Effectively hacking into a system is achieved by a planned structured approach. The more information gleaned about a target will yield a more successful attack. Lisa Bock provides an overview of the five phases of an attack: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering tracks.
- [Voiceover] Effectively hacking into a system is achieved by a planned structured approach. The more information gleaned about a target will yield a more successful attack. Typically, there are five phases: reconnaissance, scanning, gaining access, maintaining access, and covering tracks. Probably the most time-consuming, the reconnaissance or recon phase is obtaining as much information about the target as possible.
The key is to narrow the scope so the recon is more targeted. Questions that should be asked before beginning is, who is the target? What is it we want once we get in? Where is the target located physically and logically? When do we tack? Now or during a course of period of time that we can elude detection? And, how should we attack? Well, this method will be evident after we scan our systems and see where their vulnerabilities lie.
Once reconnaissance is complete and enough information is available to understand how the organization operates and what data or services might be a value, the process is scanning the network. Devices with the goal of identifying weaknesses that can be exploited. Scanning maps the network including the make and model of the devices, checking for listening services, learning the operating systems, and evidence of data being sent in clear text. Now there are different types of scans.
A ping scan will ping a range of IP addresses to find out which machines are responding. A TCP scan will check for open-listening TCP ports looking for services and operating system footprinting, identifies the operating systems by using different signatures. After scanning the network and obtaining a blue print, gaining access is next. With the knowledge of vulnerabilities, exploits can be launched such as web server attacks, including buffer overflow and cross-site scripting and we can do other possible exploits.
Mainly do to the failure that someone has failed to maintain up-to-date software or common exploited vulnerabilities have not been patched. Once in, the key is to maintain access and continually escalate the privileges to the administrator level. The key is be careful in this phase. As the longer did access is maintained, the better chance to being caught. Ultimately, a backdoor could be uploaded and then access to the target can be done at any time.
After achieving and maintaining access, it's time to exit the system. Keep in mind other devices on the network may have picked up unusual activity but it's really difficult to remove log files from every device. Before leaving, we'll take a look at a couple of ways of cleaning up any evidence and covering any tracks or traces of activity on the machine. One way is in a Linux machine, we clean up any evidence. We can use the Metasploit meterpreter and use clear everything. On Linux system, you can take a look and open log files that are stored in the /var/log/messages file and we can use kwrite /var/log/messages.
When entering commands, we'll probably wanna go back and erase the command history and set it back to zero so there's no trace that I was in there. Just go in and export HISTSIZE=0. We can even go to the extend and shredding the history file. And as we could see in that command, we'll shred it completely. And don't forget though. There are log files on Windows so make sure you clean up any evidence on Windows.
Security expert Lisa Bock starts with an overview of ethical hacking and the role of the ethical hacker. She reviews the kinds of threats networks face, and introduces the five phases of ethical hacking, from reconnaissance to covering your tracks. She also covers penetration-testing techniques and tools. The materials map directly to the "Introduction to Ethical Hacking" competency from the CEH Body of Knowledge, and provide an excellent jumping off point for the next courses in this series.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. Find more courses in the series on Lisa's author page.
- Ethical hacking principles
- Managing incidents
- Creating security policies
- Protecting data
- Conducting penetration testing
- Hacking in phases