Qu trnh ti c sch.

M ti ngh 9 bc khi bn xm nhp

vo 1 h thng. Lc u ti cng lan man khi hack vo 1 h
thng. u phi h thng no cng li SQLI,XSS,IIS...etc, d
dng bn log vo u. Nn y l 9 cu thn ch khi xm nhp
h thng.

Cc bc ca Hacker khi mun t nhp vo mt h thng my

ch :

<Bc 1> FootPrinting : Cc mc tiu ca bc ny ch yu l

nhng thng tin ban u

v server . Cng ngh bn cn s dng l : Open source search

( ngun my ch tm kim) Whois , Web interface to whois ,
Arin Whois , DNS zone transfer ( b phn ny ch yu

l kim tra v ngi ch server , DNS .. cu trc server cha

th hin r y ) 1 s cng c : UseNet , search engines
( cng c tm kim ) , Edgar Any Unix client ,
http://www.networksolutions.com/who... ,
http://www.arin.net/whois , dig , nslookup Is d , Sam spade.

<Bc 2> Scanning : Phn ln cc server chu bung thng tin

quan trng trong bc ny, hy c gng tn dng bc ny
trit bit cc port trn server , nghe ng d liu. Cng
ngh bn cn s dng l : Ping Sweep , TCP/UDP port Scan , Os
Detection . Cc cng c : fping , icmpenum Ws_ping ProPack ,
nmap, SuperScan , fscan nmap , queso , siphon .

<Bc 3> Enumeration : n bc ny , cc attacker bt u

kim sot server s b , xc nh cc account trn server , mc
bo v ... Cng ngh bn cn s dng l : List user
accounts , List file share , Identify applications . Cc tool ph tr
: null sessions ,DumpACL , sid2user , OnSite Admin
showmount , NAT , Legion banner grabbing vi telnet , netcat ,
rpcinfo .
<Bc 4> Gaining access : Aha , c d liu kt hp tt
c chng li . Chng ta bt u n gn mc tiu . Hy nm
chc c hi . 1 account c th b Crack . Cng ngh :Password
eavesdropping , File Share brute forcing , Password file grab ,
buffer overflows. Cc tool : tcpdump , L0phtcrack readsmb ,
NAT , legion , tftp , pwdump2 ( NT ) ttdb , bind , IIS ,
.HTR/ISM.DLL

<Bc 5> Escalating privilege : Nu 1 account khng may mn

no mt cp no b crack bc trn , chng ta s c
ci tn dng iu khin Server. Cng ngh : Password
cracking , BUG ,Exploits . Tools : john , L0phtcrack ,
Ic_messages , getadmin , sechole .

<Bc 6> Pilfering : Thng tin ly t bc trn ta nh v

server v iu khin server . Nu bc ny khng thnh cng ,
hy n bc <9> . Cng ngh: Evaluate trusts , Search for
cleartext passwords . Tool : rhost , LSA Secrets user data ,
configuration files , Registry .

<Bc 7> Covering Tracks : H thng lun ghi nhn nhng

hnh ng ca bn . Nu by gi m kt thc , chc bn b tm
ngay . y l bc cc k quan trng. XA LOG .Cng ngh :
Clear logs , hide tools . Tools : Zap , Event log GUI , rootkits , file
streaming.

<Bc 8> Creating Backdoors : Cn phi hi , bn phi li 1

ci cng sau , ln sau c vo th d hn ch . Nu khng thnh
cng , quay li bc <4> xem li cc quyn ca user bn s
dng . Cng ngh : Creat rogue user accounts , schedule batch
jobs , infect startup files , plant remote control services , install
monitoring mechanisms , replace apps with Trojan . Tools :
members of wheel , administrators cron, At rc , Startup folder ,
registry keys , netcat , remote.exe , VNC , BO2K , keystroke
loggers, add acct to secadmin mail aliases login , fpnwclnt.dll
<Bc 9> Denial of Servies : 1 attacker khng thnh cng vi
nhng g anh ta lm ... h s tn dng nhng exploits code
lm cho server ngng hot ng lun , gi l : tn cng
t chi dch v . Cng ngh : SYN flood , ICMP techniques ,
Identical src/dst SYN requests , Overlapping fragment/offset
bugs , Out of bounds TCP options ( OOB ) DDoS . Tools ph tr :
synk4 , ping of death , smurf land , latierra , teardrop , bonk ,
newtear , supernuke.exe , trinoo/TFN/stacheldraht.