Continues from: How Sneaky can a Hacker be: Part 2-3

Clicking the wrong button\typing your password wrong on a login page
Mistakenly clicking the wrong button, doesn’t work as much as it used to, but still may provide information. In some cases, when at a login screen and leaving the user name and password blank and clicking the login button may disclose information if the page is set to display verbose error messages. If the login page is a popup box, in some cases clicking the cancel button may disclose information.

Typing an incorrect user name and password once, may disclose information or provide additional information when viewing the source code. When additional information is displayed in the source code, the website or web application maybe acceptable to an injection attack. If the login page is setup correctly, you will only receive a short text display message, stating “invalid user name or password”.

Executing basic commands
Basic ICMP commands are not determined as a threat to a website or web application. Some commands are required to determine if the website is available to display in your web browser. Running some of these commands may provide us with additional information about website or web application running.

A well-known command is the Echo Request or Ping command. The goal of using this command is to try and discover a domain being hosted locally by the company. The Ping command can be used to see if the website or web application is alive or dead. If the website accepts this command, it can be used to guess unknown sub-domains. This will disclose possible subdomains not readily available from the website or web application. The Ping command will also provide the public IP address of the sub-domain. This information in some cases, may reveal the range of public IP addresses owned by the company.

ICMP offers several different commands and this is only an example of how one of the commands can be used to obtain information about the web application and the company that owns the IP address hosting it.

Moderate the speed of your activity
The speed of your activity is very important. If you perform the actions to fast or create a script to execute the commands rapidly, your actions maybe reported has a threat and then blocked by a security device. You must be patient and perform the actions at a speed of a normal internet user. I would recommend waiting at least 10 to 15 seconds or longer between actions.

The techniques in this article are examples of how an attacker can retrieve information about your company’s network without you knowing that it happened. If your website or web application is setup correctly, then an attacker would not be able to utilize most of these tactics. These types of tactics are some of the more difficult to monitor with any SIEM product.

Read more:

How Sneaky can a Hacker be: Part 1-3

How Sneaky can a Hacker be: Part 2-3




 Register for your FREE Threat Check today: