• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Methodology hackers use for an intrusion to a network

By Abhishek Ghosh February 1, 2011 9:32 pm Updated on February 1, 2011

Methodology hackers use for an intrusion to a network

Advertisement

This article aims to explain the methodology generally used by hackers to break into a computer system. It does not explain how to compromise a system but to understand how it may be better able to withstand them. Indeed, the best way to protect your system is to proceed in the same way that hackers to map the vulnerabilities of the system. So this article gives no details on how vulnerabilities are exploited, but explains how to make them identify and correct them. Overall methodology The hackers who intend to break into computer systems looking for a first time faults, that is to say, harmful to the security vulnerabilities of the system, the protocols , the operating systems , applications or even the staff of an organization! The terms of vulnerability, breach or language more familiar security hole are also used to designate security flaws. To implement a feat (it’s the technical term meaning exploit a vulnerability), the first step of the hacker is to get as much information on the network architecture and operating systems and applications running on it. Most attacks are the work of script kiddies trying stupidly exploits found on the internet without any knowledge of the system or the risks associated with their act. Once the hacker has established a mapping system, it is able to implement deeds relating to versions of the applications he has identified. First access to a machine it will expand its efforts to retrieve other information, and possibly extend its privileges on the machine. When an administrator access (root is the term generally used) is obtained, it is called compromise of the machine (or more accurately root compromise) because the system files may have been modified. The hacker then has the highest level of duty on the machine. If it’s a cracker, the last step is to cover his tracks, to avoid any suspicion on the part of the network administrator and compromise so that they can keep as long as possible control compromised machines. Recovering system information Obtaining information about the target network address, generally referred to as fingerprinting, is a prerequisite for any attack. It is to gather as much information about the communications infrastructure of the target network:

  • IP addressing
  • Domain Name
  • Network protocols
  • Enabled services
  • Server architecture

Consulting public databases By knowing the public IP address of a network host or just the domain name of the organization, a hacker is potentially capable of knowing the address of the entire network, that is to say range of public IP addresses belonging to the target organization and its division into sub-networks. Consultation Search Engine Mere consultation search engines can sometimes glean information about the structure of a company, the name of its main products, even the names of certain individuals. Scanning the network When the network topology is known by the attacker, he can scan (sweep the term is also used), that is to say, determined using a software tool (called a scanner) what IP addresses are active on the network, open ports corresponding to services available, and operating system used by these servers. One of the most popular tools for a network scanner is Nmap , recognized by many network administrators as an essential tool for securing a network. This tool works by sending packets of TCP or UDP to a set of machines on a network (determined by a network address and mask), then analyzes the responses. According to the shape of the received TCP packets, it is possible to determine the remote operating system for each machine scanned. There is another type of scanner, called passive mapper (one of the best known is Siphon ), to know the physical network topology of the strand on which the mapper analysis packages. Unlike previous scanners, this tool does not send packets on the network and is totally undetectable by the intrusion detection systems . Finally, some tools can capture X connections (an X server is a server that manages the display of machine type UNIX ). This system has the characteristic that they can use the display of the stations on the network, to consider what is displayed on screens and possibly intercept the keys entered by users of vulnerable machines. Banner reading When the network scan is finished, just the cracker to examine the log file (log) tools used to find the IP addresses of machines connected to the network and open ports on them. Open port numbers on the machines can provide information on the type of service and thus open the invite to ask the service to obtain additional information about the server version information in so-called “banner”. Thus, to determine the version of an HTTP server, simply connect to the Web server telnet on port 80: telnet www.thecustomizewindows.com 80 then ask the homepage: GET / HTTP/1.0 The server then responds with the first lines: HTTP/1.1 200 OK Date: Mon, Fev 3 , 2011 6:22:57 p.m. GMT Server: Apache/1.3.20 (Unix) Debian / GNU The operating system, server and version are then known. Social Engineering The social engineering (in English “Social Engineering”) is to manipulate human beings, that is to say, to use exaggerated naivete and kindness of network users, for information on it. The method includes contacting a user of the network, usually posing for someone else to obtain information on the information system or possibly directly to obtain a password. Similarly a security hole can be created in the remote system by sending a Trojan horse for some users. Just a user executes the attachment to an internal network access is given to the aggressor outside. That’s why the security policy must be comprehensive and incorporate human factors (eg user awareness to security issues) because the security level of a system is characterized by the level of its weakest link low. Identifying vulnerabilities After establishing the inventory of software and possibly hardware, it is the hacker to determine whether vulnerabilities exist. There are scanners and vulnerability allowing administrators to submit their network penetration testing to see if some applications have security vulnerabilities. The two main vulnerability scanners are:

