HACK Your Offensive Security Side
In short, offensive security is the process of breaking into computer systems,
exploiting software bugs, and finding loopholes in applications to gain
unauthorized access to them.
To beat a hacker, you need to
behave like a hacker, finding vulnerabilities and recommending patches before
a cybercriminal does.
On the flip side, there is also defensive
security, which is the process of protecting an organization's network and
computer systems by analyzing and securing any potential digital threats;
learn more in the digital forensics room.
In a defensive cyber
role, you could be investigating infected computers or devices to understand
how it was hacked, tracking down cybercriminals, or monitoring infrastructure
for malicious activity.
Practical
First of for your kind information all kinds of things which is used
here all exercises are fake simulations so don't panic and don't go dark side
okay!!.
Find hidden website pages
Most companies will have an admin portal page, giving their
staff access to basic admin controls for day-to-day operations. For a bank, an
employee might need to transfer money to and from client accounts. Often these
pages are not made private, allowing attackers to find hidden pages that show,
or give access to, admin controls or sensitive data.
Type the following command into the terminal to find potentially hidden
pages on FakeBank's website using GoBuster (a
command-line security application).
gobuster -u http://420fakebank.co.uk -w wordlist.txt dir
In the command above, -u is used to state the website we're
scanning, -w takes a list of words to iterate through to find
hidden pages.
You will see that GoBuster scans the website
with each word in the list, finding pages that exist on the site.
GoBuster will have told you the pages it found in the list of page
/directory
names (indicated by Status: 200).
Hack the bank
You should have found a secret bank transfer page that
allows you to transfer money between accounts at the bank
(/bank-transfer). Type the hidden page into the
FakeBank website on the machine.
This page allows an attacker to steal money from any bank account, which is a critical risk for the bank. As an ethical hacker, you would (with permission) find vulnerabilities in their application and report them to the bank to fix before a hacker exploits them.
Transfer $2000 from the bank account 2276, to your account
(account number 8881).
How can I start learning?
People often wonder how others become hackers (security consultants) or defenders (security analysts fighting cybercrime), and the answer is simple. Break it down, learn an area of cyber security
you're interested in, and regularly practice using hands-on
exercises. Build a habit of learning a little bit each day on differnt types of
website, and you'll acquire the knowledge to get your first job
in the industry.
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.