Lab Walkthrough: https://cyberdefenders.org/labs/68
CyberDefenders is a training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice, validate the skills they have, and acquire the ones they need.
This VAPT was performed during my winter vacation. The detailed report and our findings are described below.
The objective of this test was to Answer all the question on the given link.
1)The question was given on the following website
2) Wireshark tool is used for pcap analysis. Which is installed in windows machine.
All information, techniques and tools described in this write-up are for educational purposes only. Use anything in this write-up at your own discretion, I cannot be held responsible for any damages caused to any systems or yourselves legally. Usage of all tools and techniques described in this write-up for attacking individuals or organizations without their prior consent is highly illegal. It is your responsibility to obey all applicable local, state and federal laws. I assume and accept no liability and will not be responsible for any misuse or damage caused by using information herein.
Lets Get Started
Summary Scan Report of https://cyberdefenders.org/labs/68
#1 What is the FTP password?
We simply filtered the ftp and get the following result
#2 What is the IPv6 address of the DNS server used by 192.168.1.26? (####::####:####:####:####)
We simply search for dns and will review the results and found the answer
#3 What domain is the user looking up in packet 15174?
We simply Ctrl+g gives us windows to search a packet and we enter the packet no and get the following result in DNS
#4 How many UDP packets were sent from 192.168.1.26 to 220.127.116.11?
In the filter box we simply searched : ip.src==192.168.1.26&&ip.dst==18.104.22.168&&udp
And get the result
#5 What is the MAC address of the system being monitored?
We simply search ftp and monitored the first packet and get the following result
#6 What was the camera model name used to take picture 20210429_152157.jpg ?
First we will filter which frame contains that file so we use frame contains 20210429_152157.jpg then we open the tcp stream and save the file as raw and open that file on the following website : http://exif.regex.info/exif.cgi.
#7 What is the server certificate public key that was used in TLS session: da4a0000342e4b73459d7360b4bea971cc303ac18d29b99067e46d16cc07f4ff?
First we filtered tls.handshake.type==2 then we click on the first packet and go to the session id and apply as column then found the session id on 26913 then go to the public key and get the public key the results are below
#8 What is the first TLS 1.3 client random that was used to establish a connection with protonmail.com?
First we used ssl.handshake.extensions_server_name in filter we check the first packet and we found server name www.bing.com then I right click on it and apply as column and found protonmail.com and checked it and find out in Random
#9 What country is the MAC address of the FTP server registered in? (two words, one space in between)
For this we filtered the ftp and click on the first packet and get mac address then we visit the website macaddress.io and get the following results
#10 What time was a non-standard folder created on the FTP server on the 20th of April? (hh:mm)
I used ftp in filter search & check the tcp stream : tcp.stream eq 11 which give us following result
#11 What domain was the user connected to in packet 27300?
I simply tried ctrl+g but didn’t find so I notedown the ip address which is 22.214.171.124 then I move to statistics > Resolved Address and check the IP address and found the following result
This is the result
It can be described as a detailed process of detecting, investigating, and documenting the reason, course, and consequences of a security incident or violation against state and organization laws.
This is the end. Thank you for reading this write-up.