Posted on by

Covering tracks in ethical hacking

Hello, aspiring ethical hackers. In this blogpost, you will learn about covering tracks which is the last of the 5 phases of ethical hacking.

What is Covering tracks?

Covering tracks or clearing tracks is the phase of ethical hacking in which a hacker tries to erase all the evidence on the target system that can lead back to the hacker. For covering tracks, hackers perform various actions. They are,

1. Uninstalling executables and scripts:

Hackers install many scripts and executables on the target system as part of their hacking attack. These scripts may help hackers cracking passwords, privilege escalation, maintaining access etc. Detection of these scripts and executables on the target system can lead the investigators to the hacker. So, hackers uninstall or delete any scripts or executables they have used in carrying the hacking attack.

2. Clearing logs:

Every operating system has its own logs that record different operational activities being performed on the operating system. They also record any actions performed by hackers. When an incident investigator observes these logs, he can easily deduce what the hacker did on the target system. To prevent this, hackers clear these logs to hide whatever they did on the target system.

Fig: Event Viewer in Windows where all logs can be viewed
Fig: In Linux all logs are stored in the “/var/log/” directory

3. Timestamping files:

Every file on the operating system has a time stamp which reveals information about the file like the date of its creation, last modified time etc. Hackers change this timestamp of the files appropriately to prevent detection of the modifications they made to files inadvertently while hacking.

Fig: Timestamp of a file in Windows
Fig: Timestamp of a file in Linux

4. Modifying registry values:

The Windows Registry in the Windows operating system is a hierarchical database that contains information, settings, options, and other values for programs and hardware installed on the Windows operating system. Changes made to some program can also be detected by viewing this registry. So, hackers also modify these registry values to hide their malicious activity.

Fig: Windows Registry
Posted on by

Maintaining access in ethical hacking

Hello, aspiring ethical hackers. In this blogpost, you will learn about maintaining access in ethical hacking. Maintaining access is the fourth phase in the total 5 phases of ethical hacking. In this phase, hackers try to hold on to the initial access or foothold they have gained on the network.

This is done using various methods. They are,

1. Elevating privileges:

Most of the time when hackers gain initial access on the target system or network, it is a lower privileged one. So, as soon as hackers gain access, they try to elevate their privileges on the target system to be able to perform important actions on the target network or system. Learn more about privilege escalation.

2. Backdooring:

In this method of maintaining access, hackers try to install a backdoor on the target system or network. They do this by either modifying the legitimate components or by installing specific backdoors like C&C servers, genuine remote administration software etc.

3. Rootkits:

Sometimes, hackers install rootkits on the target system or network. A rootkit is a type of malware that masks its existence from the system software including Antivirus. Normally a rootkit provides higher level of access or sometimes even kernel level access to hackers.

4. Persistence scripts:

Hackers also use widely available persistence scripts to maintain access on the target system of the network.

5. Tunneling:

Maintaining access is not always about installing a backdoor or rootkit etc on the target system. Sometimes, it involves tunneling. Tunneling is a process in which data is usually shared between two different networks privately without being detected.

Posted on by

5 phases of ethical hacking for beginners

Hello, aspiring ethical hackers. In this blogpost, you will learn what is ethical hacking and the 5 phases of ethical hacking.

What is Ethical Hacking?

Ethical hacking is hacking that is performed while following the ethics and rules. It is a procedure of detecting vulnerabilities and weaknesses in the target organization’s network and exploiting them with the written permission of an individual or organization. It is performed to find out and fix the vulnerabilities in the network that can be exploited by bad hackers aka Black Hat hackers.

What are the 5 phases of ethical hacking?

Ethical hacking consists of 5 phases. They are,

1. Foot printing:

Also known as information gathering or reconnaissance, in this phase ethical hackers try to collect as much information as possible about the target organization or individual that may be helpful to them in the next phases of ethical hacking. Learn more about Footprinting.

2. Scanning & enumeration:

In this phase, the target organization’s network is probed to find any path of entry that can provide a way for ethical hackers into the network. It includes scanning for live systems in the network range, scanning for open ports on the LIVE systems and services running on them and scanning for any vulnerabilities in those services.

Then these services are enumerated to find any user accounts or other Information about the target networks. Learn more about scanning & enumeration.

3. Gaining access:

In this phase ethical hacking, ethical hackers exploit one of the vulnerability or weakness found in the second phase and gain a shell on the target system or network. Learn more about gaining access.

4. Maintaining access:

In this phase, ethical hackers after gaining initial access on the target system or network, try to maintain this access for future and continuous use. Learn more about various techniques used for maintaining access.

5. Covering tracks:

In this phase, ethical hackers try to hide or erase all their operations performed on the target system or network until now. This is to remove any evidence of their malicious activity. In Black Hat Hacking, they do this to prevent tracing of the hack back to them. This phase is also known as clearing tracks. Learn more about covering tracks.

Posted on by

Gaining access in ethical hacking: Techniques

Hello, aspiring ethical hackers. This article is a beginner guide to gaining access. Gaining access is the third phase in ethical hacking after footprinting and scanning & enumeration. It should be noted that the earlier two phases will play a major role in gaining access. This blogpost will explain you about different ways in which hackers or pen testers gain access to a target system or network.

