Like
most cultures without a monetary economy, hackerdom runs on reputation. You're
trying to solve interesting problems, but how interesting they are, and whether
your solutions are really good, is something that only your technical peers or
superiors are normally equipped to judge. This is why you aren't really a
hacker until other hackers consistently call you one. Specifically, hackerdom
is what anthropologists call a "gift culture." You gain status and
reputation in it not by dominating other people, nor by being beautiful, nor by
having things other people want, but rather by giving things away: your time,
your creativity, and the results of your skill.
Thinking
like a hacker is not just for criminals, but also for companies or individuals
who want to know how to protect themselves against hackers. If you know how a
hacker uses their imagination to enter a company's computer security system,
you will have a better chance of safeguarding your own system. Read on to learn
more.
TIPS:
1.
Identify possible exploits and their domain
names, gathering as much information as you can to create a footprint analysis.
Consider the size of the target, the number of potential entry points and the
security mechanisms that may be in place. A hacker should think about company
names and subsidiaries, phone numbers, domain names and their IP networks.
2
Pay attention to "back
door" entry points. For example, identify startup companies that most
likely have weak security, especially those recently acquired by large
companies. Hacking into these smaller companies may provide information about
the unrestricted virtual private networks of the larger target companies.
3
Connect to the listening UDP and
TCP ports of your possible targets and send random data, attempting to
determine what versions of File Transfer Protocol, Web, or mail servers that
they may be using. Many TCP and UDP services send data that will identify the
running application as a response to random data. You can find exploits by
cross-referencing the data you find in vulnerability databases, like
SecurityFocus.
4
Think about how you will gain
access to the target once you have learned the basic information. You will need
a password and user account, which is usually acquired through a sneak attack.
That is, many hackers will take information from a company website and directly
contact an employee by phone, pretending to be the help desk or a web
technician. Many unsuspecting employees will give valuable information to a
person who sounds authoritative.
5
Take the username and password
obtained and "Trojan" the system. For example, you can enter with the
user's name and password and replace an everyday piece of software like
Notepad.exe with a piece of Trojan code. This code can allow a hacker to become
an administrator in the system, so that the next time that the hacker logs on,
they will automatically be added to the administrators' group and will have
instant access to "admin only" information.
Attitude
is no substitute for competence. Hackers won't let posers waste their time, but
they recognize competence — especially competence at hacking, but competence at
anything is valued. Competence at demanding skills that few can master is
especially good, and competence at demanding skills that involve mental
acuteness, craft, and concentration is best.
No comments:
Post a Comment