|
How to Become a Hacker |
Hunched over your keyboard in your dimly lit room, frustrated, possibly on one too many energy
drinks, you check your phone. As you squint from the glare of the bright LCD screen, you barely make
out the time to be 3:00 a.m. “Great”, you think to yourself. You have 5 more hours before your test is
over and you haven’t found a single exploit or critical vulnerability. Your scans were not fruitful and
no one’s going to accept a report with a bunch of Secure Flag cookie issues.
You need that Hail Mary pass, so you pick up The Hacker Playbook and open to the section called
“The Throw - Manual Web Application Findings”. Scanning through, you see that you’ve missed
testing the cookies for SQL injection attacks. You think, “This is something that a simple web scanner
would miss.” You kick off SQLMap using the cookie switch and run it. A couple of minutes later,
your screen starts to violently scroll and stops at:
Web server operating system: Windows 2008
web application technology: ASP.net, Microsoft IIS 7.5
back and DBMS: Microsoft SQL Server 2008
Perfect. You use SQLMap to drop into a command shell, but sadly realize that you do not have
administrative privileges. “What would be the next logical step…? I wish I had some postexploitation
tricks up my sleeve”, you think to yourself. Then you remember that this book could help
with that. You open to the section “The Lateral Pass - Moving through the Network” and read up and
down. There are so many different options here, but let’s see if this host is connected to the domain
and if they used Group Policy Preferences to set Local Administrators.
Taking advantage of the IEX Power Shell command, you force the server to download Power Sploit’s
GPP script, execute it, and store the results to a file. Looks like it worked without triggering Anti-
Virus! You read the contents of the file that the script exported and lo and behold, the local
administrative password.
The rest is history… you spawn a Meterpreter shell with the admin privileges, pivot through that host,
and use SMBexec to pull all the user hashes from the Domain Controller.
Of course, this was all a very quick and high-level example, but this is how I tried to layout the book.
There are 10 different sections to this book, laid out as a football playbook. The 10 sections are:
Pregame: This is all about how to set up your attacking machines and the tools we’ll use
throughout the book.
Before the Snap: Before you can run any plays, you need to scan your environment and understand
what you are up against. We’ll dive into discovery and smart scanning.
The Drive: Take those vulnerabilities which you identified from the scans, and exploiting those
systems. This is where we get our hands a little dirty and start exploiting boxes.
The Throw: Sometimes you need to get creative and look for the open target. We’ll take a look at
how to find and exploit manual Web Application findings.
The Lateral Pass - After you have compromised a system, how to move laterally through the
network.
The Screen - A play usually used to trick the enemy. This chapter will explain some social
engineering tactics.
The Onside Kick - A deliberately short kick that requires close distance. Here I will describe
attacks that require physical access.
The Quarterback Sneak - When you only need a couple of yards a quarterback sneak is perfect.
Sometimes you get stuck with antivirus (AV); this chapter describes how to get over those small
hurdles by evading AV.
Special Teams - Cracking passwords, exploits, and some tricks
Post-Game Analysis - Reporting your findings
Before we dig into how to attack different networks, pivot through security controls, and evade AV, I
want to get you into the right mindset. Imagine you have been hired as the penetration tester to test the
overall security of a Fortune 500 company. Where do you start? What are you your baseline security
tests? How do you provide consistent testing for all of your clients and when do you deviate from that
line? This is how I am going to deliver the messages of this book.
Download The Hacker Playbook [The Best Seller E-Book in 2015]