Anatomy Of Hack

486 views

Published on

Just want to Know the ARRERAS in HACKING.. view this slide.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
486
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Anatomy Of Hack

  1. 1.  Foot printing  Scanning  Enumeration  Gaining Access  Escalating Privilege  Pilfering  Covering Tracks  Creating back doors  Denial of Service
  2. 2. Objective  Target Address range, namespace, acquisition and information gathering are essential to a surgical attack.  Techniques  Open source search  Whois  Web interface to whois  ARIN whois  DNS zone transfer
  3. 3.  Objective  Bulk target assessment and identification of listing services focuses the attacker’s attention on the most promising avenues of entry. Techniques  Ping sweep  TCP/UDP port scan  OS Detection
  4. 4.  Objective  More intrusive probing now begins as attackers begin identifying valid user accounts or poorly protected resource shares. Techniques  List user accounts  List file shares  Identify applications
  5. 5.  Objective  Enough data has been gathered at this point to make an informed attempt to access the target.  Techniques  Password eavesdropping  File share brute forcing  Password file grab  Buffer overflows
  6. 6.  Objective  If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system.  Techniques  Password cracking  Known exploits
  7. 7.  Objective  The information gathering process begins again to identify mechanisms to gain access to trusted systems.  Techniques  Elevate trusts  Search for clearnet passwords
  8. 8.  Objective  Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp. Techniques  Clear logs  Hide tools
  9. 9.  Objective  Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder  Techniques  Create rogue user accounts  Schedule batch jobs  Infect startup files  Plant remote control services  Install monitoring mechanisms  Replace apps with trojans
  10. 10. Objective  If an attacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort Techniques  SYN flood  ICMP techniques  Identical SYN requests  Overlapping fragment/offset bugs  Out of bounds TCP options (OOB)  DDoS Crypto and Steganography

×