Download - CH03 駭客手法研究-基礎篇
-
CH03 *
-
HackerCrackerHacker*
-
* (Black Hats)Cracker (White Hats) (Security Analysts) (Reformed Crackers)
*
-
(Cont.) (Ethical Hacker) (Gray Hats) (Suicide Hackers)
*
-
*
-
*
-
(Cont.) (Reconnaissance) (Passive Reconnaissance) (Active Reconnaissance)IP (Scan)*
-
(Cont.) (Dialers)Port Network (Gaining Access) (Operating System Level) (Application Level) (Network Level)
*
-
(Cont.) (Maintaining Access) (Uploading) (Altering) (Downloading) *
-
(Cont.) (Clearing Tracks)(Steganography)(Tunneling) Log *
-
Footprinting (Pre-Attack Phase) (Scanning) (Enumeration)*
-
(Cont.) 90% 10% *
-
7 *
7 Port Port
-
7 (Cont.) URL : URL : (Telephone /Mail) : IP *
-
7 (Cont.) IP () Port Port *
-
7 (Cont.) Port Port Port HTTP Port 8080 *
-
URL Whois WHOIS http://www.whois365.com/twwho.ishttp://www.who.isSam SpadeWhois http://samspade.org http://majorgeeks.com/Sam_Spade_d594.html*
-
URL (Cont.)ARINhttp://www.arin.net whois ( IP) SpiderFoot GoogleNetcraftWhois DNS http://www.binarypool.com/spiderfoot/*
-
URL (Cont.)nslookup DNS DNS IP *
-
traceroute ICMP 3D Traceroute 3D http://www.d3tr.de/VisualRoute Litehttp://www.visualroute.com/lite.html*
-
HTTrack WebSite Copierhttp://www.httrack.com/ ()*
-
Google Earth Google Earthhttp://earth.google.com/YouGetSignal.comhttp://www.yougetsignal.com/ Network Location Tool IPGoogle Maps*
-
URL whois DNS IP (Mirror) ()*
-
(Cont.) Google *
-
Scanning IP IP*
-
(Network Scanning) IPPort (Port Scanning) Port Well-Known Port Port*
-
(Cont.) (Vulnerability Scanning) ()
*
-
Port ()
*
-
ICMPICMP ICMP Ping-Sweep ICMP Port
*
-
(Cont.)Ping ping -t [IP or Domain Name] (IP) Angry IP Scannerhttp://www.angryip.org/w/HomeWindows IP IP Port NETBIOS *
-
PortTCP () TCP (Flag) Flag Flag 1 bit Flag Port *
-
Port (Cont.) TCP FlagSynchronize (SYN)Acknowledgement (ACK)PUSH (PSH)Urgent (URG)Finish (FIN)Reset (RST) TCP Port (Listen) HTTP Server Port 80 *
-
Port (Cont.) Port Port Open Port Close*
-
Port (Cont.) Port Open SYN/ACK Port Close RST SYN StealthXmas ScanFIN ScanNULL ScanIDLE ScanTCP Connect RPC Scan
*
-
SYN StealthHalf Open Scan () TCP
*
-
Xmas Scan RFC 793 Windows RFC 793 Port FINX-masNull Scan RST Port*
-
Xmas Scan (Cont.)*
-
FIN Scan Xmas Scan *
-
Null Scan Xmas Scan
*
-
IDLE Scan Port Scanning IP IDS (Intrusion Detection System) (Zombie Computer) (Zombie) *
-
IDLE Scan (Cont.) IP IPID SYN/ACK RST (SYN) IPID SYN/ACK IPID 1
*
-
IDLE Scan (Cont.)IDLE Scan A Z SYN/ACK RST IPID 31337*
-
IDLE Scan (Cont.) SYN IP Z IP Z Port SYN/ACK Z Z SYN/ACK IPID 1 31338 IPID RST Port RST Z*
-
IDLE Scan (Cont.) A SYN/ACK Z Port Z 31338 1 31339 A 31338 Port 1*
-
TCP ConnectFull Open Scan TCP connect()*
-
RPC Scan Port Scan TCP/UDP Port SunRPC Null RPC Port*
-
Port Scan NMAP UNIX (Linux) Windows ( Zenmap GUI)http://nmap.org/*
-
Port Scan (Cont.)*
-sTTCP Connect-sAACK Scan-sSSYN Scan-sWWindow Scan-sFFin Scan-sRRPC Scan-sXXmas Scan-sLList/DNS Scan-sNNull Scan-PTTCP Ping-sUUDP Scan-PSSYN Ping-sIIdle Scan-PIICMP Ping-sOProtocol Scan
