I’m Joseph T Mathew 1st year student

Roll no. AM.SC.U4CSE23324

I’ve completed all the tasks under cybersecurity in c-cube.

#1. CYBERSTART.(capture the flag)

*Level1.
Finding the hidden email address?
By inspecting the code of the website we can find the email address of the person.
Or
By selecting all the contents in the webpage a hidden email address under send an
email could be seen.

*level2.
Mixed up messages?
By carefully going through the text provided for 2mins it could be found that the
text is given in reverse order,By using a reverse text tool from google or manually
writing it down the text could be decoded.

*level3.
Social engineering?
So we are provided with the hackers username along with his dogs name and a year
1993 , so usually people save their password like nameyear (so that they don’t
forget their password )

*level4
Lazy locked login.
Inspecting the code we find that the enter key is disabled,By enabling it we get
the flag to the next level.

*level5.
The rocketed?
By inspecting the code and pondering through the question we understand that using
launchrocket() as a function in our console we can obtain the password for the next
level.

*level6.
By reading the question it could be understood that we have to enter the
coordinates manually so the question arise where to enter the coordinates.By going
through the website and selecting each planets it could be found out that there is
no change in the URL. So by changing the coordinates in the URL with the ones which
we get by selecting each planet, The flag for the next level is obtained.

*level7.
By analysing the signal we get a binary code, so by converting the binary code to
text we obtain “What is 12 - 8 +1” = 5 by inputing 5 in binary format the flag for
the next level is obtained.

*level8.
Go to Console-
*rover
And using move() to move , turn(‘direction’) to turn , drill() to break the rock we
can reach to our flag.

*level9.
By decoding the hexadecimal code(code starts with 0x) and converting hexadecimal to
text.Since there are two different values which are given any operation is required
to be performed and also because the name of the person is Roxy it is a hint that
its is xor operator,
using this the flag is obtained.

*level10.
Inspect the code-copy the action , and change locked back to spinning and perform
the operation flag is obtained.

*level11
off balance.
(While going through the website it is found that only balances isn’t working )
So inspect the code.
Go to network as indicated in the briefing and click command + R
An error is found in get balances.
Open the terminal
Use curl -d”token=API address” URL
Change URL to get accounts.

*level12.
Final countdown.
Use curl and add all the URLs.
We get the flag add it to the end of the validation URL.

BANDIT

LEVEL0
Username = bandit0
Password = bandit0
Login in terminal to bandit wargame using
Ssh [email protected] -p 2220(Since port is given as 2220)
And enter the password.
Ssh is used to interact with the computer.
Ls(list of all files and directories)
cat(contents in that file or directory) is used to get the password for the next
level.

LEVEL1.
As the previous step.
Add one level with each level ie ssh [email protected] -p 2220
Enter password.
-Ls
-Cat ./-(./ -> is used to indicate the directory)
Password is obtained.

LEVEL2.
Repeat the same step.
Since the list which is obtained is a string ie a text(“”) are used for cat
command.
Password is obtained.

LEVEL3.
Repeat the same steps.
Since the password is stored in a hidden file.
We use ls -a(Which its the list of all the files)
And using cat .hidden
We get the password for the next level.

LEVEL4.
Repeat the same steps.
Since it is said that the password is stored in a human readable file in the inhere
directory so ls -a command is used.
Sine it is a tedious task to go through each of the files to check which is human
readable the following command is used:

File ./-*
So we obtain the result that file07 has ASCII text which is human readable file
Using the command cat -file07
Password is obtained.

LEVEL5.
Here we use the command cd
-cd takes the home-page to the directory that you want to move to.
So cd inhere
Ls -la(gives a long listing of all the files)
Find(find command is used to find a file/directory with the properties provided).
Find -size 1033c
And using cat password is obtained.

LEVEL6.
Repeat the same steps.
Find / -user bandit7 -group bandit6 -size 33c
And using the cat command password is obtained.

LEVEL7.
Repeat the same steps.
Grep(is used to search for lines matching a specified pattern and print the
matching lines as output)
Cat data.txt | grep “millionth” (“|” is used to add another condition to the
previous condition)

LEVEL8.
Sine the password is unique we use the code
Find |sort | uniq -u

Level9
Since the condition is that it is a string with multiple “=“
Strings data.txt | grep “==“

LEVEL10.
Since it is given the password is in data.txt & is of base64.
Base64 -d data.txt(password is obtained)(-d is used to get the information of the
directory)

LEVEL11.
Cat data.txt | tr 'A-Za-z' ’N-ZA-Mn-za-m’(translate)

Level12.
Repeat the same process.

