Forem: AMI_GOT_BUGGED

Hacking 101 — Footprinting (Theory Part-1)

AMI_GOT_BUGGED — Sun, 10 May 2020 12:59:04 +0000

Hacking 101 — Footprinting (Theory Part-1)

Hello Guys! So, as we ended up with the first article about the Basic Concepts of Networking-OSI Model and TCP/IP Model. This day, we start with some tweaking related to the Footprinting and Reconnaissance.

Have you ever come across an episode of SHERLOCK? If not, I would definitely suggest you to. Ever, witnessed a detective trying to trace the attacker following the prints and the hints left behind. What if there is nothing left to work upon? Will the mystery solve? Similarly, if you want to apply any penetration test or vulnerability assessment on a device or want to gain its access, Footprinting makes it easy to get to know about the whereabouts of the device.

What is Footprinting?

Footprinting allows you to gather information about the device on which you are trying VA/PT. This helps you to gain information on the target PC. Now there are various factors on which the system tries to gain the information on as:-

Network information

Domains, Subdomains, IP addresses, Whois and DNS records

System information

Web server operating systems, Server locations, Users, Passwords

Organization information

Employee information, Organization’s background, Phone numbers, Locations

Now if we go for the objectives of the Footprinting, they are:-

Learn security posture Analyze the security posture of the target, find loopholes, and create an attack plan.
Identify focus area Using different tools and techniques, narrow down the range of IP addresses.
Find vulnerabilities Use the collected information to identify weaknesses in the target’s security.
Map the network Graphically represent the target’s network and use it as a guide during the attack.

There are two types of footprinting — Active and Passive

When an attacker is in direct contact with the user or the victim to gain the information it’s known as ACTIVE FOOTPRINTING eg calling the victim etc.

This Includes:-

Performing WHOIS analysis
Performing Social Engineering
Performing Traceroute
Querying Published name server
Extracting DNS information
Using e-mail tracking
Web spiders

If the attacker tries to juice out information from the victim without coming into direct contact it’s said to be PASSIVE FOOTPRINTING eg Social Media information gathering etc.

This Includes:-

Finding Information with the help of Search Engines
Finding the TLD’s(Top-Level Domains) and Sub-Domains
Extract Information by the internet archive
Monitoring the website traffic of the victim
Tracking the online reputation of the target.

Now as we know why and where do we need Footprinting for, let us go for the HOW?

So Footprinting can be done by these methods.

Footprinting through search engines.
Footprinting through web services
Email Footprinting
Website Footprinting
Footprint through Social Network
Competitive Intelligence
Whois Footprinting
Network Footprinting
DNS Footprinting
Footprinting through Social Engineering

So as we have covered the methods and concepts of Footprinting, we will proceed with the tools and countermeasures for it in the coming up thread.

PS: We’ll be needing ParrotOS or KALI in the next thread.

Till then!!

Happy Reading :-)

-Amber Mishra

Hacking 101 — Phases of Attack

AMI_GOT_BUGGED — Tue, 07 Apr 2020 16:16:00 +0000

Hacking 101 — Phases of Attack

Hello readers!

So in the last article of the thread, we covered — Basic Concepts of Networking-OSI Model and TCP/IP Model. This gives you an overview of Networking and will only be required in some of the further articles, coming up. I’ll be covering the other concepts as soon as we proceed on this journey.

CSO ONLINE

Before getting on the journey, I would like to introduce you to it. I would like you guys to be comfortable and get amiable with the Phases of Attacks that will introduce you to the proceedings of Vulnerable Assessment(VA) and Penetration Testing(PT). As we know categorization and flowcharting play a vital role in visualization and understanding of the content. These phases will be completed and covered in detail in the next releases.

These phases are also categorized into 5definite steps.

1.Footprinting and Reconnaissance

This is the primary information that a penetrator tries to gain.Footprinting allows you to gather information about the device on which you are trying VA/PT. This helps you with the sensitive information of the target machine. It also involves Social Engineering.This includes the information as Domain name,IP Addresses,Namespaces,Employee information,Phone numbers,E-mails,Job Information, etc.

