Conclusion:

Within this report we've outlined the steps a hacker would take to compromise a server. Future Security Reports will cover the complete detail of each step. This report has provided the necessary groundwork to understand how a system becomes compromised and why the hacker attempts each step.

Data Gathering – In this step the hacker tries to gather as much information about the company and server as possible. Sensitive company information includes mergers, acquisitions or hardware purchases. Server information includes website searches, network block footprinting, ping, port, service, and vulnerability scanning.

Exploitation – Once the hacker has gathered enough information about the company and the target system the exploitation step will begin where the hacker searches for exploit applications, Proof of Concept code, misconfigurations or other systems that may be easier to access.

Elevate Privileges – If the vulnerability the hacker chose to exploit only rewards him with user privileges he must gain system, administrator or root privileges. Techniques for this include cracking or sniffing passwords, searching for cleartext usernames password pairs, exploit internal applications, or finding and exploiting trusted internal relationships between computers on the internal network.

Cover Tracks and Install Tools – As soon as possible the hacker must remove any sign the server has been compromised and hide the tools he has uploaded to complete the compromise.

Gather Sensitive Information – After the hacker has removed or modified the server's logs, installed all the necessary tools, and successfully hidden any trace of current activity he can gather, copy and remove any information on the server. The server may become a launchsite for future attacks as well.

<<Previous

1

2

3

4

5

6

7

8

9

10

11

Next>>

Provided by: Security Innovation, The Application Security Company