Enumerating Remote Systems

Getting start with Hacking: Enumerating Remote systems

Many of the beginners in the field of hacking start to hack or crack without having pre-hacking tips which often leads them to the wrong direction. Its better to work on a specific target before attacking. Lets start with the session, and then continue till expertise.

Firstly, keep in mind, these following points if you want to hack a Remote Computer System:

Vulnerability + Exploit = Hacking

• Attack: An Attack is any action that violates security.
• Exploit: A well defined way to Breech the security.
• Vulnerability Assessment: Process of identifying, quantifying and prioritizing the vulnerabilities of the system.
• Penetration Testing: A Penetration Test is a method of evaluating the security of a computer system or network by simulating an attack from malicious source, known as Black Hat Hacker or Cracker.

Remote Hacking Steps:

1.Foot Printing:

• Find company URL/IP
• Record in Target domain
• Advanced Information by Google hacking
• Find Physical Location of Victim
• Utilize sources from net, like Google Cache, archive.org, Newsgroups

2. Find out DNS record of the target

• open "robotex.com"
• in the hostname, IP or AS[              ] box, type the target name and click Search.
• This will open DNS record. Lookup IP address and ISP provider and scan thorough the database.

3. Advanced Information gathering by Google Hacks

Type the following when you search within Google Search Box in order to make Google more powerful and so, you can gather more info about any site.

• inurl:domain.com
• intitle:
• intext:
• allintext:
• allintitle:
• phonebook:Swapnil
• site:
• related:
• cache:
• info:
• define:

4. Find out the location of domain

• open whatismyipaddress.com or ip-adress.com to get physical location of any server or computer throug IP address.

5. OS Fingerprinting

• IPID value sampling.
• IPID Value                                                        Operating System

      Open BSD                                                            Random

      LINUX                                                                  0

      Windows                                                                            Not Placed

NMap can be used for IPID sampling. You can dwnld it from: http://insecure.org/nmap/download.html

6. Gaining Access:

• Banner Grabbing is an attack designed to deduce the brand and/or version of an OS or an application.
• For example: c:\>telnet 69.93.210.16 80[Enter]
• Now change port 80 as per requirement, say 21 for FTP and 22 for SSH

7. Gaining Access by Vulnerability Assessment

Assessments required are typically performed according to following steps:

• Cataloging assessts and resource capability of a system.
• Assigning qualifying value to them.
• Identifying Vulnerabilities or Potential Threats.
• Eliminating the most serious vulnerabilities for most valuable resources.

Tools: privoxy, xcobra, webscarab, sleuth, n-stealth, core impact.

8. Search and Build exploit

For Exploit and Final attack, download the source code and compile the exploit for final attack from:

• www.securityfocus.com
• www.packetstornsecurity.org

9. Attack

10. Maintain Access

11. Cover all the Tracks.