1. chicken ：
So-called “ chicken ” It's a very vivid metaphor , The analogy of computers that we can control at will , The other side can be WINDOWS System , It can also be UNIX/LINUX System , It could be a normal personal computer , It can also be a large server , We can operate them like we do with our own computers , Without being noticed by the other person .
2. Trojan horse ：
It's the programs that appear to be normal , But when these are run by the program , You'll get the whole control of the system . There are many hackers who are interested in using Trojan programs to control other people's computers , Like the grey dove , Black holes ,PcShare wait .
3. Web Trojan ：
On the surface of the disguise as a normal web page file or just the code directly inserted into the normal web page file , When someone visits , Webpage Trojan will take advantage of the loopholes of the other party's system or browser to automatically download the server end of the Trojan horse to the visitor's computer for automatic execution .
4. Hang a horse ：
It is to put webpage Trojan horse in other people's website file or sneak the code into the other party's normal web page file , In order to make the viewer in the horse .
5. back door ：
It's a figurative metaphor , After the intruder successfully controlled the target host in some ways , You can embed specific programs into each other's systems , Or change some settings . On the surface, these changes are hard to detect , But the intruder can use the corresponding program or method to establish a connection with this computer easily , Take control of this computer again , It seems that the intruder secretly matched a master room , Can be in and out at any time without being discovered by the owner .
Usually most Trojans （Trojan Horse） Programs can be used by intruders to create backdoors （BackDoor）
rootkit It's used by attackers to hide their tracks and keep them root（ Root permission , Can be interpreted as WINDOWS Under the system Or administrator rights ） Access tools . Usually , An attacker can gain from a remote attack root Access right , Or use the password to solve it first （ Crack ） To gain normal access to the system , After entering the system , Re pass , The security vulnerability in the other party's system obtains the system's root jurisdiction . then , The attacker will install rootkit, In order to achieve their own long-term control of each other's purpose ,rootkit It's similar to the Trojan horse and back door we mentioned earlier , But far more hidden than they are , Hackers are typical rootkit, And domestic ntroorkit It's good to wait rootkit Tools .
It's sharing “ name pipes ” Resources for , It is an open named pipe for communication between processes , You can get the corresponding permissions by verifying the user name and password , In remote management
When computing and viewing the shared resources of a computer .
8. Weak password ：
Not strong enough , Easy to guess , similar 123,abc Such a password （ password ）
9. Default share ：
The default share is WINDOWS2000/XP/2003 When the system starts the sharing service, it will automatically open the sharing of all hard disks , Because of the addition of "$" Symbol , So you don't see a shared holding chart , Also known as hidden sharing .
Refers to a command-line environment , For example, we press the keyboard “ Start button +R” When “ function ” Dialog box , Type in “cmd” A black window will appear to execute the command , This is WINDOWS Of Shell execution environment . Usually we use the remote overflow program to successfully overflow the remote computer to get the environment used to execute system commands, which is the other party's shell
WebShell That is to say asp、php、jsp perhaps cgi A command execution environment in the form of web files , It can also be called a backdoor . After hacking into a website , It's usually done with these asp or php Backdoor file and web server WEB Normal web page files in the directory are mixed together , Then you can use the browser to access these asp
perhaps php back door , Get a command execution environment , In order to control the website server . You can upload and download files , view the database , Execute arbitrary program commands, etc . Commonly used in China WebShell There is Haiyang ASP Trojan horse ,Phpspy,c99shell etc.
12. overflow ：
Exactly , Should be “ out of buffer ”. The simple explanation is that the program does not perform a valid test on the accepted input data, resulting in an error , The result could be a program crash or execution of an attacker's command . It can be roughly divided into two categories ：（1） Heap overflow ;（2） Stack overflow .
13. Inject ：
With B/S Development of pattern application development , More and more programmers are writing programs in this mode , However, due to the uneven level of programmers, a large number of applications have security risks . Users can submit a database query code , According to the result returned by the program , Get some data he wants to know , This is what we call SQLinjection, namely ：SQL Inject .
14. Injection point ：
It's a place where injection can be carried out , It's usually a connection to access a database . According to the different permissions of the running account of the injection point database , You get different permissions .
15. Intranet ：
Generally speaking, it is LAN , For example, Internet bar , Campus network , Company intranet and so on belong to this kind of . see IP If the address is in the following three ranges , That means we are in the intranet ：10.0.0.0—10.255.255.255,172.16.0.0—172.31.255.255,192.168.0.0—192.168.255.255
16. Extranet ：
Connect directly to INTERNET（ Internet ）, It can be accessed by any computer on the Internet ,IP The address is not reserved IP（ Intranet ）IP Address .
17. port ：
（Port） It is equivalent to a data transmission channel . Used to accept certain data , And then transmit it to the corresponding service , And the computer processes the data , Then the corresponding recovery is transmitted to the other party through the open port . Generally, the open pair of each port corresponds to the corresponding service , To close these ports, you just need to shut down the corresponding service .
3389、4899 chicken ：
3389 yes Windows Terminal services （Terminal
Services） The port number used by default , This service is Microsoft in order to facilitate network administrators remote management and maintenance server and launched , Network administrators can use remote desktop to connect to any computer on the network with terminal services enabled , After successful login, it will operate the host like operating your own computer . This is very similar to the function of remote control software and even Trojan horse program , The connection to terminal services is very stable , And any anti-virus software will not check and kill , So it's also popular with hackers . After hackers hacked into a host , Usually, you will find a way to add a back door account that belongs to you , Then open the other party's terminal service , such , You can use terminal services to control each other at any time , Such a host , It's usually called 3389 chicken .Radmin Is a very excellent remote control software ,4899 Namely Radmin Default use is often used by hackers as Trojans （ That's why , The current anti-virus software is also right for Radmin I killed ）. Some people are using the service port number . because Radmin It's very powerful , Transmission speed is also faster than most Trojans , And it won't be killed by antivirus software , used Radmin When managing a remote computer, you use an empty or weak password , Hackers can use some software to scan for presence on the network Radmin A host with an empty or weak password , Then you can log in and remotely control the bad , In this way, the controlled host is usually made 4899 chicken .
19. No killing ：
It's by adding shells 、 encryption 、 Modify the signature code 、 To modify a program by using techniques such as adding instructions , Make it escape the killing of anti-virus software .
20. shell ：
It's using special algorithms , take EXE Executable program or DLL Dynamic link library file encoding changes （ For example, to achieve compression 、 encryption ）, In order to reduce the size of the file or encryption program encoding , Even to avoid the purpose of anti-virus software . At present, more commonly used shells are UPX,ASPack、PePack、PECompact、UPack、 Immunity 007、 Trojan horse, colored clothes and so on .
21. Flower instruction ：
Just a few assembly instructions , Let the assembly statement make some jumps , Make antivirus software can't judge the structure of virus file normally . To put it more popular, it means ” Antivirus software is to search for viruses from head to toe . If we put the head and foot of the virus upside down , Antivirus software can't find the virus .
Click to see the original image
What is? TCP/IP
It is a network communication protocol , He regulated all the communication devices on the network , In particular, the format and transmission of data between one host and another .,TCP/IP yes INTERNET The basic agreement of , It's also a standard way to package data and address computers . In data transmission , It can be understood as two envelopes ,TCP and IP It's like an envelope , The message to be delivered is divided into paragraphs ,
Insert one in each paragraph TCP The envelope , On the cover of the letter, the information with the section number is recorded , then TCP Put... In the envelope IP Big envelope , Send to the Internet .
What is a router
Router should be one of the most used devices on the network , Its main function is routing , take IP The packet is delivered to its destination correctly , So it's also called IP Router .
What is a honeypot
It's like an intelligence gathering system . The honeypot seems to be a deliberate target , Luring hackers to attack , After all the attackers invade , You can see how he got there , Keep abreast of your clothes
The latest attacks and vulnerabilities launched by servers . You can also wiretap the connection between hackers , Collect all kinds of tools used by hackers , And master their social networks .
What is a denial of service attack
DOS yes DENIALOFSERVICE For short , Denial of service , cause DOS Is known as DOS attack , The purpose is to make the computer or network unable to work properly , The most common DOS Attacks include computer network broadband attacks and connectivity attacks , Connectivity attacks are attacks that impact a computer with a large number of connection requests , All available operating system resources are consumed , Eventually the computer can no longer process legitimate user requests .
