|
Step
|
Objective
|
Techniques
|
Tools
|
|
1 Footprinting
|
adress range, namespace, informations
|
search engines, whois, DNS, zone transfer
|
whois, host, usenet, edgar db, dig, nslookup, samspade, google, bing
|
|
2 Scanning
|
identification of services, entry points
|
ping sweep, TCP/UDP scan, OS detection, protocols
|
nmap, superscan, scanline, unicornscan, firewalk, paketto, queso, siphon, nbtscan, snmpwalk, onesixtyone
|
|
3 Enumeration
|
identifying valid user accounts, poorly protected shares, services
|
list user accounts and shares, banner grabbing, fingerprinting
|
nmap, amap, dumpsec, sid enum, nat, legion, dcetest, rpcinfo, showmount, netcat, telnet
|
|
4 Gaining Access
|
when enough data is gathered, attempt to access system/network
|
password eavesdropping, online password cracking, exploiting, search for exploit
|
tcpdump, wireshark, nat, legion, tftp, pwdump, ttdb, bind, IIS .HTR/ISM.DLL, dsniff, ettercap, hydra, brutus-aet2, metasploit, remote exploits
|
|
5 Privilege Escalation
|
if only user level acces with last step, gain complete control (root/admin)
|
local password cracking, known local exploits
|
rainbow crack, john the ripper, ophcrack, l0phtcrack, local exploits
|
|
6 Pilfering
|
gain access to trusted systems/network
|
evaluate trusts, search for cleartext passwords, abuse routing, hijacking, sniffing
|
rhosts, hosts, lsa secrets, user data, config files, registry, scripts, irpas, yersinia
|
|
7 Covering Tracks
|
ownership system completed, hiding intrusion
|
clear logs, hide tools, install rootkit
|
logcleaner-ng, winzapper, rootkits, file streaming
|
|
8 Backdooring
|
configuring trap doors to easily regain privileged access
|
create user, schedule batches, infect startup files, trojanisation, remote control, covert channels
|
cron, at, rc, netcat, cryptsat, sbd, keystroke loggers, fpnwclnt.dll, vnc
|
|
9 Denial of Service
|
if attempt of hack not successful, disable target (revenge)
|
SYN flood, ICMP techniques, SRC/DST-requests, DDoS
|
smurf, bonk, jolt, land, nestea, newtear, syndrop, teardrop, winnuke, trinoo, tfn2k, synflood
|