Level13.

Here commands ls and cat are being used.

Cat sshkey gives the value of the key.
Level14.
Ssh bandit14@localhost -I sshkey(interactive)
Cat /etc/bandit_pass/bandit14
Password is obtained.
Nc localhost 30000(to change the port)
Enter the password.
Password for the next level is obtained.

Level15.
Repeat the same process.

*NETWORKING

Networking is the process of connecting computers to facilitate communication and

data extant between them.
Nodes = equipment for data communication or equipment for data terminal.
Links = wires or cables or free space of wireless networks.
Topology - physical and logical arrangement of nodes in a network.
Service provider network = these type of network give the permission to take the
network capacity and functionality on lease.
IP Address = it is a unique numerical identifier that is assigned to every device
in the network.
DNS - (Domain Name System) is a protocol that is used to translate human-readable
domain names to IP address.
Firewall = is a security device that is used to monitor the incoming and outgoing
network traffic.

LAN = (local area network) small areas such as office house etc.
WAN = (wide area network) large geographic areas such as city state country or even
the entire world.

Open system = is a system connected to network and is ready for communication.

Closed system = is a system not connected to the network and cannot be
communicated.

Types of computer network architecture:

Client-server architecture:node can act as either the client or the receiver.
Peer to peer architecture: each device is free working as a client or a server.

Network devices= helps in communication bw two different devices

Eg. routers, buses, hub, bridge.

OSI(open system interconnection):

Refrence model that specifies the functionalities of each layer.
It’s a 7 layer architecture.

*Physical layer:
bottomost layer which is the physical and electrical representation of the
system.It consist of various network components such as power plugs, connectors,
Receivers,cable types etc.
The physical layer sends data bits from one device to another
device.it is responsible for the communication of the unstructured raw data data
streams over physical medium.
*data rate
*synchronization of bits.
*transmission medium decisions.
*topology

Physical topology

Mesh topology
= Each and every device should have dedicated point to point connection with each
and every other device in the network.There is more security of data because there
is dedicated point to point connection between devices.
Star topology
=the device should have dedicated point to point connection between with central
controller.
It is easy to install and reconnect as compared to mesh topology.

Bus Topology
=Multiple devices are connected through a single cable that is known as backbone
cable with the help of tap and drop lines.

Ring Topology
=Each device is connected with repeaters in circle-like ring that’s why it is known
as ring topology.

Point to point configuration = There is a link that is fully dedicated to carry

data bw two devices.

Multi-Point configuration = there is a link through which multiple devices are

connected.

#Modes of transmission medium

*Simplex = out of the two devices only one of the device can transmit the data and
the other device can receive the data.
*Half Duplex mode = both the devicescan send and receive the data but only one at a
time.
*Full Duplex mode = both the devices can send and receive the data simultaneously.

DATA LINK LAYER:

Second layer from bottom of OSI.
It is responsible for node to node delivery of data.
It is responsible for error free transmission of information.
It is responsible for encoding,Decoding and organising the outgoing and incoming
data.
It is considered as the most complex layer in the OSI module.
It is further divided into two sublayers.

MEDIA ACCESS CONTROL(MAC)

*Manages device interaction, responsible for addressing frames and also

Functions of data link layer

The packets received from network layer is known as frame in the Data Link Layer.
It receives packets from data link from data link layer and converts it to small
frames then sends each frame bit-by-bit to the physical layer.It also adds some
special bits at the header and end of the frame.
*Addressing{data link layer encapsulates the source and the destination Mac
address)(physical address I the header of each frame to ensure node to node
delivery.
*Error Control(corrects the error in the transmitted data)
*Flow Control(If the receiver receiving speed is less than the lower than the
sender sending speed this may lead to overflow in receivers buffer and some frames
get lost.It is DLLs responsibility to synchronise the speeds.)

NETWORK LAYER:
It’s main function is to transfer network packet from the source to the
destination.
It is involved in both source host and destination host.It accepts a packet from
the transport layer encapsulate it in datagram and delivers it to the data link
layer.
*The main responsibility of the data link layer is to carry the data packets from
the source to destination without changing or using them.
*They are fragmented if required.
*It decides the route.
*The source and destination is added to the data packets inside network layer.

