How is the penetration of websites?
With the growing cyber-attacks by the day, particularly on websites, it has become many of the Internet users are asking this question: How is the penetration of websites? In this post I will try to Agherbk of the process where I will discuss with you the most important steps taken by hackers to penetrate the sites, so I will divide the topic into several sections:
1 Determine the type of attack:
What do we mean identifying the type of attack, perhaps is the question that now put on yourself. Breakthrough in general is divided into two basic types: ...
- Target a specific j: which is that the hacker had previously identified the Agvh who wants to penetrate any that he knew in advance.
- Random target: namely, that it breached the search randomly for a particular site infected and tries to exploit a loophole and is usually this kind of targeting by "Dorkat".
Well now we have learned about the first step, to move on to the second step, namely
2 gather some information about the target:
The move is one of the most important steps here because the hacker will use his skill in the search for greater amount of information from the target site owner such as name, phone number collection, knowledge of website hosting, complex script on the site type ... etc.
Now the question is what benefit this information? A: This information will benefit breached in many things you will learn the most important steps in Kadmh.alan to move on the last and most important aspect of course it is:
3 start targeting process or penetration:
In the last step hacker will examine the site by some devoted to the examination sites of loopholes tools and is effective in this area, and among them, for example a tool Vega It is a tool in most distributions penetration test can also be installed on Windows, and that there are some tools that specializes in checking certain scripts, including: Joomla population which is specialized in screening tool Joomla sites, after the end of the screening process will show some of the results of the hacker. To ask now two assumptions:
- The emergence of some of the gaps in the site can be exploited, in this case, will try to hacker exploited either manually or through some tools, too, and we mean exploitation manual that the hacker will not assisted by any means and this kind of exploitation is an advanced, because he needs to experience in the field. The exploitation by some of the tools is somewhat easier because the hacker here will have some commands to the tool the process of exploitation and extraction Control Panel and password and user name or extract some other information as desired by the hacker and the type of gap.
- The emergence of some of the gaps weak However, I think it is very difficult to use or not to Zao any loophole:
In this case Shilji hacker to information gathered from the site and try to penetrate one of the sites located on the same server to perform in the post of trying to control the target site basis.
Finally, after Chtrac site Ay hacker will raise the shell to control all the sites located on the server or raise its Alandquis on a particular site.
Now I will attempt to explain some of the terms:
Loophole: It is simply sinned software.
Server: a computer and I have for a very powerful specifications are stored in the location information, a
Alandquis: a page that purifies hacker instead of the main page of the site through which the hacker directs his message.
If you have any Sckal in one of the points you raised in a comment and you will be happy to answer
ليست هناك تعليقات:
إرسال تعليق