Written in front of:
In fact, many friends have heard the word hacker
I am also curious about the profession or type of work of hacking, so what exactly does hacking do and how does it carry out a workflow of hacking?
In this article, I will let everyone understand what a hacker is, what a black hat is, what a white hat is in vernacular + technical terms, and finally lead to what penetration testing is.
It is helpful for friends who want to learn or engage in the security field.
Steps from hack to hack
What is a hacker:
We often hear the word hacker, which is mysterious and tall, so what is a hacker?
hacker, also known as hacker, refers to a group of highly skilled computer experts who use computer networks to make damage or pranks. So here I think it is enough to understand hackers here
Just remember the character definition that hackers can use computer networks to sabotage or prank targets!
Of course, if you still want to deeply understand the definition of the word hacker, you can go to Google or Baidu by yourself.
Now that we have understood the definition of hackers above, let’s talk about the most important process problem. How do hackers work?
Steps for hacking:
First of all: From the above summary picture, we can see that the attack steps of hackers are nothing more than summarized into four steps!
Clear objectives
Information collection
Vulnerability Detection
Vulnerability Verification {Penetration Ignored}
High-risk exploits
Then let’s talk about how these steps are operated one by one:
Clear objectives
We want to attack or infiltrate a website or APP to obtain something else
Then we will know roughly what our target is to attack or infiltrate from the beginning
Just like we visit a relative first, then we know the general location information of this relative’s house
And the clear goal here usually refers to the domain name, obtaining the app package
Or we give a vocabulary company name and then we specify what can be penetrated is scan
Information collection
So after the hacker knows what target he is going to attack, is it a direct attack
I don’t think hackers are so amazing, and I probably don’t know how to attack
Let me talk about it here, whether it is the website or The app is composed of client middleware server database
We want to work out the attack method, after knowing the target of the attack
It is necessary to know the relevant information of the target through information analysis
For example, the domain name of IP
What system is the server
What port does the server open
What is middleware
What is the version of middleware
What database is used
What is the version of the database
The concept involved here is information collection.
It is equivalent to a thief who knows your home address and wants to steal something from your home. Then he must first analyze the composition of your home, such as door lock monitoring, sewer range hood, etc. For example, if he analyzes if there are any loopholes in the door, then he can choose to unlock the lock
Vulnerability Detection
Following the previous step, we talked about the thief’s choice to unlock the lock. If it is opened, is it a loophole in your home? The poor quality of the lock leads to your home being patronized by thieves!!!!
This is sheer bullshit
After collecting information on the website, we know the relevant components of the website
For example, using Nginx mysql8.0 to open port 22
Then at this time hackers need to attack this website
Isn’t there an attack method or attack strategy?
We can look at the attack methods here from two aspects:
The first is vulnerability scanning (referred to as missed scanning for short), which means playing with tools. Of course, this is also a view of most people on hackers or penetration testers. Of course, I don’t deny this kind of development, but I think using tools The prerequisite for scanning is that you know the principle of the missed scan tool you are using
Otherwise, the purpose of attack or infiltration cannot be achieved. Also, white cats and black cats are good cats if they catch mice. In fact, the practical tools that can achieve the goal you want are also yyds
Therefore, the use of tools to attack or infiltrate depends on a personal opinion
The second way is to make vulnerabilities manually, which requires a high technical level for hackers or penetration testing, and you must master a lot of basic computer knowledge points, such as:
Operating system [Linux window] underlying or general usage, security configuration and related command operations, Linux shell command win dos command.
Deployment and use of middleware and related commands, common middleware vulnerabilities, and vulnerability principles.
Coding methods of related languages python php java and so on.
Very important network knowledge What is the difference between 7-layer and 4-layer network protocols, IP, sub-mask code, DNS, router, CDN, HTTP HTTPS, IP segment, three-way handshake and four waves, DHCP, TCP/IP, etc. If you want to do a good job in the security field, network knowledge is definitely a big head.
Database
Front-end knowledge
Operating system deployment-[One more mention here because we can’t casually engage in other people’s websites, even black and gray websites, because it’s illegal without authorization, and we all have to eat, so we We need to deploy shooting ranges to improve our penetration technology, This is a reminder to friends who want to engage in the security field in the future]
Packet capture tool wireshark bp tool.
Ok, we have basically finished the work of vulnerability detection at this step. Let’s talk about the next step.
Vulnerability Verification
In this step, in the technology of the previous step, we found some related website vulnerabilities. After the discovery is completed
We will verify the vulnerability. As long as the verification is completed, we can actually finish this step
Because this step is the last step that the penetration test engineer {white hat} engineer has to do
After verifying that the website contains relevant vulnerabilities, write a test report and fix suggestions based on the data
Because penetration testing or white hat testing, we have to follow a principle
Our purpose is not to destroy or prank related targets, but to verify that there are relevant vulnerabilities in the targets, so as to fix them and ensure the security of the targets.
Here, the first step is to obtain the relevant authorization certificate, and legally conduct the relevant target penetration test.
If you don’t get the authorization certificate on the premise of engaging in other people’s websites, be careful that other people’s websites sue you!
High-risk exploits
Vulnerabilities are graded into high, middle and low, and high-risk vulnerabilities can generally enlarge the problems of this website indefinitely
If we are managers, that is, people who crack down on gray and black products (legal managers)
So take on the previous step, if we are hackers or other related personnel
We are now letting go of this website, and at this step
Hackers or managers want to endlessly use the data of this website to destroy this website and other related operations. What can be done here depends on the level of technical personnel
For example
Control server authority elevation operation
getshell
Get sensitive data
Get system permissions
Infiltrated the intranet and worked on this website
