newcohospitality.com

Understanding Hacking — A Beginner's Guide to Cybersecurity

Written on

Hacking is often misunderstood, but it doesn't have to be complex. This article aims to demystify the world of hacking for those who may not have a technical background, providing a basic understanding of key concepts.

Recently, I achieved my Offensive Security Certified Professional (OSCP) certification, a credential recognized in penetration testing, often referred to as "legal hacking." While some regard it as a gateway to a career in this field, I see it as a foundational certification that covers essential topics like operating systems, networking, and machine exploitation.

In my journey, I've often found myself explaining hacking to friends, family, and colleagues, who usually respond with curiosity and many questions. To help clarify, I decided to create two write-ups: one for non-IT individuals and another for those with a technical background. This piece is specifically for those without a tech background, so I will simplify some concepts while aiming to provide an accurate overview.

Common questions include, "Can you hack my Facebook?" and "Is this taught by ex-criminals?" To clarify:

  • If I were to attempt to hack your Facebook account, I would likely employ social engineering tactics, tricking you into revealing your password or clicking a malicious link. However, a well-protected platform like Facebook should not allow unauthorized access without your involvement.
  • Penetration testing is not a clandestine activity run by criminals; rather, it's taught in educational institutions to equip individuals with skills for legal applications. Organizations like banks hire penetration testers to identify vulnerabilities in their systems, emphasizing that ethical hacking is legitimate when performed correctly.

Now, let’s explore how hacking functions in practice. Contrary to the dramatic portrayals in movies, real hacking is often less visually appealing. It generally involves lines of text on a black screen, devoid of flashy graphics.

What does hacking look like?

Before demonstrating how I would hack a virtual machine, let’s quickly introduce a technical concept: using a shell to interact with computers.

Most users are accustomed to graphical interfaces, as shown in the following image:

In this interface, you can click on files and view their contents. However, many programmers, system admins, and hackers prefer using a shell—a text-based interface that provides similar functionality:

Using the shell, we can access files and execute commands, just like in the graphical interface. For example, we can view the contents of a file named shell-tutorial.txt using the type command:

While shells may not be user-friendly, they are powerful tools for executing commands and managing data.

Now that we’ve covered the basics, let’s move on to hacking a machine.

Hacking the Practice Machine BillyBoss

For this demonstration, I'll hack a virtual machine named BillyBoss from offsec.com, the site where the OSCP certification is offered. OffSec provides various practice machines for this purpose. Our goal is to gain access to the machine to execute commands and eventually elevate our privileges to Administrator level.

#### Gaining Access

The initial step involves examining the machine to determine what services are running. Gathering information like this is crucial as it can help us figure out how to gain access.

While I will simplify the process here, our investigation reveals that the Sonatype Nexus Repository Manager is running on the machine:

This service is accessible via a web interface, and we notice it is running version 3.21.0, which may be significant.

Next, we check for publicly available exploits for this software on exploit-db.com, a database of known vulnerabilities. When developers receive reports about vulnerabilities, they usually have time to fix them before they become public knowledge. Consequently, security experts can learn from these exploits to assess their own systems’ vulnerabilities.

In this case, we find an exploit we can utilize:

Upon reviewing the exploit, we see a note indicating that Sonatype Nexus Repository Manager is vulnerable if running version 3.21.1 or lower. Since we are on version 3.21.0, we can expect this software to have vulnerabilities.

To execute this exploit, which is a Python script, we download it and modify the commands to target the IP of the machine we want to access. I won't delve into the specifics here, but we run the script to check for access:

The output indicates that the commands executed successfully. We can see a connection established between 192.168.45.156 (our IP) and 192.168.249.61 (the IP of the BillyBoss machine):

With a shell now available, we can check for Admin privileges by attempting to access the Administrator user’s Desktop:

We lack Admin privileges at this stage, but we can seek ways to escalate our access.

#### Privilege Escalation

For this machine, the process of escalation is somewhat technical, so I’ll summarize it. We begin by checking the privileges available to us:

Here, we notice the SeImpersonatePrivilege, which can be risky for technical reasons. We then transfer necessary files to BillyBoss (namely JPNG.exe and shell.exe) and execute them:

Essentially, we are using a tool called JuicyPotatoNG to trick the machine into executing shell.exe with Admin privileges. After running this, we verify on our Linux machine that we have obtained an Admin shell:

On Windows, "Admin" and "SYSTEM" are nearly interchangeable terms. We can now access the folder we were previously denied:

While the specific contents have been redacted, we have successfully accessed the proof file, indicating that we possess full Administrative rights on the machine.

In a real-world scenario, a hacker might secure their access by installing a backdoor, allowing for future entry into the machine, potentially even creating new Admin accounts.

Final Thoughts

This write-up has illustrated that hacking is far less glamorous than depicted in films. The essence of hacking lies in understanding the problem and methodically addressing it. Nowadays, exploits and cybersecurity knowledge are widely shared online. While this sharing can pose risks, it also equips "the good guys" with the tools to counteract "the bad guys."

For non-technical readers, the key takeaway is to adopt sound security practices, like regularly updating your devices. As you've seen, vulnerabilities are frequently discovered across various software. Keeping your software updated is the best defense against potential attacks.

Additionally, to secure your social media accounts, such as Facebook, enable multi-factor authentication (MFA), use unique passwords, and never share your passwords with anyone.

To follow my updates on X (formerly Twitter), you can find me here:

<div class="link-block">

<div>

<div>

<h2>x.com</h2>

<div><h3>Edit description</h3></div>

<div><p>x.com</p></div>

</div>

<div></div>

</div>

</div>

If you're interested in exploring my unfiltered notes from the OSCP and other red-teaming exercises, feel free to check out my GitHub repository here:

<div class="link-block">

<div>

<div>

<h2>GitHub — fanicia/security-notes: Markdown repo for notes on all things redteaming</h2>

<div><h3>Markdown repo for notes on all things redteaming. Contribute to fanicia/security-notes development by creating an…</h3></div>

<div><p>github.com</p></div>

</div>

<div></div>

</div>

</div>