1.3 Hacking Concepts, Types, and Phases
What is Hacking?
- Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to the system resources.
- It involves modifying system or application features to achieve a goal outside of the creator's original purpose.
- Hacking can be used to steal, pilfer, and redistribute intellectual property leading to business loss.
Who is a Hacking?
- Intelligent individuals with excellent computer skills, with the ability to create and explore into the computer's software and hardware.
- For some hackers, hacking is a hobby to see how many computers or networks they can compromise.
- Their intention can either be to gain knowledge or to poke around to do illegal things.
- Some do hacking with malicious intent behind their escapades, like stealing business data, credit card information, social security numbers, email passwords, etc.
- Black Hats: Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers.
- White Hats: Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts.
- Gray Hats: Individuals who work both offensively and defensively at various times.
- Suicide Hackers: Individuals who aim to bring down critical infrastructure for a "cause" and are not worried about facing jail terms or any other kind of punishment.
- Script Kiddies: An unskilled hacker who compromises system by running scripts, tools, and software developed by real hackers.
- Cyber Terrorists: Individuals with wide range of skills, motivated by religious or political beliefs to create fear by large-scale disruption of computer networks.
- State Sponsored Hackers: Individuals employed by the government to penetrate and gain top-secret information and to damage information systems of other governments.
- Hacktivist: Individuals who promote a political agenda by hacking, especially by defacing or disabling websites.
Hacking Phases: Reconnaissance
- Reconnaissance refers to the preparatory phase where an attacker seeks to gather information about a target prior to launching an attack.
- Could be the future point of return, noted for ease of entry for an attack when more about the target is known on a broad scale.
- Reconnaissance target range may include the target organization's clients, employees, operations, network, and systems.
- Reconnaissance Types:
- Passive Reconnaissance:
- Passive Reconnaissance involves acquiring information without directly interacting with the target.
- For example, searching public records or news releases.
- Active Reconnaissance:
- Active Reconnaissance involves interacting with the target directly by any means.
- For example, telephone calls to the help desk or technical department.
- Passive Reconnaissance:
Hacking Phases: Scanning
- Pre-Attacks Phase: Scanning refers to the pre-attack phase when the attacker scans the network for specific information on the basis of information gathered during reconnaissance.
- Port Scanner: Scanning can include use of dialers, port scanners, network mappers, ping tools, vulnerability scanners, etc.
- Extract Information: Attackers extract information such as live machines, port, port status, OS details, device type, system uptime, etc. to launch attack.
Hacking Phases: Gaining Access
- Gaining access refers to the point where the attacker obtains access to the operating system or applications on the computer or network.
- The attacker can gain access at operating system level, application level, or network level.
- The attacker can escalate privileges to obtain complete control of the system. In the process, intermediate systems that are connected to it are also compromised.
- Example include password cracking, buffer overflows, denial of service, session hijacking, etc.
Hacking Phases: Maintaining Access
- Maintaining access refers to the phase when the attacker tries to retain his or her ownership of the system.
- Attackers may prevent the system from being owned by other attackers by securing their exclusive access with Backdoors, RootKits, or Trojans.
- Attackers can upload, download, or manipulate data, applications, and configurations on the owned system.
- Attackers use the compromised system to launch further attacks.
Hacking Phases: Clearing Tracks
- Covering tracks refers to the activities carried out by an attacker to hide malicious acts.
- The attacker's intentions include: Continuing access to the victim's system, remaining unnoticed and uncaught, deleting evidence that might lead to his prosecution.
- The attacker overwrites the server, system, and application logs to avoid suspicion.
- Attackers always cover tracks to hide their identity.
通常使用ps tools, netcat, Trojan來刪除log
或使用Trojan, rootkit, steganography或tunneling來隱藏