Diving Deeper into Hacking [2]: Scanning for Vulnerabilities

Tobias -

Hey, hackers! It’s time for the next update, and I’m excited to share what I’ve been working on. In my last post, I already gave a preview on the topic this blog post will talk about: how to identify vulnerabilities in your target systems. Today, I’m diving into it! If you’re keen to sharpen your hacking skills and get familiar with the new mechanics, you’re in the right place.

Gathering Information Before the Attack

Before you can successfully hack a system, you first need to understand what you’re dealing with. Hackero Next introduces new tools that allow you to run different scans and analyses on your targets. These tools help you gather critical information about the system and its potential weaknesses.

Each analysis generates a log that shows whether it was successful and what data was collected. This log is a key resource as it provides you with the details you’ll need to decide your next move. Currently, there are three different types of analyses you can use.

Let’s break them down!

Quick Scan

The Quick Scan is your fast and efficient way to get an overview of the software versions running on a system. This scan gives you a quick snapshot to determine whether it’s worth your time to explore further. If something interesting pops up, you can use a more detailed analysis to dig deeper. It’s the first step in figuring out whether your target is worth attacking.

Example Log (WIP)

-------------------------------
Process Quick Scan
-------------------------------
Connecting to process port
Connection established
Waiting for response
Response received
-------------------------------
Analyzing response
Comapring response with the database
Response analyzed
Found 9 matching versions in the database

Possible Running Versions:
 - Vers.: 0.1
 - Vers.: 0.4
 - Vers.: 0.5
 - Vers.: 0.6
 - Vers.: 0.7
 - Vers.: 1.2
 - Vers.: 1.3
 - Vers.: 2.2
 - Vers.: 2.4
´´´

Fingerprint

Once you’ve done a Quick Scan and found a potential target, the next step is using the Fingerprint scan. This tool reveals a list of vulnerabilities that the software might be susceptible to. But the best part? You can upload your findings to an NPC called CVE.org.

CVE.org keeps track of all known vulnerabilities, offering details on their severity and the risks involved in exploiting them. Here’s how the system works:

  • Known Vulnerabilities: These come with a CVE number and detailed information, including severity levels and exploit risks. You’ll have a clear idea of what you’re dealing with.
  • Unknown Vulnerabilities: These are uncharted territory—there’s no data on them because they’ve never been reported to CVE.org. You’ll need to decide if you want to investigate further to uncover their secrets.

The vulnerability database at cve.org

With the information from CVE.org, you might already have enough to launch an attack. But if you want even more precise details about a vulnerability, you can use the next scan.

Example Log (WIP)

-------------------------------
Analyzing Firewall
Sending 64 bytes to firewall
Response received
Sending 64 bytes to firewall
Response received
Sending 64 bytes to firewall
Response received
Sending 64 bytes to firewall
Response received
Sending 64 bytes to firewall
Response received
-------------------------------
Responses collected
Analyzing responses
Fingerprint: "ZAi1T4u8AsP0oB5rOaLgUOMhupq2x/qFj68xlNTxJvtp2CRHlJNixNSxQIIx3jOtT4wS1/djlyKqsCc43QY016blUBaitQj69t9RdOCDiQzW"

Vulnerability Deep Scan

The Vulnerability Deep Scan is designed for those who want a comprehensive analysis of a specific vulnerability. It goes deep, providing insights into the severity and the risks associated with exploiting the vulnerability.

If you run a deep scan on an unknown vulnerability, you can upload your findings to CVE.org. This will make the information available to other players searching for it, and you can even earn money for your report. But there’s a trade-off—you’ll be sharing your knowledge with the community, so you’ll need to decide if it’s worth it!

Want to Learn More About Hacking?

If you’re curious about how vulnerabilities work and hacking techniques, check out my previous posts where I dive into these topics. It’s a great way to learn about whats coming

Also I'm very interested on what you think about this and how you would say this can be further improved! Join the discussion on discord

Be Part of the Preview: Want to Join?

I’m giving a select group of players the chance to test out these mechanics in a small preview. The players will be selected from the sign-up list, so if you want to try out the new features in Hackero Next, make sure you sign up on the Hackero landing page Hackero Landing Page.

In the future, I’ll be sharing more about how you can earn money in Hackero Next and how I’m expanding the variety of missions. Stay tuned!