Disqus for Cyber Fort

Thursday, 8 August 2013

Pin It

Widgets

How Hacker Perform Their Hacking Attacks

Hi..guys today i am here you to descibe about how Hackers perform their hacking attacks without our knowledge and also how he become safe after hacking. such of my best research is here...so read it carefully.


www.cyberfort.blogspot.inThere are several ways using which Hackers perform Hack attacks. I have broken a complete Hacking attempt into several phases (generally). How a hacker performs hacking attempt is solely dependent on Hacker but we can tell the fundamentals of doing it because fundamentals are always same. Most hackers architect their hack-ing attempt before performing a hacking attempt to understand what he is going to do and how he is going to perform it and how he will prevent himself from being caught. Hackers who hack without thinking anything prior are considered as novice hackers and they can be easily tracked or caught during the process because each step is damn important. Also chances of success increases when we follow some procedure rather than following nothing. 

I have divided any hacking attempt into 5 different mentioned be-low: 



Phase 1: Information Gathering and Reconnaissance 
Phase 2: Scanning the target 
Phase 3: Breaking the system and Gaining the Access 
Phase 4: Maintaining the access without getting acknowledged 
Phase 5: Removing and covering traces 

This is how a hacking attempt is launched or performed. Now let’s learn these phases in detail to get a clear view. 



PHASE 1: INFORMATION GATHERING AND RECONNAISSANCE 



As the name suggests, in this phase we collect all the necessary information that we can gather or possible to gather. We can call this phase as preparatory phase also because this is where the preparation of hacking attempt is made. What is the use of this step? Practically this is one of the most important phases because this step helps us in evaluating the target and provides all basic information that we can be useful. 

Consider an example: I want to hack somebody’s Facebook account. Now what ex-actly we are looking in Information Gathering Phase; First whose Facebook account I want to hack, name of the user, his date of birth, his email address, his phone numbers(current and previous one if possible), his/her fiancĂ©/spouse details, his city of birth, his education background, his favorite things, passions, hobbies etc. 
We all know that we can extract above mentioned things quite easily. Now how this can be useful. First we can use above information for launching Social Engineering attack (according to latest research 80% people use passwords that are related to above details). Secondly we can use these details to retrieve accounts or recover passwords. Thirdly, we can use his/her favorites/hobbies/passions to create a phishing/Key logging trap. We can do much more these are just examples. 
I hope this clears why this is so much important step or phase. 


PHASE 2: SCANNING THE TARGET 

This phase is applicable to selected category to hack-ing attempts like hacking networks, operating sys-tems, web applications, web hosting servers etc. 

In this phase we launch a Port (in case of network) or URL (in case of Websites) to identify the vulnerability in the system like open ports or vulnerable URL’s. This is one of the most important steps for launching hacking attempts on websites or network servers or web servers. 

Consider an example, I want hack some website. In information gathering phase, I will identify all the ba-sic details about the website and its admin or owner. In scan phase I will launch a URL scan to identify infected URL’s (URL’s that can vulnerable to Injection attacks, Cross Site scripting attacks, other script based attacks) and launch a scan on web server to identify anonymous logins or other FTP or port related bugs. 



PHASE 3: BREAKING THE SYSTEM AND GAINING THE ACCESS 



This is the step where the actual hacking attempt is launched. In this system hack-er exploits the vulnerabilities that are found in the scanning phase to gain the access of the system. 
Continuing the above example, now user has identi-fied that so and so URL is vulnerable to SQL Injection attack. Now in this phase Hacker will launch the SQL injection attack on the website to get the admin or root access. 

Is there any assurance that hacking attempt is successful, if hackers followed above phases? 
Young generation want to become Ethical Hacker or just want to limit itself to Girlfriends email and Facebook? 
Excited to learn further! Wait for next issue. 


PHASE 4: MAINTAINING THE ACCESS WITHOUT GETTING ACKNOWLEDGED 

In this phase Hacker tries to maintain his ownership inside the victim’s system or web server. By ownership, I meant that we can upload, download, configure or ma-nipulate the data whenever we want. 
Maintaining access depends upon the host system. For Example, if we have hacked into victim’s computer system, we will install keyloggers, backdoors or spy rootkits so that we can remain inside the victim’s system. Now if we have hacked into some website, then we will create one more admin user inside the database or change the file permissions or simply enable the anonymous login so that whenever we want, we can hack into website again. 
Hence the tools like keyloggers, Rats, Trojans, spywares are general tools to main-tain access into the system. 


PHASE 5: REMOVING AND COVERING TRACES 



This is one of the most important phase of any hacking attempt. This is the step where you cover your tracks or misdeeds from getting detected or being caught. 

This is necessary to avoid detection and most important-ly to avoid legal action against you. 
This step generally involves deleting of logs, altering of logs, tunneling, proxifying your details including IP ad-dress and other important data. Why this is so impor-tant? Consider one example, I hacked into someone’s website and defaced it. Now if victim is good enough then he will check the upload logs. Upload logs contains the IP address and system details from which file has been upload and if he want he can lodge a complaint against you in cyber cell and believe me cyber cell hardly takes 10 minutes to reach anywhere. Then either you go. 



If a Hacker wants to get into your system then he will, what all you can do is that make his entry harder. 
to jail or need to pay defamation charges. Hence it’s always mandatory to cover your tracks to avoid legal action against you. 


hope u like this efforts and please leave us comment if have any best ideas about article..


0 comments :