5 Phases of Hacking


Note : This is not to motivate you to hack and shut down websites but to provide a general idea of how the daily hacks are performed and to protect yourself from such incidents atleast take some precautions.

This article explains 5 steps of Hacking taking an example of a Hacker trying to hack a company’s server and gaining access to all the data.
5-phases-of-hacking1

  1. Reconnaissance : This is the first phase where the Hacker tries to collect information about the target. It may include Identifying the Target, finding out the target’s IP Address Range, Network, DNS records, etc.Let’s assume that an attacker is about to hack a websites’ contacts.
    He may do so by : using a search engine like maltego, researching the target say a website (checking links, jobs, job titles, email, news, etc.), or a tool like HTTPTrack to download the entire website for later enumeration, the hacker is able to determine the following:  Staff names, positions, and email addresses.
  1. Scanning:  This phase includes usage of tools like dialers, port scanners, network mappers, sweepers, and vulnerability scanners to scan data. Hackers are now probably seeking any information that can help them perpetrate attack such as computer names, IP addresses, and user accounts.Now that the hacker has some basic information, the hacker now moves to the next phase and begins to test the network for other avenues of attacks. The hacker decides to use a couple methods for this end to help map the network (i.e. Kali Linux, Maltego and find an email to contact to see what email server is being used).  The hacker looks for an automated email if possible or based on the information gathered he may decide to email HR with an inquiry about a job posting.
  1. Gaining Access: In this phase, hacker designs the blueprint of the network of the target with the help of data collected during Phase 1 and Phase 2. The hacker has finished enumerating and scanning the network and now decide that they have a some options to gain access to the network.
    For example, say hacker chooses Phishing Attack: The hacker decides to play it safe and use a simple phishing attack to gain access.  The hacker decides to infiltrate from the IT department.  They see that there have been some recent hires and they are likely not up to speed on the procedures yet.  A phishing email will be sent using the CTO’s actual email address using a program and sent out to the techs.  The email contains a phishing website that will collect their login and passwords.  Using any number of options (phone app, website email spoofing, Zmail, etc) the hacker sends a email asking the users to login to a new Google portal with their credentials.  They already have the Social Engineering Toolkit running and have sent an email with the server address to the users masking it with a bitly or tinyurl.
    Other options include creating a reverse TCP/IP shell in a PDF using Metasploit ( may be caught by spam filter).  Looking at the event calendar they can set up a Evil Twin router and try to Man in the Middle attack users to gain access.  An variant of Denial of Service attack, stack based buffer overflows, and session hijacking may also prove to be great.
  1. Maintaining Access: Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Once the hacker owns the system, they can use it as a base to launch additional attacks.
    In this case, the owned system is sometimes referred to as a zombie system.Now that the hacker has multiple e-mail accounts, the hacker begins to test the accounts on the domain.  The hacker from this point creates a new administrator account for themselves based on the naming structure and try and blend in.  As a precaution, the hacker begins to look for and identify accounts that have not been used for a long time.  The hacker assumes that these accounts are likely either forgotten or not used so they change the password and elevate privileges to an administrator as a secondary account in order to maintain access to the network.  The hacker may also send out emails to other users with an exploited file such as a PDF with a reverse shell in order to extend their possible access.  No overt exploitation or attacks will occur at this time.  If there is no evidence of detection, a waiting game is played letting the victim think that nothing was disturbed.  With access to an IT account the hacker begins to make copies of all emails, appointments, contacts, instant messages, and files to be sorted through and used later.
  1. Clearing Tracks (so no one can reach them): Prior to the attack, the attacker would change their MAC address and run the attacking machine through at least one VPN to help cover their identity.  They will not deliver a direct attack or any scanning technique that would be deemed “noisy”.
    Once access is gained and privileges have been escalated, the hacker seek to cover their tracks.  This includes clearing out Sent emails, clearing server logs, temp files, etc.  The hacker will also look for indications of the email provider alerting the user or possible unauthorized logins under their account.

Protect yourself :

Do not post information on social media that can be related to challenge questions

  • Use passwords that cannot be broken by brute force or guessing.
  • Consider 2 factor authentication when possible.
  • Be careful of password requests emails.  Services like Heroku, Gmail and others will not request to type in passwords for additional promotion or service.
  • Verify source of contact.
  • Before clicking a link, investigate it.
  • Always scan a file and never click on batch files.
  • Always see the background services that are running in your device and never rely on others’ device.
  • Be sure to have a antivirus installed and set root passwords for installation.
  • Log out of sessions and clean the cache.

If you think you are compromised, inform the service providers and if you are confirmed then you must report it to the cyber crime department. These days such incidents are being taken seriously.

Comments