How to Think Like a Hacker如何看待像一個黑客

A hacker’s main objective is to compromise the targeted computer, network, or application.黑客的主要目標是妥協的目標計算機，網絡，或申請。 The hacker starts off with little information and ends up with a detailed map into the system.黑客啟動了很少的信息和最後一份詳細的地圖進入系統。 There are five steps which hackers follow to hack into a system:有五個步驟，後續黑客攻破成一個系統：


Reconnaissance 偵察
The target of this investigation stage is to gather info about domain names, IP address ranges, business partners, phone numbers, type of software and operating systems in use and existing network defence mechanisms.的目標，這一調查階段是收集資訊域名， IP地址範圍，業務合作夥伴，電話號碼，輸入的軟件和操作系統的使用和現有的網絡防禦機制。

First, hackers must identify the domain names of the target such as xxxx.com.首先，黑客必須確定域名的目標，如xxxx.com 。 Then they gather as much information as possible through public channels.然後，他們收集盡可能多的信息通過公共渠道。 One good source is through newsgroups.一個良好的來源是通過新聞。 Information Technology (IT) staff often divulge too much information about their configurations and applications when approached for assistance.信息技術（ IT ）工作人員往往透露太多了解他們的配置和應用時，接觸，尋求協助。 Job announcements also provide vital information about the company’s computer systems, operating systems and applications.招聘公告還提供重要信息公司的計算機系統，操作系統和應用程序。 If the job advertises for an information-security position, the type of network defense of the target can easily be identified.如果宣傳工作的一個信息安全的立場，類型的網絡防禦的目標可以很容易地確定。

The hacker can then visit the Internet Archive’Web site (archive.org) to check for information about the target that may go back for years.黑客就可以訪問Internet Archive'Web網站（ archive.org ）檢查有關的目標，可能回去了多年。 The Securities and Exchange Commision’s website (www.sec.gov) can reveal information about impending company merges – this means that the IT defenses for both companies will be significantly lowered to merge resources and ensure a smooth transition.美國證券交易Commision的網站的（ www.sec.gov ）可以揭示有關公司即將合併-這意味著防禦系統的I T企業都將顯著降低合併資源和確保平穩過渡。 When the enemy’s defences are down, it’s time to attack.當敵人的部隊正在下降，現在正是時候攻擊。

Hackers can also use social engineering to gather facts.黑客還可以使用社會工程來收集的事實。 The human element is oftentimes the weakest link in the system.人的因素往往是最薄弱的環節在系統中。 For example, if you have the trust of an employee who is authorised to access the network, you can pretend to have an urgent problem that appeals to the natural helpfulness of the person.例如，如果您有信任的一名僱員誰有權訪問網絡，你可以假裝有一個迫切的問題，呼籲自然樂於助人的人。

Scanning and Enumeration 掃描和枚舉
Next, hackers will scan servers and resources on the target network using the software from any “Warez” websites for free.下一步，黑客將掃描服務器和資源的目標網絡，利用該軟件從任何“ Warez ”網站是免費的。 Once a hacker gets detailed info about the target operating systems or application via scanning, it only takes a little talent and substantial patience to identify weaknesses in the system.一旦黑客獲得詳細信息，對目標的作業系統或應用程序通過掃描，但只需要很少的人才和大量的耐心找出不足，該系統。 A visit to any hacking tool website will give the beginner hacker a push in the right direction.訪問任何黑客工具的網站將給予初學者黑客推動方向是正確的。 Sometimes a computer system will even offer information about password length or bypass the need for a password if the hacker asks the computer a suitably formatted question.有時候，一個計算機系統，甚至會提供的信息密碼長度或繞行需要一個密碼，如果黑客要求計算機有適當格式化的問題。 Once past the firewall, internal security is usually slack.在過去的防火牆，內部安全通常是疲弱。

Gaining Access 獲得
After scanning for the relevant information, the hacker now has free access to the system or network.掃描後的有關資料，現在黑客自由出入系統或網絡。 They will have a free run of the place with complete administrative access and can change any information or play havoc to the system.他們將有一個自由運行的地方完整的管理權限，並可以改變的任何信息或發揮破壞的系統。 A tip: an easy way to do this is a call to the company help desk and impersonate the manager to get a password reset if an email sent to the manager earlier triggers an automatic ‘I’m on leave’ message.小費：一種簡單的方法來做到這一點是要求該公司服務台和假冒的經理獲得密碼重置，如果一封電子郵件發送到早先的經理觸發自動'我離開'的訊息。

