How much do you know about hackers? ---- hack starter Learning ( Common terminology +dos Operations )
· 1.1 · Preface
Hackers were once translated from English "Hacker", referring to computer enthusiasts who specialize in research and discovery of computer and network vulnerabilities, which grow with the development of computers and networks. Hackers have a keen interest in computers and persistent pursuit, they continue to study computer and network knowledge, found in the computer and network vulnerabilities, like to challenge the difficult network system and find loopholes, and then to the administrator to solve and fix the vulnerability.
The advent of hackers has driven the development and improvement of computers and networks. What they do is not malicious destruction, they are a group of the Network of Heroes, the pursuit of sharing, free, promote freedom and equality. The existence of hackers is due to the lack of sound computer technology, in a sense, the security of the computer needs more hackers to maintain.
Hacker hero Webmaster MYHK: "The meaning of the hacker existence is to make the network become more and more secure and perfect." ”
But today, the word hacker has been used for those who specifically use the computer to destroy or invade the computer of the generation of words, the correct term for these people is cracker, some people also translated into "hacker", but also because of the appearance of these people tarnished dye "hacker" the word, so that people to mix hackers and hackers, Mistakenly believe that hackers are also the people who do damage on the network. According to Eeicraymond, founder of the Open source program, Eric Raymond, Hacker and cracker are groups of two different worlds, the basic difference being that hacker is constructive and cracker is dedicated to sabotage.
· 1.2 · famous people in computer history
Von Neumann laid the foundation of the modern computer and was revered as "the father of the computer", but when talking about his theories and ideas, he modestly said that the foundations of these theories and ideas came from the British mathematician Turing and the idea of Boolean.
In the 1847, the "Study of Thinking Law", published in the Journal of the rule of thought, founded the logic algebra, which succeeded in attributing formal logic to an algebra, and Boolean believed that the various propositions in logic could be represented by mathematical symbols, and the appropriate conclusions corresponding to the logical problems could be deduced according to the rules. The Logic algebra Theory of Boolean is based on the two logical values "true true", "false false" and three logical relationships "with and", "or", "non-not". This theory provides a way for the design of binary, logic and logic circuits of digital computers. In 1854, Boer published the famous novel "Boolean Algebra", and on this basis, after many years of development, formed the theoretical basis of modern computer-Lou logic.
Shannon (C.e.sharnorn), one of the founders of information theory, in a master's thesis in 1938, pointed out: The binary system can be used to express the logical relationship of Boolean algebra, "1" for "true True", "0" for "false false", and thus using a binary system to build a logical operation system. It is also pointed out that, on the basis of Boolean algebra, any mechanical reasoning process can be as easy as dealing with ordinary computation for an electronic computer. Shannon linked Boolean algebra to computer binaries.
Alan Turing (Alan Mathison Turing) "The father of artificial intelligence," the von Neumann of the "Father of Computers" is a genius, 22-year-old was elected to the Royal College researcher, 1936 in the thesis "On computable number and in the application of cryptography", The logical structure of the computer is strictly described, and the general model of the computer-"Turing machine" is first presented, and the possibility of this abstract computer is proved theoretically.
During World War II, Turing worked at the British Foreign Office, designed a cipher-cracking machine (BOMBE), which is actually a dedicated digital computer relay for the device, which repeatedly deciphered the enemy's password, contributing to the victory of the anti-Fascist war.
In 1945, Turing began to design an automatic computer at the National Institute of Physics in the United Kingdom, explaining the idea of using subroutines to realize certain operations and programmers not having to know the details of machine operation, which laid the foundation for the birth of high-level computer language. In 1950, Turing made a computer model machine "Piolot ACE" that embodies his design ideas. In October, Turing published the "Computer and intelligence" paper, designed the famous Turing Test, through question and answer to test whether the computer has the same intelligence, this thinking is still a core issue of computer academia. This paper has aroused the great shock of computer academia and laid the foundation of artificial intelligence theory.
To commemorate Turing's great contribution to computer science, the American Computer Association has set up a "Turing Award" that is awarded annually to scientists who make a significant contribution to computer science, a "Nobel Prize" in the computing world.
