Hello, this little post will explain in rough details how you start hacking a specific target.
First. There are many different ways going about this, but this is one way.
Information gatheringThe first thing you want to do when targeting a specific target is get as much information as possible before a front attack(if any, being quiet is much better)
Now this step can take ages if you really want a detailed level of knowledge. And if you are serious about hacking your target, you should be detailed here.
What sort of information do I look for you might ask yourself? Well, anything really. Anything surrounding the target and even things that surround things that surround your target. Here is a short list of things that might be useful;
- IP(s), some machines/domains/systems or whatever have multiple domains
- ISP(s), if small ISP(s), get owner details here as below
- Owner. Email, name, location, family, hobby's, Facebook account, phone number
- *Open ports. On ALL of the ips/servers if there are multiple
- Service signatures, find out as much as possible about all the open ports, are they in use? What software are they running at the other end? Do the services reveal any other information about the system? OS? Internal IPS?
- Hosters(In most cases there will be a hosting company)
- Hosters information - Owner and all of that(If the company is small)
- Hosters member system, how does the members login? Is there a login? Is there a forgot password function? Can you exploit the hoster instead?(might be easier in some cases)
- DNS records(if any), subdomains? Hidden domains/info? DNS hosters? Same as above.
- The physical server(s) location / datacenter
And the list goes on and on and on. Literally EVERYTHING about the company/system/server/target are relevant. The more info you got, the easier it will be attacking him/her/them/it.
You should decide if you want to target the system or the people of your target. That is, code/system flaws or human flaws(keyloggers, Trojans, social engineering, info gathering + password guessing, etc). This decision should depend on the information you find about your target. Both can be tried ofcourse, just make sure the target does not know you are trying to hack it, often one of the attempts will set off alerts.
This whole information gathering part might seem unnecessary, but really. Its neat, lets you put things in perspective so you can find the best point of entry.
The attackBefore an attack is lunched, there are a few things you need to think about. Here is a list of things you should think about;
- Will this company/target rage crazy if I hack them? If so, check 3rd point.
- Will police or other agencies be contacted if I hack them? If so, check 3rd point.
- *Is my privacy good enough? Are you behind a proxy(s)? Should you? Do the proxy log?(It shouldn't)
- Are they running any services at all? If not, you don't really have any virtual way in..
- Are they running web applications? These are typically easier to hack than services. And have a higher percentage rate of flaws.
- Do the target got a open router/switch/modem system? This often happens with home computers/networks.
- Are your target running platforms with logins? These could be targeted.
- Do you have enough time? Its a good practice to have time enough to do the entire attack in one go. Else you might fire off warnings for the target, and he can go into a bombshelter
We don't want that now, do we?
Now there are tree ways of attacking in this guide.
- Service/software exploitation
- Web application exploitation
- Human factor exploitation
Service/software exploitationHere you will exploit one or more services/programs running on the target system. In most cases, this will be called bufferoverflow. This can do everything from bypassing a login to give you instant shell access. In scenarios where the target is running services which is not a web server(can be tho) this might be the way to go.
Web application exploitationThis is without a doubt the most vulnerable field. Web applications are flawfull, 70% or so of all pages got some sort of web application flaw, this ofc may vary from an stupid XSS to a serious RFI. In scenarios where the target system are running a web server, this is the first thing to check. Do always check web applications before going on to service exploitation if you just want to get the target hacked.
Human factor exploitationNow if all other things fail, there is ALWAYS a human factor. This can be social engineering the target to give you limited access, and you work your way up from there. Or simply tricking the target to trust you and in some strange way share his password, perhaps not for the system you are targeting, but for his email or an online account or whatever, stupid people tend to use the same password or the same password syntax everywhere. Keep in mind that the human factor doesn't necessarily have to be your targets owner, could be the hoster, the DNS hoster, the ISP, family.
Finale noteIf you think its necessary, clear your tracks. If you ask me, if you can see that you have been there you didn't do it right. Take care, be safe.
Just my 11 cents
