i
just started an kali-linux course ...so to this just stick with
me(zerocool)..and subscribe this blog through E-mail updating service
or
you can download my blog android app where you can easily get
updating of all the new article
thats
it here we are now i am gonna write some theory to build your concept
along with all the practical as much as possible by me
so
we all started with basic standard.
because
before attacking into any system or organisation we all have to know
all the information about the company.
"i
think an good hacker is one who can just escape by hacking without
leaving any trace of his identity"
....Zerocool
so
begin with from bottom of the hacking knowledge..
The
Attacker’s Process:-
There
are many ways an attacker can gain access or exploit a system. No
matter
which way an attacker goes about it, there are some basic steps
that
are followed:
1.
Passive reconnaissance.
2.
Active reconnaissance (scanning).
3.
Exploiting the system:
Gaining
access through the following attacks:
a.Operating
system attacks
b.Application
level attacks
c.Scripts
and sample program attacks
d.Misconfiguration
attacks
f.Elevating
of privileges
h.Denial
of Service
4.
Uploading programs.
5.
Downloading Data.
6.
Keeping access by using the following:
.
Backdoors
.
Trojan horses
7.
Covering tracks.
Note
that it is not always necessary to perform all of these steps, and in
some
cases, it is necessary to repeat some of the steps. For example, an
attacker
performs the active and passive reconnaissance steps and, based
on
the information he gathers about the operating systems on certain
machines,
he tries to exploit the system. After unsuccessfully trying all
sorts
of operating system attacks (Step 3), he might go back to Steps 1and
2. At this point, his active reconnaissance will probably be more in
depth,
focusing on other applications that are running or possible scripts
that
are on the system, and even trying to find out more information
about
the operating system, such as revision and patch levels.
After
he
has
more information, he will go back to attacking the system.
Passive Reconnaissance
To
exploit a system, an attacker must have some general information;
otherwise,
he does not know what to attack. A professional burglar does
not
rob houses randomly. Instead, he picks someone, like Bob, and he
begins
the passive reconnaissance stage of figuring out where Bob’s house
is
located and other general information.
Active Reconnaissance
At
this point, an attacker has enough information to try active probing
or
scanning
against a site. After a burglar knows where a house is located
and
if it has a fence, a dog, bars on the windows, and so on, he can
perform
active probing. This consists of going up to the house and trying
the
windows and doors to see if they are locked. If they are, he can look
inside
to see what types of locks there are and any possible alarms that
might
be installed. At this point, the burglar is still gathering
information.
He
is just doing it in a more forceful or active way.
With
hacking, the same step is performed. An attacker probes the system
to
find out additional information. The following is some of the key
information
an attacker tries to discover:
•Hosts
that are accessible
•Locations
of routers and firewalls
•Operating
systems running on key components
•Ports
that are open
•Services
that are running
•Versions
of applications that are running
The
more information an attacker can gain at this stage, the easier it
will
be
when he tries to attack the system. Usually, the attacker tries to
find
an
first step of all the hacker before exploit any system or company
that is ....“Information Gathering,”
it's
mean to gather all the information ,loopholes what kind of port open
and which kind of software running on them??
these
are the important question which should have their answer before
taking any further step.
so
in future article we deal with this topic.
one
thing more before we go to next topic
Keep
in mind that, as an attacker performs additional active
reconnaissance,
his chances of detection increase because he is actively
performing
some action against the company. It is critical that you have
some
form of logging and review in place to catch active reconnaissance,
because,
in a lot of cases, if you cannot block an attacker here, your
chances
of detecting him later decrease significantly.
When
I perform an assessment, usually I run some tests to figure out the
IP
address of the firewall and routers. Next, I try to determine the
type of
firewall,
routers, and the version of the operating system the company is
running
to see if there are any known exploits for those systems. If there
are
known exploits, I compromise those systems. At that point, I try to
determine
which hosts are accessible and scan those hosts to determine
which
operating system and revision levels they are running. If an
attacker
can gain access to the external router or firewall, he can gather a
lot
of information and do a lot of damage.
For
example, if I find that a server is running Windows NT 4.0 Service
Pack
4, I scan for all vulnerabilities with that version and try to use
those
vulnerabilities
to exploit the system. Surprisingly, with most companies,
when
I perform active reconnaissance, their technical staff fails to
detect
that
I have probed their systems. In some cases, it is because they are
not
reviewing their log files, but in most cases, it is because they are
not
logging
the information. Logging is a must, and there is no way to get
around
it. If you do not know what an attacker is doing on your system,
how
can you protect against it?
The
goal of a company in protecting its computers and networks is to
make
it so difficult for an attacker to gain access that he gives up
before
he
gets in. Today, because so many sites have minimal or no security,
attackers
usually gain access relatively quickly and with a low level of
expertise.
Therefore, if a company’s site has some security, the chances of
an
attacker exploiting its systems are decreased significantly, because
if
he
meets some resistance, he will probably move on to a more vulnerable
site.