Perfect 完善
If the hacker still has difficulty getting administrative access into the system, a Trojan disguised as a service pack or system update can be sent to company staff.如果該黑客還難以進入行政系統，一個木馬程序偽裝成一個服務包或系統更新時可以發送到公司的工作人員。 This can be sent from the System Administrator’s email account (obtained from a newsgroup message in the reconnaissance phase) –The Trojan appears harmless but will install a key-logger program in the background when run by employees.這可以被從系統管理員的電子郵件帳戶（獲得新聞信息的偵察階段） ，該木馬似乎無害，但會安裝一個關鍵記錄器程序在後台運行時的員工。 When the employees key in their user-IDs and passwords throughout the day, the program will automatically forward these to the hacker.當員工的關鍵在其用戶ID和密碼在一天內，該程序會自動將這些給黑客。

Maintaining Access 保持訪問
Once the hacker has access to critical computer systems, the password file or the Security Account Manager (SAM) is easily obtainable.一旦黑客已經進入關鍵的計算機系統，密碼文件或安全帳戶管理器（ SAM ）是容易獲得。 This contains the user-IDs and passwords for all the system users.這包含了用戶的ID和密碼的所有系統用戶。 From here, they can hack into other systems.從這裡，他們可以破解到其他系統。 Hackers also install backdoor programs on all compromised systems so that they will continue to have access even when the passwords are changed.黑客還安裝後門程序的所有計算機系統，以便他們將繼續有機會，即使密碼更改。 Furthermore, this will be totally overlooked by even experienced IT staff as normal network traffic.此外，這將是完全忽略了即使是有經驗的IT人員作為正常的網絡流量。 The perfect crime!完美的犯罪！

IMPORTANT : This is a machine translated page which is provided "as is" without warranty. 重要說明：這是一台機器翻譯網頁這是“原樣”提供，無保修。 Machine translation may be difficult to understand.機器翻譯可能很難理解。 Please refer to請參閱 original English article英文原文的文章 whenever possible.只要有可能。

Share and contribute or get technical support and help at共享和貢獻或獲得技術支持和幫助 My Digital Life Forums 我的數字生活論壇 . 。

Related Articles相關文章

• Review Gmail Account Recent Login or Access Activity History and Remote Logout Intruder or Hacker回顧近年來的Gmail帳戶登錄或訪問活動的歷史和遠程註銷入侵者或黑客
• Hacker Sentenced to Jail for Stealing VoIP Services黑客被判入獄竊取網絡電話服務
• Hacker Unlocks iPhone 3G with Hacked SIM Card Adapter with YouTube Video Proof黑客解鎖iPhone與黑客的3G SIM卡適配器與YouTube影片的證明
• Windows Genuine Advantage Validation Tool v1.7.69.2 for Vista SP1 and XP Cracked by Hacker Windows Genuine Advantage驗證工具v1.7.69.2為Vista SP1和XP中破獲的黑客
• Protect Firefox Password Manager Saved Passwords for Sites保護Firefox的密碼管理保存的密碼的網站
• Apple iPhone Root Password and Mobile User Password蘋果iPhone root密碼和移動用戶密碼
• Create a Secure and Strong Password using Password Chart創造一個安全的和強有力的密碼用密碼圖
• Firefox Passwords Exporter and Importer (also for Thunderbird, Songbird and Flock) Firefox的密碼出口商和進口商（也為雷鳥，鳴禽和Flock ）
• Cold Hard Jolt about Encryption Protection冷軋硬加密地震有關保護
• Eight Simple Skills to Protect Your Network Safety八個簡單的技能，以保護您的網絡安全

This entry was posted on Monday, May 21st, 2007 at 10:40 pm and is filed under 本條目被張貼在週一， 2007年5月21號在下午10時40分，並提交下 Security 安全 . 。 You can follow any responses to this entry through the 您可以按照任何反應，這個項目通過 RSS 2.0 2.0 feed. You can 飼料。您可以 leave a response 留下一個反應 , or 或 trackback 引用 from your own site. 從您自己的網站。