  • Nessus
  • SAINT

It is also recommended that network administrators to check the sites regularly maintaining a database of vulnerabilities: SecurityFocus / Vulnerabilities Thus, some agencies, particularly the CERT (Computer Emergency Response Team), are responsible for capitalizing on vulnerabilities and federate information on security issues. CERT STI community dedicated to Industry, Services and Tertiary French, CERT IST dedicated to the French administration, CERT RENATER dedicated community members GIP RENATER (National Network of Telecommunications for Technology, Education and Research). The intrusion When the attacker has compiled a resource mapping and machines on the network, it is able to prepare his intrusion. To enter the network, the attacker needs access to valid accounts on the machines he has identified. To this end, several methods are used by hackers: Social engineering is to say by contacting some network users (by email or by telephone) to extract information about their login and password. This is usually done by posing as the network administrator. The consultation of the directory or messaging services or file sharing, to find valid usernames The exploitation of vulnerabilities in the Berkeley R commands *. The brute force attacks (brute force cracking) of trying to automatically different passwords on a list of account (eg identifier, optionally followed by a digit, or the password is password or passwd , etc.). Extension of privileges When the attacker has obtained one or more network access by accommodating one or more accounts poorly protected, it will try to increase its privileges by gaining root access , one speaks well of extension of privileges. Once a root access has been obtained on a machine, the attacker has the opportunity to examine the network for additional information. It is possible to install a sniffer , that is to say, a software capable of listening (the term reniffler, sniffing or English, is also used) network traffic to or from destination machines located on the same strand. Using this technique, the attacker can hope to recover the username / password allowing access to accounts with extensive privileges on other machines on the network (eg access to an administrator account) to to be able to control a larger portion of the network. NIS servers on a network are also prime targets for hackers because they are full of information on the network and its users. Compromise Thanks to the previous steps, the hacker was able to compile a complete map of the network, machinery therein, their flaws and has root access on at least one of them. It is then possible to expand further its activities by exploiting the trust relationships between different machines. This spoofing technique, called spoofing allows the hacker to enter privileged networks to which the compromised machine has access. Backdoor When a hacker managed to infiltrate a corporate network and to compromise a machine, it can happen that he wants to return. To do this it will install an application in order to artificially create a security vulnerability, it is called backdoor. To Remove When the intruder has obtained a level of control over the network, it has yet to erase the traces of its passage by deleting the files it created and cleaning the log files of the machines in which he introduced is to say, by deleting lines of activity on its shares. Moreover, there is software called “root kits”  to replace the system administration tools for modified versions to mask the presence of the hacker on the system. Indeed, if the administrator connects together the hacker, it is likely to notice that the pirate services launched or just another person that he is connected simultaneously. The purpose of a rootkit is to deceive the director in him hiding the reality. Conclusion It is up to any network manager connected to the Internet to ensure its security, and therefore to test faults. That’s why a network administrator must be aware of vulnerabilities in software they use and to “get into the shoes of a hacker” to try to break into his own system and to be continually in the context of paranoia. When skills within the company are not sufficient to carry out this operation, it should be an audit by a company specializing in computer security. Signature

Advertisement

---

Tagged With methodology followed by the hackers to attack a web server , the methodology followed by the hackers to attack a web server , explain the following steps taken by a hacker to compromise a network resource , hacking methodology , what are the methodology of securing the internet from hackers , What is generally the first step taken by a hacker to compromise a system in which information about the system is obtained?

This Article Has Been Shared 120 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Methodology hackers use for an intrusion to a network

  • Self Hosted WordPress on Cloud Server for Dummies

    Self Hosted WordPress is itself a scary phrase to a non-tech person and add Cloud Server on it. Here is Very Easy Guide to under Self Hosted WordPress.

  • Is Everything is Safe in the Cloud ?

    Is Everything is Safe in the Cloud ? We are representing here few popular systems and highlighting especially the security aspects of the Public Cloud services.

  • Secure Connection to Cloud Infrastructure by VPN Tunnel

    Secure connection to Cloud Infrastructure by using VPN Tunnel – on Secure Cloud Computing Guide, we pointed the importance of the connecting device.

  • What are ASCII art and emoticons

    You have probably seen pictures “written” inside text files within a downloaded zipped file or obviously used a colon, followed by a close part of first bracket. These are ASCII art and emoticons.

  • Cloud Computing Risk Analysis

    Cloud Computing Risk Analysis is an important administrative and marketing task. ENISA itself has a pdf guide. However, we will cover a generalized idea.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is ChatGPT? February 3, 2023
  • Zebronics Pixaplay 16 : Entry Level Movie Projector Review February 2, 2023
  • What is Voice User Interface (VUI) January 31, 2023
  • Proxy Server: Design Pattern in Programming January 30, 2023
  • Cyberpunk Aesthetics: What’s in it Special January 27, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Methodology hackers use for an intrusion to a network," in The Customize Windows, February 1, 2011, February 4, 2023, https://thecustomizewindows.com/2011/02/methodology-hackers-use-for-an-intrusion-to-a-network/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT