Anatomy of the Hack
Results 1 to 4 of 4

Thread: Anatomy of the Hack

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    154

    Anatomy of the Hack

    This is not an original work I have taken it from hacking exposed 3rd edition. I do not claim this to be original in any way. However the information is very useful I fell, how can you securer yourself without knowing the way a hack works so I have include this little bit of information form the book.

    Foot printing

    Objective
    Target address range, namespace acquisition, and gathering information are essential to a surgical attack. The key is not to miss any detail

    Techniques
    Open source search
    Whois
    Wed interface whois
    DNS zone Tran sphere

    Scanning

    Objective
    Bulk target assessment and identification of listening services focus the attacker attention on the most promising avenues for entry.

    Techniques

    Ping sweep
    TCP/UDP port scan
    OS detection

    Enumeration

    Objective
    More intrusive probing now begins as attackers begin to identified valid user accounts or poorly protected recourse shares.

    Techniques

    List of user accounts
    List of share files
    Identify applications

    Gaining access

    Objective
    Enough data has been collected to allow an informed attempt to access the target.

    Techniques

    Password eve dropping
    File share brute forcing
    Password file grab
    Buffer overflows

    note this can go straight to DOS attacks after this step or they may continue on down the chain

    Escalating privileged

    Objectives

    If only user level access has been obtained in the last step the attacker will now seek to gain compete control over the system

    Techniques

    Password cracking
    Known exploits

    Pilfering
    Objectives

    The information gathering process to begin to identify access to trusted systems.

    Techniques

    Evaluate trusts
    Search for clear text passwords

    Covering track

    Objectives
    Once total ownership of the target is secured, hiding this fact from the systems administrator becomes paramount.

    Techniques

    Clear logs
    Hide tools

    Create back doors

    Objectives

    To insure that the intruder has privileged access whenever they choose.

    Techniques
    Create rogue user accounts
    Schedule batch jobs
    Infect start up files
    Plant RAT's
    Install monitoring systems
    Replace app with trojens

    Denial of service

    Objective
    If the attacker is unsuccessful in gaining access they may use a readily available exploit code to disable the target as a last resort

    Techniques

    SYN flood
    ICMP techniques
    Identical src/dst SYN requests
    Overlapping fragment/offset bugs
    Out of bound TCP options(OOB)
    DDos
    As I say this is right form the book but useful information to have at hand, knowing the antonym of the hack will allow you to protect your systems better, I have not include the listing of the tool used as I wish not to pass information of that nature on, anyone interested should go google. If you use this information in any way I take no responsibly for any action you take or any action taken against you.

    Kindred69
    ForeverLearning

  2. #2
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    I really liked that book.......I only have the first eddition though.....
    The other books in that set: Hacking Linux/window and hackers challenge
    are all pretty good books.
    I toor\'d YOU!

  3. #3
    Junior Member
    Join Date
    Oct 2001
    Posts
    2
    good info. from a good resourceful book.

  4. #4
    Banned
    Join Date
    Mar 2002
    Posts
    520
    is it a book or a tutorial? Like is it an e-book or regular book?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides