Ethical Hacking 简明教程

Ethical Hacking - Process

像所有好的项目一样,道德黑客攻击也有一组不同的阶段。它帮助黑客开展一场结构化的道德黑客攻击。

Like all good projects, ethical hacking too has a set of distinct phases. It helps hackers to make a structured ethical hacking attack.

不同的安全培训手册用不同的方式来解释道德黑客的过程,但对我来说,作为一个认证道德黑客,整个过程可以归类到以下六个阶段。

Different security training manuals explain the process of ethical hacking in different ways, but for me as a Certified Ethical Hacker, the entire process can be categorized into the following six phases.

ethical hacking process

Reconnaissance

侦察是攻击者使用主动或被动手段收集有关目标信息的一个阶段。在这个过程中广泛使用到的工具有 NMAP、Hping、Maltego 和 Google Dorks。

Reconnaissance is the phase where the attacker gathers information about a target using active or passive means. The tools that are widely used in this process are NMAP, Hping, Maltego, and Google Dorks.

Scanning

在这个过程中,攻击者开始主动探测目标机器或网络,以寻找可以被利用的漏洞。在这个过程中使用的工具有 Nessus、Nexpose 和 NMAP。

In this process, the attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. The tools used in this process are Nessus, Nexpose, and NMAP.

Gaining Access

在这个过程中,漏洞已被找到,你试图利用它来进入系统。在这个过程中使用到的主要工具是 Metasploit。

In this process, the vulnerability is located and you attempt to exploit it in order to enter into the system. The primary tool that is used in this process is Metasploit.

Maintaining Access

这是黑客已经获得进入系统访问权限的过程。在获得访问权限后,黑客安装了一些后门以便在未来需要访问这个已拥有系统时进入这个系统。在这个过程中,首选的工具是 Metasploit。

It is the process where the hacker has already gained access into a system. After gaining access, the hacker installs some backdoors in order to enter into the system when he needs access in this owned system in future. Metasploit is the preferred tool in this process.

Clearing Tracks

该过程实际上是一种不道德行为。它与删除在黑客过程中进行的所有活动的日志相关。

This process is actually an unethical activity. It has to do with the deletion of logs of all the activities that take place during the hacking process.

Reporting

报告是完成道德黑客攻击过程的最后一步。在这里,道德黑客根据他的发现和已完成的任务编写一份报告,例如使用的工具、成功率、发现的漏洞和利用进程。

Reporting is the last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes.

Quick Tip

这些过程不是标准的。在技术上,你可以根据自己擅长的,采用一系列不同的流程和工具。只要你能得到所需的结果,流程就最不重要。

The processes are not standard. You can adopt a set of different processes and tools according to your techniques that you are comfortable with. The process is of least significance as long as you are able to get the desired results.