· 1.3 · common terminology used by hackers
1) Broiler
The so-called "broiler" is a very image of the metaphor of those who can be arbitrarily controlled by our computer, the other side can be a Windows system, can also be a unix/linux system, can be a normal personal computer, can also be a large server, we can operate their own computers like to operate them, And not be found by the other side.
2, Trojan: that is, the surface disguised as a normal program, but when these are run by the program, it will get the entire system control permissions. A lot of hackers are hot and use Trojans to control other people's computers, such as gray pigeons, black holes, pcshare and so on.
2) Trojan Horse
Trojans are those that appear disguised as normal programs, but when they are run by the program, they get the entire control of the system. A lot of hackers are hot and use Trojans to control other people's computers, such as gray pigeons, black holes, pcshare and so on.
3) Web Trojan
Web Trojan is on the surface disguised as a normal Web page file or will just plug into the normal web file, when someone visit, the Web Trojan will use the other system or browser vulnerability automatically download the server of the configured Trojan to the visitor's computer to automatically execute.
4) Hanging Horse
Is in other people's Web site files into the Web Trojan or the code into the other side of the normal web files, so that the visitors to the horse.
5) Back Door
This is an image of the metaphor, the intruder in the use of certain methods to successfully control the target host, can be in the other side of the system to implant a specific program, or modify some settings. These changes on the surface are difficult to detect, but the intruder can use the corresponding program or method to easily establish a connection with the computer, re-control the computer, as if the intruder secretly equipped with a master room if, can at any time in and out without being the owner found the same.
6) rootkit
A rootkit is a tool that attackers use to hide their whereabouts and retain root (root permissions, which can be understood as system or administrator privileges under Windows). Usually, the attacker in the way of remote attacks to gain root access, or the first use of password guessing (crack) to gain general access to the system, enter the system, and then through, the other side of the system security vulnerabilities to obtain the root authority of the system. The attacker would then install a rootkit in the other's system to achieve the purpose of his long-term control, a rootkit similar to the Trojan and backdoor we mentioned earlier, but far more covert than they are, and the hacker Guardian is a typical rootkit, There are also domestic ntroorkit, etc. are good rootkit tools.
7) ipc$
is a resource that shares a named pipe, which is a named pipe that is open for interprocess communication, and can be used to remotely administer a computer and view shared resources for a computer by verifying the user name and password for the appropriate permissions.
8) Weak password
Those that are not strong enough and are easily guessed, such as 123,ABC (password).
9) Default Share
The default share is when the windows2000/xp/2003 system turns on shared services and automatically turns on sharing of all hard drives because the "$" symbol is added, so the shared hand chart is not visible and is also a hidden share.
) shell
Refers to a command refers to the environment, such as when we press the keyboard "start key +r" when the "Run" dialog box, in which "CMD" will appear a black window to execute the command, this is the Windows Shell execution environment. Typically, the environment we get when we use a remote overflow program to successfully overflow a remote computer is the shell of the other person that executes the system command.
One) Webshell
Webshell is a kind of command execution environment which exists in the form of ASP, PHP, JSP or CGI, and can also be called as a kind of web backdoor. Hackers in the * * A website, usually will these ASP or PHP backdoor files with the Web site Server web directory normal Web page files mixed together, and then you can use the browser to access these ASP or PHP back door, get a command execution environment, to control the site server purposes. You can upload and download files, view databases, execute arbitrary program commands, and more. Domestic commonly used Webshell have Haiyang asp Trojan Horse, Phpspy,c99shell and so on.
12) Overflow
Specifically, it should be a "buffer overflow". The simple explanation is that the program has failed to perform an effective detection of the input data being accepted, which could result in a program crash or a command to execute the attacker. Can be broadly divided into two categories: (1) heap overflow (2) stack overflow.
13) Inject
With the development of B/s pattern application development, programmers using this mode to write programs more and more, but due to the uneven level of programmers, a large part of the application has a security risk. The user can submit a database query code, according to the results returned by the program, to obtain some of the data he wants to know, this is called sqlinjection, namely: SQL attention.