*error correction, flow controls, congestion control.

congestion(occurs when the number of datagrams sent by the source is beyond the
capacity of the network)

Transport layer.

It is the second layer in the TCP/IP model and the fourth layer in the OSI model.
It is a end to end layer used to deliver message to the host(Point to Point)
The unit of data encapsulated in the Transport layer is segment.
It takes service from application layer and provides service to the network layer.
At the senders side the transport layer performs segmentation divides actual
messages to segments adds source and destination port into the header of the
segments and transfers message to the transport layer.

At receivers side it reassembles the segmented data reads the head er identifies
the port number and forward the message to the appropriate application layer

TCP/IP = Transmission Control Protocol/Internet Protocol.

It is a concise version of OSI model.
It contains 4 layers.
The physical layer and the data link layer is referred as a single layer = physical
layer or network interface layer.
The main work of TCP/IP is to transfer the data of a computer from one device to
another.
The main condition of this process is to make data reliable and accurate so that
the receiver will relieve the same information which is send by the sender.
The TCP/IP model divides its data into packets and combines them at the other end,
which help in maintaining the accuracy of the data while transferring from one end
to the other.

Difference between TCP and IP?

IP - Finds the destination of the mail
TCP - work to send and receive mail.
UDP - It is another protocol which do not need IP to communicate with another
computer.

The TCP/IP Model divides the data into packets at the senders end and recombine at
the receivers end.

Layers of TCP/IP

*Application Layer
*Transport Layer
*Network Layer
*Data Link Layer
*Physical Layer

Session Layer
5th layer in the OSI model
It allows users on different machine to establish active communications between
then.
It is responsible for establishing, maintaining, synchronizing, terminating session
bw end user applications.In session layer streams of data are recieved and further
marked which is resynchronised properly so that the ends of the messages are not
cut initially and further data loss is avoided.

PRESENTATION LAYER

This layer is known as the Translation layer in OSI model. This layer serves as a
data translator for the network.The data which the layer receives from application
layer is extracted and manupilated here as per as the required format to transmit
over to the network.Syntax layer.It is responsible for maintaining the proper
syntax of data which it either receives or transmits to other layers.

APPLICATION LAYER

Topmost layer in the OSI.

This layer provides several ways for manipulating the data which actually enables
any type of users to access it with ease which actually enables any types of user
to access it with ease.
This layer also makes a request to its bottom layer which is responsible for
receiving various kinds of information from it.

Protocol

A protocol is a set of rules or algorithms which define the way two entities can
communicate across the network and there exists a different protocol defined at
each layer of the OSI model.
-Hostname is used to display the name of the device.
IP Address: it is known as the logical address. It is the network address of the
system across network.

There are two types IPv4(32 bits) and IPv6(128 bits)

Type -ipconfig to get the configuration.

MAC address(Media Access Control address) is a unique identifier of each host and
is associated with NIC(Network interface card).A MAC address is assigned to the NIC
at the time of manufacturing.

Port: Can be defined as a logical channel through which data can be sent/recieved
to an application.Any host may have multiple applications running and each of these
applications are identified using a unique port number.

Netstat -a = líst of all the ports being used.

Socket the unique combination of IP address and ports.

DNS = Domain Name System is a base server that translates web address or URLs into
corresponding ip address.

ARP(Address resolution protocol is used to convert IP address to corresponding

physical address.

UNICAST: A communication where a message is sent from one sender to one receiver

BROADCAST:A communication where a message is sent from one sender to all receivers.

MULTICAST:A communication where a message is sent from one sender to a group of

receivers

Network devices(Network Hardware) are physical devices that allow hardware on the
computer network to communicate and interact with one another.

Router : A repeater operates the physical layer .Its job is to regenerate the
signal over the same network before the signal beaches too weak or corrupted to
extend the length of which the signal could be transmitted across the network.A
important thing to be noted is that they not only amplify the signal but also
regenerate it.WHen the signal becomes weak they copy it bit by bit and regenerate
it as in star topology.

Hub: A hub is basically multi-port repeater.A hub connects multiple wires coming
from different branches.Hubs cannot filter data so data packets are send to all
connected devices.They do not have the intelligence to find out the best path of
data packets which leads to inefficiencies and wastage

Bridge: A bridge operates at the data link layer. A bridge is a repeater with add
on the functionality of filtering content by reading the Mac address of the source
and the and destination. It is also used in interconnecting two LAN working on the
same protocol. 2 port device.

