1. Information Gathering/Foot printing
2. Port Scanning
3. OS Fingerprinting
4. Banner Grabbing
5. Vulnerability Assessment
6. Search & Build Exploit
7. Attack
8. Maintain Access with help of Root kits and Trojans.
9. Covering Tracks
Informational gathering is the process to get maximum details of target host. It is very important part of remote hacking because when we have more information about target system we can launch more attacks.
Information gathering is done with these steps:
You are working in your company as a hacker, and your company want physical address and IP address and employee record and domain details. Your company gives u domain name:
www.kulhari.net
Ans)
1. Open Dos prompt and type ping kulhari.net [Enter] after you will get IP address of victim.
2. Open google.com and search kulhari.net (and browse website for all information’s like contact number, employee records and their services).
3. For domain owner email address and hosting company details open: www.who.is and type www.kulhari.net (any target site).
4. For physical address location of server open www.whatismyipaddress.com and type IP address that you get in step 1. And trace it after that.
Video Link
When exploring a network for security auditing or inventory/administration, you usually want to know more than the bar IP addresses of identified machines. Your reaction to discovering a printer may be different than to finding a router, wireless access point, telephone PBX, game console, Windows desktop, or UNIX server. Finer grained detection (such as distinguishing Mac OS X 10.4 from 10.3) is useful for determining vulnerability to specific flaws and for tailoring effective exploits for those vulnerabilities.
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerability in a system.
Vulnerability assessments can be conducted for small business to large regional infrastructures. Vulnerability from the perspective of Disaster Management means assessing the threats from potential hazards to the population and to the infrastructure developed in that particular. It can be done in political, social, economic and in environmental fields.
Assessments are typically performed according to the following steps:
1. Cataloging assets and capabilities (resources) in a system.
2. Assigning quantifiable value (or at least rank order) and importance to those resources
3. Identifying the vulnerabilities or potential threats to each resource
4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
Launch attack on remote system and get reverse shell.
After getting remote access we place a root kit or Trojan virus for future remote access, without any password.
[For more information you’ll have to wait for the next chapter]
Covering Tracks is a process to delete all logs on the remote system. If target system is Linux or UNIX, delete all entries of /var folder and if it is windows OS delete all events and logs.
Case Study: 1.3
You are working in abc company as a ethical hacker and your company get a contract from government to hack terrorist organization server for getting all their emails.
Ans) 1st we perform Information gathering (like collect information like IP address and physical address). 2nd we perform port scanning to find open ports: 22, 25, 80. And then perform OS fingerprinting with help of nmap and p0f and if result is “Linux 2.6” then next perform banner grabbing on port no: 25 (related to email server) in which command is used:
C:\> telnet abc.com 80
Result is : HTTP 1.1 400 BAD REQUEST
Server: Apache 2.0 Linux
So after we perform manual vulnerability assessment manually with help of www.milw0rm.com and search “Apache 2.0” >> then after download exploit code >> compile the exploit code and attack then take all email backup from remote system.
Project DONE!
2. Port Scanning
3. OS Fingerprinting
4. Banner Grabbing
5. Vulnerability Assessment
6. Search & Build Exploit
7. Attack
8. Maintain Access with help of Root kits and Trojans.
9. Covering Tracks
1.Information Gathering / Foot printing
Informational gathering is the process to get maximum details of target host. It is very important part of remote hacking because when we have more information about target system we can launch more attacks.
Information gathering is done with these steps:
- Find our company URL / IP address
- Google for more information from different websites
- Foot printing Through Job Sites
- Find out whois record of target domain name (open www.who.is)
- Find out physical location of victim (open www.whatismyipaddress.com)
You are working in your company as a hacker, and your company want physical address and IP address and employee record and domain details. Your company gives u domain name:
www.kulhari.net
Ans)
1. Open Dos prompt and type ping kulhari.net [Enter] after you will get IP address of victim.
2. Open google.com and search kulhari.net (and browse website for all information’s like contact number, employee records and their services).
3. For domain owner email address and hosting company details open: www.who.is and type www.kulhari.net (any target site).
4. For physical address location of server open www.whatismyipaddress.com and type IP address that you get in step 1. And trace it after that.
Video Link
2. Port Scanning
- What is port?
- Some default ports:
- 7 ~ Ping
- 21 ~ FTP (File Transfer Protocol)
- 22 ~ SSH (Secure Shell)
- 23 ~ Telnet
- 25 ~ SMTP (Mail)
- 43 ~ WHOIS
- 53 ~ DNS
- 80 ~ HTTP
- 110 ~ POP3 (Mail Access)
- 513 ~ Rlogin
- 8080 ~ Proxy
- TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are two of the protocols that make up the TCP/IP protocol suite which is used universally to communicate on the Internet. Each of these has ports 0 through 65535 available so essentially there are more than 65,000 doors to lock.
- The first 1024 TCP ports are called the Well-Known Ports and are associated with standard services such as FTP, HTTP, SMPTP or DNS.
- What is port scanning?
- What is port scanner?
- Best port scanners: nmap, Hping2, Superscan.
- Why we perform port scanning?
We perform port scanning for finding our open services, so after we can search exploits related to that service and application.
Demo video
ICMP Ping: -PI: This is standard ping used by UNIX / Linux boxes.