What is gaining access?

In our previous blogpost, you learnt what a shell is and types of shell in cybersecurity. When a hacker or pen tester gains a shell on the target system or network, it is called as gaining access. Gaining access is the first phase where a hacker or pen tester gains some control on the target system.

Methods of gaining access

There are multiple ways by which hackers can gain initial access. They are,

  1. Vulnerabilities in the operating system or firmware.
  2. Application vulnerabilities.
  3. Payloads & malicious software.
  4. Password’ cracking.
  5. Misconfigured services.
  6. Social- engineering.
  7. Wi Fi hacking

1. Vulnerabilities in the operating system or firmware:

An operating system is the core of any computing device. Enterprises around the world use different operating systems for different purposes. Some of the popular operating systems used by enterprises around the world are Windows, Linux, MacOS, Android, IOS, chrome OS, Red Hat Enterprise Linux, Solaris, Centos, Ubuntu, IRIX and FreeBSD etc. No matter what operating system it is, it is a software consisting of programs. So, any vulnerability exposed in the operating system can be exploited by hackers to gain initial access. For example, ms08-067 and EternalBlue.

2. Application vulnerabilities:

An operating system is by itself not useful. So, a lot of application or programs are installed over the operating system to perform certain functions. Any vulnerabilities in these installed programs can be exploited successfully gain initial access. For example, Macros or Excel Macros.

3. Malicious payloads:

Hackers just don’t use vulnerabilities to gain access. They also use malicious payloads like malware and virus to gain access. Learn more about payload generators.

4. Cracked passwords:

Sometimes enterprise systems are enabled with remote access so that employees can connect to them remotely for the purpose of their work. The protocols enabling remote access like SSH, FTP, Telnet and RDP etc. Cracking the credentials of these services give hackers a way to gain access to the servers and subsequently to the entire system or network. Learn more about password cracking.

5. Misconfigured services:

Sometimes, services being used by the target network can be misconfigured either by mistake or on purpose. Hackers can exploit these misconfigurations to gain initial access.

6. Hacking Wi-Fi network:

Wi Fi hacking is often sometimes ignored as a factor that can provide initial access to the hackers. Hacking WiFi (especially if the password is not complex) is very easy compared gaining access through the above explained methods. It also provides easy access to hack. Learn more about WiFi hacking.

7. The human factor:

No matter how strong the firewall on the network is or how secure the devices are in a network, if the employees of the organization are not well trained, they can eventually give hackers access into the network or devices. Social-engineering is often very underrated as a factor that allows hackers to gain access. Learn more about social engineering.

Posted on by

Beginners guide to a web shell

Hello, aspiring ethical hackers. In this blogpost you will learn about web shell. In our previous blogpost you learnt what is a shell, what it does and the types of shell. A web shell is a type of shell but it is used in relation to websites and web server.

What is a web shell?

A web shell is a type of shell that gives attacker access to a website or web server. It is usually uploaded after already the website is compromised as a means to have persistent access to the website in future.

Web shells have various features. Most important of them are,

  1. Persistent access.
  2. Uploading additional files to the web server.
  3. Downloading files from the web server.
  4. Executing additional scripts on the web server.
  5. Dumping databases of the web server.
  6. Pivoting to other devices on the network.
  7. Privilege escalation etc.

We can say that once a web shell is uploaded to the website, it gives complete control over the website to the attackers.

How are web shells uploaded?

Some vulnerabilities and attack allow hackers to upload web shells to the website to keep having persistent access. Some of these vulnerabilities are.

1. File upload vulnerabilities:

File upload or Remote file inclusion (RFI) vulnerabilities allow attackers to upload arbitrary files to the web servers. These arbitrary files are most probably web shells.

2. Path traversal vulnerabilities:

In some cases, path traversal or Local File Inclusion (LFI) vulnerabilities also allow attackers to upload web shells.

3. XSS vulnerability:

Not just file inclusion vulnerabilities, even cross site scripting (XSS) vulnerabilities in some cases allow uploading of web shells.

4. Password cracking:

After the password of the website is successfully cracked, attackers can upload web shells to a website for future access.

Types of web shells

Web shells are easily available on internet. There are various types of web shells with variety of features in various languages. Needless to say, the web shell being uploaded to the website should be of same languages as the server-side scripting language used on the web server or website. Now, let’s study about some web shells.

1. Weevely:

Weevely is a web shell designed for POST-exploitation with almost 30 modules to assist in administrative tasks, maintaining access, elevate privileges and spreading over the network. Learn more about it here.

2. Web shells in Kali Linux

Kali Linux itself has some web shells ready to be deployed. Although their functionality is simple, they are quite good for beginners. Learn about them here.

3. Metasploit/MSFvenom

Is there anything Metasploit can’t create? Yes, you can create your own web shell with msfvenom. Learn how.

4. C99 shell

Peering to the Black Hat side, C99 shell or its variants are still being used by Black Hat Hackers in real world. Learn more about C99 shell here.