What is a script injection attack (SQLINJECTION)
So called script injection, attackers put SQL Command insert into WEB Input field of the form or query string of the request , Cheat the server to execute malicious SQL command , In some forms , User input is directly used to construct dynamic SQL command , Or as an input parameter to the stored procedure , Such forms are particularly vulnerable SQL Injection attack .
What is a firewall ? How does it ensure network security
Use a firewall （Firewall） Is a way to ensure network security . Firewalls are set up on different networks （ Such as trusted intranet and untrusted public network ） Or a combination of components between network security domains . It is the only entry and exit of information between different network or network security domains , Be able to control according to the safety policy of the enterprise （ allow 、 Refuse 、 monitoring ） Information flow in and out of the network , And it has strong anti attack ability . It's about providing information security services , Infrastructure for network and information security .
What is the back door ? Why there is a back door ？
back door （BackDoor） It refers to a method of gaining access to a program or system by bypassing security controls . In the software development phase , Programmers often create backdoors in software so that they can fix bugs in their programs . If the back door is known to others , Or not deleting it before the software , Then it becomes a security risk .
What is intrusion detection
Intrusion detection is a reasonable supplement to firewall , Help systems deal with cyber attacks , Expand the security management ability of system administrator （ Including security audit 、 monitor 、 Attack recognition and response ）, Improve the integrity of the information security infrastructure . It collects information from several key points in a computer network system , And analyze the information , Check the network for security policy violations and signs of attack
What is packet monitoring , What does it do
Packet monitoring can be considered as the equivalent of a wiretap in a computer network . When someone is in “ monitor ” When the network , They are actually reading and interpreting packets that are transmitted over the network . If you need to send an email or request to download a web page on the Internet through a computer , All of these operations allow data to pass through many computers between you and the data destination . The computers that pass through these messages can see the data you send , And the packet monitoring tool allows someone to intercept the data and view it . It is worth mentioning here that , The U.S. Rockhill base class frightful power submarines have several specially designed for data monitoring of submarine cables . Especially in the Pacific Ocean .
What is? NIDS
NIDS yes NetworkIntrusionDetectionSystem Abbreviation , Network intrusion detection system , It is mainly used to detect Hacker or Cracker
Intrusion through the network .NIDS There are two ways to run , One is to run on the target host to monitor its own communication information , The other
One is to run on a separate machine to monitor the communication information of all network devices , such as Hub、 Router .
What do you mean SYN package
TCP The first package connected , A very small packet .SYN Attacks include a large number of such packages , Because these packages don't actually exist
Site , So it can't be processed effectively .
What is encryption
Encryption technology is the most commonly used means of security , Use technology to turn important data into garbled code （ encryption ） delivery , After arriving at the destination
Restore by the same or different means （ Decrypt ）.
Encryption consists of two elements ： Algorithms and keys . The algorithm is to combine common information or understandable information with a series of numbers （ secret key ） combination
, The steps to produce incomprehensible ciphertext , A key is an algorithm used to encode and decrypt data . In security , Through appropriate
Key encryption technology and management mechanism to ensure the security of network information communication .
LAN internal ARP What does an attack mean
ARP The basic function of the protocol is through the target device IP Address , Query the... Of the target device MAC Address , In order to ensure the communication .
be based on ARP This working feature of the protocol , Hackers constantly send fraudulent messages to each other's computers ARP Data packets , The packet contains the same as when
The front device repeats Mac Address , Make the other party respond to the message , Due to simple address repetition error, normal network communication can not be carried out . commonly
Under the circumstances , suffer ARP There are two phenomena in the attacking computer :
1. Keep popping up “ Native XXX Segment hardware address and XXX Segment address conflict ” The dialog .
2. The computer can't access the Internet normally , There are symptoms of network disruption .
Because this attack is using ARP Request message for “ cheating ” Of , So the firewall will mistake it as a normal request packet , No interception
. So ordinary firewalls are hard to resist this kind of attack .
What is cheating attack ? What kind of attacks does it have
The technology of network cheat mainly has :HONEYPOT And distributed HONEYPOT、 Deceiving space technology, etc . The main ways are :IP cheating 、ARP cheating 、
DNS cheating 、Web cheating 、 Email spoofing 、 Source routing spoofing （ By specifying the route , Legitimate communication or sending with other hosts in a fake identity
Fake message , Cause the attacked host to behave incorrectly ）、 Address spoofing （ Including forged source address and forged intermediate site ） etc. .