Connect (): -ST: All Linux/Unix systems provide a system call to connect to a machine on a specified port, with a given protocol.
SYN Stealth: -sS: This is stealth scan in that it does not get logged.
C:\> netstat –no
Demo video
- NMAP (Port Scanner): A Hacker’s Best Friend
- Nmap Modes of operation:
ICMP Ping: -PI: This is standard ping used by UNIX / Linux boxes.
Connect (): -ST: All Linux/Unix systems provide a system call to connect to a machine on a specified port, with a given protocol.
SYN Stealth: -sS: This is stealth scan in that it does not get logged.
- How to Find Out Own computer Ports:
C:\> netstat –no
After Show active connections:
Active Connections
Proto ~ Local Address ~ Foreign Address ~ State ~ PID
TCP ~ 117.196.225.191:3604 ~ 69.93.227.45:80 ~ ESTABLISHED ~ 2148
TCP ~ 117.196.227.116:1067 ~ 80.190.154.74:80 ~ CLOSE_WAIT ~ 3064
TCP ~ 127.0.0.1:1990 ~ 127.0.0.1:1991 ~ ESTABLISHED ~ 2020
TCP ~ 127.0.0.1:1991 ~ 127.0.0.1:1990 ~ ESTABLISHED ~ 2020
TCP ~ 127.0.0.1:1992 ~ 127.0.0.1:1993 ~ ESTABLISHED ~ 2020
TCP ~ 127.0.0.1:1993 ~ 127.0.0.1:1992 ~ ESTABLISHED ~ 2020
PID is Process ID,
We can find out their associate application with help of following command:
C:\> tasklist
To terminate 2020 PID or another process
C:\> taskkill /PID 2020
After All connections will be close on our system.
NOTE: We can know that our system is infected or not with help of former commands, described.
3. OS Fingerprinting
- OS (Operating System) Fingerprinting is a process to find out victim Operating System (Windows, Linux, UNIX).
When exploring a network for security auditing or inventory/administration, you usually want to know more than the bar IP addresses of identified machines. Your reaction to discovering a printer may be different than to finding a router, wireless access point, telephone PBX, game console, Windows desktop, or UNIX server. Finer grained detection (such as distinguishing Mac OS X 10.4 from 10.3) is useful for determining vulnerability to specific flaws and for tailoring effective exploits for those vulnerabilities.
- Tools: nmap, NetScanTools Pro, P0f.
4. Banner Grabbing
Banner Grabbing is an attack designed to deduce the brand and/or version of an operating system or application. Mean after port scanning we found open port 80 (apache) and target OS is Linux, but we don’t know what is version of apache for remote hacking. Like apache 2.0, 2.2, or 2.6.
Example: c:\> telnet 69.93.227.34 80 [Enter]
Change Target Port 80 to another.
Example: c:\> telnet 69.93.227.34 80 [Enter]
Change Target Port 80 to another.
5. Vulnerability Assessment
- What is Vulnerability Assessment?
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerability in a system.
Vulnerability assessments can be conducted for small business to large regional infrastructures. Vulnerability from the perspective of Disaster Management means assessing the threats from potential hazards to the population and to the infrastructure developed in that particular. It can be done in political, social, economic and in environmental fields.
Assessments are typically performed according to the following steps:
1. Cataloging assets and capabilities (resources) in a system.
2. Assigning quantifiable value (or at least rank order) and importance to those resources
3. Identifying the vulnerabilities or potential threats to each resource
4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
- Automated Tools: Nessus, Nikto, Core impact, Retina, etc
6. Search & Build Exploit
- Manual Method: We can find vulnerability manually with help of vulnerability archive sites like www.milw0rm.com and http://www.packetstormsecurity.org/
- For exploit and final attack, open the websites say Microsoft, adobe or Mozilla which provides the source code to format. You need to download the code and compile them for preparing exploit for final attack.
7. Attack
Launch attack on remote system and get reverse shell.
8. Maintain Access
After getting remote access we place a root kit or Trojan virus for future remote access, without any password.
[For more information you’ll have to wait for the next chapter]
9. Covering Tracks
Covering Tracks is a process to delete all logs on the remote system. If target system is Linux or UNIX, delete all entries of /var folder and if it is windows OS delete all events and logs.
Case Study: 1.3
You are working in abc company as a ethical hacker and your company get a contract from government to hack terrorist organization server for getting all their emails.
Ans) 1st we perform Information gathering (like collect information like IP address and physical address). 2nd we perform port scanning to find open ports: 22, 25, 80. And then perform OS fingerprinting with help of nmap and p0f and if result is “Linux 2.6” then next perform banner grabbing on port no: 25 (related to email server) in which command is used:
C:\> telnet abc.com 80
Result is : HTTP 1.1 400 BAD REQUEST
Server: Apache 2.0 Linux
So after we perform manual vulnerability assessment manually with help of www.milw0rm.com and search “Apache 2.0” >> then after download exploit code >> compile the exploit code and attack then take all email backup from remote system.
Project DONE!
Subscribe To Get FREE Tutorials!
Respected Readers:
|
1 comments:
O my gosh awesome bro
Confused? Feel free to ask
Your feedback is always appreciated. I will try to reply to your queries as soon as time allows.
Post a CommentNote:-
Please do not spam Spam comments will be deleted immediately upon my review.
Regards,
XEO Hacker