Let's Play/Hack: Grey Hack, Part 1
Вставка
- Опубліковано 2 жов 2024
- Grey Hack is a massively multiplayer hacking simulator game. You're a hacker with full freedom to act as you wish on a vast network of procedurally generated computers.
RELEASE DATE: Dec 14, 2017
DEVELOPER: Loading Home
PUBLISHER: Loading Home
Dude gives 3000-4000 level class in mathematics behind cryptography. Gets stuck on social engineering. lol This is why we work in teams.
Yeah no doubt.
@@AFascinatingChap this game is truly difficult. I was way too arrogant one day ago.
Sometimes I feel like I went the wrong direction in the computer world. I really enjoy network operations and even as a young teenager I use to mess around with altering packets for MUD's (back in the mid 90's), setting up private networks, messing with firewalls, etc. Never went with either of those interests though and ended up in service ops/data engineering instead. Although when anyone asks me what is a good tech job to get into I always say 'network security'. I had the most fun doing operations support for a large world wide corporate network in the mid/late 2000's. Then moved back into ops engineering and now data engineer.
For any young nerds out there that may be reading this, if you find it fun to mess around with network security/engineer/ops stuff...keep at it. It's incredibly satisfying and a very lucrative career.
Agree completely. Though I will say that it's also important to find your niche. Work is always work, but it makes a world of difference doing something that interests you.
I like how your commentary compare/contrasts how the "tools" of the game are different/simplified than its real-world counterparts
Thanks. I'm glad you enjoyed the video.
Appreciate the video. I recently got back into pentesting, I'd say I'm a little advanced right beyond fundamentals for ethical hacking. Hard to not point out the methods and procedures if they're wrong. I'd like to see an A-Z pentesting game that involved in depth hacking like HTB or THM. Provide everything from Microsoft's AD to a Linux computer running multiple services. Brute forcing and cracking is only allowed on very low level worth devices that get you A, B, and C rewards that aren't an opponent's property. All other methods need thorough black box approach.
You'd have to have rules in place where password cracking and brute forcing to gain access isn't an option because it's just too easy an unrealistic to perform that attack on a machine and get access within 60 seconds. All players have at least 1 vulnerability, which can lead to root access. And maybe that vulnerability can't be patched. The only way to have a fighting chance on defense is say..... YOU have to come back at your attacker within 24 hours if they successfully become root and grab the flag. None of this bank transferring by clicking a button.
Once your opponent has your flag they're fair game to attack, but each player must have at least 1 vulnerability. Remote code execution and backdoors would be allowed, and it's the owner's responsibility to check the logs. Maybe you can have IDS or IPS, but that only blocks everything but the 1 vuln right, so... or at least the more money you make the better your defenses. And the vulns are real world examples.
You could chose between a Windows machine or Linux for servers. There's the PvE elements like mining bitcoin legally or illegally, social engineering creating an undetected payload, or gaining access to other services in the big giant city where the MMO takes place. Maybe have a mutual underground hacking economy where you can buy, trade, and sell. No stealing allowed, block that off don't put it in the game. Hackers can trade scripts, hardware, and stolen data.
Data that can be stolen shows PvE information, and maybe hacktivist groups are formed (teams) and you have to put your trust in your teammates.
Things that should be blocked off from PvP would be password cracking, and completely bricking out the victim of their main device. Maybe pwning their secondary devices would be allowed for a certain amount of time? Then the rule would be you have to give it back but you lose rep and money?
Maybe rep is like your hacking level, and you don't technically have an RPG lvl because your knowledge and skillset is your personal real life level.
In game money could buy real life hacking lessons, security lessons, and programming lessons. Programming is allowed to create your own scripts and you don't have to buy scripts. Bad scripts get you caught. Getting caught lands you in jail and you lose everything, except what's tucked away in some sort of cache where cold hard money is stored. Maybe hackers can't report you to the law (cuz then everyone would just go to jail in each world) but the PvE elements will. Maybe wiping logs and hardware, and escaping in time lets you avoid the coppers.
