Basic concept of Hacking
On one occasion , I 've seen a network security auditor perform a penetration test ( pen - test ) to an IT system . Out of curiosity I looked sedikit2 way penetration test performed . At that time I do not know much any kind of tools are used , which I know he is using tcpdump to analyze packets passing any kind , then to scan multiple hosts using Nessus . There is a web-based application used contained a collection of some exploit . At that time I did not know what the application was , as I recall it uses alamathttp app :/ / 127.0.0.1:55555 , well armed with port 55555 I searched on google , and it turns out it was the Metasploit Framework ! .
The incident inspired me to remember the days past when still seneng2nya ngoprek and not ' contaminated ' by DotA . Finally now I want to learn ngoprek again , tp exploitnya to be more focused . I will make this work into three parts . The first part about how one of the common ways to hack the system . Here I focus more on hacking the OS Windows XP , as the OS is the most widely used of people . The second part of the theory more to exploit . But because it may be very difficult to understand ( my own msh blm can create their own exploits ) , I just wrote the translation that discuss what it is and how to exploit labor . While the last part is practice how to use metasploit mengelakukan penetration test in Windows XP .
part 1
* This is a long article about one of the common ways for hacking . ( jg in the mirror this article by Jim aka Negative Geovedi here ) . The following steps are how to ' standard ' , hacking is actually not necessarily conform to the ' standard ' is .
Hacking for beginners
- By Ach
This article is intended for beginners , and compiled by a novice . Written for knowledge alone . To temen2 who already expert , wrote pretentious dilewat , but also read gpp ....
What exactly is it hacking ? klo according to my understanding , hacking is ngoprek . Yup , hacking is ngoprek , learn something with curiosity ( curiosity ) eminence , ngutak tweaking something , ' ngudek - ngudek ' up to ' offal ' . Things what, then ? it's up to ... be computers, cars , motorcycles , engines . But the problem is guns yes hackers cars , motors hacker , or hackers airplane ? ? hehe ... Although hacking is now synonymous with the ' breaking - breaking ' , but I do not agree klo cuman breaking the server only! . Some say ' Hacking is Art ' , then where is art then? Want to know the real meaning of hacking , try reading the previous article (How to Become A Hacker ) . There dijelasin that hackers associated with the technical proficiency and penchant solve problems and overcome limitations . Examples hackers at this point that is often referred to Linus Torvald ( tau guns ? Was you know who created Linux ) . What he handyman collapse ? not necessarily right ....
In this article , I want to share experiences on hacking , although until now I have never nge - hack into the server . One way to try to simulate the H3cky0uRs3lf Hack ! Make your computer as a server ( as well as learn the configuration server) then install programs that are needed . For example, Web Hacking klo mo , trying to install Apache or IIS . Or we adjust the exploits that we already get a . But better to install Linux or FreeBSD used in personal computers , then configure the server , and then simulating Hack , Hack real afterwards ... Especially in a boarding klo no network .
Pros and Cons Hacking
Pros and Cons
Ethical Hacking All information is free if all the information is free , then there is no privacy ladi
Intrusion Security aspects are illustrated weaknesses in the system does not take a thief to indicate that the door is not locked
Idle Machines Hacking only on idle machines idle machines belong to?
science education but not just breaking into ruin " wannabe hackers " have enormous potential for damaging
Okeh , now is the time to take action ...
1 . Preparation phase
~ Collect as much information as
- In Active : - portscanning
- Network mapping
- OS Detection
- Application fingerprinting
All that can be done using additional Toolz like nmap or netcat
- Passive : - mailing -list ( Jasakom , to topic , hackelink , etc. )
- Via the Internet registries ( information domain , IP Addres )
- Websites that became the target
2 . Execution phase
~ After getting the information , usually obtained information about the OS in use , as well as an open port with a daemon that is running . Further information about the vulnerability for holes ( a program of loopholes ) and utilized using exploit ( packetstromsecurity.org , milw0rm , bugtraq mailing list , or search via # IRC ) .
~ Exploit Vulnerability Holes
- Compile exploits - > local host - >
$ gcc - o exploit exploit.c
$ . / exploit
# Hostname ( # signal gain root access )
remote host - > $ gcc - o exploit exploit.c
$ . / exploit - t www.target.com
# (If lucky get root privileges )
~ Brute Force
- Repeatedly attempted authentication .
- Guessing username and password .
- Cracking a password file
~ Social Engineering
- Trick the user to make a point username and password
- The point ngibulin user ....
3 . After the Execution Phase
~ Installs backdoor , trojans , and rootkits
~ Removes traces by modifying log files that are not suspected of admin
~ Copying / etc / passwd or / etc / shadow / passwd
Well, the point seh how to get into the server as phase one above . Search for information , find exploits , and leave the backdoor . Just a matter of hacking is not as simple as the above methods . It's just a theory , a lot of things to consider if you want mempraketekkan someone hacking into servers . Never mencoba2 hacking into the server without regard to anonymity ( especially klo connectnya through personal computers without using a proxy ) . Myspace klo caught can be troublesome . My suggestion , try the localhost machine first ( personal commuting ) , klo better connected to the LAN . Provide a special server for dioprek . If any ga connected to the network , we can still use the Virtual Machine using VMWare as will be discussed in part 3 !
References :
- Hacking and Defense , Jim Geovedi , negative@magnesium.net
- Network Defense , Jim Geovedi , negative@magnesium.net
www.savehakers.com
No comments:
Post a Comment