INVITATION TO CYBERSECURITY 56 3.1.3 Hacking Skill Levels When categorizing hackers, it is important to not only examine their motivations but also their skill levels. Skill levels vary from script kiddies at one end of the spectrum to elite hackers at the other. 3.1.3.1 Script kiddies “Today’s top-secret programs become tomorrow’s PhD theses and the next day’s hacker tools.” - Bruce Schneier Script kiddies are unskilled individuals who utilize user-friendly tools and scripts developed by others to hack into computer systems. It is a pejorative term because it connotes a person with little technical skill. Script kiddies can be any age, not just kids or teenagers. They do not have a lot of technical expertise or understanding, but they can follow a step-by-step script to conduct a hack, and they can wield point-and-click hacking tools built by other more highly skilled hackers. Script kiddies can cause damage even if they do not understand the technical details of what they are doing or how their attacks work. Script kiddies are significant threats because as time passes, once complex hacks known to only an elite few become scripted and are made available to the masses in the form of hacker tools. Script kiddies do not create novel attacks, but recycled attacks often remain effective for a long time. The Social Engineering Toolkit (SET) is a command line tool that provides a step-by-step wizard for configuring and deploying social engineering attacks that can be used to steal user credentials and gain access to a victim’s machine. OpenVAS is a vulnerability scanner that can be used to identify a weakness in a target system that could lead to unauthorized access. Metasploit is a popular command line tool that makes gaining access easy. It steps users through the process of pairing an exploit for a vulnerability with a payload that will be executed on the target—a typical payload provides the hacker command line access to the victim. Once the “cyber weapon” is configured with the parameters of the target machine (e.g., the IP address and port number), it can be fired while the hacker sits back and waits for a call-back from the victim machine. Armitage is a GUI wrapper for Metasploit that makes its functionality even more accessible. Mimikatz is a simple hacking program that can be run after a hacker has gained access to a victim to extract plaintext passwords from memory—the passwords can then be used to gain even deeper access. All of these tools (plus many more) are free and come bundled with Kali Linux and other hacking distros. While they may make hacking easy, it would be unfair to say that they are script-kiddie tools because they are used by professional pentesters and advanced hackers as well. They are sophisticated tools built by expert developers and elite hackers that perform complex operations. Advanced hackers actually understand how they work and can wield them in even more powerful ways. When script kiddies use them, they typically make a lot of “noise,” jeopardizing their chances of success and making it more likely they will be caught.
RkJQdWJsaXNoZXIy MTM4ODY=