Your Hacking Routine

[b00ms1ang]

So I just became a captain of my college's Cyber Sec team. We have a competition coming up, and most of the team is still very inexperienced. I've been working on the best way to teach what I know, as well as learn from the more experienced members of the team as well. One big thing I've seen and noticed when I do hacking work is that we follow an order of operations to test a system's security.

What is your routine/ order of operations? What do you start with, and where do you go from there? What tools or concepts do you use and how do you progress through to find as many vulnerabilities as possible?

We'll be working with networks specifically, constructed like business networks with servers, user computers, and virtual machines. Personally, I target the V-machines and try to hack away at defenses like passwords and more, but some of the more experienced members start smaller, using tools to try and access very shallow parts of a system first, and I found that fascinating. It breaks away from the brutality my cyber sec classes have taught me.

Tell me what YOU do, and what you like to use when you try to break a system!

[Jackal]

Well I have to tell you practice VMs at your local uni are very different from the real thing. Mostly in the sense that like you dont have any SOC on your ass, you can't just run Nessus and portscan away outside of the DMZ assuming you could without it being obvious like chances are most of the good stuff is behind the ASA. I've found that writing scripts to do passive recon on their job boards, XSSing employees, doing a lot of recon on the web apps and spidering them and writing automated test cases in advanced, knowing what to look for from job boards for example ASP.NET but with an MVC that would mean I can't really out right dork it I can use the harvester and whatweb or WAD it for info then after I get enough recon on all the web apps I map all their domains what datacenters their shit is hosted on their clients who the people working are their employers I write some XSS bots to target the people with my smtp servers or fake fbs and linked ins.  I also write an automated test case for the web apps I see hoping for a server side vuln. Either way doing both at a time generally gets me in the passive recon I did before on the Job Boards help a lot why because I read documentation on the type of stuff they use I will know their back end DB commands I will know the directory structure of the web platforms they use I will know what network services they use so I already have a plan and then I just sit and wait and chip away at the network enjoying how soft it is but not being too loud leaving obfuscated malware, scripts, and cron jobs in my wake slowly but surely. Long story short like if your college is good they will teach you fuzzing and assembly and different attacks maybe some snort rules that's the best case scenario and that's considered really good. However penetration tests are nothing like real attacks in my opinion especially in a university environment because it's noisy, the client side vector is usually removed, and malware is not allowed. You have time limits that force you to do things no competent blackhat would. Long story short it really depends on what you want to do like if you want to be a skilled attacker in the literal approach you can't be so dependent on brute force if you want to be a tool monkey for a firm go ahead I'm not calling you stupid I'm being honest because I used to be noisy and rush that didn't get me anything good.

[Jackal]

Long story short in the real world Web Apps  and Social Engineering to get in + Systems administration to know what you're doing and like weeks and weeks of recon

[b00ms1ang]

Trust me man, I know that for sure. I've been running in the real world for a couple years now. But we're talking, these guys dont even know what wireshark is. I need a simple, baby way to break down a hacking routine for them. We can only do so much

[b00ms1ang]

College has taught some basic stuff in the security classes, but at the end of the day it isnt enough to prepare anyone for the real world at all. The team members who know the details and how to do things are people who learned on their own time and are just there for a degree.

[overflow]

Well it really depends what you after but say for example, in a general scope: first you want to do a lot of recon to know what you're up against with. Secondly you'd scan for vulnerabilities and see if you can use any available exploits but surely you'd have to fix them for your needs. If you've successfuly gained access to admin/root you're in a post-exploitation phase so you'd want to maintain access by placing a backdoor.

[Jackal]

Honestly I hate the way pentesters do shit as well but I understand why they do what they do I wouldn't trust 60 percent of them. Why don't you just force them all to read a book on Kali and practice 300 some pages and being a tool monkey isn't that hard  and kick them out if they don't you don't want retards weighing you down. Ironically I'm not much older than you if not younger and I never had a college education or learned a single algorithm and I do pretty well for myself. But really man don't let that all inclusive faggy open campus feel good bullshit weigh you down. There are always more faggots on campus who saw Mr. Robot and now they want to be hackers and have mommy and daddy drop 10 grand a semester to be bad at it. I'm sure if you're any good some of them will listen keep them discard the rest you have no use for people who suck or don't want to learn.

[b00ms1ang]

Ironically I'm not much older than you if not younger and I never had a college education or learned a single algorithm and I do pretty well for myself. But really man don't let that all inclusive faggy open campus feel good bullshit weigh you down. There are always more faggots on campus who saw Mr. Robot and now they want to be hackers and have mommy and daddy drop 10 grand a semester to be bad at it. I'm sure if you're any good some of them will listen keep them discard the rest you have no use for people who suck or don't want to learn.

I'm 20. I win!
And anyway, everyone on the team is a computer science major going into the cyber security field. They're all smart and truly want to learn, it's just hard deciding where to start, especially in competition

[b00ms1ang]

Well it really depends what you after but say for example, in a general scope: first you want to do a lot of recon to know what you're up against with. Secondly you'd scan for vulnerabilities and see if you can use any available exploits but surely you'd have to fix them for your needs. If you've successfuly gained access to admin/root you're in a post-exploitation phase so you'd want to maintain access by placing a backdoor.

That's pretty cut and dry, like that. That basic recon at the start is a step I feel a lot of people forget to do. So far this is what I've got

-Recon and Engineering (retrieving passwords etc)
-Fuzzing, Vulnerability Scanning
-Packet and Port monitoring and manipulation
-Password cracking and injections (we will also be trying to break and manipulate websites associated with the network)
-Exploitation
-Backdoor and manipulation

[blindfuzzy]

Enumeration is going to be vital. Get your team good at it. 

[Jackal]

I know I am a dick which is why I've had so many cookies stolen from me already but like if they are computer science majors and they want to go into cyber security and they can't fucking port scan or pass crack they don't know, how to sniff traffic, they are not smart and they do not want to learn I could do all that when I was a 12 year old script kiddie.

[Jackal]

I am sorry but  really I don't consider anyone who doesn't know assembly a talented hacker let alone a bunch of college kids who have problems hacking intentionally vulnerable VMs while on the same fucking network as them. Seriously a 12 year old could run friggin hydra and portscan the network for ssh and crack it nmap the bitch and searchsploiting it until you find a metasploit module because unfortunately none of your retards can fix up exploits on exploit db or modify POCs to make them workable. If those people were talented they wouldn't have trouble with such trivial shit honestly I think you're hung up on all the millenial feel good bs to kick the idiots out.

[Jackal]

I am sorry I just don't like computer science students who claim they want to learn x yet they never do jack squat outside the classroom that really really pisses me off I've beat up kids for that shit like bad when I should be shaking their hands because they are the next generation of incompetent developers and admins responsible for my livelihood.

[white-knight]

really really pisses me off I've beat up kids for that shit like bad

Maybe you should beat your own ass for  posting 3 comments in a row instead of using the EDIT button    ... 

[Jackal]

Still makes me less deserving than 20 year olds who wana learn sec but can't break into Metasploitable VMs. On top of that for a suggestion if you listen to me after you kick out the idiots and make sure they can do the network stuff set up some snort rules up in this bitch and see what they can do to bypass it also move them over to Web App testing have them break real webapps. Another thing why are you hacking VMs when like you're in a University which is the perfect practice network because it's large and wide open the network is as big and complex as a large corporations you have massive infrastructure where many of the servers are just puppet or ansible or whatever managed so they are all the same you have appliances in your way in various segments however due to the open culture and shit it's easier to handle and it's more realistic than VMs.