Hivemind Guide

Feb 1st, 2018
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. HIVEMIND Network Explanation
  3. A Hivemind Network is a hidden network which – once compromised – can be used to to trade intelligence files with secretive organisations and groups. It is designed for advanced NITE Team 4 agents and therefore this guide assumes good knowledge of the other modules available.
  5. While each network is slightly different, the general Hivemind (HVM) process can be summarised into 4 stages:
  6. • Satellite scan
  7. • Initial network probe
  8. • Internal network probe
  9. • Password attack
  12. The first step in getting into a HVM is to find it. This is done by triangulating your search – between the initially selected point, a satellite (set to a specific longitude) and a second selected point. You can adjust the longitude of the satellite using a slider at the bottom of the screen and then select one of a number of points on the globe to start your search.
  14. After your search, assuming you haven’t found the HVM you’ll be informed how close it is (far, mid or near) and the direction of it. It can take some time to get used to searching for these HVM nodes, however if you keep trying different options you’ll quickly find the HVM you’re searching for.
  18. Once you’ve found the location of the HVM, you’ll be given the domain name. Using this you’ll need to conduct a standard FOXACID attack to gain a foothold inside their systems. One difference with HVMs though is that you’ll be given a window showing different nodes in a system. By cross-referencing this with your DNS & VHOST modules, you’ll be able to easily pinpoint which subdomain is vulnerable as it will be highlighted.
  19. The rest of this stage is the same as a normal domain attack. Once you have the network in your Turbine C2 Registry, you are ready for the next stage.
  22. This stage is somewhat similar to the previous one, except you are aiming to investigate the internal workings of the network much more. You are given a new window with a percentage value to help you see how much you’ve identified. Any externally-visible subdomains that you find in this stage do not count towards the percentage.
  24. Internal investigation can be conducted through the WMI Scanner, DNS & VHOST Mapping and Host Fingerprint modules. At this stage it can also be worthwhile checking Air Crack and bringing up as much information there as possible. This will be useful for you in the next stage.
  26. Once you’ve uncovered most, if not all of the HVM percentage screen, you’ll find some icons are highlighted. You’ll need to click on the database and webcam icon ones to get the information to complete this stage. If you’ve done this correctly you’ll receive the first and last name, as well as the age of an individual. You should also have the date/time during the week that they accessed the network recently.
  28. The final stage involves you using the dates/times from the previous step combined with the Air Crack module to correctly identify the individual’s mobile device. You will need to then perform your normal research into the mobile device to uncover any information about the owner.
  30. In order to start the password attack, you can press the eye-like icon below the dates/times you just used to find the mobile. This will bring up your Password Attack module with the URL and Username pre-filled. Fill in the variables as you normally would and, once successfully complete, you have gained access into the HVM.
  33. The reason for compromising a HVM network is to trade intelligence. When you are connected there will be a “Trading” tab that you can click on. This will show you a list of 5 possible trades, highlighting what they are offering and requesting in each one. A tick will also be seen if you already own the intelligence. It goes without saying that you can’t initiate a trade if you don’t have the required intelligence they are asking for.
  35. To start a trade, click on the pair you are interested in and the console will provide you with a trade code (e.g. “Trade 567”). Type this into the console and you can start the trade. It is worth noting that your intelligence is NOT lost in this process.
RAW Paste Data Copied