Overview
This is the CSEC Manual for Beginners and Agents.This Guide will teach you the Basics and how things work. It also will give you some tips and maybe some trick you haven´t known until now. This guide can be used for training and as a reminder of important basics.
Getting Started
Before Getting started you need a a Hacknet Account and Password. like this:
after loging in and booting the “HacknetOS” you should see something like this:
If you are new to Hacknet i suggest that you play the Turtorial first.
The Turtorial will teach you how to Hack into a target machine. the more you progress in the storyline, the more exploits and experience you will get.
Exploits
The SSHCrack is an Exploit used for opening the Port#22 .
the SSHCrack can be found on nearly every server or node.
how to use:
sshcrack “portnumber”
example:
742.806.97.2> sshcrack 22
The FTPBounce is an exploit used for opening the Port#21 .
The FTPBounce is a slow working exploit that can be found on nearly every server or node.
how to use:
FTPBounce “portnumber”
example:
742.806.97.2> ftpbounce 21
The SMTPOverflow is an exploit used for opening Port#25 .
This exploit takes a short amount of time to open the port.
how to use:
SMTPOverflow “portnumber”
example:
742.806.97.2> SMTPOverflow 25
The WebServerWorm is an exploit used for opening the Port#80 .
The WebServerWorm is an slower exploit, but it takes only a small amount of your Random Access Memory.
how to use:
WebServerWorm “portnumber”
example:
742.806.97.2> WebServerWorm 80
The SQL_MemCorrupt and The SQLBufferoverflow are exploits used for opening Port#1433
he SQL_MemCorrupt and The SQLBufferoverflow have the same operation speed so there is no difference between those exploits.
Both exploits have a short operation time.
how to use:
SQL_MemCorrupt “portnumber”
or
SQLBufferoverflow “portnumber”
example:
742.806.97.2> SQL_MemCorrupter 1433
or
742.806.97.2> SQLBufferoverflow 1433
The KBT_PortTest is used for opening the Port#104 .
The KBT_PortTest is an exploit whit a higher operation time.
how to use:
KBT_PortTest “portnumber”
example:
742.806.97.2> KBT_PortTester 104
The DECHead is an exploit used for getting the ip of the encyption server of an encrypted data.
how to use:
DECHead “filename”
example:
742.806.97.2> DECHead GreenPony♥♥♥♥♥.rec
The Decypher is an exploit used for file encryption.
how to use:
Decypher “filename” “password”
example:
742.806.97.2> Decypher Alp_Luachra ssh288
The Tracekill is an exploit used to suppress an active foreign trace.
how to use:
742.806.97.2> Tracekill
Note: Tracekill uses a high amount of your RAM
The Porthack is an exploit used for getting the password of a Server or Node.
how to use:
742.806.97.2> Porthack
Note: to run Porthack it requires some open ports!
The eosdevicescan is an exploit used for scanning a target server or node for eos devices.
you can get admin acces on the eos by logging in as admin.
how to use:
eosdevicescan
example:
742.806.97.2> eosdevicescan
found test1 111.222.33.4
742.806.97.2> connect 111.222.33.4
742.806.97.2>login
Username: admin
Password: alpine
Login Successful.
Note: all eos systems used “alpine” as password.
Command list
help [PAGE NUMBER]
Displays the specified page of commands.
scp [filename][OPTIONAL: destination]
Copies file named [filename] from remote machine to specified local folder (/bin default)
scan
Scans for links on the connected machine and adds them to the Map
rm [filename (or use * for all files in folder)]
Deletes specified file(s)
ps
Lists currently running processes
kill [PID]
Kills Process number [PID]
ls
Lists all files in current directory
cd [foldername]
Moves current working directory to the specified folder
mv [FILE][DESTINATION]
Moves or renames [FILE] to [DESTINATION]
(i.e: mv hi.txt ../bin/hi.txt)
connect [ip]
Connect to an External Computer
probe
Scans the connected machine for active ports and security level
exe
Lists all available executables in the local /bin/ folder (Includes hidden and embedded executables)
disconnect
Terminate the current open connection.ALT: “dc”
cat [filename]
Displays contents of file
openCDTray
Opens the connected Computer´s CD Tray
closeCDTray
Closes the connected Computer´s CD Tray
reboot [OPTIONAL: -i]
Reboots the connected computer. The -i flag reboots instantly
replace [filename] “target” “replacement”
Replaces the target text in the file with the replacement
analyze
Performs an analysis pass on the firewall of the target machine
solve [FIREWALL_SOLUTION]
Attempts to solve the firewall of target machine to allow UDP Traffic
login
Requests a username and password to log in to the connected system
upload [LOCAL FILE PATH]
Uploads the indicated file on your local machine to the current connected directory
clear
Clears the terminal
addNote [TEXT]
adds a note containing [TEXT] to your notes
Shells
Shells can be used for Bypasseing Proxy´s or as a Defensiv countermeasure.
