TryHackMe! Advent of Cyber - 2021 KICKOFF: 25 Days of Learning CYBERSECURITY

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] do [Music] hello everyone if you're looking for the holiday spirit you are in the right place if you're looking for the north pole you are in the right place if you're looking for the try hack me advent of cyber 3 you are definitely in the right place my name is john hammond and i could not be any more honored to be able to help kick off this incredible fantastic and annual event the try hack me advent of cyber three so hey this year try hack me is going above and beyond if you don't know the game if you don't know the usual advent of cyber this is learning cyber security for free for fun for all the great things every single day leading up until christmas throughout the month of december so let's hop on over the screen here let's take a look there are prizes this year over fifteen thousand dollars worth of prizes and that's insane of course absolutely free all online accessible to anyone and you get a lovely certificate all along the way they've got some incredible co-creators we've got neil bridges we've got insider phd cyber security meg nomsec tiberius husky hacks you've got my ugly mug in there this is gonna be a ton of fun so hey we're getting into some super cool stuff this year uh there are some topics that we're gonna end up covering web exploitation network exploitation ocean or open source intelligence cloud hacking and a little bit of blue teaming so advent of cyber as i've said it before it's all about having fun getting new people interested in cyber security exposing them to new technology that might not have seen before and all of this is meant to be beginner friendly it's going to be guided walk through tasks things that you'll be able to actually understand as you read through it and you know grok something new that you might not have seen before the challenge listing is insane the prize pool is insane there are so many great things about this and some incredible people behind it comptia is backing this offensive security bc security and of course the one and only try hack me hosting this advent of cyber three so you can check out this link uh the page that i'm looking at right now is on tryhackme.com christmas and the fun will get started on tryhackme.com in their advent of cyber room which will get started on december 1st so hey i know what you're here for i know you're excited and you're ready to jump into day one of the try hack me advent of cyber so let me bring you down the rabbit hole here i'm gonna hop over to the tab that i've got this room open in and let's get it started i'm gonna open up this task one here introduction where it just says hey welcome to the advent of cyber 2021 if you want to get your eyes on that incredible certificate that you might be able to pull out share it on linkedin share it on twitter share it on facebook share it on all of the socials that's what it's going to end up looking like and all of these other co-creators cyber security mag husky hacks neil bridges etc we're gonna be either producing challenges or videos or both for this event so hey you might be able to see some uh some cheesy stuff that i was able to pour into it and some other incredible people bring in some great concepts here looks like we just need to read the above and check out the sponsors we can mark that completed and great i've got my hackme streak going excellent you want to follow them on social right check it out all the great things that are going to be happening in try hack me adventist cyber follow on linkedin yes follow on discord yes follow on twitter yes subreddit yes i am cyber stalking you try hack me all right if you have not subscribed you know that you absolutely could try hack me vip does give you a lot more access to incredible things within the try hack me platform although they say i think it's like 70 or 80 percent of the try acme content is totally free so a lot of great learning already accessible for you hey and you can check out some of the cyber christmas swag the try act me advent of cyber i'm rocking the sweet shirt right here i've got it open yeah i don't know if you can see it through the santa stuff going on and we can read that one and mark it complete we do have a short tutorial and some rules here to access target machines you deploy on the tryhackme network you'll need to either use an openvpn client or deploy your own web-based attack box you can do this by clicking the blue start attack box button at the very top of this page we highly recommend you complete the tutorial room to learn more about getting connected in the try hack me environment if you're using the web-based attack box you can complete all of the exercises through your browser if you're just a regular user you can deploy the attack box for free one hour a day and if you're subscribed you can deploy it for an unlimited amount of time now here are some ground rules right breaking any of the following rules will result in an elimination from the advent of cyber competition anything.tryhacme.com and the openvpn server those are off limits those are out of scope they cannot be attacked they should not be targeted any probing scanning or exploitation against those endpoints is not allowed users are only authorized to hack machines that have been deployed in the rooms that they have access to users are not supposed to target or attack other users and you should only enter the event once using one account just to make it fair for prizes and all answers to questions are not to be shared oh whoops all right so we can practice connecting to our network cool i'm gonna call that done because i'm gonna connect with the attack box and we have the story here we're looking at the cyber security elves that saved christmas all the exercises in advent of cyber follow a fun christmas story this year the elf mcskinny needs your help to hack back and undo the grinch's malicious activities ooh there's a little cool comic that i tried to show in the b-roll beginning of this video it is the eve of the 30th november mcskitty