There are some generic ways that a hacker follows to hack in to the private network. In this article I described a generic way that has been long followed by the most of the hackers all around the world. Today’s private networks are hard and very much secured from outside so that it becomes very difficult for the hackers to get in to the network, but once you will get a small hole into the corporate firewall certainly you can hack into the network. Since the rest of the internal network is very soft. This is very similar to the egg shell which is very hard from outside but very soft from inside.
Foot printing
the first step that a hacker follows in hacking is Foot printing. Where hacker identifies that the target that he needs to attack. In this step he finds the list of available computers that can be hacked. In this step hacker may enumerate the computers present on his network or he may get the IP of the target system by some other means. He may get the IP of target system from some of the internal employee.
Scanning
In second step hacker scans the target system. Like he scans the ports, finds the MAC-address of the target system
Information Gathering
the third step of hacking is Information Gathering. in this stage hacker tries to get as much information as possible about the target system. he finds the operating system running on the target machine, services running on the target machine that can be exploited and much more. This is the right step for the hacker to get some of the user name that has probably the blank password or a password that can be easily guessed.
Gaining Access
the access gaining step is the next step that a hackers does after the Information gathering phase. He gains access on the target machine by means of some exploits which may be the blank/default password of some user or it may be application vulnerability. Like buffer overflow exploit that has been used by hacker most of the time to gain access on the vulnerable machines. In history the access gained using many technique including XSS (cross site scripting) and SQL injection attack.
Escalating Privilege
In case when the access gained in previous step is not privileged enough, hacker tries to escalate his privileges by means of exploiting the application level vulnerability. This is one of the most difficult phases of the hacking.
Pilfering
once the hacker got the right privilege on the target machine he starts pilfering the required information from the machine. In this phase hacker may harm the target machine.
Denial of Service
when hackers not able to gain access on the target machine or he is not able to escalate his privileges he attacks the system for denial of service. This hacker does when he gets frustrated of the hardness of system. This is not going to benefit the hacker in any sense.
Reference
http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/
No comments:
Post a Comment