Hackers use a variety of tools to attack a system. Each of the tools we cover in this
article have distinct capabilities. We describe the most popular tools from each of the
following categories:
- Port scanners
- Vulnerability scanners
- Rootkits
- Sniffers
Later in this article, we use some of these tools in realistic scenarios to demonstrate
how easily even a novice hacker or script-kiddie can gain access to an unsecured
system.
Wednesday, August 4, 2010
Finding Operating System Vulnerabilities
As mentioned previously, hackers first look for vulnerabilities to gain access. Then
they look for operating system (OS) vulnerabilities and for scanning tools that report
on those vulnerabilities.
Finding vulnerabilities specific to an OS is as easy as typing in a URL address and
clicking on the appropriate link. There are many organizations that provide “fulldisclosure”
information. Full disclosure is the practice of providing all information
to the public domain so that it isn’t known only to the hacker community.
Mitre, a government think tank, supports the Common Vulnerability and Exposures
(CVE) dictionary. As stated on their web site (http://cve.mitre.org), the goal is
to provide the following:
A list of standardized names for vulnerabilities and other information security
exposures—CVE aims to standardize the names for all publicly known
vulnerabilities and security exposures2.
Other security sites, such as SecurityFocus, CERT, the SANS Institute, and many
others, provide information about how to determine the vulnerabilities an OS has
and how to best exploit them.
they look for operating system (OS) vulnerabilities and for scanning tools that report
on those vulnerabilities.
Finding vulnerabilities specific to an OS is as easy as typing in a URL address and
clicking on the appropriate link. There are many organizations that provide “fulldisclosure”
information. Full disclosure is the practice of providing all information
to the public domain so that it isn’t known only to the hacker community.
Mitre, a government think tank, supports the Common Vulnerability and Exposures
(CVE) dictionary. As stated on their web site (http://cve.mitre.org), the goal is
to provide the following:
A list of standardized names for vulnerabilities and other information security
exposures—CVE aims to standardize the names for all publicly known
vulnerabilities and security exposures2.
Other security sites, such as SecurityFocus, CERT, the SANS Institute, and many
others, provide information about how to determine the vulnerabilities an OS has
and how to best exploit them.
How Hackers Do It: Tricks, Techniques And Tools
Tricks
A trick is a “mean crafty procedure or practice...designed to deceive, delude, or
defraud.1” Hackers use tricks to find short cuts for gaining unauthorized access to
systems. They may use their access for illegal or destructive purposes, or they may
simply be testing their own skills to see if they can perform a task.
Given that most hackers are motivated by curiosity and have time to try endless
attacks, the probability is high that eventually they do find a sophisticated method
to gain access to just about any environment. However, these aren’t the types of
attacks we address in this article, because most successful intrusions are
accomplished through well-known and well-documented security vulnerabilities
that either haven’t been patched, disabled, or otherwise dealt with. These
vulnerabilities are exploited every day and shouldn’t be.
A trick is a “mean crafty procedure or practice...designed to deceive, delude, or
defraud.1” Hackers use tricks to find short cuts for gaining unauthorized access to
systems. They may use their access for illegal or destructive purposes, or they may
simply be testing their own skills to see if they can perform a task.
Given that most hackers are motivated by curiosity and have time to try endless
attacks, the probability is high that eventually they do find a sophisticated method
to gain access to just about any environment. However, these aren’t the types of
attacks we address in this article, because most successful intrusions are
accomplished through well-known and well-documented security vulnerabilities
that either haven’t been patched, disabled, or otherwise dealt with. These
vulnerabilities are exploited every day and shouldn’t be.
Subscribe to:
Posts (Atom)