One of the really cool things about being a hacker is that we get to discover new things. It’s kind of like being an adventurer or explorer. You might feel like Lara Croft or Indiana Jones some days because of the cool things you find. I’ve found more and more lately that I love exploring and going on little adventures to find neat things. At home, we have a giant backyard that backs up to a nature preserve, so we like to go explore there sometimes and see all the cool animals that live there…except the rattlesnakes and copperheads. Not a fan of those.
Over the last few years, I’ve learned that I love exploring underwater as well. Recently, we celebrated my wife’s birthday in the Mexican Riviera Maya (between Cancun and Playa del Carmen), and I snorkeled just off the beach every day that I was there. I took underwater video of quite a bit of the sea life – it was AMAZING. The water wasn’t very deep, and it was clear enough that I could see all types of sea life, including stingrays (which don’t like to be touched in the wild apparently), starfish, colorful fish, and even a green moray eel. The eel was at least 5 feet long, and about 6 inches in diameter, with a huge mouth full of sharp teeth. Not gonna lie, that eel was scary.
Discovering new things (like sharp-toothed dangers lurking in the depths of a system) is part of the hacker subculture. The original hackers at MIT were model train conductors who were simply trying to automate the trains. They built a control system based on telephone relays to power and switch the tracks, backed with a mainframe computer to provide routing information and other data needed to make the trains run smoothly. They, like all of us hackers to come after them, had a want, a passion, a drive, a NEED to learn as much about a system and master it. They believed that “information wants to be free.” They were adventurers. They were explorers of the unknown.
So let’s talk about the hacker’s mindset: that burning curiosity and desire that drives us to explore and learn. It drives us to take existing things and try to make them better. It drives us to create things that didn’t exist before. It drives us to explore the unknown just to see what’s on the other side. We study whatever system we’re trying to hack. We learn it inside and out. We master it.
That’s the thought process of all hackers – that and a “Hey guys, watch this!” mentality. Yeah, it can backfire, but often we find ourselves adventuring into the unknown and bypassing what we previously thought were limitations of our capabilities. We flip the switch. We push the boundaries. We press that red button. We try to understand how different configurations cause different actions. After all, the more we know about how the system works, the better we understand how to manipulate it.
Hackers today strive to know as much as possible about all kinds of technologies, and work to make them better. Without hackers, we would not have the cool toys and tech we have now (and tomorrow). Cloud services evolved out of system virtualization. Virtualization evolved out of hardware capabilities increasing exponentially over a short time. These hardware capabilities evolved because someone said “Let’s see how far I can overclock this processor until it melts…” with the CPUs of old. (I may have overclocked a couple of CPUs in my time.) CPUs evolved from transistors, which evolved from radio technology, which evolved from…you get the idea. Of course, that begs the question: “What’s next?” I don’t know, but I’m excited to find out.
Do these possibilities excite you? Do you share that same drive? That same need? Do you like exploring, and adventuring into the unknown?
If you’re reading this blog, then I would venture a guess that you’re at least somewhat interested in hacking all the things (the hacker mindset). Perhaps you want to become a pentester, or you want to learn how to defend your network, or maybe it’s simply that you’re someone who likes to take things apart just to see how they work. I was that person. I’m STILL that person.
If you’re wondering how to get a start in learning some of the tricks and techniques that hackers like myself and my team here at Secure Ideas use, please allow me to give you some pointers.
Disclaimer: ONLY PRACTICE THESE TECHNIQUES ON SYSTEMS YOU ARE EXPLICITLY AUTHORIZED TO PRACTICE ON. I can’t stress this enough. Hacking into someone else’s computer just to do it or show off is a bad idea. Period. If you did not build it yourself, or get explicit authorization from the system owner to break a system, then you risk harming yourself and the systems you break. All of our pentest engagements are under a contract agreed to by both Secure Ideas and our client. There are explicit rules of engagement in the contract, and we have constant contact with our clients to ensure that we provide the best pentest experience ever. Remember, we get paid to hack into systems. With that said, I’ll discuss some ways below to build or access systems you can have explicit authorization to hack and break into.
When I started on my journey, virtualization was not the platform it is today. Now, most systems are virtualized, and can be destroyed and rebuilt in seconds. So grab one of the various VM platforms (I would suggest starting with Virtualbox or VMware Workstation Player) and learn how to build and fix your own systems. Once you’ve mastered that, learn how to install and configure the software you want to hack. It’s the safest way to explore the vast world of vulnerabilities and exploits.
