Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
14

Video Transcription

00:02
I welcome back to the course. So in the last video, we actually set up our photos for a lab. Now, again, I mentioned that I already had a couple saved that I'm gonna use for the lab. But go ahead and use the ones that you saved in the one you edited.
00:12
So here in this lab, we're gonna actually analyze the photos, so just make sure you log into the Windows machine, which you should still be, And then just open the folder with the original photo that you had saved as well as the edited one You would say so if you say those to your desktop, that's fine. Just you wanna open both these photos?
00:28
So we're first going to do a visual check of these photos and see if we notice any differences. So again, I had a couple saved here, so I'm just gonna open them both up,
00:35
so we'll start with Cat one Dodge a peg.
00:39
It's gonna take a moment or so to open up, and then we just want to open our other photo as well. So we want to open them side by side. You may have to adjust your the size of the photo and that sort of stuff to make sure you can look at him both side by side.
00:52
I'm just gonna move this one over here.
00:55
Okay? So let's compare the photos. So I'm gonna compare mine. And you just walked through yours as well. Or you could just pause the video. Excuse me? You could just want follow along in this video and then analyzers as well.
01:04
So first thing I noticed here is I got a couple of cats, and they both looked pretty much the same, right? I see it. Two years here. Too easy. Ears here. Got eyes and whiskers and nose cut the mouth. Got the pause Kind of together there.
01:18
I noticed, like maybe a chair or something in the background there. Looks like the cat's got his paws on the table.
01:23
This might be a photo or window or something to the background. Kind of hanging out there also noticed the text on the screen there. First the dot first set out that matches up. Looks like all the text matches up. So these these look like the same photo to me, so I'm gonna go ahead and close him now. So if you're following along, go ahead and close yours
01:38
because they should be looking the same.
01:41
The next thing we're gonna do
01:42
is we want to actually look at the file size. So here in question one. Are there any visual differences in the photos? So I didn't notice any, so I'm gonna say no to that.
01:52
So step number five, we're gonna next, right. Click on each photo and check the file size.
01:56
Let's go ahead and do that. We're gonna check Cat one
01:59
or your particular photo and then right click and go to properties.
02:02
So I see here, that is 38.1 kilobytes. Okay, so I'm gonna keep out in my head. I'm gonna memorize that.
02:08
I'm gonna try the next file here. Right. Click, go to properties and check the file size. Okay, well, that's 38.1 kilobytes as well. So they're the same file size. Let's go ahead back to our lab document.
02:20
So are the files the same size? I'm gonna say yes to that. And I'm also gonna mark down the actual file file size. So 38. Excuse me? 38.1
02:29
kilobytes. There we go.
02:30
All right. So next we're gonna actually do a hash on each one of the files, so we're gonna start with our first file. So that's the original one you downloaded from the Internet.
02:38
So what we're gonna do, we're in a double click on the hash coke,
02:44
and then we're gonna go ahead and click the three little dots to upload our photo.
02:47
So I'm gonna actually go to where I have this photo at. So I need to go to desktop
02:53
and that for me, I have to go to my actual photos for the hex workshop here,
02:58
and then I'm gonna click on Cat one. So again, click on your very first photo you downloaded from the Internet and then select open.
03:05
Okay, so we selected the original file. Now we're gonna de select all the hash options. Except for MD. Fights were doing it a little different than that shot one. We did. We want the MD five hash on these, mostly because it's a little shorter, so it's a little easier toe. See what the differences are. So we're gonna
03:21
choose just empty five and then calculate.
03:23
All right, so we see our hash here. Now, you can write all this down if you want to,
03:29
but we're just gonna make a note of the hash. And all I'm gonna do basically is I'm gonna memorize the last couple of digits here. So the 58 Caesar afore reminder. You know, the last five or six digits just memorized.
03:39
Okay, so now we're gonna do our second photo here, So just click back on those three little dots.
03:44
Could that photo and click open you're gonna fall. The hash has disappeared
03:47
because we had already do selected the other ones without closing the tool. It just leaves an MD five, which is the one we want, and then just click on calculate.
03:55
All right, so you see here that the hash is different than what we had in the other photo, so huh? Okay, well, the officially, the photos look the same,
04:03
and we check the file size. Those were the same.
04:06
But then we did the hashes, and those are different. So that kind of tells us that maybe there's something hidden in those files,
04:12
so let's go ahead. And we're gonna close hashtag right now because we don't need it again.
04:15
let's move on with her lab. So are the file. Hashes is saying the answer to that is No, they were not the same.
04:21
Okay, so now I'm gonna go ahead and I'm gonna launch a 60 editor. So let's go ahead. Double click on that.
04:28
It's gonna launch that for us.
04:30
So now we're gonna select file and open. We're gonna do that very first photo. So that original file you had downloaded from the internet,
04:35
so we're gonna go to file and then open. We're gonna navigate wherever that file is. So I'm gonna go here to my photos
04:43
and click that cat one so that my first photo and then say open
04:46
that's gonna open it in the hex editor here again, since I'm using J PAIGC the f f d. A. Deficit.
04:51
So I'm gonna scroll to the very bottom here
04:54
and see, Justify, noticed any characters that are readable. So I see a bunch of jumbling this here so I don't notice anything hidden there. Let's go back to our lab.
05:03
So I do. I noticed any secret information type there in the first photo. So my enters. No, I didn't notice any secret type of information, like a password or something like that.
05:13
All right, So we're gonna go back to our hex editor. We're gonna select file open, and then we're gonna choose the second photo that we had.
05:18
Let's go ahead and do that. We're gonna go to file
05:21
open,
05:23
and then we'll choose a second photo. Where have you have a saved up and then just say open.
05:27
It's gonna open that one as well in a hex editor.
05:30
And so we're gonna scroll from the bottom of the page, and we're gonna look again for any secret information. So let's go ahead and do that. So well, scroll to the bottom of the page
05:38
and see. Look for secret information. Okay? Look at that. So I see that the word password is tight there. I can read that. So that's some secret information. So again, in part to the lab, we had set that up. So whatever you had type there, that's what you should see in this particular lab.
05:53
So let's go ahead and type whatever you found in there, So, yes, there were secret information and it was the word password with a capital P.
06:01
So in this lab. We just went over analyzing the photos that we had, so we took a hash on both of them. We noticed that the hashes were different. So then we opened the photos and a hex editor to see what kind of secret information might be in there.
06:15
So in the next module, we're gonna go over reporting, which is a very important component of the penetration test. Because at the end of the day, if your customer cannot digesting information, they're not gonna hire you again in six months or a year when they want another penetration test done.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor