Hi people!
I would like to share with you the latest news about the development.
As some of you know, for some time the development has been focused on the nightly build, therefore the public version will not receive updates for a while until the development of the nightly build ends and merges as usual.
Unlike previous nightly builds, this time all the features planned for this development cycle will be included before opening it for public testing.
Here are some details of what you will find in the next nightly build:
Player custom networks

Now rented servers are expanded to rented networks!
By renting a server, new devices can be added to the network, such as routers, switches, hubs or more servers to improve the security of your network, in addition to being able to add firewalls.
With the new ConfigLan tool, you will be able to remotely manage your networks, as well as reset them to their original state if for some reason you have lost the possibility of re-entering the network, either due to a configuration error or a hack.
Sniffers

With the introduction of sniffers, players can capture the passwords of npcs and other players.
Now the ssh and ftp services allow an encrypted connection, causing sniffers to only capture encrypted passwords. Although ssh and ftp have a default encryption method, it is easily creackable, since the source code is available for study in the Manual.
Therefore players can program their own encryption system to be used with these services, so that other players can try to crack the encryption system to obtain the password.
This mechanic will consist of two scripts that will have to be installed on the server, Encode and Decode. Where sniffers can also capture the source code from Encode, but not from Decode.
As you can imagine, sniffers and encrypted connections will have more prominence in Multiplayer mode than in Single Player mode.
New devices

In addition to anticipated devices, such as printers or smartphones, security cameras have also been added, adding one more attack vector.
In some networks you will find security cameras installed, usually in companies, that can show the interior of these buildings. If you look closely at the environment you may find useful information.
The cameras are accessible through the browser, since they use an http server to make the connection, although they require a password to access.
New hacking techniques
New APIs will be added to the metaxploit library to allow reverse shells. That is, the victim connects to you, instead of you to the victim. This technique allows access to computers that do not have any service installed.
Reverse shells implicitly include the use of a Trojan, since to perform a reverse shell, you must first get the victim to execute your code through social engineering, and this code will install a local service that will connect to your IP as soon as possible, giving you access to a shell.
Keep in mind that you will have to have a publicly accessible service, such as ssh, for this technique to work, making you vulnerable to attacks from others.
More news soon!
[ 2020-10-09 19:22:36 CET ] [ Original post ]