In this short guide I will be explaining the five fundamentals of basic hacking: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Your Tracks. All of the knowledge provided in this write-up is my own and has been acquired over a period of years. While it's not very in depth and may be rather redundant for some of you; I just wanted target the newly interested souls out there. With that being said lets have some fun and start with a discussion about what each of the fundamentals of penetration testing are all about. Ill apologize in advance for being so brief, but this guide is intended for users who have some basic knowledge of computers and networking. While that may be contradictory to my above statement, let me explain. You can know a great deal about computers and even networking but have little to no knowledge on the art of breaking into them. It’s important that you give me feedback, ask questions, and submit requests. After I received them I will append this article, create new revision for advanced users, create videos, and do everything in my power to enlighten you.
Disclaimer- Anyone reading this understands that any and all information in this guide is to be used for legal purposes and conducted in a controlled environment. This should not be used for any illegal purpose as that is NOT what I have intended it for.
This is the start of the information gathering process; it goes hand in hand with scanning. Reconnaissance is a very important part of the success of penetration testing due to the fact that the information you will gather here will decide what attack or exploit will be most likely to lead us to gaining access. In this process you will perform information gathering techniques such as social engineering attacks, war drives, port scanning, vulnerability testing, etc. I will be using any number of these in the exploits I’ll be outlining and performing in the videos. I’ll go farther into detail about some of tools and attacks that I find both moderately easy and useful. Patience is a virtue when it comes to recon, because information is sometimes hard to come by. One thing to keep in mind is slow is smooth and smooth is fast. I know it sounds like a catch-22, but in all reality if you take your time gathering as much useful data as possible then the outcome will be more fruitful.
Is the act of searching a network for vulnerabilities or hosts that may be susceptible to an attack or exploit. As I have mentioned before reconnaissance and scanning do go hand in hand. Some of the same techniques and tools will be used in scanning, but the overall information that you will be looking for will be on the network itself. In the previous step you may have gathered information from employees, company websites, surveillance, and the use of some scanning tools, but in this step you will be using tools that will map out the network and dig deep to find all the information associated with it. Some of the information that you will be gathering will include open ports, active I.P. addresses, operating systems, working vulnerabilities with those operating systems, etc. All this information and more will help you to build a proficient attack or exploit specific to a victim’s machine. It may take time, but sifting through and finding all the possibilities can prove to be rewarding.
Need I say more? Although this may be the hardest part of the penetration testing process; it also may be the most rewarding. If you took heed and were proficient in the last two steps then you should have enough information to launch multiple attacks and/or exploits against the victim. It is always important to think outside of the box when attempting this step. There is an endless supply of exploits and attacks already out there but as you get deeper into it, you will probably start building some of your own. So, as I said before think outside of the box. The attacks and exploits that I will show you are what have worked for me and may also work for you, but if they don’t you can always alter them and change them to meet your specific need. Here I can express the importance of vigilance and the major downfall of most people is complacency. In this step you will need to think fast and be very attentive, because as soon as you gain access there may be a window that pops up on a victim’s machine alerting them that there has been an alteration or worse, that pesky anti-virus may be asking for permission to terminate the connection. The key is quickly migrating into a process that the victim won’t kill. (e.g. explorer.exe)
This is also difficult, because as quickly as we gain access it can be taken away from us. Always remember you’re not the only one that has the knowledge to do the things you’re doing, and many people tend to take security measures. As bad as you want to beat the system, that is how bad the system wants to be unbeatable. Creating a “backdoor” is only used if you plan on returning to the victim at a later time, or if you are worried about the victim closing your original entry point. If you do create a backdoor then you will want to remove it after you are done. We will get into that on the next step. If creating a backdoor is of no interest then we would move on to the next step and make ourselves a GH05T by covering our tracks. It is paramount to become anonymous in an attack or exploit. Otherwise whatever remnants you left behind may point a finger directly at you and you may become the victim.
Covering Your Tracks
The process in which you make it appear that you were never there. It can sometimes be harder than it seems, but with a little ingenuity and by using tools designed for such tasks it can be mad very simple. The hardest part is gaining rights to the logs that you are trying to alter. Altering logs so that the victim can’t go back and view when you were there exploring is very important in all cases. You may have it set in your mind “Oh they are just an end user and it’s not like they will ever check the logs.” That my friend is complacency! And that will get you caught. Remember that the end user probably has a friend or knows someone who can go back and view all of your actions on the machine, especially if the victim thinks that sensitive data has been compromised. Don’t ever leave yourself vulnerable to someone else. Protect yourself and use anonymity with vigilance. Ignoring this step can be hazardous to the continuance of your penetration testing.
Ok so these are the fundamentals that got me started successfully planning and carrying out my attacks. I will start posting tutorials on how to exploit different aspects of a network and will likely create a series penetration testing a hardened virtual network. You can head over to the Videos page to start learning some of the basics by watching my fully explained video tutorials. If you have any questions, comments, or concerns please leave some feedback here or drop me a line on my contact page. Good luck and Happy Hunting...