Post

Sws101_unit2_journal

Posted
By Dupchu Wangmo 3 min read

Tier 0

This is the essential step toward the world of cyber security pen-testing. In this machine, I learned how to connect to services such as FTP, SMS, Telnet, Rsync and RDP anonymously. And this entire machine, I know how much Nmap is useful as it allows us to assess vulnerabilities of the target system

Meow Machine

Important points from this machine are;

  • A Virtual Machine (VM) is a compute resource that uses software instead of a physical computer to run programs and deploy apps.
  • Tuning is a combination of reducing false positives, working with alerts, and correlating events and trends to ensure greater accuracy.
  • Nmap (Network Mapper) is a free and open-source tool for network discovery and security auditing.
  • Telnet (TerminaL Network) is a type of protocol that enables one computer to connect to local computer.

Fawn machine

This machine is mainly for penetration testing and ethical hacking skills. It presents challenges across different aspects of cybersecurity such as enumeration, exploitation and post exploitation.

On the completion of this machine, I have enough understanding and proficiency in cyber security including vulnerability assessment, exploitation.

Dancing Machine

Important Notes

  • The Server Message Block protocol (SMB protocol) is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.
  • WorkShare is designed to help both employers and workers during a temporary slowdown in business.
  • Once we have accessed the desired share within the SMB shell, we can use the get command to download files.

Redeemer Machine

After this machine, i learned about;

  • Redis (Remote Dictionary Server) is an open-source advanced NoSQL key-value data store used as a database, cache, and message broker.

Syntex:

1

 sudo apt install redis-tools
  • To install redis-tools

Tier 1

In this second tier, we drive deeper into cyber security pen-testing, laying the foundation on web exploitation techniques for beginners. We also learn the basics of SQL injection, server side templates injection, remote file inclusion. And in this machine, I also learned how to upload files to an S3 Bucket.

Appointment Machine.

From this machine important notes i have learned;

  • Structured query language (SQL) is a programming language for storing and processing information in a relational database.
  • Single character can be used to comment out the rest of a line in MySQL is #
  • Gobuster is a tool used to brute-force: URIs (directories and files) in web sites, DNS subdomains (with wildcard support), Virtual Host names on target web servers, Open Amazon S3 buckets, Open Google Cloud buckets and TFTP servers. Gobuster is useful for pentesters, ethical hackers and forensics experts.
  • we can use fuff instead gobuster.

Sequel Machine

Notes that to be noted from this machine

  • MariaDB is more scalable and offers a higher query speed when compared to MySQL.

Crocodile machine

  • It is possible to enumerate hidden files for that specific type using the switch “-x” followed by the file extension on Gobuster.
  • After connecting to the FTP server anonymously, command can we use to download the files we find on the FTP server id get command

Responder Machine

  • Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.
  • NTLM authentication employs a challenge-response approach and is commonly used for local logon, network login for WORKGROUPs and HTTP servers, Single Sign-On (SSO), and Single Sign-Off.

Three Machine

  • The credentials and config file are updated when you run the command aws configure
  • A server-side scripting language is a programming language designed for developing dynamic web pages and web applications
SWS101, Journal3
SWS101
This post is licensed under CC BY 4.0 by the author.