10.2 Insufficient Logging & Monitoring Lab Instructions Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

12 hours 9 minutes
Video Transcription
Hey, everyone, welcome back to the course. So in the last video, we wrapped up our discussion on insufficient logging and monitoring. So we talked about wouldn't means why it's important and what kind of impact it may have on the organization.
In this video, we're gonna do a quick lab on the subject. So we're gonna actually start off by doing a password cracking attack or a password attack using a tool called Hydra.
And then from there, we're gonna look at the logs to see what kind information was monitored or, you know, lob. And if there was any monitoring or what kind of offering we might want to put in place as defenders of the organization.
So as usual, we're doing this on the side of the cyber lab environment, so you'll meet access to that. I've already got the lab pulled up there in the background. And as we normally have seen throughout these labs in the course, we've got the little pop up box. All we have to do to close that out. They just click on next. And okay, now that'll take us to the Cali Lennox log in screen.
So, as usual, the same username and password have been using throughout all of these labs. The log in for the Cali Lennox is gonna be student all over case, and then the password is gonna be student as well. All over case.
Once we enter that in there, it'll august into the Cali desktop. As we've normally done. The first thing we're gonna do is go turn off the screen lock feature, and then we'll jump into the rest of our lap
so it might take a moment of soda. Pull up here for us. You'll see it finally pulls up in the background there.
And so we've gone in already through step five. We're going ahead and loved into Callie. We use in the student and student for the user name and password.
And before we open up a terminal, we're gonna go ahead. And, as I mentioned, take off the screen lock. So just click this little arrow at the top right of the screen That'll pop a bottle, a little menu for you, and then just click on the settings icon at the bottom left. So this this one that looks like a little screwdriver and a little monkeys ridge
all right. Once you click on that, it might take about 45 seconds or so, but it's gonna open up another page for us here on. So once we have this open, we're gonna click where it says privacy,
and then we'll select screen locked at the top. It's gonna open up a puppet box for us and we'll turn off the screen, locked by moving the circle to the far left side here.
So once we do that, we could just x out of these and we'll be all done with that.
And now we'll go ahead and launch our terminal window,
which is Step six in the lab document.
So we do that by clicking this little black box on the far left side. Here, you'll see if you have your mouths over top of it. It shows you that terminal is what it's called, and that's what we're looking for. Once you click it, it'll open it up for us.
Now again, all the step by step lab guards are in the cell phone. Mental resource is sections, so if you haven't downloaded those yet, be sure to polish this video. Go do so That way you can follow through all the labs in the course, and I also want to mention that we do after this video. We have a capstone lab that I'll show you. Now, I'm not going to walk you through it.
And I'm also not going to provide a step by step guide because I would defeat the entire purpose.
I love having a capstone left s Oh, I'll show you, uh, show you the lab. I'll show you what it looks like. But again, we're not gonna walk through that particular lab step by step because I want you to actually do it as an activity as the culmination of this entire course.
Also in the supplementary sources. I've listed out different labs you could do as well, so we focus on several laps in this course. But there are many labs in the catalog that are pertinent and relative to old lost type of issues. Right, So all lost, you know, top 10 items.
So I've listed those out as well. In a separate document in the supplement of resource is section. So you you'll have a wealth of knowledge that you can use moving forward.
All right, so enough die aggression there were at the terminal now, so we're gonna go ahead and type in this command right here. So cat log in dot t x t.
So Kat, log in, not t X t and then just press enter into keyboard.
So showing us the parameters of the application.
All right, so for the log and request, So step eight here. Now, what we're gonna try to do is brute force the log in page for remote mutilate a utility. Excuse me. We're gonna go ahead and perforce the log in page for that. And as I mentioned with a tool called Hydra
Now the next step here, it's gonna be a long step. We're gonna enter this long command here. So this is all one command that we're using and you'll see it's on different lines, and that's mostly because of the document here. But we just have a space between form and this quotation mark as well as a space between the Logan is continuing on here on the next line.
