Time You All Learn How To Get Into Being A Hacker~!

Well since you all asked nicely...

Time you all learn how to get into being a hacker~!

Advance warning this will be a long post and as of typing this idk if tumblr has char limits so might need to continue in reblogs?

Right, so. You may be asking "How do I get into hacking?" and find yourself here because of it.

The answer is you just did it. Right there. By clicking that keep reading link you have just entered the world of hacking, because curiosity is everything. The innate urge to learn more, to know more, that is what hacking comes down to. You do more than just using a system, you question it. Ask yourself, what does the system do when i input these characters? How does it take my input and translate it into the function? Where does it store information in what way?

Have you ever tried inputting unexpected text into a field? For example, say a website asks for a particular input like your name, but instead you start putting in numbers or unexpected unicode. That right there is, by definition, the poking around that hacking uses. You're experimenting with unexpected use-cases. Often times if you try this, you may end up finding interesting results. In my example here, say instead of your name, you put ../../../../etc/passwd into the field. Suddenly when you hit enter, you get hit with a result of a bunch of names and data. That is a hack. The database to control the storage of your name instead received a command to back out of that database, and go into the etc folder to retrieve the passwd folder, which houses user data from that system. This, of course, assumes the system is running Linux, but it is an example. All hacking is, is poking around in ways the original programmer couldn't expect to find interesting results and broaden your access into things you shouldn't have.

Now, this is all well and good, but what if you want an actual way to learn this in person? Well the good news is there are plenty of legal avenues to get into hacking and broaden your experience! Personally I use HackTheBox for my CTFs through their labs. That means they run a thing called Capture The Flag, where they give you a single IP and you have to explore that system to find two different flag files to win. They also have competitive CTFs I have yet to try, but I do have a competitive tournament coming up next month for it. Then they also have the academy to teach you more via both hands-on methods and reading work. If you know next to nothing and want to get started in a safe learning environment, you can try out their academy or my next resource. TryHackMe! This website is more learning focused, and I have been taught a lot of what I know through it! It has free lessons along with premium ones for a subscription, so just know that only a selection of what you can learn here is free, but I do recommend them if you do feel like paying for that extra bit, as I would say what I learned from it was worth it and they focus on both offensive hacking, which I do, as well as the blue side for defensive hacking and even things like digital forensics if you're interested in that!

HackThisSite. No really, hack it! This website is a legal playground to try out scenarios from the unlikely to the realistic in varying difficulties to put your skills to the test!

There's many, many more resources to look into as well, those are just the first few off the top of my head. Beyond this, I'd say constantly stay up to date in cybersecurity news and read up on new large scale attacks, as the entire industry is a constant arms race with exciting twists to learn about! Beyond that there is no one right way to go about hacking, and there's never a stupid idea to it either!

Now, all this is well and good, but what about a real case example? Well luckily for you all I happen to have a machine up and running to show off a case example of a CTF in action. Today i'll be showing you the "Lame" box from HackTheBox, the first machine they ever published, now retired. I can access it thanks to VIP.

First thing's first, I'm using a laptop that I stripped of Windows 11 in favor of Linux, and specifically Kali Linux being the exact distro. If you're wanting to get into hacking at the VERY least use a VM with linux, but i beg of you dont use windows. You're asking for trouble both in terms of lack of tools and in terms of vulnerability. You're putting a VERY large target on your back by using Windows because of how vulnerable it is. Kali Linux is a nice option as it comes pre-built with tools, but if you want something more user friendly you can go for Parrot OS.

Once the OpenVPN connection is active and we have the Lame machine up and running, it gives us an IP and nothing more. The first thing you will want to do when this is the case is to use a tool called Nmap to scan that IP for active TCP ports. This shows you what open, and sometimes closed, connections that machine is running, along with information about them. I usually use the command with these particular flags. nmap -sV -Pn -p- (ip)

Well Since You All Asked Nicely...

It will output the ports we want to see, dont worry about how much text there is, we're focusing on just a small segment saying port numbers and a description of them

Well Since You All Asked Nicely...

Now that's interesting, looks like this is running Samba SMBD on ports 139 and 445, and thanks to a google search I know this is a vulnerable version. We'll take the quick route and just use a tool called Metasploit. In a typical run metasploit wont have what you need, but for the sake of time and post length, i'll just boot that up by running "msfconsole" and running a search for our exploit. On finding the one I need I select the payload.

Well Since You All Asked Nicely...

Next up, we need to equip the options for it, setting who our target is and where to send the information back to, in this case my VPN's IP.

Well Since You All Asked Nicely...

Once that's done, you simply say "run" and it will go! And what do you know, i'm in the system as a root user, aka full administrative privileges with access to both the user and root flag! In a typical CTF there are many more steps including usually getting into the user first, then exploiting into root. I, however, took the shorter route this time.

Well Since You All Asked Nicely...

(The flags change every run so you cant just copy paste them from my run.)

And that's that, machine conquered! We did it! Of course, in the real world of hacking there are many more steps, and it can even take multiple days to get everything you need from a target in a stealthy manner. The faster you move, the louder you are.

Now you know the basics though! Get out there and learn, google will be your friend and its never wrong to ask questions. My DMs are open if you have more to ask or just wanna talk hacking! :3

Legal, illegal, who cares im not a cop, have fun and stay curious~!