I'm really on to something here, and the best part would be the actual real world practices done by ethical hacking. I would 100% pay a monthly subscription to play that game. Wouldn't ever get off of it.
100% I've been looking for something like this for years.
Does this game actually require programming skills to play, or can it teach? I'm trying to find good methods to learn programming, and this came out of nowhere.
There is an in-world language called GreyScript which is simplified but syntactically consistent. Some skills would translate out of game.
Please keep doing let's plays for this game! Love it
Sure! Thanks for watching.
I did a paper last year for school on the Sha collision attacks and how much money it would cost to replicate them in a reasonable time frame. When you say it's rare to find collisions, you're not kidding. The time it would take someone brute forcing hashes on a single 3060 TI to have more than a 50% chance of finding a collision in sha-2 is several times the projected lifespan of the universe
Yep, pretty much all modern cryptography is based upon the relative probability that it could be broken within an amount of time to be a viable attack strategy. Older suites are depreciated because computing reaches a point where they no longer meet that threshold. The real issue is going to come with quantum computing, since that will essentially reduce such processing to a fraction of what is currently possible. Pretty much all crypto as we know it will be over.
Hello do you have a ranking list of most realistic hacking game of all the games you played?
Yep, I do keep a list. Maybe I'll make a video about them at some point. Grey Hack is number 1, but you should also keep in mind that no game is going to teach you actual penetration testing. Check out HackTheBox or TryHackMe if you want more realistic training boxes.
Pretending to be the admin worked for me
yeah it takes me a long time to figure out how the game works.
those were your phishing email templates at the end lol
Yeah, you could say I'm a Grey Hack expert.
"If something were to happen it'd hav happend by now." Nah man the point is it's saved in clear text. Not encrypted at all. Computer gets compromised, HEY whats this folder called Grey Hack? Oh it's a hacking game... and there's passwords??? Granted yea this would require the person to know that this is even a thing in the first place but like, you really never know when you're gonna get hit or by whom.
I don't remember exactly what context I might have said this in, but yeah there's a lot more to Grey Hack that took me an embarrassingly long time to understand.
In terms of realism how close is it to real tools and scripts?
Well, in general pretty close, but in practice not very close. I know that's confusing, but what I essentially mean is that everything in the game makes sense and would be mostly correct, but in terms of actual black box security research it requires far more creativity and involves more variety. Essentially - there is a difference between verisimilitude and accuracy. Grey Hack has a ton of verisimilitude, but cannot be accurate.
I want to hack local network system which means the computers are have no ports.That are connected multiple routers. I can get guest access (even root access also )on that routers,after that what I do. Because I want to access the victims computer to corrupt data and another mission similar to like this getting remote file. I tried port forwarding to the specific computer it's not working.. i can see unknown service.People say use rshell method.I do that but.?!... example I want to hack the victim ip is 10.0.25.3(no ports ) but I have all access (root too) on other computer which ip is 171.1....something..Simply the quet is how to enter or hack from open ports computer to no port (Lan) computers if i use rshell how to do it( not asking about setup)....
Waiting for your reply and
Thanks in advance
Sorry, your comment was held up by the TY filter so it took some time for it to appear on my dashboard. So if the machine doesn't have any open ports then one thing you can do is create the opportunity by phishing a user on the system with the malware template. They'll run the backdoor program and you can connect.
2:04 I have no clue what you are reading or looking at, but it isn't on the screen you are showing us in the video.
Sounds like the disclaimer that comes up when you start a multi-player game. Not sure why it's not visible in the recording.
I keep recieving this when trying to aireplay, no matter for how long i go, and its with all of the networks. Nothing works "Can't create file /home/file.cap. Permission denied"
Sounds like directory level permissions on /home - make sure you're running as a user with write access. You can test it with touch file.cap in the home dir.
im stuck at nmap ip address it says command not found
You're going to need to download nmap first from the shop before you can use it.
this game still alive? i mean the online comunity im thinking on buying but on steam stats i only see an average of 20-40 users only on the online/game :C so its dead the online?
