Step by step how to hacking web

Step 1 – Reconnaissance

Reconnaissance is the first step of a Penetration Testing service. Reconnaissance services can include researching a target’s Internet footprint, monitoring resources, people, and processes, scanning for network information such as IP addresses and systems types, social engineering

public services such as help desk and other means.

The following is the list of Reconnaissance goals:

• Identify target(s)

• Define applications and business use

• Identify system types

• Identify available ports

• Identify running services

• Passively social engineer information

• Document findings

Step 2 – Target evaluation

At this point, the Penetration Tester should know enough about a target to select how to analyze for possible vulnerabilities or weakness.

The following is the list of Target Evaluation goals:

• Evaluation targets for weakness

• Identify and prioritize vulnerable systems

• Map vulnerable systems to asset owners

• Document findings

Step 3 – Exploitation

This step exploits vulnerabilities found to verify if the vulnerabilities are real and what

possible information or access can be obtained. The success of this step is heavily dependent on previous efforts. Most exploits are developed for specific vulnerabilities and can cause undesired consequences if executed incorrectly.

Some examples are running SQL Injections to gain admin access to a web application

or social engineering a Helpdesk person into providing admin login credentials.

The following is the list of Exploitation goals:

• Exploit vulnerabilities

• Obtain foothold

• Capture unauthorized data

• Aggressively social engineer

• Attack other systems or applications

• Document findings

Step 4 – Privilege Escalation

Having access to a target does not guarantee accomplishing the goal of a penetration

assignment. In many cases, exploiting a vulnerable system may only give limited

access to a target’s data and resources. The attacker must escalate privileges granted

to gain the access required to capture the flag, which could be sensitive data, critical

infrastructure, and so on.

Privilege Escalation can include identifying and cracking passwords, user accounts,

and unauthorized IT space. An example is achieving limited user access, identifying

a shadow file containing administration login credentials, obtaining an administrator

password through password cracking, and accessing internal application systems

with administrator access rights.

The following is a list of Privilege Escalation goals:

• Obtain escalated level access to system(s) and network(s)

• Uncover other user account information

• Access other systems with escalated privileges

• Document findings

Step 5 – maintaining a foothold

The final step is maintaining access by establishing other entry points into the target. Best practice is establishing other means to access the target as insurance against the primary path being closed. Alternative access methods could be backdoors, new administration accounts, encrypted tunnels,

and new network access channels.

The other important aspect of maintaining a foothold in a target is removing evidence of the penetration

The following is a list of goals for maintaining a foothold:

• Establish multiple access methods to target network

• Remove evidence of authorized access

• Repair systems impacting by exploitation

• Inject false data if needed

• Hide communication methods through encryption and other means

• Document findings