Five Steps/Phases of Hacking

  1. Research/Reconnaissance/Footprinting - Intel - Information Gathering - Recon active passive - gather information from publicly accessible sources Know their security posture reduce focus area identify vulnerabilities document / draw network map

  2. Scanning the IP Address with nMap nmap -A -T4 -p- 10.10.10.40 handshake syn syn ack reset rst (up arrow show stats) --other methodologies or strategies all scan 65,000 ports regular scan to see what ports are open then scan only the ports open

  3. Enumeration/Exploitation/Gain Access port 445 = SMB Metasploit use options set rhosts options targets exploit

  4. Post Exploitation / Maintain Access Keep or return to same level of access (rootkit, trojan) Manipulating data over a long period of time

  5. Cover Your Tracks do not be noticed overwrite, modify, destroy logs

** message signing disabled on smb is a no-no, but is set by default, allows man in the middle attacks https://www.rapid7.com is a good website

Capture 4-way handshake, then crack it. Test Guest network to see if it is isolated https://amzn.to/2XOLl0G

What is the three-way handshake? TCP - SYN, SYN-ACK, ACK connected oriented, sustainable, handshake (three-way) UDP - connectionless, fast, no handshake

Stealth scan, not as stealthy now, RST (reset). SYN, SYN-ACK, RST - don't actually make a connection so it is supposed to be stealthy, but it can be detected nowadays.

meterpreter

  • sysinfo

  • hashdump

  • getuid

  • shell

Apps

  • metagoofil

  • web data extractor

  • octoparse

  • email tracker pro