 Well, hello, ho-ho everybody. My name is John Hammond and Merry Christmas or Happy Holidays Whatever it is you're celebrating it is the holiday season You know it's finally that time of year again You get your friends your family everyone together get warm and snugly by the fireplace You're having your hot chocolate or your eggnog and all of your loved ones around you completely ignore them because you're gonna be playing Some online cybersecurity exercises So I am super duper excited to help kick off the try hack me advent of cyber 2 There is a lot of awesome stuff in store for this game and this is gonna be a great year to help celebrate and enjoy it with So let's dive into this video and we're gonna get started with the try hack me advent of cyber 2 Okay, so before we get started I want to take a quick second to get everyone on the same page just in case You don't know what this whole advent of cyber thing is the try hack me's putting on and John keeps talking about so let me fill you in Advent of cyber is a cyber security exercise or event that's lasting 25 days and it starts like right now We're kicking it off you and I together But every single day for the next 25 days a new beginner friendly guided Handholding cyber security challenge is unleashed and you get to work through it. You get to solve it It's this new task a new puzzle a new problem or an activity or an exercise that you can learn from and that's the whole point The whole point is to learn something new Expose yourself to new technology get familiar with something new inside this whole big wide realm of cyber security Maybe it's a field that you're super interested in you want to break into or maybe it's something that you'd like to have be your day job Some day or maybe it already is your day job and you want to get better at that thing you do every single day That's what advent of cyber is all about it's all about having fun It's all about learning and it's all about enjoying this holiday spirit, right? Enjoying the holiday season So this event is completely free advent of cyber exists all online and it's completely free There are no costs whatsoever to participate and play so I don't know have some fun Tell your friends get your family on keyboard do the cool stuff and if you do play It's not like a competition, right? It's it's funny because it's it's gamified But it's not a competitive thing with the scoreboard and all the points are like oh super serious It's about having fun But if you play if you participate the more challenges that you solve the more tasks that you complete the more Raffle tickets you'll get and if you have all of these raffle tickets You'll have a chance at winning one of the prizes and there are a lot of prizes like there's over like $13,000 in prizes. It's kind of crazy We'll take a look at it in just a second But if you work through all 25 of these daily security tasks You'll earn a little certificate of completion and that's pretty awesome and hey just for funsies There are some special tasks created by myself or the cyber mentor or Tiberius and Darkstar All awesome and incredible folks kind of in the community except for that John Hammond kid I don't really know why he's in here So if you scroll down you can get a little bit more detail as to what's going on every single day Inside of the advent of cyber this showcases a really really nice kind of breakdown of what's happening when what you'll learn and Kind of a cool spotlight. Hey some love for the sponsors and the people that help really make this happen So kudos give the credit where credit is due and you can also Hey, maybe kind of zoom in as what is happening when for some of the special days that might be created by another Individual not just all try hack me staff. I think I'm on day seven I see the cyber mentor on day 14 Tiberius comes out just following that there we go on the 19th and then Darkstar wraps it up as we get to day 24 just before Christmas I mentioned we would take a look at the prizes and you can see they are defined here in this paragraph There will be a random winner every single day out of the pool of players that completed a single day's task One will be chosen at random to be the winner and receive a prize at the very end of the competition Every single participant every single player that's completed that has participated in the advent of cyber They'll be given a raffle ticket and again out of that entire pool Some random winners will be chosen, but the more tasks that you complete the more raffle tickets that you get So every question a user completes the higher their chance is of winning and these prizes are awesome Take a look the INE cyber security pass the PWK course and the OSCP exam certification from offensive security Proving grounds vouchers security plus certification stuff from comtea try hack me subscriptions try hack me swag vouchers The Windows Active Directory throwback course and some awesome toys Raspberry Pi here some hack five gadgets and a total prize pool value of 13,377 US dollars. That's crazy. Cool. That's gonna be a lot of fun The certificate looks super nice. You can take a look at that there and of course this is running until December 25th the classic ground rules that you should familiarize yourself with but hey, that is enough talk Let's get to the real stuff. Let's finally kick this off and let's jump into the first task Day one December 1st. Here we go Okay, everybody, here we are I am joined in on the room of advent of cyber 2 and we're going to get started with cyber security in 25 days Doing a new beginner friendly security challenge every single day leading up until Christmas So all of this kind of boilerplate stuff is everything that we have already talked about and I don't want to beat the dead horse Even more than I already have But you can see our our mean mugs over there and all credit and kudos to the try hack me team So let's mark that we have read all that because we have on the other page and