-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathhackmethod.html
96 lines (93 loc) · 7.31 KB
/
hackmethod.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<!DOCTYPE html>
<html>
<head>
<title>DoS and Hacking Methodology</title>
</head>
<body>
<p style="text-align: center;"><strong><span style="font-size: 24px; color: rgb(44, 130, 201);"><u>DoS and Hacking Methodology</u></span></strong></p>
<p><strong><span style="font-size: 24px; color: rgb(65, 168, 95);">DoS Attack Methodology:</span></strong></p>
<ul>
<li><span style="font-size: 24px;">DoS Attack pen testing</span></li>
<li><span style="font-size: 24px;">Define objective</span></li>
<li><span style="font-size: 24px;">Test for heavy loads on the server</span></li>
<li><span style="font-size: 24px;">Check for DoS vulnerable systems</span></li>
<li><span style="font-size: 24px;">Run SYN attack on server</span></li>
<li><span style="font-size: 24px;">Run port flooding attacks on the server</span></li>
<li><span style="font-size: 24px;">Run email bomber on the email servers</span></li>
<li><span style="font-size: 24px;">Flood the website forms and guestbook with bogus entries</span></li>
<li><span style="font-size: 24px;">Document all findings</span></li>
</ul>
<pre class="a-b-r-La" style='user-select: text; display: block; font-family: "Courier New", Courier, monospace, arial, sans-serif; margin: 0px; white-space: pre-wrap; overflow-wrap: break-word; background-color: rgb(255, 255, 255); color: rgb(0, 0, 0); font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;'><span style="font-size: 24px;"><strong><u>
</u></strong><span style='font-family: "Times New Roman", Times, serif; color: rgb(147, 101, 184);'><strong><u>Hacking Methodolgy - various sections:</u></strong></span>
</span></pre>
<p><span style="font-size: 24px;"><strong><span style="color: rgb(97, 189, 109);">Password Cracking Methodology:</span></strong></span></p>
<ul>
<li><span style="font-size: 24px;">Identify Password Protected Systems</span></li>
<li><span style="font-size: 24px;">Check for password complexity</span></li>
<li><span style="font-size: 24px;">Perform Social Engineering (if needed)</span></li>
<li><span style="font-size: 24px;">Perform Shoulder surfing (if needed)</span></li>
<li><span style="font-size: 24px;">Perform dumpster diving</span></li>
<li><span style="font-size: 24px;">Perform Dictionary Attack</span></li>
<li><span style="font-size: 24px;">Perform Brute forcing attack</span></li>
<li><span style="font-size: 24px;">Perform Rule-based attack</span></li>
<li><span style="font-size: 24px;">Perform Password guessing.</span></li>
</ul>
<p><span style="font-size: 24px;"><br></span></p>
<p><span style="font-size: 24px;"><strong><span style="color: rgb(44, 130, 201);">Password cracking continued:</span></strong></span></p>
<ul>
<li><span style="font-size: 24px;">Perform trojan/spyware/keyloggers</span></li>
<li><span style="font-size: 24px;">Perform Hash injection attack</span></li>
<li><span style="font-size: 24px;">Perform Wire Sniffing</span></li>
<li><span style="font-size: 24px;">Perform Man in the middle attack</span></li>
<li><span style="font-size: 24px;">Perform Replay attack</span></li>
<li><span style="font-size: 24px;">Perform Rainbow table attack</span></li>
<li><span style="font-size: 24px;">Perform distributed network attack</span></li>
</ul>
<p><span style="font-size: 24px;"><br></span></p>
<p><span style="font-size: 24px;"><strong><span style="color: rgb(0, 168, 133);">Privilege Escalation Methodology:</span></strong></span></p>
<ul>
<li><span style="font-size: 24px;">Try to log in with enumerated user name and cracked passwords</span></li>
<li><span style="font-size: 24px;">Interactive logon privs are restricted</span></li>
<li><span style="font-size: 24px;">Try to run services as unpriv accounts</span></li>
<li><span style="font-size: 24px;">Perform DLL Hijacking</span></li>
<li><span style="font-size: 24px;">Try to exploit vuln</span></li>
<li><span style="font-size: 24px;">Perform Dylib hijacking</span></li>
<li><span style="font-size: 24px;">Try various priv escalation techniques</span></li>
</ul>
<p><span style="font-size: 24px;"><br></span></p>
<p><span style="font-size: 24px;"><strong><span style="color: rgb(209, 72, 65);">Executing Applications:</span></strong></span></p>
<ul>
<li><span style="font-size: 24px;">Check if AV software is installed and up to date</span></li>
<li><span style="font-size: 24px;">Check if firewall software and anti keylogging software is installed</span></li>
<li><span style="font-size: 24px;">Check if the hardware systems are secured in a locked enviroment</span></li>
<li><span style="font-size: 24px;">Try to use keyloggers</span></li>
<li><span style="font-size: 24px;">Try to use Spyware</span></li>
<li><span style="font-size: 24px;">Use tools for remote execution</span></li>
</ul>
<p><span style="font-size: 24px;"><br></span></p>
<p><span style="font-size: 24px;"><strong><span style="color: rgb(184, 49, 47);">Hiding Files:</span></strong></span></p>
<ul>
<li><span style="font-size: 24px;">Try to install rootkits in the target system</span></li>
<li><span style="font-size: 24px;">Perform intgrity based detection techniques</span></li>
<li><span style="font-size: 24px;">Perform signature based detection technique</span></li>
<li><span style="font-size: 24px;">Perform Cross view based detection technique</span></li>
<li><span style="font-size: 24px;">Perform heuristic detection technique</span></li>
<li><span style="font-size: 24px;">Check if AV and anti spyware software are updated regularly</span></li>
<li><span style="font-size: 24px;">Check if patches for OS and apps are updated</span></li>
<li><span style="font-size: 24px;">Use Windows hidden stream (NTFS-ADS) to inject malicious code</span></li>
<li><span style="font-size: 24px;">Use Steg to hide secret messages</span></li>
<li><span style="font-size: 24px;">Perform Steganalysis technique</span></li>
</ul>
<p><span style="font-size: 24px;"><br></span></p>
<p><span style="font-size: 24px;"><strong><span style="color: rgb(209, 72, 65);">Covering Tracks:</span></strong></span></p>
<ul>
<li><span style="font-size: 24px;">Remove web activity tracks</span></li>
<li><span style="font-size: 24px;">Disable auditing</span></li>
<li><span style="font-size: 24px;">Tamper log files</span></li>
<li><span style="font-size: 24px;">Clear BASH shell tracks</span></li>
<li><span style="font-size: 24px;">Clear tracks on network</span></li>
<li><span style="font-size: 24px;">Close all remote connections to the victim machine</span></li>
<li><span style="font-size: 24px;">Close any opened ports</span></li>
</ul>
</body>
</html>