Learn to hack: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
mNo edit summary
Line 3: Line 3:
Make sure that you follow good OPSEC when carrying out your operations! See [https://enlacehacktivista.org/index.php?title=Learn_to_hack#Operational_security OPSEC]
Make sure that you follow good OPSEC when carrying out your operations! See [https://enlacehacktivista.org/index.php?title=Learn_to_hack#Operational_security OPSEC]


= General Resources =
== General Resources ==


Resources that assume little to no background knowledge:
Resources that assume little to no background knowledge:
Line 46: Line 46:
* https://github.com/ytisf/theZoo/tree/master/malware
* https://github.com/ytisf/theZoo/tree/master/malware


== General references ==
=== General references ===


General resources you may find useful for learning.  
General resources you may find useful for learning.  
Line 57: Line 57:
See recommended reading [https://libgen.fun books] that will aid you in your learning. See [[recommended reading in the library]]
See recommended reading [https://libgen.fun books] that will aid you in your learning. See [[recommended reading in the library]]


= Operational security =
== Operational security ==


Operational security (OPSEC) is crucial for protecting oneself from surveillance and maintaining anonymity while conducting hacktivist operations.
Operational security (OPSEC) is crucial for protecting oneself from surveillance and maintaining anonymity while conducting hacktivist operations.
Line 67: Line 67:
For more information on recommended operational security measures, see [[Opsec Measures]]
For more information on recommended operational security measures, see [[Opsec Measures]]


== Secure Messaging ==
=== Secure Messaging ===


Best practice for secure messaging includes proxying connections over Tor and using end-to-end encryption for messages.
Best practice for secure messaging includes proxying connections over Tor and using end-to-end encryption for messages.


=== Recommended Applications ===
==== Recommended Applications ====


For Jabber/XMPP, make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.
For Jabber/XMPP, make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.
Line 77: Line 77:
For more information on recommended applications, see [[Secure Messaging Applications]]
For more information on recommended applications, see [[Secure Messaging Applications]]


= Initial Access =
== Initial Access ==


There are many ways to get a [https://attack.mitre.org/tactics/TA0001/ initial access] into a targets network, from phishing, buying credential access, buying infected machines in corporate networks, password spraying, performing a targeted [https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets penetration test] and spray and pray scanning for vulnerabilities and hacking in. Here we list some resources in these regards.
There are many ways to get a [https://attack.mitre.org/tactics/TA0001/ initial access] into a targets network, from phishing, buying credential access, buying infected machines in corporate networks, password spraying, performing a targeted [https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets penetration test] and spray and pray scanning for vulnerabilities and hacking in. Here we list some resources in these regards.
Line 99: Line 99:
For more information on recommended tools and resources, see [[OSINT Tools and Resources]]
For more information on recommended tools and resources, see [[OSINT Tools and Resources]]


= Post exploitation =
== Persistence ==
Once you've found a weakness in your targets infrastructure and have been able to gain [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures initial access] you'll want to keep it and avoid detection to maintain your access to your targets network for as long as possible.
 
See [[Persistence]].
 
== Post exploitation ==


=== Windows ===
=== Windows ===
Line 138: Line 143:
* Tips, Tricks & Hacks Cheat Sheet: https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet
* Tips, Tricks & Hacks Cheat Sheet: https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet


=== Persistence ===
== Exfiltration ==
Once you've found a weakness in your targets infrastructure and have been able to gain [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures initial access] you'll want to keep it and avoid detection to maintain your access to your targets network for as long as possible.
One of the main objectives for a hacktivist is that of exfiltrating data, company secrets and if your motivations is that of revealing corruption then this step is of the most importance.
 
See [[Data Exfiltration]] for techniques and methods for exfiltrating data out of your targets network.
 
== Destruction ==
There may be times during a hacktivist operation when you come to the end of your hack, you've fully compromised your target, exfiltrated everything you can/want and now before finally leaving the network and leaking all the targets secrets online you want to cause chaos and destruction. [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T As was seen by Guacamaya] where they used <code>sdelete64.exe -accepteula -r -s C:\*</code> to wipe systems attached to Pronicos domain you might also want to do the same for Linux and Windows systems in your operations, maybe you want to recursively print a text file with your manifesto across a system/network, encrypt files beyond recovery or just delete everything.
 
See [[Chaos and Destruction]] for different ways to achieve this!
 
