Study Notes on Techniques Used by Hackers
Computer Security Fundamentals: Chapter 6 Techniques Used by Hackers
Chapter Objectives
Understand the basic methodology used by hackers.
Be familiar with some of the basic hacking tools.
Understand the hacking mentality.
Be able to explain specific attack methods.
Introduction
A hacker's primary goal is to understand a system, focusing on identifying its weaknesses.
Not all hackers have malicious intentions; many are ethical hackers who assist organizations in strengthening their security.
Hackers who test organizational security are referred to as penetration testers.
Common certifications for penetration testers include:
Offensive Security
SANS Institute
EC-Council’s Certified Ethical Hacker (CEH)
Basic Terminology
Classification of hackers:
White hat: Ethical hackers that work to improve security.
Black hat: Hackers with malicious intent, often called "crackers".
Gray hat: Individuals who may have engaged in black hat activities but have turned to ethical hacking.
Script kiddies: Inexperienced hackers who use scripts or tools developed by others.
Phreaking: Hacking into telecommunication systems, particularly phone networks.
Penetration Testing:
Red team: Simulates an attacker to identify weaknesses.
Blue team: Works defensively to protect against attacks.
The Reconnaissance Phase
Passive Scanning Techniques
Techniques employed during reconnaissance without direct interaction with the target:
Check target organization’s website for vulnerabilities.
Scan bulletin boards, chat rooms, and online discussion groups for public information.
Review company security-related job advertisements for insights on their security measures.
Utilize resources like:
Netcraft.com: Provides server-related information.
Archive.org: Hosts archived versions of websites (WayBack Machine).
Active Scanning Techniques
More reliable than passive techniques, but can be detected by the target system. Examples include:
Port Scanning: Contacting each network port to identify which ports are open.
The most popular port scanner is Nmap.
Common Nmap scan types include:
Ping scan: Checks if a host is reachable.
Connect scan: Attempts to establish a full TCP connection.
SYN scan: Sends SYN packets to identify open ports without completing the handshake.
FIN scan: Sends FIN packets to determine open/closed state of ports.
Other scanning methods include:
FIN probe
FTP bounce scan
SNMP scan
Vulnerability Assessment: Evaluating a system for specific vulnerabilities.
Enumeration: Identifying details about target systems, using tools such as:
Cain and Abel
Sid2User
Cheops (Linux)
UserInfo
UserDump
DumpSec
Netcat
NBTDump
Tools for Reconnaissance
Shodan: A tool used for searching vulnerabilities by filtering:
Default passwords.
Specific server types (e.g., Apache servers).
Webcams connected to the internet.
Actual Attacks
SQL Script Injection
A prevalent attack method exploiting knowledge of SQL and relational databases.
Highly versatile and can execute a range of malicious actions.
Prevention measures include stringent input validation practices to filter user inputs.
Cross-Site Scripting (XSS)
An attack where the hacker injects malicious client-side scripts into web pages.
When other users view those pages, the malicious scripts execute instead of allowing intended website functionalities.
Cross-Site Request Forgery (CSRF): An attack that tricks the website into acting on behalf of a user based on the site's trust of that user.
Other Attack Methods
Directory Traversal: Accessing restricted directories, leading to unauthorized data exposure.
Cookie Poisoning: Modifying unencrypted cookies to manipulate user sessions.
URL Hijacking: Creating fake URLs that mimic legitimate ones to mislead users.
Command Injection: Injecting and executing commands in vulnerable applications.
Cell Phone Attacks: Include techniques like:
Bluesnarfing: Accessing information from a device via Bluetooth.
Bluejacking: Sending unsolicited messages to Bluetooth-enabled devices.
Bluebugging: Gaining unauthorized control over Bluetooth-enabled devices.
Pod Slurping: Using a portable device to access and extract data from a computer.
Password Cracking Methods
Various methods used for cracking passwords include:
Dictionary attacks: Testing passwords from a predefined list.
Hybrid attacks: Combining dictionary and brute-force techniques.
Rainbow table: Using precomputed tables to reverse cryptographic hash functions.
Brute-force attacks: Trying every possible combination until the password is found.
Notable tools for cracking Windows passwords include:
ophcrack
Brutus
John the Ripper
WebCracker
THC-Hydra
Crack Station
Malware Creation
Common malware creation utilities include:
TeraBIT Virus Maker
Sam’s Virus Generator
Internet Worm Maker Thing
JPS Virus Maker
Deadlines Virus Maker
Sonic Bat Virus Creator
Techniques for Windows hacking include:
Pass the Hash: Leveraging the hash of a user's password for unauthorized access.
Net User Script: Scripts that modify user accounts.
Login as System: Gaining system-level access.
Penetration Testing
A methodical approach to probing a target network to identify vulnerabilities.
Standards guiding penetration testing include:
NIST 800-115
National Security Agency (NSA) Information Assessment Methodology
PCI Penetration Testing Standard
The Dark Web
The Dark Web refers to a segment of the internet that is intentionally hidden and requires specific software (like Tor) to access.
Onion Routing: Packets are routed through multiple proxy servers, with only the last proxy being able to see the final destination. Each proxy can only decrypt its layer of encryption, adding to the anonymity.
Caution is advisable as many Dark Web sites contain harmful malware.
Summary
A combination of security measures is essential to defend against hacking attempts.
Scanning techniques highlight the importance of blocking certain traffic at firewalls and the need for Intrusion Detection Systems (IDS).
For in-depth study, consider referring to "Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits."