Elf Qrin's Lair


Hacking and Security Strategies
STRATEGIES | HACKING TYPES



Overview of Hacking Methods
A summary of all methods of attacking hosts on the internet, sorted by difficulty level. Short introduction to all known kinds of Internet attacks and an evaluation by difficulty.
EASILY PERFORMED ATTACKS
Denial Of Service
  1. Flooding - sending garbage data or reply requests to a host to block its services
  2. Smurfing - using the IP broadcast system and IP spoofing to multiply floods
  3. OutOfBand/Fragment Attacks - exploiting vulerabilites in TCP/IP stack kernel implementations
  4. SYN/RST Flooding - exploiting a vulnerability in TCP implementations (limited cache) to block incoming connections
  5. "Nuking" - using forged ICMP and TCP messages to reset active connections
  6. Specific DoS - generating requests that block one specific vulnerable service

Malicious Software
Note: this evaluates the effort to spread software not to create it
  1. Logical Bomb - program that causes damage under certain conditions (often just due to bugs)
  2. Backdoor - program feature that allows remote execution of arbitrary commands
  3. Worm - Program or trojan that spawns and spreads copies of itself
  4. Virus - programs or code that self-reproduces in existing applications
  5. Trojan - hidden program-in-a-program that executes arbitrary commands

Exploiting Vulnerabilites
  1. Access Permissions - exploiting read/write access to system files
  2. Brute Force - trying default or weak login/password combinations for telnet/pop3 etc. authentication
  3. Overflow - writing arbitrary code behind the end of a buffer and executing it
  4. Race Condition - exploiting a temporary insecure condition created by the execution of a program to gain access to sensitive data

IP Packet manipulation
  1. Port spoofing - using 20/53/80/1024 etc. as source ports to avoid packet filtering rules
  2. Tiny fragments - using 8byte packets to bypass firewalls protocoll-flag/port/size checks
  3. Blind IP spoofing - changing the source IP address e.g. to access passwordless UDP services that rely on IP checking
  4. Nameserver ID "snoofing" - blind spoofing with calculated ID numbers to put false data into NS-caches
  5. Sequence number guessing - calculating TCP SEQ/ACK numbers for hosts with insecure random sequence numbers to establish a spoofed TCP connection from a trusted host
  6. Remote session hijacking - using packet spoofing to intercept and redirect running TCP/UDP sessions

Attacks "from the inside"
  1. "Backdoor" daemons - opening a port for further remote access
  2. Log manipulation - removing traces of attacks and unauthorized access
  3. Cloaking - replacing system files with trojans that hide unauthorized access
  4. Sniffing - monitoring network data and filtering out sensitive data e.g. passwords
  5. Non-blind spoofing - using data monitoring to get the information neccessary to take over active connections or establish forged connections

HIGHEST DIFFICULTY LEVEL
Common Internet Attacks
Hacking strategies, the security holes they exploit and the general preventive actions against it. Shoutouts to all you lame "BOFHs"! I hope this will help you get a clue on what you should be doing ;)
Kind of Attack Compromise Vulnerability Skill needed Type of System Additional Info Protective Measures
denial of service system resources low bandwidth, insecure daemons novice - expert any hard to evade completely, no security problem, selected victims only bandwidth management, firewalls, periodical software updates / version management
local other user data weak passwords, permissions novice any very possible to happen on big multi-user servers software updates, administrative security
cgi I system info, passwd insecure cgi scripts , httpd , permissions novice any webservers delivers information for more serious attacks, random victims software updates,  www security check
cgi II wwwuser shell access, resources, sometimes root insecure cgi scripts, weak passwords and security average unix webservers caused by and creates serious security problems on webservers, random victims software updates, periodical www security checks
trojan sensitive data / passwords, root, access to other systems inadequate security policy novice / average any even possible without any technical vulnerabilities, both selected (social engineering) and random (via junk mail, posting, etc.) victims security policies, application level gateways
remote root compromise complete system, see above insecure / obsolete daemons (remote overflows) average any unix, especially linux, bsd, sun, hpux, dgux reinstallation is recommended after root compromises, mostly random victims periodical software updates , version management and security auditing
sniffing / backlogging credit cards / transaction data / software / access to other systems / databases previous root compromise average / expert preferrably shell servers, isps, e-commerce servers causes more serious damage the later it is noticed, selected victims only security auditing, emergency actions
cgi III root, database / user profiles( for spamming / carding ), webpages obsolete cgi scripts, non-standard / self-written code expert preferrably e-commerce servers, domain / web providers, search engines, government sites causes most serious damage, selected victims only firewall solutions, www/cgi security auditings



Issued on Elf Qrin's Hacking Lab
Legal notices and disclaimer