KALI LINUX TUTORIAL
i just started an kali-linux course ...so to this just stick with me(zerocool)..and subscribe this blog through E-mail updating service
or you can download my blog android app where you can easily get updating of all the new article
thats it here we are now i am gonna write some theory to build your concept along with all the practical as much as possible by me
so we all started with basic standard.
because before attacking into any system or organisation we all have to know all the information about the company.
"i think an good hacker is one who can just escape by hacking without leaving any trace of his identity"
so begin with from bottom of the hacking knowledge..
The Attacker’s Process:-
There are many ways an attacker can gain access or exploit a system. No
matter which way an attacker goes about it, there are some basic steps
that are followed:
1. Passive reconnaissance.
2. Active reconnaissance (scanning).
3. Exploiting the system:
Gaining access through the following attacks:
a.Operating system attacks
b.Application level attacks
c.Scripts and sample program attacks
f.Elevating of privileges
h.Denial of Service
4. Uploading programs.
5. Downloading Data.
6. Keeping access by using the following:
. Trojan horses
7. Covering tracks.
Note that it is not always necessary to perform all of these steps, and in
some cases, it is necessary to repeat some of the steps. For example, an
attacker performs the active and passive reconnaissance steps and, based
on the information he gathers about the operating systems on certain
machines, he tries to exploit the system. After unsuccessfully trying all
sorts of operating system attacks (Step 3), he might go back to Steps 1and 2. At this point, his active reconnaissance will probably be more in
depth, focusing on other applications that are running or possible scripts
that are on the system, and even trying to find out more information
about the operating system, such as revision and patch levels.
has more information, he will go back to attacking the system.
To exploit a system, an attacker must have some general information;
otherwise, he does not know what to attack. A professional burglar does
not rob houses randomly. Instead, he picks someone, like Bob, and he
begins the passive reconnaissance stage of figuring out where Bob’s house
is located and other general information.
At this point, an attacker has enough information to try active probing or
scanning against a site. After a burglar knows where a house is located
and if it has a fence, a dog, bars on the windows, and so on, he can
perform active probing. This consists of going up to the house and trying
the windows and doors to see if they are locked. If they are, he can look
inside to see what types of locks there are and any possible alarms that
might be installed. At this point, the burglar is still gathering information.
He is just doing it in a more forceful or active way.
With hacking, the same step is performed. An attacker probes the system
to find out additional information. The following is some of the key
information an attacker tries to discover:
•Hosts that are accessible
•Locations of routers and firewalls
•Operating systems running on key components
•Ports that are open
•Services that are running
•Versions of applications that are running
The more information an attacker can gain at this stage, the easier it will
be when he tries to attack the system. Usually, the attacker tries to find
an first step of all the hacker before exploit any system or company that is ....“Information Gathering,”
it's mean to gather all the information ,loopholes what kind of port open and which kind of software running on them??
these are the important question which should have their answer before taking any further step.
so in future article we deal with this topic.
one thing more before we go to next topic
Keep in mind that, as an attacker performs additional active
reconnaissance, his chances of detection increase because he is actively
performing some action against the company. It is critical that you have
some form of logging and review in place to catch active reconnaissance,
because, in a lot of cases, if you cannot block an attacker here, your
chances of detecting him later decrease significantly.
When I perform an assessment, usually I run some tests to figure out the
IP address of the firewall and routers. Next, I try to determine the type of
firewall, routers, and the version of the operating system the company is
running to see if there are any known exploits for those systems. If there
are known exploits, I compromise those systems. At that point, I try to
determine which hosts are accessible and scan those hosts to determine
which operating system and revision levels they are running. If an
attacker can gain access to the external router or firewall, he can gather a
lot of information and do a lot of damage.
For example, if I find that a server is running Windows NT 4.0 Service
Pack 4, I scan for all vulnerabilities with that version and try to use those
vulnerabilities to exploit the system. Surprisingly, with most companies,
when I perform active reconnaissance, their technical staff fails to detect
that I have probed their systems. In some cases, it is because they are
not reviewing their log files, but in most cases, it is because they are not
logging the information. Logging is a must, and there is no way to get
around it. If you do not know what an attacker is doing on your system,
how can you protect against it?