-
Port Scan (Cont.)SuperScan Ping IP IP Porthttp://www.snapfiles.com/get/superscan.html*
-
Port Port Port Port http://www.xuanya.com.tw/cubekm/images/port1.htm*
-
(Fingerprinting)telnet xxx.xxx.xxx.xxx 110 telnet xxx.xxx.xxx.xxx 25
*
-
(Cont.) TCP TCP (Sniffing) *
-
Netcraft Websitehttp://news.netcraft.com/*
-
(Banner) Apache Server 2.x httpd.confHeader set ServerBanner IIS Server IIS Lockdown Tool ServerMask*
-
Nessus Bug Windows Linux Plug-in NASL Client-Server
*
-
(Cont.)http://www.nessus.org/nessus/ Windows Nessus Server Client*
-
Friendly Pingerhttp://www.kilievich.com 30 Ping *
-
(Proxy Server) Firewall () IP
*
-
(Cont.)*
-
(Cont.)*
-
SocksChainhttp://www.ufasoft.com/socks/ SOCKS HTTP IPHTTPorthttp://download.cnet.com/HTTPort/3000-2155_4-10037133.htmlHTTPort (Client) HTTHost (Server) TCP HTTP (Tunnel)
*
-
HTTP Port HTTP (Port 80) HTTPS (Port 443) FTP HTTP HTTP HTTP Tunnel *
-
IDS IPS Port Port *
-
SNMP*
-
(Cont.)*
-
Enumeration Intranet *
-
SNMP E-mail (Brute Force)*
-
NetBIOS Null Sessions CIFS/SMB (Common Internet File System/ Server Messaging Block) NetBIOS Null Session Windows (200/XP) Null User Name Password
*
-
NetBIOS Null Sessions (Cont.) Null Users Groups UIDs SIDs (Security Identifiers) NetBIOS
*
-
NetBIOS Null Sessions (Cont.)Windows 2000/XP TCP Port 139 (/u:) Null Password () IP 192.34.34.2C:\> net use \\192.34.34.2\IPC$ /u:
*
-
SuperScan4 Windows EnumerationEnumeration Type NULL Session IPEnumerate*
-
(Cont.)GetAccthttp://www.securityfriday.com/tools/GetAcct.html Windows 2000/XP/2003 IP NetBIOS Remote Computer 1000 End of IDGet AccountRID 2000 1000
*
-
Null Session Null Session TCP Port 139 TCP Port 445 Port Windows WINS Client TCP/IP SMB (Registry) (Anonymous User)regedt32 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\restrictanonymousData Type: DWORDValue: 2*
-
SNMP SNMP (Simple Network Management Protocol)(Requests) (Agent) Agent Agent Traps Agent Agent *
-
SNMP (Cont.)MIB (Management Information Base) SNMP SNMP Agent SNMPMIB-II MIB MIB Community String public
*
-
SNMP Getifhttp://www.wtcs.org/snmp4tpc/getif.htm SNMP Agent SNScan http://www.foundstone.com/us/resources/proddesc/snscan.htmWindows-based SNMP Scanner SNMP SNMP Ports Public Community Names*
-
SNMP (Cont.)Winfingerprinthttp://sourceforge.net/projects/winfingerprint/*
-
SNMP SNMP Agent SNMP SNMP Public Community Group Policy Security Additional Restrictions for Anonymous Connections SNMP SNMP v3*
-
*
-
Null Session Super Scan4 Windows Enumeration GetAcct Users Accounts GetifSNScan SNMP Port http://www.defaultpassword.com/ *
-
Sniffing (Sniffer) (Sniffer) *
-
(Cont.)*
-
*
-
(Cont.)*
-
Telnet RloginHTTPPOPFTPIMAP (Clear Text) *
-
OSI (Frame) OSI (Packet) ( Linux ) ( Windows )
*
-
(Passive Sniffing) Hub
*
-
(Cont.) (Active Sniffing) (Bogus) MAC ARP Spoofing MAC Flooding
*
**