Overload: Used for flooding a Proxy with Network junk. useing several Shells make the process of Overloading faster. Some Proxy´s might take time other can be bypassed with a single shell.
Shells are compact, low memory remote processes running on a seperate machine that can be controlled locally from any connection.
These incredibly convenient processes are useful for many tasks, though what they are capable of is determined by the type of shell being run.
-Overload:
Designed to test networks and proxy servers, this functionality floods the target machine with junk network traffic from the node running the shell, filling up proxy server memory and soaking cpu time.
-Trap:
A shell running this mode will notify the running user when a foreign user connects to the machine running the shell, and allow an emergency forkbomb flood to be executed on all other users connected to it remotely.
This can be incredibly useful for maintaining the security of a remote networked computer while doing other work.
Shell used for Poxy Bypass:
Trap: The Trap will be usefull in Multiplayer mode but also in the one time in the Story. Click on Trap and wait until your system is accesed by your enemy. click the “Trigger” button to flood all ports with a Forkbomb Command.
Shell used in “Trap” mode:
Firewall
Firewall´s protect a system from foreign network traffic.useing porthack won´t work aslong as the firewall is active on the target Server or Node.
-“In this Situation, the firewall solution will need to be provided before an unsyndicated login attempt can be attempted – effectively meaning that any known password cracking software will be useless while a firewall is active.”
-“Firewall complexity can be examined with the “analyze” command – running the analyze command multiple times will automatically detect patterns in the response data headers and will eliminate characters it can guarantee are not a part of the correct firewall solution.
Once a potential solution is found, the command “solve [FIREWALL_SOLUTION]” can be used to attempt to syndicate.
use “analyze” until you´ve got the right password.
if you got the right password the type: solve “password” like in this picture.
If you have been successful the it should say: Firewall Bypassed like in this picture
If not, the you probably missed a character or used the wrong password.
742.806.97.2> Analyze
analyze 6 :
—————————————-
000H000000000000000000000
00000000000000000O0000000
000R000000000000000000000
00000000000000S0000000000
E000000000000000000000000
—————————————-
742.806.97.2> solve HORSE………………………..
SOLVE SUCCESSFUL – Syndicated UDP Traffic Enabled
742.806.97.2>
Emergency Trace Aversion Sequence
The Emergency Trace Aversion Sequence will be activated if the Trace reaches 0 .
as soon as it reaches 0 your get a warning screen.
This is now your only opportunity to change your IP adress. Clicking on the “Begin” button will load the Failsafe dump to your active system.
Important things to remember:
– ISP Management Server: 68.144.93.18
– keep calm! getting things right in this mode has highest priority!
– Never search for the ISP Node! use the “connect” comand instead.
The Emergency Trace Aversion Sequence can look like this:
Note: The Emergency Trace Aversion Sequence (ETAS) will be available as soon as your granted an account at CSEC
Tips and Tricks
– if you play Hacknet, have a note and a pencil next to you.it will be helpful in some later missions.
– Use multiple Shells for Bypasseing some proxy´s. it will decrease the amount of time for the bypass. Remember to close them after bypasseing the proxy to get your RAM back.
– exploits like KBT_PortTest and the SQL_MemCorrupt / SQLBufferoverflow can be executed even with active Firewalls or Proxy´s.
-Use the Tab key instead of typeing the stuff out. the tab key has an autocomplete function.
-Search every Server/Node for informations or secrets. maybe they help you progressing in the story line.