Hey ClubIT-ers!
This week we had an NCL demo, I attended from Zoom and showed you all the
dark reality of password cracking – which is that it takes a lot of time
when you’re just learning!
As announced on our Discord, today we have a special opportunity: The
Computer Science club and Women in Computer Science club have invited us to
join them for a Cybersecurity talk from Mohsen Beheshti (CSUDH). It starts
at 4:30pm today on zoom. You can find out more about this speaker on
LinkedIn:
https://www.linkedin.com/in/mohsen-beheshti-b0149247/
Find the zoom link at: https://computerscienceatmiracosta.carrd.co/
Next week we have two speakers – Professor McLean will show us how to
perpetrate an attack; just in time for the team games in NCL. And Doug’s
friend Josh, a Security Engineer, will also be presenting about his
professional experience.
SoCal Cyber Cup pre-quals start Thursday April 21, and NCL Team Games start
on Friday the 22nd. These will run concurrently on the 22nd and 23rd; if
you’re signed up for both, expect a busy weekend. If you want a SoCal Cup
key, please let me know asap, as we only have a few left. This Wednesday we
will also choose a window for our SoCal Cup pre-quals.
Next Wednesday ClubIT meets:
Date: April 20, 2022
Time: 3:30pm - 5pm-ish
Where: Room 4803B, Oceanside Campus
Zoom Link (Good for the semester): *ClubIT Wednesdays 3:30-5:00*
<https://miracosta-edu.zoom.us/j/93897111452>
Discord (Link good for 7 days): *https://discord.gg/pngU3bjr*
<https://discord.gg/pngU3bjr>
Since NCL team games and the SoCal Cup are close, I'm attaching a couple of
my personal guides for the gymnasium. I hope they help, and good luck!
You're amazing,
Daphne Demarchi
ClubIT President, 2022
“If you’re always trying to be normal, you will never know how amazing you
can be.” – Maya Angelou
Gymnasium password cracking - use kali
*if you see a .txt file in the syntax, it is because they're assuming you have
the file. Some challenges require a download or a creation of a file such as a
wordlist. The paths I've listed presume files are saved to your
/home/kali/Desktop/
Legend:
-a = attack-mode
attack-modes used:
0 = Straight
3 = Brute-force
6 = Hybrid Wordlist + Mask
syntax: -a 0, -a 3, -a 6
-m = MD5
Hash types used:
0 = MD5
syntax: -m 0
1) easy Crack MD5 using dictionary attack (Rockyou wordlist -
http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2)
in kali, gunzip /usr/share/wordlists/rockyou.txt.gz
create a text file (in kali mousepad) with all of the hashes, save as hash.txt
on desktop
hashcat -m 0 -a 0 /home/kali/Desktop/hash.txt /usr/share/wordlists/rockyou.txt
hashcat -m 0 -a 0 /home/kali/Desktop/hash.txt /usr/share/wordlists/rockyou.txt
^MD5 ^attack
32e5f63b189b78dccf0b97ac41f0d228:joybird1
ec5f0b1826389df8622133014e88afde:ryjd1982
2233287f476ba63323e60addca1f6b64:kirkles
68a96446a5afb4ab69a2d15091771e39:emilybffl
6539bbb84fe2de2628fc5e4f2a31f23a:ddmack
*make sure to match the hash on ncl page - they get reordered in hashcat
2) medium Crack MD5 passwords with a mask
mask: "SKY-HQNT-" followed by 4 digits
hashcat -m 0 -a 3 /home/kali/Desktop/hash2.txt 'SKY-HQNT-?d?d?d?d'
^brute force
06f03267f31077d2c4b5c728472070ae:SKY-HQNT-6598
d866f4b3b34b598375149fb7661113ab:SKY-HQNT-5981
71b816fe0b7b763d889ecc227eab400a:SKY-HQNT-8765
674291170dffcf620bda2a604a6820ea:SKY-HQNT-7659
d9053951a8d1c15254b46ec9fc974a6b:SKY-HQNT-9816
*make sure to match the hash on ncl page - they get reordered in hashcat
3) medium Crack MD5 passwords with your own wordlist
Hint: Pokemon names (wordlist of pokemon saved as pokemon.txt - dl from github
hashcat -m 0 -a 3 hash3.txt pokemon.txt
OR
Just use dcode.fr/en MD5 instead
a532443f3e04a9e00295a8cd2a75e080:golduck
54c10b9736b70e75c6e505f340b6e2f1:basculin
b8a24794813a47521b4be55747e0665a:rotom
83b020b0a7b3c353e1c11b1647b53cda:celebi
999cae1e22fe69d89d6f56e3050f18cb:goldeen
Next:
Ophcrack is a Windows password cracker based on a time-memory trade-off using
rainbow tables.
