Table of Contents
So, how does a hacker hack, you might think? Right? But wait...
Let me make it clear, that the hackers in movies, are not really hackers. In movies, you would hack a server within minutes, and launch a nuclear misscile.
But in real life, it is totally, not the case.
All hackers, white, black, grey, follows some common steps for hacking, they are:
1. Collecting Information
2. Find the weak entry points and get inside the system
3. Tries to gain more permissions, and gain more into the system
4. Clears tracks and returns server to its normal state.
But this is not the same case for all the hackers, as time passed, both black and white hat hackers, devleoped their technique of hacking, of their own.
Steps followed by Black Hat Hackers
Step 1. Information Gathering and Reconissance
If a hacker, wants to hack a website, then he does some research
in the website to check, which softwares are running the website. For example,
like the server being used, it's backend application, it's userbase, it's
archetucture, etc.
This information, acquired in the step 1, are going to be the base of the further steps, so it is important to note, that "Success of the hack depends on it".
Step 2. Vulnerability Assesment
Without, moving futher, you must know, what a Vulnerability is.
Vulnerability, is a flaw in system that leaves it open to attack, it's also
called Security Loopholes.
So, now move into this step 2. Till now, the hacker has all the information gathered about a website. Now he uses, the automated bots, tools, and manual testing to fidn the security loopholes which are present on a website.
Then, after he finds the vulnerabilities, he verifies them, if the loopholes exist or not. This is done, to remove any false security loopholes, which will ease the process of hacking.
Step 3. Penetration Testing and Gaining Access
In this step, hacker exploits those vulnerability and tries to
see the data he wanted to steal. For example, if a hacker tires to hack into a
website's database, then in this step, he tries to view and steal the data.
Step 4. Escalating Privelage and Maintain Access
At this point, the hacker is partially inside the system. What i
mean, here is that hacker is able to see the database, but is unable to access
the admin dashboard of the site, as admin account has the most permissions. In
this step, the hacker tries to hack into it.
In this step, the hacker tries his best to hack the admin account of the account, so that he could gain, more access and have more privilege over the website.
The hacker, after gaining privilege. Tries to install a backdoor on the target website.
A backdoor, is a program that lets the hacker access the system as long as the backdoor is installed in the system. This means, a hacker will have access to the website, even after admin password is changed.
A hacker needs, backdoor, because if the admin password, gets changed or the vulnerability is fixed, then it will be very easy to hack again into the website again in the future, with minimal effort.
Step 5. Clearing Tracks
In this step, hacker tries to remove all the things he did to
the server, and tires to make the server as it was before the hacking.
Hacker, deletes the server log files, removes any extra users (if created), also hacker tires to hide the backdoor, so that no one can notice it.
Steps Followed by White Hat Hackers
White hat hackers, are often refered to as security auditors & security experts. They usually, help organizations with securing their web app.
Step 1. Legal Documentation
This step involves singning a Memorandum of Understanding, Non
Disclosure Agreement, and Financial agreement. Let's know about each of them
in a nutshell.
Memorandum of Understanding (MOU), is signed by both the parties, so as to clearly state their objectives and what they expect from one another.
Non-Disclosure Agreement, this is a agreement, which states that no information will be shared to third parties, at any cost. Even the confidential information!
Financial Agreement, this states how much the organization will pay to the white hat hacker, so that there is no debate for payment at the last.
Step 2. Scope Assesment
This step, deals with writing an agreement which states that
which part of website will be tested, and what will be time taken to test
those things.
Step 3. Information Assesment
In this step, the organization, provides information like Test
Accounts, Backend Languages, Website Archeticuture. And then the white hat
hacker, analyzes it and formulates, which information could be used for
hacking purposes.
Step 4. Vulnerability Assesment
The white hat hacker, now finds, flaws and documents them, for
the organization. In this step, the white hat hacker, follows same steps as a
black hat hacker would do.
Step 5. Penetration Testing
The white hat hacker, now starts the exploitation of
vulnerability which is found, and at each step, he documents, and at last, he
makes a result report.
Just like a black hat hacker, white hat hacker, does the same thing, but there is no intention to harm the system, as there was in the case of black hat hacker.
At last, the white hat hacker, documents everything, and make a Proof of Concept, with all the details of the penetration testing.
Proof of Concept (POC), it is a document, which states the
vulnerability, the details of pen. testing, and the proof of the
vulnerability exist, with all the proofs attached.
Step 6. Gaining Access
White hat hackers, now tries to gain access of the system, with
the help of the security flaws found, to get inside the system. Similar to as
a black hat hacker would do.
Step 7. Privilage Escalation
Just like the black hat hacker, the white hat
hacker, tries to hack into the admin account of the system. so that he could
access the tasks and permissions at a superior level.
Step 8. Report Generation
At this point, the testing part is fully complete. Now, the
white hat hacker, formulates a detailed, well documented, report of the entire
exercise.
The report, contains, all the exploitations, and the impact of the vulnerabilities found during the penetration testing process.
Step 9. Patch Assistance
After sending the report to the organization, the organization
decides, which loopholes to fix and which not to fix. As the organization,
depends on risk, cost, and effort.
The developer, patches the loopholes, and white hat hacker assists him.
Step 10. Revalidation
White hat hacker, again checks if the loopholes are patched
successfully or not. If it is still present, then white hat hacker, again
assists the developer to fix it, until the loophole is fully fixed.
All these, 10 steps are followed by white hat hacker, to secure the organization.
Types of Security Testing / Pen Testing
White hat hacker, now does this testing, with the help of organization or without their help.
Based on the Level of Assitance Provided
The organization, assists the white hat hacker, and this can be classified into three:
1. White Box Testing
Complete assistance is provided, and the aim is to make the
website as secure as it can be. The organization, provides complete assistance
in this case.
The organization provides, infromation like, Demo Accounts, Source Code, Architecture, Server Details and more.
2. Black Box Testing
No assistance, is provided here, the aim is to find out how a
black hat hacker if hacking, could harm the organization if no assistance from
the organization is provided.
In this case, the white hat and the black hat hacker has the same information.
3. Grey Box Testing
Again, this is the hybrid of both the testing, we saw before.
Here, partial help is provided from the organization to the white hat
hacker.
The organization, here may give, some info. like Backend, Demo accounts, but did not give Source Code, and Admin Access.
The aim, here, is to check if a hacker have some information about the organization, then how they can hack it and what harm could they make it.
Most organizations, prefer grey box testing, because of the following reasons:
- Less effort by both sides, which means less money invested.
- It gives a feel of how a hacker with minimal information, could hack the organization.
Based on the Location of White Hat Hacker
There are case scenarios here.
1. Internal Testing
A white hat hacker, sits inside the premises of the organization
and tries to exploit the system. He has access to internal network, like
servers, pc, switches, etc...
This is done, when organization wants to pen. test on a program which is accessible from their internal network only.
2. External Testing
A white hat hacker, sits on his own place, and tries to explit the system via internet, without sitting inside the premises of the organization.
In this case, the app which is the target here, must be accessible via internet.
Previous Post: Introduction to Information Technology
Next Post: Computer Networking
This post, that you just read, is a part of Ethical Hacking Post Tree.