sits in her large office with a cup of hot cocoa reminiscing over her stressful times at the best festival company since her management of the christmas monster cyber attacks last december she'd been promoted to chief information security officer ersizo and has managed to build a world-class security team she made a promise to never let christmas get affected by cyber incidents and has done everything in her power to prepare the best festival company for any incidents and assist santa in delivering presents globally with no disruptions she grins to herself after all we've done what could go wrong hmm famous last words right elf mick assistant runs into her office and gasps all of our security analysts have missed their last shift and no security personnel can be found in the building mcskitty jumps out of her chair and spills her hot cocoa all over herself what she swiftly moves over to the elf security center housing the security personnel and looks over the large area filled with empty desks where did everyone go on the eve of the most important time for the best festival company she rushes over to the desk of the head of security analyst team elf mcleader and notices the desk is surprisingly clean for someone so messy how is his work area completely empty as she started theorizing in her head she noticed a small piece of paper hidden at the back of the desk behind the screen as she made sense of what was on the paper her eyes widened why did mick professional book a one-way flight ticket away on this exact day before she had time to make any assumptions a loud grumpy voice was resonating across the security center from the internal announcement systems grinch enterprises will never let christmas succeed it would be a shame if your world-class security team just suddenly disappeared this was all as planned how could they access our internal systems cried mcskitty their intelligence team had prepared for this exact scenario but it didn't help the security center was completely empty this needs to stop happening side at mcskitty and dragged herself to the office to save christmas please note tasks are released daily and will vary in difficulty although will always be aimed at a beginner level this christmas story is used within some of the tasks so make sure you read the above all right i have rambled and drone on and i hopefully enjoyed my storytelling there but now we can move on to day number one of adventist cyber three before we do i get to offer a little bit of sneak peek and i'm pretty excited about this uh trial hackmore's giving me some permission to maybe sprinkle and tease some of the potential upcoming tasks and uh activities and rooms that we'll see all throughout the advent of cyber 3 now as i'm recording this a bit before the event gets started this is subject to change so some of the things that you see on here may or may not be what actually gets deployed hey when it's real december and show time day one web exploitation we're just about to get into it save the gifts ooh elf hr problems christmas blackout running behind a good amount of web exploitation for about the first week here and then we dive into a little bit of networking and of course i think there will be some special uh co-creator rooms in there my my tasking is going to be somewhere in that mix here but look at this devops or dev insecure ops ransomware that's going to be a lot of fun diving into open source intelligence and cloud stuff playing with containers oh and when we finally get into blue teaming getting into maybe phishing emails needles in the computer stacks oh and some power shell down here at the very end powershelf magic i love it i'm super excited i hope you are we're going to have a ton of fun for try hack me advent to cyber 3. all right now let's open up this day one web exploitation save the gifts here's our new story here and looks like we have a button to view the site it says the inventory management systems used to create the gifts have been tampered with to frustrate the elves it's a night shift and mcstalker comes to mcskitty panicking about the gifts all being built wrong with no managers around to fix the issue mcskitty needs to somehow get access and fix the system and keep everything on track to be ready for christmas so we have a couple learning objectives here it says what is an eye door or idor vulnerability how do i find and exploit eye door vulnerabilities and a challenge walkthrough so what is an eye door vulnerability idor stands for insecure direct object reference and it's a type of access control vulnerability an access control vulnerability is when an attacker can gain access to information or actions not intended for them and either vulnerability can occur when a web server receives a user supplied input to retrieve objects right files data and documents but too much trust has been placed on that user given input and the web application doesn't validate whether the user should in fact actually have access to that requested object so how do i find and exploit idor vulnerabilities well as previously mentioned an either vulnerability relies on changing user supplied data this user supply data can be mainly found in the following three places sometimes in a query component query component data is passed in the url when making a request to a website take for instance the following screenshot of our url and you can see this here here's an address bar with https as a schema to go to a website reaching a profile endpoint but the question mark is denoting an http get variable it's passing a parameter or an argument to this page this slash profile and it's asking for an id as a parameter or supplying that again user supplied input and anyone could really just pass in whatever value they wanted to for that id number here you can see it's being set to 23 and try hack me in the room and the task here defines this breaks it down and explains here we can see the slash profile page is being requested and the parameter id has a value 23 being passed in the page could potentially be showing as personal user information their profile right but changing