Information security professionals can take preventive security practices to the next level by learning how to hack. The irony about process as being anti-hacking is that the really influential software is never a product it’s a process.
The need for more effective information security practices is increasingly evident with each security breach reported in the media. This research completely concentrates on hacking, problems that may occur while hacking process is in progress and various hacking tools available.
7. CRACK THE PASSWORD
There are several methods for cracking a password, including brute force. Using brute force on a password is an effort to try every possible password contained within a pre-defined dictionary of brute force software.
Users are often discouraged from using weak passwords, so brute force may take a lot of time. However, there have been major improvements in brute-force techniques.
Most hashing algorithms are weak, and you can significantly improve the cracking speed by exploiting these weaknesses (like you can cut the MD5 algorithm in 1/4, which will give huge speed boost).
Newer techniques use the graphics card as another processor — and it’s thousands of times faster. You may try using Rainbow Tables for the fastest password cracking. Notice that password cracking is a good technique only if you already have the hash of password. Trying every possible password while logging to remote machine is not a good idea, as it’s easily detected by intrusion detection systems, pollutes system logs, and may take years to complete. You can also get a rooted tablet, install a TCP scan, and get a signal upload it to the secure site. Then the IP address will open causing the password to appear on your proxy. It’s often much easier to find another way into a system than cracking the password.
6. USE A *NIX TERMINAL FOR COMMANDS
Cygwin will help emulate a *nix for Windows users. Nmap in particular uses WinPCap to run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to a lack of raw sockets. You should also consider using Linux or BSD, which are both more flexible. Most Linux distributions come with many useful tools pre-installed.
5. DETERMINE THE OPERATING SYSTEM (OS)
Run a scan of the ports, and try pOf, or nmap to run a port scan. This will show you the ports that are open on the machine, the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action. You can activate OS detection in nmap by using the -O switch.
4. FIND A PATH OR OPEN PORT IN THE SYSTEM
Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered.
Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming.
An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be brute forced.
3. SECURE YOUR MACHINE FIRST
Make sure you’ve fully understood all common techniques to protect yourself. Start with the basics — but make sure you have authorization to attack your target, either attack your own network, ask for written permission, or set up your own laboratory with virtual machines. Attacking a system, no matter its content, is illegal and WILL get you in trouble.
2. GET SUPER-USER PRIVILEGES
Try to get root privileges if targeting a *nix machine, or administrator privileges if taking on Windows systems.
Most information that will be of vital interest is protected and you need a certain level of authentication to get it. To see all the files on a computer you need super-user privileges – a user account that is given the same privileges as the “root” user in Linux and BSD operating systems.
For routers this is the “admin” account by default (unless it has been changed); for Windows, this is the Administrator account.
Gaining access to a connection doesn’t mean you can access everything. Only a super-user, the administrator account, or the root account can do this.
1. COVER YOUR TRACKS
Don’t let the administrator know that the system is compromised. Don’t change the website (if any), and don’t create more files than you really need. Do not create any additional users. Act as quickly as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to login with this password, the server should let them in, but shouldn’t contain any crucial information.