== Hacking Misc ==
 
=== API Hacking ===
Application Programming Interfaces (APIs) are the plumbing of today’s financial services and FinTech infrastructure, enabling FinTechs to embed banking into their apps and banks to offer a more unified experience to their customers demanding more from their bank ([https://web.archive.org/web/20230713230449if_/https://cdn-153.anonfiles.com/a5Q8c02azf/b80f3b8b-1689290042/Scorched-Earth-Whitepaper.pdf Knight]). [https://owasp.org/www-project-api-security APIs can be exploited] and aid in data exfiltration and taking advantage of an existing service.
 
See [[Hacking APIs]]


See [[Persistence]].
=== IoT Hacking ===
* https://github.com/V33RU/IoTSecurity101


= Office 365 & Azure =
=== Office 365 & Azure ===
* Extremely in-depth technical info on everything https://o365blog.com
* Extremely in-depth technical info on everything https://o365blog.com
* https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html
* https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html
Line 153: Line 173:
* https://www.inversecos.com
* https://www.inversecos.com


=== Tools ===
==== Tools ====
* https://github.com/nyxgeek/o365recon
* https://github.com/nyxgeek/o365recon
* https://github.com/dirkjanm/ROADtools
* https://github.com/dirkjanm/ROADtools
Line 164: Line 184:
* https://github.com/dafthack/MFASweep
* https://github.com/dafthack/MFASweep


= Exfiltration =
== Product-specific Hacking ==
One of the main objectives for a hacktivist is that of exfiltrating data, company secrets and if your motivations is that of revealing corruption then this step is of the most importance.
 
See [[Data Exfiltration]] for techniques and methods for exfiltrating data out of your targets network.
 
= Destruction =
There may be times during a hacktivist operation when you come to the end of your hack, you've fully compromised your target, exfiltrated everything you can/want and now before finally leaving the network and leaking all the targets secrets online you want to cause chaos and destruction. [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T As was seen by Guacamaya] where they used <code>sdelete64.exe -accepteula -r -s C:\*</code> to wipe systems attached to Pronicos domain you might also want to do the same for Linux and Windows systems in your operations, maybe you want to recursively print a text file with your manifesto across a system/network, encrypt files beyond recovery or just delete everything.
 
See [[Chaos and Destruction]] for different ways to achieve this!
 
= Hacking Misc =
 
== API Hacking ==
Application Programming Interfaces (APIs) are the plumbing of today’s financial services and FinTech infrastructure, enabling FinTechs to embed banking into their apps and banks to offer a more unified experience to their customers demanding more from their bank ([https://web.archive.org/web/20230713230449if_/https://cdn-153.anonfiles.com/a5Q8c02azf/b80f3b8b-1689290042/Scorched-Earth-Whitepaper.pdf Knight]). [https://owasp.org/www-project-api-security APIs can be exploited] and aid in data exfiltration and taking advantage of an existing service.
 
See [[Hacking APIs]]
 
== IoT Hacking ==
* https://github.com/V33RU/IoTSecurity101
 
= Product-specific Hacking =


== GSuite ==
=== GSuite ===
https://www.slideshare.net/dafthack/ok-google-how-do-i-red-team-gsuite
https://www.slideshare.net/dafthack/ok-google-how-do-i-red-team-gsuite


== VMware ==
=== VMware ===
* Exploiting vCenter to add vSphere user: https://github.com/HynekPetrak/HynekPetrak/blob/master/take_over_vcenter_670.md
* Exploiting vCenter to add vSphere user: https://github.com/HynekPetrak/HynekPetrak/blob/master/take_over_vcenter_670.md
* VMware Workspace ONE Access and Identity Manager RCE via SSTI. [https://attackerkb.com/topics/BDXyTqY1ld/cve-2022-22954/rapid7-analysis CVE-2022-22954:] Unauthenticated server-side template injection. [https://github.com/tunelko/CVE-2022-22954-PoC Mass Exploit]
* VMware Workspace ONE Access and Identity Manager RCE via SSTI. [https://attackerkb.com/topics/BDXyTqY1ld/cve-2022-22954/rapid7-analysis CVE-2022-22954:] Unauthenticated server-side template injection. [https://github.com/tunelko/CVE-2022-22954-PoC Mass Exploit]


== RocketChat ==
=== RocketChat ===
* Account hijacking and RCE as admin: [https://web.archive.org/web/20210805092939/https://edbrsk.dev/content/real-cases/how-I-compromised-300-stores-and-a-spanish-consultancy https://edbrsk.dev/content/real-cases/how-I-compromised-300-stores-and-a-spanish-consultancy]
* Account hijacking and RCE as admin: [https://web.archive.org/web/20210805092939/https://edbrsk.dev/content/real-cases/how-I-compromised-300-stores-and-a-spanish-consultancy https://edbrsk.dev/content/real-cases/how-I-compromised-300-stores-and-a-spanish-consultancy]


== Microsoft Exchange ==
=== Microsoft Exchange ===


ProxyLogon is dead. It's mitigated by Defender. ProxyShell is not. AMSI catches unmodified public exploits.
ProxyLogon is dead. It's mitigated by Defender. ProxyShell is not. AMSI catches unmodified public exploits.