14) Injection Point
is a place where injections can be implemented, usually a connection to the database. Depending on the permissions of the injection point database to run the account, the permissions you get are different.
15) Intranet
Popular speaking is the local area network, such as Internet cafes, campus network, the company's internal network, etc. belong to this category. View IP address if it is within the following three ranges, it means that we are in the intranet: 10.0.0.0-10.255.255.255,172.16.0.0-172.31.255.255,192.168.0.0- 192.168.255.255
16) External Network
Extranet: Directly connected to the Internet (interconnection network), can be connected with any computer on the Internet access to each other, IP address is not reserved IP (intranet) IP address.
17) port
(Port) is the equivalent of a data transmission channel. Used to accept certain data and then transmit it to the appropriate service, and the computer will then send the corresponding recovery through the open end to the other party. In general, the opening of each port corresponds to the corresponding service, to shut down these ports only need to close the corresponding service can be.
18) 3389/4899 Broiler
3389 is the default port number used by WINDWS Terminal Services (Terminal services), which Microsoft has launched to facilitate remote management and maintenance of servers by network administrators, and network administrators can use Remote Desktop to connect to any computer on which Terminal Services is turned on on the network. Successful landing will be like operating their own computer to operate the host. This and remote control software and even Trojan horse program to achieve the function is very similar, Terminal Services are very stable connection, and any anti-virus software will not be avira, so also deeply loved by hackers. Hackers in the * * A host, usually will find a way to add a back door account, and then open the other Terminal Services, so that they can use Terminal Services at any time to control each other, such a host, usually will be called 3389 Broiler. Radmin is a very good remote control software, 4899 is radmin by default so that it is also often used by hackers as Trojan horse to use (it is this reason, the current anti-virus software is also on the Radmin Avira). Some people are using the service port number. Because Radmin control function is very powerful, transmission speed is faster than most Trojans, and not by antivirus software, the use of radmin to manage remote computers using a null password or a weak password, hackers can use some software to scan the network exists radmin empty password or weak password host, Then you can log on to the remote control against the bad, so that the controlled host is usually made into 4899 broilers.
19) Avoid killing
is through the shell, encryption, modify the signature, add flower instructions and so on technology to modify the program, so that it escaped antivirus software Avira.
20) Packers
Is the use of special acid method, EXE executable program or DLL dynamic connection library file encoding to change (for example, to achieve compression, encryption), in order to reduce the size of the file or encryption program code, or even avoid the anti-virus software avira purpose. At present more commonly used shells have upx,aspack, Pepack, Pecompact, Upack, immunization 007, Trojan color clothing and so on.
21) Flower Instruction
Flower instruction: Is a few sentence assembly instructions, let the assembly statement to do some jumps, so that antivirus software can not properly judge the structure of the virus file. Say popular point is "antivirus software is from head to toe in order to find viruses." If we put the virus's head and feet upside down, antivirus software can not find the virus. "
Basic hacker terminology introduced in this, I have limited ability.
· 1.4 · the condition of being a novice hacker
First, to understand a certain amount of English:
Learning English is very important to hackers, because now most of the information and tutorials are English version, and the news about the hacker came from abroad, a loophole from discovery to the introduction of Chinese, it takes about one weeks, during which time the network administrator has enough time to fix the vulnerability, So when we look at the introduction of the Chinese language, the loophole may already be out of existence. So learn hacker from the beginning to try to read English materials, the use of English software, and timely attention to foreign famous network security sites.
Second, learn the use of basic software:
The basic software mentioned here refers to two content: one is our daily use of various computer commands commonly used, such as FTP, ping, net, etc. on the other hand, but also learn about the use of hacker tools, which mainly include port scanners, vulnerability scanners, information interception tools and password cracking tools. Because these software varieties, functions are different, so here is not listed, learners in the master of its basic principles, you can choose to suit their own, but also in the study and learning to find the software development guide, writing their own hacking tools.
Iii. preliminary understanding of network protocols and how it works:
The so-called "preliminary Understanding" is "in accordance with their own understanding" to understand how the network works, because the agreement involves a lot of knowledge and complexity, so if in the beginning to conduct in-depth research, it will be greatly discouraged learning enthusiasm. Here I suggest that learners get a preliminary understanding of the TCP/IP protocol, especially when browsing Web pages, how the network transmits information, how the client browser requests "handshake information", how the server side "answers handshake information" and "accepts requests" and so on, this section will be described in other tutorials in the forum.
Four, familiar with several popular programming languages and scripts:
As described above, there is no need for learners to learn in depth, as long as they can read the language and know the results of the program execution. It is suggested that learners should learn the language of C, ASP and CGI, and the basic understanding of the HTM hypertext language and PHP, Java, and so on, mainly learn the "variables" and "array" parts of these languages, because there is an intrinsic connection between the languages, so long as they are proficient in one of them, Other languages can also be the same, it is recommended to learn the C language and the HTM hypertext language.
Five, familiar with the Web application program:
Web applications include various server Software daemons, as well as various forums and e-communities that are popular online. Conditional learners better make their own computer server, and then install and run some forum code, after a few attempts, will be sensitive to understand the network working principle, which is more than relying on theoretical learning is much easier, can achieve a multiplier effect!
· 2.1 · Network Security Terminology Interpretation
First, agreement:
Network is a place of information exchange, all access to the network of computers can be through the physical connection between the device line information exchange, the physical equipment including the most common cable, optical cable, wireless WAP and microwave, etc., but the mere possession of these physical devices can not achieve the exchange of information, It is like the human body can not lack the control of the brain, the exchange of information must also have a software environment, the "Software Environment" is a human implementation of rules, known as "Protocol", with the agreement, different computers can follow the same protocol to use the physical device, and does not cause mutual "not understanding."
This kind of agreement is similar to "Morse code", simple 1.1 horizontal, through the arrangement can have all kinds of changes, but if there is no "comparison table", who can not understand a disorderly code of what is stated in the content. The same is true of computers, which perform different missions through a variety of pre-defined protocols, such as the RFC1459 protocol, which enables IRC servers to communicate with client computers. As a result, both hackers and network administrators must learn to understand the mechanism of network operation through learning protocols.
Each agreement is after years of modification and continuation of the use of the present, the new agreement is mostly based on the basic level of the establishment of the agreement, so the agreement has a relatively high security mechanism, it is difficult for hackers to find the security problems in the protocol directly to start the network attack. But for some new types of protocols, they can be exploited by hackers because of their short time and less-than-thoughtful consideration.
For the discussion of the network protocol, more people think that: the basic level protocol used today has security hidden trouble at the beginning of design, so no matter what kind of changes the network makes, as long as this network system does not make fundamental changes, it is fundamentally impossible to prevent the emergence of cyber hackers. But this hacker function is beyond the scope of the popular version of the tutorial, so it is not described in detail here.
Second, server and client:
The simplest form of network service is: A number of computers as a client, using a computer as a server, each client has the ability to make requests to the server, and then by the server to answer and complete the action of the request, the final server will return the results of execution to the client computer. Such agreements are many. For example, we usually contact the e-mail server, the website server, chat room server and so on belong to this type. There is also a connection, it does not require the support of the server, but directly connect two client computers, which means that each computer is both a server and a client, they have the same function, peer to complete the connection and information exchange work. For example, the DCC transport protocol is of this type.
From this point of see, the client and the server are the various protocols specified in the Request for computers and answering computers. As a general Internet users, are operating their own computer (client), and to the network server issued a regular request to complete such as browsing the Web, e-mail and other actions, and for the hacker is through their own computer (client) to other computers (may be the client, it may be the server) to attack, To achieve the purpose of * *, destroy, steal information.
Third, system and system environment:
Computer to operate must install operating system, today's popular operating system mainly by UNIX, Linux, Mac, BSD, Windows2003, and so on, these operating systems independently run, they have their own file management, memory management, process management mechanisms, on the network, These different operating systems can act as servers or as clients, and they can exchange information through "protocols".
Different operating systems with different applications constitute a system environment, such as the Linux system with the Apache software can be set up as a Web server, the other computer using the client can use the browser to obtain the Web server for viewers to read the text information; Again, such as Windows2003 with the FTPD software can be computer-based configuration as a file server, through the remote FTP landing can obtain a variety of file resources on the system.
Four, IP address and port:
We surf the internet, we may surf the web, send and receive e-mails, voice chat ... So many network service projects are done through different protocols, but the network is so big, how can our computers find the computers needed to service the project? How do you do so much work on a computer? Here we introduce the IP address.
Each internet computer has a unique IP address, similar to the people's home address in life, through the network routers and other physical devices (without the understanding of beginners), the network can be done from one computer to another computer information exchange work, because their IP address is different, So there is no confusion as to where the target cannot be found. But hackers can forge their own computer's IP address in a special way, so that when the server accepts a hacker computer (pseudo-IP address) request, the server will send the reply message to the pseudo-IP address, resulting in network confusion. Of course, hackers can easily find any Internet users or servers based on their IP address, and then attack them (think about real-world burglary), so now we see a lot of articles about how to hide your IP address.
Let me explain the second question mentioned above: Why can I use multiple Web services on a single computer? This is like the city of Beijing has eight gates, different protocols are reflected in different network services, and different network services will be on the client computer to open a different port (gate) to complete its information transfer work. Of course, if a Web server opens up multiple network services at the same time, it also has to open several different ports (gates) to accommodate different client requests.
Often heard on the network "backdoor" is the meaning of the hacker through a special function on the server to open up a network service, the service can be used to complete the purpose of hackers, then the server will be opened a new port to complete this service, because this port is for hackers to use, So it is easy not to be the general Internet users and network administrators found that the "hidden port", so called "backdoor."
Each computer can open 65,535 ports, so theoretically we can develop at least 65535 different network services, however, in fact, the number is very large, the network is often used by the service agreement of dozens of, for example, browse the Web client and server are using port 80th, QQ Chat software server port used is 8000, the client uses 4000 ports and so on.
Five, loopholes:
A vulnerability is a situation that is not considered in the program, such as the simplest "weak password" vulnerability in which a system administrator forgets to block accounts in certain Web applications. Perl Program vulnerability may be due to the programmer in the design of the program when the situation is not perfect "let the program do not get overwhelmed" code snippet, "Overflow" vulnerability belongs to the original design system or program, did not pre-reserve sufficient resources, and in the future use of the program is caused by insufficient resources Special IP packet bombs are actually errors in the process of analyzing certain special data ...
In a word, the loophole is the design of human negligence, which can not be absolutely avoided in any program, hackers are exploiting various loopholes to attack the network, the beginning of this chapter misinterpreting "network Security" is actually "loophole" meaning. Hackers exploit vulnerabilities to complete a variety of attacks is the final result, in fact, the definition of hackers is "looking for loopholes", they are not to network attacks for fun, but every day addicted to reading other people's programs and try to find the loopholes. It should be said that, to a certain extent, hackers are "good people", they are in pursuit of perfection, the establishment of a secure Internet to join this trip, but because some hackers or simply pseudo-hackers often exploit the vulnerability of the attacks in recent years, the hackers have a fear and hostility to the mentality.
Six, encryption and decryption:
In the "agreement" explained, I mentioned "because of the network design of the grassroots problems ...", simply said that the problem is to allow all Internet users to participate in information sharing, so that some business, personal privacy on the network transmission, will be exposed to the full view of our credit card, Personal e-mail, etc. can be monitored or intercepted by others, how to make this information safe? The reader may have thought of the "WWII" Spy War: The war countries in the use of telegrams, the code is encrypted, only to know the "password-book" Recipients, can be decoded work. It is this ancient encryption, in the modern network also still exist its exuberant vitality, through the encrypted processing of information on the network, no matter who gets the document, as long as there is no "password" is still wasted effort.
