Welcome Guest, Not a member yet? Create Account  

[Guide] How Does A Hacker Approach His Target
(This post was last modified: 08-24-2017, 07:38 AM by Mike.)

This guide only explains the way how hackers think. Different methods used in this tutorial will be posted later in seperate posts. As some of you already know, there are different types of hackers. Ones are that try to find vulnerabilities in big companies and report them to get a reward and get their name listed in a 'bug bounty program', others have the aim to cause damage and use the vulnerability for their needs. Of course it will be different how they think. I am going to describe the way of thinking of a hacker in general. Let's assume, his only aim is to break into a website that sells CD-Keys and steal them.

Web Application Vector:
There are many ways to start. The most clever one would be the fingerprinting and audit of the web application at first. Nowadays many web application scripts are vulnerable to different kind of vulnerabilities such as SQL Injection, Cross Site Scripting or even Local/Remote File Inclusion, even more, custom coded. Public scripts are being updated regulary (at least the famous ones) and therefore each day less and less vulnerabilities are in it. 

Companies usually request custom coded websites, pay much money, just because maybe they don't know that you can make it for free with a small set of skill or they just want to have something unique, which does not exist yet. Every person, even programmers make mistakes. Therefore one person or even two persons that work on a custom script which has much code cannot really secure everything, unless they go through the code, lookup every function and check how they use them. 

When the hacker decides to use the Web Application vector, he begins to check the site for vulnerabilities. By checking is meant to fingerprint it first. Use google and different dorks to get all php files on the server, check robots.txt, use automatic scanners, try every user input manually, mess with the GET and POST parameters, try to use a browser without redirection on the admin page to see if authentication bypass vulnerability, etc. 

This is the actual exploitation process, or searching for vulnerabilities. Once a high impact vulnerability is found, the hacker searches for a administration page. Usually, using directory guessing, like /admin, /adm etc. Personally I suggest to do this manually, because some custom 404 errors send a 200 OK state, therefore the automatic scanner will recognize it as a page and it will be a false positive. Once found a admin page, the hacker searches for a function that allows file uploads. For example, a photo. Usually, using HTTP Live Headers addon for firefox, you can bypass the extension filtering and upload .php scripts rather than image files. If this method succeed, he'll be able to read the configuration files on the server and using the web shell connect to the SQL Server and extract the data he wanted.

Server Attack Vector:
The server attack vector is a bit more difficult and less likely to exploit, unless your target is on a custom server and does not use famous hosting companies. The first step is using nmap or other port scanners to determinate what ports are open and what services are running. Usually, port 22 is ssh, port 23 is ftp and port 80 is http. As a http server, different software can be used for example nginx or Apache. 

Once you got the version, you'll have a overview of what exploits you are going to need. Using Google, a hacker will search for the service with the version number for exploits. If the hacker does not have ANY access to the server, local exploits won't be helpful for him. His search is limited to Remote exploits only. Once found a exploit, a hacker launches it against the server and the payload chosen will be executed. The hacker has gotten full access to server.

Social Engineering Vector:
Social Engineering is a wide topic. People have a different understandings of this, some think Social Engineering is getting free stuff from companies, some think it's the ability of lying to a person without him understanding and others think manipulating people for actions. All these three understandings have something common, it's tricking someone to do/say something, it's being another person or professional lying. The hacker has got a wide range of abilties who he can take as a target: the administrator of the website or even the whole hosting administrator. 

There can't be a guide about Social Engineering (against live websites), because it really depends on the interests of the person (in this case, administrator), it depends on the situation and other aspects. But the hacker is trying to get the passwords of administrator using phishing emails, acting as the hosting administrator and contacts the website administrator, get's in contact with the administrator and they become 'friends', trick him to upload a PHP script that would literally 'make his website better'. It all depends on the creativity of the hacker.

Hacking is not a thing you can learn in 2-3 days. It takes you time, you must read articles, but the most important part is not the theory. The most important part is the action, practice. But trust me, the skills will show and it will be useful.

[Image: TQzc844.png]
Likes 0

Very interesting contribution, I'm glad that this post contains several types of hacking, not just web application or SE, but more.
Likes 0

  1 Guest(s)