The Security Report is a monthly publication that provides an in depth analysis of the techniques and tools that a hacker could use to compromise our customers’ computer systems. It also presents practices and procedures our customers can use to secure and protect their systems from attacks. Each Security Report covers one major security issue in detail.
Introduction:
This security report will cover the basic methodology a hacker would use to compromise a server. Each step will be outlined to explain why the hacker is taking this step and the information or access the hacker hopes to obtain. After the step has been outlined the techniques and tools the hacker will use to complete this step will be covered. The techniques describe, in detail, what the hacker can discover using that method. Tools tie in directly with the techniques to aid the hacker in the discovery of sensitive information.
An attack can be separated into five categories; each category may change slightly depending on the target machine and the methodology of the hacker, however an attack often requires some form of each of these steps to complete successfully. The steps include: Data Gathering, Exploitation, Elevate Privileges, Cover Tracks and Install Tools, and finally Gather any sensitive information from the target machine.
Data Gathering – In this step the hacker will attempt to learn as much information about the target machine and target's organization as possible. This includes business information and server specific information.
Exploitation – Any vulnerabilities found in the Data Gathering phase will be tested for exploitability, feasibility and damage potential. In this step hacker is trying to find the most powerful vulnerability with the least amount of difficulty and the least possibility of being traced or discovered.
Elevate Privileges – Often an exploited vulnerability will only award the hacker with limited or user privileges. In order to install a rootkit, cover tracks, and gather all sensitive information, more privileges are required. In this step the hacker will use any means necessary to elevate his privileges to administrator or root.
Cover Tracks and Install Tools – As soon as possible the hacker wants to destroy any record that the system has been compromised, thus providing more time to gather information and lessen the possibility of getting caught. Many tools may be utilized to aid the hacker in covering their tracks including destroying logs, installing backdoors, key loggers, and other rogue applications.
Gather Sensitive Information – Once each of these steps has been completed the hacker can finally reap the fruits of his efforts. The hacker can gather any information that looks interesting, including but not limited to company secrets, e-mail, phone, and home address lists, source code and username and password lists. Because of the advanced techniques used in a good rootkit, hacker activity can occur without giving any clues to the Administrator. A rootkit is a set of tools a hacker can use to create backdoors, capture passwords, and hide all tools used in the compromise of the server.
| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Next>> |
Provided by: Security Innovation, The Application Security Company