The most commonly used on the network is to set up a personal password, using DES encryption lock, the two encryption methods can be completed user login system, website, e-mail and protection of information packets, and the work of hackers is through loopholes, brute force speculation, encryption algorithm reverse application, etc. to obtain the plaintext of encrypted files, Some people put "magic tall ruler, the road a tall battle" to use here, is indeed in the appropriate! The encryption methods on the network and the systems that need to verify the passwords are emerging, and hackers are looking for ways to hack these systems.
It can be said that "vulnerability" and "decryption" is two completely different areas of the hacker, for different learners of their preferences will directly affect the future will be the type of hacker, so the choice between the two should be based on personal preferences, such as someone focused on learning "loopholes" knowledge.
Seven, Trojan Horse:
A Trojan horse is a program that can be used by program designers to intentionally design things that have not happened. However, the operation of the Trojan horse, whether or not the user knows, is not approved. According to some people, viruses are a special case of Trojan horses, that is, the ability to propagate to other programs (that is, to turn these programs into Trojan horses). According to another person's understanding, not intentionally causing any damage to the virus is not a Trojan horse. Ultimately, no matter how it is defined, many people simply use a "Trojan horse" to describe a malicious program that cannot be copied to separate the Trojan from the virus.
· 2.2 · Common software usage categories
First, to prevent:
This is a security from the perspective of a class of software, such as firewalls, virus-checking software, system process monitor, port management programs, etc. belong to such software. This kind of software can guarantee the security and personal privacy of the computer user to the maximum extent, not be destroyed by hacker. network server for such software needs are also very important, such as log analysis software, system software, etc. can help administrators to maintain the server and the intrusion of the system of hackers to track.
Second, information collection:
More information collection software, including port scanning, vulnerability scanning, weak password scanning and other scanning software, as well as monitoring, interception of information packets and other spy software, most of which belong to also the evil software, that is, whether decent hackers, evil faction hackers, system administrators or general computer users, User-class software can be used to accomplish their own different purposes. In most cases, the hacker user-class software is more frequent, because they need to rely on such software for a full range of server scanning, to obtain as much information about the server, after the server has a good understanding of the hacker action.
Third, Trojan Horse and worm:
These are two types of software, but they work much the same way, they are both hidden and destructive of viruses, and such software can be manipulated by people with control, or by a well-designed program to do certain work. Of course, this kind of software can also be used by the system administrator as a remote Management Server tools.
Iv. floods:
The so-called "flood" is the information garbage bomb, through a large number of garbage requests can cause the target server load overload and crash, in recent years, the network has become popular DOS decentralized attacks, in short, can also be categorized into such software. Flood software can also be used as mail bombs or chat bombs, which are simplified and programmed by cyber-security enthusiasts as "dumb" software, often used in the hands of "pseudo-hackers" that someone has been accusing.
Five, password cracking:
The most practical way to ensure network security is to rely on a variety of cryptographic algorithms of the password system, hackers may be able to easily obtain a secret password file, but if there is no encryption algorithm, it still cannot obtain a real password, so the use of password cracking class software is imperative, using the computer's high-speed computing power, This type of software can be used to restore encrypted text in a password dictionary or in the form of exhaustive.
VI. Deception:
If you want to get the plaintext password mentioned above, hackers need to restore the ciphertext encryption algorithm, but if it is a complex password, it is not so easy to crack. But is it more convenient to let someone who knows the password directly tell the hacker the prototype of the password? Deceptive software is designed to accomplish this purpose.
Seven, camouflage:
The various operations on the network will be recorded by the ISP, the server, if not a good disguise for the hacker action, it is easy to be anti-tracking technology traced to the hacker's location, so camouflage their IP address, identity is a very important subject of hackers, but camouflage technology needs advanced network knowledge, There is no solid foundation at the beginning to use this kind of software.
