如何认为象黑客

黑客的主要宗旨将减弱目标计算机、网络或者应用。 黑客开始以一点信息并且最终获得一张详细的地图入系统。 有黑客跟随对文丐入系统的五步：


侦察
这个调查阶段的目标是会集信息关于域名、IP地址范围、商务伙伴、软件的电话号码、类型和操作系统在使用中和现有的网络防御机制。

首先，黑客必须辨认目标的域名例如xxxx.com。 然后他们收集同样多信息尽可能通过公开渠道。 一个好来源是通过新闻组。 信息技术(它)职员经常泄漏关于他们的配置和应用的许多信息，当为协助时接近。 工作公告也提供关于公司的计算机系统、操作系统和应用的重要消息。 如果工作为信息安全位置做广告，目标的网络防御的种类可能容易地被辨认。

黑客能然后参观互联网档案’网站(archive.org)检查关于也许多年来回去的目标的信息。 SEC网站(www.sec.gov)可能显露关于紧急公司合并的信息-这意味着它防御为两家公司将显著被降下合并资源和保证一个平抑（稳定）物价。 当敌人的防御下降时，是时间攻击。

黑客能也使用社会工程学会集事实。 人文要素是经常弱链接在系统。 例如，如果您有被批准访问网络雇员的信任，您能假装有喜欢人的自然有用的一个迫切问题。

扫描和列举
其次，黑客使用软件在目标网络将扫描服务器和资源从所有“Warez”网站为自由。 一旦黑客通过扫描得到详细的信息关于目标操作系统或应用，它在系统只采取小的天分和坚固耐心辨认弱点。 一次参观到所有乱砍的工具网站在正确的方向将给初学者黑客推挤。 有时，如果黑客问计算机一个适当地格式化的问题，计算机系统甚而将提供关于密码长度的信息或绕过需要对于密码。 一次通过防火墙，内部安全通常是自由散漫的。

能够存取
在扫描为相关信息以后，黑客现在有对系统或网络的自由存取。 They will have a free run of the place with complete administrative access and can change any information or play havoc to the system. A tip: an easy way to do this is a call to the company help desk and impersonate the manager to get a password reset if an email sent to the manager earlier triggers an automatic ‘I’m on leave’ message.

Perfect
If the hacker still has difficulty getting administrative access into the system, a Trojan disguised as a service pack or system update can be sent to company staff. This can be sent from the System Administrator’s email account (obtained from a newsgroup message in the reconnaissance phase) –The Trojan appears harmless but will install a key-logger program in the background when run by employees. When the employees key in their user-IDs and passwords throughout the day, the program will automatically forward these to the hacker.

Maintaining Access
Once the hacker has access to critical computer systems, the password file or the Security Account Manager (SAM) is easily obtainable. This contains the user-IDs and passwords for all the system users. From here, they can hack into other systems. Hackers also install backdoor programs on all compromised systems so that they will continue to have access even when the passwords are changed. Furthermore, this will be totally overlooked by even experienced IT staff as normal network traffic. The perfect crime!

IMPORTANT: This is a machine translated page which is provided "as is" without warranty. Machine translation may be difficult to understand. Please refer to original English article whenever possible.

Share and contribute or get technical support and help at My Digital Life Forums.

Related Articles

• Hacker Unlocks iPhone 3G with Hacked SIM Card Adapter with YouTube Video Proof
• Cold Hard Jolt about Encryption Protection
• Hacker Sentenced to Jail for Stealing VoIP Services
• Microsoft Pushes WgaLogon.dll and WgaTray.exe in WGA v1.7.59.1
• Facebook Source Code Leaked
• Review Gmail Account Recent Login or Access Activity History and Remote Logout Intruder or Hacker
• WordPress 2.1.1 Critical Security Alert - Download Upgrade to 2.1.2
• How to Get Actual Build and Revision Number of Windows Vista or Longhorn Server Installed
• Personal Firewall Look ‘n’ Stop v2.06 p3 Released
• Manhunt 2 Uncensor/Uncut Execution Style Killing Death Scene Video Compilation

This entry was posted on Monday, May 21st, 2007 at 10:40 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.