Tuesday, March 29, 2011

#5 - Attack Methodology

There are a few schools of thought when it comes to attack methodologies—the plan of attack that a hacker adopts when it comes to penetration testing a network. There are a few variances here and there but most people agree that a good methodology to adopt involves more or less five (5) steps:
  • Reconaissance
  • Scanning and Enumeration
  • Gaining Access (and Escalation of Privileges)
  • Maintaining Access
  • Covering Your Tracks
The preceding steps are the official attack methodology proposed by the EC-Council in its Certified Ethical Hacker (CEH) certification. For the purpose of the rest of the lessons, we'll stick to these steps, unless something else comes along.

Let's look at these steps a little more in-depth:
RECONNAISSANCE
Reconnaissance is the act of gathering information. An attacker will attempt to gather as much information about a target (a company, a web site, or a platform) as they can. This reconnaissance can be either passive or active. For instance, an attacker wanting to gather information passively might perform some extremely thorough and pointed internet searches to find out as much as possible about a company. They might try to find Organization Charts, personnel listings, contact information.
BackTrack has some excellent reconnaissance tools built into it and we'll discuss them more in-depth in the next lesson. Also, we'll discuss a few tools that I think happen to do excellent jobs in the passive act of reconnaissance.
When we discuss active reconnaissance, however, we're typically speaking about an attacker who is scanning ports or services in order to obtain more in-depth knowledge about his victim. Walking along firewall rules and dumpster diving are other examples of this kind of reconnaissance.
SCANNING AND ENUMERATION
Utilizing port scanners, vulnerability scanners and performing war dialing are all examples of what an attacker would use to accomplish this task. We're going to focus a lot of our time on nmap and nessus during these lessons but we'll determine if there are any other scanning tools that help perform these tasks better.
GAINING ACCESS (AND ESCALATION OF PRIVILEGES)
This step in an attack methodology is where the actual hack or attack takes place. The attacker launches some sort of attack against a service, a port, a login, etc. and is able to gain access to the system.
MAINTAINING ACCESS
Once an attacker penetrates a system, they will most likely want to return for future use and they'll want to make sure that the system is easier to gain access next time. This is performed through the use of tools like rootkits and Trojan Horses that leave backdoors into systems.
COVERING YOUR TRACKS
Once you have implemented an attack, taken control of a box and left yourself a backdoor to enter any time you like, you need to cover your tracks and hide all signs you were ever there. This includes emptying of logs and wiping of system data.
SUMMARY
All right. Now that we've determined what steps make up our attack methodology, let's take an in-depth look at Reconnaissance.

2 comments:

  1. INSTEAD OF GETTING A LOAN, CHECK OUT THE BLANK ATM CARD IN LESS THAN 24hours {blankatmhaker@gmail.com}

    Am Mark Oscar,I want to testify about Jack Robert blank ATM cards which can withdraw money from any ATM machines around the world. I was very poor before and have no hope then I saw so many testimony about how Jack Robert send them the ATM blank card and use it to collect money in any ATM machine and become rich. I also email him and he sent me the blank card. I have use it to get 70,000 dollars. withdraw the maximum of $5,000 daily. Jack Robert is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email Him on how to get it now via: blankatmhaker@gmail.com or call/Text on +1(406) 350-4986

    ReplyDelete