Section 1. Types and Behaviors of Hackers
In my understanding, "hackers" should be roughly divided into two categories: "good" and "evil". The decent hackers rely on their own knowledge to help system administrators find loopholes in the system and improve them, while the evil hackers are Use various hacking skills to attack the system, invade or do other things that are harmful to the network, because the things that evil hackers do violate the "Hacker Code", so their real name is "Cracker" (Cracker) Not "Hacker", that is, "Cacker" and "Hacker" that we often hear about.
Regardless of the type of hacker, their initial learning content will be the content covered in this part, and the basic skills they master are the same. Even if they each embarked on different paths in the future, the things they did were similar, but their starting points and goals were different.
Many people have asked me: "What do you usually do as a hacker? Isn't it very exciting?" Some people's understanding of hacking is "doing boring and repetitive things every day." In fact, these are another misunderstanding. Hackers usually need to spend a lot of time learning. I don’t know if this process has an end. I only know that “the more the better”. Since learning hacking is entirely out of personal interest, it does not matter "boring"; repetition is inevitable, because "practice makes perfect", and only through continuous contact and practice can one experience some experiences that can only be understood and cannot be expressed.
In addition to studying, hackers should apply the knowledge they have mastered to practice. No matter what kind of hackers do things, the fundamental purpose is nothing more than to master what they have learned in practice.
The behaviors of hackers mainly include the following types: 1. Learning technology: Once a new technology appears on the Internet, hackers must learn it immediately and master it in the shortest time. Read the relevant "protocol" (rfc) and understand the mechanism of this technology in depth, otherwise once you stop learning, relying on the content he has previously mastered cannot maintain his "hacker identity" for more than a year.
The knowledge that junior hackers need to learn is relatively difficult, because they have no foundation, so they need to learn a lot of basic content. However, today's Internet brings a lot of information to readers, which requires junior learners to make choices: too Deep content may make learning difficult; too "fancy" content is not useful for learning hackers. Therefore, beginners should not be greedy, and should try to find a book and their own complete teaching materials, and learn step by step.
2. Disguise yourself: Every move of the hacker will be recorded by the server, so the hacker must disguise himself so that the other party cannot identify his true identity. This requires skilled skills to disguise his IP address, use a springboard to avoid tracking, and clear records Disturb the opponent's clues, cleverly avoid the firewall, etc.
Camouflage requires very strong basic skills to achieve. For beginners, it has become a "great achievement", that is to say, it is impossible for beginners to learn camouflage in a short time, so I do not encourage beginners to use their own learning Knowledge to attack the network, otherwise, once one's whereabouts are revealed, the ultimate harm will be oneself.
If one day you become a real hacker, I also disapprove of your attacking the network. After all, the growth of a hacker is a kind of learning, not a crime.
3. Discovering vulnerabilities: Vulnerabilities are the most important information for hackers. Hackers should always learn from the vulnerabilities discovered by others, and try to find unknown vulnerabilities by themselves, and find valuable and exploitable vulnerabilities from a large number of vulnerabilities for experimentation. , Of course, their ultimate goal is to destroy or patch the loophole through the loophole.
Hackers' obsession with finding loopholes is unimaginable to ordinary people. Their slogan is "break the authority". From the practice of hacking again and again, hackers have also confirmed this point to the world with their own practical actions-there is no "non-authority" in the world. Vulnerabilities" program. In the eyes of hackers, the so-called "seamless" is nothing more than "not found".
4. Exploitation of loopholes: For decent hackers, loopholes must be patched; for evil hackers, loopholes must be used to cause damage. And their basic premise is "exploiting vulnerabilities". Hackers can use vulnerabilities to do the following things: 1. Obtain system information: some vulnerabilities can leak system information and expose sensitive information, thereby further invading the system; 2. Invading the system: entering through vulnerabilities 3. Find the next target: a victory means the emergence of the next target. Hackers should make full use of the server they already control as a tool to find and invade the next target. System; 4. Do some good things: decent hackers will fix the loopholes or notify the system administrator after completing the above work, and do something to maintain network security ; 5. Do some bad things: Evil hackers are completing the above work Finally, it will judge whether the server is still valuable. If there is value in use, they will implant Trojan horses or backdoors on the server to facilitate the next visit; but they will never show mercy to servers that are not in use value, and the system crash will make them feel infinite pleasure!
