UploadLanguage (EN)Support
BusinessMobileSocial MediaMarketingTechnologyArt & PhotosCareerDesignEducationPresentations & Public SpeakingGovernment & NonprofitHealthcareInternetLawLeadership & ManagementAutomotiveEngineeringSoftwareRecruiting & HRRetailSalesServicesScienceSmall Business & EntrepreneurshipFoodEnvironmentEconomy & FinanceData & AnalyticsInvestor RelationsSportsSpiritualNews & PoliticsTravelSelf ImprovementReal EstateEntertainment & HumorHealth & MedicineDevices & HardwareLifestyle
Upload
Sign in
Greater Noida Institute Of Technology, profile picture
Uploaded byGreater Noida Institute Of Technology
PPT, PDF532 views

Hacking step (Methodology)

This document outlines the typical methodology and steps involved in hacking or penetrating a system, including footprinting and information gathering, scanning target systems, enumerating services and users, gaining initial access, escalating privileges, covering tracks, installing backdoors, and denial of service attacks. It provides examples of open source tools that can be used for each step, such as Nmap for scanning, DumpACL for enumeration, John the Ripper for password cracking, and Netcat for creating backdoors and pilfering information. The goal is to systematically gather intelligence, identify ways to access the target, obtain elevated access, steal data, and ensure future access without being detected.

Engineering
Related topics:
Information Security Computer Security
Downloaded 13 times
1 / 10
2 / 10
3 / 10
4 / 10
5 / 10
6 / 10
7 / 10
8 / 10
9 / 10
10 / 10
Hacking Methodology (Steps)  An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting Enumeration Gaining Access Escalating Privilege Pilferting Covering Tracks Creating Back Doors Denial of Service whois, nslookup Nmap, fping dumpACL, showmount legion, rpcinfo Tcpdump, Lophtcrack NAT Johntheripper, getadmin Rhosts, userdata Config files, registry zap, rootkits Cron,at, startup folder netcat, keystroke logger remote desktop Synk4, ping of death tfn/stacheldraht © ANAND KUMAR MISHRA
Footprinting  Information gathering. Sam Spade is window-based network query tool.  Find out target IP address/phone number range  Why check phone numbers?  Namespace acquisition. Network Topology (visualRoute).  It is essential to a “surgical” attack.  The key here is not to miss any details.  Note that for penetration tester, this step is to avoiding testing others instead of your client and to include all systems to be tested (sometime the organization will not tell you what their systems consist of).  Defense: deploy NIDS (snort), RotoRouter Technique s Open Source search Find domain name, admin, IP addresses name servers DNS zone transfer Tools Google, search engine, Edgar Whois (Network solution; arin) Nslookup (ls –d) dig
Scanning  Bulk Target assessment  Which machine is up and what ports (services) are open  Focus on most promising avenues of entry.  To avoid being detect, these tools can reduce frequency of packet sending and randomize the ports or IP addresses to be scanned in the sequence.  Note that some machine does not respond to ping but responds to requests to ports that actually open. Ardor is an example. Technique s Ping sweep TCP/UDP port scan OS detection Tools Fping, icmpenum WS_Ping ProPack nmap Nmap Superscan fscan Nmap queso siphon
Enumeration  Identify valid user accounts or poorly protected resource shares.  Most intrusive probing than scanning step. Techniques list user accounts list file shares identify applications Tools Null sessions DumpACL Sid2usre onSiteAdmin Showmount NAT legion Banner grabing with telnet or netcat, rpcinfo
Gaining Access  Based on the information gathered so far, make an informed attempted to access the target. Techniq ues Password eavesdroppin g File share brute forcing Password File grab Buffer overflow Tools Tcpdump/ssld ump L0phtcrack readsmb NAT legion Tftp Pwddump2(NT ) Ttdb, bind IIS .HTR/ISM. DLL
Escalating Privilege  If only user-level access was obtained in the last step, seek to gain complete control of the system. Techniques Password cracking Known Exploits Tools John the ripper L0phtcrack Lc_messages, Getadmin, sechole
Pilfering  Webster's Revised Unabridged Dictionary (1913)  Pilfer Pil"fer, v. i. [imp. & p. p. Pilfered; p. pr. & vb. n. Pilfering.] [OF. pelfrer. See Pelf.] To steal in small quantities, or articles of small value; to practice petty theft.  Gather info on identify mechanisms to allow access of trusted systems. Techniques Evaluate Trusts Search for cleartext passwords Tools rhosts LSA secrets User data, Configuration files Registry
Covering Tracks  Once total ownership of the target is secured, hiding this fact from system administrators become paramount, less they quickly end the romp. Techniques Clear Logs Hide tools Tools Zap, Event Log GUI Rootkits file streaming
Creating Back Doors  Trap doors will be laid in various parts of the system to ensure that privilege access is easily regained whenever the intruder decides. Technique s Create rogue user accounts Schedule batch jobs Infect startup files Tools Members of wheel, admin Cron, AT rc, startup folder, registry keys Technique s Plant remote control services Install monitoring mechanisms Replace appls with Trojans Tools Netcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to secadmin mail aliases Login, fpnwcint.dll
Denial of Services  If atacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort. Technique s Syn flood ICMP techniques Identical src/dst SYN requests Tools synk4 Ping to death smurf Land Latierra Technique s Overlapping fragment/offse t bugs Out of bounds TCP options (OOB) DDoS Tools Netcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to secadmin mail aliases Trinoo TFN stacheldraht