Over the weekend, I've been playing with real-life hacking tools and penetrating real-life systems to get a feel of what hacking is like in the real world. I wanted to get this feeling so that I had actual experience to go by when designing The Peacenet's hacking gameplay. In this article, I'm going to write about some of the things I've learned and how I plan to use these new things to create a more realistic yet fun set of gameplay mechanics in The Peacenet.
I want to be extremely clear. I did not penetrate any systems for which I didn't obtain permission from the owner. The tools I was using, while used by almost every penetration tester out there, are still technically illegal if used maliciously. The kinds of things they can do can cause very real problems for the victim. I am not responsible in any way, shape, or form, for you going out there, grabbing these tools for yourself, and using them maliciously. If the feds end up at your door because you thought you were just playing a game, it's not my problem.
Again, I only penetrated a system with permission (and guidance) of the owner. It was simply to get a feel of how it's done in real life, to better understand how I can make it into a gameplay mechanic.
The two tools I used were the Metasploit Framework as well as
netcat. I used
netcat to get a feel for what a basic reverse shell is like, and Metasploit to get a feel for what using an exploit to push a payload to a victim is like. As for my "victim," it was a freshly-installed CentOS 7 server outside my LAN, owned by phath0m - who also hosts this website and gives a lot of suggestions for Peacenet's hacking gameplay.
I also ended up being able to experience one of the payloads Metasploit can push out - the Meterpreter RAT (or, Remote Access Trojan). I got to sit behind the wheel of a real-life RAT for the first (and only) time in my life.
There were a lot of things I learned during this adventure.
Seriously, they are. Typing
help in the Meterpreter shell provided me with a list of commands I could use and things I could do that, while giving me lots of neat ideas for gameplay, quite frankly scared the hell out of me.
It let me listen in on the victim's mic, snap a picture on any of their webcams, play an audio file on their system, upload and download files, run programs, kill programs, and more.
So, for those of you who tape up your webcams and microphones on your laptops, you aren't wrong to do that if you even think you have a RAT on that system. These kinds of things are actually real, and not just limited to Hollywood. They're also most likely federally illegal in most areas of the world so... I didn't necessarily touch them.
An exploit is something that takes advantage of a flaw in a system (or person.) A payload is something you drop onto a target - like a RAT, a piece of malware, etc. An exploit can be used to drop the payload, but the exploit itself isn't the payload.
Full disclosure: The exploits I used only worked because the person I was working with purposely made their system vulnerable. I didn't actually push a payload - they pushed the payloads and showed me how to interact with them. If you keep your system actively up to date, it's almost impossible for me to push a payload to you and attack you.
Simple. There are a few things I need to define first, though.
Essentially, you use an exploit to take advantage of a vulnerability in a specific version or implementation of a protocol or service to push a payload to a system.
There are a lot of places where challenge can be introduced.
A big part of the challenge in the above flow comes with the fact that certain exploits can only take advantage of vulnerabilities in certain versions of protocols/services in-game. Instead of all in-game computers running the same file transfer protocol, some may run older, un-patched versions of the protocol that are, say, vulnerable to a buffer overflow attack and a remote-code-execution exploit. But some systems may have newer versions of that service installed which have those vulnerabilities patched, so you can't exploit them in that way.
When you finally get to push a payload, you may be tempted to just push it, use it, and be done with it with no consequence. But that's not how the real world works at all. If you're not careful, that payload you just pushed can easily be tracked and traced back to you. It may show up in a process list. It may be taking up a lot of CPU or RAM. Someone may be monitoring the network and noticing that the victim keeps connecting to some random IP address they don't recognize.
You need to be mindful of these things, if you don't want to get caught and enter a state of Alert. Finding ways to hide/mask the payload, not pushing things that you don't need, trying not to take up an immense amount of resources, etc. That can get pretty challenging. And, of course, there's always those pesky log files.
Every hacking game has some sort of mechanic where you're only given a limited amount of resources to work with. In Hacknet, you can only have so many programs running before you run out of RAM - so you can only do a certain amount of things at once during a hack. In Uplink, you start off with a very slow processor and a low amount of RAM, and you need to upgrade these things over time in order to carry out more elaborate hacks more quickly.
I'm not sure about Uplink because I haven't played enough of it, but I know Hacknet doesn't have any sort of resource usage system for things you hack - only yourself. I can see why this was done in Hacknet but I do have an idea for a way the system resources mechanic can better be used in The Peacenet.
If you have a limited amount of RAM, you can only run a certain amount of programs at once. If you have a slow CPU, these programs will take up more CPU time. Perfectly fine for the player system. But what about hacked systems?
When you push a payload to a target system, you don't want to be seen. If that payload is taking up loads of RAM or CPU time, this can
So, knowing your target's resources is a nice strategy. Not taking up too many resources is a part of the challenge.
These are implementations of protocols which CANNOT be exploited directly. In this case, you need to find some other way in. This could be by finding the right credentials on another system, using social engineering, etc.
Some systems may not even be directly visible to The Peacenet. The laptop I'm writing this article on isn't directly visible to the Internet, it goes through an access point with a public IP address. In Peacenet, some systems may not be publically listening on any ports, you'll need to get into their LANs through another system.
NO, I do not mean loot crates. Those are spawns of Satan himself and have absolutely no place in any game I write, free or not. I mean, files and information on a remote system that you can download to your own system. These include:
This will encourage you to scavenge a hacked system's files for anything useful to you.
Like the Shiftnet from ShiftOS, except way better. This in-game Internet can be used to host downloadable programs, news articles, personal sites, and more services that can be used (and potentially exploited.) There can even be services which are totally inaccessible unless you have permission or the ability to hack in.
This gives an opportunity for world-building and a place for you, the player, to explore and find new things to hack.
I got a lot of ideas from my adventires in real-life hacking over the weekend and I'm extremely excited to get the ideas I have into the game. I hope you guys are too.
The number one takeaway from this, though, is... Hack to learn, don't learn to hack. Only hack into things you have permission to hack into. And don't be a prick. Also, your anti-virus will most likely light up like the 4th of July if you try to use the programs I used.