Anatomy of Attacks

Steps in Web Application Attacks (Microsoft)

  • Survey and Assess: The first step an attacker usually takes is to survey the potential target to identify and assess its characteristics. The attacker uses the information gathered in the survey and assess phase to plan an initial attack. For example, an attacker can detect a cross-site scripting (XSS) vulnerability by testing to see if any controls in a Web page echo back output.
    • Demo (check if returned page runs JavaScript by entering: "<script>"http://...")</script>")
  • Exploit and Penetrate: The next step is to exploit and penetrate. For an attacker, the easiest way into an application is through the same entrance that legitimate users use, for example, through the application's logon page or a page that does not require authentication.
  • Escalate Privileges: After attackers are able to get in, they manage to escalate the privileges. They specifically look for administration privileges provided by accounts that are members of the Administrators group. They also seek out the high level of privileges offered by the local system account.
  • Maintain Access: Having gained access to a system, the attackers then take steps to make future access easier and to cover up their evil tracks. Common approaches for making future access easier include planting back-door programs or using an existing account that lacks strong protection.
  • Deny Service: Attackers who cannot gain access often mount a denial of service attack to prevent others from using the application. For other attackers, the denial of service option is their goal from the outset.
Steps in Web Application Attacks

(source: Improving Web Application Security)

Steps in Web Application Attacks (Security Innovation)

  • Data Gathering: The hacker attempts to learn as much information about the target machine and target's organization as possible. 
  • Exploitation  Based on vulnerabilities found in the Data Gathering phase, the hacker tries to find the most powerful vulnerability with the least amount of difficulty and the least possibility of being traced or discovered.
  • Elevate Privileges: The hacker tries to elevate his privileges to administrator or root  to install a rootkit, cover tracks, and gather more sensitive information. 
  • Cover Tracks and Install Tools: Many tools may be utilized to aid the hacker in covering their tracks including destroying logs, installing backdoors, key loggers, and other rogue applications.
  • Gather Sensitive Information: Once each of these steps has been completed the hacker can finally reap the fruits of his efforts. 
     (read more...)