Intro to the Hacker Methodology

[mrflex]

Intro to the Hacker Methodology
By Mr Flex

Introduction
During this tutorial I will be introducing you to the hacker methodology. This tutorial is going to be fairly short and sweet but should provide you with a basic methodology you can use when performing a hack or penetration test. I hope that by the end of this tutorial you will understand the steps required for you to perform a successful hacking attack. This is based off of other hacking methodologies I have seen before.  I will be posting detailed tutorials on Information gathering – Post Exploitation sometime soon, the goal of this tutorial is just to give you an overview of the various steps in the Hacker Methodology.


Planning
The planning stage is where the attacker defines what objectives they would like to accomplish during their attack. This may include things like intellectual property theft, stealing credit card numbers, website defacement, getting root access (for the fun of getting root access :/) or something else. Who knows maybe the hacker just wants to have a look around the system.


Information Gathering
Information Gathering is the process of gathering information on the target organization. There are two types of information gathering active and passive.

Passive Information Gathering
Passive information gathering is using search engines like Google and Shodan along with databases like the Edgar database and looking at other publicly available records like whois domain name lookups. It also involves things like searching the company website for details about employees. Many company websites are very verbose about the various details of their websites; also remember interns usually know little to anything about security and usually use weak passwords.

Active Information Gathering
Active information gathering is actively probing the network, this includes things like port scanning, banner grabbing and running vulnerability scanners (noisy as hell don’t recommend for highly secured environments).


Exploitation
Exploitation is where you actually exploit the target. This can involve things like Web Application attacks like XSRF, XSS and SQL Injection, exploiting software vulnerabilities like Stack Based Overflows, Heap Based Overflows, Off By One vulnerabilities and format string exploits. It also may involve doing things like performing a DDOS attack, or performing a social engineering attack. Note that you rarely ever use just one exploit you almost always use multiple exploits to get to where you would like to be.

Post Exploitation
Post exploitation where you accomplish the goal you have originally set out to do this may include things like defacing the website, stealing intellectual property etc.



Comments
Let me know what you think! I try to make my tutorials as clear and concise as possible!

My Policy
I am not responsible for anything you do with this tutorial.

Dedication
This tutorial is dedicated to anyone and everyone who understands that hacking and learning is a way to live your life, not just a day job or list of instructions.

[Darkvision]

First off, you seem to not know, or understand what this site is about. Not saying that any one of us hasnt done something black or grey hat. but this site certainly isnt dedicated to black hat hackers. That being said your entire premise that hacking= defacement, intellectual theft etc, is highly flawed. I will try to numerate just a few of them.


1. breaking into a system or network is not necessarily illegal, you could be doing it to something you own, or for that matter something you have permission to do these things to.


2. hacking is not just about computers, or even then not just about software. In that kind of case you may not even be looking for a true vulnerability(buffer over flow etc) but something that can be switched on or off, changed from one slot to another or otherwise making the native properties of said object different from what was intended by the manufacture/developer.


3. You're also ignoring several of the other "cornerstones" of hacking like dumpster diving, phreaking and social engineering(yes i know you mentioned this one once). You provide no examples, or even thoughts on them.  They are just as much about being a hacker, and the hacker mentality as breaching a system through exploits.


honestly i could go on a lot more about this, but i think those 3 things should provide some food for thought. Also albeit in my brief experiences here thus far, i really feel i should reiterate that the "slant" to this post is not going to go over well here. When writing anything like this you should always consider your target audience. this might work perfectly fine on say one of the .onion sites forums that primarily focus on black hat hacking and providing fodder for skiddies. but i dont feel it will go well over here, and certainly didnt go over well with me. The reason behind that is that i find it just as offensive from you as i would any idiot reporter on the news who thinks hacker is synonymous with "bad". The fact you seem to feel or think the same way just leaves a bad taste in my mouth.

[proxx]

I saw exactly the same on h3ckf0rums.not when i ran it in a search engine.
Did you copy/paste it ?

[s3my0n]

I saw exactly the same on h3ckf0rums.not when i ran it in a search engine.
Did you copy/paste it ?

Yeah it's a copy paste but it's by flex.
As for the content, the headings are bigger than the paragraphs
This is a map of basic server hacking process for those who are new to hacking.

[ande]

I fixed the formatting slightly. My eyes started bleeding from the huge headers.


Content-wise, this tutorial is rather short as already stated by the OP and really REALLY far from complete. I almost deleted this, but for the sake of not censoring and so forth I chose not to delete it.

@OP, I suggest you expand this tutorial if you want it to be useful for people. Have a look at http://evilzone.org/tutorials/getting-into-the-hacker-mindset/ and http://evilzone.org/tutorials/hacking-start-to-finish-(quick-list)/ perhaps you can get some ideas from there.

[Chef]

I wish it explained to me what the type of exploitations are and how to do them and when to do them.
I feel like I know less reading this.