Rating: 5 out of 5 stars
5/5
Ebook243 pages1 hour
How to Hack Like a GOD: Hacking the Planet, #2
By sparc Flow
Rating: 5 out of 5 stars
5/5
()
About this ebook
Ever wondered how hackers breach big corporations? Wonder no more. We detail a step-by-step real life scenario to hack a luxury brand, steal credit card data and spy on board members.
Art of exploitation
We start by building a small hardware backdoor that we plant in a retail store owned by our target brand. You get to learn about the Wiegand protocol and how to bypass card readers found in all major shops and companies.
Network security
Using our backdoor as a pivot, we infiltrate the internal network and exploit NTLM vulnerabilities to connect to a random server. We bypass Applocker rules and elevate privileges to take control over the streaming screens in the shop. But, that's not enough for us now is it?
We map the company's network architecture and bounce from server to server using "Pass-the-ticket"techniques and domain trusts in a Windows Forest. We land on HQ networks at the other end of the globe.
Art of intrusion
Once inside the main network, we hack a couple of servers (Golden ticket, Token impersonation, etc.) and manage to break into an IBM Z Mainframe, where credit card data is stored. We exfiltrate data from the Mainframe, then smuggle them off the network without triggering the DLP software.
Finally, we explore how to execute code on the laptop of every board member and spy on their meetings.
No metasploit and other old hacking tricks
We go through each hacking trick step-by-step: from bypassing Citrix/Applocker to abusing Kerberos and hacking a Mainframe. The idea is to help you replicate these procedures during your engagements.
All custom attack payloads are provided and explained thoroughly in the book.
Related to How to Hack Like a GOD
Titles in the series (6)
How to Hack Like a Pornstar: Hacking the Planet, #1 How to Hack Like a GOD: Hacking the Planet, #2 Rating: 5 out of 5 stars5/5Ultimate Hacking Challenge: Hacking the Planet, #3 Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5How to Hack Like a Legend: Hacking the Planet, #7 Rating: 5 out of 5 stars5/5How to Investigate Like a Rockstar: Hacking the Planet Rating: 0 out of 5 stars0 ratings
Related ebooks
Ultimate Hacking Challenge: Hacking the Planet, #3 Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar: Hacking the Planet, #1 Rating: 5 out of 5 stars5/5How to Investigate Like a Rockstar: Hacking the Planet Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Legend: Hacking the Planet, #7 Rating: 5 out of 5 stars5/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5Hacking Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK Rating: 5 out of 5 stars5/5A First Course In Ethical Hacking Rating: 0 out of 5 stars0 ratingsUltimate guide for being anonymous: Avoiding prison time for fun and profit Rating: 4 out of 5 stars4/5Hacked: The Ultimate Guidence Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Hack Computer System For Noobee Rating: 1 out of 5 stars1/5Hacking: 10 Easy Beginners Tutorials on How to Hack Plus Basic Security Tips Rating: 0 out of 5 stars0 ratingsHacking: Computer Hacking for beginners, how to hack, and understanding computer security! Rating: 5 out of 5 stars5/5Basic Wifi Hacking Rating: 0 out of 5 stars0 ratingsEthical Hacking Rating: 4 out of 5 stars4/5Darknet Rating: 4 out of 5 stars4/5Hacking into Hackers’ Head: A step towards creating CyberSecurity awareness Rating: 5 out of 5 stars5/5Mastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsHackerTools Crack With Disassembling Rating: 2 out of 5 stars2/5Wifi Hacking Strategy & Ideas Rating: 0 out of 5 stars0 ratingsComputer Hacking: The Crash Course Guide to Learning Computer Hacking Fast & How to Hack for Beginners Rating: 0 out of 5 stars0 ratingsLearn Ethical Hacking: A Help Book of Ethical Hacking Rating: 0 out of 5 stars0 ratingsUnderstanding Network Hacks: Attack and Defense with Python Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5
Security For You
Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5Game Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Hacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security Rating: 0 out of 5 stars0 ratingsAmazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratings
Related podcast episodes
69: Human Hacker: Human Hacker 0% found this document usefulOSINT: Who's watching you? 0% found this document usefulSocial Engineering works because we're human. 0% found this document usefulEpisode 24: To 3D Secure or Not? For Merchants That is the Question 0% found this document usefulLIVE from CNP Expo 2019! -Social Engineering Calls 0% found this document usefulBonus: Afternoon Cyber Tea: IoT-Based Infrastructures 0% found this document usefulRERUN: Hacking for Dollars 0% found this document useful
Related articles
Hacker’s Manual Maximum PCArticle
Hacker’s Manual
Mar 2, 2021
1 min readHacker’s Manual Linux FormatArticle
Hacker’s Manual
Nov 17, 2020
1 min read“Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker” PC Pro MagazineArticle
“Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker”
Aug 12, 2021
If you’ve ever attended an infosec or cybersecurity event, you will no doubt have noticed the preponderance of “Hacking is NOT a Crime” stickers. In 2018, some 500 such stickers were handed out at the DEF CON 26 event, the following year 5,000 were d
7 min read“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive” PC Pro MagazineArticle
“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive”
Jan 6, 2022
7 min readSocial Engineering Maximum PCArticle
Social Engineering
Oct 15, 2019
5 min readHacker’s Manual APCArticle
Hacker’s Manual
Apr 19, 2021
1 min readCyber Insecurity Linux FormatArticle
Cyber Insecurity
Nov 17, 2020
Each year we proclaim it’s time to learn how to hack. But why? Jonni always gets angry at the subversion of the term ‘hacking’ and I can understand why. Hacking is fun, as is finding out how systems work and how to get them to do things they were nev
1 min readModern Hacking, Ethics And Statistics Linux FormatArticle
Modern Hacking, Ethics And Statistics
May 31, 2022
Agerund and an infinitive walk in to the Linux kernel. They were hacking to learn. An awful adaptation of a (drinking to forget) joke, but a reasonable opener. An incredibly useful maxim from long ago hacker lore is “don’t learn to hack, hack to lear
5 min readIntroducing Kali Maximum PCArticle
Introducing Kali
Mar 2, 2021
4 min readRun Kali Linux NetHunter on Android Linux FormatArticle
Run Kali Linux NetHunter on Android
Jan 14, 2020
7 min readMy Deep Dive Into One Of The Largest Dark Web Hacking Forums | Dylan Curran The GuardianArticle
My Deep Dive Into One Of The Largest Dark Web Hacking Forums | Dylan Curran
Jul 24, 2018
4 min readThe Hacker’s Pearl Harbor NewsweekArticle
The Hacker’s Pearl Harbor
Nov 11, 2016
6 min readKRACK Wi-Fi Attack Threatens All Networks: How to Stay Safe and What You Need to Know PCWorldArticle
KRACK Wi-Fi Attack Threatens All Networks: How to Stay Safe and What You Need to Know
Dec 4, 2017
5 min readHacking Banks Linux FormatArticle
Hacking Banks
Dec 17, 2019
4 min readKRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know MacWorldArticle
KRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know
Nov 29, 2017
5 min readHack The Planet/Parrot Linux FormatArticle
Hack The Planet/Parrot
May 31, 2022
2 min readNetwork Attacks TechLifeArticle
Network Attacks
Sep 21, 2020
Though less common than malware and social engineering, network-based attacks are still a threat to every computer and mobile user, and everyone should have at least a basic understanding of what they are and how to avoid them. So this month let’s lo
4 min readHack The System Linux FormatArticle
Hack The System
Dec 17, 2019
If you followed our handy guide on the previous pages, then you’ll already have augmented your Kali Light installation with Nmap, a port-scanning utility par excellence and a vital part of any pen-tester’s arsenal. As mentioned on the DVD page (there
4 min readHacker Distributions Linux FormatArticle
Hacker Distributions
Nov 17, 2020
1 min readEverything You May Have Wanted to Know About Ethical/Whitehat Hackers TechfastlyArticle
Everything You May Have Wanted to Know About Ethical/Whitehat Hackers
Oct 21, 2020
5 min readThe Low-Tech Hack You're Not Prepared For EntrepreneurArticle
The Low-Tech Hack You're Not Prepared For
Sep 1, 2016
1 min readHacking Power New PhilosopherArticle
Hacking Power
Jul 30, 2018
4 min readPeople Are Secretly Buying Handguns On The Dark Web FuturityArticle
People Are Secretly Buying Handguns On The Dark Web
Apr 24, 2019
2 min readRunning The Linux Desktop On Android Linux FormatArticle
Running The Linux Desktop On Android
Oct 22, 2019
9 min readFrom Child Hacker To Bug Hunter How It WorksArticle
From Child Hacker To Bug Hunter
Mar 19, 2020
Why did you become a black hat hacker? At school I would finish my work in ten minutes and spend the rest of the lesson playing on the computer. I was 10 or 11 when I stumbled across a chatroom whose members taught me how to hack – I was just a bore
1 min readData Recovery APCArticle
Data Recovery
Mar 21, 2022
12 min readDiscover The Secret IPhone Hack Codes iCreateArticle
Discover The Secret IPhone Hack Codes
Mar 26, 2020
Did you know that your iPhone comes with its own set of manufacturer codes that are used to access detailed information about the device? Typing these codes into the Phone app’s keypad allows you to access hidden modes, troubleshoot any issues that y
1 min readRevisiting Tor TechLifeArticle
Revisiting Tor
Aug 24, 2020
4 min readNmap Deep Dive Linux FormatArticle
Nmap Deep Dive
May 31, 2022
5 min readHack Your Bluetooth ComputeractiveArticle
Hack Your Bluetooth
Jun 2, 2021
4 min read
Reviews for How to Hack Like a GOD
Rating: 5 out of 5 stars
5/5
1 rating0 reviews
Book preview
How to Hack Like a GOD - sparc Flow
Foreword
Fashion brands tend to portray an elegant image of their products and designs. But what about the underlying machinery and computers that power their fancy fashion shows? How elegant is their IT infrastructure, and to what extent can a hacker wreak havoc?
