Hacking - Start to finish (quick list)

Hello, this little post will explain in rough details how you start hacking a specific target.

First. There are  many different ways going about this, but this is one way.

Information gathering
The
first thing you want to do when targeting a specific target is get as
much information as possible before a front attack(if any, being quiet
is much better)
Now this step can take ages if you really want a
detailed level of knowledge. And if you are serious about hacking your
target, you should be detailed here.
What sort of information do I
look for you might ask yourself? Well, anything really. Anything
surrounding the target and even things that surround things that
surround your target. Here is a short list of things that might be
useful;
  • IP(s), some machines/domains/systems or whatever have multiple domains

  • ISP(s), if small ISP(s), get owner details here as below

  • Owner. Email, name, location, family, hobby's, Facebook account, phone number

  • *Open ports. On ALL of the ips/servers if there are multiple

  • Service signatures, find out as much as possible about all the open ports, are they in use? What software are they running at the other end? Do the services reveal any other information about the system? OS? Internal IPS?

  • Hosters(In most cases there will be a hosting company)

  • Hosters information - Owner and all of that(If the company is small)

  • Hosters member system, how does the members login? Is there a login? Is there a forgot password function? Can you exploit the hoster instead?(might be easier in some cases)

  • DNS records(if any), subdomains? Hidden domains/info? DNS hosters? Same as above.

  • The physical server(s) location / datacenter

And the list goes on and on and on. Literally EVERYTHING about the company/system/server/target are relevant. The more info you got, the easier it will be attacking him/her/them/it. You should decide if you want to target the system or the people of your target. That is, code/system flaws or human flaws(keyloggers, Trojans, social engineering, info gathering + password guessing, etc). This decision should depend on the information you find about your target. Both can be tried ofcourse, just make sure the target does not know you are trying to hack it, often one of the attempts will set off alerts. This whole information gathering part might seem unnecessary, but really. Its neat, lets you put things in perspective so you can find the best point of entry. The attack Before an attack is lunched, there are a few things you need to think about. Here is a list of things you should think about;
  • Will this company/target rage crazy if I hack them? If so, check 3rd point.

  • Will police or other agencies be contacted if I hack them? If so, check 3rd point.

  • *Is my privacy good enough? Are you behind a proxy(s)? Should you? Do the proxy log?(It shouldn't)

  • Are they running any services at all? If not, you don't really have any virtual way in..

  • Are they running web applications? These are typically easier to hack than services. And have a higher percentage rate of flaws.

  • Do the target got a open router/switch/modem system? This often happens with home computers/networks.

  • Are your target running platforms with logins? These could be targeted.

  • Do you have enough time? Its a good practice to have time enough to do the entire attack in one go. Else you might fire off warnings for the target, and he can go into a bombshelter Board Image We don't want that now, do we?


Now there are tree ways of attacking in this guide.
- Service/software exploitation
- Web application exploitation
- Human factor exploitation


Service/software exploitation
Here
you will exploit one or more services/programs running on the target
system. In most cases, this will be called bufferoverflow. This can do
everything from bypassing a login to give you instant shell access. In
scenarios where the target is running services which is not a web
server(can be tho) this might be the way to go.

Web application exploitation
This
is without a doubt the most vulnerable field. Web applications are
flawfull, 70% or so of all pages got some sort of web application flaw,
this ofc may vary from an stupid XSS to a serious RFI. In scenarios
where the target system are running a web server, this is the first
thing to check. Do always check web applications before going on to
service exploitation if you just want to get the target hacked.

Human factor exploitation
Now
if all other things fail, there is ALWAYS a human factor. This can be
social engineering the target to give you limited access, and you work
your way up from there. Or simply tricking the target to trust you and
in some strange way share his password, perhaps not for the system you
are targeting, but for his email or an online account or whatever,
stupid people tend to use the same password or the same password syntax
everywhere. Keep in mind that the human factor doesn't necessarily have
to be your targets owner, could be the hoster, the DNS hoster, the ISP,
family.


Finale note
If you think its
necessary, clear your tracks. If you ask me, if you can see that you
have been there you didn't do it right. Take care, be safe.

-----------------------