If you want to know how to cyber attack other devices, the information for it is on the internet messily. The purpose of this article is to teach you the steps and scenarios of an attack systematically. First of all, I’d like you to know that a cyber attack is no different than robbing a bank. However, online robbery doesn’t happen by someone yelling “Give me the money!” in your face. It happens step-by-step and requires precision. Before telling you about the steps in detail, let’s talk about the objectives and attack motivesof an attacker.
A- Attack Motives
- Curiosity: This is the main feeling that an attacker has.
- Desire for financial gain: Of course, money. No need to talk about it that much.
- Desire to be famous
- Damaging reputation: The attacker may have a problem with their victim and that may be why they’re attacking them.
- Just fun
- Political reasons
- Challenging others
are the general attack motives
1- Data Collecting
I want you to think of yourself as an attacker untill the end of this article. As example, you want to rob a bank. If you care about your life and if you’re a little bit smart, the first thing to do would be to gather as much data as you can. These datas would be like:
What’s the location of the bank? Is the area well protected? How many cameras are there in and around the building? and etc.
We can expand these examples but it’s not quite important since we’re not trying to physically rob a bank. Now, let’s return to our subject.
The range of the data collecting process is:
- Finding the Network IP range
- Determining the amount of active systems in the IP range
- Detecting open ports and access points
- Identifying the operating systems
- Making the network map
I personally think that data collecting step is the most important. It’s the rule of struggling in every part of life. The more you know about your rival, the more advantage you have. The objective of this step is to recognize the target system in the best way possible. Best ways to recognizing a system as a cyber attacker is:
- Whois database query
- DNS and IP database query
- Domain Registeration
Whois stores the information of the domain. It also includes the domain’s registeration date and deadlines as well as the name server info of the company that the domain is hosted from. As example, it can show the full name of the owner of domainname.com as well as their phone number and the name server (ns) info of their hosting company.
With Whois you can get information such as:
- DNS address
- Domain deadline
- IP address
- The contact address information of the person who owns the domain
- Phone information
To do Whois, you can use tools like:
- Netscan tools
Sends query to DNS server and gets a response back. The objective is to achieve the IP information through DNS.
C- Finding the Network Range
It’s important to determine the target network IP range. The attacker can see every active system’s vulnerabilites.
Tools for this process:
- My IP Suite
D- Network Mapping
After the determining the IP addresses, you can also detect road that packets follow to get to the target system to try and get more information. The traceroute structure is used in this process.
Traceroute: It’s a program that shows us which server and/or routers that an IP passes from. If you want to use it on Windows, open the command line and type tracert ip/host in it and press enter.
- Neotrace Pro Mcafee Visual Trace
- Path Analyzer: software that makes the network mapping.
E- Data Collecting by Email
When the target sends an email to an email address that doesn’t exist, mail servers respond the email to notify that an address like that doesn’t exist. In this response, you may be able to get the IP address and some information about the target machine. There are also software that search the header records and get the IP address like that, such as Email Tracker Pro and etc.
F- Location Detection by IP
Some websites do that for you.
G- Data Collecting Using Google
There’s ways to collect data on a simple search engine like Google
Intitle/allintitle: Searches the phrase in website titles
Example: intitle:”Network Camera”, intitle:”WJ-NT104 Main”
site: Searches in a certain domain extension or in the domain itself.
Example: “site:tr” , “site:en” , “site:com.en” , “site:networkpentest.net”
filetype: Searches files with a certain file extension
Example: “filetype:pdf”, “filetype:mdb”, ”filetype:xls”, “filetype:doc”, “filetype:log”
link: Searches the phrase in places and websites it’s been linked in.
(Some parts are taken from bga.com.tr)
And next time, we’ll start the second big step of our attack.
See you next time!