|
Russian Federation269 Posts
As I sit here in a large office chair and look back on the past two years of my life, I have done many things, pulled my life together, re establish family, and found a stable job and one I enjoy. Throughout the past two years I have formed a new perspective on how the world operates and how we has individuals can bring ourselves to greatness without the help of an external force. In this Blog series I will be discussing day to day operations and my thought process as a computer technician and Pen-Tester, so lets get started.
So for the of you who do not know what a Pen Tester is I will give a simplified explanation, basically it i a person or group of people that get together with other people or companies and try to find flaws in there network security (Basically try to legally steal there data), in this blog I will not be going into how to pen test in anyway more the people I encounter and how i think.
Day 1: It was a cold morning, damp and the clouds were low, the coverage made it difficult to see and the ice on the roads didn't help me get to work considering I was already Late. I received a call from a client of mine, a business man who wanted to make sure all of his financial and "Secrete" files were secure from any outside source. At first thoughts I was considering A "Covert" operation, which basically in Pen-Testing world means that no one but the CEO knows that it is a fluke. With that in play I got to the chalk board. One of the most important steps in pen testing is scoping your target, finding everything you can about how there building is laid out to what times the IT guys get in for the day. Data collection is what makes or break the reality and effectiveness of the test, we are testing response times of the companies IT guys and how they handle a security breach so that we can in the end tell them what to fix and most importantly how to fix it.
I started scoping around 5pm I wanted to get a sense of what time there guys left the building and how many stayed after hours. I found that there was a total of 5 guys, 3 left at 5pm and the other 2 stayed until around 10pm. I needed to look into this more, I needed to know what those 2 guys did after the other two left. Almost immediately I found the first flaw, the company was using a WEP encryption on there wifi... ( For those of you who dont know, a decent hacker can crack wep codes in about 3 minutes) this is a huge nono, with that code I can then access tons of other files using basic exploits. I did not find what those other two were doing that night which put me into a predicament. I needed to physically get into the building to see what kind of infrastructure they had setup except no person with a brain is going to put there IT station out front so I needed a con per say, with help from the CEO I walked in the building the next day, I found that all of there main computers were setup on separate ports than the main systems were on, this was a breakthrough.
now that i knew they were using different ports for there data computers, I could start hacking.
I sat outside of the building and began the crack, I pin pointed areas of interest, running risk analysis against the areas that I thought could be important. Using key terms I was able to narrow the list to 5 files, (Mind you this was about 7 hour process, not all sitting infront of the building) these files had special encryption's on them, now with the criminal mind in play i started thinking of some work arounds. I found one, there website... they had vulnerabilities in there login page. (you can easily find information on this kind of thing, by using dorks and "Google-hacking") I started working on it, the back code came out to be the CEO's children's names. At that moment I sighed, I not only cracked his code but was able to get all of the files hidden in under 24 hours. I called my client, I started writing up everything I could for him, everything that I did and how I did it. Considering these reports are usually 10+ pages long i met him and his team in person and started breaking it down for them. ( Mind you the team caught the crack about 50% through but could not stop it), I laid out my ideas and fixes and they implemented them.
We always do a post test, about a month later... I will not go into the post test of this client but lets just say, they fixed a lot of things and they are secure now, at least the best they can be, there is always a way to bypass something.
Alright guys, that is the end of this blog, tell me what you think please! if you like I will do more.
Poll: Like this BlogLike (34) 97% Dislike (1) 3% 35 total votes Your vote: Like this Blog (Vote): Like
(Vote): Dislike
 
|
hugely dislike native speakers that can't distinguish between 'there' and 'their'.
Sorry for being grammar nazi.
And it's 'per se'. And Childrens'
But I would be interested how you got into that industry, and how you find your clients.
|
Russian Federation269 Posts
hah sorry half of this was typed via my phone... and im not big on grammer. I will be making another blog soon about the industry and how you get into it.
|
On February 26 2013 08:32 Rimstalker wrote:
Sorry for being grammar nazi.
And it's 'per se'. And Childrens'
Well, you're not doing a good job...
|
I do some security work, and have a bunch of friends who do pen testing and other security type positions. Its fantastically fun, and I'm always keeping up with the latest news in the security scene.
Do you go to DEFCON or other conferences? I always envision I'm not the only starcraft nerd in a hotel full of nerds.
|
Russian Federation269 Posts
haha send me a pm and ill discuss some things with you
|
Could you explain to me why you need to physically scope out the site that you're hacking? While I'm sure it makes it easier I'm curious how realistic that is. Actually needing to have "boots on the ground" so to say seems like pretty poor hacking.
|
Russian Federation269 Posts
because in pen-testing and big wig network deals, they can have certain ports connected to a certain area. If you trip that port and get something wrong, (lets say you hit wrong area of building) you are locked out and its over. Thats why you need to scope it out, information gathering is just as imnportant as the accual hacking, you have to adjust break times, adjust a ton of things in the end report to up security. Say an employee leaves 2 minutes early, or steps out for a smoke, in those 2 minutes I can infiltrate there network gain access to there mainframe and boom its over. Thats why you need "Boots on the ground" its to plan times, thats how real hackers that do things to steal plan. Its all about thinking and doing it the same way as someone who is stealing it illegaly would.
|
Russian Federation269 Posts
hope that answers your question, and friend, this is notpoor hacking... look into it in more detail and come back and tell me its poor hacking. Thats accualy offensive considering we consider it our art.
|
Hey effort,
I'm actually a computer engineering and computer science major, but I've always been fascinated with pentesting.
What kind of degree did you get? (if at all?) Are you part of a team?
Where did you learn to hack? How often do you code your own exploits? Does commercial software like metasploit and Nessus actually help, or are you mostly working through terminal and nmap? What is your take on Backtrack?
