script will log the keystrokes so that you can access the user's information with those keys pressed, and you can use web development knowledge to completely mirror a web application and trick the user into inputting their information. JavaScript is just a language, but when combined with certain techniques and tools, you can do some unbelievably devastating things to a target machine.


JavaScript is really important in the world of Cybersecurity, especially when it comes to web application exploitation, cross-site scripting, JavaScript injection, and many more methods.

 

Extra Resources:

Here are a few interesting, more in-depth, resources used for JavaScript in Cybersecurity:

•     STÖK's "Hacker101 - JavaScript for Hackers": https://www.youtube.com/watch?v=FTeE3OrTNoA

•     TryHackMe's "Cross-site Scripting" Room: https://tryhackme.com/room/xss

•     Cross-Site Scripting (XSS) OWASP Website: https://owasp.org/www-community/attacks/xss/

#1 What is it called when XSS is used to record keystrokes?

Ans :- keylogging

Final Notes

JavaScript is a versatile and impressive language. I did my best to put all of the important aspects in this Article, but there are still hours of content I didn't cover. JavaScript has unlimited resources across the web, and if you're serious about web development, programming, or anything in between, I recommend looking into the logic behind the code. Learning how a programming language works will help you 100x more than just memorizing the syntax. You may not always have to explain the logic behind an algorithm, but being able to write the code and explain it can set you apart from the average enthusiast or web developer.

 

Since we only touched on the very basics, here are some free resources to continue learning JavaScript:

•     https://developer.mozilla.org/en-US/docs/Web/JavaScript
•     https://www.w3schools.com/js/default.asp

What wasn't covered in this blog:

•     Libraries or Frameworks
•     ES6 Destructuring
•     Advanced Methods
•     And so much more!

Challenge Time!

Get ready for a JavaScript code challenge!

For our challenge, we will be sorting an array of numbers using a JavaScript method.

*The challenge is available on my Github here, but I would recommend trying to figure out the solution first and researching the best method before viewing.

#1 Sort the array [1,10,5,15,2,7,28,900,45,18,27]

Hint :- Make a program in JS array sort in ascending order.

Ans :-

Disclaimer