Hacking 101 - Lesson 1

So this is the first of a sub series about security and hacking. By understanding what the hacker does one can better understand how to address and mitigate for said actions. Now this is general overview and I must qualify it with this site provides information for the intent of allowing security individuals to grow. How you use this information is in your hands and this site and it’s author are not responsible for any outcome your actions may cause so please THINK before you act.

Any “Attack” will be comprised of five stages. They are:

1.       Reconnaissance (what options do I have)

2.       Scanning (looking through the looking glass)

3.       Gaining Access (Chink in amour)

4.       Maintaining Access (think back door)

5.       Cleaning Tracks (Clean up in aisle one please)

Now I will cover all these in more detail later on but for now here is a brief on each one.

Reconnaissance

OK think who and why; In technical terms this is your: target, Target of Evaluation (TOE) or victim take your pick it is really all Symantec’s in this stage. You need to know who (person or organization) you want to collect data about. Now notice how I am not going into your motivation. This is your issue, legal or illegal. Hopefully if you are reading this blog you are in the first camp.

IMPORTANT SIDE NOTE: even if you think you are doing something legal in that you were paid by someone in the company to do what you are doing. Verify that they really work for the company (and no a business card does not count). Also get EVERYTHING in writing on company letter head and signed by verifiable company employees WHO HAVE THE AUTHORITY TO APPROVE ABOVE SAID ACTIONS. The guy in the mail room can NOT approve penetration testing of a fortune 500 corporation or any corporation for that matter. I have known colleagues to get burned for not doing their due diligence.

Scanning

OK you have chosen or been hired by Company X. The key to any successful hacking endeavor is really simple: DATA. You want to acquire as much data as you can about the technology infrastructure. Unlike Hollywood you need: time, patience and resolve. This is the MOST time consuming phase and NO you do not just run NMAP and say all done. To do this right you had better get you journal ready and be prepared to spend a minimum of one week and more realistically weeks or even months. In this stage preparation separates the amateurs from the professionals.

Let me put it this way the best hackers and even security people are the ones who stay in the shadows and are never seen or heard. They come in get what they need and leave, they do not post about exploits they committed. They may or may not like to teach others. But one thing is for sure they will NEVER seek the spot light.

SO TAKE YOUR TIME AND THNK “QUIET AS A FIELD MOUSE WEARING REALLY QUIET SHOES”.

Seriously guys scanning to so often rushed, botched or over looked. Go slow, think methodical,  look at relationships Company X has with other organizations for example.  

Gaining Access

Right so you have been a good little scanning person and have reams of data. The goal of the scanning it so find the logical door, crack or other such entrance which nobody thought of and use it. Again think QUIET. Noise bad silence good. Every situation will be different so do not assume what worked for X will work for Y. Remember information security is dynamic (this is what makes it so fun J

Maintaining Access

Got in? Great now it is time to leave that piece of paper in the door lock or maybe that window latch oiled for easy re-entry. You worked hard to make your hole now you want to hide it and be able to use it again. Be extra careful though does the word Honey Pot mean anything to you? If not look it up.

Clearing Tracks

All done? OK time to clean the sand box. Logs, records, bread crumbs etc. Think fine paint brush and not 500 HP lead blower. Cleaning to much or too fast can be the same as putting up a neon sign saying “Eat at Joes!”. Daisy Chaining and misdirection will be discussed later. It should be noted that the reconnaissance phase it active here again in that perhaps things have changed since got in and now you may need to clean using brush size 0 instead of 1. So DO YOUR HOMEWORK, and eat all your vegetables J

Well that is it for this postings, for further reading and more coming soon….(promise)

Check out these site to help you in phase 2

http://cve.mitre.org/

http://www.us-cert.gov/cas/techalerts/

http://www.osvdb.org/

http://www.darkreading.com/ (Cute)

http://www.astalavista.com/ (Lifetime Member, good site) 

Remote Desktop to Linux from Windows

So here is a problem I was having I needed to access my Linux (Backtrack 5r2) Lab environment remotely over the internet but securely and  wanted to do so via windows 7 in this case. Now windows to windows is very easy look at Gtalk http://www.google.com/talk/ and combine it with GBridge http://www.gbridge.com/ both are free you simply install GTalk and then GBridge or two or more computers and use the same Google account for each computer. Then through GBridge you can create secure remote desktops to your systems for free. If I get some requests I can post a tutorial on how to but for now lets get back to the problem at hand. You see GTalk and GBridge DO NOT work on Linux :(  


I know depressing.....well fear not there is a "cheap" solution. You can use a program called Real VNC http://www.realvnc.com/index.html now let me say right off that if you want the encryption and faster connection speeds you will need to be a yearly $30.00 per computer licence. Annoying yes but not horrible and the connections are not bad (not as fast as GBridge) but still acceptable.

Now I encountered a few minor issues which I overcame and even thought Real VNC does a good job at illustrating  how to's I thought I would do this version which is a bit more detailed. Now please note your installation WILL vary depending on your router/firewall however the concepts and principles will be the same, so lets get started.

These are your options from the site. I recommend you start with the free version to get your configurations correct. Then once you have successful internet connections then you can change licenses to the Personal or if you want the Enterprise. Personally I found the personal version to be sufficient for my needs.

Now there are two (2) pieces: viewer and server. The viewer is like it sounds it is used to connect tot he server piece. So in thus case the Linux box you want to connect to is the server and the computer you want to connect from is the viewer. The viewer controls the server. So you only need a license for each SERVER you install. Thus when you get your license key, you will enter it into the server piece.

Here are the windows options for download.....


To be continued.....

Keep Calm and Carry On

Now I will be posting some more security posting but for now I just wanted to post a quick FYI.. Now if you are like me you use a LOT of journals (at work in research etc). Well I came across these and they are really cool. The say "Keep Calm and Carry On" copies of posters in 1939 England during the beginning of WW2. Here is where you can find them. I personally prefer the spiral ones because they lay flat on the desk.

http://www.keepcalmandcarryon.com/
or
http://www.graphiquedefrance.com/shop/asearch.html?vid=20090310001&cname=%5b*+TO+*%5d&key=&keyword=Keep+Calm
or
http://www.barnesandnoble.com/p/home-gift-keep-calm-and-carry-on-red-polypro-lined-spiral-journal-65-x-85/23830626

Shop around, I like these but I usually change.

As a side note I recommend journals over notebooks because you can store them more like books and you may need to reference some material in the future. As always when you are doing security analysis take LOTS of notes.

Soon I will go over (demo) the 5 phases of attach or pen testing.

Peace

LinkedIN Hacked

OK old news LinkedIN was hacked....

You should change your password YESTERDAY!

However you can use this site to check your old password

http://leakedin.org/.

PEACE!