File Hacker's Toolset for 2022 preview.pdf
2022 is finally here and the new year means new challenges and possibilities. Many of you probably made some New Year’s skill building resolutions, and that’s why in January we wanted to create an edition that’ll help you learn many new tools and techniques to enrich your hacking arsenal. Here’s what you’ll read about:
- how to automate your work in Nmap, using Python and the new Nmap extension - Nmapthon2;
- how to detect a docker container using a simple Python script;
- an introduction to Empire for red teamers;
- what is digital twin technology and what are its risks and advantages;
- how to develop shellcode and exploit users’ vulnerabilities using MSFVENOM;
- what are HTTP header vulnerabilities and how to exploit them;
- how to develop your attack automation skills;
- what is the CVE-2021-43772 vulnerability;
…and more! As you can see, this issue is very diverse and it aims to help you develop your skills in many fields of ethical hacking. We believe both advanced and intermediate hackers will find something for themselves!
We also wish you all the best for the upcoming year - we hope it’ll be fruitful in new and positive experiences and opportunities for a better future.
We would like to thank our amazing contributors, reviewers, and proofreaders, without whom this issue wouldn’t be possible.
Enjoy your reading,
Magdalena Jarzębska and Hakin9 Editorial Team
Table of Contents
Nmapthon2: A Modern Approach to Nmap Automation with Python
Christian Barral López
The most used programming language in 2021 was Python (StatisticsTimes, 2021), so wouldn´t it be awesome to be able to create applications with the most popular programming language in the world that were able to perform everything Nmap can, and more? That is what this article is all about, automating Nmap scans using Nmapthon2 in Python (Barral López, 2021). We will explain the main features of Nmapthon2 and present real-world problems that could be solved with a few lines of code using this module. Keep in mind that this article is not about using Nmap, so it is recommended to have a basic understanding on how the application works before continuing.
Python Container Detection
Now, if you are the forever curious hacker or a hired gun brought in to test the security posture of an organization, you now have some obstacles to overcome so that you can reach your true target. While there are many ways to discover whether or not you're engaging with a container environment we are going to create a script that will automate the process for us as we are super busy hackers on a mission.
Introduction to Empire
But when talking about RAT’s, one cannot overlook the simple to use, yet sophisticated, Empire, initially developed by Will Schroder, Justin Warner, and Matt Nelson, who combined several earlier tools to one enhanced framework. Unlike Metasploit and Cobalt Strike, which can be overwhelming at first glance, Empire is much more beginner-friendly, but make no mistake, in the right hands it can be very powerful.
Digital Twin’s Technology and the Future
Digital twin is the virtual replica of physical assets or real-time digital counterpart of a physical object or process. The breakup of this word comes down to the digital thread which is the lowest level design and specification for a digital twin—and the "twin" in itself is dependent on the digital thread to ensure the accuracy. As it is subject to continuous changes, it is controlled via engineering change orders (ECO) which leads to iterative versions of the item's digital thread, and ultimately on the digital twin.
Develop Shellcode and Bypass Defense Mechanism
Joas Antonio dos Santos
In the area of exploit development, shellcode is essential for exploiting a vulnerability. Shellcode is defined as a set of instructions injected and then executed by an exploit. Shellcode is used to directly manipulate the logs and functionality of an exploit, even securing a shell on the target machine, which is its main purpose and many pegged the Shell codename to refer to it, but maybe just pass the idea. I will use a simple practice from my studies at night, and even to avoid getting rusty, I will develop a demonstration of the development of a simple shellcode that generates a /bin/bash through a syscall 11, being a function that does the mapping in memory and passes some program name as an argument.
Developing Your Attack Automation Skills
Automating attacks can bring a great deal of added value to both penetration testing and red teaming, as automation can help in developing scripted scenarios that can look for specific types of vulnerabilities. Similarly, automation makes it possible to extend tools, or even interact with tools in new and different ways, thereby enhancing the capability of a given tool. As such, this article will focus on an automation methodology – what I refer to as the Attack Sequence Framework – as a means of structuring attack automation development. Essentially, the framework walks through functional decomposition of a target environment, the mapping of functionality to specific operational categories, and finally, implementing the attack with Python.
HTTP Header Vulnerabilities
HTTP is an application layer protocol used for transferring web traffic. Similar to other TCP/IP protocols, its packet consists of two main sections, Header and Payload. Unfortunately, in its development, security flaws were not considered and these vulnerabilities were exploited many times by attackers. For the sake of recovering such deficiencies, security headers were implemented. For instance, if the request didn’t contain some special attribute with the correct value assigned inside the header, or if the header was malformed in some way, an attacker may be able to exploit these vulnerabilities to perform vicious purposes. To avoid compromising accessibility and security, developers can design more secure applications through configuring header attributes accurately. Major vulnerabilities could arise if HTTP header attributes are not configured correctly.
Red Team vs Blue Team
The Red Team always assumes the role of the adversary and is entrusted with finding means of compromising the security controls in place within the organization. These may relate to people, the technology stack, or systems in place currently. The Blue Team always assumes the role of the defender. The Blue Team is made up of incident responders and analysts primed to maintain and protect the internal systems and critical assets from attack, unwarranted risk, or threats. This article is a brief introduction into "Red Team vs Blue Team" model.
The Reality of Cyber Attacks
Curiosity is a natural thing for human beings, after all, who has never wanted to know how the magician managed to pull the rabbit out of the hat? Or, trying to guess how David Copperfield made a person disappear in the crowd? Or how the legendary Harry Houdini was able to free himself from the handcuffs that imprisoned him? In the world of technology, it is no different, even with billions of data leaks by different sources around the world, tools known as THC Hydra, Wireshark, Nikto, Nmap, Kismet, Aircrack-ng, Cain and Abel, John the Ripper, among others, or even using the old tricks, it is still possible to impress the audience by achieving the goal.
CVE-2021-43772 is about attacking one of the newest and most necessary mitigations of antivirus solutions, “Ransomware Protection” or, as TrendMicro named it, “Folder Shield”. You will see how implicit trust of antivirus solutions without a multilayer functional security structure can harm your assets.