Analysis on the composition and use of the hacker toolkit --- post

Source: Internet
Author: User
After a host is attacked, hackers usually upload a specially configured hacker toolkit that contains various common hacker tools. With the help of these tools, hackers transform bots into their "workstation" to hide their tracks or attack other hosts as a springboard. Every good hacker has his own unique set of tools. As a beginner who just entered the hacker Hall, it is especially important to choose and purchase a suitable toolkit. A good Toolkit should include a scanner, password cracking, sniffing, backdoor, and log clearing ...... Functions. Next, I will recommend some tools suitable for beginners. We need to find a balance between performance, speed, size, and ease of use, so that they can be both single and practical. Okay, let's go!
First, open our toolkit and use the scanner, the first powerful tool. I have prepared xcgi and PR for you. Scanning is usually divided into port scanning and vulnerability scanning. port scanning is to see which ports are open to the target host, perform intrusion attempts based on the corresponding port. For example, if a machine opens port 21 (FTP), we can use brute force password cracking to try. Vulnerability scanning is usually targeted at Port 80 and is used to detect CGI and IIS vulnerabilities. The PR in our package is used for port scanning, and xcgi is used for CGI and IIS vulnerability scanning, they have the following advantages over similar scanners: ultra-fast speed (PR scans 3000 ports for only 60 seconds), small volume (pr 7 K, xcgi 41 K) you can also customize the vulnerability list so that you can add the latest vulnerabilities at any time! PR usage: C: \ pr.exe 127.0.0.1 1-3000-D: 1-O (SCAN Port 1 to port 3000 of 127.0.0.1,-D: 1 indicates scanning delay of one second, -O indicates that only open ports are displayed.) xcgi is used as c: \ xcgi 127.0.0.1 80 (IP + port). cgi is also displayed in the same folder. the LST file stores the vulnerability list. You can use Notepad
Open it and add the latest vulnerability to it.
Now, we use our second tool-brute force cracking and overflow programs. I have prepared four things for you: iisidq, smbcrack, rpcexp, and webdavx3. Among all hacker software, the overflow program is the easiest to use and has a high success rate. The common overflow vulnerabilities that can be exploited include. Printer plugin for WebDAV. Smbcrack is written by Xiao Rong and is used to brute force crack the NT/2000 password in winter and winter. It is extremely fast and can reach more than 200 passwords/minute. It is definitely a must for home travel :)
The next is the third powerful tool-stepping stone and backdoor. Backdoor programs are used to maintain permissions so that hackers can access them again. springboards are often used to hide real IP addresses and prevent them from being traced back. For backdoors, we should be careful when selecting whether or not you can maintain the right to "love chicken" for a long time. Nowadays, webshell programs are emerging one after another, but under the pursuit of anti-virus software, A good Backdoor can only use 1 ~ Two months later, with the upgrade of anti-virus software, the backdoor is no longer invisible. therefore, the backdoor used by good hackers is often self-written, but we do not have this level. What should we do? In fact, there are two backdoor programs that have been on the market for a long time but will not be killed, namely cmd. asp and ISPC. Cmd. asp is a webpage Trojan written in ASP. You only need to put it under the webpage directory of the other party (the directory must have the script execution permission), and enter http://www.victim.com/your directory /developer.aspin in the browser to control it. ISPC has two files: ispc.exe, idq. dll
Put idq. dll in the target's webpage directory, and then enter c: \ ISPC www.victim.com/your directory/idq.dllon the target machine to get a Sheller with the system permission. In fact, there are still many very good backdoors, such as wollf and poison arrow. They will not be introduced because they will be killed. As for the stepping stone, snake's sockserver is the first choice! Supports sock5 and sock4 proxy, which can hide your real IP address. Many people also use it to proxy QQ. To use sockserver, you must also have the skservergui program, run sockserver on the BOT and then run skservergui on your own machine to perform proxy. It also supports multi-level proxy, so that people tracking you can get lost.
Now let's take a look at the fourth powerful tool, the sniffer. Most of my friends who have been getting started with the sniffer should be unfamiliar. In fact, the running principle of the sniffer is easy to understand and easy to use. below, I will give you a brief introduction to its principle and recommend a small sniffer-xsinff. On the network, many services do not encrypt the transmitted data when transmitting data, which sometimes contains sensitive information such as user names and passwords, as long as the packets with such information are captured, we can obtain the username and password from them for further intrusion. To capture packets transmitted over the network, the sniffer came into being. The sniffer can directly obtain data from the link layer. Generally, it is used for traffic analysis and exception data analysis. However, for hackers, the sniffer can be used to obtain passwords or collect necessary information before launching a spoofing attack. After Hackers break into a host, they will install a sniffer on the host. In this way, passwords transmitted throughout the subnet will be captured and the attack will spread, for example, if we have a zombie A and B that we want to intrude into, and A and B are in the same subnet, then we can run the sniffer on a to get the user name and password of B, use the obtained password to access B. This is what sinffer can do. As long as one host in a domain is insecure, the entire domain is insecure. Well, I have explained so many principles. Now let's use xsinff. xsinff is basically only used to capture passwords. It provides the background running and logging functions, in the common format: C: \ xsinff-TCP-pass-hide-log passwd. log
-TCP indicates capturing TCP packets,-pass indicates the password to be captured,-hide indicates running in the background, and-log stores the captured password in a file. You can specify the file name by yourself, we recorded passwd here. log File.
Finally, some tools have to be mentioned. These tools cannot be classified, but they are absolutely necessary. They mainly include pskill, pslist, Ca, and elsave.
Cleaniislog, wget, and pslist (process_list) are used to view the process as the name suggests. Pskill is used to kill processes. To use pslist and pskill, you must first establish a pipe connection (net use \ IP \ IPC $ content $ nbsp; passwd/User: username) and then C: \ pslist/pskill IP address. Wget is a command line download tool. If you need any other tool, you can use wget to directly download it from the Internet. ca is used to clone an administrator account. With this function, you can clone an ordinary account with low permissions into an administrator account to create an account backdoor. Elsave is used to clear intrusion traces. You only need to enter c: \ elsave-C to clear three major logs (system, security, application, we also use a lot of log clearing software, that is, cleaniislog. I personally appreciate this stuff. It can delete the records left by the specified IP address in the IIS log. Therefore, do not forget to run c: \ cleaniislog cleanip <your IP address> after you enter the host after scanning.
Based on the above introduction, I believe that everyone has a certain understanding of the composition and use of the hacker toolkit. The biggest use of a good toolkit is to improve the efficiency of intrusion. Because everyone's habits and purposes are different, the articles I have introduced may not be suitable for you. However, with the help of this document, you can build a convenient and complete toolkit of your own.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.