Orlando Cyber Studies

  This lab 1 is to change the request to then be able to access another file on the web application. I began by loading the page to see what the page contains and if I could see any obvious vulnerabilities. I then turned on my burpsuite to see the requests. Here I can see the image request. As I previously learned on this section, this request can be changed to traverse the file system and get information on another file. I know the server gets the image from /var/www/image so I would have to backtrack to the root directory and then try to access the passwd file that is in /etc here is the content of the passwd file.

 This is my Pentesting active directory lab. I already have a simple AD lab which I used to learn how active directory works but this one I will use to attack it and to try and exploit some vulnerabilities and misconfigurations. I Started by installing Windows Server  2022 as well as a Windows 10 Vm. This Windows Server 2022 will act as my Domain Controller which is the server that runs the active directory services.   The first thing I did was change the name of my Windows server machine to something that I would remember. In this case, it's named ROOT-DC. I then went to manage and added  “roles and features” I made sure to add Active Directory Domain Services which is also known as Active Directory Data store. After installing everything I went and promoted my server to be a domain controller. I had to add a new forest because I don’t have an existing domain nor to do I have an existing forest. I named it Root_Lab.local Here is the NTDS this file is very important. NTDS.d

 In this lab, I will send a file through HTTP. While downloading the file from my other machine, I will capture all the packets on Wireshark and then I will try to download it from Wireshark itself. Since it is HTTP and not HTTPS there should be no issues with downloading the file. This is because it would not be encrypted. I made the files and stored them in the correct place to then host my HTTP server and be able to access them on my other machine. Here I am hosting a python HTTP server which I will access on my other machine to download the file. This is on the Windows machine, I am on the IP of the server hosted in my Kali, this way I can download the file. While downloading the file I am capturing all packets on my Wireshark This is me on my Wireshark, here I just went into the file, export objects, HTTP and found the file. I then downloaded the file that was captured by Wireshark. I managed to download the file that was being hosted. In this lab, I practiced finding files on Wir

 I was given a PCAP file with something inside, at this point I didn't know what it could be. I looked around the file for common protocols that could be used to send information such as http and ftp, I then tried to extract the file but it failed. I tried to check if Wireshark would extract it by going into file, extracting the object and choosing http or ftp, but that also failed. after looking for a while and filtering for ftp-data I found something that said test.jpg so I took a closer look at it. I followed the tcp stream and got the full data. I then converted it to raw and saved it on my desktop and finally got the image. This lab taught me that I could extract data from Wireshark that is not encrypted. I found this lab very fun and I got to play with Wireshark.  

 On this lab I will play around with making a disk image and then opening it on my FTKimager.  I started by having 2 files which I then got the hash for both to show that they are the same files once I open them on FTKimager on my other machine. After partitioning my drive, I have 2 files here. I checked the md5 hash and the sha1 hash because that is what was supported by FTKimager. I used dd to make the image. dd if=/dev/sda1 conv=sync,noerror bs=64K | gzip -c > lab4image.gz Here I opened both files on my other machine and checked their hashes. As can be seen they are both the same.

In this lab, I will play around with alternative data streams. I was provided a disk image with a lot of files. I will use FTK Imager to try and find any data that might have been hidden in the alternative data stream. I found some alternative file streams and looked at all of them Here are some others I found. There seems to be a password in this one, which I could use to unlock a a file later on. now I found a weird jpg which was called SeceretEvidence, I tried to export it to another location and then attempted to use Exiftool on it. This did not work. I tried putting in on cyberchef to see if one of the options could work. I tried to see which type of file it was. If maybe I could forcefully unzip it, or maybe if I could extract any files that it might have hidden inside. None of this worked so I went back to the original location of the file to play with it. When I went back to look at the file it asked me for a password which was the same one I had previously found so I just used