four distinct steps that occur in almost every hack attack and that are covered in detail...

RECONNAISSANCE ATTACKS

The term reconnaissance refers to the first preattack phase of the hacking process: it involves information-gathering behaviors that aim to profile the target organization or network for the efficient attack tactics. Reconnaissance can be classified into five types.

The reconnaissance target range may include the target organization's clients, employees, operations, network and systems.

TYPES OF RECONNAISSANCE ATTACKS

• Social Engineering;
• Site (Physical) Reconnaissance;
• Internet Reconnaissance;
• IP/Network Reconnaissance;
• DNS Reconnaissance.

Information Gathering and getting to know the target systems is the first process in ethical hacking. Reconnaissance is a set of processes and techniques (Footprinting, Scanning & Enumeration) used to covertly discover and collect information about a target system.

During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible, following the seven steps listed below −

• Gather initial information
• Determine the network range
• Identify active machines
• Discover open ports and access points
• Fingerprint the operating system
• Uncover services on ports
• Map the network

We will discuss in detail all these steps in the subsequent chapters of this tutorial. Reconnaissance takes place in two parts − Active Reconnaissance and Passive Reconnaissance.

Active Reconnaissance

In this process, you will directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are detected, then system admin can take severe action against you and trail your subsequent activities.

Passive Reconnaissance

In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.

penetration attack

A penetration attack involve the use of a delivery mechanism to transport a malicious payload to the target host in the form of a Trojan horse or remote control program.

These malicious payloads can be delivered either through some input medium (e.g., floppy or CD-ROM), download, or e-mail; or by exploiting existing bugs and security flaws in such programs as Internet browsers. Activation need not be intentional (e.g., double-clicking an icon), but can also occur by executing compromised code that users intentionally download from the Internet (e.g., device drivers, browser plug-ins, and applications) or unknowingly download (e.g., ActiveX controls associated with Web pages they visit). Even the simple viewing of a message in the preview screen of an e-mail client has, in some cases, proved sufficient to trigger execution of its attachment.

Penetration testing is designed to assess your security before an attacker does. Penetration testing tools simulate real-world attack scenarios to discover and exploit security gaps that could lead to stolen records, compromised credentials, intellectual property, personally identifiable information (PII), cardholder data, personal, protected health information, data ransom, or other harmful business outcomes. By exploiting security vulnerabilities, penetration testing helps you determine how to best mitigate and protect your vital business data from future cybersecurity attacks.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

What is Penetration Testing?

When we want to find the vulnerabilities of attack to a computer system, network or Web application, we use penetration testing. It is also referred to as pen testing. We can perform manual or automatic pen testing.

Why do we have Phases of Penetration Testing?

We have phases of pen testing so that we can follow a standardised methodology which can be rinsed and repeated over time so that we can look at information trends as well as reporting. This information can be used to compete to the penetration tests that other organizations of professionals have done. In other words it is setting a standard methodology to conduct penetration test.

There are five phases of penetration testing –

1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Covering Tracks

Fig 1. Phases of Penetration Testing

1. Reconnaissance – It is the first phase of penetration testing framework. We use reconnaissance to gather preliminary data or intelligence on the target. The data is gathered in order to better plan for the attack. It can be performed actively or passively. By actively we mean actually touching the devices of the target. By passively we mean that your recon is being performed through an intermediary. In this we also perform things like identifying the target, finding the target IP address range, network, domain name, mail server, DNS records, etc. The tools which we can use in Kali server for reconnaissance are shown in the following figure –

Figure 2. Reconnaissance Tools

1. Scanning – The phase of scanning requires the application of technical tools to gather further intelligence on the target, but in this case, the intelligence being sought is more commonly about the systems that they have in place. A good example would be the use of a vulnerability scanner on a target network. There are some tools in Kali Linux for scanning also. These are shown in the figure –

Figure 3. Scanning Tools

1. Gaining Access – This phase requires taking control of one or more network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets. The following are the tools in Kali Linux which help us in gaining access –

Figure 4. Gaining Access Tools

1. Maintaining Access – Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible. The attacker must remain stealthy in this phase, so as to not get caught while using the host environment. It includes things like privilege escalation, back door installation on target machines so that one can maintain the gained access and connect to the target any time. The tools include –

Figure 5. Maintaining Access Tools

1. Covering Tracks – The final phase of covering tracks simply means that the attacker must take the steps necessary to remove all semblance of detection. Any changes that were made, authorizations that were escalated etc. all must return to a state of non-recognition by the host network’s administrators. The tools in Kali Linux that assist in hiding tracks are –

Figure 6. Covering Tracks Tools

============================================================================================================================

The Five Phases of Hacking

Reconnaissance:- This is the primary phase where the Hacker tries to collect as much information as possible about the target. It includes Identifying the Target, finding out the target's IP Address Range, Network, DNS records, etc.

Scanning:- It involves taking the information discovered during reconnaissance and using it to examine the network. Tools that a hacker may employ during the scanning phase can include dialers, port scanners, network mappers, sweepers, and vulnerability scanners. Hackers are seeking any information that can help them perpetrate attack such as computer names, IP addresses, and user accounts.

Gaining Access:- After scanning, the hacker designs the blueprint of the network of the target with the help of data collected during Phase 1 and Phase 2. This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of connection the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), local access to a PC, the Internet, or offline. Examples include stack based buffer overflows, denial of service (DoS), and session hijacking. These topics will be discussed in later chapters. Gaining access is known in the hacker world as owning the system.

Maintaining Access:- Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, rootkits, and Trojans. Once the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system.

Covering Tracks:- Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action. Hackers try to remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms. Examples of activities during this phase of the attack include steganography, the use of tunneling protocols, and altering log files.