that will mark task one complete Now let's hop on over to task two our socials I'll slide down here. It looks like we could join the discord community follow try hack me on Twitter and join the subreddits We're gonna be choosing a random winner every day everything. We've already discussed and I'm in the discord. I obviously already follow them on Twitter I'm not yet in the subreddit because I'm not that cool, but let's check out task number three These are of course some rules and a little tutorial here Now this is something that I really like because the thing with try hack me is that you have to connect to their VPN server, right? You got to get into their virtual private network because try hack me has to have a network of all these Virtual machines or computers and boxes and systems that you can beat up and hack right as part of try hack me But sometimes that can be kind of clunky and annoying because you have to have an open VPN client gimmick here You don't always have to because with try hack means attack box you can connect in your web browser You don't need to have any specific environment or downloaded software or Custom operating system and distribution you can do it all in your browser with the attack box and that's super neat The attack box for a free user is Available for one hour a day and if you're subscribed you can deploy it for an unlimited amount of time But let's fire this up if you scroll back to the very very top of the room You've got this start attack box option here And it'll go ahead and start your machine and then pretty soon It'll just pop open over on the side of the screen and it'll spin up this machine for you to use Super handy super nice It takes a little bit of time for it to spin up, but that's okay We'll use that opportunity to keep cruising through this boilerplate startup and everything looks like we also discuss Subscribing being able to join the try hack me community and I All probably t-shirt cannon some try hack me vouchers out in the in the in the chat. So hit me up The story here we go. This is where I'm gonna start to read little bedtime story for you guys So I hope you guys are are still in your snugglies too and you're warm and cozy by the fire Let me read this to you the Christmas story After last year shenanigans where elf McElpherson and elf McSkitty were on damage control mode the entirety of December McSkitty vowed to never let that happen again The previous Christmas period was extremely stressful with the Christmas monster managing to compromise every system with Insana's corporate infrastructure to prevent Christmas from happening. Is Christmas still in danger this year? McSkitty showed a great promise with the previous incident and was tasked with building up a security team within Santa's company The best festival company Due to resistance for management budgeting and bureaucracy issues McSkitty was only able to start building out her team from the 8th of November Since then she's only hired two team members one security specialist elf McHacker and one intern elf McEager Now it's the evening of the 30th November McSkitty's team has been working hard to prevent any downtime and Security incidents within the entire network and the application stack of the best festival company McHacker suggested installing a VPN and only allowing access to the infrastructure via that VPN After a long 8-hour installation and deployment McSkitty opens her monitoring dashboard and notices that no traffic is flowing to any of the Applications this was expected as no one had access to the VPN. Thank God She said getting hacked again is not an option Ring ring ring ring her elf hotline starts ringing and she jumps Santa's schedule isn't working I can't see anything yells elf Mcassistant within a matter of seconds hundreds of phone calls come in and elf McSkitty gets that Sinking feeling in her stomach She quickly dispatches McHacker to analyze the VPN logs He notices a payload that resembles a VPN authentication bypass that allows anyone to bypass the VPN Did someone install the wrong version? With the poor state of security across the entire network this unknown actor managed to access all applications and their underlying servers Unlike last time no one has claimed responsibility for this incident. Oh, here we go again. She sighs It's up to you elf McEager and the rest to save Christmas Please take note tasks are released daily the Christmas story is used within some of the tasks So please make sure you read the above. I painstakingly read all of that to you Let's move into day one the real task here All right, there's a lot here. We have a virtual machine we can deploy so I can go ahead and deploy that it takes I think about two minutes for it to spin up that virtual machine But we can see our attack box has been spun up and created over on the right side of my screen here All right, I'll zoom out a smidge so we can see our attack box smoothly And let's go ahead and take a look at what we're doing for day one a Christmas crisis Now the description of this task has a lot of text and there's a lot of reading But I want to read it to you because this is all about learning so bear with me You can follow along but let's get started the description of this task reads the best festival companies brand new open VPN server has been hacked and This is a crisis The attacker has damaged various aspects of the company infrastructure Including using the Christmas control center to shut off the assembly line It's only 24 days until Christmas and that line has to be operational or there won't be any presence You have to hack your way back in to Santa's account Blast that stinking hacker who changed the password and get the assembly line back up and running again Christmas will be ruined After giving you the assignment Mxkitty hands you the following dossier and I have no idea if I'm pronouncing that right, so I'm going to call it a note The following note of important information for this task