We’re here to try and make sense of it all. Presented below is important information that everyone from a beginner to a hardened expert will need for offensive or defensive hacking. The most common tools, the stages, the process, the quick cheats and more. We’ll often go back and forth between the point of view of a malicious adversary and that of a defensive hacker (pentester). This will help us understand the big picture. So let’s get started.
Your hacking toolset is your everything
Your toolkit is your weapon and your shield. It’s the most critical asset you possess, second only to actual hands-on experience. In cyber security, you have to be a master of all trades. Below are all the different kinds of tools you must have in your toolbox and a few examples:
Password cracking software: ophcrack, Proactive Password Auditor
Network scanners: Nmap, NetScanTools
Network vulnerability scanning software: LanGuard, Nexpose
Network analyzing: Cain & Abel, CommView
Wireless network analyzers: Aircrack-ng, CommView for WiFi
File search utility: FileLocator
Web application vulnerability scanning software: Acunetix Web Vulnerability Scanner, AppSpider
Database security scanners: SQLPing3
Exploit software: Metasploit
Remember, this is not an exhaustive list, but a
guideline . These were the most common tools that I find myself returning to over and over. Your journey may be different, but all our goals are aligned.
Common Attack Vectors
All experienced hackers and penetration testers have their own way of doing things, but they’re largely different flavors of the same process. Check for open ports, vulnerable services, outdated software etc. and attack. Over time, a pattern emerges…
People get lazy and choose weak passwords
People get annoyed and close the frequent update notifications (Adobe Reader, I’m looking at you), leaving them with potentially vulnerable software
People never expect that they may be open to attack. “Surely, it can’t happen to me. That’s just something you read about in the news”. They let down their guard and then it does happen to them.
It makes sense to begin your testing with the most common vulnerabilities. The following physical and digital security flaws should be at the top of your checklist when carrying out a penetration test:
Gullible and overly-trusting users
Unsecured building and computer room entrances
Discarded documents that have not been shredded
Storage devices (hard disks, pen drives) that have not been securely erased of sensitive data
Network perimeters with no firewall protection
No intrusion detection systems
Default passwords
Poor, inappropriate, or missing file and share access controls
Unpatched systems that can be exploited easily using popular tools such as Metasploit
Online access portals with weak authentication mechanisms
Insufficient or outdated password storage methods (eg: MD5 hash)
Insecure routers
Guest wireless networks that allow the public to connect into the corporate network environment
Employee hardware lacking full disk encryption
Mobile devices with little to no mandatory protection
Weak or no application, database, and operating system passwords
COMMONLY HACKED PORTS
Everyone knows to secure common ports, such as TCP port 80 (HTTP) - but other ports may get overlooked and hence be open to attack. In your security testing, be sure to check these commonly hacked TCP and UDP ports:
TCP port 21 — FTP (File Transfer Protocol)
TCP port 22 — SSH (Secure Shell)
TCP port 23 — Telnet
TCP port 25 — SMTP (Simple Mail Transfer Protocol)
TCP and UDP port 53 — DNS (Domain
No comments:
Post a Comment