the id parameter to another value maybe there's the potential for us to view another user's data that is especially dangerous in this case exactly right because that id is only referenced by a number 23 but you could just as easily kind of toggle that up and down maybe bounce or increment or decrement that number and see what might be available at profile id number 22 or maybe dialing all the way back what about profile id number one will that be the administrator or the original creator of this whole application that could be dangerous and that is the damage that could be done by idor or insecure direct object reference here's an example showcasing some post variables we were just discussing an http get variable but if we took a look at this maybe within an html form examining the contents of forms on a website can sometimes reveal fields that could be vulnerable to idor exploitation take for example the following html code for a form that updates a user's password here you can see some html with a post method going to a slash update password endpoint as the action now if that input field there's actually an element in html elements applied here that's intended to be hidden not supposed to be shown on the web page but you shady hacker you pressed f12 on your keyboard or you right clicked to view source or hit control u to open it up or inspect element right and you found hey the user id parameter currently the value is one two three but you could manipulate that if you knew how to right that's the idea you might change the password for your account intended as id123 but again what if you change that to one two four one two five or id value one or zero even you never know that's worth tinkering and playing around with you can see from the highlighted line the user's id is being passed to the web server in a hidden field changing that value from 123 to any other user id might result in changing the password for a completely different user account and you could then compromise that account take over that session you could do some damage with that another great example are cookies if you were to stay logged in a website such as this one such as tryhackme cookies are used to remember your session that's how your browser knows you are who you logged in as and it kind of keeps track of you interacting with that web page usually this involves sending a session id which is a long string of random or hard to guess text like fdb28452 yada yada yada right kind of looks like a hash or some computed value the web server securely will use this to retrieve your user information and validate your session you are who you say you are sometimes though less experienced developers might store user information in that cookie value itself like the user's id or your role or permissions are you an admin user are you a developer or you would just a simple read access maybe that could be manipulated in the cookie changing the value of this cookie could result in displaying another user's information you can see below how this works and here they offer a get request simple http the raw protocol here it's supplying a cookie with the user id 9 and it will return hello john but if we were to change this because you again could manipulate this if we change that user id to 5 a different number we get a different user account returned back to us martin in this case rather than john now an idor in the wild if you ever see a product user or service identifier in the url that is something that you really really should test poke at it tinker with it just explore bump the number up and down either vulnerabilities can reveal sensitive information as well as potentially giving you access to usually restricted site functionality for security researchers utter vulnerabilities can be impactful and reporting them can yield a good bug bounty see this article and there's a link to it here in tri hackney's an either vulnerability report to paypal had a ten thousand and five hundred dollar payout i'll go to that page here looks like this was written in uh february 22nd back in 2020 the top 25 idor bug bounty reports in this article we'll discuss all these potential vulnerabilities and this explains it just a little bit more in a different way here this looks like it even emphasizes some blind versus generic or reference to objects different types of this idor but i would honestly leave this as an exercise to you right homework or whatever an exercise for the reader if you wanted to explore more on this but take a look just that example paypal hmm had an eider vulnerability and that security researcher whoever what bug hunter found this and submitted it was able to reap ten thousand five hundred dollars in rewards with all that out of the way let's get into the challenge walkthrough we can click the green view site button at the top of this task to open up the inventory management system here you'll find a mock web browser on the completed orders page showing images of the toys which have been made incorrectly due to the grinch's tampering um okay uh kind of weird i can't tell what animal that is it looks like a beaver or something or a bear because you can see it's like put on the wheels for a train but it has a plunger on its head oh that that is a disaster there are also three other pages on the navigation panel builds inventory and your activity the builds page shows different toys and the parts they're made up of as you can see due to tampering these are all incorrect alright uh we should fire this up before i start to read on because it will kind of walk through what we're looking at but let me go ahead and click that view site button and there we go looks like it opened up in a other tab here and i'm going to have to zoom out just a smidge so we can see all of this but okay we have the builds page yep as it referenced here the inventory page lists the individual items with their corresponding sku codes sku right train based teddy bear head oh it's a teddy bear okay i don't know why i thought it was whatever i thought it was as we learned above an idol vulnerability requires changing some kind of user