Lisa lays out the goals of system hacking. She explores how malicious parties obtain a password. Once a password is obtained, hackers maintain access and continually attempt to escalate their privileges until they have reached administrator access. Once admin access has been obtained, black hat hackers can install spyware and open back doors in a target.
- [Voiceover] After scanning the network, and obtaining a blueprint, gaining access is next. In order to gain access to a system, we'll most likely need a password. Obtaining the password can be an active online attack with methods such as dictionary, brute force, or keylogger attack. Or it can be a passive online attack that includes packet sniffing, man in the middle, and replay attacks. If a password list is obtained, we may have to do an offline evaluation, such as a rainbow attack.
Once in the system, the key is to maintain access, and continually escalate until you reach the administrator level. The key is to be careful in this phase, as the longer access is maintained, the better chance of getting caught. The next step is escalating privilege in order to achieve access to resources normally restricted from an end-user or application. Look around and see if there are any unmounted file systems or development tools available.
With the knowledge of the vulnerabilities, and what is available on the system, we can now execute applications, and possibly install spyware with a backdoor, and then access to the target can be done at any time. We'll want to hide files and tools with methods such as rootkits, steganography, or alternate data streams. Finally, after achieving and maintaining access, it's time to exit the system. Before leaving, the final phase is to clean up any evidence.
Cover any trace of any activity that is on that machine by deleting or modifying the log files.
These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Acquiring passwords
- Generating rainbow tables
- Understanding where passwords are stored
- Defending against privilege escalation
- Understanding spyware
- Protecting against keylogging
- Detecting steganography
- How hackers cover their tracks