I'm fascinated by all this. My brain can't wrap itself around all this, and despite my limited knowledge of this, you explain it rather well. I will enjoy watching this series
seems neither dose the creator spends the first 15 mins emailing 'anabor' calling anabor 'rees', its to cringy i have to find someone else making videos on this, cant watch this guy
I'm currently working toward a Cybersecurity degree and have just started diving into CEH with ECCouncil, and it's really interesting hearing comparisons to real world applications. Very informative.
My favorite is your social engineering 1. Emails non admin target (Anabor) using an Admin phishing form 2. Calls the the non admin (Anabor) the admins name (Hello Rees); Honestly surprised you got a do not work there response and not a that is not my name response error. 3. Call yourself the admins name (I'm Rees) in the next line
@@AFascinatingChap I mean I just recently found out you dont have to buy the programs from the hackshop so I felt dumb. You pay lack of knowledge it seems... can use: apt-get addrepo [ip] apt-get update apt-get upgrade apt-get install [name of program] so you only need to pay for computer parts.
@@AFascinatingChap You were over thinking it for deleting the system.log you didn't need an exploit. Here are the steps to completing the starting mission flawlessly (note this is for people new as well): 1. Download Decipher to /bin from mission email 2. Using player terminal whois victim ip to get admin info 3. Phish using login Issues email form direct it to the admin email and give them the victims name in the [User_Name] box 4. connect to the computer using: ssh User_Name@Password IP 5. open FileExplorer.exe on victim pc 5. Copy Mail.txt from /home/[User_Name]/Config folder to your player machine. 6. Copy Passwd file from /etc folder to your player machine. 7. close victim FileExplorer.exe 8. in player terminal use Decipher on Mail.txt and respond to the mission email with this decoded password 9. In player terminal use Decipher on Passwd file and select root 10. In victim terminal use sudo -s and login using the deciphered root password 11. open FileExplorer.exe on victim root 12. open /var/system.log and delete the shell creation log only 13. type exit in terminal Note: if you delete anything on a victims machine the files are not fully deleted and are hidden in /home/User_Name/.Trash and /root/.Trash (hidden folders depending on user they were deleted on) and needs to be deleted using root access. Deleting them from .Trash will leave a system.log and will need to be removed as well.
The control shift v/c and control v/c are for different uses. Control shift is only in terminal because control c stops the running program on Linux terminal. In other places control c/v works normally
we should just have one button on the keyboard for copy and pasting and we can tell the computer to copy or paste by the way we press it instead of using whole different keys for it (madness) lightly caress the button = copy and smashing the button = paste and tippy tapping it to the rhythm of shave and a haircut = shutdown procedures
The decipher command is a bit unintuitive, you need to give it a file with content that follows the pattern username:hash and you can have multiple lines of it in the same file and it will let you pick one to decipher. ... I had to open up the source code for decipher (you can see it by opening the page for decipher in the manual) to figure that out since I didn't see any place that it mentioned it. (I originally thought you had to only put the hash in the file, and it just gave an error that was confusing.)
Yeah, that is one of my biggest issues with this game so far. It is Unix/Linux based overall, but then has Windows programs. So your use ctrl+shift C in terminal then ctrl C in some of the applications. Also your gui applications are exe files, which doesn't make sense on a linux based machine without taking some extra steps to make that happen. It is as if the developer combined Linux and Windows OS together which is just freaking odd to me.
If you get this, check to be sure that they didn't request a specific user. I made this mistake once, and after about five minutes I realized they were looking for a specific user. Second thing is to make sure they aren't looking for a specific machine. I believe the win condition the game checks is the local password database on the target machine. So if you have two machines, 192.168.72.16 and 192.168.72.17 and the user exists on both machines, if you chance the password on 16 but the mission was looking for the password on 17, it would technically fail.
Kinda banging my head into the wall that you're not using the password you just unencrypted (Warrenc) to delete the log file.. but okay? pretty sure that was the obvious move there and not continuing to try the password you know didnt work(Terpr).
seeing the email part, really pained me.... i couldn't wrap my head around how you couldn't figure it out.. when you tried the social engineering again, you put the admins name twice.. first in the hello (admin name) and then saying "I'm (admin first name)" right after
I'm fascinated by all this. My brain can't wrap itself around all this, and despite my limited knowledge of this, you explain it rather well. I will enjoy watching this series
Glad you enjoyed the series! Thanks for watching.
seems neither dose the creator spends the first 15 mins emailing 'anabor' calling anabor 'rees', its to cringy i have to find someone else making videos on this, cant watch this guy
I'm currently working toward a Cybersecurity degree and have just started diving into CEH with ECCouncil, and it's really interesting hearing comparisons to real world applications. Very informative.
thank you. very glad you enjoyed it.
My favorite is your social engineering
1. Emails non admin target (Anabor) using an Admin phishing form
2. Calls the the non admin (Anabor) the admins name (Hello Rees); Honestly surprised you got a do not work there response and not a that is not my name response error.
3. Call yourself the admins name (I'm Rees) in the next line
Not even close to the dumbest thing I've ever done! Thanks for watching.
@@AFascinatingChap I mean I just recently found out you dont have to buy the programs from the hackshop so I felt dumb. You pay lack of knowledge it seems...
can use:
apt-get addrepo [ip]
apt-get update
apt-get upgrade
apt-get install [name of program]
so you only need to pay for computer parts.
@@AFascinatingChap You were over thinking it for deleting the system.log you didn't need an exploit.
Here are the steps to completing the starting mission flawlessly (note this is for people new as well):
1. Download Decipher to /bin from mission email
2. Using player terminal whois victim ip to get admin info
3. Phish using login Issues email form direct it to the admin email and give them the victims name in the [User_Name] box
4. connect to the computer using: ssh User_Name@Password IP
5. open FileExplorer.exe on victim pc
5. Copy Mail.txt from /home/[User_Name]/Config folder to your player machine.
6. Copy Passwd file from /etc folder to your player machine.
7. close victim FileExplorer.exe
8. in player terminal use Decipher on Mail.txt and respond to the mission email with this decoded password
9. In player terminal use Decipher on Passwd file and select root
10. In victim terminal use sudo -s and login using the deciphered root password
11. open FileExplorer.exe on victim root
12. open /var/system.log and delete the shell creation log only
13. type exit in terminal
Note: if you delete anything on a victims machine the files are not fully deleted and are hidden in /home/User_Name/.Trash and /root/.Trash (hidden folders depending on user they were deleted on) and needs to be deleted using root access. Deleting them from .Trash will leave a system.log and will need to be removed as well.
I like how you do
Hello Rees
I'm Rees
Hi Rees nice to meet you
The control shift v/c and control v/c are for different uses. Control shift is only in terminal because control c stops the running program on Linux terminal. In other places control c/v works normally
we should just have one button on the keyboard for copy and pasting and we can tell the computer to copy or paste by the way we press it instead of using whole different keys for it (madness) lightly caress the button = copy and smashing the button = paste and tippy tapping it to the rhythm of shave and a haircut = shutdown procedures
Love your voice, and calm, thanks for all
Glad you enjoyed!
Good series. It's cool to hear your perspective on the game
Glad you enjoy it!
Bless your heart. You are writing an email that says Dear Rees this is Rees. I just want to know if cleaning my own system.log is important.
I've seen people fall for worse!
The decipher command is a bit unintuitive, you need to give it a file with content that follows the pattern username:hash and you can have multiple lines of it in the same file and it will let you pick one to decipher.
... I had to open up the source code for decipher (you can see it by opening the page for decipher in the manual) to figure that out since I didn't see any place that it mentioned it. (I originally thought you had to only put the hash in the file, and it just gave an error that was confusing.)
I play around with the source code eventually too. It's worth a look but took be a few sessions to get the meaning.
btw, in a lot of the npc boxes (at least the beginner ones) you can just cat /etc/passwd, and you can use decipher to get the root password.
I use this a few times in further videos. yeah, this often works at least in the beginning.
Yeah, that is one of my biggest issues with this game so far. It is Unix/Linux based overall, but then has Windows programs. So your use ctrl+shift C in terminal then ctrl C in some of the applications. Also your gui applications are exe files, which doesn't make sense on a linux based machine without taking some extra steps to make that happen. It is as if the developer combined Linux and Windows OS together which is just freaking odd to me.
Yep, it took a lot of getting used to.
the copy/paste stuff is similar to linux
Ctrl+Shift+C and Ctrl+Shift+V for terminal
Ctrl+C and Ctrl+V for everything else
I do figure that out eventually! Just takes me a while.
when i put in the creds in the email it says order requirements have not been completed but i’ve followed your vid the entire time
If you get this, check to be sure that they didn't request a specific user. I made this mistake once, and after about five minutes I realized they were looking for a specific user. Second thing is to make sure they aren't looking for a specific machine. I believe the win condition the game checks is the local password database on the target machine. So if you have two machines, 192.168.72.16 and 192.168.72.17 and the user exists on both machines, if you chance the password on 16 but the mission was looking for the password on 17, it would technically fail.
I'm getting an error when executing ssh that says only root users can install this program
On a target machine you'll need to look for a priv escalation exploit.
CTRL+SHIFT+V pastes into a Linux terminal. It made sense to me right away.
Yeah, I don't know why I had so much trouble with that one. Sometimes I'm just a bonehead.
11:02 I would say to email the administrator and pretend to be Skipp Anabor who forgot their password or whatever.
Yeah it took be a while to figure out the "game loop"
Nice game you are playing here sir, however I will need your help regarding a mission I'm currently facing
How can I help you?
This is difficult. Mine is a different company. The user from the email said they don't know the administrator.
Whois will tell you the administrator.
Thank you for responding. My first mission was bugged. I had to start a new game. @@AFascinatingChap
thanks for doing this very nice
My pleasure!
Kinda banging my head into the wall that you're not using the password you just unencrypted (Warrenc) to delete the log file.. but okay? pretty sure that was the obvious move there and not continuing to try the password you know didnt work(Terpr).
If that bothers you, then just wait to see what other boneheaded things I do.
I’m using password1 as my next playthrough
To be extra secure, capitalize the P and add a ! to the end.
On the new version of this game the name of h** is basic
Really? That's too bad. I was hoping they would take it in the opposite direction and add an optional tutorial instead.
this should have been a 20 minute video
You have time to leave a comment.
seeing the email part, really pained me.... i couldn't wrap my head around how you couldn't figure it out.. when you tried the social engineering again, you put the admins name twice.. first in the hello (admin name) and then saying "I'm (admin first name)" right after
I eventually figure it out. Not sure what my problem was either.