Joke Collection Website - Blessing messages - Hacking means
Hacking means
1, Network Scan-Search extensively on the Internet to find out the weaknesses in a specific computer or software.
2, network sniffer-secretly check the password or all the contents of the data packet captured through the Internet. Monitor the network data flow by installing a listener program to obtain the user name and password typed by the user when connecting to the network system.
3. Denial of service-By repeatedly sending too many information requests to the devices on the website, hackers can effectively block the system on the website, resulting in the failure to complete network service items (such as email systems or online functions), which is the so-called "denial of service" problem.
4. Deceive users-forge email addresses or web addresses to obtain passwords, credit card numbers, etc. From the user. Deception is a process used to deceive the target system and make it think that information comes from or is sent to someone it trusts. Deception may occur at and above the IP layer (address resolution deception, IP source address deception, email deception, etc.). ). When the IP address of the host is considered valid and trusted by Tcp and Udp services. Using the source routing of IP address, the attacker's host can pretend to be a trusted host or client.
5. Trojan Horses-A program that users can't find, which contains instructions that can exploit some known weaknesses in software.
6, the back door-in order to prevent the original entry point from being discovered, leave a few hidden paths to facilitate re-entry.
7. Malicious applet-microprogram, which modifies files on the hard disk, sends false emails or steals passwords.
8, competitive dialing program-can automatically dial thousands of phone numbers to find a way to get into the modem connection. Instructions in a computer program that can trigger malicious operations.
9, buffer overflow-send too much data to the computer memory buffer, in order to destroy the computer control system or gain computer control.
10, password decoding-guess the password with software. The usual practice is to crack the encrypted password by monitoring the password data packets on the communication channel.
1 1, social engineering-talk to company employees and get valuable information.
12, garbage diving-carefully check the company's garbage and find information that is helpful to enter the company's computer.
(2) hacking methods:
1, hide the hacker's location
Typical hackers will use the following techniques to hide their real IP addresses:
Use the invaded host as a springboard;
Use Wingate software as a springboard in a computer with Windows installed; Use an improperly configured proxy as a springboard.
More sophisticated hackers will use phone transfer technology to hide themselves. Their common methods are: using the private transfer service of 800 telephone to connect to ISP, and then stealing other people's accounts to surf the Internet; Connect the host by phone, and then access the Internet through the host.
It is especially difficult to use this "three-hop" mode to track the Internet on the telephone network. Theoretically, hackers may come from any corner of the world. If a hacker uses the 800 number to dial up the Internet, he doesn't have to worry about the cost of surfing the Internet.
2. Network detection and data collection
Hackers use the following means to learn the host names on the intranet and extranet.
Use the ls command of nslookup program;
Find other hosts by visiting the company homepage;
Reading documents on FTP server;
Connect to the mail server and send an expn request;
Finger user name on the external host.
Before looking for vulnerabilities, hackers will try to collect enough information to outline the layout of the whole network. Using the information obtained from the above operations, hackers can easily list all the hosts and guess the relationship between them.
3. Find the trusted host.
Hackers always look for trusted hosts. These hosts may be machines used by administrators or servers that are considered very secure.
Next, he will check the NFS output of all hosts running nfsd or mountd. Usually some key directories of these hosts (such as /usr/bin, /etc and /home) can be mounted by trusted hosts.
Finger daemon can also be used to find trusted hosts and users, because users often log in from specific hosts.
Hackers also check trust relationships in other ways. For example, he can use the vulnerability of CGI to read the /etc/hosts.allow file and so on.
After analyzing the above inspection results, we can have a general understanding of the trust relationship between hosts. The next step is to detect which of these trusted hosts have vulnerabilities that can be attacked by remote hackers.
4. Identify vulnerable network members.
When a hacker obtains a list of internal and external hosts of the company, he can use some Linux scanner programs to find the vulnerabilities of these hosts. Hackers usually look for fast Linux hosts to run these scanners.
All these scanners perform the following checks:
TCP port scanning;
RPC service list;
NFS output list;
Shared (such as samba, netbiox) list;
Default account check;
Defective versions of Sendmail, IMAP, POP3, RPC status and RPC mountd were detected.
After these scans, hackers know exactly which hosts to use.
If the router is compatible with SNMP protocol, experienced hackers will try to use active SNMP scanners or use "brute force" programs to guess the public and private community strings of these devices.
5. Take advantage of loopholes
Now, hackers have found all trusted external hosts and all possible vulnerabilities of external hosts. The next step is to start invading the host.
Hackers will choose a trusted external host to try. Once the successful invasion, hackers will start from here and try to enter the company's internal network. But the success of this method depends on the filtering strategy between the internal host and the external host of the company. When attacking an external host, hackers usually run a program and use a defective daemon running on the external host to steal control. Vulnerable daemons include Sendmail, IMAP and POP3 versions, as well as RPC services such as statd, mountd and pcnfsd. Sometimes, those attacking programs must be compiled on the same platform as the attacked host.
6. Gain control
Hackers will do two things after taking advantage of daemon's vulnerability to enter the system: clear records and leave a back door.
He will install some backdoor programs so that he can re-enter the system unnoticed in the future. Most backdoor programs are pre-compiled and can be used only by modifying the time and permissions, even if the size of the new file is the same as that of the original file. Hackers usually use rcp to transfer these files to avoid leaving FTP records.
Once they were convinced that they were safe, hackers began to invade the company's entire intranet.
7. Stealing network resources and permissions
After the hacker finds the target, he will continue the next attack. The steps are as follows:
(1) Download sensitive information
If the hacker's purpose is to download sensitive information from the FTP or WWW server inside the organization, he can easily obtain this information by using an external host that has been hacked.
(2) Attacking other trusted hosts and networks
Most hackers just want to detect the hosts on the intranet and gain control. Only those "ambitious" hackers will install Trojan horses and backdoor programs and clear records in order to control the whole network. Hackers who want to download data from key servers are usually not satisfied with entering key servers in one way. They will try their best to find out the hosts trusted by key servers and arrange several backup channels.
(3) Install sniffer.
In the intranet, the most effective way for hackers to quickly obtain a large number of accounts (including user names and passwords) is to use the "sniffer" program.
Hackers will use the methods mentioned in the above sections to gain control of the system and leave a back door for re-invasion to ensure that sniffer can be executed.
(4) Network paralysis
If hackers have invaded the server running key applications such as database and network operating system, it is easy to paralyze the network for a period of time.
If a hacker enters the company's intranet, he can use the weaknesses of many routers to restart or even shut down the routers. If they can find the most critical router vulnerability, they can completely paralyze the company's network for a period of time.
- Related articles
- What if I quarrel with my mother-in-law before marriage?
- Why didn't my boyfriend send me a message during the Spring Festival?
- What do you and your wife say on the phone every day?
- Does mi band 8 standard edition have a little love?
- Excuse me, what will happen if it is overdue for one month?
- Amateur radio lovers, questions about roof antennas.
- Joe harris, the most unique shooter in the league, hit a high three-pointer, but why is his free throw percentage low?
- Bagua Tarot: Details reveal whether men and women are romantic
- Where is the sales office of Guangzhou Vanke Jinyu Yuefu?
- Who sent a text message saying that the plane ticket was booked successfully but not on official website? China International Airlines, but it was actually booked by Chihiro Airlines.