The goal of a company in protecting its computers and networks is to
make it so difficult for an attacker to gain access that he gives up before
he gets in. Today, because so many sites have minimal or no security,
attackers usually gain access relatively quickly and with a low level of
expertise. Therefore, if a company’s site has some security, the chances of
an attacker exploiting its systems are decreased significantly, because if
he meets some resistance, he will probably move on to a more vulnerable
site. This is only true for an opportunistic attacker who scans the Internet
looking for any easy target.
Exploiting the System
Now comes the scary part for a security professional. When most people
think about exploiting a system, they only think about gaining access, but
there are actually two other areas: elevation of privileges and denial of
services. All three are useful to the attacker depending on the type of
attack he wants to launch. There are also cases where they can be used in
conjunction with each other.
For example, an attacker might be able to
compromise a user’s account to gain access to the system, but because he
does not have root access, he cannot copy a sensitive file. At this point,
the attacker would have to run an elevation of privileges attack to
increase his security level so that he can access the appropriate files.
It is also important to note that an attacker can exploit a system to use it
as a launching pad for attacks against other networks. This is why system
break-ins are not always noticed, because attackers are not out to do
direct harm or steal information. In these cases, a company’s valuable
resources are being used and, technically, that company is hacking into
Think about this for a minute:
Whether it is authorised or not, if someone
is using Company A’s computers to break into Company B, when Company
B investigates, it will point back to Company A. This is called a
downstream liability problem. This can have huge legal implications for a
company if it is not careful—especially if the attackers want to have some
fun and carefully pick the two companies so that Company A and B are
Because one of the most popular ways of exploiting a system is gaining
access, let’s start with this type of attack. There are several ways an
attacker can gain access to a system, but at the most fundamental level,
he must take advantage of some aspect of an entity. That entity is usually
a computer operating system or application; but if we are including
physical security breaches, it could be a weakness in a building. If a
burglar were going to break into a house, he would have to exploit a
weakness in the house to gain access—for example, an unlocked window,
no alarm system, or a non-secure lock. The bottom line is this: If the
house had no weaknesses, it could not be compromised. As we all know,
for a house to be useful to its owners, it is going to have weaknesses.
Windows and doors make a house useful, but can be turned against the
owner and used to break into the house. Eliminating all weaknesses would
produce a house with no usefulness to the owner. What good is a house
with no windows or doors made of solid concrete and steel? This same
principle holds for computer systems. As long as they provide usefulness
to a company, they will have weaknesses that can be compromised. The
key is to minimise those weaknesses to provide a secure environment.
The following are some ways that an attacker can gain access to a
•Operating system attacks
•Scripts and sample program attacks
Operating System Attacks
Previously, we compared an operating system to the doors and windows
of a house. The doors and windows of an operating system are the
services it is running and the ports it has open. The more services and
ports, the more points of access; the less ports and services, the less
points of access.
actually it's an rumour because it's an opposite of that
'The default install of most operating
systems has large numbers of services running and ports open'
so why manufacture do this to their own costumers..why??
according to me the main reason is MONEY??
they all are the good business man who only care about money not about their company users or employee.
They want a
consumer of their product to be able to install and configure a system with
the least amount of effort and trouble. The reason for this is every time a
consumer has a problem with their product they have to call for support,
which costs the company large amounts of revenue.
Application-level attacks take advantage of the less-than-perfect security
found in most of today’s software. The programming development cycle
for many applications leaves a lot to be desired in terms of security.
ok their is lots of theory i am not gonna explain one by one so just got through another source<internet> for more theory..
i am just gonna skip all these stuff..
The Types of Attacks
traditional sense, this is the equivalent of a burglar trying to pick the lock
on your front door or throw a brick through a window to gain access. In all
of these cases, an attacker is actively doing something against you or
your company. Because of this, these attacks are fairly easy to detect, if
you are looking for them.
exactly what the mean of The inactive attack we are just doing attack actively means your ip/mac address get recorded your identity will
be revealed in this case.
but don't be tensioned because hackers have every problem solution ..
these may be by proxy bouncing servers or by spoofing your mac(media access control) address of your system.
we will look in further article but its an important for every hackers to make himself anonymous before exploit into any system.
so here we talking about the attacks types...
have a look on this hierarchy of attacks with some basic example....
o Denial of Service
o Breaking into a site
. Information gathering
that's it for fundamental building for u guys for further article will make all the things possible which seems you impossible...
that's for today article we will meet in next article with very important topics about
"INFORMATION GATHERING -I RECOGNNAISSANCE "
"INFORMATION GATHERING -I RECOGNNAISSANCE "