With the popularization of Internet networks in China, various hacking attacks have followed the network destruction behavior. If we want to better protect the network, we must understand the various methods of hacker attacks, master the psychology of hackers, the so-called "know ourselves and know the enemy, a hundred battles are invincible", only in this way can we better do a good job in network security protection measures to avoid the invasion of various hackers. Let's first understand the classification of hackers:
In the process of continuous learning, it is usually based on several factors such as personality, environment, and the purpose of learning hacking technology, which type of hacker he will become in the future:
A. Black hat refers to professional hackers who use hacking techniques to attack systems to obtain improper benefits and maintain their livelihoods.
B. Gray hat This part of the hacker is usually black and white, and can not only be the company's security consultant, but also do some shady things.
C. White hats These hackers are a bit like the recruited Liangshan heroes, who are proficient in hacking technology and begin to engage in technical research on network security, so as to contribute to the cause of network security.
D. Red hats This group of people is often called "red guests", and often stand up to fight back against the enemy when the interests of the country and the people are threatened, and their biggest characteristics are unity and cooperation and cultivating novices, so they are most popular with beginners, and the impact on beginners is relatively far-reaching.
E. No hat refers to some people who have learned hacking techniques, but have stopped for other reasons, and this part of the people is not a few, and this part of the people usually shout for the name of the hacker.
Now that we have a rough understanding of the classification of hackers, let's take a look at how mysterious hackers carry out cyber attacks.
1. Information collection
Before hackers attack a host, they usually carry out a series of information collection activities on the target host, which mainly includes the type of the other party's operating system, the purpose of the other host's (WEB server, mail server, database server, etc.), the services provided to the remote port, and some security vulnerabilities in these services, and then the account information of the target host.
First of all, hackers want to collect information on the target host mainly by using various hacking tools, some of these tools are more typical are streamers, X-SCAN, etc., these tools, especially streamers, the functions are more powerful, integrating port scanning, operating system type detection, vulnerability scanning, vulnerability attack methods and other functions, it can be said that it is a completely foolish hacking tool.
2. Remote attack
Next, the hackers have to do not directly attack, but do a good job of counter-reconnaissance. Clever hackers will use a "springboard" to carry out attacks before attacking remote target hosts. You may not be familiar with the concept of springboard, which is the name hackers use for remote hosts that they have their own privileges on. In other words, hackers first log in to the springboard, and then attack the remote target host through the springboard, and more clever hackers usually log in to multiple springboard hosts and then carry out attacks, which is also to prevent the other party's investigation afterwards. Then, hackers will use the obtained information to attack the target host, if they detect that the account provided by the other host has a weak password vulnerability (such as the service provided by port 139), they will directly use the obtained account and password to enter the other party's system; If the other host is detected to have a buffer overflow vulnerability (such as .IDQ/. IDA vulnerability), which usually uses some hacking programs to remotely overflow and enter the system; If it detects that the other host has improperly configured vulnerabilities (such as the remote host allowing other hosts to connect to its registry, management tools, services and other system tools), and if the other host's application has vulnerabilities (such as remote vulnerabilities in SQL database services), then hackers will exploit the vulnerabilities in this service to attack it and enter the system.
3. The purpose of hacking the host
What do hackers usually do after entering a remote host? Hehe, now let's analyze the psychology of these hackers based on the results of the attack:
1. Tamper with pages, read files For a hacker who has just learned a little hacking technology, the colorfulness of the network usually stimulates their curiosity, they want to see what is in some remote hosts, I think there are many people here who have this curiosity, but don't rush to defend yourself, curiosity is a psychology that everyone has, it is with this psychology that we will explore more science and technology, so that our productivity can be developed. Let's go back to the topic, in the hacker world, it is usually based on the level of technology, if you have profound technology, there will be many people who admire you, and even worship you, so another purpose of these hacker beginners to invade the system to tamper with the page is to prove to others that he is capable of attacking, in order to get the praise of senior hackers, and be complacent to satisfy their vanity.
2. Destroy the system This kind of hacking belongs to the initial stage of "black hat" hacking, they are from junior hackers to a deeper level, due to psychological imbalance or influence by the people around them, to destroy the remote host system. However, this part of the hackers belongs to "no big mistakes, small mistakes are constant, and they are not slippery", so there is still a way to educate them and make them "white hat" hackers.
3. Install the back door and use the system for further use
A. Study the system security structure
B. Utilize the system for testing activities of hacking programs
C. Use the system as a springboard to attack other remote systems
D. Install SNIFFER to further control the system
Among these attacks, A and B are committed by "gray hat" hackers, and C and D are committed by "black hat" hackers. Usually, "gray hat" hackers also want to become "white", but due to their conditions, there is no good environment for technical research. Therefore, they will invade some remote hosts with superior performance in all aspects, perfect applications, and complex network architecture to study network security technology. The "black hat" hacker uses the remote host as a reserve for its attack resources. Use it as a "springboard" and "DDOS broiler" for the next attack on a specific host. Some people may ask, what is "DDOS broiler"? Now let's explain this concept, first of all, "broiler" refers to the remote host that can be controlled, this concept is relatively similar to the "springboard", but there is a certain difference, the "springboard" is simply a remote server that hides its network location as an attack on the remote host; The "broiler" is used for hacking program testing, system research, DDOS attack broiler and remote server as a "springboard". "DDOS broilers" are clients used to perform distributed denial-of-service attacks. DDOS attacks will be explained in detail in the next course.
4. Business espionage, stealing important information This part of the hackers is the "black hat" hacker who is not deducted, they often belong to the kind of professional hackers, their job is to steal the trade secrets of competitors for the employer, and help the employer to grasp more information in an unfair competition way to attack its competitors, so as to achieve the business purpose of the employer company to seize the opportunity in business competition, quickly occupy the market, and defeat the competitor.
4. Clear system record information
This is also a means for hackers to conduct anti-reconnaissance and anti-tracking. Hackers usually use hacker log cleaners or manual methods to erase the system's login information and system activity. Hacker record clearance programs such as LOGCLEAR.EXE can get rid of system records, but they are not thorough, so hackers with good skills usually use manual methods to clear various records of the system, such as FTP, WEB and other record information in the WIN 2K system, system, security, application record information in the event viewer, etc. Generally, clearing these records on hosts without firewalls, intrusion detection products, etc. can do a good job in anti-reconnaissance and anti-tracking. Of course, if installed, it is necessary to conduct a certain study on its firewall or intrusion detection products, find out the files that record its information, and delete them or if the permissions are large enough, directly uninstall these security protection products and completely remove them from the system.
So far, we have a certain understanding of the hacker itself and the whole process of its system attack, which I believe will be helpful for everyone to understand hackers and engage in network security work. I hope you can point out some shortcomings and give me more suggestions. If you are interested, you can discuss this technology with us online. That's it for today's course, thank you!
|
Posted on 12/22/2014 11:12:51 PM
|
|
|
