The article was separated into seven steps that a systematic hacker would follow:
- Perform a footprint analysis
- Enumerate informatio
- Obtain access through user manipulation
- Escalate privileges
- Gather additional passwords and secrets
- Install backdoors
- Leverage the compromised system
At the send of each step, one or more commonly used tool was described. The list did not include links to the tools so I have added them here where appropriate.
Nslookup Command line tool in Windows NT 4.0, Windows 2000, and Windows XP that can be used to perform DNS queries and zone transfers.
Tracert Command line tool used by hackers to create network maps of the target’s network presence.
SamSpade The SamSpade.org Web interface that performs Whois lookups, forward and reverse DNS searches, and traceroutes. Also SamSpade Windows application.
Nmap Unix-based port scanner.
ScanLine Windows NT-based port scanner.
Getmac (From the Windows 2000 resource kit) Windows NT command to obtaining the media access control (MAC) Ethernet layer address and binding order for a computer running Windows NT 4.0, Windows 2000, or Windows XP.
DumpSec Security auditing program for Windows NT systems. It enumerates user and group details from a chosen system. This is the audit and enumeration tool of choice for Big Five auditors (PricewaterhouseCoopers, Ernst & Young, KPMG, Arthur Andersen, and Deloitte & Touche) and hackers alike.
NetBIOS auditing tool Brute force password guessing tool.
Pwdump2 Tool that can obtain password hashes from the SAM database or the Active Directory.
Lsadump2 Tool that exposes the contents of the LSA in clear text.
LC3 (Could not find an appropriate link) Password auditing tool that evaluates Windows NT, Windows 2000, and Windows XP password hashes.
John the Ripper Password cracking tool for several operating systems.
Fpipe A port redirector for Windows systems. Allows the source port for redirected traffic to be specified.