The shared channel of computer network , Switch supporting exclusive channel for each pair of communication computers / Hubs are still too expensive , Sharing means
The computer can receive information sent to other computers , Capturing the data information transmitted in the network is called sniffing .
The full name is Trojan horse (TrojanHorse), It is named after a war in Greek mythology . Menelaus sent troops to attack Troy
king , They pretend to beat , And leave a big Trojan horse , But in the Trojan horse hides the strongest warrior ！ Finally, as soon as evening time arrives , Courage in the Trojan horse
The soldiers rushed out and defeated the enemy . That's what happened ” trojan horse ”, The back door of hackers is interesting , It is to hide the function of premeditation
Hidden in the open function , Cover up the real attempt .
It's been attacked , The host that has control over it .
A machine with an auxiliary function , Using this host as an indirect tool , To invade other hosts , Usually used with broilers .
The so-called weak password means that the password is the same as the user name , User name and password combination with empty password , Including those passwords that are not strong enough , Easy to
The combination of guessed solutions , General professional knowledge doesn't make this kind of mistake .
Establishment of files and directories by computer users , modify , Deletion and access to certain services , Execution of procedures , It's in the form of authority
To strictly distinguish . Has been given the right to , You can do the corresponding operation , Otherwise, you can't .
When the program processes the data we submit to it , Sometimes I forget to check the size and validity of the data , Then these data may exceed the genera
In their own territory , A disk that covers other data . If these super long data are carefully planned and constructed , May be hacked to execute arbitrary commands
. To put it figuratively ,windows The system is a person , Drink the water we prepared for it one by one , One of the cups is too small , We pour in
With a lot of water, it will spill into other cups , And what spills into other cups can be designed in advance , And the system doesn't know ,
I think this is what's in that cup , So we can accomplish certain tasks .
On the Internet , Know a computer ip Address , It's just like knowing its residential address , To communicate with it , We also need to know about it
What ports have been opened , For example, we went to a hospital , Registration to 1 Window No , The price should be paid to 2 Window No , Take the medicine to 3 Window No . So with calculation
It's the same with the communication of the computer , Go up qq, You have to log in to Tencent server 8000 port , To browse x Archives Forum , You have to be more than 80 Port to proceed
contact , want ftp Landing space , Transfer files , We need the server again 21 The port is connected to . so to speak , Port is a kind of data transmission channel ,
Used to receive certain data , And pass it on to the corresponding service , And the computer processes the data , Then send the corresponding reply to the other party through the port .
inter There are many computers on , So that they can recognize each other ,inter Each host on the is assigned a unique 32 Bit address , The address is called ip Address , Also called Internet address ,ip Address by 4 It's made up of a number of parts , Each numerical part can take a value 0-255, Use one between the parts ‘.‘ Separate .
Address resolution protocol (AddressResolutionProtocol)
This protocol maps network addresses to hardware addresses .
Reverse Address Resolution Protocol (ReverseAddressResolutionProtocol)
This protocol maps the hardware address to the network address
User datagram protocol (UserDatagramProtocol)
This is a connectionless protocol for user processes , Used to transfer data without performing correctness checks .
File transfer protocol (FileTransferProtocol)
Allow users to operate in the form of files （ The addition of documents 、 Delete 、 Change 、 check 、 Transmission, etc ） Communicate with another host .
Simple mail delivery protocol (SimpleMailTransferProtocol)
SMTP Protocol for sending e-mail between systems .
Terminal protocol (TelTerminalProcotol)
Allows users to access remote hosts as virtual terminals
Hypertext transfer protocol (HypertextTransferProcotol)
Simple file transfer protocol (TrivialFileTransferProtocol)
Shell Is the system to the user exchange interface . Simply speaking , It is a communication environment between the system and users , We usually use DOS It's just one. Shell(Win2K or cmd.exe).
Unix The user with the highest authority in , Super administrator .
WindowsNT/2K/XP The user with the highest authority in , Super administrator .
Through an overflow program , In the host overflow a with Root The powers of the Shell.
