Professional Documents
Culture Documents
Hacking Methodologies
Hacking Methodologies
Johnny Long
http://johnny.ihackstuff.com
johnny@ihackstuff.com
Varied Approaches
“Old School”: Slow, careful, precise,
invasive
“Pros”: Fast, careful, precise, sometimes
invasive
“Skript Kiddies”: Slow, reckless,
imprecise, invasive
“Defacers”: Fast, reckless, precise, mildly
invasive
Old school
Information Gathering
Probe
Attack
Advancement
Entrenchment
Infiltration/Extraction
Old School: Information
Gathering
Decide and discover which targets to
attack
Often begin with a specific network or a
specific company
Nmap’s guess at
the operating
system type
Old School: Probe
some services
listen behind RPC.
rpcinfo can give us
this info.
Old School: Attack
Locating Exploits
Getting Exploits
Modification of Exploits
Building Exploits
Testing Exploits
Running Exploits
Old School: Locating
exploits
Old School: Locating
exploits
Old School: Getting
Exploits
Information Gathering
Probe
Attack
Advancement
Infiltration/Extraction
Professionals
Most often, professional ethical hackers rely on
“Vulnerability Scanners” to perform their jobs.
Nessus
Retina by eeye
Network Associates CyberCop
H.E.A.T.
Internet Security Systems Internet Scanner
(see http://www.networkcomputing.com/1201/1201f1b1.html)
Professionals
Exploit Selection
Target Selection
Attack
Skript Kiddies: Exploit
Selection
Nearly identical to the “Old School” method of
locating exploits, skript kiddies generally use
Search engines to locate exploits
Exploit Selection
Target Selection
Attack
Defacement
Web Defacement
Amateur defacers
usually stick with
one exploit and
one target
platform,,,
Defacer’s Exploit
Selection
An attacker’s level of comfort with an Operating
System will often decide the types of exploits used
UNIX-based attackers often opt for C-based remote overflows
Windows-based attackers often opt for perl-based remote
overflows, visual basic tools, or command-line “net”
commands
Attackers with only browser-based experience or simplistic
attackers seeking privacy through proxies will opt for URL-
based attacks such as UNICODE or DECODE, Front Page
exploits, or PHP-Nuke attacks
Defacer’s Search for
Exploits
http://johnny.ihackstuff.com/security/googledorks.shtml
Defacer’s Target Selection:
Web Searches
Google query: intitle:”Index of” “Apache 1.3.11”
http://www.netstat.ru
Defacer’s Target
Selection: Host Scanning
Nmap’s OS
detection feature (-
O) provides a
decent guess as to
the operating
system of the
target
Defacer’s Target
Selection: Host Scanning
http://packetstormsecurity.com
provides a great resource for
custom vulnerability scanners.
Defacer’s Attack