Terms related to hacking technology

As the saying goes, since hackers have entered the door, they must understand the hacker's line. The editor will introduce the hacker's terminology below.

1. zombie: the so-called "zombie" is a very vivid metaphor for computers that can be controlled by us at will. The other party can be a Windows system or a Unix/Linux system, it can be an ordinary personal computer or a large server. We can operate on them as we operate on our computer without being noticed by the other party.

2. Trojan: the Trojans are disguised as normal on the surface.ProgramHowever, when these programs run, they will obtain the full control permissions of the system. Many hackers are using Trojans to control others' computers, such as gray pigeons, black holes, and pcshare.

3. webpage Trojan: disguised as a common webpage file orCodeInsert directly to a normal webpage file. When someone accesses the file, web Trojan will automatically download the server of the configured Trojan to the visitor's computer by exploiting the vulnerability of the other party's system or browser.

4. Trojan: Put webpage Trojans in others' website files, or infiltrate the code into the other's normal webpage files, so that the browser can get a Trojan.

5. BACKDOOR: this is an image metaphor. After using some methods to successfully control the target host, intruders can implant a specific program in the system of the target host, or modify some settings. on the surface, these changes are hard to detect, but intruders can use appropriate programs or methods to easily connect to the computer and re-control the computer, it is like an intruder secretly assigned a master room, which can be accessed at any time without being discovered by the master.

Generally, most Trojan Horse programs can be used by intruders to create backdoors)

6. rootkit: rootkit is a tool used by attackers to hide their whereabouts and retain root permissions (which can be understood as system or administrator permissions in Windows. generally, attackers can obtain the root access permission by means of remote attacks, or obtain the common access permission to the system by using password guesses (cracking). After entering the system, attackers can pass the command, attackers can exploit vulnerabilities in the other system to obtain the root permission of the system. then, attackers will install rootkit in the other party's system to achieve long-term control of the other party. rootkit is similar to the Trojan and backdoor mentioned above, but far more concealed than them, hacker guard is a typical rootkit, and domestic ntroorkit are good rootkit tools.

7. IPC $: a resource that shares a named pipe. It is a ELE. Me named pipe open for inter-process communication. You can obtain the relevant permissions by verifying the user name and password, used to remotely manage computers and view shared resources of computers.

8. weak passwords: passwords that are weak and easy to guess. passwords such as 123 and ABC)

9. default share: by default, the share function is automatically enabled when the sharing service is enabled for Windows 2003/XP/systems. Because the "$" symbol is added, the share operator chart is not displayed, it also becomes a hidden share.

10. shell: Refers to a command that refers to the line environment. For example, when we press "START key + R" on the keyboard, the "run" dialog box appears, enter "cmd" in the window to display a black window for executing commands. This is the Windows Shell execution environment. generally, the environment that we get when the remote overflow program successfully overflows the remote computer is the other party's shell.

11. webshell: webshell is a command execution environment that exists in the form of web files such as ASP, PHP, JSP, or CGI. It can also be called a web browser backdoor. after a hacker intrude into a website, the ASP or PHP backdoor files are usually mixed with the normal webpage files under the web directory of the website server, after that, you can use a browser to access these ASP or PHP backdoors and obtain a command execution environment to control the website server. you can upload and download files, view databases, and execute arbitrary program commands. common webshells in China include Haiyang ASP Trojans, phpspy, and c99shell.

12. overflow: To be exact, it should be "buffer overflow ". the simple explanation is that the program fails to perform a valid check on the received input data, resulting in errors. The consequence may be that the program crashes or attackers execute commands. there are roughly two types: (1) Stack Overflow; (2) stack overflow.

13. injection: With the development of B/S application development, more and more programmers are writing programs using this mode. However, due to the varying levels of programmers, a considerable number of applications have security risks. you can submit a piece of database query code and obtain the desired data based on the results returned by the program. This is the so-called sqlinjection, that is, pay attention to SQL.

14. injection point: it is the place where injection can be implemented. It is usually a connection to the database. According to the operation account permissions of the injection point database, you get different permissions.

15. intranet: Generally speaking, it is lan, such as Internet cafes, campus networks, and company intranets. view the IP address in the following three ranges: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255.

16. Internet: directly connected to the Internet (Internet), which can be accessed from any computer on the Internet. The IP address is not a reserved IP address (Intranet.

17. port: (port) is equivalent to a data transmission channel. it is used to accept some data and then transmit it to the corresponding service. After the computer processes the data, it passes the corresponding recovery through the enabled port to the other party. generally, the ports that are opened correspond to the corresponding services. to close these ports, you only need to close the corresponding services.

18.3389 and 4899 broilers: 3389 are the default port numbers used by the Windows Terminal Services. This service was launched by Microsoft to facilitate remote management and maintenance of servers by network administrators, the network administrator can use the remote desktop to connect to any computer on the network that has enabled Terminal Services. After successful login, the network administrator will operate the host like a computer. this is similar to the functions implemented by remote control software and even the trojan program. The connection to Terminal Services is very stable, and no anti-virus software will be scanned and killed. Therefore, it is also favored by hackers. after hackers intrude into a host, they usually try to add a backdoor account of their own and then enable the Terminal Services of the other party, you can use the terminal service to control the other party at any time. Such a host is usually called 3389 broilers. radmin is an excellent remote control software. In 4899, Radmin is used as a Trojan by default by hackers. (For this reason, the current anti-virus software has also killed Radmin ). the Service port number that some users are using. because Radmin has powerful control functions and transmission speed is faster than most Trojans, It is not detected by anti-virus software. Radmin is used to manage remote computers with a blank or weak password, hackers can use some software to scan hosts with a null or weak Radmin password on the network, and then they can log on to remote control systems, in this way, the controlled host is usually used as a 4899 zombie.

19. Kill-free: you can modify programs by shelling, encrypting, modifying signatures, and adding flowers and instructions to prevent antivirus software from being killed.

20. shelling: the special acid method is used to change the encoding of the EXE executable program or DLL dynamic connection library file (such as compression and encryption ), to reduce the file size or encryption program code, or even escape anti-virus software. currently, more common shells include UPX, ASPack, pepack, pecompact, upack, immune 007, and Trojan color clothing.

21. flower command: Just a few Assembly commands, so that the Assembly statements can be redirected, so that anti-virus software cannot properly judge the construction of virus files. to put it bluntly, "anti-virus software looks for viruses from the beginning to the end in order. if we put the head and foot of the virus upside down, the antivirus software will not find the virus ".