This is a new variant of Hellman's original trade-off, with better
performance.
It recovers 99.9% of alphanumeric passwords in seconds.
Ophcrack works for Windows NT/2000/XP/Vista.
Ophcrack can be used with command line or run as a pure graphical
software.
4) medium Use ophcrack with the XP special wordlist
(http://ophcrack.sourceforge.net/tables.php) to Crack Windows NTLM passwords
These need to be downloaded to your kali to be accessible
save LMNT hashes in a text file to LOAD as PWDUMP in Ophcrack
21259DD63B980471AAD3B435B51404EE:1E43E37B818AB5EDB066EB58CCDC1823 = starf0x
11CB3F697332AE4C4A3B108F3FA6CB6D:13B29964CC2480B4EF454C59562E675C = P@ssword
65711C079DC4CD3CC2265B23734E0DAC:47F747C5190DC0F0B921AA4A07F06285 = footba11
FBBDA33FC12E83FB0C240E84A183686E:DDE9DC6E34E2E6E11EF9E51C6B27ED96 = 1trustno1
21C4E7C2EFE8E8D1C00B70065ED76AA7:A7A0F9AFD4A78F531A1CF4C42E531BBF = ectoplasm32
E85B4B634711A266AAD3B435B51404EE:FD134459FE4D3A6DB4034C4E52403F16 = '=Cxu&L
BA756FB317B622DBAAD3B435B51404EE:C8405270B10B13AE8A24612BB853567A = yhM^GK7
199C926FA387EAB7AAD3B435B51404EE:F196F77BF8BB15781BA8364C649C5FD4 = 58?-<C6
FE4AACAAAD7D986AAAD3B435B51404EE:3928E16F614E2316CA51C336FA5B3011 = $xEn@=y
3613F7EC15407F56AAD3B435B51404EE:C82E164316183AA3AF3EA6BAA642A237 = ^B7e3D;
Back to hashcat
5) hard Crack MD5 passwords with your own wordlist and mask. Wordlist is based
off "Law and Order: SVU"
(https://en.wikipedia.org/wiki/List_of_Law_%26_Order:_Special_Victims_Unit_episodes)
episodes and end in two digits. hashcat hash.txt -m 0 -a 6
hash.txt svu
hashcat /home/kali/Desktop/hash.txt -m 0 -a 6 /home/kali/Desktop/hash.text
/home/kali/Desktop/SVU.txt '?d?d'
^Hybrid Wordlist + Mask
6475c851b56004eb96ab1404252c3a34:hooked37
abe6591e06aafc3cf1b0783b120f685e:manhunt74
1e1612db8bdeebc7e8d56f8f30b39456:philadelphia53
3dd9dd0e352df4433aadf2273e269287:resilience05
08038f679de74982bfb9bac43d46271a:unorthodox12This guide presumes you've saved all files to the desktop /home/kali/Desktop/
If you've saved elsewhere, please adjust your paths.
