Hack This Site!

[Advertise With HackThisSite.org :: Hide These Ads]

Bees may well have honey in their mouths, but never forget that they have a sting in their tail. - Scottish Proverb

Intro to Pen Testing.
Published by: Static-Oblivion, on 2008-01-11 16:07:12
Hello Readers,This is Static-Oblivion Today is the first of many articles to come what were focusing on today is ethical hacking for i.e Pen Testers I just want to start off with the basic disclaimer:I'm not responsible or liable for the use or misuse of the information about to be givin.....in anyway! OK!Now that we have that out of the way let's begin. ------------------------------------- Essential terms used by Pen Testers.\| ------------------------------------- Threat:Any action and or event taht might compromise security. Exploit:A defined way to breach the security of a IT system trough vulnerabilty. Vulnerability:Existence of a weakness,desighn,or implementation error that can lead to an unexpected,undesirable event compromising the security of the system. Target of Evaluation:An IT system,product,or component that is idetified needing security evaluation. Attack:a assault on given system security that comes from a itelligent threat i.e you --------------------------------- What does a attacker do exactly?\| --------------------------------- Now what does a attacker do ecactly?When I say this I mean the proper way a pro does things to secure himself and the system as quickly as possible without legal ramifications this may not be the way evrybody does things but this is a basic out line of how it "should" be done. 1.Reconnaissance -Active/Passive 2.Scanning 3.Gaining Access -Operating system level/application level -Network level -Denial of service 4.Maintaining access -Uploading/altering/downloading programs or data 5.Clearing tracks ---------------------------------------------------------------- -------------- Phase 1 Recon\| -------------- Passive recon ------------- Involves acquiring info without directly interacting with the target.(Fr example,searching public releases.records,or news releases.Theres more but I'll leave up to your judgement) Active Recon ------------ Involves Interacting with the target by anymeans.(For example,Telephone calls to the help desk or technical department) ------------------------------------------------------------------ ----------------- Phase 2 Scanning\| ----------------- -Scanning refers to the pre attack phase when the hacker scans the network for specific information on the basis of info gathered during recon. -scanning can include use of dialers,port scanners,network mapping,sweeping,vulnerability scanners,and so on. ------------------------------------------------------------------ ----------------------- phase 3 gaining access\| ----------------------- -Gaining access refers to the penetration phase.The hacker exploits the vulnerability in the system. -The exploit can occur over LAN,the internet,or as a deception or theft.(Examples include buffer overflows,denial of service,session hijacking and password cracking) -Ifluencing factors include architecture and conifiguration of the target system,the skill level of the hacker,and the initial level of access obtained. ------------------------------------------------------------------ ------------------------- phase 4 maintainig Acess\| ------------------------- -Maintaing Access refers to the phase whn the hacker tries to retain his ownership of the system. -The hacker has compromised the system. -Hackers may harden the system from other hackers as well(to own the system)by securing thier exclusive access with backdoors,Rootkits,or Trojans(R) j/k :) -Hackers can upload,download,or manipulate data,applications,and configurations on the "Owned" system. ------------------------------------------------------------------ ---------------------------- Phase 5 covering you tracks\| ---------------------------- -Covering Tracks refers to the activities that the hacker undertakes to hide his actions. -Reasons include the need for prlonged stay,continued use of resources,removing evidence of hacking,or avoiding legal action. -Examples include Stenography,Tunneling,and altering log files. ------------------------------------------------------------------ ------------------------ Types of hacker attacks\| ------------------------ -There are several ways a attacker can gain acces to a system. -The attacker must be able to exploit a weakness or vulnerability in a system Attack types: 1.Operating System attacks. 2.Application-level attacks. 3.Shrink wrap code attacks. 4.Misconfiguration attacks. ------------------------------------------------------------------ ----------- Side note.\| ----------- Now as much as I want to go into explanation of the techniques I think it would be better if you googled them and read up on them yourself after all I'm not here to spoon feed. :) However In the next articles I will explain the 5 steps in depth along with some tool recomendations used by the pros!So were even ok? So thats all for now more to come probably about evry other day Stay tuned for the next article. Titled:Footprinting Peace, Static-Out
Cast your vote on this article *Note: the order of the votes has been reversed.

Comments:
Published: 11 comments.

Abl4z3r - 02:00 pm Friday January 11th, 2008

Seems really interesting... I\'m expecting your following articles!

Are you a Pen Tester or are you just really interested in Pen Testing generally?

WhiteAcid - 08:53 am Saturday January 12th, 2008

Please use bbcode next time. I feel this article is basically just a contents page and that you should have waited a bit and merged this with your sequels.

Not all paragraphs are one sentence either :p. Let\'s hope your sequels make up for this.

chatch15117 - 12:28 am Sunday January 13th, 2008

hope the sequels come soon

Static-Oblivion - 06:12 pm Sunday January 13th, 2008

K I\'ll work harder on the next articles thanks for the comments and the next article will be out in about a day or two.

greyhat_i386 - 02:47 pm Monday January 14th, 2008

Nice article, I like the way you\'re trying to present your ideas. Just touch up on your grammar a little bit though (i\'ll assume that the majority of them were typos.. you do know that \'an\' and not \'a\' preceeds words that begin with vowels right? - for expample, hmm.. attack.) Decent intro.

rak_athis_best - 11:22 am Tuesday January 22nd, 2008

nice article

rak_athis_best - 11:28 am Tuesday January 22nd, 2008

nice article

psquicciarini - 02:04 pm Wednesday January 30th, 2008

Hey Static - I\'m taking the CEH course. Looks like you just copied the info right out of the first chapter - almost word for word... is that even legal?

Static-Oblivion - 04:34 am Saturday February 09th, 2008

i didnt copy it word for word tho so yes and that\'s why i gave credit and said they were notes from the ceh course just some good stuff for the noobs to help em thats all.*oops no i didnt i did in the critical security forums tho oh well add em now.err can\'t oh well.

GregTRONlives - 06:02 pm Wednesday March 19th, 2008

This was an interesting article. Covering tracks and looking vulnerabilities has always been something I feel is left out of a lot of articles, so I look forward to reading more on it. The typos where farr too numerous though. 7/10

Karec - 09:57 am Thursday March 27th, 2008

Bad spelling, grammar, lack of BBC code. Also really basic/general and doesn't go in depth into anything.

6/10

This site is the collective work of the HackThisSite staff. Please don't reproduce in part or whole without permission.
Page Generated: Mon, 01 Dec 2008 20:03:37 -0500 Exec: 10
_{Page loaded in 0.12598 seconds!}

Donate

Challenges

Get Informed

Get Involved

Communicate

About HTS

Translate

Partners