Thanks, if you do answer =P
|
Russian Federation269 Posts
@Abductedonut
Those are awesome degrees!,
To answer your first question, I did not even finish highschool so no degree there.
I do work as part of a team, there are 4 of us that do what we call Mission's together haha, a lot of the time we duo team and do two jobs at once.
Im all self tought, I accualy got arrested for "hacking" when I was 18, part of why i dident finish highschool... (I am ashamed of it now that i am white hat), but I litterally bought books and read them over and over and I had my laptop and just sat at public locations and started my hacking career.
I code my own exploits often, we as a team do a lot of exploit coding. It is a must becuase you have to adapt to the system you are up against, using basic exploits dosent cut it for a lot of systems.
Metasploit I use daily, it is extremely usefull. Now I do not use the full GUI just the command line, Nessus not so much. As far as terminal goes, I use that all the time as well the Airmon-ng is always a good tool. But you have to remeber these are only tools, just like in a workshop for a carpenter, the tools are an asset your mind is the function. Nmap is put to good use as well, although terminal and metasplot more so.
Backtrack is amazing, I have it setup on a lot of my equipment, it provides a ton of built in tools... although for your average user, you will use about 10% of what is there... I only use about 45-50% a lot of the tools on backtrack are not productive and no one in the field uses them. It is convient as it comes with all the suites needed such as airmon-ng, metasplot etc...
|
Russian Federation269 Posts
Also I wanted to add one more thing,
you were talking about Nmap. it is most used as a port scanner as it integrates well with metasploit, we use it for information gathering. I will go into all of this in my next blog, and in depth on what we do with each program. If you guys would like me to make a blog on what all of these programs are and how we use them just tell me.
|
I would be interested in a blog about that. I am interested in stuff like pen testing and hope one day maybe to go into the field too.
|
Haha that's awesome that you are a pen tester. I actually am in school and learning about pen testing and all that fun stuff. It's pretty cool ^^.
|
Hello.
I would like to ask some question either PM me or reply. I find this greatly interesting.
I applied for something for coding and scripting as a job. Alot of people may find it boring but i love it. I like how i can write codes and then something will happen. Sadly i applied for wrong job, now i'm an accountant technichan, which is an okay job. I dont have any heavy education mainly highers/ advance highers which is equivlant to first year uni.
I've always found this interesting and also met people with big IT background who said i had a natural flare for this kind of subject, i also love get into nerdy stuff about hardware. Looking deeply into cpu's, gpu's. This hardware and scripting coding and all problem solving. I find interesting and i always go in my free time to understand it more.
I just dont have the sources or means to get a better grasp of this stuff.
I will say now that it's only for entertainment not to malicous use to this information.
If at home can you provide me any resources on further my knowledge?
Finally is there many jobs to do this, not for a salary like help out and be a volunteered white hat?
Thanks for your time.
|
Russian Federation269 Posts
@TheQuiff
Hey man, glad you find this type of work interesting!
As far as sources go, there are a ton of really good sources out there... books on metasploit are always good, I will list a few good ones at the end of this post.
As far as voulanteer jobs go, there is something you should know about Pen-Testing in general... there are not many accrual companies that are dedicated too it, it is mostly a group of people that get in contact with other people and need it done. I would browse forums etc... to see if someone would let you in... as far as my situation I started my group about 6 years ago... (we became white hat about 4 years ago). But I am sure you can find a small business that would like the service in the area, and im sure you could make a bit of money doing it on the side. Putting together a group of friends or people in the community is what I would do though because most groups are not open to outsiders.
I hope that answers your question Below is the list of books:
Books: Ninja Hacking, metasploit: the penetration testers guide, SQL injection attacks and defense.
Those are some good books I would look into.
|
Russian Federation269 Posts
Hey guys, so following this blog... with all of the good rating and great questions I have gotten I am going to make a new style of blog... The new blogs are going to be tutorial/blogs. They are going to cover programs, writing exploits, sql injection and so on...
These are going to be in chapter format, I am going to start with step 1... Information gathering, I will go into depth on it and how to ujse it in your advantage. SO look out for it, I should have Part 1 out by friday,
|
On February 27 2013 14:10 sc2effort wrote:
Hey guys, so following this blog... with all of the good rating and great questions I have gotten I am going to make a new style of blog... The new blogs are going to be tutorial/blogs. They are going to cover programs, writing exploits, sql injection and so on...
These are going to be in chapter format, I am going to start with step 1... Information gathering, I will go into depth on it and how to ujse it in your advantage. SO look out for it, I should have Part 1 out by friday,
this seems really interesting. Will follow!
|
On February 26 2013 08:32 Rimstalker wrote:
I prodigiously dislike native english-speakers who cannot distinguish 'there' from 'their'.
I am sorry for being a grammar nazi.
And it's 'per se'. And Childrens' Did you start 2 sentences with coordinate conjunctions? The second sentence isn't a complete sentence.
But I am interested as to the the methods whereby you got into that industry, and the methods whereby you find your clients.
Don't be a grammar nazi if you do not know rudimentary rules of grammar or apply the aforementioned rules to your own post.
|
On February 27 2013 14:10 sc2effort wrote:
Hey guys, so following this blog... with all of the good rating and great questions I have gotten I am going to make a new style of blog... The new blogs are going to be tutorial/blogs. They are going to cover programs, writing exploits, sql injection and so on...
These are going to be in chapter format, I am going to start with step 1... Information gathering, I will go into depth on it and how to ujse it in your advantage. SO look out for it, I should have Part 1 out by friday,
That sounds awesome. I'm researching these subjects more and more as I want to protect my website from hacking/exploitation. It's therefore in my best interest to try to break it myself. Looking forward to more awesome blogs like this. 
|
|
|
|
|
|
EPT
