Hackernoon logoEthical Hacking 101: Part 2 by@shells

Ethical Hacking 101: Part 2

Shells.com Hacker Noon profile picture

@shellsShells.com

Shells provides you with a 1-click, powerful virtual desktop environment in the cloud!

Greetings and happy Thursday from your buddy Shane at Shells.com!  For those that missed my first installment of Ethical Hacking 101 -- start there and then come on back here for part 2!

Now that you’ve got your White Hat on and have an understanding of the tools necessary for your role -- let’s dig deeper into other aspects of Ethical Hacking and Penetration Testing.  In this installment -- we’ll go through the mindset you’ll need to have to be an Ethical Hacker, entry points to your systems that bad guys target, and preventative measures you can take to avoid disaster.  

Ethical Hacking and Penetration Testings: The cooler name for the effort associated with both of those terms is “The Red Team.”

From Wikipedia:

A red team is a group that plays the role of an enemy or competitor, and provides security feedback from that perspective. Red teams are used in many fields, especially in cybersecurity, airport security, the military, and intelligence agencies.

The rule of the internet and its wildness is: there are no rules.  Nothing contained in your website code is off-limits.  People will find every bug in your system and have at it -- cracking your user databases and finding exploits in your payment systems are a few of the many targets that will be attacked.

The villains of the internet are the epitome of Murphy’s Law. “If you make it, they will destroy it” -- Hmm, I guess now this is Shane’s Law, because I’ve made things and those internet ninjas came to destroy it. 

With this in mind, it’s always good to build your products and systems and thoroughly test them. Think how a ‘Hacker’ would and try to exploit your own setups, or learn from other exploits on the internet and patch your system on the fly. While you’re building it, you should be thinking, “how can I destroy this?”, so that you can prevent any future problems with your product.

It’s a full-time practice, which extends to a lot of positions

For most, having the time requirements to be a full-time security consultant for your own firm is taxing, exhausting, and sometimes soul-sucking. Have you ever battled a thirteen-year-old with a vendetta, 30,000 hacked computers at his disposal, AND he’s probably smarter than your IT team?

If you ever run into him, make sure you win.  Fight the good fight on the internet with us as an Ethical Hacker.  Patch the exploits and loopholes hackers use to destroy our networks and products. Those 13-year-old script kiddies are resilient. I know, I use to be one. But back then it was different, we would take over chatrooms by using social manipulation tactics and scripts to flood people offline. Sometimes, my group of childhood hacker friends would hold websites hostage; and for nothing at all. Just sport.

Ethical Hacking/Penetration Testing and its Benefits

It should be known to you now that testing how far you can get into/mess with/break a system is ideal. We should be doing this for all of our networks, servers, products, or have somebody on the team to do so for us.

Why? Because if we don’t, they will.  And THEY may not be Ethical, or THEY may be a robot designed to auto-infiltrate your systems. Finding any holes in your security and patching them (especially for newer products) is essential and usually pushed onto the Quality Assurance team and DevOps engineers to find.

While there is no one solution or one way to go about testing and securing your setups, there are common ones that can be accessed through poorly written code on websites.  

Entry points can come from:

  • Database (SQL) - Some software has bugs in it, or are just poorly written. Your database is your gold. See this xkcd.
  • WordPress - If configured incorrectly, users can brute force your website.com/wplogin page. It’s usually wise to change your default login page to something like back-office, this can be done by installing a WordPress module. It’s also good practice to keep your WordPress up to date, using as little modules as you can. If one module gets hacked, your whole site does.
  • WebServers (apache, nginx, nodejs ws, python ws) - Three words: Run. Trusted. Code.
  • PHP Code - PHP is the most popular web development code. Remember, obscurity is not real security, so if you have spaghetti code, really consider re-writing it. Attackers may find something within your system that causes a certain reaction, which can lead them on to other vulnerabilities and nuisances.

Be Ahead of the Curve

Subscribing to useful security update websites based on the software you run is a good choice. With things such as WordPress having add-ons that can be hacked, it’s best to keep things to a minimum.  Just browsing Hacker News, or a popular one: Daniel’s Blog

I for one get most of my security updates live on Internet Relay Chat (irc.shells.net #nerds) where the hacker scene is still booming.

Being on the lookout for tactics used in the field. The weakest point of any system will always be “The Human.” Be strict and confidential.

Hackers are always finding new ways and tactics to get into systems. If you’ve done your job securing your system, your job isn’t done yet, as they’ll move on to social engineering. This is prevalent in many fields such as CryptoCurrency exchanges.  Hackers attempt to manipulate employees by pretending to be other employees to gain access to any of the systems, and from there plot new attacks.

Simply spoofing a phone number and adding it to a group chat is a tactic one could use to gain access. For example, you’re now added to a group chat on your phone, you see a text coming in from your CEO and a few other members are there. Since the hacker can’t read text messages sent to that number, they have another copy of themselves in the group chat to be able to read replies and send new texts as the spoofed number.

A simple “Hey, I’m out of town can you give X Access to Y?” and it goes from there.

Maybe the e-mail address looks just like your boss’ email address?  name@Microsoft.com and at a glance it looks legit, but looking harder you realize it’s name@Micvosoft.com and you just submitted your quarterly reports to it.

Damn. That would suck, and it happens all the time.

Closing part 2 of Ethical Hacking 101:  It’s simply the Good vs the Bad.  The only way to win is to be pre-emptive. 

By Shane Britt, Shells.com

Shells.com Hacker Noon profile picture
by Shells.com @shells. Shells provides you with a 1-click, powerful virtual desktop environment in the cloud!Read my stories

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.