before reading you press the big green Deploy button to start the control center and that's the deploy the virtual machine button which we've done up here And now we can read a little bit more. It says the web The web or the internet is one of those things that everyone uses But a few people bother to learn about and understand it as hackers It is vital that we understand what exactly the web is and how it works When you open up your web browser and navigate to a website, it seems so simple, but what is really happening behind the scenes? first of all your computer communicates with a known DNS or domain name system a DNS server and That's used to find out where the website can be found on the internet The DNS server will then return an IP address for the remote server This can be used to go directly to the website You can think of the internet as being quite like the planet itself We have a lot of locations all over the world all these places. They all still have a street address And this is akin to the domain name of a website like try hack me calm or Google calm But they all have coordinates which can be used to pinpoint their location with absolute accuracy The coordinates are like the IP address of a website If you know the street address of a location, you can enter it into Google Maps and be given the exact Coordinates which can then be put into a sat nav and take you there with pinpoint accuracy In the same way your browser is given the address of a website like try hack me calm It sends this address off to a DNS server which tells it the coordinates or the IP address of the site Your computer doesn't understand the original human readable domain name, but it does Understand what an IP address is The IP can then be used to find the server across the internet Allowing your computer to request the content of the webpage of course in reality This is a highly simplified analogy So a more in-depth explanation can be found here and that link will take you to another room Then we'll read a little bit more about HTTPS Once your computer knows where it can find the target website it sends something called an HTTP or hypertext transfer Protocol request to the web server Now this is just a standard network request But it's formatted in a way that both your web browser and the server can understand in Practice this means adding certain headers to the request which identify it as an HTTP request and Tell the server a variety of information about the request as well as your own browser Amongst many other headers HTTP requests always have a method and a target These specify what to retrieve from the server the target and how to retrieve it the method The method most commonly used to retrieve information is called the get method When sending data to the server, it's more common to use a method called post For more information about HTTP requests methods and headers check out the web Fundamentals room and that link will take you to another room Once the content has been retrieved from the server your browser reads the retrieved code and renders it as a web page This usually means taking the layout of the page from an HTML document or hypertext markup language Styling with connected CSS or cascading style sheet file and then adding any dynamic content with one or more connected JavaScript files HTTP has one inherent disadvantage Namely it is not secure Anyone can see what you're requesting and what is being sent back to you for this reason HTTPS or the hypertext transfer protocol secure protocol was invented This works in exactly the same way as standard HTTP, but provides an encrypted connection The functionality of which is beyond the level of this note and its explanation Then we read a bit more about cookies HTTP is inherently a stateless protocol That means that that no data persists between connections Your computer could make two requests immediately after each other and without relying on separate software The web server would have no way to know that it was you making both those requests This begs the important question If HTTP is stateless, then how do we log into systems? The web server must have a way to identify that you have the right level of access And it can hardly ask you to enter your password every time you request a new page The answer is cookies Tiny little pieces of information that get stored on your computer and get sent along the server along with every request that you make Authentication or session cookies are used to identify you And these will be very important in your mission today The server receives your request with the attached cookie and it checks the cookie to see what level of access you are allowed to have It then returns a response appropriate to that level of access For example, a standard user should be able to see but not interact with our control panel But Santa, Santa should be able to access everything Cookies are also often used for other purposes such as advertising and storing user preferences like a light or dark theme for example However, this will not be important in your task today Any site can set cookies with the variety of properties The most important of these for today's tasks are the name and the value of the cookies Both of which will always be set It's worth noting that a site can only access cookies that are associated with its own domain In other words, google.com can't access any cookies stored by trihackme.com and vice versa It's important to note that cookies are stored locally on your computer That means that they are under your control You can edit, add or delete them as you wish There are a few ways to do this However, it's most commonly done by using your browser developer tools Developer tools can be accessed in most browsers by pressing F12 on your keyboard Or the key combination, Control, Shift and I With the developer tools open, navigate to the storage tab in Firefox or the application tab in Chrome or Edge And select the cookies menu on the left hand