So just f y I am that This is all one long command. We're not gonna press interest. Who we've entered all that. It However, just like we've done in the past, we're gonna go ahead and go step by step through this command to make sure everyone interest it correctly.
So we'll start off by telling Kelly Lennox we want to use hydro. So let's go ahead and do that. So well, type in hydra. Now that we're gonna type of space and then a dash lower case f
we'll put another space
and there were two type of dash lower case L Space admits, Let's go and do that now So type dash lower case L space admin.
We'll put another space
We're gonna now type dash capital P
So it's just going type that now dash capital P space And then we're gonna put ford slash user ford slash Share. So let's go and type that in.
So for its last user us our forts. Last share.
now we're gonna type in ford slash wordless
forward slash rock you dot t x t so forth slash wordless ford slash rock You don t x t
So let's do that now for its last word list four slash rock you dot t x t.
All right, so next we're gonna put a space we're gonna put Mattila date.
So it's going to do that now. We'll put a space
Mattila day. So it is specifying what we actually want a brute force against.
We'll put another space, and then we're gonna put http dash post dash form.
All right, so here we're in a type, http dash post dash form will put a space,
and the next we're gonna put a quotation mark ford slash and will put me till today.
So we put a quotation mark Ford slashed, Mutilated A
Let's go back to our lab document. So now we're gonna type in ford slash index dot PHP
ford slash index dot PHP. Now, if I'm going too fast, if you're kind of, you know, new technology type of stuff, then by all means pause the video as she as I spot off these commands and just do it off the step by step guide on, And that way you can follow along with everyone else. I try to keep these videos paste where most people were. The majority of students
will fall into into the bucket
and that way, you know, and unfortunately, that means that there will be certain students that will have a hard time fellow along because they will find that I'm going too fast for them. Whereas other students will find I'm going too slow. So I try to get right there in the middle ground so most people are able to follow.
Then again, that's why would provide the step by step guides and everything for you as well.
All right, so we've talked an index dot PHP We're gonna now type question mark in page.
Let's go and take that now.
So question mark in page What's gonna happen equal? Sign there
and there were two type log in dot PHP. So let's type that now wagen dot PHP
and we're gonna type colon and then use your name.
So Coghlan username. And as you can imagine, this is why criminal Attackers automate everything so they don't have to sit here and type these commands a 1,000,000 times. That's why you just write a script for high drive, for example, and just let it go. Brute force.
All right, so we got user name here,
Got that headed in there. What's gonna add equal sign there at the end of user name and then we're gonna type this'll. It'll up payroll thing. I forget exactly what is called think care, carrot. I believe it's what is called in the English language.
Don't tell my English teacher from college and be like, What are you doing? Eso the carrot symbol here on? We're gonna surround the word user with the carrot. Simple. So let's go and do that now.
All right,
so now we're gonna type the ants ampersand symbol and then the word password. So let's go ahead and do that.
And now we're gonna type the equal sign will type the carrots again with passin in between it so equal sign and then we'll type are carrots again with pass in between it
And then now we're gonna type the after san again,
and we're gonna type log in So jefferson and then the log in
Type that again ever Sand in the log in
and never a type dash PHP, dash, submit dash button. So dash PHP dash, submit dash button.
All right, now we're type equals log in.
So when do the equal sign in, log in with a capital l there
and the next we're gonna do the colon and then password.
Let's do that. Now We'll do Colin and then password.
And then we're gonna put space incorrect and then end it with quotation marks. So
we'll put a space incorrect
and ended with quotation marks. So a whole lot of stuff we typed in there,
so just verify that you've talked everything correctly in there, and we'll go ahead and run the attack now. So this press enter into keyboard once you've touched all that in, now it's going to take probably a minute or so to run this. So I'm gonna actually pause a video while it runs this brute force attack and I'll pick up in the next video. We'll take a look at our output.
Up Next