Welcome to part two of my blog tacking the progress of my journey from being a technophobe to becoming a world class hacker capable of bringing down governments with the click of a mouse. I am bringing this blog to you from my laptop in my local Starbucks. Yes I have indeed become one of those people who are part of that hipster trend (although I’m assuming it’s actually out of date and uncool by now; I have never been one to stay ahead of the trend) who look like they are doing important things whereas they are actually just doing inane stuff, like blog writing. Life has become a walking cliché.
My experiences lately of working as a teacher in the independent sector were only spurring on my desire to quit and start a new career. Children from this sector seem to have a sense of entitlement and they love to let you know about it. I couldn’t wait until I was rich enough to send my children to private school and let them think they’re better than everyone else as well.
Let’s start hacking already
In my last entry, I had set up my virtual machines, got to grips with the Linux terminal (so many acronyms and coming from a teacher, that is really saying something), and learnt to gather information on websites like some crazed stalker that would surely end up earning me another restraining order. My fingers were getting itchy to actually go and hack something so my next module on file upload vulnerabilities looked a lot more promising.
First of all I was directed to DVWA (Damn Vulnerable Web Application; love the name!) which is a website hosted on my Metasploitable virtual machine. It’s a playground for the would-be hacker with loads of features that are there to purely be exploited. You can change the security levels on it so that certain exploits which previously have worked will be blocked or filtered. It seems a great place to start and since it is all hosted on my local machine, I shouldn’t be expecting to be sent to Guantanamo Bay for what I am about to do.
File upload vulnerabilities…what?
My first video deals with file upload vulnerabilities. This I am told is the most simple way of exploiting a system through the uploading of some malicious code. We are going to be using a tool called Weevely to generate a php file. No idea what php is at this point but it sounds like something that I took back at uni or something that I caught back at uni. I follow the instructions on my video and open the Linux terminal. I type in the following command:
weelvely (this is the program) generate (this generate a shell) 123456 (this is my password) /root/shell.php (and this is the name and location of my file)
I already feel like such a pro hacker staring at my black screen with nothing but text and symbols on it. Having generated my shell or payload (whatever they are), I then go to DVWA and use their file upload section to upload my newly created php file. Now that my shell has been uploaded, I can now go interact with it. So once again, following the instructions of the video very carefully (it takes an awful lot of rewinding, playing, rewinding, playing etc… to follow these directions), I go into my terminal and use the following command:
weevely (the program again) http://10.0.2.15/dvwa/hackable/uploads/shell.php (the location of my shell) 123456 (and my generated password)
Alice in Wonderland
I then hit enter with the conviction and confidence of a young Neo; that’s right I had taken the red pill and I was going down the rabbit hole. My session was created and I had control over the target system. It all seemed rather underwhelming; I was hoping for a message telling me in congratulatory tones that I had seized control, or a fanfare or some cool skull and crossbones pic to come up to confirm my achievement. Nope, nothing like that; just a message saying my session had been started and my new command line simply said weevely> . I typed in pwd (print working directory) to prove that I was indeed inside the target system. I could then navigate the system using various Linux commands (again, really struggling with these infernal acronyms) and I was informed that through weevely there was a whole host of cool things that could be done.
That was it, I had hacked my first web application. I was a hacker and by Xenu, it was pretty easy. Were people’s systems this vulnerable that I could just upload a shell and then connect to it? Well I sat back smugly and waited for my call from Bill Gates. I knew that all the best hackers end up getting employed by massive conglomerates. That’s right, the hunter was going to become the…hunter again…er but working for someone else (that started off a lot better in my head). I stared at my phone but alas it did not ring; there was no one that had picked up my exploits and wanted to shut me down by offering a fat contract; my escape plan hadn’t quite reached fruition yet. Well I suppose I had only hacked one thing; might be slightly premature at this point to assume I was a pro hacker. Nevertheless this was progress and I was now hacking stuff. Next, I was going to start learning about intercepting requests which sounds great. This would be the moment to start my fire sale…