Once the CyberShaolin Learning environment has been launched, you should see a terminal where you can type in commands.

First navigate to the home folder by typing cd home. and then type ls
You should see the name reuben. This is a user account. Now navigate into the reuben directory using the cd reuben and press enter. Then type the list command to list out the files in that directory. Type ls and press enter.

Generally the first thing we will do is to generate the passwords file, but for this learning activity, the password file (called etc_passwords.db) is provided for you. You can directly use that. To crack (find out) the password, we will use the tool John The Ripper (JTR) or simply john. In the terminal window, type john etc_passwords.db. It may take a minute to crack. When the password is cracked (known), you will see a message on the screen which says reads Loaded 1 password hash. To see the credentials (in this case password) on the screen, you can use the --show switch with your john command. Type john etc_passwords.db --show and press enter. You will see that the password from the etc_password.db file is displayed on the screen.

The way ssh (secure shell) works is it encrypts data (we will be encrypting with the RSA algorithim) using a encryption key. This encryption key has two parts the public key and the the private key. You can think about it this way half of the key is the public key and the other half is the private key to form the whole key you need both so you can unlock the door.

Make sure that you are in the reuben folder. If you are not already there, then you can use the cd home/reuben command to get into that directory. Now Type ls and press enter. You will see a folder named ssh_keys. Navigate into that director by typing cd ssh_keys, and then type ls and press enter to list the contents of that directory.

JTR actually has a program called ssh2john that will combine the public and private key making the hash file that we can crack, but we already did that for you. So you should see a hash file called reuben_rsa.hash.

The next step is to crack the password by which this reuben_rsa.hash file is secured. We are going to use JTR, but this time we are going to input our own wordlist. JTR has a default wordlist that it uses if a wordlist is not provided. It is important to know how to use your own wordlists in case you need to crack a password that does not appear in the default wordlist. There are wordlists on the web that you can download for free or pay for. For this exercise, we have edited a wordlist on US cities. Note: Reuben and his family like to travel a lot and have been blessed to travel to nearly 30 countries and given keynote talks in over 10 of those 30 countries as of 2020. So Reuben's password maybe a US city or one that he has made up. To crack that password, type in john --wordlist=/usr/local/share/john/wordlists/us_cities.txt reuben_rsa.hash and press enter. You will see that Reuben's password is a made up US city called 'Wolverine Lake'.

What is Steganography?
Steganography comes from the greek words steganos which means 'covered' or 'concealed' and graphine which means writing. Hence, Steganography means concealed writing.

Steganography is the technique of hiding secretive data in ordinary non-secret messages most commonly in images or audio files. The secret data is then extracted using steganography extraction methods.

Stegenography is a very common technique used by spies they use this to communicate stealthily.

steghide

We are going to be using a tool called steghide that can hide data in images or extract data that are hidden in images.

First navigate into the stego folder in the is in nested under the folder called reuben in the home directory.

Type cd .. and press enter to navigate to the parent (previous) directory.
Then type ls and type enter to list the contents of that directory.

You will notice that there is a directory called stego in there. Now navigate to that stego directory by using the cd command. Type cd stego from the reuben directory. Then type ls and type enter to list the contents of that directory.

The hacker bros - More than what meets the eye
You should see a image named hacker_bros.png. In order to see the image, there are a few things you can do. Click on the Tab that says HackerBros Website. This should open up your default browser and display a web page with the image in it.

The web page will give you a description about the image and then inform you that There is more to this than what meets the eye and that there is a hidden message that you must try to uncover.

This informs you that Steganography is being used to hide a message inside the hacker_bros.png image file, some information is hidden in the image.

To find out what the hidden message is, we need to extract the message from the image itself.

An enigma
Usually a secret steganography message would require a password to extract the data/message. In this case the password is enigma.

To extract the message, we need to specify the steganography file (-sf), a password (-p) and the file to extract the message/data to i.e., the extracted file (-xf).

Type steghide extract -sf hacker_bros.png -p enigma -xf message.txt and press enter.

Now type ls. You should see a file called message.txt.

Try reading the contents of the message.txt file using the cat command.

Type cat message.txt and press enter.

You should see some garbled text that looks like this.
CkFsd2F5cyB1c2UgeW91ciBjeWJlciBza2lsbHMgZm9yIHRoZSBnb29kIG9mIGh1bWFuaXR5LiAKClJldWJlbiBSQVBzdDRyIFBhdWwgYWthIFRoZSBDeWJlciBOaW5qYQoK

Something Basic - An encoded secret
The content of the message.txt look garbled and is not humanly intelligible because it is either encrypted or encoded. In this case, the message is encoded.

So to read the message, we will use the base64 -d command which will decode the encoded text.

Type base64 -d message.txt and press enter. The dash d (-d) stands for decode.

If the command runs successfully, you should see a quote that says.
`Always use your cyber skills for the good of humanity.

Reuben RAPst4r Paul aka The Cyber Ninja`.

In this course, you have learned techniques that hackers use to hack secrets such as password cracking and phishing.

In the end result of this training kwoon you should have the credentials harvested in the /var/www/html folder.

Hope you had fun learning! :-)