DEV Community: TheRealChiwoo

Virtual Machines

TheRealChiwoo — Wed, 13 Sep 2023 02:10:50 +0000

Brief Overview

Hello everybody! I haven't been awake this early in quite a while, so I decided to be a nerd and hop on DEV to create a post dedicated to virtual machines. As many of you guys know, there are different types of operating systems (windows, macOS, linux... etc). In this post, I have the joy of working through a task I was given by my boss Roman (shoutout again). With little to no knowledge about them, this was my best attempt at it.

The Task

Before I start breaking down what I did, let's take a look at the task I was given!

Hmm... okay. Initially, I had a couple of thoughts that came into my head.

????????????????????????????????????

Ok, let's break this down now, step by step! (OOH BABYYY)

1. Download the virtual machines.

This step isn't too hard, I decided to use Oracle VM Virtualbox (https://www.virtualbox.org/wiki/Downloads) and downloaded the earliest version. To be honest, I already had Virtualbox downloaded as I used to for hackthebox, but it's quite easy to download!

Next, I downloaded the 3 following OS onto Virtualbox: Windows, Kali and Ubuntu.

Downloading them wasn't too difficult as there were lots of online videos/tutorials showing me how, but it was a little annoying setting up each VM as the settings that were shown in the tutorial were for different computers. As for me, I already had Kali installed on my VM, but the other two weren't hard to find.

Windows: https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/
Ubuntu: https://ubuntu.com/download/server
Kali: https://www.kali.org/get-kali/#kali-platforms

Setting up the virtual machines could be hassle, but make sure to watch some tutorials on YouTube! It saves you the trouble of trying to figure it out on other websites!

2. Install and configure Apache on the Ubuntu VM.

What is Apache you ask? Well, Apache is the most frequently used web server on Linux (which are used to serve web pages requested by client computers), which is why we need to set it up. You'll see on step 4 :).

First, I opened up the terminal in Ubuntu and typed these 3 commands:

Now that I have Apache installed, time to configure the firewall to allow HTTP traffic:

Alright! Now since that's done, let's download the MySQL database.

3. Install and configure MySQL on the windows VM.

First, download and install the MySQL Server for Windows from the website: https://dev.mysql.com/downloads/windows/installer/

For the settings, make sure to do these things!

Server-only installation.
Set up strong root password.
Configure the Windows firewall to allow MySQL traffic by creating an inbound rule.

Once those steps are complete, it's time to move on to the next step!

4. Configure the WordPress server.

First Apache... and now... What the hell is WordPress?
https://kinsta.com/knowledgebase/what-is-wordpress/

On Kinsta, it explains WordPress as "the simplest, most popular way to create your own website or blog". Basically, it is a content management system that allows you to host and build your own websites!

Ok, now onto actually configuring it:

After running those commands, download the latest WordPress release from the website: https://wordpress.org/download/.
Once downloading is complete, make sure to extract it to the Apache web server document root directory! (/var/www/html/).

This step was a little difficult for me and actually took a couple of days! For some reason, I was able to ping my Ubuntu VM from my Windows VM, but not vice versa. My VM's weren't able to talk to each other! Luckily, I had some help from YouTube and my Dad, and was able to figure it out by changing some settings within the Virtualbox itself, and playing around with each VM. If you want to see all the resources I looked at, I'll leave a google document with everything in it here:

https://docs.google.com/document/d/1TV0G5exJOmv-ZgnQBiOwrf7VfBZswzJpnV_JKDFToAA/edit?usp=sharing

5. Use ngrok to make the WordPress instance accessible from the internet.

Oh man, another difficult word I do not understand. Ngrok allows us to instantly open access to remote systems without the troubles of touching any of our network settings or opening any ports on your router. In other words, it is a highly secure platform for remote access!

Firstly, I went onto the official ngrok website (https://ngrok.com/) to install it.