2.Scanning and Enumeration

Once you do footprinting and reconnaissance, you get your domain a bit focussed the further attacks. In scanning and enumeration, you use further techniques to continue to exploit and gather more in-depth information on the same field i.e. scrutinized during the examination of the network earlier.This gives up all the vulnerabilities of the victim. Tools that we may employ during the scanning phase can include dialers, port scanners, network mappers, sweepers, and vulnerability scanners.

3.Gaining Access

After you have collected all the information in the initial two phases, you use them to gain access to the victims' device. A blueprint is created by the tester based on the Phase1 and Phase2 information. This is the main penetration phase where all the jiggly stuff takes place. In this phase, all the vulnerabilities are exploited extensively one-by-one. The method of connection the penetrator uses for an exploit can be a local area network (LAN, either wired or wireless), local access to a PC, the Internet, or offline. Examples include stack-based buffer overflows, denial of service (DoS), and session hijacking. Gaining access is known in the testers' paradise.

4. Maintaining Access

Once, access has been gained, it's very important to maintain it for further use. Once the penetrator has gained access, they want to keep that access for future exploitation and attacks. Sometimes, they harden the system from other exploiters or security personnel by securing their exclusive access with backdoors, rootkits, and Trojans. Once the tester or miscreant owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system.

5. Covering Tracks

If you are already jumping with joy after these 4 steps, probably it’s an early celebration. Why? Let me tell you. After the attack has been done and the security has been compromised, the security response teams or the victim will come after you. It’s very important to cover your own tracks or else you’ll end up uncovering your own coven. Penetrators try to remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms. Examples of activities during this phase of the attack include steganography, the use of tunneling protocols, and altering log files.

So here was the quick input on the major 5 stages that takes place during the VA/PT process.

PS: All the phases will be described further in the next articles of the thread. Till then,

Happy Reading!

-Amber Mishra

Basic Concepts of Networking-OSI Model and TCP/IP Model

AMI_GOT_BUGGED — Thu, 02 Apr 2020 08:59:47 +0000

Hello Readers!

I know we all want to skip to these basics and directly want to jump to the place where there are codes, tools, and tweaks that will be applied to start all the sneaky tech we have been boasting about from the beginning. Perhaps I’m eager too, to start covering those topics. But, we know that without having any building blocks the further topics are gonna look greek Zuzu to you.

So let’s start with the Basic Concepts of Networking. Starting with the OSI model and then further with some necessary packet headers, protocols and port numbers.

OSI (Open System Interconnection) MODEL

It’s a 7-layer reference model that is used by all the communicaion systems to maintain a standard for every function they perform. This helps them to communicate easily with each other and also for understanding and categorization of the same. This also helps the communication system device vendors to build an architecture for the same amicably.

So, I would like to keep this explanation in the form of a string of situations and would try to cover the concepts for all of them as we proceed.

Have you ever used an online banking system or any social media website?

When you connect to the internet or when you put the ethernet cable that comes under the Physical Layer(1).

Physical Layer consists of the physical transmission medium for transferring the raw and unstructured data.

Now when the network connectivity is established, how the data would be encapsulated for the further layer and medium of access over the network in the responsibility of the Data Link Layer(2).

Data Link Layer provides the node-to-node transfer. It is responsible for the protocol to be established. This layer has two sublayers.

MAC(Media Access Control) Layer:- This layer has it’s role to control how the devices gain access to medium and permission to transmit data.

LLC(Logic Link Control) Layer:- this identifies to encapsulate the network layer protocol, checks error and synchronizes.

When the data is encapsulated it gets converted to the packets at Layer 3 — The Network Layer(3). In this layer, the packets can travel to different networks as well.

Network Layer converts the data into packets and helps it to send to various networks. The data on this layer travels using IP addresses, with the help of which the data reaches its destination.

Now when the data packet is being sent over the network, there will be protocols that help them over the network and ensure that how the data is being transferred. Now the Transport Layer(4) is responsible for it.

The transport layer provides the functional and procedural means of transferring variable-length data sequences from a source to a destination host while maintaining the quality of service functions. They can ensure the reliability of the link as they do error checking during Segmentation/Desegmentation, with the help of which they can resend the packet from where it failed.

