Yes Virginia, There is a Hacking Process 7/17/00

by Dr. Greg Miles

I started reading Hacking Exposed: Network Security Secrets and Solutions by McClure, Scambray, and Kurtz (REQUIRED READING: Buy it through the DuckTank store). After getting halfway through the first chapter, I realized what should have been the obvious, like most other activities in life there is a process involved with hacking. Many people think of the evil hacker as using guerrilla warfare to attempt unplanned attacks against its victims. In reality, the experienced hackers (whether good or bad) will follow a methodical process that will help them achieve their objectives. Hacking is not necessarily about finding a single security vulnerability in a system and exploiting it. Hacking is about learning as much about a system as you can. If you are able to own the system, great. If not, then you learned a great deal in the process.

Please note: For the purposes of this article, the term "hacker" is used rather loosely. Because the methodology can be used for good and bad purposes, the term "hacker" will be used for both.

McClure, Scambray, and Kurtz identify the methodology as target acquisition and information gathering, initial access, privilege escalation, covering tracks, and planting back doors. I don't plan to recreate the wheel, so we will use this methodology for our purposes.

Target Acquisition: The hacker will identify their target. Reasons for choosing a target will vary widely among different hackers. Some for education purposes, others for malicious, and even others for financial gain. Once the hacker has the target, they can proceed to the next step.

Profiling: This is the information-gathering phase. Profiling may identify the characteristics of the organizational structure, network setups, operating systems, and personnel. This information may be used to discover weaknesses in the organization's security armor. The Summer 2000 edition of the 2600 The Hacker Quarterly (Vol 17, No 2) has an excellent article in it by Thuull titled "The Art of System Profiling". This article does a good job of describing profiling methods and tools that are available. During the profiling phase, you are going to gather as much information about your target as you possibly can. You want to find out what kind of business they do, who their business relationships are with, who works there etc. This kind of information will help build a profile and using some basic tools, will probably get you access to an IP address or even possibly a range of IP addresses to work with. Using whois resources, you can possibly gain addresses, domain names etc. Then using nslookup resources, possible target IP addresses can be obtained. Through this process, you are probably also looking to find out valid user names for accounts on the systems. This will help when trying to crack the passwords. Other tools can help you find out the OS. (DuckTank has a library of possible tools to use).

Initial Access: With the information gained from profiling, you will likely have several possible user names to work with. With this information, you can take a crack at gaining basic user access.

Privilege Escalation: Once you have access to the system, then you can work on gaining higher level access to root or administrator. Once you have this, you have control of the system. Then you can get, change, place, replace, or destroy anything you want.

Covering Tracks: Most hackers don't want to get caught, because they want to keep hacking. So there are more tools out there to help cover your tracks. These "rootkits" can remove logs and replace files etc. In addition, hacking is generally not done all at once. It is done on a "one-bite-at-a-time" basis. The less time spent on a particular system, the better the chance of avoiding detection. Setup Back Doors : Once the hacker has control of the system, then can setup back doors which will allow them to access the system without having to be logged on as root or administrator. This is one of the reasons experienced security expertise is needed when securing a system. If the hacker is not successful in breaking into the system, and if they are frustrated and want to accomplish something malicious, they may try for a pure denial of service attack. (buffer overflows, chargen and echo, etc). This may give them some level of satisfaction.

Available tools will vary depending on the OS. Some tools work on UNIX, some on Novell, and some on Windows NT/2000. As a hacker, the ultimate focus is to gain control of the system. Whether it be Root (UNIX) or Administrator (NT).

Suggested Reading: There are some excellent references available. Learn from them too.

Hacking Exposed: Network Security Secrets and Solutions, McClure, Scambray, Kurtz, 1998, McGraw Hill

Maximum Security : A Hacker's Guide to Protecting Your Internet Site and Network, Anonymous, 1998, SAMS