Website Hacking

Website Hacking

Standard Hacking Steps:

When an attacker tries to perform an attack against his target. He needs to follow some standard steps during the entire attack. They are

  1. Reconnaissance (Foot Printing)
  2. Scanning
  3. Gaining access
  4. Maintaining access
  5. Clearing tracks

Let's understand one by one.

I. Reconnaissance:

Before attacking our target. We should gather some basic information about our target. This is called reconnaissance. This is also called passive information gathering since we don’t interact with the target directly. We will just use the resource like internet to know about the target.

There are many techniques to gather information about the target. I am just demonstrating few of them.

Search Engines: as we all know, search engines are the most popular tools with which we can gather lots of possible information about the target. The target can be a person, website, system or an organization.

Examples: Google, yahoo, Bing, msn live etc.

Some tools helps us to get information.

1. Whois Lookup:

Whois is a very nice tool to gather some juicy information about the target. It gives the details like owner of the domain, domain registration details, ip address, server information etc.

Usage: Go to the website, www.whois.domaintools.com.

2. Tracert:

Tracert is a command to trace all the nodes between our computer and a remote computer. It is useful for investigations. Let’s try to trace the route to www.google.com server from my computer.

Steps:

  1. Open your command prompt.
  2. Start--> Run--> type 'cmd' and press enter.
  3. Now I am typing the following command.
  4. Tracert www.google.com

Traceart_command_cmd_window

That’s cool!!

The first line tells. It is tracing route to the specified domain's ip address. It also says the maximum number of hops is 30 before the time outs. This is extremely useful when we try to find out why a website is unreachable.

This is very simple. If any router is not responding, then that is where the problem is residing. For example, in the above picture if the router at sixth line is not responding (timed out). Then we can clearly say that problem is there at 12.

3. Visual Tracert:

It is also same like tracert but gives the geographical representation of server locations exist in between.

4. Archive.org:

Do you remember your school days?

If your answer is yes, your brain is sharp.

But how about the web?

What if you want to know how a website was in its early days and how it is now?

An updated website might have some sensitive information before it is updated. What if you want to see those older versions?

Or what if you want to visit a website that no longer exists?

(www.archive.org) the way back machine.

Archive_way_back_machine

It is just like your dictionary which stores all the words. A user can see archived versions of web pages of the past. Here we can how www.microsoft.com website looks like in nov-18-2003.

II. Scanning:

We will scan the target system for open ports and services running on it, so that we may exploit them. This is called scanning. Scanning is also called active information gathering since we directly interact with the target.

1. IP Scanners:

Ip scanners are to scan the live hosts. We just need to give the range of ip address to be scanned. Ip scanner will automatically scan the live hosts on which we can perform our attack.

2. Tool Port Scanners:

Port scanners are used to 'scan for open ports'. What can I do with an open port? Well, if the port is opened and running a vulnerable service then we can exploit it to gain access to the system

3. Tool NMAP:

NMAP is the hacker’s best friend since a long time. Even though there are many tools coming and going NMAP is the best tool for scanning. ZENMAP is the GUI version of NMAP.

How NMAP works?

Before understanding how to use NMAP, let us understand what happens behind the curtain.

NMAP sends a packet to the server it is scanning. Based on the server’s response it detects the type of service.

III. Gaining Access:

We will gain actual access to the system, just by exploiting it. Don’t worry if you don’t understand the terms like 'exploiting'. You will see different practical explanation techniques which give you a clear idea of what actually explanation is.

To gain access to our target, depending upon the type of target, we may find a vulnerable website and gain access to the website.

We may find a vulnerable service on a server and we may exploit it using a suitable exploit.

This is one of the most important steps while attacking.

IV. Maintaining Access:

Once after gaining access to a system, we will perform all the operations we want and we will leave the system. If we come back to the system again, we need to perform all the steps right from the scratch. To avoid this, we will keep the access of the system even after leaving it.

Depending upon the target we have exploited, we will use different techniques to maintain our access.

V. Clearing Tracks:

When we attack our target, our footprints may be logged at the target system. We need to remove those logs so as to remain undetected from the victim.

Credit: Sai Satish (Indian Servers CEO)

Tags:

0 Comments