Are you hacking yet or are you still safe?

Martin Reinhardt
Holisticon Consultants
7 min readNov 5, 2019

Not least after Spectre and Meltdown the question arises: Would I already be hacked or haven’t I noticed it yet? So why not make a virtue out of necessity and adopt your own systems? The learning curve is steep, but it helps to recognize and minimize risks.
It is essential that security know-how is built up in the team. The first step is to create an awareness of the problem. Especially for agile teams it is therefore important to establish different control points with automatic security tests. In addition to static code analysis, however, it helps enormously to get yourself into the role of the attacker.

Safe on the road

At this point we would like to point out again that hacking without the consent of the domain owner is illegal.

In general, you should not install the various hacking tools on your regular computer. It is best to use Whonix or Kali-Linux in a virtual machine. In the following Kali-Linux is used. The nice thing is: Most of the tools are already installed and can be used directly. Alternatively you can use a docker image, which is also the case in this article.

One more note about using Tor: Tor is useful for things like surfing the Internet, but when it comes to using hacking tools like nmap, sqlmap, and nikto, which make thousands of requests, they run very slowly over Tor.

Exploring the site

Even if Hollywood presents it differently to us: Hackers often spend more time preparing the attack than they do with the actual hack. This is primarily about collecting information, such as domain entries: Here is fierce, whois queries of IP addresses and domain names and reverse whois queries to find all IP address ranges and domain names associated with an organization:

  • First of all, an attempt is made to obtain more information (AXFR request) via the network via zone transfer. This will not work in most cases
  • Now Fierce tries to find out if a wildcard entry exists
  • Subsequently, various further subdomains are found by BruteForce
  • A total of 10 entries were found