At previous post we know that hacker has a number of method to gain a systems target. And know this post will explain the method.
First Step (footprinting),
Hacker just searching which system it can be infiltrated. Footprinting is an activity of data searching:
- Make activity scope or attack
- Network enumeration
- Intro
- Network Observation
all activity above can be done by tools and the free available information in internet. Footprinting like searching for a ready information on phone book. The tools is:
- Teleport Pro: to point a scope, hacker can download all websites which has potential to being a targeted systems to understanding the address, telephone number, contact person, and many others.
- Whois for 95/9/NT: looking for information about domain registration used by organization. Here is a latent hazards such domain theft (domain hijack).
- NSLookup: searching the connection between domain name and IP address.
- Traceroute 0.2: Network Mapping
Second Step or Scanning,
Here hacker has already starting to knocking targeted system wall to knowing if there is a weak on system. Scanning from network side is so noisy and ease to recognized by system targeted, except using stealth scanning.
The legendary scanning tool is Nmap ( now available for windows 9x/ME and DOS), beside SuperScan and UltraScan which used for windows.
To protecting our system from this activity is by installing firewall program such Zone Alarm, or if in entire network we can use IDS (Intrusion Detection System) such Snort.
The legendary scanning tool is Nmap ( now available for windows 9x/ME and DOS), beside SuperScan and UltraScan which used for windows.
To protecting our system from this activity is by installing firewall program such Zone Alarm, or if in entire network we can use IDS (Intrusion Detection System) such Snort.
Third step or Enumeration
This is so intrusive to system. Here intruder can searching for right account name and password, and exist share resource.
In this step, especially for windows machine, there is port 139 (NetBIOS session service) which opened to resource sharing for each users on network. May we thought that harddisk shared can see by LAN user only, but in fact it's not so. NetBIOS session service can being visible for any user who connect to internet around the world! Tools such Legion, SMBScanner, or Share Finder make access to other computer so easily ( it causes the owner opened resource share without password).
In this step, especially for windows machine, there is port 139 (NetBIOS session service) which opened to resource sharing for each users on network. May we thought that harddisk shared can see by LAN user only, but in fact it's not so. NetBIOS session service can being visible for any user who connect to internet around the world! Tools such Legion, SMBScanner, or Share Finder make access to other computer so easily ( it causes the owner opened resource share without password).
Forth step or Gaining Access,
Try to get access to system as normal user. This is a next of enumeration, so that usually the hacker has at least right user account, and just looking for the password. If the resource share protected by password, so this password can be just guessed (it causes many user using a simply password) or can automatically using tools such dictionary attack (try word from dictionary as password) or brute-force attack (try to match combination of all character as password). Here the hacker probably success to logon as a normal user.
Fifth step or Escalating Privilege,
I assume that the hacker has logon access on system as a normal user. Now hacker try to get a next level becomes admin (Windows system) or becomes root (Unix/Linux system). Technique which used is not dictionary attack or brute-force attack anymore which spend more time, but by stealing password file saved on system and using the weakness of system.
On Windows 9x/ME machine password saved in file *.PWL and in Windows NT/2000 in file *.SAM. The dangerous thing is not for the hacker from outside only, it more dangerous for user on those network it self which try to gain next level becomes admin or root.
On Windows 9x/ME machine password saved in file *.PWL and in Windows NT/2000 in file *.SAM. The dangerous thing is not for the hacker from outside only, it more dangerous for user on those network it self which try to gain next level becomes admin or root.
Step 6, 7, and 8,
The hacker has take a full control the system and now try to looking for next information (pilfering), covering the intruder track (covering tracks), and make a back door (Backdoor) so in the next time if the hacker want to access the system the hacker no need to pass the previous steps and can enter the system more easily.
By existences of trojan on system it mean that the system can be entered by hacker without need to pass the previous steps.
By existences of trojan on system it mean that the system can be entered by hacker without need to pass the previous steps.
Last, Denial of Service,
It is not a last step but if the hacker can enter to the system with a strong guard, so the last step is make the system lame and attack the system by sending data packages rapidly till the system crash.
Denial of service attack is so difficult to avoid, causes using more bandwidth used for site. To avoid we have to ask for ISP help. The script kiddies who has a limited knowledge is the common attacker who do this technique which classified as a criminal activity in several country.
Related Post: Hacker Attack Part III
Denial of service attack is so difficult to avoid, causes using more bandwidth used for site. To avoid we have to ask for ISP help. The script kiddies who has a limited knowledge is the common attacker who do this technique which classified as a criminal activity in several country.
Related Post: Hacker Attack Part III
0 comments:
Post a Comment