Monday, January 25, 2010

Getting start with Hacking: Enumerating Remote systems

Many of the beginners in the field of hacking start to hack or crack without having pre-hacking tips which often leads them to the wrong direction. Its better to work on a specific target before attacking. Lets start with the session, and then continue till expertise.

Firstly, keep in mind, these following points if you want to hack a Remote Computer System:
Vulnerability + Exploit = Hacking
  • Attack: An Attack is any action that violates security.
  • Exploit: A well defined way to Breech the security.
  • Vulnerability Assessment: Process of identifying, quantifying and prioritizing the vulnerabilities of the system.
  • Penetration Testing: A Penetration Test is a method of evaluating the security of a computer system or network by simulating an attack from malicious source, known as Black Hat Hacker or Cracker.

Remote Hacking Steps:

1.Foot Printing:
  • Find company URL/IP
  • Record in Target domain
  • Advanced Information by Google hacking
  • Find Physical Location of Victim
  • Utilize sources from net, like Google Cache, archive.org, Newsgroups
2. Find out DNS record of the target
  • open "robotex.com"
  • in the hostname, IP or AS[              ] box, type the target name and click Search.
  • This will open DNS record. Lookup IP address and ISP provider and scan thorough the database.
3. Advanced Information gathering by Google Hacks
Type the following when you search within Google Search Box in order to make Google more powerful and so, you can gather more info about any site.
  • inurl:domain.com
  • intitle:
  • intext:
  • allintext:
  • allintitle:
  • phonebook:Swapnil
  • site:
  • related:
  • cache:
  • info:
  • define:
 
4. Find out the location of domain
  • open whatismyipaddress.com or ip-adress.com to get physical location of any server or computer throug IP address.
5. OS Fingerprinting
  • IPID value sampling.
  • IPID Value                                                        Operating System
      Open BSD                                                            Random
      LINUX                                                                  0
      Windows                                                                            Not Placed
NMap can be used for IPID sampling. You can dwnld it from: http://insecure.org/nmap/download.html
 
6. Gaining Access:
  • Banner Grabbing is an attack designed to deduce the brand and/or version of an OS or an application.
  • For example: c:\>telnet 69.93.210.16 80[Enter]
  • Now change port 80 as per requirement, say 21 for FTP and 22 for SSH
7. Gaining Access by Vulnerability Assessment
Assessments required are typically performed according to following steps:
  • Cataloging assessts and resource capability of a system.
  • Assigning qualifying value to them.
  • Identifying Vulnerabilities or Potential Threats.
  • Eliminating the most serious vulnerabilities for most valuable resources.
Tools: privoxy, xcobra, webscarab, sleuth, n-stealth, core impact.

8. Search and Build exploit
For Exploit and Final attack, download the source code and compile the exploit for final attack from:
  • www.milw0rm.com
  • www.securityfocus.com
  • www.packetstornsecurity.org
9. Attack
10. Maintain Access
11. Cover all the Tracks.
  
-------------------------------------------------------------------------
That's all for today. Explore these, and discover. Remember, being a Hacker is not only a matter of Expert; its all about Creativity you can extract. So, keep your senses open!

5 comments:

  1. This is very useful tip brother :)

    ReplyDelete
  2. Hey, There, I found your blog while surfing the web. This is a really well written article. I’ll be sure to bookmark it and come back to read more of your useful information. Thanks for the excellent post. I will certainly return.

    ReplyDelete
  3. Hey, There, I found your blog while surfing the web. This is a really well written article. I’ll be sure to bookmark it and come back to read more of your useful information. Thanks for the excellent post. I will certainly return.

    ReplyDelete
  4. Very well written and explained ..... thank you Bro .... I am a Government Executive and a passionate tennis coach .... Cyber security interests me and it is totally new subject for me ... have joined an online course on Ethical Hacking ...

    ReplyDelete
  5. Develop an awareness of the knowledge, skills, and attributes necessary to become effective leadersIdentify key interpersonal and teamwork skills in order to effectively manage teams
    Leverage the diversity in experience by sharing feedback on their own and others’ interpersonal skills
    Observe and practise selected interpersonal skills necessary for leadership and teamwork
    Leadership coach India | Executive coaching India | Leadership Trainer India


    ReplyDelete