There are two types of protocols in it.

TCP(Transfer Control Protocol):- This protocol ensures that the data is transferred. Thus, this uses a 3-way handshake methodology.

In the three-way Handshake, the client starts communication with a server by sending a SYN packet, to this synchronization packet the server sends a SYN/ACK, where a Synchronization request is sent and also an acknowledgment is done for the previously received sync packet. To the now received SYN packet from the server, the client sends an ACK packet for the acknowledgment of the received SYN packet from the server.

This makes the TCP a reliable source to send messages, for the highest priority. For example, the Net banking Transaction, log in and etc.

UDP(User Datagram Protocol): This protocol is not so reliable, it doesn’t ensure that the packet has reached the destination. Therefore not so important things are sent over UDP, for example, VoIP packets.

Now, when the data is transferred, a session is created between you and your banking server. The process of creating a session and providing you with a secured Session-Id is done by the Session Layer(5).

The session layer is responsible for the dialogues between the systems. It can establish the procedures for checkpointing, restarting or suspending an ongoing connection.

Now, when the session has been established the data is shown into several forms and using various languages. Thus this is also known as the syntax layer. This provides the interdependency of choosing the form of representation of data. This is done by the Presentation Layer(6). The language in which the page of the Net-Banking is written comes in this layer.

Data can be written in various forms and languages like Python, XML, etc and then are further encoded in various ways. This layer presents the structures of the various encoding rules.

When the encoding has been done, it’s time for the visibility of the data. The data can be shown on various codecs and applications which is considered into Application Layer(7). Therefore, when you see that Net Banking webpage, that is shown by the Application Layer.

Application-layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. The most important distinction in the application layer is the distinction between the application-entity and the application.

TCP (Transfer Control Protocol) Model

The TCP Model is also a reference model that came after the OSI Model. The TCP model came to cut-short the OSI Model and reduce the strict boundaries at each layer. Thus this model was made of 4 layers including and combining some of the OSI Layers into one.

Therefore, we can see how the layers are mixed into one to form the TCP Model.

The final scenario of the OSI Model and the TCP Model is given in the figure below. This shows the protocols on each layer of both the models.

If you have any doubts regarding any of the layers, feel free to ping in the comment section below.

Get Live with Hacking 101 — Pilot

AMI_GOT_BUGGED — Wed, 01 Apr 2020 16:15:56 +0000

Get Live with Hacking 101 — Pilot

Have you ever dreamt of sitting in a dark room wearing a hoodie? A room where you can only see laptops, PCs and bigger screens with red and green lights surrounding you. Yes! cutting the lost story short, have you ever thought of being a hacker? If your answer is YES! Then this coming thread is for you.

Source: Avast

Hello reader, I’m Amber Mishra and I’ll be taking you on a roller coaster ride where the hacking concepts won’t be a dream for you anymore. I’ll be introducing you to the concepts of Vulnerable Assessments and Penetration testing.

This thread will be well-curated from the basics to everything that you want to know for the same. So, this is going to be a journey that will take you from being a noob to a chieftain in the domain.

Source: Incognito Forensics

I’ll be covering the following topics in this:

1) Footprinting and Reconnaissance

2)Scanning and Enumeration

3)Vulnerability Analysis

4)Malware Threats

5)Sniffing and Social Engineering

6)Denial-of-Service

7)Session Hijacking

8)Bypassing IDS, Firewalls, and Honeypots

9)Hacking Web servers

10) Hacking Web Applications

11)SQL Injections

12)Hacking Wireless Networks

13)Hacking Mobile Platforms

14)IoT hacking

15)Cloud Computing

16)Cryptography

Before starting with these topics I would also like to introduce you to the basic concepts of Networking, and terms that will be handy for you to go through the coming up threads. If you want me to address something more, feel free to mention it in the comments sections.

Starting with — Setting up Kali, MAC Spoofing, IP spoofing

PS- These threads will be just for the awareness and I don’t take responsibility for any of the stale use of it. I do not promote any wrong use of it.

-Amber Mishra