· 2.3 · learn the basic environment of hackers
One, the choice of operating system:
We often hear that hackers love Linux systems because Linux is more flexible than Windows provides more powerful functions. For example, for the forgery of IP addresses, it is easy to write special IP header information using a Linux system, but it is almost impossible under the Windows system. But Linux also has its insufficient side, the command of the system complex, complicated operation, not suitable for beginners to use, and for individual learners, and not too many people will give up "comfortable" windows, give up the wonderful computer games and convenient operation mode, go to the whole heart into the hacker learning. And for beginners of hackers, most of the network knowledge can be learned in the Windows system, the relative Linux system, the Windows platform under the hacker software is not in the minority, in addition, through the installation package, Windows system can also debug a certain amount of programs, Therefore, it is not necessary to start with Linux for the initial study.
Second, the need for common software:
If your system is windows, then tell you the good news-you don't have to install too much extra software, because the hacker knowledge we contact relies on the commands and built-in software that the system provides to us. In addition to the basic operating system, learners also need to install a variety of scanners, Then download a relatively good Trojan software, a listening software, but there is no other request. If necessary, the reader can install the various software on the Internet, and then learn how to use it, but I want to tell you, for all kinds of powerful software bombs, as well as the network of a variety of hacker software, mostly only in the hands of a few people ....
If the Green soldiers comrades in the study after the completion of their own production, their own development, there is no need to use the software written by others, remember to share your results with us.
For scanners and listening software, I will later in the Forum on this kind of software to be described in detail, here is not much to say
Third, the additional tools:
If you can install the following tools, it will be a great help to learn hackers, of course, the following software is mainly to learn additional content and for the "second part-Advanced edition" learning to pave the way, so there is no and will not hinder the study of the recruits.
1. Background server:
Have some network application background service program, you can set up your own computer as a small server, to learn the corresponding network applications, from the "internal" understanding of its operating mechanism, which will greatly improve their knowledge of the server, but also in the time to activate the server, monitoring their own server data, If there are other hackers to attack, you can clearly record the other side of the attack process, so as to learn more hacker attack methods. The use of their own server has a benefit, you can save a lot of Internet time, learning, the process of finding loopholes in their own computers, saving money, there is no threat to the network, double benefit.
2, C language compiler platform:
In the future on the road of learning hackers, will encounter a lot of "own problems", these problems on the network other people may not notice, so can not find the corresponding program, this time the learner will have to develop their own tools, so install a Borland C + + will be very convenient, through the compiler , learners can learn both C language, but also can modify some of the small programs listed by Comrade-in-arms to create a library of their own tools.
· 2.4 · Network security Software classification
Now let's take a look at the classification of cyber security software, because learning hacker knowledge is two interconnected processes--learning how to be black and how to prevent it from being hacked.
1. Firewall:
This is the most common security software on the network, the firewall has hardware, there are software, most of the comrades may see more are software firewalls. Its main function is to filter spam (to ensure that the system will not be attacked by bombs), prevent worm intrusion, prevent hacking, increase system privacy (protection of sensitive data), real-time monitoring system resources, prevent system crashes, regular maintenance of the database, backup main information ... Firewalls can patch up or isolate vulnerabilities in the system itself, giving hackers no chance to start. In addition, for enterprises with local area networks, firewalls can restrict the opening of system ports and prohibit certain network services (no Trojans).
2. Testing Software:
On the Internet, there are tools specifically for the removal of a hacker program, but this kind of software is more integrated in the anti-virus software or firewall software, for the system Trojan Horse, worm can be detected and cleared, the software in order to protect the system from infringement, will automatically protect the hard disk data, automatic maintenance registry files, Detection content can be code, monitoring system port open state and so on. If required by the user, the software can also write a script that masks the specified port (as the firewall does).
3. Backup tool:
Tools that are designed to back up data can help the server regularly back up data and update the data at the time it is set up, so that even if a hacker destroys the database on the server, the software can completely repair the incoming data in a short period of time. In addition, for individual users, this kind of software can make a full image backup of the hard disk, once the system crashes, users can use such software to restore the system to the original state, such as Ghost is a leader in such software.
4, log records, analysis tools:
For the server, log files are essential, and administrators can log the server's request type and request source, and determine whether the system is hacked by the logs. Through the log analysis software, the administrator can easily reverse the intrusion hacker, find the hacker's source of attack, and then catch the hacker. This is why hackers use IP address spoofing, server jumps, and clear log files after the server is hacked.
