Hacking for Profit. Working method
Jun
Here I want to briefly overview a method of profitable hacking. More in detail view will come in the next posts if this one will make a notable attraction. To make actual money with this method one have to have some basic understanding of networks and CLI tools. Contact me if you want to get into this without experience or computer knowledge. I can help you with proper education. Now the methoD:
1. First we are looking for CVE (legal step)
New are better. Also we can look for fresh vulnerability findings that are not yet documented and registered.
Where to look? There are plenty of sources on the web. One can start with projectdiscovery io / blog. This is nuclei blog. They post a lot of fresh findings there. Look for similar sources. Or ask me in private, Ill bring you more.
What vulnerabilities we a looking for?
Most critical ones: RCEs, Auth bypass, Account takeover, IDORs
2. Shodan (legal step)
Now when we know the vulnerability we are targeting, we need to find computers on the web that are potentially vulnerable.
For this purpose you can scan the WEB manually like in the older days. But there are more effective ways like shodan and its alternatives. Even under free version it is very powerful. There are tricks for how you can gather more results on this step. This is where you can be creative. Contact me for more or wait for next posts
3. Scan (semi-legal step)
I prefer nuclei. Search it if you are not familiar. It is very handy and have ready-to-fire templates for most of the CVE and more. There is a huge support from community when it comes to developing nuclei templates. If you are not familiar, a template is a list of instructions for nuclei engine on how to detect a vulnerability. You can develop your own templates with AI. You don’t have to be a software engineer for it. But programming skills are always good to have, know it.
4. After scan (first PROFIT) (semi-legal/illigal step)
After scan you hopefully will have a list of vulnerable IPs. Here you already can make profit:
– you can contact the owner of the address, company that hosts the website and make an offer: information about security flaw in exchange for money. But be careful. Don’t expose your identity. Some of the websites will agree to pay you for vulnerability disclosure and you can take you money home and be proud of yourself
– if you want to play real blackhat, you can offer the information you have on the dark web. If you hit some prominent target your findings will be high in demand
– you can do both at the same time
5. Exploitation (illegal step)
So you decided to go further and exploit. You will need tools like metasloit. Some programming skills also can go a long way here.
Depending on what vulnerability you exploited you’ll have different outcomes.
– For RCE you can sell your target for Bot-net groups. Or you can run your own bot-net. Or you can start a crypto miner on your target on the end of the day. I’m not talking now about exfiltrating all the data where passwords, payment methods, Fullz can be. Depends on you target.
– For account takeover there are also a plenty of ways you can monetize it. Be creative. For me personally always better to sell quickly. Since Im a hacker not a fraudster.
– For IDORs and Data Leak vulns the answer is the same. Sell! Look at the data you gathered. Does it look sensitive? Any corporate secrets? From my experience companies ready to pay bounties for such things. You will get a payment for data and for vulnerability disclosure from the data owner in most cases. But be careful. Some of them report to alphabet guys and they will try to catch you.
This is all for now about the method. Few words about me. I started to hack in the middle school. I do it till now. I see a lot of good tutorials on the web. But most of them are focused on computer science stuff, programming, OS. General knowledge, I would say. It is good and very useful but not that practical. Hackers want to hack, to break in, to gain access, etc. Not to learn another parameter of nmap scan. Right? I know how to do it, since I started with action. Knowledge and tech understanding comes after. Reach out and let’s work together. I can help you with education as well