More Posts from Silliestofmanygeeses and Others

6 months ago

Chai tea bag + lil but of brown sugar + apple cider packet + 16 oz. mug of hot but not quite boiling water

it will not Fix You but like. maybe. maybe.

2 months ago

if I had a wrestling persona they would be part demon part pharmacist and their name would be DVS (like CVS but pronounced Devious) and their catchphrase would be Welcome To The Harmacy

4 months ago
Technically True.

Technically true.

4 months ago

Reblog if you think a woman can be complete without children

Y’ALL HAVE TIME TO REBLOG THIS. IT TAKES LESS THAN FIVE SECONDS.

9 months ago

one thing no one ever teaches you is that you can just make things nicer and more intentional- you can take your energy drink, pour it in a rocks glass over ice with a slice of lime on the rim, and sip it slow. and you'll think, "wow i am the biggest faggot to have ever lived". and you know what? you're right.

9 months ago

You just know there were people with a plague mask kink when the the Black Death was going around

when she says she doesn’t send nudes

image
9 months ago

“This would do numbers on tumblr” you’re so right, 0 is definitely a number

3 months ago
Future Archaeologists Will Know You Were (not) A Boy
Future Archaeologists Will Know You Were (not) A Boy
Future Archaeologists Will Know You Were (not) A Boy
Future Archaeologists Will Know You Were (not) A Boy
Future Archaeologists Will Know You Were (not) A Boy
Future Archaeologists Will Know You Were (not) A Boy
Future Archaeologists Will Know You Were (not) A Boy
Future Archaeologists Will Know You Were (not) A Boy
Future Archaeologists Will Know You Were (not) A Boy

future archaeologists will know you were (not) a boy

Loading...
End of content
No more pages to load
  • elsen0va
    elsen0va liked this · 2 months ago
  • theotherwillow
    theotherwillow reblogged this · 4 months ago
  • theotherwillow
    theotherwillow liked this · 4 months ago
  • silver-hourglass
    silver-hourglass reblogged this · 4 months ago
  • fingerstealer
    fingerstealer reblogged this · 5 months ago
  • utilitaric
    utilitaric liked this · 6 months ago
  • gallowsghoul
    gallowsghoul liked this · 6 months ago
  • tigereyes45
    tigereyes45 reblogged this · 6 months ago
  • tigereyes45
    tigereyes45 liked this · 6 months ago
  • 2431
    2431 reblogged this · 7 months ago
  • grasstouching101
    grasstouching101 reblogged this · 7 months ago
  • skyview-dragon
    skyview-dragon reblogged this · 7 months ago
  • skyview-dragon
    skyview-dragon liked this · 7 months ago
  • hounddogmoment
    hounddogmoment liked this · 7 months ago
  • myomorph
    myomorph liked this · 9 months ago
  • pann17
    pann17 liked this · 9 months ago
  • deltalazuli
    deltalazuli reblogged this · 9 months ago
  • deltalazuli
    deltalazuli liked this · 9 months ago
  • aaand-mitsuba-is-dead-again
    aaand-mitsuba-is-dead-again reblogged this · 9 months ago
  • aaand-mitsuba-is-dead-again
    aaand-mitsuba-is-dead-again liked this · 9 months ago
  • ihavebeenallthingsunholy
    ihavebeenallthingsunholy reblogged this · 9 months ago
  • dead-immortal
    dead-immortal reblogged this · 9 months ago
  • digi-pet
    digi-pet liked this · 9 months ago
  • samwimch
    samwimch reblogged this · 10 months ago
  • crescentsets
    crescentsets reblogged this · 10 months ago
  • temporal-sandwich
    temporal-sandwich reblogged this · 11 months ago
  • temporal-sandwich
    temporal-sandwich liked this · 11 months ago
  • waiting-for-the-rain-0
    waiting-for-the-rain-0 reblogged this · 11 months ago
  • saint-hart
    saint-hart reblogged this · 11 months ago
  • unremarkablescooter
    unremarkablescooter reblogged this · 11 months ago
  • derelict-cabbagepatch
    derelict-cabbagepatch liked this · 11 months ago
  • citrussly
    citrussly liked this · 1 year ago
  • dalonelybreadstick
    dalonelybreadstick liked this · 1 year ago
  • planetsconjunction
    planetsconjunction liked this · 1 year ago
  • rabnerd28
    rabnerd28 liked this · 1 year ago
  • nervousscissorsgoopthing
    nervousscissorsgoopthing reblogged this · 1 year ago
  • tobisoundx3
    tobisoundx3 liked this · 1 year ago
  • noizepushr
    noizepushr liked this · 1 year ago
  • eris-n
    eris-n reblogged this · 1 year ago
  • sensationaltrainreading
    sensationaltrainreading reblogged this · 1 year ago
  • autistic-velociraptor
    autistic-velociraptor liked this · 1 year ago
  • n1et
    n1et reblogged this · 1 year ago
  • n1et
    n1et liked this · 1 year ago

I’m not a bot, I just kinda like to browse and exist here occasionally :))))

193 posts

Explore Tumblr Blog
Search Through Tumblr Tags