CEH v10 hacking concept Types and phases

Hacking Truth
0




A word that is embeded in the mind of every youth in this modern period, and this words attracts these  youths so much that they cannot stop themselves and that is the word that and perhaps you will be the people from me who will get pleasure from inside by hearing the name hacking word and there will be many of you who want to become hackers, so in this modern era it it hacking. The word is very exciting.

so, in via this article website we will know about ethical hacking, I think currently version of Ethical Hacking is in 10 ( CEHv10 ) trend and since many people are involved in preparing for the exam, we want that through this article too you can increase your knowledge in many places and share your knowledge. CEH v10 hacking concept Types and phases


Hacking Concepts Types and Phases

Who is Hacker ?

Me, you, they are, etc...hahah Hacker is the one who is very smart enough to steal the information such as business data, individual data, financial market information stealer, credit card stealer and information, username & password from the system he is unauthorized to get this information by taking unauthorized control access over the system using different techniques and tools etc. Hacker have great mind but you don't mind for this becuase not everyone is born talented and hackers, they make themselves. So, hackers have great skills, ability to develope software and explore software and hardware. Their intention can be eithter doing illegal things for fun or sometimes they are paid to hack.  hacking concept Types and pahases


 Types of Hacker



Black Hat Hacker :- Hacker with illegal mind and with malicious and destructive activites with extraordinary skills also, knows as crackers.


White Hat Hackers :- Hackers with leggal mind , security analyst, or individuals with hacking skills using them for defensive purpose.


Gray Hat Hackers :- Gray hat hackers are those who work for both, offensively and defensively.


Sucide Hackers :- Sucide hackers are those who aim for destraction without worrying about punishment.


Cyber Terrorist :- Skilled individual, motivated by religious or political beliefs attacking or large scale to create fear.


Script Kiddes :- Unskilled hackers, hacking and compromising system using tools are script made by real hackers.


Hacktivists :- Hackers promoting political agenda, traditionally by defacing or disabling  the websites.


 
https://www.youtube.com/channel/UCa2s3RmE4B-hRsgKSjJLx_w



Hacking 

Hacking is identifying weakness in computer systems or network to exploit its weakness gain access. Example of hacking :- using password cracking algorithm to gain access to a system.



  Read more also   :- Hacking



Types of Hacking

1) Network Hacking
2) Website Hacking
3) Computer Hacking
4) Password Hacking
5) Email Hacking



Hacking Phases

 The following are the five phases of hacking :-


1) Reconnaissance
2) Scanning
3) Gaining Access
4) Maintaining Access
5) Clearing Attacks


Reconnaissance 


Reconnaissance is an initial preparing phase for the attacker to get ready for an attack by gathering the informatiion about the target before launching an attack using different tools and techniques. Gathering of information about IP address, host name, domain, sub domain, network information, system information, location information, server information, organization and individual information, etc. The target makes it easier for an attacker, even on a large scale. Similarly, in large scale, it helps to identify the target range.


In Reconnaissance there are two form of reconnaissance :-

1) Passive Reconnaissance 
2) Active Reconnaisance

Passive Reconnaissance

The hacker is acquiring the information about target without interacting the target directly. An example of passive reconnaissance is public or social media searching for gaining information about the target.


Active Reconnaissance

In Active Reconnaissance, the hacker gaining information by acquiring the target directly. Examples of active reconnaissance are via calls, emails, help desk or technical department.


Scanning 

In scanning phase, is a  pre-attack phase, in this phase, attacker scans the network by information acquired during the initial phase of reconnaissance. Scanning tools like Dialers, scanners such as Port scanners, Network mapper ( Nmap ), client tools sucha s ping,a s well as vulnerabilites scanner. During the scanning phase, attacker finailly fetches the information of ports including port status, operating system information, device type, live machines, and other information depending upon scanning.


Gaining Access

In this phase, hacker designs the blueprint of the network of the target with the help of data collected during Phase 1 and Phase 2. The hacker has finished enumerating and scanning the network and now decide that they have a some options to gain access to the network.

For example, say hacker chooses Phishing Attack: The hacker decides to play it safe and use a simple phishing attack to gain access.  The hacker decides to infiltrate from the IT department.  They see that there have been some recent hires and they are likely not up to speed on the procedures yet.  A phishing email will be sent using the CTO’s actual email address using a program and sent out to the techs.  The email contains a phishing website that will collect their login and passwords.  Using any number of options (phone app, website email spoofing, Zmail, etc) the hacker sends a email asking the users to login to a new Google portal with their credentials.  They already have the Social Engineering Toolkit running and have sent an email with the server address to the users masking it with a bitly or tinyurl.

Other options include creating a reverse TCP/IP shell in a PDF using Metasploit ( may be caught by spam filter).  Looking at the event calendar they can set up a Evil Twin router and try to Man in the Middle attack users to gain access.  An variant of Denial of Service attack, stack based buffer overflows, and session hijacking may also prove to be great.



https://www.youtube.com/channel/UCa2s3RmE4B-hRsgKSjJLx_w


Maintaining Access / Escalating of Privileges

Maintaining access phase is the point when an atttacker is trying to maintain the access, ownership & control over the compromised systems. Similarly, attacker prevents the owner from being owned by any other hacker. They use Rootkits, backdoors or Trojans to retain their ownership. In this phase, an attackers may steal information by uploading the information to the remote server, downlaod any file on the resident system, and manipulate the data and configuration. To compromise other systems, the attacker uses this compromised system to launch attacks.


Clearing Tracks

An attacker must hide his identity by covering the tracks. Covering tracks are thosse activities which are carried out to hide the malicious activites. Covering tracks is most required and compulsory for an attacke or hacker to fulfill their intentions by continuing the access to the compromised system, remain undetected & gain what they want, remain, unnotices and wipe all evidence that indicates his identity. To manipulate the indentity and evidence, the attacker overwrites the identity. Manipulate the identity and evidence,the attacker overwrites the system, application, and other realted logs to avoid suspicion.





Video Tutorial :- CEH v10 hacking concept Types and phases



       



I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



- Hacking Truth by Kumar Atul Jaiswal



Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !