Intro
"How did you get into hacking? how did you perfect it?" I'm sure most of you who are already in the Cyber Security field has been asked these questions. First of all, I haven't perfected, no one has, It's a tough journey that needs you stay on loop.
Getting Started
We have all been there, asking others to mentor us and asking them how they got in, basically procedures. Sincerely speaking there's no single procedure to get into any profession especially a Technical one that doesn't involve practice and research, and most importantly the drive within. Without the drive you'll be as confused as my ninja down here :)
... Many people will tell you that the way to get into info-sec is by practicing with CTF's (If you don't know this kindly google) I also googled the first day I heard of it, lol. Some will tell you that the best way is to go buy course materials out there, others will send you to platforms like cybrary.it, others will tell you to know basics of how stuff work then do research on how to beat the normal working. Everyone has an opinion and it's very right to have an opinion, all these are opinions. I will at least try to give the best opinion as well, something I have been trying for a long time and seems to be working.
Get The Basics
There's a big reason why you will get intros to any course out there. There's also a good reason why there are very many topics in the Computer Science field. This helps one to understand how almost everything works right from the history. The only problem with Formal/University/College studying is the fact that the tutors/lecturers don't show you the real value of why they teach you an old technology, an example is when I was in college, we did Analog and Digital Electronics, Microprocessors and dwelt so much on Old Intel technologies which was very boring. Nobody used to be happy with the classess coz we felt like other people in the US and the rest of the world are probably learning about core i5, and the rest. What we didn't know was that this was the best learning model to learn machine language from ground up. This hit me last year when i was trying to understand Assembly language and trying to understand how low level exploits work. If we had someone to show us this, I would have become a master long time ago, talk of writing FUD's e.t.c.
Understand What You Want
It is very important that you understand where your heart lies first, if you miss this then trust me you it won't be easy on you. Imagine someone like Messi(the soccer player) just deciding to go play Basketball?? will he even dunk, what of dribbling... you feel me? This is one of the mistakes people make. Cyber Security is a very wide field with very many sub-fields within, You can do anything from Audits to things that are much technical like exploit development. Research is key, and noticing your strengths.
Understand Standards
After noticing your strength lies somewhere say in Web and you fully understand the protocols, standards e.t.c, move to API, then Mobile. This way It will be very easy to move along. You really don't need to understand different languages to be a great Information Security Engineer, you just need to get a deep understanding on how stuff works. An example is some Mobile/API/Web App pentest I was doing last month. After intercepting network Traffic this is what I saw;
POST /api/v1/auth/login.json?username=admin%40apidomain.com&password=0000&app_version=19 HTTP/1.1
Authorization: Basic YWRtaW46MHVyX3BANDA2MncwcmQyMDE5X0tlbnlhCg==
Connection: close
Content-Length: 0
Host: erp.apidomain.com
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 354
Connection: close
Status: 201 Created
Cache-Control: max-age=0, private, must-revalidate
ETag: W/"a6e43c36a56e201dffeb29c5473808dd"
X-Runtime: 0.094977
X-Request-Id: d0c023d5-38df-40e7-9e34-d44874cb53c3
Date: Thu, 07 Nov 2019 09:53:59 GMT
X-Powered-By: Phusion Passenger 6.0.2
Server: nginx/1.15.8 + Phusion Passenger 6.0.2
{"access_token":"c6f2a3b48b2f0235b9030c2939865722","app_settings":{"sms_phone_number":"","forgot_password_msg":""},"agent":{"id":48175,"remote_id":48175,"erp_id":null,"erp_sales_id":291709,"associate_id":null,"is_sales":true,"username":"[email protected]","first_name":"Kris","last_name":"Omuchendani","phone_number":null},"about":null}
Observing this if you understand fundamentals of API Security should be simple, Authorization captured my attention, and on decoding that string which is obviously base64 gave admin credentials to the client's ERP system, I could lower amount of money on different products, clear some, I mean it gave me full control of their store. This is how I recovered the credentials;
[email protected]:~$ echo YWRtaW46MHVyX3BANDA2MncwcmQyMDE5X0tlbnlhCg== | base64 --decode admin:[email protected]_Kenya
Have A Feel Of What The Real World Is
Many will tell you that the best way to learn hacking is by doing CTF's, but how do you even begin attacking a Vulnerable VM if you don't even understand how attacks are normally done? If you don't even know why someone is running a command like netdiscover from a write-up that you just googled outa there? Here is what I think one should do to start learning hacking practically, If you want to begin with Web for instance, google for OWASP top 10 web, get one of their recommended vulnerable Application, e.g. OWASP Juice Shop which tests around all the OWASP top 10. Read the first first vulnerability according to the guideline, Get more understanding about that vulnerability, after understanding try now to attack the Vulnerable Web App using the vectors given, move to the second one according to OWASP, repeat, at the end of the day you will have understood how hacking happens rather than just going out there to do CTF's, cheating on them by googling write-ups which end up not helping you at the end of the day.
Practice And Research
To stay in this field, you gotta make friends, read blogs, and hack hack hack. You need to do practice and the only way is trying new things, I'm not saying you go hacking people's apps, but have developers who are friends, ask for permission from them to test their apps for free, this will help you know a lot not just technically but also psychologically. Imagine seeing vulnerabilities by just looking at a password reset link like this; https://159.203.60.168/recoverpassmy.php?id=8922&authorization=896C262 . If you haven't seen the vulnerabilities/possible vulnerabilities I will try and list them;
- SQL Injection
- Use of Incremental User ID instead of something like UUID
I could give tens of common vulnerabilities/possible vulnerabilities you can spot by just looking at something but that's not the purpose of this blog. You can get in touch with me for more. I will try spare some time to be sharing materials and writing insights.
About Me
Name: Shadrack Kube, LinkedIn: https://www.linkedin.com/in/shadrack-kube/ Email:[email protected]