How you start hacking a specific target.

Hello, this little post will explain in rough details how you start

hacking a specific target.        

First. There are many different ways going about this, but this is one

way.

Information gathering
The first thing you want to do when targeting a specific target is get

as much information as possible before a front attack(if any, being

quiet is much better)
Now this step can take ages if you really want a detailed level of

knowledge. And if you are serious about hacking your target, you

should be detailed here.
What sort of information do I look for you might ask yourself? Well,

anything really. Anything surrounding the target and even things that

surround things that surround your target. Here is a short list of

things that might be useful;
IP(s), some machines/domains/systems or whatever have multiple domains
ISP(s), if small ISP(s), get owner details here as below
Owner. Email, name, location, family, hobby's, Facebook account, phone

number
*Open ports. On ALL of the ips/servers if there are multiple
Service signatures, find out as much as possible about all the open

ports, are they in use? What software are they running at the other

end? Do the services reveal any other information about the system?

OS? Internal IPS?
Hosters(In most cases there will be a hosting company)
Hosters information - Owner and all of that(If the company is small)
Hosters member system, how does the members login? Is there a login?

Is there a forgot password function? Can you exploit the hoster

instead?(might be easier in some cases)
DNS records(if any), subdomains? Hidden domains/info? DNS hosters?

Same as above.
The physical server(s) location / datacenter
And the list goes on and on and on. Literally EVERYTHING about the

company/system/server/target are relevant. The more info you got, the

easier it will be attacking him/her/them/it.

You should decide if you want to target the system or the people of

your target. That is, code/system flaws or human flaws(keyloggers,

Trojans, social engineering, info gathering + password guessing, etc).

This decision should depend on the information you find about your

target. Both can be tried ofcourse, just make sure the target does not

know you are trying to hack it, often one of the attempts will set off

alerts.

This whole information gathering part might seem unnecessary, but

really. Its neat, lets you put things in perspective so you can find

the best point of entry.

The attack
Before an attack is lunched, there are a few things you need to think

about. Here is a list of things you should think about;
Will this company/target rage crazy if I hack them? If so, check 3rd

point.
Will police or other agencies be contacted if I hack them? If so,

check 3rd point.
*Is my privacy good enough? Are you behind a proxy(s)? Should you? Do

the proxy log?(It shouldn't)
Are they running any services at all? If not, you don't really have

any virtual way in..
Are they running web applications? These are typically easier to hack

than services. And have a higher percentage rate of flaws.
Do the target got a open router/switch/modem system? This often

happens with home computers/networks.
Are your target running platforms with logins? These could be

targeted.
Do you have enough time? Its a good practice to have time enough to do

the entire attack in one go. Else you might fire off warnings for the

target, and he can go into a bombshelter We don't want that now, do

we?

Now there are tree ways of attacking in this guide.
- Service/software exploitation
- Web application exploitation
- Human factor exploitation

Service/software exploitation
Here you will exploit one or more services/programs running on the

target system. In most cases, this will be called bufferoverflow. This

can do everything from bypassing a login to give you instant shell

access. In scenarios where the target is running services which is not

a web server(can be tho) this might be the way to go.

Web application exploitation
This is without a doubt the most vulnerable field. Web applications

are flawfull, 70% or so of all pages got some sort of web application

flaw, this ofc may vary from an stupid XSS to a serious RFI. In

scenarios where the target system are running a web server, this is

the first thing to check. Do always check web applications before

going on to service exploitation if you just want to get the target

hacked.

Human factor exploitation
Now if all other things fail, there is ALWAYS a human factor. This can

be social engineering the target to give you limited access, and you

work your way up from there. Or simply tricking the target to trust

you and in some strange way share his password, perhaps not for the

system you are targeting, but for his email or an online account or

whatever, stupid people tend to use the same password or the same

password syntax everywhere. Keep in mind that the human factor doesn't

necessarily have to be your targets owner, could be the hoster, the

DNS hoster, the ISP, family.

Finale note
If you think its necessary, clear your tracks. If you ask me, if you

can see that you have been there you didn't do it right. Take care, be

safe.