Total Pageviews

Sunday, January 29, 2012

Hack A Computer - A Complete Reference





 Keylogger

Consider a situation; everything you type in the system is mailed to the hacker! Wouldn’t it be easy to track your password from that? Keyloggers perform similar functionalities. So you have to be cautious while typing anything. Now a day, remote keyloggers are also used. So before downloading any executable file keep an eye on the downloadable element. Also lookout for your open ports… someone might be looking into it. Periodically check “netstat” from command prompt.



 Secret Question 

According to a survey done by security companies, it is found that people generally complain for hacking as per their secret question answers. This is indeed a much easier method. In some cases, there are only fixed secret questions, so it becomes much easier for the hackers. So, don’t use simple answers, don’t reveal it to anyone and I would suggest you to use own secret questions with answers.

 Social Engineering

This is one of the oldest tricks to hack. Try to convince the user that you are a legitimate person from the system or central server and needs your password for the continuation of the service or some maintenance or you need to reset your password to some combination like ‘abc12345’. This won’t work now since most of the users are now aware about the Scam. But this Social Engineering concept is must for you to convince the victim for many reasons. It may work in some case.


 BruteForcing

This is quite a long and most tiring task. This method is very useful if you know that the victim is using his password among a few known possibilities that you are aware of. If you don’t know much and the possibilities are more, then you shouldn’t go for it.

 Fake Messengers

This is a form of phishing in the application format. Sometimes, there are some fake applications which tend the user to enter the login info in the software and check your mail. But unknowingly, your login credentials are being sent to the ftp server destination of the hacker.

Viruses And Worms

Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail. So install a good working antivirus and antispam program which is capable of handling the potential threats.

 Denial Of Service

DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol, TCP, packets).

Distributed DoSs

Distributed DoSs (DDoSs) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses. So better to use upgraded and advanced servers like grid server etc.

Sniffing

Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple monitoring or something more wicked. So it’s better to secure the working network. Also make sure that, none of your users is giving your TCP packets to outer network knowingly or unknowingly. Knowing IP address only also can do a lot as there is a powerful penetration tool to do the damage (BACKTRACK OS + METASPLOIT).


 Spoofing

Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

SQL Injection

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It uses normal SQL commands to get into database with elevated privileges. Some security precautions need to be taken to handle this attack.

cookie stealer

Each time you access into an online account, the sites identify your system and you by your cookies. If somebody gets the cookie saved by the sites, then he can easily decode it and can get the password! This is generally possible in open networks. So while using open networks always use https as it makes you enter into secure mode without leaving the cookie to the network.

Whaling

This method gets you the password of the accounts which are used by the hackers to receive the passwords. So you just have to hack one ID, which is simplest method and you will have loads of passwords and so loads of accounts at your mercy.

 Phishing

This is a method where you have to bring the user to a webpage created by you which appears to be the same as the interface of the legitimate one and get him/her to enter the credentials. Then the redirect page will land somewhere else and you will get the password in your mail box as defined inside the php script.

Back Doors

Hackers can gain access to a network by exploiting back doors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in the network. So you have to strengthen your security to avoid unauthorized access.

Trojan Horses

Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the software can take the full control over the system and you can remotely control the whole system. Isn’t it great! They are also referred as RATs (Remote Administration tools). Always periodically watch out your open terminals by checking ‘netstat’.

 DNS Poisoning Or PHARMING

Phishing is a tough job. Isn’t it? Convincing someone to enter their password at your page require a lot mind work. What if you don’t have to convince the person? What if they are directed automatically to your site without having a clue? DNS poising or Pharming does the same for you.

No comments:

Post a Comment