input out of all the pages we can navigate to the only page input that could be altered is on the your activity page and we haven't clicked on that yet see how this url the very very top would change as i navigated around notice that this one has the same exact get http sort of schema it looks like a slash activity endpoint but the question mark denotes an http get variable and we're specifying user id as a parameter pass in being set to the number 11. try changing the user id value in the address bar and you'll see that the web application tries to load another user's information try different numbers between the values 1 to 20 until you find a user who could have been responsible for tampering on the system ooh okay once maybe we find the perpetrator here if we were to click on the revert button on the users actions that will roll back the changes and allow the toy making machine to be properly building toys once again once all the challenges have been rewarded or excuse me once all the challenges have been reverted you'll be rewarded with the flag which can be entered below after finding santa's account what is their position in the company that's our first kind of question here so okay let's go and start to mess with this i'm going to get my handy dandy pen here and kind of showcase what it is that we're looking at i want to zoom in on okay so this is the sweet spot that we were just talking about right the user id and that value that's being set there right now the value is 11 but we could very well change that to anything that we might want in fact let's try and again bump that number up to say 12. okay but that user is not found maybe we could bring it down to then 10. i'm hitting enter but that user is still not found uh how about nine oh oh okay it immediately found it found the grinch here but i want to be finding santa right now so let's try eight no all right let's go to the very very top kind of like we were discussing we could try zero no dice we'll go to one oh and there's santa okay cool so we can see hey santa's position right here is the boss and let's go and submit that the boss with an exclamation point go ahead and submit excellent now after finding mcstalker's account what is their position in the company alright so we need to go find another user id let's switch this back to try employee number two oh and i missed the equal sign there you can see hey it does require a parameter being set it absolutely requires that equal sign there so two does not have a user three that finds mick stalker and there he is i see him as the build manager let's enter that go ahead and submit nice and uh after finding the account responsible for tampering what is their position in the company oh we did see the grinch at user id number nine so let's enter that and now we can see all of the damage that he had done right hey this was the skew change inventory being changed and manipulated but his position is really what we're interested for this answer right here so the mischief manager is what we need to go ahead and supply mischief manager submit that what is the received flag when mcskitty fixes the inventory management system okay and that is hitting the revert button as it suggested just above here so that's all these guys we can go ahead and just click on each one of those revert revert revert revert revert revert there it is mcskitty has fixed the inventory management system and we have our flag right there all right looks like we did that looks like we won i'm gonna go ahead and copy this select all that text there scroll down and slap it in submit if you want to learn more about eidor vulnerabilities we suggest trying out this room it looks like tryhackme already has a room to showcase this i'll go ahead and open that in yet another tab learn how to find and exploit idor vulnerabilities in a web application giving you access to data that you shouldn't have looks like this is a subscriber only room so if you are interested in that looks like you might be able to get a little bit more access to all the try hack me offers here but let's go back and let's review the very very end here of this task tasks are released daily but each day might get progressively harder of course they are all still guided with walk through videos just like this one you can come back tomorrow december 2nd for day two's task so we'll mark that complete and then we can start to tackle day two tomorrow and we'll keep cruising through all of the other fantastic and awesome things that the try hack me advent of cyber 3 has in store for us so hey that is it everyone that is my video kind of bringing you the beginning of try hack me advent of cyber 3 day 1 out of 25. we're going to have some incredible fun activities i've got a little challenge in there i believe cyber security meg and tiberius and namsek and husky hacks neil bridges all these great people forgive me if i didn't get the name out there oh insider phd i had to look i had to check back in again all these incredible people are gonna be putting together some fantastic stuff and of course the try hack me team try hack me is ultimately you know the guys putting this on the fantastic folks really bringing this event to you all for free all for fun and i sincerely hope that you enjoy advent of cyber 3 and i hope that you enjoy all of the fun stuff that's going to present to you and you learn something new because that's what this is all about that's what all of this hey i know we're gonna have some fun with the season of giving spending time with friends and families but uh it's still pretty cool to hack away at the keyboard you know do some cyber stuff so i hope you enjoy really from the bottom of my heart have a great holiday season and i'll see you again for some other advent to cyber 3 videos thank you so much everybody let's get this let's get this thing off bye everybody take care [Music] you
Info
Channel: John Hammond
Views: 63,127
Rating: undefined out of 5
Keywords:
Id: 858rVeWB8Pw
Channel Id: undefined
Length: 26min 48sec (1608 seconds)
Published: Wed Dec 01 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.