Note - Hakcing
Hacker
-is someone who likes to tinker with the electronics or computer systems and he is a person, full of...
creativity
Will to learn
knowledge is power
patience
programming to be an elite hacker
Hacker Heirachy
Script kiddies
wanna be hackers
have no hacking skills and use the tools developed by others
no knowledge of what's happening behind the scene
Intermediate Hackers
usually about computers, networks, and enough programning knowledge to understand what a script might do
Elite hackers
skilled hackers
write hacker tools and exploits
break into systems and hide their tracks
Low Tech Methods
Social engineering
Shoulder surfing
Guessing
High tech methods
Gmail system administrator's automatic responder
Dictionary attacks
Brute force attacks
phishing
Rainbow tables
GX Cookies
ARP Poisoning
Ethical Hacking
Attack & Penetration Testing, White-Hat hacking ,Red teaming.
Independent computer professionals break in to the computer systems and neither damage the targeted system or steal data, evaluate the security and inform the owners about the vulnerabilities.
-trustworthy
-is legal
-permission from the obtain from the target
-part of an overall security program
-Strong programming and computer networking skills
-knowing the techniques of criminal hackers and Detection prevention
-learn about the machines and find the weaknesses
Five stages of hacking
Reconnaissance
Scanning
Gaining access
Maintaining access
covering tracks
Process from another words
Preparation
Identification of the targets
FootPrinting
Collecting as much information about the target
DNS server
IP Range
Administrative contacts
Problems revealed by administrations
Enumeration and fingerprinting
Specific targets determined
Identification of services/ open ports
Operating system enumeration
Methods
Banner grabbing
Responses to various protocols(ICMP & TCP) commands
Port / service scans - TCP connect, TCP SYN, TCP FIN, etc
Tools
Nmap, Fscan ,Hping, Firewalk,netcat,tcpdump,ssh,telnet,SNMP scanner
identification of vulnerabilities
Insecure configurations -
Weak passwords - Default password, brute forca, socila engineering, Listening to the traffic
Un-patched vulnerabilities in services, operating systems, applications - Tools, vulnerability information websites
Possible vulnerabilities in services , operating systems
insecure programming - SQL injection, listening to the traffic
Weak access control - using the application logic , SQL injection
Attack - Exploit the vulnerabilities
Obtain as much information from the target asset
gaining normal asset
escalation of privilages
obtaining access to other connected systems
-Network infrastructure attacks
connecting to the server through the modem
weaknesses in TCP/IP , NetBIOS
Flooding the network to cause DOS
-Operating system attacks
Attacking Autentication systems
Exploiting protocol implementations
Exploiting insecure configuration
breaking File-System security
-Application specific attacks
Exploiting implementations of HTTP, SMTP protocols
gaining access to the application Databases
SQL injection
Spamming
Exploits
free exploits from hackers websites
customised free exploits
Internally developed
References
Ethical hacking tips by mathewjose
Ethical hacking by becharrouly
Ethical hacking information security by akdhamija
-is someone who likes to tinker with the electronics or computer systems and he is a person, full of...
creativity
Will to learn
knowledge is power
patience
programming to be an elite hacker
Hacker Heirachy
Script kiddies
wanna be hackers
have no hacking skills and use the tools developed by others
no knowledge of what's happening behind the scene
Intermediate Hackers
usually about computers, networks, and enough programning knowledge to understand what a script might do
Elite hackers
skilled hackers
write hacker tools and exploits
break into systems and hide their tracks
Low Tech Methods
Social engineering
Shoulder surfing
Guessing
High tech methods
Gmail system administrator's automatic responder
Dictionary attacks
Brute force attacks
phishing
Rainbow tables
GX Cookies
ARP Poisoning
Ethical Hacking
Attack & Penetration Testing, White-Hat hacking ,Red teaming.
Independent computer professionals break in to the computer systems and neither damage the targeted system or steal data, evaluate the security and inform the owners about the vulnerabilities.
-trustworthy
-is legal
-permission from the obtain from the target
-part of an overall security program
-Strong programming and computer networking skills
-knowing the techniques of criminal hackers and Detection prevention
-learn about the machines and find the weaknesses
Five stages of hacking
Reconnaissance
Scanning
Gaining access
Maintaining access
covering tracks
Process from another words
Preparation
Identification of the targets
FootPrinting
Collecting as much information about the target
DNS server
IP Range
Administrative contacts
Problems revealed by administrations
Enumeration and fingerprinting
Specific targets determined
Identification of services/ open ports
Operating system enumeration
Methods
Banner grabbing
Responses to various protocols(ICMP & TCP) commands
Port / service scans - TCP connect, TCP SYN, TCP FIN, etc
Tools
Nmap, Fscan ,Hping, Firewalk,netcat,tcpdump,ssh,telnet,SNMP scanner
identification of vulnerabilities
Insecure configurations -
Weak passwords - Default password, brute forca, socila engineering, Listening to the traffic
Un-patched vulnerabilities in services, operating systems, applications - Tools, vulnerability information websites
Possible vulnerabilities in services , operating systems
insecure programming - SQL injection, listening to the traffic
Weak access control - using the application logic , SQL injection
Attack - Exploit the vulnerabilities
Obtain as much information from the target asset
gaining normal asset
escalation of privilages
obtaining access to other connected systems
-Network infrastructure attacks
connecting to the server through the modem
weaknesses in TCP/IP , NetBIOS
Flooding the network to cause DOS
-Operating system attacks
Attacking Autentication systems
Exploiting protocol implementations
Exploiting insecure configuration
breaking File-System security
-Application specific attacks
Exploiting implementations of HTTP, SMTP protocols
gaining access to the application Databases
SQL injection
Spamming
Exploits
free exploits from hackers websites
customised free exploits
Internally developed
References
Ethical hacking tips by mathewjose
Ethical hacking by becharrouly
Ethical hacking information security by akdhamija
Comments
Post a Comment