side of the console In the above image you can see a test cookie for a website The important attributes name and value are shown The name of a cookie is used to identify to the server The value of the cookie is the data stored by the server In this example, the server would be looking for a cookie called cookie name It would then retrieve the value cookie value from this cookie These values can be edited by double clicking on them Which is great if you can edit a session or an authorization cookie Because this could potentially lead to an escalation of privileges Assuming you have access to the administrator's authorization cookie Alright, that was a lot of talk Having read the lengthy note, you get ready to hack your way into Santa's Christmas Control Center You enter the IP address at the top of the screen into your browser search bar and press Enter to load the page Remember that machines can take up to 5 minutes to boot up fully And it looks like we have our attack box already deployed And the task machine, that green button when we deployed it earlier We can open Firefox on the attack box and copy and paste the machine's IP address into the browser search bar So at the very very top of this task, when we hit that Deploy button It created a new virtual machine that's visible up top So I can see the Christmas Crisis Task has a machine spawned with this IP address I could copy that and I could add a little bit more time so I could use it in the network environment Or I can stop the machine In this case, I want to go interact with it within the attack box So I will take note of this IP address and I will go open up Firefox in my attack box Once the attack box is open, I'll navigate to that address bar as it suggested And I'll type in that IP address, 10, 10, 13, 1, 0, 4 With periods separating each of those And I'm greeted with this Christmas Control Center And I have a username and password prompt I'll zoom in a bit here Now let's go back to the tasks and see what I should do next We can hit the completed button on deploying all the machines It says register for an account and then log in Okay, so my username can be John And I'll set my password to super secure subscribe Now I can hit log in Oh, duh, I need to register an account I can't log in just yet That's kind of what that said So password subscribe and I will register There we go, it created an account for me So I can now log in with John and subscribe Now I can log in There we go Okay, now I have a view console and I can see all of the active settings on the controls of this thing Everything is currently turned off But I must need to do some cookie manipulation And we can do that with what we've just learned about opening the developer tools Following the instructions in the task prompt and description I know that I can open my browser's developer tools by pressing F12 on my keyboard So I'll press that And now I know that I need to navigate to the storage tab Because I'm in Firefox as my web browser So alongside inspector, console, debugger, network and style editor I don't see storage here But it's hidden behind this little arrow So I can click on that and select storage And that will open up the storage prompt here for me Now I know there's not a whole lot of room for me to showcase this So I'm gonna drag this up a little bit And drag this down So you might be able to see under this cookies section that I'm in currently And the web browser IP address 1013104 For this specific server we've deployed I can see that there is a cookie being created With the name Auth I also see a value here 7B22636FD6D70 Dot dot dot And I can't make a whole lot of sense of that Auth just seems like random numbers and letters to me right now But if I were to double click on this I might be able to learn a little bit more about it I'll have to drag this down for my view And make it so that I can access the rest of these values But if I double click on this As it said, I could just simply edit this name to be anything I want I know that it should have the value Auth Because that is what the server is going to be looking for Remember it needs to know the name of the cookie For the server to be able to actually identify Because that's what the server wants to read So down below when it asked in that prompt What is the name of the cookie used for authentication We know that it's called Auth Or AUTH Now I can hit submit there And now I have this value This other question that's asking In what format is the value of this cookie encoded I don't really know about that one I see all these numbers and letters But if I double click on it and I drag my cursor There's a lot there There's a lot more data to it And I'm not exactly positive was it it What it all is One of the great things about try hack me though Again, this is all about learning It's all about your education So if you're stuck If you just don't know something Try hack me will willingly Give you some of the answers and solutions And write ups To walk you through a specific process You can take a hint And there's no penalty There's nothing wrong There's no shame in taking a hint If you click on this hint button here It tells me Oh, this is often used as a shorthand For binary Hmm Well binary That means zeros and ones And us as people We count in Base 10 When binary is base 2 When we talk about Counting with base 10 We go from 0 to 9 And then start over again adding another Kind of decimal place Or another digit So This must be referring to a different base Other than base 2 Or base 10 I see all these numbers 7, 2, 3, 6, 0, 1, etc. So we're covering 0 through 9 But by also see The letters And then f Now that brings me up to 0 To 9 And then I go to 15 So including the 0 we have 16 numbers Or 16 different characters we can use To represent data That Isn't base 2 For binary It isn't base 10 For decimal But it's base 16 For hexadecimal Data and the numbers that we're talking about So that's the answer that this question is looking