Revision as of 14:14, 4 August 2023

This page aims to compile high quality resources for hackers for both the experienced and inexperienced. All books listed on this page can be found on Library Genesis.

Make sure that you follow good OPSEC when carrying out your operations! See OPSEC

General Resources

Resources that assume little to no background knowledge:

Resources that assume minimal tech background:

Resources that assume a tech or hacking background:

The Bug Hunters Methodology:

Practice labs:

Appsec:

Malware, a collection of malware source code and binaries:

General references

General resources you may find useful for learning.

See General References

OWASP Top 10 is a broad consensus about the most critical security risks to web applications. See TryHackMe's room for practical OWASP Top 10 learning and their Juice Shop.

Recommended Reading - The Library

See recommended reading books that will aid you in your learning. See recommended reading in the library

Operational security

Operational security (OPSEC) is crucial for protecting oneself from surveillance and maintaining anonymity while conducting hacktivist operations.

Recommended Measures

Any illegal hacktivity should be done from an encrypted and separate computer or virtual machine, with all traffic router over Tor.

For more information on recommended operational security measures, see Opsec Measures

Secure Messaging

Best practice for secure messaging includes proxying connections over Tor and using end-to-end encryption for messages.

Recommended Applications

For Jabber/XMPP, make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.

For more information on recommended applications, see Secure Messaging Applications

Initial Access

There are many ways to get a initial access into a targets network, from phishing, buying credential access, buying infected machines in corporate networks, password spraying, performing a targeted penetration test and spray and pray scanning for vulnerabilities and hacking in. Here we list some resources in these regards.

For more information on gaining a foothold, see Initial Access Tactics, techniques and procedures

Scanning and Recon

For scanning and recon tools, see Scanning and Recon. Make sure to make use of your tool's documentation and read the help menu (-hh/-h/--help).

Search Engines

Search engines are a useful tool for gathering information and intelligence from publicly available sources. Some are paid and some are free. Make sure to operate good OPSEC whenever placing a purchase for any service that will be used in your recon on a target.

For more information on recommended search engines, see Search Engines Resources

OSINT

Open-source intelligence (OSINT) refers to the collection and analysis of information from publicly available sources.

For more information on recommended tools and resources, see OSINT Tools and Resources

Persistence

Once you've found a weakness in your targets infrastructure and have been able to gain initial access you'll want to keep it and avoid detection to maintain your access to your targets network for as long as possible.

See Persistence.

Post exploitation

Windows

Find common vulnerabilities and misconfigurations in a windows environment to escalate your privileges: winPEAS

Active Directory

Active Directory General Tools & resources you may find useful for learning.

See Active Directory for learning resources and tools.

Antivirus & EDR Evasion

Linux

Exfiltration

One of the main objectives for a hacktivist is that of exfiltrating data, company secrets and if your motivations is that of revealing corruption then this step is of the most importance.

See Data Exfiltration for techniques and methods for exfiltrating data out of your targets network.

Destruction

There may be times during a hacktivist operation when you come to the end of your hack, you've fully compromised your target, exfiltrated everything you can/want and now before finally leaving the network and leaking all the targets secrets online you want to cause chaos and destruction. As was seen by Guacamaya where they used sdelete64.exe -accepteula -r -s C:\* to wipe systems attached to Pronicos domain you might also want to do the same for Linux and Windows systems in your operations, maybe you want to recursively print a text file with your manifesto across a system/network, encrypt files beyond recovery or just delete everything.

See Chaos and Destruction for different ways to achieve this!

Hacking Misc

API Hacking

Application Programming Interfaces (APIs) are the plumbing of today’s financial services and FinTech infrastructure, enabling FinTechs to embed banking into their apps and banks to offer a more unified experience to their customers demanding more from their bank (Knight). APIs can be exploited and aid in data exfiltration and taking advantage of an existing service.

See Hacking APIs

IoT Hacking

Office 365 & Azure

Tools

Product-specific Hacking

GSuite

https://www.slideshare.net/dafthack/ok-google-how-do-i-red-team-gsuite

VMware

RocketChat

Microsoft Exchange

ProxyLogon is dead. It's mitigated by Defender. ProxyShell is not. AMSI catches unmodified public exploits.

Retrieved from "https://enlacehacktivista.org/index.php?title=Learn_to_hack&oldid=1374"