Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Advanced Infrastructure Penetration Testing

You're reading from   Advanced Infrastructure Penetration Testing Defend your systems from methodized and proficient attackers

Arrow left icon
Product type Paperback
Published in Feb 2018
Publisher Packt
ISBN-13 9781788624480
Length 396 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Chiheb Chebbi Chiheb Chebbi
Author Profile Icon Chiheb Chebbi
Chiheb Chebbi
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Introduction to Advanced Infrastructure Penetration Testing 2. Advanced Linux Exploitation FREE CHAPTER 3. Corporate Network and Database Exploitation 4. Active Directory Exploitation 5. Docker Exploitation 6. Exploiting Git and Continuous Integration Servers 7. Metasploit and PowerShell for Post-Exploitation 8. VLAN Exploitation 9. VoIP Exploitation 10. Insecure VPN Exploitation 11. Routing and Router Vulnerabilities 12. Internet of Things Exploitation 13. Other Books You May Enjoy

Hacking concepts and phases

Hacking refers to the gaining of unauthorized access to a system to disclose data, exploiting vulnerabilities within information system. In this section, we will discuss types of hackers and hacking phases.

Types of hackers

We can classify hackers into categories based on their intentions. If the aim of the hacker is to damage or to steal information, then they are classed as a black hat hacker. If it is a security professional with the goal of securing a systems, then they are classed as a white hat hacker. The description is as follows:

  • Black hat hackers: These are individuals or groups that use their computer skills to gain access to information using malicious techniques, for various reasons, for example, financial gain.
  • White hat Hackers: These are information security professionals. Their main role is to protect information systems against black hat hackers.
  • Gray hat hackers: These work both offensively and defensively.
  • Script kiddies: Usually, these are unskilled individuals who use tools and scripts, without knowing how they work.
  • Hacktivists: These are hackers with a political agenda or defenders of a cause.

Hacking phases

For a hacking attack to succeed, the operation must follow a set of phases.

Reconnaissance

In this first phase, before taking any action, the attacker must be prepared by carrying out an information-gathering exercise on the target. The attacker collects, from many sources, every piece of publicly available sensitive information, such as target clients, employees, and network information. At the end of this phase, the hacker will have a clear view of the network (domain name, IP ranges, TCP/UDP services, and authentication mechanisms), the system (user/group names, system banners, and system architecture), and organizational information (employee details, press released, and location). There are two types of reconnaissance or footprinting.

Passive reconnaissance

Passive reconnaissance involves acquiring information about the target without directly interacting with it, for example, searching public information.

Active reconnaissance

Active reconnaissance involves interaction with the target, for example, calling technical support to gain some sensitive information.

Reconnaissance is not only technical. It is also an important weapon of competitive intelligence. Knowing some financial aspects of the target could mean that the attack succeeds.

Scanning

After gathering a good amount of information on the target, the attacker has to scan it to reveal useful information about the system and use this information for the next phase (the gaining access phase). During this process, the attacker will look for different types of information, and for that, he will use different types of scanning.

Port scanning

Port scanning is the process of sending packets to a target with the aim of learning more about it in association with well-known port numbers. There are two categories of port scanning: TCP scanning and UDP scanning. To attempt port scanning, it is recommended you to use Nmap, which is an open source port scanner and network exploration tool.

Network scanning

Network scanning describes the process of locating all the live hosts on a network. Scanning a range of IPs is a type of network scan. The basic technique to discover live hosts is a ping sweep. It simply sends ICMP echo requests to multiple hosts from a range of IP addresses. Hping2 is an easy command-line network scanner for TCP/IP protocol.

Vulnerability scanning

During this subphase, the attacker tries to identify weaknesses in the target. The main aim of this type scanning is to find a potential way of exploiting the system. There are a variety of tools for vulnerability scanning, such as Nessus, Nexpose, and many other scanners.

Gaining access

At this stage, the attacker already has what they need to launch their attack, including IP range, identified systems, services, user lists, security vulnerabilities, and flows. Now they only need to bypass security controls to gain access to the system, using several techniques such as password cracking, social engineering or privilege escalation, and gaining other user permissions.

Maintaining access

Mostly, the aim of a hacking attack is not only to get information using unauthorized access, but to also maintain that access. Every day, attackers are coming up with new ways to maintain access. The most well-known technique is hiding files from the system owner and users to avoid being caught.

Clearing tracks

The final phase of every successful hacking attack is clearing the tracks. It is very important, after gaining access and misusing the network, that the attacker cover the tracks to avoid being traced and caught. To do this, the attacker clears all kinds of logs and malicious malware related to the attack. During this phase, the attacker will disable auditing and clear and manipulate logs. The order of the hacking phases is shown here:

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image