- Attackers use a variety of means to penetrate systems, such as:
- Uses password cracking techniques to gain unauthorized access to the vulnerable system.
- Creates a list (dictionary) of all possible passwords from the information collected through social engineering and perform dictionary, brute force, and rule-based attack on the victim's machine to crack the passwords.
- Performs privilege escalation attack which takes advantage of design flaws, programming errors, bugs, and configuration oversights in the OS and software application to gain administrative access to the network and its associated applications.
- Executes malicious programs remotely in the victim's machine to gather information.
- Uses keystroke loggers and spywares to gather confidential information about victim such as email ID, passwords, banking details, chat room activity, IRC, instant messages, etc.
- Uses rootkits to hide their presence as well as malicious activities, which grant them full access to the server or host at that time and also in future.
- Uses steganography techniques to hide messages such as list of the compromised servers, source code for the hacking tool, communication and coordination channel, plans for future attacks, etc.
- Once intruders have successfully gained administrator access on a system, they will try to cover the tracks to avoid their detection.