Overflow program .Exploit It usually contains some Shellcode.
Overflow attack to call the function , After overflow, an exchange interface is needed for operation . So there is Shellcode.
Access control list .
Address resolution protocol .
Administrator account .
ARPANET (Inter For short ).
The access token .
Adaptive speed level adjustment .
Algorithm alias Alias .
One is with PASSWD+ Similar proxy password checker .
Application asynchronous delivery mode .
Account block .
Accounting Strategy .
Account number .
Upload the loopholes
The hole in DVBBS6.0 The era is most rampant used by hackers , Using the upload vulnerability, you can get WEBSHELL, The hazard level is super high , Now the upload vulnerability in the intrusion is also a common vulnerability .
How to use ： Add... To the address bar of the website /upfile.asp If it shows “ The upload format is incorrect [ Upload again ]” There are upload loopholes in such words , Find a tool to upload
You can get WEBSHELL.
Tool is introduced ： Upload tool , Veteran upload tool 、DOMAIN3.5, These two software can achieve the purpose of uploading , use NC You can also submit .
WEBSHELL What is it? :
Actually WEBSHELL It's not something profound , It's a WEB Authority , Can manage WEB, Modify the content of the home page and other permissions , But there's no particularly high level of authority ,( This depends on the settings of the administrator ) Generally, you need this permission to modify the homepage of others , Come into contact with WEB The friend of the Trojan horse may know （ For example, the assistant of a veteran's stationmaster is WEB Trojan horse , Haiyang 2006 It's also WEB Trojan horse ）. That's what we're going to end up with , Sometimes, when you encounter a server with bad permission settings, you can use WEBSHELL Get the highest authority .
This vulnerability is rare now , But there are many sites that have this vulnerability to exploit , Mob is to submit characters to get database files , Get the database file, we have the site's foreground or background authority directly .
The mob method ：
For example, the address of a station is ....., We can put com/dispbbs In the middle of the / Switch to \, If there is a vulnerability, get the absolute path of the database directly , You can download it by searching for thunder .
Another way is to use the default database path ..... Followed by conn.asp. If you do not modify the default database path, you can also get the database path （ Be careful ： there / We need to change it into \）.
Why \： Because in ASCII Inside the yard / be equal to \, Sometimes the database name is /#abc.mdb Why can't you get off ? Here we need to put # Number to # You can download , Why did the database file I burst out use .ASP At the end of the ? What am I gonna do? ? Here you can download .ASP Switch to .MDB So you can download it. If you can't download it, you can prevent it from downloading .
This vulnerability is now the most widely used , There's a big hole in the lethality , It can be said that there are injection loopholes in Microsoft's official website . The injection vulnerability is due to the fact that character filtering is not strictly prohibited , You can get the administrator's account, password and other related information .
How to use ：
Let me first introduce how to find vulnerabilities, such as this website ..... The back is with ID= At the end of the digital form, we can manually add a and1=1 have a look
If the normal page is displayed, add a and1=2 If you return to a normal page, it means there is no vulnerability. If you return an error page, it means there is an injection vulnerability . If added and1=1 Return to the error page to show that there is no vulnerability , Know whether there are loopholes in the site, we can use manual to guess the solution can also use tools, now more tools （NBSI、NDSI、 ah D、DOMAIN etc. ）, Can be used to guess the account password , Because it's rookie contact , I still suggest you use tools , Manual work is more cumbersome .
When we invade a station, the station may be solid and impeccable , We can find the site with the same server as this station , And then use the site to raise the right , Sniffer and other methods to invade the site we want to invade .
A figurative metaphor , For example, you and I have a building , My home is safe , And your family , It's full of holes , Now a thief wants to invade my house , He was watching my house （ That's scanning ）, Found nothing to use , So the thief found your house and my house in the same building , It's easy to get into your house , He can enter your house first , And get the key to the whole building through your house （ System permissions ）, So I'll get my key naturally , You can enter my home （ Website ）.
Tool is introduced ：
It's still a kid DOMIAN3.5 Nice thing , Can detect Injection , You can sidenote , You can also upload !
Many people don't know what COOKIE,COOKIE It's the value sent by the website when you surf the Internet that records some of your information , such as IP, Name or something .
