“When we lose our principles, we invite chaos”

Source:https://img.wonderhowto.com/img/69/28/63593731405402/0/opinion-script-kiddies.1280x600.jpg
Source:https://img.wonderhowto.com/img/69/28/63593731405402/0/opinion-script-kiddies.1280x600.jpg

Have you ever found yourself cloning a code just for the sake of finishing your project?

Did you end up using a code snippet from a tutorial without really understanding what went behind the scenes?

Did you use a script to find a flag without actually understanding it?

If the answer to any of the above questions is yes, then you are a borderline script kiddie.

Don’t worry, every coder is a Script Kiddie at some point. But what makes a difference is how we rise beyond it. Even I have gone down the rabbit hole of being a skiddie and that’s the reason I decided to write this article.

According to the contemporary definition,

A script kiddie, skiddie, or skid is an unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and deface websites.

On a broader spectrum,

A Script Kiddie is a casual programmer who is more interested in the output than the process that goes into it and might often involve unethical means to achieve the target.

Their sole purpose is to flex among their peers about their skills.

Now let’s see how we can fight against the script kiddie virus.

How not to be one?

There are no hard and fast set of rules or a Buzzfeed article to follow that could guide one out of skidding. There’s only one simple solution to it:

Don’t be a sheep.

Whatever script you’re implementing, use all resources available to understand the concepts behind your code. Whether it is 2 lines or a 1000 lines of a program, you need to be capable of explaining every line of it to an amateur. If you’re using a tool, strive to figure out what that tool does behind the scenes and what the process would have been if it weren’t for this tool to help us.

A single step to seek the meaning behind one tag could go a long way into making you a skilled coder.

Case Study :

My first realization of turning into a script kiddie was while using Nmap. We use Nmap to scan networks and to send packets to other machines.

I had to find the open ports in the target machine with an IP address of 10.10.10.10. Naturally, I entered the following in Zenmap GUI :

nmap -sS -T4 -Pn 10.10.10.10

While using Nmap, I had little to no clue what the command stood for but quickly realized that it somehow gave me the desired output.

Output :

Image for post
Image for post
Zenmap is a Windows GUI for Nmap

If you’ve used a similar command yourself and never thought twice of what these letters : -Pn -T4 –sS meant, then go back and start digging into it. It takes less than these 6 letters to start your downward spiral into becoming a script kiddie.

Now, let’s understand what these 6 letters do :

  • -Pn : Scans against every target IP address assuming all of them are Up
  • -T4 : is the Aggressive Timing Template. It ranges from T0 to T5 where T0 is the slowest scan and T5 is the most aggressive one.
  • -sS : performs a Stealth Scan

Now you are all caught up with what -Pn and –T4 mean, but we are still to understand what a stealth scan is.

Alright, a TCP/IP network connection can be explained as a three-way handshake :

This is how a normal SYN Scan works :

If the Port is Open :

  • The Client sends a SYN packet to synchronize with the Server.
  • The Server responds with a SYN+ACK packet. The ACK packet is sent to acknowledge that it received the synchronizing request of the client. It also sends a SYN packet to the Client to synchronize with each other.
  • The client sends back an ACK packet acknowledging the SYN packet sent by the Server
  • Thus a three-way handshake is successfully established and the connection is successful.
Source: https://www.luxoft-training.com/upload/medialibrary/452/TCP%20handshake.png
Source: https://www.luxoft-training.com/upload/medialibrary/452/TCP%20handshake.png
SYN Scan when the Port is Open

If the Port is Closed :

  • The client sends a SYN packet to synchronize with the server.
  • The Server sends an RST packet asking to Reset the Connection, thus we know that the Port is Closed.

We have a total of 65,535 TCP/IP Ports to Scan. Thus, a Syn Scan takes a lot of time. Since we only need to find the open ports, we can see that responses are different depending on whether the port is open or not.

Thus, based on these responses, we can tell if a Port is open or not. To make our scan faster and more efficient, we reset the connection after the first response.

This is how a Stealth Scan works :

If the Port is Open :

  • The Client sends a SYN packet to synchronize with the Server.
  • The Server sends back a SYN+ACK packet.
  • Now, we send an RST packet to end our connection as we know that the Port is Open.

Hence, we are able to cut short on 2 steps.

If the Port is Closed :

  • This is exactly the same as a SYN scan since the server sends back an RST packet.
Source: https://ioactive.com/wp-content/uploads/2015/07/image1.png
Source: https://ioactive.com/wp-content/uploads/2015/07/image1.png
Stealth Scan

Congratulations! You now know what Nmap really does.

Voila!

It barely took 10 minutes to understand and now you know exactly what we’re doing.

Personally, it feels great to be able to understand exactly every line of your code.

Even if you code one program a day, in which you approximately have 50 lines to understand and a minimum of one completely new line a day to explore, you would still learn more than eating through an online script which doesn’t make sense to you. So that’s like 365 lines at least in a year.

Do you still think that you wouldn’t be able to crack your Coding Rounds during Campus Placements?

Cyber Security Enthusiast | Backend Developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store