Follow me on a step-by-step journey where we pwn a high luxury (albeit fictitious) brand. From zero initial access to remotely recording board meetings, we will detail every custom script and technique used in this attack, drawn from real-life findings, to paint the most realistic picture possible.
Whether you are a wannabe pentester dreaming about real-life hacking experiences or an experienced ethical hacker tired of countless Metasploit tutorials, you will find unique gems in this book for you to try.
I have documented almost every tool and custom script used in this book. I strongly encourage you to test them out yourself and master their capabilities (and limitations) in an environment you own and control. Given the nature of this book, it is ludicrous to expect it to cover each and every hacking technique imaginable, though I will try my best to give as many examples as I can while staying true to the stated purpose of the book.
I will fly over some concepts and systems like Kerberos, Citrix, and Mainframes by briefly explaining how they work and what they mean in the context of the hacking scenario. If you feel like you want to go deeper, I strongly advise you to follow the links I offer for each item and explore the dark, fun concepts behind each technique and tool.
Note: Custom scripts and special commands documented in this book are publicly available at www.hacklikeapornstar.com.
By the same author:
Important disclaimer
The examples in this book are entirely fictional. The tools and techniques presented are open-source, and thus available to everyone. Pentesters use them regularly in assignments, but so do attackers. If you recently suffered a breach and found a technique or tool illustrated in this book, this neither incriminates the author of this book in any way nor implies any connection between the author and the perpetrators.
Any actions and/or activities related to the material contained within this book is solely your responsibility. Misuse of the information in this book can result in criminal charges being brought against the persons in question. The author will not be held responsible in the event any criminal charges are brought against any individuals using the information in this book to break the law.
This book does not promote hacking, software cracking, and/or piracy. All the information provided in this book is for educational purposes only. It will help companies secure their networks against the attacks presented, and it will help investigators assess the evidence collected during an incident.
Performing any hack attempts or tests without written permission from the owner of the computer system is illegal.
Prep and pep talk
Luck is where opportunity meets preparation.
Seneca
Do you ever wonder while taking a stroll down Fifth Avenue in NYC – or any other fancy street – what lies behind the bright, shiny facades of big luxury shops? What feat of technology processes hundreds of sales daily? What information system run TV screens broadcasting fashion shows 24/7?
As you are gifted with a curious mind, I am sure you are no stranger to these kinds of thoughts. Yet I would like to share with you a thought that will pique your curiosity: if banks, one of the most paranoid private corporations, struggle¹ to secure their systems, how are these luxury-shoe-making shops keeping their systems secure?
In order to answer this question and to make this journey as realistic and enjoyable as possible, we will consider an imaginary luxury brand called GibsonBird. They have locations all over the world and are established in malls and on famous avenues alike. They pride themselves in being a high-tech, modern fashion brand.
Let’s talk pwning strategy!
Our goal as attackers is not to hack everything that has an IP address. Why go through 50,000 useless servers when only a few hold the data we are after?
We will tailor our efforts to the complexity and size of GibsonBird – except for the occasional temptation here and there, of course. Who could resist a Windows 2003 SP2 server with an open SMB port²?!
Ideally, we would like to:
Steal financial records of every shop in the country: credit card data, number of sales, etc.
Download personal data of every designer, manager, and executive board member
Record board meetings discussing secret strategic plans
That’s pretty ambitious and should keep us busy for a few more pages. So where do we start? How do we get from a random point on the internet map to a board meeting on the 90th floor of a skyscraper in NYC?
In the scenario featured in How to Hack Like a Pornstar, we used two very common ways to penetrate a bank’s network:
Hacking public websites hosted on the bank’s infrastructure
Phishing employees and tricking them into executing malicious code that gave us remote access
That is all good fun, but this time we would like to follow more esoteric paths. We will show how an attacker with physical access can do damage that quickly escalates to what the media would – incorrectly – call an Advanced Persistent Threat (APT).
The broad idea is to plant a small piece of hardware in one of GibsonBird’s many stores. This hardware acts as a small computer that give us access to that shop’s local network, which we will then leverage to escalate to corporate, and pwn every other shop in the country.
You would think that we need special hardware and engineering skills to achieve this Hollywood-esque move. We don’t. We will cover step-by-step how to build an effective little backdoor for around $30.
Although most leisure time hackers would not choose to go down the road of planting hardware, this is the go-to path for intelligence and federal agencies in multiple countries.
It does make sense. Why struggle to find (often unstable) zero-day vulnerabilities³ when you can intercept a shipment of newly ordered equipment, install a microchip, and access any traffic that flows through the equipment? Take the NSA, for instance; according to Snowden’s files⁴, that’s one of their favorite strategies.
Figure 1 : Picture showing the NSA carefully opening an intercepted computer (router) package
Before diving into the core subject, hacking GibsonBird, it is essential to agree on some fundamental hypothesis to fully grasp the purpose of each step we are about to take. We must take the time to ponder GibsonBird’s environmental constraints that will probably lead them to make predictable network choices. This preparation phase is very important as it can greatly help us develop and orient an optimal plan of attack, especially once inside the network.
GibsonBird has over 100 stores. Each store
Enjoying the preview?
Page 1 of 1