Tag: hacking

Thoughts on CCTV hacking

CCTV stands for Closed-Circuit TeleVision. Or at least stood for, as today it’s rarely a closed circuit nor TV. It’s usually online and over IP and available to access via an app on your phone, making it all the more hackable.

So how easy is it to hack modern CCTV?

I did some research and the answer is it depends. It depends on the manufacturer, the availability of software and firmware updates, and how it is configured.

Let me explain by switching sides to that of a potential attacker. First you have to find the target CCTV system. This can be achieved using a database like Shodan and tools like Angry IP Scanner. With an IP address and a port scanner such as nmap or the aforementioned Angry IP you can locate the login page. Then it’s just a matter of trying the manufacturer’s default passwords, employing a brute force attack, or making use of an exploit where available.

So how do you secure your online CCTV system? First, make sure it’s a closed system unless you really need to be able to access it remotely; in which case secure the connection by changing any default passwords, make sure all software and firmware is up to date, employ a firewall and VPN (or whitelist IPs for access) and monitor access logs for anything suspicious.

Simple?

Ways drones could be used and abused

I’ve been thinking about drones recently. I have a friend that races them, a neighbour that has one to map out the local area, and I own a tiny in-door one myself. Drones seem to be growing in popularity and so I started looking into the security implications of drones and noted all the ways that drones could be hacked, used and abused.

Here’s my list:

– Crashed on purpose or flown into obstacles, vehicles, or people.

– Used for remote surveillance, monitoring, eavesdropping, shoulder-surfing of keypad entry use, invasion of personal privacy.

– To steal other drones using techniques such as jamming and spoofing. See Samy Kamkar’s Skyjack experiment as an example.

– To steal on-board data from other drones. Drones have digital storage for video, image, and audio recorded data. This could be stolen. Also the interception of the data streams that a drone sends back to its base station could be intercepted.

– To steal wireless data. Drones can be used to intercept Wifi, Bluetooth, RFID, ZigBee, and any other wireless data by carrying the appropriate hacking tools and communications equipment. The drone can be flown within range of the target communications signals and then spoof and hack its way in. It could even be flown onto an office building roof in order to become a WiFi pineapple device then return to base with no human required to access the target location.

– To deliver contraband across borders, fences, and other restricted areas.

– To hack vehicles by flying above the vehicle and employing vehicle hacking technology.

– To create a communications network. Instead of using the cell towers of a communications company a network of drones with specialist on-board software and equipment could act as a mobile cell network to provide communications for an organisation preventing eavesdropping from the authorities.

– To map out locations and buildings in greater detail than Google streetview and Google Earth can offer.

– To disable security cameras in an area by locating the cameras and using various techniques such as IR to disable the cameras for a period of time before criminals access the location.

– To assist with heists from vehicle hijacks to museum robberies.

Can you think of any others? 

Ready player one

Ready Player One by Ernest Cline is one of my favourite books. Although to be honest I’ve never actually read it. I have had it read to me, three times in fact, by Wil Wheaton. In my opinion it is absolutely the best way to consume this book. Go try it. Get the audio book and sit back and revel in both the future and the 1980s at the same time. You’ll thank me later.

That’s not the point of this post however. No, I wanted to compare the aforementioned experience to hacking, well ethical hacking obviously. You see, when learning the craft you often spend time exploring virtual rabbit holes getting side-tracked with learning fun tools and techniques. Kind of like Parcival on his egg hunt. Whether he’s learning the lines to War Games or mastering ancient arcade games.

With hacking you can spend days learning a new tool or figuring out how a protocol works. Under normal circumstances that may sound as dull as dishwater, but as part of a gamified hacking challenge it can be a lot of fun. Lots of fun in fact. Especially if it gets you a foothold on a box, or even privilege escalation to root!

Sign up to an ethical hacking platform like Hack The Box or Try Hack Me and you’ll see what I mean. It suddenly becomes fun to learn as you earn points and level up. Plus you start to fill your brain with useful skills and knowledge during the process. Go give it a try. Gamified ethical hacking can be a lot of fun.

Ready player one?

ChatGPT hacking buddy

I’ve given many talks on cyber security and ethical hacking over the past few years and one of the things I tend to say a lot is: “There is no such thing as cheating in hacking”.

What I mean by this is that as long as you are learning you are not cheating. It’s only when you take shortcuts and learn nothing in the process that you are cheating yourself.

So when attempting a CTF or Hack the Box or Try Hack Me machine and you get stuck and you have exhausted every technique and trick that you know and nothing is working, sure, go search for a writeup or forum posts on how to progress. Read just enough to get yourself unstuck and then keep going. Learn the technique, tool, or whatever you needed to know to progress. Add it to your knowledge-base.

This is learning not cheating. Finding the answer but not learning how and why it worked is just cheating yourself.

Recently I found myself stuck on a CTF that I was taking part in for fun. It was brand new so there were no writeups or forum articles to peek at. And I was stuck. In theory I could just move on to the next challenge and come back to this one later, time allowing, but I was having fun and I wanted to figure out why my solution wasn’t working. I wanted to learn, now.

I decided to see if AI could help. I’ve been playing around with the free version of ChatGPT recently and wondered if I could make use of it in this situation. I gave it a copy of the code from a program I had disassembled as part of the CTF and asked it to tell me what the code was doing. It did, in great detail. I then asked it how I could extract certain data that the program was storing in memory. It gave me detailed instructions using a tool that I was unfamiliar with. I asked if if I could do the same with another tool I was familiar with. It kindly said no and offered to teach me how to use the tool it recommended. I agreed and learned how to use the tool and managed to make progress.

I then continued hacking at the CTF asking ChatGPT for assistance when required. Although technically cheating, I was constantly learning throughout, and allthough I managed to get some virtual points on a virtual scoreboard, they were worthless in the real world, but the knowledge I gained from hacking with ChatGPT was priceless.

So now when I get really stuck and I’ve exhausted everything I know, I turn to ChatGPT as my AI hacking buddy. Only after I’ve finished the challenge, or both ChatGPT and I have failed to come up with a solution do I go looking for a writeup.
  

HTB peer snooping

HTB (Hack The Box) offers a free and premium (VIP) tier for its members. It’s a great platform for learning ethical hacking (along with Try Hack Me). I promised myself that after I’d gotten through the free content that I would treat myself to VIP membership, but have yet to do so. You see, I discovered that there are unintended benefits of free membership. In addition to lots of free content including the seasons machines, there is a little known way of learning on HTB: Peer snooping.

You see, when you access a machine via a non-VIP account you are essentially sharing the (virtual) machine with other users. And when you have a foothold on a box and you are stuck on privilege escalation you can snoop on other players. You can look at who else is logged on and you can monitor what they are doing. You can see what tools, commands, CVEs, etc they are trying and can learn from them.

So next time you are trying a HTB machine and you have a foothold (a login with shell) try snooping on others that are also trying to pwn the machine. You may learn something.