Many a time people search for how the hackers do it, you get a million tutorials but no one really gives your the one pager, below i summarize a simple approach of how an attack can be carried out and prevented, the ways are as many as the stars, some are simple as getting the password for an admin from him (social engineering tools)
Personally i am not a hacker but i think of computer security as a fun for me so i once thought how does one do it? A generic attack flow would be to do an information gathering exercise of the services exposed by a system, banner grabbing is rich information, open ports is another, tools like nmap, netcat come in handy a lot, and from an informational point of view research about a company comes in handy especially when attacks like phishing, vishing or social engineering have to be performed to get credentials or more information.
Post information gathering, attacks are initiated to the known versions with if available credentials and information provided through phishing, pharming and other methods “Their names may sound funny but their financial consequences are not; “phishing,” “smishing,” “vishing” and “pharming” are just a few of the ways criminals can gain access to personal information via your network, computer or smartphone.”(Hindman, 2014). In the absence of credentials, bugs or flaws in software versions can be exploited using tools like metasploit and after all this, logs can be deleted with tools like Winzapper.
Some attacks are carried out remotely by simply infecting an internal computer through pharming or phishing and many other methods, have a worm or virus loaded that initiates a connection to a listening attack host giving a remote user reverse access into a network hence it is important to monitor network signatures and heuristics for unusual packets if possible, proxy all traffic through a web proxy so all traffic is logged and analyzed extensively.
“Metasploit Pro gives security professionals insight into threats being used by attackers in the wild, and the ability to test their defenses against them. By “attacking” their own systems, security professionals can understand which defenses work, what the impact of an attack might be, and how exposed they are to this risk.” (Rapid7, 2014) Tools like metasploit used by administrators to test their applications and networks can be used equally to attack other networks, hackers use the same tools and some keep them so updated that they can identify the latest bugs before administrators get to see bugs. “The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called “hacking tools”. (Leyden, 2008). With legislation greying the lines on how administrators can carry out checks, I wonder if the responsibility should be left to the vendors to ensure timely patching of software and other tests.
Gaining access using RATs (Remote Access Tools) is the most common way, the average user things of an attacker getting their password or sitting in front of your screen and fighting to guess your password, in all honesty, human password guessing is just cumbersome, using tools is also point less at times because the account gets locked so what is done is the extraction of the password file / database and an offline brute force applied.
In all honest, this feels irresponsible to publish this but then sooner or later if you are determined or if you go for courses like CISSP or CISA you end up with this knowledge the key is mainly the following;
1 – How responsible do you feel after reading this, will you treat updates seriously now
2 – Will you avoid un-necessary skills of clicking links
2 – The probability of being discovered if you try an illegal attack is actually very high with logs and finger prints, hiding is a separate topic though.
NB: Look for post 2 on how to avoid some of these attacks.
References;
Hindman, C 2014, ‘How to catch a ‘phish”, Quebec Express, p. A9, Regional Business News, EBSCOhost, viewed 23 November 2014.
Rapid7 0004, ‘Rapid7 Announces Professional Security Certifications for Nexpose and Metasploit’, Business Wire (English), 4, Regional Business News, EBSCOhost, viewed 23 November 2014.
John Leyden, 2 Jan 2008, UK gov sets rules for hacker tool ban, http://www.theregister.co.uk/2008/01/02/hacker_toll_ban_guidance/, Online, Accessed 24th November 2014