Diving Deeper into Hacking: Exploring Vulnerabilities and Exploits in Hackero Next
Hey all!
It’s time to give you an inside look at what hacking in Next looks like. While Hackero Next isn't quite feature-complete just yet with classic, some of the features I've implemented are already deeper and in my opinion more exciting than in the classic version. One of the key areas that’s seeing a lot of love right now is hacking, and today, I'm going to dig a bit deeper into that.
Hacking Takes Center Stage
As you known gaining access to other systems is a central part of Hacking games. I've been working hard to make sure that this feature has more depth in Hackero Next than in classic, and while I'm still refining things, there’s plenty to share already.
Scanning for Vulnerabilities
The first step to a successful hack is scanning for vulnerabilities in the software you're targeting. While we'll go into more detail about how this works in a later update, just know this: understanding vulnerabilities is crucial to gaining access to a system in Hackero Next.
Running Exploits: General Info
Exploits are what you use to break into systems, and Hackero Next gives you more control over how you run them. You now have the choice to run exploits directly from your own system or remotely on the target system.
Running an exploit remotely requires that you already have the target system’s credentials.
Heres a few examples on what this means in comparison to classic:
- Exploting a firewall is run on your system. It is the first step of gaining control over a system. Exploiting a firewall now yields you with the credentials of the system user, running the firewall, which means don't run your firewall as root unless you want to invite trouble.
- Cracking a bank account: Now is a remote exploit and therefore must be run on the banks system. To be able to do this you first need to obtain credentials for a system user of the banks system.
Exploiting Vulnerabilities
In Hackero Next, getting into a system is all about finding the right vulnerability and exploiting it. Here are the key things you need to know:
- Vulnerabilities are ranked by severity, from 1 to 9.
- The higher the severity, the more likely it is that the vulnerability can be used to exploit a system.
- But it’s not just about severity. The version of the software matters too. To exploit a vulnerability, your cracker’s version must be within a certain range. For example, a software version 1.0 with a vulnerability severity of 4 can be attacked by a cracker version anywhere between 0.6 and 1.4.
- A cracker allows to attack all version from 0.1 up to its version (e.g. a cracker 1.4 can attack everything from 0.1 up to 1.4
- Before you can attack a software you first need to narrow down which version might be running.
The higher the criticality, the wider the door is open and more fuzzy the version the version the cracker targets can be to exploit the vulnerability
- Risk of detection: Vulnerabilities also carry a risk, which reflects the chance of being detected when using the exploit. As a rule of thumb, the higher the severity, the higher the risk of detection. However, there are exceptions, so you’ll need to consider your strategy carefully.
- Log generation: Exploiting vulnerabilities now generates logs that give you extra details. These logs can help you understand why an exploit failed or offer more information about the software you're targeting. If something goes wrong, make sure to read the logs—they’ll provide valuable clues for your next attempt.
Current State of Development
Right now, I’m making sure everything runs smoothly. I’m extending test coverage for all the existing features, which has become easier thanks to our backend being built on a domain-driven architecture and using dependency injection. This makes the different parts of the system more testable on their own.
Stay tuned theres some exciting things lined up as we continue refining Hackero Next:
- Next blog post: We’ll be diving into how you can find vulnerabilities, a crucial step before you can exploit anything. Stay tuned for more details on scanning techniques and tools.
- Test round: Before the next major update, we’ll be running a small test round to focus on the new exploiting mechanics. This will help us fine-tune everything based on your feedback.
- More about missions: Missions are as well getting reworked and more information about this will be shared as well.
- Public Access: Other than I've done with classic I plan on getting Hackero Next faster publicly available to get more valuable feedback on the games features and allow you all to participate in the development process. For this to be reasonable the core game loop must be completely implemented. And there still a little way to go.
Thanks for being part of the journey with Hackero. I can’t wait for you to try out the new hacking features and see how much more depth we’ve added to the game.
In the meantime have a great time with classic!
If you have any question feel free to contact me through Discord