Hacking Methodology

Hack Responsibly.

Always ensure you have explicit permission to access any computer system before using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here.

Not much here yet...please feel free to contribute at my GitHub page.

MITRE ATT&CK

Categories

The hacking methodology categories align with the enterprise attack tactics in the MITRE ATT&CK matrix. The categories are:

  • Initial access - Gaining initial entry to the target network, usually involving password-guessing, exploits, or phishing emails

  • Execution - Launching attacker tools and malicious code, including RATs and backdoors

  • Persistence - Creating autostart extensibility points (ASEPs) to remain active and survive system restarts

  • Privilege escalation - Obtaining higher permission levels for code by running it in the context of a privileged process or account

  • Defense evasion - Avoiding security controls by, for example, turning off security apps, deleting implants, and running rootkits

  • Credential access - Obtaining valid credentials to extend control over devices and other resources in the network

  • Discovery - Gathering information about important devices and resources, such as administrator computers, domain controllers, and file servers

  • Lateral movement - Moving between devices in the target network to reach critical resources or gain network persistence

  • Collection - Locating and collecting data for exfiltration

  • Command and control - Connecting to attacker-controlled network infrastructure to relay data or receive commands

  • Exfiltration - Extracting data from the network to an external, attacker-controlled location

General methodology

  • Log all commands of the current session

    script $session_name.log
    
    #when finished
    exit
  • Use Joplin, OneNote, CherryTree or other notetaking program to document findings

  • Set the Target IP Address to the $ip system variable

    export ip=target_ip
  • Run nmap -sCV for all TCP and UDP ports

  • For every open port TCP/UDP

    • Find service and version

    • Find known service bugs

    • Find configuration issues

    • Do banner grabbing

  • Google/Web-search

    • Every unknown service/program

    • Every error message

    • Every URL path

    • Every parameter to find versions/apps/bugs

    • Every service version + exploit db

    • Every service version + vulnerability

  • searchsploit every service

  • If app has authentication:

    • User enumeration

    • Password brute force

    • Default credentials google search

  • Run nmap vuln scan

  • Run metasploit enum

  • Run metasploit exploits

Privilege Escalation Standard Operating Procedures

Proper and thorough enumeration is the key to a successful engagement. Privilege escalation is all about:

  • Collecting - Enumeration, more enumeration, and some more enumeration.

  • Processing - Sort through data, analyze, and prioritize.

  • Searching - Know what to search for and where to find the exploit code.

  • Adapting - Customize the exploit so it fits. Not every exploit works for every system "out of the box".

  • Trying - Get ready for (lots of) trial and error.

If you like this content and would like to see more, please consider buying me a coffee!

Last updated