We got started by exploring the Cyber Kill Chain. In the afternoon, we shifted focus to hashes and password cracking.
The Cyber Kill Chain is a military-inspired framework that outlines the stages of a cyberattack. This are the attack phases:
Reconnaissance – Gathering information about the target (e.g., Nmap).
Weaponization – Crafting a payload or exploit (e.g., msfvenom).
Delivery – Transmitting the weapon to the target (e.g., phishing email).
Exploitation – Triggering the exploit to gain access (e.g., CVE exploits).
Installation – Establishing persistent access (e.g., Meterpreter payload).
Command & Control – Creating a channel to remotely control the target (e.g., Netcat).
Actions on Objectives – Carrying out the attacker’s goal (e.g., data exfiltration via FTP).
After that I also had a look into the The Unified Kill Chain. This is where I learned about it: https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf
I liked this framework because its feels a bit more complete than the Cyber Kill Chain one.
After that we took a look into John the Ripper. I practiced cracking passwords from various sources, like the /etc/shadow file on Linux, using modes like word mangling, single crack, custom rules, and tools like zip2john, rar2john, and ssh2john. For example, to extract a hash from an SSH private key, we use:
ssh2john [id_rsa file] > [output file]This generates a hash file that John can work with.
After that, we jumped into a hands-on lab. It started off easy, I used online tools like CrackStation (rainbow tables) to crack a few hashes quickly. Things got harder when we had to switch to John the Ripper with the rockyou.txt wordlist.
The last one was actually trickier so to speak because it was supposed to be cracked with John the Ripper but the answer format had the first initial character in upper case and the rockyou list had it in lower case. It was impossible to find it that way. So, I went back to CrackStation, and it worked instantly.
Another hash took me 20–30 minutes to crack. It was a SHA-512 hash with a salt, much tougher than the earlier ones. I tried several John configurations before switching to Hashcat, which finally cracked it.
By the end of the day, the teacher gave us another lab to do but it was late and class was about to end so I didn’t finish it because after it, I helped and reviewed some topics from past classes with my boy Adedayo.
