Network security defense-brief process of hacker attacks

Stay up, Baidu is not powerful enough, and many tools Baidu cannot come out;

1. Footprinting)

Purpose: Takes the initiative to obtain information and intelligence, and determines the target domain name system, network address range, namespace, and key system settings, such as the gateway email server;

Related Technologies: Source Query, Whois, whois web interface, Arin whois;

Tool used for click farming:

--Usenet (newsgroup): Network-based computer combination, news server;

--Search Engine: Haha;

--Edgar: Electronic data-based analysis and detection systems;

--Gooscan: Unix-related operating systems, which can find defective systems based on Google search content;

--Fingergoogle:

--Dig: Domain information searcher, which can flexibly ask DNS domain name servers;

--NSLookup: Specifies the query type, the DNS record survival time, and DNS server resolution. It is mainly used to diagnose the basic structure information of the domain name system;

--Sam Spade: Network integration toolbox, which can be used for network detection, network management, and security-related tasks, including Ping NSLookup whois dig traceroute finger raw and other tools;

--Dnsmap: An information collection tool;

2. Scan)

Scan target: Evaluate the security of the target system, identify the services in the listening operation, and find the target that is most easily cracked;

 

Scan related technologies: Ping, TCP/UDP port scanning, OS monitoring;

Scanning tool:

--Fping: The function is similar to ping. However, you can specify multiple Ping targets;

--Hping: TCP/IP packet assembly/analysis tool, which is often used to monitor network hosts;

--NMAP: Port scanning tools for large networks can hide scans, scan through firewalls, and scan through protocols without passing through them;

--Superscan: A Powerful port scanning tool;

--Autoscan: Is a complete network detection software that can automatically find the network, automatically scan the network, and automatically detect the operating system;

--Scanline NMAP: Port scanning tool;

--AMAP: Security scanning software;

--Sinfp: A tool that identifies the operating system of the peer;

--Xprobe2: Operating System probe tool for remote hosts;

3. Check Points

Purpose: FindValid user account, And someShared resourcesThis operation is more intrusive;

Techniques used for checking points: List user accounts, list host shared files, identify applications of the target host, and use SNMP;

Checking tools:

--Empty session: A session established with the server without trust;

--Dumpsec:

--Pstools: A Powerful remote management toolkit;

--Showmount: Query NFS server information;

--SMB-NAT: SMB network analysis tool;

--Rpcinfo: This tool can display information about the registration program using Portmap, call the program RPC, and check whether they are running normally;

--Cisco torch:

4. Access

Access Purpose: After scanning and checking through the above step, you can collect enough evidence to try to access the target system and send a trojan PDF or Trojan webpage link to the target user, once clicked, the user can launch an attack;

Access required technologies: Password sniffing, brute force attacks, and penetration tools;

Access required tools:

--Airsnscarf: Simple rogue WAP Installation tool, which can get a password from public wireless traffic;

--Dnsiff: Advanced password sniffer;

--Cain and Abel: A powerful tool for remotely cracking passwords;

--Phoss:

--Hydra: Brute-force cracking tool;

--Medusa: Brute-force cracking tool;

--Sipcrack:

--Metasploit framework:

--Canvas:

5. Elevation of Privilege

Special privilege: Obtain the root or administrator permissions of the system;

Technologies used: Crack the password and use the vulnerability;

Tools used:

--John the Ripper: A quick password cracking tool to crack plaintext when ciphertext is known;

--L0phtCrack: An essential tool for network management. It is used to check whether insecure passwords are used for Unix or windows;

--Metasploit framework: Penetration tests can be performed to verify system security;

6. Information theft

Information theft Process: Extract data and files from the environment to determine the mechanism and path for re-intrusion into the system;

Technologies used: Evaluates trusted systems and searches for plaintext passwords;

Tools used: Rhosts, LSA Secrets, user data, configuration file, command line;

7. Hide and disappear

Purpose: After controlling the target system, avoid being detected by the Administrator and conceal access traces;

Technologies used: Clearing log records and hiding tools;

Tools used: Logclean-ng, wtmpclean, rootkits, and file stream;

8. Create a backdoor

Purpose: Leave backdoors and traps for further intrusion;

Technologies used: Create a rogue user account, arrange batch processing jobs, infect startup files, implant remote control services, install monitoring mechanisms, and replace real applications with Trojans;

Tools used: Members of wheel, administrators Cron, registry, startup directory, Netcat, javasxec, VNC, keypress recorder, login, fpnwclnt, ptched SSH ersions;

9. Dos

DOS scenarios: During step 4 access, you cannot obtain the access permission but want to destroy it. You can use the DDoS Denial-of-Service to destroy it. The vulnerability code is used to paralyze the target system;

Technologies used: SYN flood, ICMP technology, overlapping fragment, out of bounds TCP options, DDoS;

Tools used: Synk4, Ping of death, smurf, ICMP nuke, bonk, newtear, supernuke.exe, trincoo, TNF, Stacheldraht;

 

.

Network security defense-brief process of hacker attacks