security practice
web | 代写Network | network代写 | Algorithm代做 | shell | Python代写 | 代做lab – 该题目是一个常规的web的练习题目代写, 涵盖了web/Network/network/Algorithm/shell/Python等方面, 该题目是值得借鉴的lab代写的题目
I create the Hack lab VM and kali-linux VM followed the workshop 0x01, and network connection is all OK using ping command.
IP address of Hacklab VM
IP address of kali-linux
Ping from kali to Hacklab
Ping from Hacklabvm to kali.
Kali linuxs terminal is more friendly to use, so I use ssh command in kali to control Hacklab VM.
q01.
This question used a grep command and regular expression. The -A 1 parameter means showing one line following the matched results. ^And means the text starts with And. it$ means the text ends with it. And .* means the words between And and it can be anything. the passphrase is And give’t Iago: what he will do with it.
q02.
Firstly, I used a sort command together with a uniq command to count all the passphrases. The sort command sorts the passphrases in order, so the same passphrases are closed to each other. Then the uniq take the output of sort and delete duplicate passphrases. The -c parameter helps count the number of each passphrase. However, the output contains many lines and its hard to find a 14 between them. So, I add a grep command after uniq , which helps locate 14.
And we find the passphrase that occur exactly 14 times.
q03.
First, use a sha256sum command to compute sha256sum of every file in /home/student/linux_basics/q03. The * means compute do sha256sum to every file. And then use a grep command to find the line contains a92536e3c31979736460be6e6729147f974411ef193629999b022b96f5682450.
q0 4.
I write a Python script to finish this problem. First, do the transform to every word. Then use the subprocess package to run shell command (gpg) in python. p.communicate is used to make the output more clear.
The correct password: pr0b4bl 3 The content of the decrypted file: hacklab_{saronide-pitchometer-cinephone}
q0 5.
From cyber.py, we can find the key to decode. The original message is hide between two parts of random string. And, the number of the start part indicates the length of the first part of random string. So I write a python script to help decode the text.
First, read the secret.txt file in lines. For each line, get the p number. And then we can find the hidden flag. The +5 indicates four number and a :.
The hidden message is: hacklab_{hightailing-cothurnian-longhaired}.
q06.
The find command can be used to find file by some filters. The -size parameter means find file by its size. 47c means the file is exactly 47 bytes long. Then we can read the file content by a cat command.
q07.
First, use strings command to get all the string text in the executed file. Then we can easily find a line seems like passphrase and followed by a congrats !! . Run the a.out file, and paste the passphrase we found. And it works!
q08.
base64 is a common decode type in linux. A base64 command with – d can easily decode the secret.
-d means decode. (not encode)
Part II Cryptography
q0 1.
From mycrypto.py, we know the encrypt progress mainly uses the xor cipher. If we use a key to do the xor operation to a number for twice, the number turns to its original value. Because the python code uses a default random seed. So we already have the key, and just need to run the code again to get the hidden message.
So we run the mycryto.py on secret.txt.enc, and we get the message in secret.txt.enc.enc: hacklab_{wrestled-bigwiggedness-banqueteer}.
q 02
I use the code template of workshop 0x02. First, replace the p, q, e, n, d with given number. And we assign content of rsa.encrypted to the enc. Then we can decrypt the message. I also use the function int_to_string, to make the result readable.
The encrypted message.
q03. Follow the workshop 0x02, if we want to view the encrypted file we need use the dd command and the origin.bmp file. But only the encrypted bmp file is provided. So I make an empty bmp file of size 2000 * 2000, and use the same command as the workshop:
So, we can find the message hidden inside the bmp file is 42.
q0 4. There are several kinds of classical ciphers, including Caesar cipher, Vigenere cipher, substitution cipher and so on. Its difficult to directly find out the cipher type. So, we need to try these one by one. Efficient tools are helpful in this question. Finally at this website https://planetcalc.com/8047/, I found the original text used a substitution cipher.
The web program uses efficient Algorithm and found the key quickly. The key used to encrypt the original text is LWSIMAZUEDYHGRNCKJTXBQPFVO.
q0 5.
In the shdow-2 file, we can find the yoda and password(MD5 hashed).
Extract the rockyou.txt from rockyou.txt.gz using a gzip command.
Because yoda is the only user we need to hack. So create a new file to store the md5 hashed password.
At last, we use the hashcat to find the original password. -m 500 indicates the hash type is MD5(Unix). And the –show parameter print the password, which is spiderman1.
Here are many hash type and examples. The $1$ indicates the hash type.
We used yoda and spiderman1 login the HacklabVM successfully.