Hacking requires a wide knowledge base that is impossible to attain: New things get patched, discovered and modified every day. Knowing everything is impossible. But we can find everything.
Let’s research for more knowledge about our daily #FromZeroToHacker challenge.
| Table of contents |
| Introduction |
| What have I learnt today? |
| Stats |
| Resources |
Introduction to Introductory Researching
Hacking requires a wide knowledge base that is impossible to attain: New things get patched, discovered and modified every day. Knowing everything is impossible. But we can find everything.
No matter if you are a newbie or a professional with 30 years of experience: Sooner or later you need to search for something. And knowing how, where and what to find is a skill you need to learn and improve.
What have I learnt today?
Introduction to Example Research Question
Let’s imagine a scenario where you found an image and you suspect that it has something hidden inside. Right now, you don’t know if that is possible, and if it is, what tools you need, nor how it is done.
Let’s start searching for “Hiding things inside images” in Google:
The second link gives us a technique, “Steganography” that encodes messages inside imagines. Cool. Let’s find out how to extract files from JPEGs with this new technique:
The first link contains a collection of useful tools:
Seems like we can extract embedded data from JPEG files, using steghide that can be installed using something called “apt”. But, what is that?
Oh, it is a package manager that lets us install things on Linux. But how it is done?
Good. We know how to install packages in Linux. Let’s install steghide:
It is installed! We have the tool we need. Let’s step back and read on the first website we found how to do it:
Notice the methodology: We started with nothing, working our way up to know what we needed to do. We googled how to extract data from an image, then how it is done, then installed what we needed to.
Start with a question, get an initial understanding of the topic, and then look into more advancing aspects as needed.
Vulnerability Searching
When hacking, we come across software that may be vulnerable: WordPress websites, Fuel CMS, etc. Where we can find exploits for specific software?
- ExploitDB – Contains exploits that can be downloaded and used straight of the box or with minor modifications. One of our first stops.
- NVD – NVD keeps track of CVEs (Common Vulnerabilities and Exposures).
- CVE Mitre – Lists publicly disclosed cybersecurity vulnerabilities.
If you favour the Linux terminal, you can use searchsploit, a pre-installed Kali Linux tool that allows you to search ExploitDB from your own machine (offline).
For example, searchsploit fuel cms to search for exploits:
Manual pages
You can use the man command followed by the tool you want to search for, to have access to its manual pages. For example, if we use man ssh:
Summary
Things we learned today:
- How to search for information when we have a question or a doubt.
- Where and how to search for a vulnerability
- Manual pages
Stats
From 70.015th to 67.173th.
Here is also the Skill Matrix:
Resources
Random room
TryHackMe: Introductory Researching
