Heist School

Heist School

Learn how to get started with hacking and with Sticker Heist.

Last few tips on the Scenario page are very important:

  • Work together.

  • Reconnaissance is essential: collect data on the target.

  • Look at everything, as you never know what you may find that will help.

With these in mind lets look at the hacking process.

The Hacking Process

Though not every hacking engagement will be the same, overall there is a flow to hacking. This flow (Figure 1) will help when approaching the heist. There may be times when these main "bubbles" overlap and you'll be going back to a previous step based on new findings.

  1. Reconnoissance (Recon): Possibly the most important part of the process. Recon is the act of scouting and exploring the target. This can be as simple as looking and watching the system. Also see what the target emits (WiFi, BlueTooth, RFID) and even physical (paper, notes). Recording what is found is an essential part of this keeping notes (pics, screen shots) on items discovered. Not every discovery will see crucial however may become important later. Example .. version numbers of software running, IP address, server names and types of locks and other security.

  2. Vulnerability: "Noun - Susceptibility to attack or injury; the state or condition of being weak or poorly defended." Items found from recon may actually be a vulnerability. Some vulnerability examples are; unpatch software, a physical note left unsecured with information on it, misconfigured services, information left in source code, and poor passwords.

  3. Exploit: An exploit is a way of gaining access to a system through a security flaw or vulnerability. Exploits can be in many "flavors." Some can be a simple as leveraging a simple vulnerability (like using an exposed password to gain access, discovering a bypass from source code) or more complex method (like a buffer overflow, or Metasploit module to open a remote shell).

  4. Loot: Gathering artifacts (like: user accounts, passwords, source code, data, sensitive documents). This may be it .. you did it .. or may lead you back to more recon (more on this "the pivot" below).

  5. Clean-up: Removing traces of the hack. Like removing backdoors, temp accounts created as part of an exploit. Re-locking a box.

The "Pivot"

At times the initial access gained may not be the goal. Using the foothold gained you may end-up going back to recon and the process. This is commonly called pivoting.

As a part of pivoting you may end-up jumping between many of the first three phases of the hacking process. It can feel chaotic, and not all vulnerabilities may be exploitable as initially thought. It can be very fail and try again process. Keeping notes on the outcomes may be of value. Also searching for how to do stuff is also normal.

The "Googling"

You will end-up searching on some of the discoveries. Don't expect to know it all and its ok to search "what is SSH" .. "how do I use Linux command line" .. "how to FTP" .. etc. Educating yourself is a big part of this process.

Don't forget you are part of a team. Sharing ideas and findings is an important part of the hacking process.


To work the heist you will need:

  • A laptop. Smartphones may not be enough .. of course Wifi.

  • Kali Linux either in a VM or full Linux laptop

  • App to keep notes (basic text editor, OneNote, whatever..)

  • Some other tools needed are (most of these are in Kali):

The Kali Tool site is very helpful is seeing what some of the tools do.

Areas of Knowledge

Some knowledge is these areas will help:

  • Networking basics (IP address, netmask, types of networks).

    • Tools to find this (ifconfig on Linux, ipconfig on Windows)

    • Ports, port numbers and what they are used for. (PDF)

  • Basic Linux commands (command line: list files and directories, view file contents)

  • Using some terminal based apps: like ftp and ssh.

    • Also can install PuTTY to help.

  • Viewing page source in a web browser. View code comments.

  • Curiosity - See how things work, what if's .. etc.