· 3.1 · CMD Command
Mastering the cmd command will be a great help on the hacker's path, and the hacker will need to use the cmd command everywhere in his computer career.
At the same time, the cmd command is also the basis of hackers.
CMD is the abbreviation for command, which is the commanding prompt. Although with the development of computer industry, the application of Windows operating system is more and more widespread, DOS is faced with the fate of being eliminated, but because it runs safely and stably, some users still use it. To this end, I serve you with the cmd command Daquan, in order to facilitate better use of the cmd command.
For more information on a command, type the help command name.
How to open cmd:
1) Start menu-run-enter "CMD"-ok (or enter)
2) win key + R-Enter "CMD"-ok (or enter)
3) Start menu-All Programs-Accessories-command Prompt
Command:
ASSOC Displays or modifies file name extension associations.
At Schedules commands and programs to run on the computer.
Attrib Display or change file properties.
Break sets or clears the extended CTRL + C check.
CACLS displays or modifies the file's access control List (ACLs).
Call calls this one from another batch program.
The CD displays the name of the current directory or changes it.
CHCP Displays or sets the number of active code pages.
Chdir displays the name of the current directory or changes it.
Chkdsk checks the disk and displays the status report.
CHKNTFS Displays or modifies the startup time disk check.
Cls clears the screen.
CMD opens another Windows command interpreter window.
Color sets the default console foreground and background color.
Comp compares the contents of two or two sets of files.
Compact displays or changes the compression of files on NTFS partitions.
Convert converts a FAT volume to NTFS. You cannot convert the current drive.
Copy copies at least one of the files to another location.
Date Displays or sets dates.
Del deletes at least one file.
Dir displays the files and subdirectories in a directory.
Diskcomp compares the contents of two floppy disks.
Diskcopy Copy the contents of one floppy disk to another.
Doskey Edit the command line, invoke the Windows command, and create a macro.
echo Displays the message, or turns the command back on or off.
Endlocal to end localization of environment changes in batch files.
Erase Delete at least one file.
Exit CMD. EXE Program (command interpreter).
FC compares two or two sets of files and displays different places.
Find searches the file for a text string.
FINDSTR searches for strings in the file.
For each file in a set of files, run a specified command.
Format formats the disk for use with Windows.
Ftype displays or modifies the file types used for file name extension associations.
Goto points The Windows command interpreter to a marked line in the batch program.
GRAFTABL enable Windows to display the extended character set in image mode.
Help provides information about Windows commands.
If you perform conditional processing in a batch program.
Label creates, changes, or deletes a disk's volume label.
MD to create a directory.
Mkdir Create a directory.
Mode configures the system device.
More displays a result screen at a time.
Move moves files from one directory to another.
Path displays or sets the search path for the executable file.
Pause pauses processing of batch files and displays messages.
POPD restores the previous value of the current directory saved by PUSHD.
Print prints a text file.
Prompt change the Windows command prompt.
Pushd Save the current directory and make changes to it.
RD Delete directory.
Recover recovers readable information from the problematic disk.
Rem record batch file or CONFIG. The comment in SYS.
Ren renames the file.
Rename Rename the file.
Reeplace Replace the file.
Rmdir Delete the directory.
Set to display, set, or remove Windows environment variables.
Setlocal the localization of the environment changes in the batch file.
Shift replaces the position of replaceable parameters in the batch file.
Sort to categorize the input.
Start starts another window to run the specified program or command.
SUBST associates the path with a drive letter.
Time displays or sets the system times.
The Title sets CMD. The window caption of the EXE session.
Tree displays the directory structure of a drive or path in graphical mode.
Type Displays the contents of the text file.
Ver shows the version of Windows.
Verify tells Windows whether to verify that the file is written to disk correctly.
VOL Displays the disk volume label and serial number.
Xcopy copies files and directory trees.
How much do you know about hackers? ----Hack Starter learning (common terminology +dos operations)