A fresh start is needed
After many years of serving as a primary school teacher and being downtrodden by the weight of red tape, ineffectual management, parents who think their child should be the centre of my universe and children who believe they have a sense of entitlement (goodness knows where they got that from), I decided that it was time to start thinking of a new career choice. I’m in my mid thirties which whilst not young, is not particularly old and I consider myself to be an intelligent fellow who can pick things up relatively quickly. A friend of mine works as a pen tester and after getting past all the ‘penetration’ jokes, it actually looked like quite an inviting prospect. It is a heavily booming market with things like the advent of GDPR really pushing its prevalence. It has grown by thirty times in the last 13 years and is set to be worth $133 billion by 2022. Plus it pays well and you get to work from home most of the time, sitting about in yesterday’s pants with those suspicious stains still on them and the only person who will see those stains is your wife and let’s face it, you don’t need to make the effort anymore. So I thought, “gotta get me some of that”. Plus I’d be watching too many films and series about hackers. Could I break a “DOD D-base 128-bit encryption” whilst receiving a trouser friendly kiss from a pretty young German filly (with a name like Helga, got to be German right?) in sixty seconds?
To be honest, I’m not sure I could have lasted thirty seconds with Helga, but once I found out what an earth “DOD D-base 128-bit encryption” meant, I wanted to find out. I also wanted to find out what a multi-headed worm using Vernam encryption and 512-bit encryption was all about. Yes, I was ready to go hack the planet! Welcome to the first of a series of posts tracking my journey as a n00b to becoming the next Mr Robot!
First real problem was that I knew nothing about hacking. I already owned a hoodie which is a good start, but I was yet to own a Vendetta Guy Fawkes mask so hopefully Amazon could take care of that. I have reasonable IT skills and I can interact with basic software, but I couldn’t really go any further than that. Thankfully we live in an age where you can learn to do practically anything from the internet. Just about all of my building, plumbing and car maintenance successes have come from YouTube, but this was going to take something a bit more comprehensive than a five minute video so I did some research and came across Udemy where you can find a course for just about anything you want to do. I quickly came across several beginners hacking courses and chose one that had good reviews and then I had access to whole raft of five minute videos. Now I was truly ready to embark on my new career.
And off we go…
So first things first, I needed to have a cool hacker handle so I decided to pick one suitable for me…that’s right I named myself after my favourite film. Cool name sorted, next step was to go set up my testing lab (love the sound of it already). Once I had Oracle VM installed, I had to download Kali Linux (hang on, there are other operating systems besides Windows?). I then downloaded the Metasploitable machine which apparently would be my target machine. I got all the machines configured with some useful video guides so let the hacking begin! First videos were on what a website actually is which was actually pretty useful.
I’ve always taken it for granted that I type in a website name and then I get to see and interact with the pretty website. I did not for a moment realise what was going on behind the scenes. My request to see a website was actually trying to access an IP address on a web server in some part of the world which would then communicate back to my device using a client side language to translate it into the amusing pictures of cats that I wanted to see. I thought a web page was just a web page. After inspecting the source of a webpage, I quickly realised that it was not. Mind blown already; time to move on. I wanted to hack something!
Next module was information gathering. Really?! I learned about various websites that would help me learn more about other websites, what services they used, ip addresses, subdomains etc… I was looking at websites such as Netcraft, Robtex and Maltego. It kind of felt that I should have had access to a big white board with several sweet smelling pens so I could plot the inner workings of my target website like some evil genius. “One miiilllion dollars”, here I come. Whilst this was fairly interesting, it wasn’t getting me any closer to an extradition request from the US. The next module was called File upload vulnerabilities which sounded a lot more interesting so my next post should have me that little bit closer to realising the dream…