Ways Hackers Penetrate A Website

Written By Mujianto akhmadi pratama on Monday, November 26, 2012 | Monday, November 26, 2012


How can a hacker to penetrate or infiltrate and destroy a website is as berikut.Teknik techniques include:1. IP Spoofing2. FTP Attack3. Finger Unix Exploits4. Flooding & Broadcasting5. Fragmented Packet Attacks6. E-mail Exploits7. DNS and BIND Vulnerabilities8. Password Attacks9.Proxy Server Attacks10. Command Processing Remote Attacks11. Remote File System Attack12. Selective insertions Program13. Port ScanningSequence 14.TCP/IP Stealing, Passive Listening Port and Packet15. HTTPD Attacks

1. IP SpoofingIP Spoofing is also known as the Source Address Spoofing, the attacker IP address forgery assume that the target IP address of the attacker is the IP address of the host in the network and not from outside the network. Suppose the attacker has type A 66.25.xx.xx IP address when the attacker to attack this type of network that attacked it will assume the attacker IP is part of the IP networknya 192.xx.xx.xx eg type C.IP spoofing occurs when an attacker? Outsmart? packet routing to change the direction of the data or the transmission to different destinations. Packet routing is usually transmitted in a transparent and clear so that makes it easy to modify the attacker with the data source or destination of the data. This technique is not only used by the attacker but also used by security professionals to download tracing the identity of the attacker


2. FTP AttackOne of the attacks carried out against the File Transfer Protocol is a buffer overflow attack caused by malformed command. destination FTP server attack this average is to get a command shell or to perform a Denial of Service. Denial Of Service attacks may eventually lead to a user or attacker to retrieve the resource in the network without authorization, while the command shell can make an attacker gain access to the server system and data files that eventually an attacker can make anonymous root-acces a right a full range of network attack system even


3. Finger Unix ExploitsIn the early days of the internet, Unix OS finger efficient utility used to download the information sharing among users. Due to requests for information on this finger information not blame the rules, many system administrators leave this utility (finger) with minimal security, even without any security at all. For an attacker is invaluable utility for information on footprinting, including login names and contact information.This utility also provides excellent information about user activity in the system, how long the user is in the system and how much users care system. Information generated from this finger to minimize effort kracker in penetrating a system. Personal information about the user that is raised by the finger daemon is already enough for a atacker to do social engineering by using social skillnya user to utilize that? Tell? passwords and access codes to the system.


4. Flooding & BroadcastingAn attacker could menguarangi speed networks and hosts that are in it are significant in a way continue to request / demand any information from servers that can handle classic attack Denial of Service (Dos), send a request to a port called excessive flooding, sometimes it is also called spraying. The purpose of both is the same attack that make network resource that provides information to become weak and eventually gave up.Flooding attacks by relying on two factors: the size and / or volume (size and / or volume). An attacker can cause a Denial of Service by throwing a large-capacity files or a large volume of small packet to a system. In such circumstances the network server will deal with congestion: too much information being requested and not enough power to push the data to run. Basically the package requires a greater processing capacity, but it is not normal and the same small package in large volumes would be useless to spend resources and cause congestion


5. Fragmented Packet AttacksInternet data is transmitted via TCP / IP can be further divided into packages that contain only the contents of the first package of information the main part (head) of TCP. Some firewalls will allow to process part of a package that does not contain the information on the packet source address first, this will result in some type of system to crash. For example, the NT server will be a crash if the packets are broken up (fragmented packet) enough information to rewrite the first packet of a protocol


6. E-mail ExploitsPeng-exploitasian e-mail occurred in five formats: mail floods, manipulation command (command manipulation), the attack rate of transport (transport level attack), include a variety of code (inserting malicious code) and social engineering (use of physical socialization). The attack could make the email system to crash, open and execute even rewrite the application files or also make access to command functions (command function)


7. DNS and BIND VulnerabilitiesRecent news about the vulnerabilities (vulnerabilities) on apps Berkeley Internet Name Domain (BIND) in various versions illustrate the fragility of the Domain Name System (DNS), which is a crisis that is directed at the basic operation of the Internet (internet basic operation)


8. Password AttacksPassword is a common thing when we talk about security. Sometimes a user does not care about the number of pins they have, such as online transaction in the cafe, even transact online at home is very dangerous if it is not equipped with security software such as SSL and PGP. Password security is one procedure that is very difficult to attack, an attacker might have many tools (both technical and social life) just to open something that is protected by a password.When an attacker managed to get a password that is owned by a user, then it will have the same powers to the user. Train employees / users to remain vigilant in safeguarding the password of social engineering can at least minimize the risk, except in case of social engineering practices organizations must be aware of this technical way. Most of the attacks are carried out against password guessing (guessing), brute force, cracking and sniffing


9.Proxy Server AttacksOne function of proxy servers is to speed up response time by bringing together processes from multiple hosts in a trusted network


10. Command Processing Remote AttacksTrusted Relationship between two or more host facilities provide information exchange and resource sharing. Similar to a proxy server, trusted relationships give all members equal access to the power network in one or another system (the network).Attacker will attack a server that is a member of the trusted system. Just as the latency to the proxy server, when access is received, an attacker would have the ability to execute commands and accessing the data available to other users


11. Remote File System AttackTransport protocols for data? Backbone of the internet? is the TCP level (TCPLevel) with a mechanism that has the ability to read / write (read / write) between network and host. Attacker can easily get trace information from this mechanism to gain access to the file directory


12. Selective insertions Program

Selective Program insertions are performed when the attacker attacks put destroyer programs, such as viruses, worms and trojans (perhaps the term is already familiar to you?) On the target system. Destruction programs is often called malware. These programs have the ability to damage the system, destruction of files, theft of passwords to open the backdoor


13. Port ScanningThrough port scanning an attacker can see the functions and how to survive a system from a variety of ports. A atacker can get access to the system through an unprotected port. Sebaia example, scanning can be used to determine where the default SNMP string in the open for the public, which means that the information can be extracted for use in remote command attackSequence 


14.TCP/IP Stealing, Passive Listening Port and PacketInterception TCP / IP Sequence Stealing, Passive Listening Port and Packet Interception runs to collect sensitive information for accessing the network. Unlike active attacks and brute-force, attack using this method have more stealth-like qualities

15. HTTPD AttacksVulnerabilities found in HTTPD webserver or there are five kinds: buffer overflows, bypasses httpd, cross scripting, web code vulnerabilities, and URL floods

0 komentar:

Post a Comment

Popular Posts Today