After the download is complete, I opened my terminal and ran this command to expose the local WordPress instance to the internet:

Once it is entered, you should see something like this:

Make sure to take a screenshot or mental note of the public URL provided by ngrok, as it will forward incoming HTTP traffic to your local WordPress instance!

6. Generate a packet capture using Wireshark or TCPDump.

This step is a little more versatile as there are two different programs that allows you to capture packets from a network connection. It's main usage is network troubleshooting, analysis, software and communications protocol development as it allows you to analyze network traffic!

As for me, I tried to use Wireshark but had trouble actually finding the interfaces that connected the MySQL database VM and the Apache server VM. After changing the settings in the Oracle Virtualbox to Host only adapter in the network section, I wasn't able to see the interfaces. If you do happen to use Wireshark, be on the lookout for interface names like eth0, enp0s3, or enp0s8 as it should look very similar to it.

Anyways, I ended up using tcpdump instead. After downloading the file online, I was able to install it through the terminal, using these commands:

Lastly, I was able to capture packets using this command:

If you have trouble finding your interface name, type "ifconfig" into the terminal, and find the appropriate interface name to start capturing packets.

7. Access the WordPress site from the browser in the Kali machine.

The last and final step to this accursed step... This one is quite easy!

Remember back in step 1 where I told you to download 3 different types of VM's on Virtualbox? Well now we are going to use Kali.

After logging into Kali, open firefox, or any browser you want. Now think back to step 5 where I told you to take a screenshot of the URL... Just copy and paste it into the browser!

If working correctly, the page should load and you should be able to access the WordPress site from the Kali machine as well:

Final Thoughts & Closing Statements

So, the journey has come to an end. I can't lie, it was stressful trying to do everything from scratch, especially when I had almost no knowledge about anything. To be completely honest, this blog should be even longer, as there were like 5+ more steps that I had to do... but we can cover that on a different day! Remember, learning things take time, and with week 2 of my internship slowly coming to a close, I guess everything paid off.

CTF Challenges: Reconnaissance

TheRealChiwoo — Wed, 13 Sep 2023 02:10:44 +0000

Brief Overview

Now that our previous challenge has been solved, it's time to move on to the next topic. Like I mentioned before, MetaCTF provides 8 different topics of CTF problems, and this time, we are going to take a look at Reconnaissance.

What is Reconnaissance?

For big words like this, I swear Google is my best friend. In Cybersecurity, Reconnaissance is the information-gathering stage of ethical hacking, where you collect data about the target system. To simply put, we use techniques like foot printing and scanning to discover and collect information about a system! Think of it as... I guess a hacker gathering/collecting information about the target system!

CTF Reconnaissance Problems

For this section, I'm going to do a super duper easy peasy simple problem that allows you to understand the very basic definition of Reconnaissance, and a more difficult problem that can demonstrate the subject differently.

KANYE WEST???

Ok, let's take a look at this easy problem.

As mentioned previously, ethical hackers use reconnaissance to gather information about their target. In this instance, it is the Ye himself!

This problem shows the surface level definition of reconnaissance, as it makes us gather information about Kanye's iPhone password. With a simple Google search, we find his password: 000000.

Under ATT&CK

Now onto something a little more difficult...

At first, I had a difficult time understanding the problem. It had too many acronyms that I wasn't familiar with, so I decided to click on the hint: https://attack.mitre.org.

When I went on the website, there was a subsection that specifies 3 different categories for attacks: Enterprise, Mobile, and ICS.

Going back to the CTF problem, it states "what other Initial Access mechanism did the attacker use?" When browsing through the 3 subcategories, I wasn't particularly sure on which one to click. With a little more research, I stumbled across this website: https://www.blackberry.com/us/en/solutions/endpoint-security/mitre-attack.

