Cracking the System Tutorial 1 - Footprinting:
Before I start this tutorial I want people to understand the difference between hackers. Hackers are classified into 3 different groups. White Hat, Grey Hat, and Black Hat.
White hat hackers, also known as "ethical hackers," are computer security experts, who specialize in penetration testing, and other testing methodologies, to ensure that a company's information systems are secure. Such people are employed by companies where these professionals are sometimes called "sneakers." Groups of these people are often called tiger teams or red teams. These security experts may utilize a variety of methods to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to evade security to gain entry into secured areas.
A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts illegally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.
Black Hat Hackers (also called "crackers"), are hackers who specialize in unauthorized penetration. They may use computers to attack systems for profit, for fun, or for political motivations or as a part of a social cause. Such penetration often involves modification and/or destruction of data, and is done without authorization and hence they should not be confused with ethical hackers.
Now to start with the tutorial. This one will be short.
The first thing I want you to know is the difference between an IDS and a Firewall. A Firewall will block most attacks and an IDS will send an alert but not block ALL attacks.
Before you break into a system, you have to collect as much intelligence as you can on the target. You have to oberve and gather information on the target before hacking. This is called Footprinting. Footprinting is achieved by using techniques undetectable by the target. There are many ways that a hacker may do this. Some examples of passive ways would be looking up information on their website, such as employment of a certain kind of server manager. Some people call the company and ask for information as a customer.
There are many tools to help gather what you need aswell. Samspade and whois are good ones. During this time people gather many things such as employee names, phone numbers, addresses, and server tecnology.
Techniques for active footprinting are banner grabbing and viewing company's public website source
Banner grabbing allows the server to send a block of information about the server to you including its operating system. The OS information is needed when exploiting. It is also called HTTP Fingerprinting.
The simplest and most basic form of identifying HTTP servers is to look at the Server field in the HTTP response header. Using a TCP client like netcat, it is possible to send an HTTP request to return the HTTP response header of the server.
An example of banner grabbing:
HTTP/1.1 200 OK Date: Mon, 17 May 2009 Server: Apache/1.3.3 (Unix) (Red Hat/Linux) Last-Modified: Wed, 07 Oct 2009 ETag: "1616-19g-174x2ds1" Accept-Ranges: bytes Content-Length: 1291 Connection: close Content-Type: text/html