Crypto 1 Easy Password Dumps
1. hex numbers start w 0x
use dcode.fr/ascii-code
0x73636f7270696f6e
= scorpion
2. in base64 encoding, the character set is [A-Z, a-z, 0-9, and + /], and
padded with = if the rest length is < 4
use dcode.fr/base-64-encoding
c2NyaWJibGU=
= scribble
3. Base 2, or binary, consists of 0s and 1s
use rapidtables.com/convert/number/binary-to-ascii.html
01110011 01100101 01100011 01110101 01110010 01100101 01101100 01111001
= securely
4. Base 2, or binary, consists of 0s and 1s
a. use rapidtables.com/convert/number/binary-to-ascii.html
01100010 01000111 00111001 01110011 01100010 01000111 01101100 01110111
01100010 00110011 01000001 00111101
result: bG9sbGlwb3A= (look familiar? padded with = sign)
b. then dcode.fr/base-64-encoding
= lollipop
Crypto 2 Easy
1. use dcode.fr/cipher-identifier
then ROT13
iveghny ynxr
Crypto 3 Easy
1. use dcode.fr/cipher-identifier
then atbash
hzuvob lyerlfh xzev
Crypto 4 Easy
1. Morse code consists of dots, dashes, and slashes
use dcode.fr/cipher-identifier
then Morse Code
- .... . / ... . -.-. .-. . - / --- ..-. / --. . - - .. -. --. / .- .... . .-
-.. / .. ... / --. . - - .. -. --. / ... - .- .-. - . -.. / ... -.- -.-- / -..
-.- ...- -... / ----. ---.. .---- -....
Crypto 5 Medium
(Ciphers that don't identify: railfence, circular)(see
https://youtu.be/wKjRwJTXQH4)
How to identify number of rails:
N=Number of rails, L=String Length (not including spaces)
K = L / 2*(N - 1)
then
use http://rumkin.com/tools/cipher/railfence.php
1. 3 rails
Cair eruSA-0org sgaeudrpesr K-II98.ue cn seYQ3
= Courage is grace under pressure SKY-AIQI-9380.
2. 5 rails
F daS-eefn n KZ3eheadty.YI8lta oiwy-Q0. r aI2
= Feel the fear and do it anyway. SKY-IQIZ-3802.
Crypto 6 Medium (search which ciphers use keys)
use https://www.dcode.fr/vigenere-cipher
1. cipher: Y ln xkv lubj swlzqvkht, A vmzb pjk bbua we ddgs
ILQ-GQYU-8026
key: QIZKWCGQBS
= I do not fear computers, I fear the lack of them SKY-QIZK-8026
Stego 1 Easy - Use basic tools to find hidden messages in steganography
Use StegOnline
or
strings Steg1.jpg | grep SKY
Stego 2 Medium - find the hidden flag
a. dl STEG2.bmp
b. create a .png file to output to
c. use DIIT-1.5
java -jar /home/kali/Downloads/diit-1.5.jar
d. select BlindHide algorithm
e. Set Message to the png file
f. open png file with Ristretto
Stego 3 Hard
https://aperisolve.fr/ ;
^confirms the presence of the hidden file (PGP Secret Key -)
use DIIT
1. Extract the hidden file:
a. dl STEG3.bmp
b. create a .png file to output to
c. use DIIT-1.5
java -jar /home/kali/Downloads/diit-1.5.jar
d. select BlindHide algorithm/ncl says you can also use battlesteg
e. Set Message to the png file
f. open png file with Ristretto
2. Get the MD5sum of the hidden file (the png you made)
a. md5sum [type file name with extension here] [path of the file]
b. md5sum Steg3.png /home/kali/Desktop/Steg3.png
= B2BDE37FEEDE452DB6CA45D1618785CA
3. Use
https://discoveringegypt.com/egyptian-hieroglyphic-writing/hieroglyphic-typewriter/
to translate from heiroglyphics to english
= hidden messages
Stego 4 Hard
https://aperisolve.fr/ ;
^confirms the presence of the hidden file (PGP Secret Sub-key -)
use DIIT
1. Extract the hidden file:
a. dl Steg4.bmp
b. create a .png file to output to
c. use DIIT-1.5
java -jar /home/kali/Downloads/diit-1.5.jar
d. select HideSeek algorithm
e. Set Message to the png file
f. open png file with Ristretto
2. Get the MD5sum of the hidden file (the png you made)
a. md5sum [type file name with extension here] [path of the file]
b. md5sum steg4.png /home/kali/Desktop/steg4.png
= 77864c67bc0d74b0a05e6fec2c24125b
3. Use https://www.gotfuturama.com/Interactive/AlienCodec/
= there is no spoon