From my experience, it seems fairly active. There are a couple things that work against the way Steam typically represents usage statistics. 1) Just because it's an MMO, doesn't mean you need concurrent users. Other users online create content that can be accessed even after they log off. 2) It's probable that privacy enhancing technologies (like VPNs) mess with Steam's ability to track users. My theory is that players of this game are more likely to be using those services. That said - I don't have a ton of experience with the online game. I plan to get back to it.
@@AFascinatingChap i have alr bought and well the chat is dead 2-3 users the day i play but online content like websites and that still alive some ones, i hack a player and then my ingame pc reboots saying panic kernel XD with missing sys files so or the hacked player was online and revenged, or that player have a defense script or something like that that auto hacks attackers
Why no airodump-ng? instead it's iwlist !! ?
Yes, this is true. I'm not sure what distro the OS is meant to mimic, but iwlist is a Debian wireless tool. It's just not one people more used to airodump would go to. Why have aireplay and aircrack but no airodump? I don't know.
i dont have access to configlan is that a problem?
Not sure what you're trying to do, but probably not.
buddy at work told me about this game. surprised the wireless tools are near spot on
Just enough verisimilitude to catch my interest.
I hope u will do part two!
You got it! Part 2 is up now.
14:35 you are talking about hash collision which is md5
Yep. Though hash collision is technically a problem for more than just MD5, except that more robust algorithms make the mathematical probability of those collisions relatively smaller (though it is already quite small.)
Fun possible fact, apparently the NSA now has the ability to replicate hashes using a program they created. I call that an unfair advantage if you ask me. That is downright terrifying. Say goodbye to your signature checking, or should I say.... hello.... brought to you by your favorite rules for thee but not for me organization. @@AFascinatingChap
Hqcker simulator is not good? I love that game.
I don't really judge most games on if they are "good" or not. I've played plenty of games that are fun. I'm on a mission to find a -realistic- hacking game, or at least one I can use in the classroom as a trainer. Hacker Simulator is not that.
@@AFascinatingChap why?
On 9:19, you said you need the right card to do it that way. What are the requirements for a card that would work?
Wireless networks blast a signal throughout the immediate area. All wireless cards are capable of receiving transmissions, but generally only those broadcast for client connections. Not all are capable of monitoring mode (listening/promiscuous mode) which scans a broader range of frequencies to pick up additional information for wireless sniffing. The list of capable devices isn't small, but it's also not inclusive of all hardware: deviwiki.com/wiki/List_of_Wireless_Adapters_That_Support_Monitor_Mode_and_Packet_Injection
What is the operating system?
it's a linux analogue. appears to be closest to debian syntax, so a decent trainer for kali.
buying i tonight cant wait
Awesome. Good luck with it.
What terminal are you using that allows for ctrl+c to do anything except for exit whatever program? That certainly won't be the default behavior.
Edit: you can do the same thing with nmap irl, if you want just a basic scan you don't need -sC, -sV, -sS, etc. It auto defaults to a SYN scan that hits the most common 1k ports
Yep, absolutely right. A SYN scan for a privileged user, a connect scan for unprived, but both following a ping for host detection in a default scan with no params.
This game have new version
Killer. I'll be giving it a look soon.
@@AFascinatingChap 👌
Like a sequel?
@@AFascinatingChap and yea you need click the "Admin" for edit who is this
3:22 it starts
I can't be hacked. I use Linux.
ok
Hello how to download and install grey hack? I really didn't understand, could you tell me how to download and install it
It's available on Steam.
he just leaked his password to some of his stuff
Jokes on you, my password for anything important is Hunter2
ok, but you just leaked it again
@@sawabeditssor so you think but actually he changed it to 12345 right after replying to you! 😏