This Week's Development

Hi everyone!

This week I decided to make a video showcasing all the features implemented so far. Please remember that this is the result of only 3 weeks of development so ignore the rough edges you might see throughout the video. Go ahead and watch it now - in fullscreen and 1080p. I talk about what you see in there after the video.



I hope you liked it! I'm going to skip ahead of the features I already talked about in the previous weeks, with only a few words on the password breaker. As you could see, it took a while to crack a 7 character password, even though it's trying 1 trillion (!!!) combinations per second. Any kind of security system would recognize that it was being hacked and would immediately disconnect you. This is just to say that the password breaker is really not the "go to" tool to hack a computer.
On to the new features...

Vulnerabilities

Vulnerabilities allow you to get access to specific parts of a server. They are constantly being fixed and new ones will be found. The player can inspect a system to find vulnerabilities but it needs to have the skill to find and exploit them. Not all servers have the same vulnerabilities and no server will have more than 3 at the same time. They may even have none and you'll have to come back later. In the video, all servers have all 3 implemented vulnerabilities for demonstration purposes.

Buffer Overflow

This is a very simple vulnerability that allows you to put data in the server's memory. An unskilled hacker can use this to crash the server by inputting random data (as seen in the video) but an experienced hacker will be able to do much more.
After a crash, the server will be restarted shortly and be back online. So this may seem pointless but imagine you are being traced. You can connect to one of your proxies and crash it this way. It's simple and fast and when the tracer reaches this proxy, he'll have to wait for it to come back online before proceeding, buying you more time to cover your tracks.
So, vulnerabilities can seem pretty simple but they can be very helpful. You just need to be a bit creative.

Path Traversal

This vulnerability allows you to access specific files on the server's file system. You need to know the exact path of the files, so this is most useful to access default system files like the logs file. One important thing to notice is that this vulnerability retrieves the files and sends them to you, which means that the files are on your computer. Modifying them will not modify it on the server and running an executable will run the software on your computer, not on the server. You can read files and download them, nothing more. It's still very useful when you just need some information that you know is in a file, for which you know the path.

Code Injection

This is the most exciting vulnerability so far. With this vulnerability, you'll be able to run custom code on the server. You won't get any feedback from it, so you just pray it worked. Its success will depend on the permissions with which it is executed, on the security systems in place and in the coherence of the code itself - if the first thing the code does is destroying the operational system, don't expect it to create you an admin account afterwards.
The code is made up of modules and this modules are created by the player beforehand. When creating the modules you'll be able to customize them. For example, the module that creates an admin account needs a username and a password.
There will be lots of modules to create - currently I have 20+ planned - but the player will need to improve his skill to be able to create more modules. They won't all be available from the start.


Thank you for reading!
Please leave me some comments or feedback. I'd love to know what you're thinking.

Also, don't forget to follow @HACK_theGame for updates as it happens.