How to cheat ？ If we already know XX Station manager's station number and MD5 It's a password , But you can't crack the code （MD5 It's the encrypted one 16 Bit code ）. We can use it
COOKIE Fraud to achieve , Put your own ID Change to administrator's ,MD5 The password was changed to his , There are tools to modify COOKIE So the answer is COOKIE The purpose of the fraud , The system thinks you are the administrator .
Firewall system ：
IDS Intrusion detection —— Now there are usually finished software for sale
“ Time stamp ” It sounds a bit mysterious but actually quite easy to understand , We look at the file properties in the system , Which shows the creation of 、 modify 、 The access time is the timestamp of the file .
For most general users , By modifying the “ Time stamp ” Maybe it's just for the convenience of file management and other reasons to cover up the file operation records . But this is not true for users who use digital time stamping technology “ Simple ” 了 , there “ Time stamp ”（time-stamp） It is an encrypted certificate document , It is a variant application of digital signature technology .
In e-commerce transaction documents , Using digital timestamp Services （DTS：digita1timestampservice） Be able to provide electronic documents Date and time information security , In order to prevent it from being forged and modified by business opponents and other people with bad intentions .
We often see in hacker articles against “MySQL database ” The attack of , But many friends don't know much about it .“MySQL database ” The reason why it is so widely used , Because it's a free open source multiuser 、 Multi thread cross platform relational database system , It can also be called the fastest running speed at present SQL Language database .
“MySQL database ” Provides for C、C++、Java Such as programming language programming interface , Especially when it comes to PHP It's a golden partner .“MySQL database ” It's a client / The form of the server structure , It's made up of a server daemon Mysqld And a lot of different client programs and Libraries . But if it's not configured properly ,“MySQL database ” You could be attacked , For example, if you set the local user to have read access to the library file , So the intruder just needs to get “MySQL database ” The catalog of , Copy it to the local data directory, you can access and steal database content .
MD5（ The full name is message-digestalgorithm5） The purpose of this paper is to make large amount of information before signing the private key with digital signature software “ Compress ” For a confidential format . Its typical application is for a piece of information （message） Generate a summary of information （message-digest）, To prevent being tampered with . In layman's terms MD5 Code is a captcha , It's like our personal ID card , Everyone's is different .MD5 Code is the unique check code for each file （MD5 Case insensitive , But because of MD5 The code has 128 There are so many places , So any information has the same MD5 The probability of a code is very low , It's usually considered impossible ）, With this feature, it is often used for encrypted storage of passwords 、 Digital signature and file integrity verification . adopt MD5 Verification can check the correctness of the file , For example, you can check whether the download file is bundled with other third-party software or Trojan horse 、 back door （ If the verification result is incorrect, the original document has been modified without authorization ）.
ICMP（ The full name is InterControlMessageProtocol, namely Inter Control message protocol ） Used in IP host 、 Routing control messages between routers , Including the failure of the network 、 Whether the host can reach 、 Whether the route is available and so on . for example , We often use it when we detect whether the network is not working Ping command ,Ping The process of performing an operation is ICMP The process of agreement work .“ICMP agreement ” It is very important for network security , Its own characteristics determine that it is very easy to be used to attack routers and hosts on the network . for example , The hacking of Hisense's home page, which was once a sensation, is due to ICMP Attack oriented . Because of operating system regulations ICMP The maximum packet size does not exceed 64KB, Therefore, if more than 64KB Upper bound packets , The host will have a memory allocation error , This leads to the system consuming a lot of resources , Running from , Finally paralyzed 、 crash .
After hackers ravaged the Internet , And will be “ Antenna ” It extends to WAP（ Wireless application protocol ）, then WAP Became another target for them .“WAP attack ” It's mainly about attacking WAP The server , Make enabled WAP The service mobile phone cannot receive normal information . Due to the present WAP The security mechanism of wireless network is not very strict , As a result, this field will be subject to more and more hackers “ Meddle in ”. Now? , Most of the mobile phones we use already support WAP surf the internet , And mobile phones WAP Functions need special WAP Server to support , If hackers find out WAP Server security vulnerabilities , You can work out a plan for WAP Server virus , And attack it , So as to affect WAP Normal operation of the server , send WAP The mobile phone cannot receive normal network information .