Book SummaryGetting Started Becoming a Master Hacker, by Occupytheweb

1-Page Summary1-Page Book Summary of Getting Started Becoming a Master Hacker

Hacking Fundamentals

Reconnaissance Techniques for Gathering Intelligence on an Objective

Occupytheweb emphasizes that obtaining data about the target, a phase called reconnaissance, is crucial before any hacking attempt. He states that reconnaissance involves systematically gathering various attributes of the objective, like user identities, host names, network topology, operating systems employed, and services that they run. This information, Occupytheweb argues, increases a hacker's likelihood of success by allowing them to craft targeted attacks.

Occupytheweb further breaks down reconnaissance into two categories: indirect and direct. Passive reconnaissance, as favored by Occupytheweb, involves collecting data without directly engaging the target, thereby minimizing the risk of detection. Active reconnaissance involves direct interaction with the target, which, although often yielding more precise data, raises the chance of triggering security alerts.

Passive Reconnaissance: Gleaning Information From Public Sources Indirectly

Occupytheweb describes passive reconnaissance as discreetly obtaining details regarding the target while avoiding direct engagement with their systems. He highlights that this approach allows individuals to discover valuable insights, such as possible security weaknesses, without leaving a trace.

Occupytheweb provides several tools for performing passive reconnaissance, including Google Hacking, which finds sensitive data leaks with keywords and operators, Shodan, to search for vulnerable web interfaces by banner information, Netcraft, to understand the technologies behind a website, DNS, to query for valuable information such as subdomains, and p0f, to determine the operating system from network traffic. He emphasizes that using passive reconnaissance you can gather a great deal of information without needing to access the systems or networks of the target.

For example, Occupytheweb demonstrates how to utilize search engine hacking to discover Excel files containing confidential data, such as contact lists, housed within government websites. He achieves this through a combination of keywords like "filetype:xls," "government site," and "URL containing 'contact,'" illustrating the power of this technique to yield information from publicly accessible databases that may be essential for later stages of a penetration test.

Context

• The information gathered during passive reconnaissance helps in strategizing the subsequent phases of penetration testing or cybersecurity assessments, making it a foundational step in the process.
• By collecting data without direct interaction, hackers can build a comprehensive profile of the target, which aids in planning more effective and targeted attacks in later stages of penetration testing.
• DNS reconnaissance involves querying DNS records to gather information about a domain, such as IP addresses, mail servers, and subdomains. This data can be crucial for mapping out the network structure of a target.
• The concept of Google Hacking gained popularity in the early 2000s, with the publication of the "Google Hacking Database" (GHDB), which cataloged search queries that could be used to find sensitive information.
• Shodan offers advanced search capabilities, allowing users to filter results by country, operating system, and other parameters. It also provides APIs for integrating its data into other applications or security tools.
• Netcraft is a cybersecurity company that provides internet security services, including detailed analysis of web server configurations and technologies used by websites.
• Subdomains are extensions of a primary domain, used to organize or navigate to different sections of a website. For example, "blog.example.com" is a subdomain of "example.com."
• P0f has been around since the early 2000s and has undergone several updates to improve its detection capabilities and adapt to changes in network protocols and operating systems.
• Besides the tools mentioned, other resources like WHOIS databases, social media platforms, and public forums can provide valuable insights into a target's infrastructure and personnel.
• Excel files on government websites may inadvertently contain sensitive information due to improper data handling or oversight, making them targets for data breaches.
• These are special commands used in search engines to refine and target search results. For example, "filetype:xls" restricts the search to Excel files, while "site:" limits results to a specific domain.
• When conducting penetration tests, especially using publicly accessible data, it is important to have proper authorization. Unauthorized access or data retrieval can lead to legal consequences.

Direct Interaction for Precise Insights in Active Reconnaissance

Occupytheweb defines active reconnaissance as the process of directly probing systems of interest to gather precise data points about their configuration. He details various attributes about a target that can be acquired in this phase, including: which ports are accessible, the services running on those ports, their versions, and the time since the machine was last rebooted.

Occupytheweb highlights the balance of active reconnaissance's accuracy and its increased risk of detection by the target's security infrastructure. He recommends employing tools like Nmap and Hping3 to conduct port scans, send custom packets, and analyze how the system responds to determine its configuration and potential vulnerabilities. He suggests using Nmap's "-A" option for simultaneously gathering information on the OS, applications, and version, arguing for its efficiency despite requiring more time due to its less deterministic nature compared to a simple port scan.

Occupytheweb points out that hping3 has the advantage of creating almost any type of packet, both compliant and non-compliant with RFC standards, making it more versatile...

Getting Started Becoming a Master Hacker Summary Anti-Virus Evasion

Understanding Anti-Virus Limitations and Weaknesses

Occupytheweb emphasizes that in our modern, security-conscious era, hackers are often confronted by anti-virus (AV) software on nearly every system. These applications, he argues, must be recognized and circumvented or evaded by aspiring master hackers to have any chance of success.

Signature-Based Detection as Primary Mechanism of Av Applications

Occupytheweb points out that most commercially available antivirus programs primarily rely on signature detection to identify malicious software. These signatures are unique patterns often contained in the malware's code that act as a fingerprint for identification. Therefore, if hackers create a different signature, the anti-virus program won't recognize it as a threat.

Other Perspectives

• Signature-based detection is often complemented by sandboxing and other advanced techniques to identify and mitigate threats that do not match known signatures.
• Some legitimate software may contain code patterns that inadvertently match malware signatures, leading to false positives and potential disruption for users.
• Some antivirus software incorporates machine...

Getting Started Becoming a Master Hacker Summary Hacking Networks and Online Platforms

Proactive Reconnaissance for Networks and Websites

Occupytheweb argues that the details we acquired about the site and its network through reconnaissance that's both passive and active will enable us to mount a successful hack! Remember that hacking involves more than simply launching a cyberattack and saying, "Voila!" We've gained access! It's a procedure that can be monotonous, involving gathering information and then crafting a targeted attack to be successful.

Using Nmap and Hping3 for Learning About Network Hardware and Services

Occupytheweb details two useful instruments for actively collecting data about network hardware, Nmap and Hping3. He emphasizes that Nmap started out two decades ago as a basic port scanning tool but has since evolved in many new directions. It is now a comprehensive and versatile tool for examining target systems.

Occupytheweb explains that with Nmap, attackers can conduct a basic TCP scan to identify open ports, a UDP scan to identify open UDP ports, and a single port scan to target specific ports suspected of running vulnerable services. He highlights using the "-A" option in Nmap for gaining deeper insight into the target device....

Getting Started Becoming a Master Hacker Summary Getting In and Taking Action

Utilizing Metasploit to Exploit Vulnerabilities (Eternalblue Example)

Occupytheweb highlights exploitation as the process of leveraging an identified weakness to access a specific system. He explains that Metasploit, a framework that catalogs and automates security loopholes, is valuable for this task.

Identifying and Using Appropriate Metasploit Modules

Occupytheweb highlights that Metasploit uses modules containing exploit code to target specific vulnerabilities. These modular components allow a malicious actor to select, configure, and execute a wide range of exploits. Occupytheweb explains the process of identifying appropriate Metasploit modules by using keywords to search through the available modules, offering the instance of searching with the keywords "exploit," "windows," and "eternalblue" to locate the EternalBlue Metasploit exploit.

He outlines the process of using a Metasploit module, including the use of the "use" command, the "show options" command to configure the exploit's options, and the "exploit" command for executing the exploit.

Occupytheweb also argues that the "show payloads" command should be used to identify the best option to execute with...