Hacking Methodologies and Security Auditing

Hacking Methodologies and Security Auditing
Table of Contents

 So, how does a hacker hack, you might think? Right? But wait...

Let me make it clear, that the hackers in movies, are not really hackers. In movies, you would hack a server within minutes, and launch a nuclear misscile.

But in real life, it is totally, not the case.

All hackers, white, black, grey, follows some common steps for hacking, they are:

1. Collecting Information

2. Find the weak entry points and get inside the system

3. Tries to gain more permissions, and gain more into the system

4. Clears tracks and returns server to its normal state.

But this is not the same case for all the hackers, as time passed, both black and white hat hackers, devleoped their technique of hacking, of their own.

Steps followed by Black Hat Hackers

Step 1. Information Gathering and Reconissance

    If a hacker, wants to hack a website, then he does some research in the website to check, which softwares are running the website. For example, like the server being used, it's backend application, it's userbase, it's archetucture, etc.

This information, acquired in the step 1, are going to be the base of the further steps, so it is important to note, that "Success of the hack depends on it".

Step 2. Vulnerability Assesment

    Without, moving futher, you must know, what a Vulnerability is. Vulnerability, is a flaw in system that leaves it open to attack, it's also called Security Loopholes.

So, now move into this step 2. Till now, the hacker has all the information gathered about a website. Now he uses, the automated bots, tools, and manual testing to fidn the security loopholes which are present on a website.

Then, after he finds the vulnerabilities, he verifies them, if the loopholes exist or not. This is done, to remove any false security loopholes, which will ease the process of hacking.

Step 3. Penetration Testing and Gaining Access

    In this step, hacker exploits those vulnerability and tries to see the data he wanted to steal. For example, if a hacker tires to hack into a website's database, then in this step, he tries to view and steal the data.

Step 4. Escalating Privelage and Maintain Access

    At this point, the hacker is partially inside the system. What i mean, here is that hacker is able to see the database, but is unable to access the admin dashboard of the site, as admin account has the most permissions. In this step, the hacker tries to hack into it.

In this step, the hacker tries his best to hack the admin account of the account, so that he could gain, more access and have more privilege over the website.

The hacker, after gaining privilege. Tries to install a backdoor on the target website.

A backdoor, is a program that lets the hacker access the system as long as the backdoor is installed in the system. This means, a hacker will have access to the website, even after admin password is changed.

A hacker needs, backdoor, because if the admin password, gets changed or the vulnerability is fixed, then it will be very easy to hack again into the website again in the future, with minimal effort.

Step 5. Clearing Tracks

    In this step, hacker tries to remove all the things he did to the server, and tires to make the server as it was before the hacking.

Hacker, deletes the server log files, removes any extra users (if created), also hacker tires to hide the backdoor, so that no one can notice it.

Steps Followed by White Hat Hackers

White hat hackers, are often refered to as security auditors & security experts. They usually, help organizations with securing their web app.

Step 1. Legal Documentation

    This step involves singning a Memorandum of Understanding, Non Disclosure Agreement, and Financial agreement. Let's know about each of them in a nutshell.

Memorandum of Understanding (MOU), is signed by both the parties, so as to clearly state their objectives and what they expect from one another.

Non-Disclosure Agreement, this is a agreement, which states that no information will be shared to third parties, at any cost. Even the confidential information!

Financial Agreement, this states how much the organization will pay to the white hat hacker, so that there is no debate for payment at the last.

Step 2. Scope Assesment

    This step, deals with writing an agreement which states that which part of website will be tested, and what will be time taken to test those things.

Step 3. Information Assesment

    In this step, the organization, provides information like Test Accounts, Backend Languages, Website Archeticuture. And then the white hat hacker, analyzes it and formulates, which information could be used for hacking purposes.

Step 4. Vulnerability Assesment

    The white hat hacker, now finds, flaws and documents them, for the organization. In this step, the white hat hacker, follows same steps as a black hat hacker would do.

Step 5. Penetration Testing

    The white hat hacker, now starts the exploitation of vulnerability which is found, and at each step, he documents, and at last, he makes a result report.

Just like a black hat hacker, white hat hacker, does the same thing, but there is no intention to harm the system, as there was in the case of black hat hacker.

At last, the white hat hacker, documents everything, and make a Proof of Concept, with all the details of the penetration testing.

Proof of Concept (POC), it is a document, which states the vulnerability, the details of pen. testing, and the proof of the vulnerability exist, with all the proofs attached.

Step 6. Gaining Access

    White hat hackers, now tries to gain access of the system, with the help of the security flaws found, to get inside the system. Similar to as a black hat hacker would do.

Step 7. Privilage Escalation

        Just like the black hat hacker, the white hat hacker, tries to hack into the admin account of the system. so that he could access the tasks and permissions at a superior level.

Step 8. Report Generation

    At this point, the testing part is fully complete. Now, the white hat hacker, formulates a detailed, well documented, report of the entire exercise.

The report, contains, all the exploitations, and the impact of the vulnerabilities found during the penetration testing process.

Step 9. Patch Assistance

    After sending the report to the organization, the organization decides, which loopholes to fix and which not to fix. As the organization, depends on risk, cost, and effort.

The developer, patches the loopholes, and white hat hacker assists him.

Step 10. Revalidation

    White hat hacker, again checks if the loopholes are patched successfully or not. If it is still present, then white hat hacker, again assists the developer to fix it, until the loophole is fully fixed.

All these, 10 steps are followed by white hat hacker, to secure the organization.

Types of Security Testing / Pen Testing

    White hat hacker, now does this testing, with the help of organization or without their help.

Based on the Level of Assitance Provided

The organization, assists the white hat hacker, and this can be classified into three:

1. White Box Testing

    Complete assistance is provided, and the aim is to make the website as secure as it can be. The organization, provides complete assistance in this case.

The organization provides, infromation like, Demo Accounts, Source Code, Architecture, Server Details and more.

2. Black Box Testing

    No assistance, is provided here, the aim is to find out how a black hat hacker if hacking, could harm the organization if no assistance from the organization is provided.

In this case, the white hat and the black hat hacker has the same information.

3. Grey Box Testing

    Again, this is the hybrid of both the testing, we saw before. Here, partial help is provided from the organization to the white hat hacker.

The organization, here may give, some info. like Backend, Demo accounts, but did not give Source Code, and Admin Access.

The aim, here, is to check if a hacker have some information about the organization, then how they can hack it and what harm could they make it.

Most organizations, prefer grey box testing, because of the following reasons:

  • Less effort by both sides, which means less money invested.
  • It gives a feel of how a hacker with minimal information, could hack the organization.

Based on the Location of White Hat Hacker

There are case scenarios here.

1. Internal Testing

    A white hat hacker, sits inside the premises of the organization and tries to exploit the system. He has access to internal network, like servers, pc, switches, etc...

This is done, when organization wants to pen. test on a program which is accessible from their internal network only.

2. External Testing

    A white hat hacker, sits on his own place, and tries to explit the system via internet, without sitting inside the premises of the organization.

In this case, the app which is the target here, must be accessible via internet.

Previous Post: Introduction to Information Technology

Next Post: Computer Networking

This post, that you just read, is a part of Ethical Hacking Post Tree.

I am a passionate writer. Read more.

Post a Comment

Don't spam links or promote stuff in the comments. It's annoying and lowers the conversation quality. Contribute respectfully and helpfully instead.