Ethical Hacking and Penetration Testing
White-hat hackers engage in authorized attacks – that is, attack with the permission of the system’s owner. In the white hat hacker world, most people tend to use the concept of pen test. The tester is simply: penetrating the system like a hacker, but with benign intentions.
As a white-hat hacker and future test candidate, you must become familiar with the commercial jargon. Here are some of the terms you will encounter in a test pen:
Hack Value This term describes a target that can attract attention with above average level of an attacker. Perhaps because this target is attractive, it is more valuable to an attacker because of what it can contain.
Target of Evaluation (TOE) A TOE is a system or resource being assessed for a vulnerability. A TOE will be specified in the contract with the customer.
Attack This is an action with a goal in TOE.
Exploit This is a way to clearly identify a security breach of the system.
Zero Day This is a threat or a vulnerability that is not known by the developer and has not been addressed. It is considered a serious problem in many cases.
Security It is described as a “happy” state in an environment where only defined actions are allowed.
Threat Is a security risk.
Vulnerability A weakness of a system that can be hacked and used as a point to penetrate an environment.
Daisy Chaining An action that allows to perform multiple attacks with each subsequent action based on the outcome of the previous action.
Method of hacking
Hacking method refers to the step-by-step approach used by an aggressor to attack a target like a computer network. There is no specific step-by-step approach used by all hackers. As might be expected when a group operating outside of the rules as a hacker does, this rule does not apply the same way. A big difference between a hacker and a white-hat hacker are ethical rules. Some common hacking steps:
- Footprinting: (Scouting) Footprinting means you are using mostly passive methods to collect information from a target before taking proactive measures later. Typically, you keep interacting with your goals to a minimum to avoid being detected, as it can alert the target that something is coming in their direction.
- Scanning: Scanning is the stage in which you have the information gathered from the Footprinting stage and use it to target your attacks much more accurately.
- Enumeration: (Enumeration) Enumeration is the next stage where you extract more detailed information about what you discovered during the Scanning phase to determine its usefulness.
- System Hacking: (hacking the system): System hacking is the step after Enumeration. You can now plan and execute an attack based on the information you discovered. You can, for example, start selecting user accounts to attack based on findings during the investigation phase. You can also start creating an attack based on the detection service information by taking banners from the application or service.
- Escalation of privilege: (privilege escalation): If the hacking stage is successful, you can start to get the granted account privilege to have the privilege higher than the original hacked account’s. Depending on your skills at this step, it may move from a low-level account such as a guest account to administrative or system access.
- Covering tracks: (Delete tracks): Covering tracks are the stage when you try to remove evidence of your presence in a system. You erase the log file and destroy other evidence that may give valuable clues necessary for the system owner to identify an attack occurred.
- Planting Backdoors: The purpose of installing backdoors is to leave something behind that will allow you to come back later if you want. Items such as special accounts, Trojan …
Article translated from chapter 1 from pages 10, 15-17: CEH v8 – Certified Ethical Hacker Version 8 Study Guide