Of course, some software may be harder to obtain and attempt to install than others. In this case, look for online capture-the-flag (CTF) hacking sites. There are SEVERAL to choose from, and I’ll recommend a couple that I’m familiar with and have actually used. Of course, these sites are use at your own risk. I connect to the various systems (typically through OpenVPN connections) from a Kali VM through Virtualbox. There are two reasons for this - it’s safer to connect from a VM rather than your everyday system, and Kali has almost all the tools I need to work with. Also, I’ve used Kali for years, and quite simply, I like it.
- HackTheBox – HTB is probably one of the most well-known online ethical hacking sites out there. Using a gamified system, HTB hosts numerous vulnerable systems specifically created with unpatched or misconfigured software. You connect to them through an OpenVPN connection to a private network. The system levels range from Beginner to “Insane”, there are write-ups and walkthroughs on various retired systems, and the support forums are helpful without giving away secrets. The goal is to hack into the systems and grab user and root flags. The flags provide points based on the level of system and the type of flag. The VIP version offers more systems, 24 hours/month of a web-based VM (PwnBox), and isolated servers.
- TryHackMe – Much like HTB, TryHackMe is an online ethical hacking site which provides vulnerable systems (called Rooms) created with unpatched or misconfigured software. These Rooms can be accessed through OpenVPN. TryHackMe also offers a web-based AttackBox VM that can be accessed through a browser for free, though this one is for 60 min/day. Paid access grants longer with the web-based VM, faster connection times, private VPN access, and premium content.
- VulnHub – VulnHub offers vulnerable VMs that are downloaded and run inside your own virtual machine setup, such as Virtualbox or VMware Workstation. Of course, this is a little more advanced than using the web-based hacking sites. The VMs are created by the community, they’re free to download, and there is no need to have access to an OpenVPN connection to hack at the systems. A word of caution – these VMs are built with known vulnerabilities in them. Placing them on a production network of any kind is a BAD IDEA. Also, keep in mind that the author of the VM could have placed malicious code in the system that might try to attack you or other systems on your network. More information about the dangers of using vulnerable VMs can be found here.
- SamuraiWTF – SamuraiWTF has gone through a few iterations over the years, starting life as a Webapp Testing Framework (hence the WTF) to now being a Web Training Framework VM. It’s a complete Linux desktop, free and open source. It’s not a vulnerable VM, but does contain several vulnerable web applications (targets) which can be started and stopped on command. The current version of SamuraiWTF’s targets consist of OWASP Juice Shop, Mutillidae, DVWA, and Wayfarer. It also comes with several webapp tools installed such as ZAP, Burp Suite, SQLmap, and Nikto. I still don’t know what the password for the samurai user is. (And don’t ask Kevin. He hates that. 😆)
The really great thing about all of these exploration paths is that there’s TONS of information online about them. If you get stuck in some learning path, there are YouTube videos, blog posts, and even training classes that can help you along the way.
The hacker world is full of bad guys, sure, but it’s also full of good guys, like the team here at Secure Ideas. We are responsible for many tools that are in use today by hackers (both good and bad, I’m sure), and we’re excited to be a part of creating the next generation of hackers and cool stuff. From tools like BASE for Snort IDS, to Paramalyzer for Burp Suite, to the aforementioned SamuraiWTF, to our many training classes, Secure Ideas has been at the forefront of developing and evolving great tools that the good guys use to try to keep the bad guys out. With that said, the tools weren’t developed for us to receive recognition or glory, but out of a need, the same need that the original hackers at MIT’s Tech Model Train Club had. A need to learn more about a system, a need to make systems easier to use, a need to make the system better. That’s why we work tirelessly to help our clients make their systems more secure. We have a need to make it easier for our clients to gain access to our expertise and testing services.
<shameless plug>
It’s why we created our newest offering Professionally Evil Testing as a Service. Our Flexible Test Credits offer the easiest way to get your next penetration test done. The credits simplify the procurement process, ensuring that your company doesn’t need to go through endless paperwork over and over per engagement. We think it's the best way to strengthen your organization’s security posture and reduce risk, all while having direct access to our world-class team of expert security consultants and hackers through our Advisory Services.
</shameless plug>
We’re adventurers. We like to explore the unknown and find ways to bypass limitations. So let’s work together and see how we can help make your organization safer and more secure. Come join us for your next adventure.