Elf Qrin's Hacking Lab

Hacking and Security Strategies
STRATEGIES | HACKING TYPES

Overview of Hacking Methods A summary of all methods of attacking hosts on the internet, sorted by difficulty level. Short introduction to all known kinds of Internet attacks and an evaluation by difficulty. EASILY PERFORMED ATTACKS

Denial Of Service

Flooding - sending garbage data or reply requests to a host to block its services

Smurfing - using the IP broadcast system and IP spoofing to multiply floods

OutOfBand/Fragment Attacks - exploiting vulerabilites in TCP/IP stack kernel implementations

SYN/RST Flooding - exploiting a vulnerability in TCP implementations (limited cache) to block incoming connections

"Nuking" - using forged ICMP and TCP messages to reset active connections

Specific DoS - generating requests that block one specific vulnerable service

Malicious Software
Note: this evaluates the effort to spread software not to create it

Logical Bomb - program that causes damage under certain conditions (often just due to bugs)

Backdoor - program feature that allows remote execution of arbitrary commands

Worm - Program or trojan that spawns and spreads copies of itself

Virus - programs or code that self-reproduces in existing applications

Trojan - hidden program-in-a-program that executes arbitrary commands

Exploiting Vulnerabilites

Access Permissions - exploiting read/write access to system files

Brute Force - trying default or weak login/password combinations for telnet/pop3 etc. authentication

Overflow - writing arbitrary code behind the end of a buffer and executing it

Race Condition - exploiting a temporary insecure condition created by the execution of a program to gain access to sensitive data

IP Packet manipulation

Port spoofing - using 20/53/80/1024 etc. as source ports to avoid packet filtering rules

Tiny fragments - using 8byte packets to bypass firewalls protocoll-flag/port/size checks

Blind IP spoofing - changing the source IP address e.g. to access passwordless UDP services that rely on IP checking

Nameserver ID "snoofing" - blind spoofing with calculated ID numbers to put false data into NS-caches

Sequence number guessing - calculating TCP SEQ/ACK numbers for hosts with insecure random sequence numbers to establish a spoofed TCP connection from a trusted host

Remote session hijacking - using packet spoofing to intercept and redirect running TCP/UDP sessions

Attacks "from the inside"

"Backdoor" daemons - opening a port for further remote access

Log manipulation - removing traces of attacks and unauthorized access

Cloaking - replacing system files with trojans that hide unauthorized access

Sniffing - monitoring network data and filtering out sensitive data e.g. passwords

Non-blind spoofing - using data monitoring to get the information neccessary to take over active connections or establish forged connections

HIGHEST DIFFICULTY LEVEL Common Internet Attacks Hacking strategies, the security holes they exploit and the general preventive actions against it. Shoutouts to all you lame "BOFHs"! I hope this will help you get a clue on what you should be doing ;)

Kind of Attack Compromise Vulnerability Skill needed Type of System Additional Info Protective Measures
denial of service system resources low bandwidth, insecure daemons novice - expert any hard to evade completely, no security problem, selected victims only bandwidth management, firewalls, periodical software updates / version management
local other user data weak passwords, permissions novice any very possible to happen on big multi-user servers software updates, administrative security
cgi I system info, passwd insecure cgi scripts , httpd , permissions novice any webservers delivers information for more serious attacks, random victims software updates, www security check
cgi II wwwuser shell access, resources, sometimes root insecure cgi scripts, weak passwords and security average unix webservers caused by and creates serious security problems on webservers, random victims software updates, periodical www security checks
trojan sensitive data / passwords, root, access to other systems inadequate security policy novice / average any even possible without any technical vulnerabilities, both selected (social engineering) and random (via junk mail, posting, etc.) victims security policies, application level gateways
remote root compromise complete system, see above insecure / obsolete daemons (remote overflows) average any unix, especially linux, bsd, sun, hpux, dgux reinstallation is recommended after root compromises, mostly random victims periodical software updates , version management and security auditing
sniffing / backlogging credit cards / transaction data / software / access to other systems / databases previous root compromise average / expert preferrably shell servers, isps, e-commerce servers causes more serious damage the later it is noticed, selected victims only security auditing, emergency actions
cgi III root, database / user profiles( for spamming / carding ), webpages obsolete cgi scripts, non-standard / self-written code expert preferrably e-commerce servers, domain / web providers, search engines, government sites causes most serious damage, selected victims only firewall solutions, www/cgi security auditings

Kind of Attack	Compromise	Vulnerability	Skill needed	Type of System	Additional Info	Protective Measures
denial of service	system resources	low bandwidth, insecure daemons	novice - expert	any	hard to evade completely, no security problem, selected victims only	bandwidth management, firewalls, periodical software updates / version management
local	other user data	weak passwords, permissions	novice	any	very possible to happen on big multi-user servers	software updates, administrative security
cgi I	system info, passwd	insecure cgi scripts , httpd , permissions	novice	any webservers	delivers information for more serious attacks, random victims	software updates, www security check
cgi II	wwwuser shell access, resources, sometimes root	insecure cgi scripts, weak passwords and security	average	unix webservers	caused by and creates serious security problems on webservers, random victims	software updates, periodical www security checks
trojan	sensitive data / passwords, root, access to other systems	inadequate security policy	novice / average	any	even possible without any technical vulnerabilities, both selected (social engineering) and random (via junk mail, posting, etc.) victims	security policies, application level gateways
remote root compromise	complete system, see above	insecure / obsolete daemons (remote overflows)	average	any unix, especially linux, bsd, sun, hpux, dgux	reinstallation is recommended after root compromises, mostly random victims	periodical software updates , version management and security auditing
sniffing / backlogging	credit cards / transaction data / software / access to other systems / databases	previous root compromise	average / expert	preferrably shell servers, isps, e-commerce servers	causes more serious damage the later it is noticed, selected victims only	security auditing, emergency actions
cgi III	root, database / user profiles( for spamming / carding ), webpages	obsolete cgi scripts, non-standard / self-written code	expert	preferrably e-commerce servers, domain / web providers, search engines, government sites	causes most serious damage, selected victims only	firewall solutions, www/cgi security auditings

Issued on Elf Qrin's Hacking Lab

Legal notices and disclaimer