00.57
Nina
1. Information Gathering
2. Service Enumeration
3. Vulnerability Assessment
4. Exploitation
5. Backdooring
6. Rootkit/Maintain Access
7. Housekeeping
1. Information Gathering
Information is an activity to search information about the target system
as much as possible. Information gathering divided into two types : a. Technical
Technical Information gathering use the tools available actively. Technical information gathering also divided into two more :
i. Active Information Gathering
This technique interact with the target system directly(ex.scanning).
ii. Passive Information Gathering
This technique doesn’t interact with the target system directly(ex.googling)
b. Non-Technical
This kind of information gathering doesn’t involve the tools available
actively (ex. social engineering). Social Engineering is the art of
deception.
2. Service Enumeration
Service enumeration is an activity to see any services running on the
target system. Important to be known 90% gateway to enter a system is
through the services. So, Its good to have only important services
running. More services running, more security hole also running.
3. Vulnerability Assessment
Searching a weak point on the system by finding vulnerabilities, usually
on the running services. Method to search vulnerability divided into 3 :
a. Community
b. Vendor
c. Self-Develop
4. Exploitation
Exploit or in the other word Pentest is the POC(Prove of Concept) of
Vulnerability Assessment. When the test is failed, pentester must search
another crack to be exploited. When the test is succeed, pentester must
setup a backdoor ASAP.
5. Backdooring
Backdooring is an activity to create a hidden backdoor for pentester for
further exploit. So pentester won’t have to repeat same way again to
exploit the system, just use the backdoor. see more https://code.google.com/p/b374k-shell/ and https://www.virustotal.com/ for scan viruses
6. Housekeeping
Housekeeping is an activity to delete the trace of the exploit in order to hide from the administrator of the system.
6. Rootkit
Rootkit is an application that running before the OS loading. So,
basically when inside the system exist the rootkit that we’ve created,
the system is fully under the control of ourself.
Method information gathering, service enumeration, vulnerability
assessment, and exploitation is in the area called “Uncontrollable zone”
because at that time we haven’t got the control over the system. And
backdooring, housekeeping and rootkit is in the area called
“Controllable zone” because at that time we’ve already take control over
the system.
Hope this helps.
7. Housekeeping
Housekeeping is an activity to delete the trace of the exploit in order to hide from the administrator of the system.
sumber :
http://yudhiagus.com/blog/hacking-framework/
Postingan
0 komentar:
Posting Komentar