Ethical Hacking 简明教程

Adware − Adware is software designed to force pre-chosen ads to display on your system.

Attack − An attack is an action that is done on a system to get its access and extract sensitive data.

Back door − A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections.

Bot − A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it. For example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects at a higher rate.

Botnet − A botnet, also known as zombie army, is a group of computers controlled without their owners’ knowledge. Botnets are used to send spam or make denial of service attacks.

Brute force attack − A brute force attack is an automated and the simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords, over and over again, until it gets in.

Buffer Overflow − Buffer Overflow is a flaw that occurs when more data is written to a block of memory, or buffer, than the buffer is allocated to hold.

Clone phishing − Clone phishing is the modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.

Cracker − A cracker is one who modifies the software to access the features which are considered undesirable by the person cracking the software, especially copy protection features.

Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

DDoS − Distributed denial of service attack.

Exploit Kit − An exploit kit is software system designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it and exploiting discovered vulnerabilities to upload and execute malicious code on the client.

Exploit − Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to compromise the security of a computer or network system.

Firewall − A firewall is a filter designed to keep unwanted intruders outside a computer system or network while allowing safe communication between systems and users on the inside of the firewall.

Keystroke logging − Keystroke logging is the process of tracking the keys which are pressed on a computer (and which touchscreen points are used). It is simply the map of a computer/human interface. It is used by gray and black hat hackers to record login IDs and passwords. Keyloggers are usually secreted onto a device using a Trojan delivered by a phishing email.

Logic bomb − A virus secreted into a system that triggers a malicious action when certain conditions are met. The most common version is the time bomb.

Malware − Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.

Master Program − A master program is the program a black hat hacker uses to remotely transmit commands to infected zombie drones, normally to carry out Denial of Service attacks or spam attacks.

Phishing − Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking emails, in an attempt to gather personal and financial information from recipients.

Phreaker − Phreakers are considered the original computer hackers and they are those who break into the telephone network illegally, typically to make free longdistance phone calls or to tap phone lines.

Rootkit − Rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.

Shrink Wrap code − A Shrink Wrap code attack is an act of exploiting holes in unpatched or poorly configured software.

Social engineering − Social engineering implies deceiving someone with the purpose of acquiring sensitive and personal information, like credit card details or user names and passwords.

Spam − A Spam is simply an unsolicited email, also known as junk email, sent to a large number of recipients without their consent.

Spoofing − Spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.

Spyware − Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer’s consent, or that asserts control over a computer without the consumer’s knowledge.

SQL Injection − SQL injection is an SQL code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Threat − A threat is a possible danger that can exploit an existing bug or vulnerability to compromise the security of a computer or network system.

Trojan − A Trojan, or Trojan Horse, is a malicious program disguised to look like a valid program, making it difficult to distinguish from programs that are supposed to be there designed with an intention to destroy files, alter information, steal passwords or other information.

Virus − A virus is a malicious program or a piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.

Vulnerability − A vulnerability is a weakness which allows a hacker to compromise the security of a computer or network system.

Worms − A worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself.

Cross-site Scripting − Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.

Zombie Drone − A Zombie Drone is defined as a hi-jacked computer that is being used anonymously as a soldier or 'drone' for malicious activity, for example, distributing unwanted spam e-mails.

Password guessing and cracking

Session hijacking

Session spoofing

Network traffic sniffing

Denial of Service attacks

Exploiting buffer overflow vulnerabilities

SQL injection

Gather initial information

Determine the network range

Identify active machines

Discover open ports and access points

Fingerprint the operating system

Uncover services on ports

Map the network

Domain name

IP Addresses

Namespaces

Employee information

Phone numbers

E-mails

Job Information

Active Fingerprinting − Active fingerprinting is accomplished by sending specially crafted packets to a target machine and then noting down its response and analyzing the gathered information to determine the target OS. In the following section, we have given an example to explain how you can use NMAP tool to detect the OS of a target domain.

Passive Fingerprinting − Passive fingerprinting is based on sniffer traces from the remote system. Based on the sniffer traces (such as Wireshark) of the packets, you can determine the operating system of the remote host.

TTL − What the operating system sets the Time-To-Live on the outbound packet.

Window Size − What the operating system sets the Window Size at.

DF − Does the operating system set the Don’t Fragment bit.

TOS − Does the operating system set the Type of Service, and if so, at what.

BetterCAP − BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in real-time, sniff for credentials, and much more.

Ettercap − Ettercap is a comprehensive suite for man-in-the-middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

Wireshark − It is one of the most widely known and used packet sniffers. It offers a tremendous number of features designed to assist in the dissection and analysis of traffic.

Tcpdump − It is a well-known command-line packet analyzer. It provides the ability to intercept and observe TCP/IP and other packets during transmission over the network. Available at www.tcpdump.org.

WinDump − A Windows port of the popular Linux packet sniffer tcpdump, which is a command-line tool that is perfect for displaying header information.

OmniPeek − Manufactured by WildPackets, OmniPeek is a commercial product that is the evolution of the product EtherPeek.

Dsniff − A suite of tools designed to perform sniffing with different protocols with the intent of intercepting and revealing passwords. Dsniff is designed for Unix and Linux platforms and does not have a full equivalent on the Windows platform.

EtherApe − It is a Linux/Unix tool designed to display graphically a system’s incoming and outgoing connections.

MSN Sniffer − It is a sniffing utility specifically designed for sniffing traffic generated by the MSN Messenger application.

NetWitness NextGen − It includes a hardware-based sniffer, along with other features, designed to monitor and analyze all traffic on a network. This tool is used by the FBI and other law enforcement agencies.

When one machine needs to communicate with another, it looks up its ARP table.

If the MAC address is not found in the table, the ARP_request is broadcasted over the network.

All machines on the network will compare this IP address to MAC address.

If one of the machines in the network identifies this address, then it will respond to the ARP_request with its IP and MAC address.

The requesting computer will store the address pair in its ARP table and communication will take place.

Network shares

SNMP data, if they are not secured properly

IP tables

Usernames of different systems

Passwords policies lists

DNS enumeration

NTP enumeration

SNMP enumeration

Linux/Windows enumeration

SMB enumeration

2 GHz+ processor

1 GB RAM available

1 GB+ available disk space

They create backdoors to a system. Hackers can use these backdoors to access a victim system and its files. A hacker can use Trojans to edit and delete the files present on a victim system, or to observe the activities of the victim.

Trojans can steal all your financial data like bank accounts, transaction details, PayPal related information, etc. These are called Trojan-Banker.

Trojans can use the victim computer to attack other systems using Denial of Services.

Trojans can encrypt all your files and the hacker may thereafter demand money to decrypt them. These are Ransomware Trojans.

They can use your phones to send SMS to third parties. These are called SMS Trojans.

Find the seq which is a number that increases by 1, but there is no chance to predict it.

The second possibility is to use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing. For sniffing, we use tools like Wireshark or Ethercap.

Contains at least 8 characters.

A mix of letters, numbers, and special characters.

A combination of small and capital letters.

To dump the whole database of a system,

To modify the content of the databases, or

To perform different queries that are not allowed by the application.

what will be the time of penetration test,

where will be the IP source of the attack, and

what will be the penetration fields of the system.