Lesson 03 - Phases of Hacking and Tools Used

Source: http://blog.tofte-it.dk/ethical-hacking-tools-for-the-5-phases-of-hacking/

Phases of Hacking

There are 5 stages that form are a part of the hacking process :

Phase 1- Reconnaissance

Reconnaissance, also referred to as Footprinting, is gathering information about the target we intend to hack. Naturally, this is done without the knowledge of the target system and user. Much like what the military does when they scope out an area they plan to attack. It may include Identifying the Target, finding out the target’s IP Address Range, Network, DNS records, etc.

Phase 2 - Scanning

Scanning is the stage when all the information that is collected is taken and run through different tools that may be available and examined. The scanning helps the hacker in preparing for the attack.

Phase 3 - Gaining Access

In this phase, the hacker designs the blueprint of the network of the target with the help of data collected during Phase 1 and Phase 2. The hacker has finished scanning the network and now decides that they have some options to gain access to the network.

Phase 4 - Maintaining Access

Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Once the hacker owns the system, they can use it as a base to launch additional attacks. The key to hacking does not lie in just entering the system, but also staying there.

Phase 5 - Covering Tracks

As the name suggests, hackers like to clean up the place in this phase. Like thieves who wipe out any evidence of ever having been there. This is critical, so they can’t be traced or even detected and therefore avoids legal action against them. No thief wants to get caught. An intelligent hacker always clears all evidence so that in the latter point of time, no one will find any traces leading to him.

There are a lot of tools available for hacking. It is practically impossible to use or even list all of them down!

Here's a list of a few tools :

Note: Some of the tools listed below may appear in more than one phase.

Phase 1: Reconnaissance

• Archive.org - See cached versions of websites.
• Google Maps - See psychical locations.
• Netcraft.com - See what OS websites servers are running, the DNS admin, hosting history, hosting company, site technology and a lot more.
• Google Alerts - Get alerts to get any new information from websites.
• Google Hacking Database - Predefined Google advanced operators.
• Google Advanced Operators - Advanced Google searching.
• Firebug - View source code and a lot more.
• Web Data Extractor - Extract information (metadata) from a website.
• HTTrack - Takes a full copy of a website and make it offline.
• eMailTrackerPro - Analyze e-mail headers and generate reports with WHOIS information, spam filter, etc.
• Wireshark - Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
• SmartWhois - SmartWhois is a useful network information utility that allows you to look up all the available information about an IP address, hostname or domain, including country, state or province, city, name of the network provider, administrator, and technical support
• nslookup - nslookup is a network administration command-line tool available for many computers operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or for any other specific DNS record.
• Network-Tools.com - DNS records tool that retrieves the domain name records for a specified domain.

Phase 2: Scanning

• Nmap - Nmap (“Network Mapper”) is a free and open-source utility for network discovery and security auditing.
• Scapy - Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
• hping3 - hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) UNIX command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP, and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
• telnet - Telnet is a protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).
• Netsparker - Automatically find vulnerabilities in your websites & web applications, and eliminate false positives with Netsparker’s dead-accurate web security scanner.

Phase 3: Gaining Access

• Cain and Abel - Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force, and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
• pwdump7 - pwdump is the name of various Windows programs that output the LM and NTLM password hashes of local user accounts from the Security Account Manager (SAM). In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped. Pwdump could be said to compromise security because it could allow a malicious administrator to access a user’s passwords.
• fgdump - Fgdump is basically a utility for dumping passwords on Windows NT/2000/XP/2003/Vista machines. It has all the functionality of pwdump in-built and can also do a number of other neat things also like grabbing cached credentials, executing a remote executable and dump the protected storage on a remote, (or local), host.

Phase 5: Covering Tracks

• clearlogs.exe - Clear all Windows system logs.
• CCleaner - CCleaner developed by Piriform, is a utility program used to clean potentially unwanted files (including temporary internet files, where malicious programs and code tend to reside) and invalid Windows Registry entries from a computer.