aaa
Hack It
Test
●
Friday, January 25, 2013
A number of technologies are available to companies to prevent
hacking attacks. The most popular tools are Internet firewalls,
anti-virus software, intrusion detection systems, and vulnerability
assessment tools. Firewalls are used to set up a virtual wall between
the Internet and the company's internal network to repel attackers.
Anti-virus software detectsand removes computer viruses, worms, and
Trojan horses. Intrusion detection systems watch over critical networks
and computers looking for suspicious activities, and can alert
administrators in the event of an attack. Finally, corporations use
vulnerability assessment tools to inventory their computing
infrastructure and better understand the existing vulnerabilities.
Contrary to popular belief, most hackers are not international or industrial spies with evil motives and a desire to rule the world; most hackers have a simpler agenda. Among hackers, one of the most frequently cited motivations is that hacking is fun and is like solving a game or a puzzle. Many hackers perceive their activities to be harmless and they do not believe that they are victimizing anyone. In addition, the thrill of doing something illegal or the ability to access data unavailable to the public can be a tempting motivator. The chance to earn recognition from within a hacker group also offers strong incentive for up-and-coming hackers who have yet to gain a reputation. Finally, many hackers justify their actions by explaining that they are doing a service for other
Contrary to popular belief, most hackers are not international or industrial spies with evil motives and a desire to rule the world; most hackers have a simpler agenda. Among hackers, one of the most frequently cited motivations is that hacking is fun and is like solving a game or a puzzle. Many hackers perceive their activities to be harmless and they do not believe that they are victimizing anyone. In addition, the thrill of doing something illegal or the ability to access data unavailable to the public can be a tempting motivator. The chance to earn recognition from within a hacker group also offers strong incentive for up-and-coming hackers who have yet to gain a reputation. Finally, many hackers justify their actions by explaining that they are doing a service for other
Enumeration - It's 4th
Test
●
Enumeration.
The third phase is the process of identifying user accounts and
poorly protected computing resources. During the enumeration stage, the
hacker connects to computers in the target network and pokes around
these systems to gain more information. While the scanning phase might
be compared to a knock on the door or a turn of the doorknob to see if
it is locked, enumeration could be compared to entering an office and
rifling through a file cabinet or desk drawer for information. It is
definitely more intrusive.
Penetration.
During the fourth phase, penetration, the attacker attempts to gain
control of one or more systems in the target network. For example, once
an attacker has acquired a list of usernames during enumeration, he can
usually guess one of the users' passwords and gain more extensive access
to that user's account. Alternatively, once the attacker has determined
that a target computer is running an old or buggy piece of software or
one that is configured improperly, the hacker may attempt to exploit
known vulnerabilities with this software to gain control of the system.
Advance.
In the advance phase of hacking, the attacker leverages computers or
accounts that have been compromised during penetration to launch
additional attacks on the target network. For instance, the attacker can
break into more sensitive administrator root accounts, install
backdoors or Trojan horse programs, and install network sniffers
to gather additional information (for example, passwords) from data
flowing over the network.
Yo Man It's 3rd
Test
●
A Systematic Process
Although portrayed otherwise in Hollywood films and in television
shows, hacking is a systematic, tiresome process in which the attacker
attempts methodically to locate computer systems, identify their
vulnerabilities, and then compromise those vulnerabilities to obtain
access. Experts have identified six steps that are generally followed in
the hacking process. These include (1) footprinting (reconnaissance);
(2) scanning; (3) enumeration; (4) penetration; (5) advance; and (6)
covering tracks.
The first technique often used by hackers is called footprinting. The
objective is to gather information essential to an attack and enable an
attacker to obtain a complete profile of an organization's security
posture. During this phase, the hacker might gain information about the
location of the company, phone numbers, employee names, security
policies, and the overall layout of the target network. Often, hackers
can perform this work with a simple web browser, a telephone, and a
search engine. Unfortunately, humans are often the weakest security link
in a corporation. A clever phone call to the technical support
department can often compromise critical information: "Hi—this is Bill
and I forgot my password. Can you remind me what it is?
It's Second Post
Test
●
¥ What Is Footprinting? Footprinting is the first and most convenient way that hackers use to gather information about computer systems and the companies they belong to. The purpose of footprinting to learn as much as you can about a system, it's remote access capabilities, its ports and services, and the aspects of its security. In order to perform a successful hack on a system, it is best to know as much as you can, if not everything, about that system. While there is nary a company in the world that isn't aware of hackers, most companies are now hiring hackers to protect their systems. And since footprinting can be used to attack a system, it can also be used to protect it. If you can find anything out about a system, the company that owns that system, with the right personell, can find out anything they want about you. In this talk, I will explain what the many functions of footprinting are and what they do. I'll also footprint everyone's favorite website, just to see how much info we can get on Grifter. ¥ Open Source Footprinting Open Source Footprinting is the easiest and safest way to go about finding information about a company. Information that is available to the public, such as phone numbers, addresses, etc. Performing whois requests, searching through DNS tables, and scanning certain IP addresses for open ports, are other forms of open source footprinting. Most of this information is fairly easy to get, and getting it is legal, legal is always good. Most companies post a shit load of information about themselves on their website. A lot of this information can be very useful to hackers and the companies don't even realize it. It may also be helpful to skim through the webpage's HTML source to look for comments. Comments in HTML code are the equivalent to the small captions under the pictures in high school science books. Some comments found in the HTML can hold small tid-bits of info about the company, otherwise not found anywhere else. ¥ Network Enumeration Network Enumeration is the process of identifying domain names and associated networks. The process is performing various queries on the many whois databases found on the internet. The result is the hacker now having the information needed to attack the system they are learning about. Companie's domain names are listed with registrars, and the hacker would simply query the registrar to obtain the information they are looking for. The hacker simply needs to know which registrar the company is listed with. There are five types of queries which are as follows:
CEH Syllabus
Test
●
CEH Syllabus overview
So that you can see whole course in one shot here are all the links to the weeks:0. Orientation
- Footprinting & Scanning
- Enumeration & System Hacking
- Trojans and Backdoors & Sniffers
- DOS & Social Engineering
- Session Hijacking & Web Servers
- Web Applications & Passwords
- SQL injection & Wireless
- Viruses & Novell
- Linux & Evasion
- Buffer Overflows & Cryptology
Subscribe to:
Posts (Atom)
Social
Search this blog
Blogger templates
Introduction
I Like
- www.coolearningtips.blogspot.com