This is only true for an opportunistic attacker who scans the
Internet
looking
for any easy target.
Exploiting the System
Now
comes the scary part for a security professional. When most people
think
about exploiting a system, they only think about gaining access, but
there
are actually two other areas: elevation of privileges and denial of
services.
All three are useful to the attacker depending on the type of
attack
he wants to launch. There are also cases where they can be used in
conjunction
with each other.
For
example, an attacker might be able to
compromise
a user’s account to gain access to the system, but because he
does
not have root access, he cannot copy a sensitive file. At this point,
the
attacker would have to run an elevation of privileges attack to
increase
his security level so that he can access the appropriate files.
It
is also important to note that an attacker can exploit a system to
use it
as
a launching pad for attacks against other networks. This is why
system
break-ins
are not always noticed, because attackers are not out to do
direct
harm or steal information. In these cases, a company’s valuable
resources
are being used and, technically, that company is hacking into
other
companies.
Think
about this for a minute:
Whether
it is authorised or not, if someone
is
using Company A’s computers to break into Company B, when Company
B
investigates, it will point back to Company A. This is called a
downstream
liability problem. This can have huge legal implications for a
company
if it is not careful—especially if the attackers want to have some
fun
and carefully pick the two companies so that Company A and B are
major
competitors.
Gaining
Access
Because
one of the most popular ways of exploiting a system is gaining
access,
let’s start with this type of attack. There are several ways an
attacker
can gain access to a system, but at the most fundamental level,
he
must take advantage of some aspect of an entity. That entity is
usually
a
computer operating system or application; but if we are including
physical
security breaches, it could be a weakness in a building. If a
burglar
were going to break into a house, he would have to exploit a
weakness
in the house to gain access—for example, an unlocked window,
no
alarm system, or a non-secure lock. The bottom line is this: If the
house
had no weaknesses, it could not be compromised. As we all know,
for
a house to be useful to its owners, it is going to have weaknesses.
Windows
and doors make a house useful, but can be turned against the
owner
and used to break into the house. Eliminating all weaknesses would
produce
a house with no usefulness to the owner. What good is a house
with
no windows or doors made of solid concrete and steel? This same
principle
holds for computer systems. As long as they provide usefulness
to
a company, they will have weaknesses that can be compromised. The
key
is to minimise those weaknesses to provide a secure environment.
The
following are some ways that an attacker can gain access to a
system:
•Operating
system attacks
•Application-level
attacks
•Scripts
and sample program attacks
•Misconfiguration
attacks
Operating System Attacks
Previously,
we compared an operating system to the doors and windows
of
a house. The doors and windows of an operating system are the
services
it is running and the ports it has open. The more services and
ports,
the more points of access; the less ports and services, the less
points
of access.
actually
it's an rumour because it's an opposite of that
'The
default install of most operating
systems
has large numbers of services running and ports open'
so
why manufacture do this to their own costumers..why??
according
to me the main reason is MONEY??
they
all are the good business man who only care about money not about
their company users or employee.
They
want a
consumer
of their product to be able to install and configure a system with
the
least amount of effort and trouble. The reason for this is every time
a
consumer
has a problem with their product they have to call for support,
which
costs the company large amounts of revenue.
Application-Level Attacks
Application-level
attacks take advantage of the less-than-perfect security
found
in most of today’s software. The programming development cycle
for
many applications leaves a lot to be desired in terms of security.
ok
their is lots of theory i am not gonna explain one by one so just got
through another source<internet> for more theory..
i
am just gonna skip all these stuff..
The Types of Attacks
Active
attack....
In
the
traditional
sense, this is the equivalent of a burglar trying to pick the lock
on
your front door or throw a brick through a window to gain access. In
all
of
these cases, an attacker is actively doing something against you or
your
company. Because of this, these attacks are fairly easy to detect, if
you
are looking for them.
exactly
what the mean of The inactive attack we are just doing attack
actively means your ip/mac address get recorded your identity will
be
revealed in this case.
but
don't be tensioned because hackers have every problem solution ..
these
may be by proxy bouncing servers or by spoofing your mac(media access
control) address of your system.
we
will look in further article but its an important for every hackers to
make himself anonymous before exploit into any system.
so
here we talking about the attacks types...
have
a look on this hierarchy of attacks with some basic example....
-Active
attacks
o
Denial of Service
o
Breaking into a site
Intelligence
gathering
Resource
usage
Deception
-Passive
attacks
.
Sniffing
Passwords
Network
traffic
Sensitive
information
.
Information gathering
that's
it for fundamental building for u guys for further article will make
all the things possible which seems you impossible...
that's
for today article we will meet in next article with very important topics about
"INFORMATION GATHERING -I RECOGNNAISSANCE "
ZEROCOOL
SIGNOUT
"INFORMATION GATHERING -I RECOGNNAISSANCE "
ZEROCOOL
SIGNOUT