Enumeration.
The third phase is the process of identifying user accounts and
poorly protected computing resources. During the enumeration stage, the
hacker connects to computers in the target network and pokes around
these systems to gain more information. While the scanning phase might
be compared to a knock on the door or a turn of the doorknob to see if
it is locked, enumeration could be compared to entering an office and
rifling through a file cabinet or desk drawer for information. It is
definitely more intrusive.
Penetration.
During the fourth phase, penetration, the attacker attempts to gain
control of one or more systems in the target network. For example, once
an attacker has acquired a list of usernames during enumeration, he can
usually guess one of the users' passwords and gain more extensive access
to that user's account. Alternatively, once the attacker has determined
that a target computer is running an old or buggy piece of software or
one that is configured improperly, the hacker may attempt to exploit
known vulnerabilities with this software to gain control of the system.
Advance.
In the advance phase of hacking, the attacker leverages computers or
accounts that have been compromised during penetration to launch
additional attacks on the target network. For instance, the attacker can
break into more sensitive administrator root accounts, install
backdoors or Trojan horse programs, and install network sniffers
to gather additional information (for example, passwords) from data
flowing over the network.
0 comments:
Post a Comment