Intrusion Techniques¶
links: SPA TOC - Hacking Basics - Index
Physical Intrusion¶
This is the worst attack from a victims point of view, as the attacker has access to the hardware itself.
Remote Intrusion¶
Happens over the network. Starting with nmap
or other tools. Using software bugs, configuration bugs, design flaws, weak passwords or Social Engineering.
Software Bugs (CWE)¶
See also: Web Security
- Out-of-bounds Write
- Improper Neutralisation of Input during Web Page Generation (Cross-site Scripting)
- Improper Neutralisation of Special Elements used in an SQL Command (SQL Injection)
- Use After Free
- Improper Neutralisation of Special Elements used in an OS Command (OS Command Injection)
- Improper Input Validation
- Out-of-bounds Read
- Path Traversal
- Cross Site Request Forgery (CSRF)
- Unrestricted Upload of File with Dangerous Type
- Missing Authorisation
- NULL Pointer Dereference
- Improper Authentication
- Integer Overflow or Wraparound
- Deserialisation of Untrusted Data
- Command Injection
- Improper Restriction of Operations within the Bounds of a Memory Buffer
- Use of Hard-coded Credentials
- Server-Side Request Forgery (SSRF)
- Missing Authentication for Critical Function
- Race Condition
- Improper Privilege Management
- Improper Control of Generation of Code (Code Injection)
- Incorrect Authorisation
- Incorrect Default Permissions
Configuration Bugs¶
- Leaving bad default configurations in place
- Running unnecessary services (bigger attack surface)
- Trust relationships between systems \(\rightarrow\) Weakest link
Design flaws¶
- Protocol flaws
- Poor system administrator practices (let's try first without security and then forgot to change it)
Weak passwords¶
Passwords are still the most widely used method in 2024. If they are weak they be cracked through guessing, dictionary attacks, brute fore attacks and rainbow tables. Or acquire them by sniffing, replay, observation, social engineering or key logging.
Intrusion Scenarios¶
- reconnaissance (appearing as a normal user, hard to detect)
- scanning (ICMP scan, Port scan, identify OS and software)
- running exploits (exploit a vulnerability that was found, you cross the line here)
- establish a foothold (hide evidence, rootkit installation, replace services, hack other systems from here)
- playing for profit
Shortcut Intrusion Scenarios¶
- Use automated tools for scanning and break in
- Create fake websites to harvest credentials
- Infect vulnerable websites with malware
- Scam mails and messages for social engineering
- Or directly by phone, as a fake support agent
links: SPA TOC - Hacking Basics - Index