Switches: it is a multiport bridge with a buffer and a design that can boost its
efficiency and performance.data link layer device. The switch can do error checking
before forwarding data.It does not forward packets that have errors and forward
good packets selectively and effectively.

Router: A router is a device like a switch that routes data packets based on the IP
address. The router is mainly a Network layer device. Router normally connect LANs
and WANs and have a dynamically updating routing table based on which they make
decisions on routing data packets.

Gateway : It is a passage to connect two networks that may work different upon
different working models.They work as messenger agents that take data from one
system,intepret it and transfer it to another system.

Brouter – It is also known as the bridging router is a device that combines

features of both bridge and router. It can work either at the data link layer or a
network layer. Working as a router, it is capable of routing packets across
networks and working as the bridge, it is capable of filtering local area network
traffic.

Metasploitable

I’ve downloaded it in my virtual machine UTM.

These are the following things that I have attained on learning it:

*Ifconfig is used to get the IP address.

*nmap is user for network exploration & host discovery.

rlogin -l root (IP address) is to remote access from any host.
Rpcinfo -p (IP address) it queries the remote procedure call services running on
the the target machine with the specified target address.
Showmount -e (IP address) it queries the nfs server for the list of shared
directories and filesystems.The output is the list of exported directories along
with their paths.
Ssh-keygen is used to generate a ssh key in the local machine.
Mkdir /tmp/rOOt = this creates a directory rOOt in the /tmp directory of the local
machine.
mount -t nfs IP address:/ /tmp/rOOt/: this command mounts the root filesystem of
the target machine onto /tmp/rOOt directory of the local machine.
Cat comment appends the content of the local machines public ssh key to authorised
key file in the /root/.ssh directory of the target
*unmount = is used to unmount the local the nfs share from the local machine.

Telnet is a network protocol used to establish a interactive communication between

client and the the server over a computer network.It allows users to remotely
access and manage devices, servers,and systems.
Backdoor is a hidden or undocumented method of bypassing normal authentication or
security controls in a computer system, appliance or network.

Msfconsole : this command launches metasploitable framework console, a powerful

tool used for exploiting vulnerabilities in system and networks

use exploit/unix/irc/unreal_ircd_3281_backdoor
This command selects the specific exploit module for exploiting the UnrealIRCd
backdoor vulnerability

set RHOST 192.168.99.131:

This command sets the remote host (RHOST) to the IP address of the target machine
(192.168.99.131) where the UnrealIRCd server is running.

exploit:
This command executes the exploit against the target machine.
more passwd:
This command retrieves the contents of the /etc/passwd file from the target
machine's root filesystem.
smbclient: This is the command-line tool used for interacting with SMB servers.
-L(To list available shares on server without actually connecting to anyone of
them.)

*It is a client/server communication protocol that provides shared access to files

whole directories and network resources such as printers across the network.
If the connection is successful, the server responds with information about its
shares, including their names, types, and any associated comments or descriptions.

NMAP.

nmap hostname/IP address/Networks.

-il (Allows you to specify a file containing a list of hosts or networks to be
scanned)
-iR this option instructs nmap to choose random targets for scanning.
—exclude this option allows you to exclude specific host and network from scan.
—exclude file enables you to specify a list of host or networks to be excluded from
scan
-sl is used to list the targets without actually performing any scanning options.
-sn(Ping scan) = Ping Scan is used to perform host discovery by sending ICMP echo
requests (pings) to the target hosts and analyzing their responses.
-Pn considers all hosts as online, skipping the host discovery phase altogether
It directly starts port scanning.
-PS/PA/PU/PY[portlist]:
These options specify different types of TCP SYN/ACK, UDP, or SCTP discovery to
given ports.
-PO[protocol list]:
This option performs IP Protocol Ping, where it sends protocol-specific packets to
determine if a host is alive
--traceroute:
This option performs a traceroute to each host in the scan target to trace the hop
path taken to reach the host.
-PE/PP/PM:
These options specify ICMP echo, timestamp, and netmask request discovery probes.
They send ICMP echo, timestamp, or netmask request packets to determine which hosts
are alive.
-P only scan specified ports.
-F fast mode - scan fewer ports than default scan.
-r scan ports sequentially don’t randomise.
—top-ports scan most common ports

GITHUB.

I logged in to GIT-HUB account and also studied the basic functionalities including
push and pull commands.

HACKERRANK.

Completed HACKERRANK tasks.