vo 1 h thng. Lc u ti cng lan man khi hack vo 1 h thng. u phi h thng no cng li SQLI,XSS,IIS...etc, d dng bn log vo u. Nn y l 9 cu thn ch khi xm nhp h thng.
Cc bc ca Hacker khi mun t nhp vo mt h thng my
ch :
<Bc 1> FootPrinting : Cc mc tiu ca bc ny ch yu l
nhng thng tin ban u
v server . Cng ngh bn cn s dng l : Open source search
( ngun my ch tm kim) Whois , Web interface to whois , Arin Whois , DNS zone transfer ( b phn ny ch yu
l kim tra v ngi ch server , DNS .. cu trc server cha
th hin r y ) 1 s cng c : UseNet , search engines ( cng c tm kim ) , Edgar Any Unix client , http://www.networksolutions.com/who... , http://www.arin.net/whois , dig , nslookup Is d , Sam spade.
<Bc 2> Scanning : Phn ln cc server chu bung thng tin
quan trng trong bc ny, hy c gng tn dng bc ny trit bit cc port trn server , nghe ng d liu. Cng ngh bn cn s dng l : Ping Sweep , TCP/UDP port Scan , Os Detection . Cc cng c : fping , icmpenum Ws_ping ProPack , nmap, SuperScan , fscan nmap , queso , siphon .
<Bc 3> Enumeration : n bc ny , cc attacker bt u
kim sot server s b , xc nh cc account trn server , mc bo v ... Cng ngh bn cn s dng l : List user accounts , List file share , Identify applications . Cc tool ph tr : null sessions ,DumpACL , sid2user , OnSite Admin showmount , NAT , Legion banner grabbing vi telnet , netcat , rpcinfo . <Bc 4> Gaining access : Aha , c d liu kt hp tt c chng li . Chng ta bt u n gn mc tiu . Hy nm chc c hi . 1 account c th b Crack . Cng ngh :Password eavesdropping , File Share brute forcing , Password file grab , buffer overflows. Cc tool : tcpdump , L0phtcrack readsmb , NAT , legion , tftp , pwdump2 ( NT ) ttdb , bind , IIS , .HTR/ISM.DLL
<Bc 5> Escalating privilege : Nu 1 account khng may mn
no mt cp no b crack bc trn , chng ta s c ci tn dng iu khin Server. Cng ngh : Password cracking , BUG ,Exploits . Tools : john , L0phtcrack , Ic_messages , getadmin , sechole .
<Bc 6> Pilfering : Thng tin ly t bc trn ta nh v
server v iu khin server . Nu bc ny khng thnh cng , hy n bc <9> . Cng ngh: Evaluate trusts , Search for cleartext passwords . Tool : rhost , LSA Secrets user data , configuration files , Registry .
<Bc 7> Covering Tracks : H thng lun ghi nhn nhng
hnh ng ca bn . Nu by gi m kt thc , chc bn b tm ngay . y l bc cc k quan trng. XA LOG .Cng ngh : Clear logs , hide tools . Tools : Zap , Event log GUI , rootkits , file streaming.
<Bc 8> Creating Backdoors : Cn phi hi , bn phi li 1
ci cng sau , ln sau c vo th d hn ch . Nu khng thnh cng , quay li bc <4> xem li cc quyn ca user bn s dng . Cng ngh : Creat rogue user accounts , schedule batch jobs , infect startup files , plant remote control services , install monitoring mechanisms , replace apps with Trojan . Tools : members of wheel , administrators cron, At rc , Startup folder , registry keys , netcat , remote.exe , VNC , BO2K , keystroke loggers, add acct to secadmin mail aliases login , fpnwclnt.dll <Bc 9> Denial of Servies : 1 attacker khng thnh cng vi nhng g anh ta lm ... h s tn dng nhng exploits code lm cho server ngng hot ng lun , gi l : tn cng t chi dch v . Cng ngh : SYN flood , ICMP techniques , Identical src/dst SYN requests , Overlapping fragment/offset bugs , Out of bounds TCP options ( OOB ) DDoS . Tools ph tr : synk4 , ping of death , smurf land , latierra , teardrop , bonk , newtear , supernuke.exe , trinoo/TFN/stacheldraht.