Skip to main content

What is hacking?

By Vikas Bagwe
The terminology, hacking, was initially used to refer to the process of finding solutions to rather technical issues or problems. These days, hacking is used to refer to the process whereby intruders maliciously attempt to compromise the security of corporate networks to destroy, interpret or steal confidential data; or to prevent an organization from operating.
Different terminology is used to refer to criminal hacking:

  • Cracking

  • Cybercrime

  • Cyberespionage

  • Phreaking
To access a network system, the intruder (hacker) performs a number of activities:

  • Footprinting: This is basically the initial step in hacking a corporate network. Here the intruder attempts to gain as much information on the targeted network by using sources which the public can access. The  aim of footprinting is to create a map of the network to determine what operating systems, applications and address ranges are being utilized, and to identify any accessible open ports.
    The methods used to footprint a network are listed here:

    • Access information publicly available on the company Web site to gain any useful information.

    • Try to find any anonymous File Transfer Protocol (FTP) sites and intranet sites which are not secured.

    • Gather information on the domain name of the company and the  IP address block being used.

    • Test for hosts in the  IP address block of the network. Tools such as Ping or Flping are typically used.

    • Using tools such as Nslookup, the intruder attempts to perform Domain Name System (DNS) zone transfers.

    • A tool such as Nmap is used to find out what the operating systems are which are being used.

    • Tools such as Tracert are used to find routers and to collect subnet information.

  • Port scanning: Port scanning or simply scanning, is the process whereby which intruders collect information on the network services on a target network. Here, the intruder attempts to find open ports on the target system.
    The different scanning methods used by network attackers are:

    • Vanilla scan/SYNC scan: TCP SYN packets are sent to the ports of each address in an attempt to connect to all ports. Port numbers 0 - 65,535 are utilized.

    • Strobe scan: Here, the attacker attempts to connect to a specific range of ports which are typically open on Windows based hosts or  UNIX / Linux based hosts.

    • Sweep: A large set of IP addresses are scanned in an attempt to detect a system that has one open port.

    • Passive scan: Here, all network traffic entering or leaving the network is captured and traffic is then analyzed to determine what the open ports are on the hosts within the network.

    • User Datagram Protocol (UDP) scan: Empty UDP packets are sent to the different ports of a set of addresses to determine how the operating responds. Closed UDP ports respond with the Port Unreachable message when any empty UDP packets are received. Other operating systems respond with the Internet Control Message Protocol (ICMP) error  packet.

    • FTP bounce: To hide the location of the attacker, the scan is initiated from an intermediary File Transfer Protocol (FTP) server.

    • FIN scan: TCP FIN packets that specify that the sender wants to close a TCP session are sent to each port for a range of IP addresses.

  • Enumeration: The unauthorized intruder uses a number of methods to collect information on applications and hosts on the network, and on the user accounts utilized on the network. Enumeration is particularly successful in networks that contain unprotected network resources and services:

    • Network services that are running but which are not being utilized.

    • Default user accounts which have no passwords specified.

    • Guest accounts which are active.

  • Acquiring access: Access attacks are performed when an attacker exploits a security weakness so that he/she can obtain access to a system or the network. Trojan horses and password hacking programs are typically used to obtain system access. When access is obtained, the intruder is able to modify or delete data; and add, modify or remove network resources.
    The different types of access attacks are listed here:

    • Unauthorized system access entails the practice of exploiting the vulnerabilities of operating systems, or executing a script or a hacking program to obtain access to a system.

    • Unauthorized privilege escalation is a frequent type of attack. Privilege escalation occurs when an intruder attempts to obtain a high level of access like administrative privileges to gain control of the network system.

    • Unauthorized data manipulation involves interpreting, altering and deleting confidential data.

  • Privilege escalation: When an attacker initially gains access to the network, low level accounts are typically used. Privilege escalation occurs when an attacker escalates his/her privileges to obtain a higher level of access, like administrative privileges, in order to gain control of the network system.
    The privilege escalation methods used by attackers are listed here:

    • The attacker searches the registry keys for password information.

    • The attacker can search documents for information on administrative privileges.

    • The attacker can execute a  password cracking tool on targeted user accounts.

    • The attacker can use a Trojan in an attempt to obtain the credentials of a user account that has administrative privileges.

  • Install backdoors: A hacker can also implement a mechanism such as some form of access granting code with the intent of using it at some future stage. Backdoors are typically installed by attackers so that they can easily access the system at some later date. After a system is compromised, you can remove any installed backdoors by reinstalling the system from a  backup which is secure.

  • Removing evidence of activities: Attackers typically attempt to remove all evidence of their activities.
Labels:

Comments

Post a Comment

Popular posts from this blog

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
45 comments
Read more

Linux File and Directory Permissions

By
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Post a Comment
Read more

How to create a Hirens Boot CD 15.2 USB Disk

By
Hiren’s BootCD (HBCD) is a bootable CD that contains a set of tools that can help users to fix their computer if their system fails to boot. More specifically, HBCD contains hardware diagnostic programs, partition tools, data recovery utilities, antivirus tools and many other tools to fix your computer problems.  I write this article because I use Hiren’s BootCD frequently to troubleshoot computer problems, specially when a computer doesn’t boot anymore due to a virus attack or due to a corrupted file system. In this article you will find instructions on how to put Hiren’s BootCD on a USB flash drive (stick) in order to troubleshoot computer problems in the future.
4 comments
Read more