Hacker methodology Flashcards
Methodology
Cracking Password
Escalating Privileges
Executing Applications
Hiding Files
Covering Trackshacking Goals
Bypass the access control Gain access to the system Exploit vulnerabilities Gain privileges Execute applications Hide malicious activities Hide the evidence of compromising
Registered dlls key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\
what is done during the “executing application” phase
Install malware to collect information
Setup Backdoor to maintain access
crack passwords and scripts
Install Keylogger
etc...what occurs during gaining access (ceh Hacking goals)
Cracking Passwords
Escalating Privileges
what occurs during maintaining access (ceh Hacking goals)
Executing applications
Hiding Files
what occurs during clearing tracks (ceh Hacking goals)
deleting logs
what is Enumeration
the process of extracting user names, machine names, network resources, shares and services from a system. In this phase, the attacker creates an active connection to the system and performs directed queries to gain more information about the target.
what is Enumeration
the process of extracting user names, machine names, network resources, shares and services from a system. In this phase, the attacker creates an active connection to the system and performs directed queries to gain more information about the target.
Link-local Multicast Name Resolution/ NetBios Name Service attack
Victim uses service to find resource. Attacker broadcasts that they are the resource and poisons Victims service. This is multicast. If the interaction require authentication victim sends NTLNv2 user name and hash. offline cracking.
three phases of a pen test
preparation, assessment (security or conduct phase), conclusion (post-assessment phase)