for It wants me to type in Hexadecimal I can submit that there And that's correct Okay Having decoded the cookie What format is the data stored in Or what do you mean Decode the cookie I have this value here that's just a Some base 16 or hexadecimal value But I don't know what you mean by decoding it Let's take a look at that other hint It says Use cybershaft to decode the cookie The format is a very common one Often linked to javascript Okay And there's a link there and it's using Recipe from hex So if I copy this value That we have And I see in my bookmarks For the attack box browser I can open up another tab And open cybershaft That can be really really helpful For maybe experimenting with other representations of data Over on this input tab I could just simply paste in That big long base 16 string But when I say base 16 And I call it hexadecimal It's hex So I want to convert that Into a different format That I might be able to read and understand Because it's just a representation With these numbers and symbols But in a different format Like maybe understanding The ASCII representation Or how computers understand that In their numbers sense How do we bring that to letters In English character sense Let's use that from hex operation So I can click on that And drag it into the recipe pane Here in the middle There we go I see down below Let's move that real quick You can see that the company Is the best festival company That's exactly what we're talking about here And the username is john Or just what I typed in as my user Okay So this curly brace here In these string notations With kind of these double quotes That's creating what looks like A javascript object And written out in this format Kind of opening and closing curly braces With sort of a key Being set to a specific value That is the javascript object notation Or the J-S-O-N Or JSON And you can type that in here That answer here is J-S-O-N JSON The javascript object notation Let's hit enter on that And that is the correct answer So Now we want to figure out We want to know what is the value Of Santa's cookie Well When we were interacting With this page earlier We could like log out maybe And try to log in as Santa But we don't know his password We could try, okay Santa Claus or subscribe again But nope That is the invalid username or password So maybe we need a specific cookie That we could forge Or kind of manipulate How the cookie is built now All it takes is the username So Could we maybe craft our own cookie Where I changed the name John To Santa? Let's do that I'll copy and paste everything That's in this output here And I'll actually move that Into the input pane But first I want to remove This from-hacks operation Because we're going to actually And then convert it back to-hacks But we'll do that after we've manipulated This username here We'll make that Santa Right? Because then when the web server examines this cookie That auth cookie It'll see the username is Santa And it'll think that we are that user It will authenticate us as Santa That's what we want to do here So Let's use that to-hacks operation In Cyber Chef Now you can see it created a lot Of output with spaces here But the cookie didn't have spaces in that So let's change the delimiter The delimiter here is currently set to a space But I'll bring that down to none Now I have that big long hexadecimal string And I can copy that And go change the current user By simply modifying this cookie Back in our web browser Back to the application I'll once again hit F12 on my keyboard To create the cookies here And because I logged out There aren't currently any cookies Present So I guess we could try and add one of our own But will it behave? Will it work? I guess it's worth a try If not, we can always go kind of modify one That we had the web server created for us So the name we know needs to be Auth And I'll type that in And then the value needs to be that big long hexadecimal string That we got from CyberChef Great Now if I go down And refresh this page Ooh, looks like I'm logged in Without even entering a username and password That's awesome That's what we wanted to do And of course Now we know the value of Santa's cookie So let's copy this value And go paste it in here Oh, I can't really paste it Because it's inside the context So let's go use this little Panel browser here And let's click on that clipboard icon So I can see this value for real Now I can drag it to my real machine Rather than operating through the browser So I'll paste that in And hit submit And that's correct There we go And now we'll go back to the Christmas console I need to go enable All these parts of the assembly line So I'll turn my face off again real quick And I will turn This part picking to yes Assembly to yes Painting to yes, touch up yes Sorting yes, slay yes And there we go Now at the very very bottom I see this weird funky string But that format THM Stands for try hack me And these curly braces That indicates a flag Or a special string or key That I can use to submit To prove that I've completed this task Again, try and bring it over But I can't I'm going to have to maneuver it With the clipboard here Now I can copy and paste this Submit And there we go Congrats, we completed that task Oh boy Alright Well hey, that was awesome That was the first task Day one, December 1st For the advent of cyber 2 And man oh man With this advent of cyber room I'm really excited I hope you guys enjoy my task day 7 I know the cyber mentor is going to be incredible I know Tiberius is going to be great Darkstar is going to be great All of these rooms Not even just the special All of these are going to be a ton of fun And absolute blast I hope to showcase some of these And some videos for you But I hope you had fun with me You know goofing off And in this little get up here And get your work in through On the advent of cyber 2 And I'll see you online Try hack me dot com slash Christmas Take care I'll see you in the next video everybody