set a trap

cyberXtrap

Be Ready for Cyber War

If we know how to hack, we can protect us from being hacked. In this Hacking Tutorial, we will see the basics of hacking. But don’t try this in public domains or networks. Try this is in your own private network. While hacking a system, application or database, the phases are same. But attack method and tools may vary. Choosing the right attack method and tools define the best hacker.

Hacking has five important steps. They are,

  • Reconnaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Clearing Tracks

Most commonly, we need to follow these steps to hack successfully.

  • Reconnaissance

Foot printing the target is called as reconnaissance. Collecting information about the target comes under this process.

There are so many methods to collect the information. By visiting the website, using search engines, whois, nslookup, by doing social engineering with employees of the targeted organization, keep eye on job advertisements [gather Information about technologies], etc.

By following these steps, we can collect information like, Host details, IP Address, Email Address, User Name, security controls. Sometimes passwords are also possible to collect.

  • Scanning

Scanning the network or machine is the next process after the recon. We are going to use information we collected from recon processes here. IP address, Domains, URL and email address help to cook.

While scanning them we can collect open ports, services running, version of the product and vulnerability on the product.

To collect these details there are so many tools available, but most of the time hackers use NMAP for the scan. Because it is giving so many options for scanning. Dirbuster, dir and wpscan kind of tools allow to scan the website. While scanning the web site, possibly we can identify the login page, configurations, credentials and sub domains etc.

By following these steps, we can identify the target. That will help us to develop our exploit. Moreover, collected usernames and passwords will allow us to gain access without huddles.

  • Gaining Access

Gaining access is the important phase where we get into the victim machine. But choosing the way of getting inside and the method we are going to use need, should be chosen wisely.

Delivered malicious code execute and do what we commanded. SQL Injection, Bypass Authentication also part of this phase.

Sometimes we may gain access in the system. but to perform our operation level of privilege will not be enough. In that case we need to increase our level of privilege. So, we need to perform privilege escalation. We can perform the scanning again with the privilege we are in. That will help to achieve the privilege escalation easily.

By following the steps, we can reach the target. While gaining access the tools or scripts we are using may affect the system, that will destroy our goal. So, we need to choose the tools carefully.

  • Maintaining Access

After gaining the access maintaining the access help us to achieve our goal. Command and Control allows us to collect the information and access to perform the task. For that we need to keep our malware running without any interruptions and hide from the victim’s eyes and endpoint security solutions.

Making the process under legitimate process and non-detectable malware coding these kinds of practices make us maintain the access.

By following the steps, we can reach our goal.  Masking on the right processes and avoiding antivirus, EDR and HIPS detection play important role in maintaining access.

  • Clearing Tracks

Destroy the evidences. Keep a track on what changes we made in the system. That will make the job easier.

Tampering the evidence, Clearing the logs, change the registry, remove the dropped files and folders and uninstall the services these operations need to perform by default. Moreover if any other traces exist, remove all of them and make it like before we got into this.

By following these steps, we can avoid getting identified. Clearing the traces will make it difficult to track us.

These are the steps to perform the hacking. Sometimes we need to skip some steps or need to add some steps, based on the situation and environment. Practice makes the hacker perfect.

If we know how to hack, we can protect us from being hacked. In this Hacking Tutorial, we will see the basics of hacking. But don’t try this in public domains or networks. Try this is in your own private network. While hacking a system, application or database, the phases are same. But attack method…