Classic Hacker Remote Attack process Overview _ security Related

I. Lock the target.

Each host on the Internet has its own name, just as everyone has a suitable title, called a domain name; however, a person may have several names, the definition of domain name will have the same situation, the Internet can really identify the host is the IP address, Domain name is only used by IP designated host for good memory of the name. Of course, the use of domain names and IP addresses can be successfully found in the host (unless your network does not pass).

To attack who first to determine the target, is to know the host domain name or IP address, such as: Www.123.com, 1.1.1.1, and so on. It's not enough to know where to hit the target. Also need to understand the system type, operating system, provide services and other comprehensive information, in order to do "know each other, hundred war not Idle", how to obtain relevant information, we will detail below, if the network domain name and IP address is not clear, hurriedly turn the book on hand! And now practice the PING command! Believe in the actual combat will be used to get! What's the use? If you ping the target host to return too long or you simply ping the target host, how do you continue! (The target is not within your range)

Second, service analysis

Most hosts on the internet provide www, MAIL, FTP, BBS and other network information services, basic each host at the same time provide several services, a host why can provide so many services? A UNIX system is a multi-user multitasking system that divides network services into many different ports, each offering a different service, and a service that has a program that monitors port activity at all times, and gives due response. And the definition of the port has become the standard, for example: the FTP service port is the 21,telent service port is the 23,WWW service port is 80 and so on, if also want to learn more please proceed to the following steps: Enter MS-DOS PROMPT c:\windows>edit Services (enter) read it slowly! But a lot of ports are useless, do not have to remember them all!

How do we know what services the target host provides? It's easy to use an application for a different service just try it, okay? For example: Using Telnet, FTP and other user software to the target host to request services, if the host has a response to indicate that the host provided the service, open the service of this port, but we now only need to know the target host service port is "live", However, this trial is more cumbersome and incomplete data, I will often use a number of tools such as Portscan, the target host a range of ports to scan. This will fully grasp the destination host port conditions. Now introduce a good tool, lack of good tools, can not successfully complete the work. Haktek is a very useful tool software that integrates many applications together, including PING, IP range scanning, target host port scanning, mail bombs, filtering messages, finger hosts, and other tools.

Completes the target host scan task, first tells Haktek the target host location, namely domain name or IP address. Then select the port scan, enter the scan range, start the scan, and the screen will soon return the "live" port number and the corresponding service. The collection of information is very rapid and complete. Why do you know the service information of the target? If the target host on a few key port services are not provided, or give up the attack plan, do not waste too much time on this less winning goal, hurriedly choose the next target.

First look at a scan instance: scanning host xx.xx.xx, ports 0 to 1000 Port 7 found. Desc= ' echo ' Port found. Desc= ' FTP ' Port found. desc= ' telnet ' Port found. desc= ' SMTP ' Port found. Desc= ' Domain/nameserver ' Port found. desc= ' finger ' Port found. desc= ' www ' Port found. Port found. Desc= ' Portmap/sunrpc ' Port found. Desc= ' biff/exec ' Port 513 found. Desc= ' login/who ' Port 514 found. Desc= ' Shell/syslog ' Port 515 found. desc= ' printer ' done!

If the primary port of the system is "live", do not be too early, because the system may impose certain restrictions, do not allow any user to remotely connect or not allow root remote connection, or to restrict the user to do only specified activities and then be forced to interrupt, which refers only to the Telnet service, In fact, there will be many complicated situations. This only describes whether the target host is open port, and we do not know what the target host is using the system, each port of the service program is what version of the system, do not worry, first contact the Haktek tool! No, go ahead and download it!
Third, System analysis

Now start to explain how to understand the system, the target host is what operating system, in fact very simple, first open the WI N95 Run window, and then enter the command: TELNET xx.xx.xx.xx (target host) then [OK], look at your screen what will appear? Digital UNIX (xx.xx.xx) (TTYP1) Login: I don't need to say you will know what your target host and operating system are! Yes, the DEC, of course, using Digital UNIX! OK, let's see one more: UNIX? System V Release 4.0 (xx.xx.xx) Login: What is this?

It could be a sun host, Sun OS or Solaris, what exactly? I can't tell you! This method is not useful for all systems, for example, like the following situation, it is not good to judge what system: XXXX OS (xx.xx.xx) (TTYP1) Login: Some systems will display information changed, so it is difficult to judge the information of their systems, but based on some experience can be a preliminary judgment , it could be HP Unix. In addition, using the tools described above, the finger function of the target host can also reveal the information of the Haktek system.

Establishing real-time userlist ... (only works if the sysadmin is a moron)---[Finger sessions]--------------------------------------Welcome to Linux Versi On 2.0.30 at xx.xx.xx ...

The words above are enough! How do I know what services are used by other ports in the system? such as 23, 25, 80 ports. Use the same above means, using Telnet and its own application tools, FTP, and so on. Using Telnet is to use the port number as a command-line argument, for example: Telnet xx.xx.xx 25 There will be similar information available to you: xx.xx.xx Sendmail 5.65v3.2 (1.1.8.2/31jan97-1019am) Wed , 3 June 1998 13:50:47 +0900 This is a clear version of the target host SendMail. Of course, there is no use for many ports and different systems at all. Therefore, the corresponding application tools are required to obtain the appropriate information. For example: Connected to xx.xx.xx.220 xx.xx.xx FTP server (Digital UNIX Version 5.60) ready. User (xx.xx.xx None): Most of the internet is the WWW host, how to know what kind of web SERVER the target owner is using, the query tool for a page, so long as you tell it the target host address and Web service fracture, it will immediately tell you the information.