In the website, it mentions that the Enterprise ATT&CK Matrix contains a sub-matrices that focuses on pre-attack activities (PRE Matrix), attacks against specific OS (Windows, Linux, and macOS Matrices), network infrastructure attacks (Network Matrix), cloud infrastructure attacks (Cloud Matrix), and attacks against containers (Containers Matrix).

When going back to the question, it does seem like the problem wants us to research more into the Enterprise tactics.

When I click on the Enterprise Tactics, there are a lot of sections within it. The CTF problem states that there was a "Valid Accounts" technique, and another technique with Initial Access Mechanism.

After clicking on the Initial Access, there were a total of 9 techniques I found. I was able to narrow it down because the CTF problem stated the Threat Actor was able to get onto our network by using a VPN, which was the "External Remote Services: T1133".

This problem did take a lot of time, as I was a little bit confused on the 3 sections: Enterprise, Mobile and ICS.

CTF Challenges: Forensics

TheRealChiwoo — Wed, 13 Sep 2023 02:10:37 +0000

Brief Overview

About 2 months has passed since my first post, and I guess you could say that I took a long hiatus. Firstly, the summer has now started, and I am now interning at MetaCTF, a Capture-the-flag development company where I (as an intern) create/solve different CTF problems. I'll probably write more about different things I learn as an intern, but for now, I believe I will be working as a "Content Development Intern" as well as a "Software Development Intern". Currently, there are 8 categories within the MetaCTF challenges, and today I will talk about Forensics.

What is Forensics?

Ok... so what is it? Forensics is the science of collecting, inspecting, interpreting, reporting, and presenting computer-related electronic evidence. To simply put, you're basically an online detective who deals with locating the data that was compromised during a cyber attack!

Can PowerShell please join us on the stage?

Now that we know what the category can cover, let's do some actual CTF problems to help us better understand the field.

This problem was recommended to me by my boss (shoutout Roman).

The problem mentions a "powershell command", and by looking at the command, it seems like it is a window's terminal command. As a beginner, I'm not particularly sure what the command does, so a quick google search won't hurt!

One of the first websites that pop up is... malwarebytes? I guess it is malicious huh... Anyways, it does say "[System.Convert]::FromBase64String($a)" in the post. It seems like the big string given in the problem needs to be decoded with something, so let's open up a tool that will allow us to convert it!

AHHHH HAAAAA!!!!!! I guess we found the flag! The first problem didn't seem too difficult... But on to the next!

CTF Challenges: Forensics

TheRealChiwoo — Tue, 13 Jun 2023 18:18:10 +0000

Brief Overview

What is Forensics?

Ok... so what is it? Forensics is the science of collecting, inspecting, interpreting, reporting, and presenting computer-related electronic evidence. To simply put, you're basically an online detective who deals with locating the data that was compromised during a cyber attack!

CTF Forensics Problem

Now that we know what the category can cover, let's do some actual CTF problems to help us better understand the field.

This problem was recommended to me by my boss (shoutout Roman).

AHHHH HAAAAA!!!!!! I guess we found the flag! The first problem didn't seem too difficult... But on to the next!

Starting from nowhere

TheRealChiwoo — Thu, 20 Apr 2023 16:22:14 +0000

Starting a blog... I haven't done anything like this since I was a kid, but I do want to track my progress.

So lets start with an introduction, shall we?

My name is Chiwoo Chang, and I am a CS student at the University of Virginia. I am majoring in Computer Science, and minoring in Data Science, and am planning on obtaining the Cybersecurity Certificate at the end of the year.

I feel like one of the biggest factors that lead people to stop doing anything is the fear of the unknown. Beginning from nowhere. Well, I guess I'm doing exactly that. I do have some brief/basic knowledge of Cybersecurity concepts, but basically 0 technical skills. Shoutout to my friend @sshad0w for putting me on, but lets start by practicing the basics.

I also will upload progress videos on my youtube, so check that out. All my links are on it as well.

YT - https://www.youtube.com/channel/UCCS-q7NCUlINQlXdAntUI1Q