Section 2. Basic skills that hackers should master
Starting from this section, we will really embark on the road of learning hackers. The first thing to introduce is the basic skills that a junior hacker must master. To learn this, you can learn that hackers are not mysterious through reading this section. And it's easy to learn. In order to ensure beginners' interest in hacking, this book adopts a circular progress, that is to say, the content of each chapter is independent and comprehensive. Only when learners have completely studied the content of a chapter can they continue to learn The content of the next chapter.
1. Know a certain amount of English: Learning English is very important for hackers, because most of the materials and tutorials are now in English, and the news about hackers is also from abroad. From the discovery of a vulnerability to the Chinese introduction, it needs About a week, during which time network administrators have enough time to patch the vulnerability, so when we see the Chinese introduction, the vulnerability may have long since disappeared. Therefore, from the beginning of learning hacking, we must try our best to read English materials, use English software, and pay attention to famous foreign network security websites in time.
2. Learn the use of basic software: The basic software mentioned here refers to two contents: one is the common commands of various computers that we use every day, such as ftp, ping, net, etc.; Use, which mainly includes port scanners, vulnerability scanners , information interception tools, and password cracking tools. Because there are many types of these software and their functions are different, this book will introduce several popular software usage methods later in this book. " to find a guide to developing software for writing your own hacking tools.
3. Preliminary understanding of network protocols and working principles: The so-called "preliminary understanding" is to understand the working principles of the network "according to your own understanding". Will greatly dampen the enthusiasm for learning. Here I suggest that learners have a preliminary understanding of the tcp/ip protocol, especially how the network transmits information when browsing the web, how the client browser applies for "handshake information", how the server side "responds to the handshake information" and "accepts the request" etc., which will be introduced in detail in the following chapters.
4. Familiarity with several popular programming languages and scripts: As mentioned above, learners are not required to conduct in-depth study here, as long as they can understand the relevant languages and know the results of program execution. It is recommended that learners learn C language, asp and cgi scripting language initially, and also have a basic understanding of htm hypertext language, php, java, etc., and mainly study the "variable" and "array" parts in these languages, because there are inherent differences between languages. Contact, so as long as you are proficient in one of them, other languages can be the same. It is recommended to learn C language and htm hypertext language.
5. Familiar with network applications: Network applications include various server software background programs, such as: wuftp, Apache and other server backgrounds; there are also various popular online forums and electronic communities. It is better for qualified learners to use their own computer as a server, and then install and run some forum codes. After some trials, they will understand the working principle of the network perceptually, which is much easier than relying on theoretical study, and can achieve Get twice the result with half the effort!
Chapter 1, Basic Theory and Basic Knowledge
Section 1. Explanation of network security terms 1. Protocol: The network is a place for information exchange. All computers connected to the network can exchange information through physical connection devices between each other. This physical device includes the most common cables, Optical cables, wireless WAP and microwaves, etc., but simply possessing these physical devices cannot realize the exchange of information, just as the human body cannot lack the control of the brain, information exchange also needs to have a software environment, this "software environment" is human Implementing some of the prescribed rules is called a "protocol". With the protocol, different computers can use the physical device in accordance with the same protocol, and will not cause "incomprehension" between each other.
This kind of agreement is very similar to "Morse code", a simple dot and a horizontal line, which can be changed in various ways after arrangement, but if there is no "comparison table", no one can understand what is expressed in a messy code. The same is true for computers. They accomplish different tasks through various pre-specified protocols. For example, the RFC1459 protocol can realize the communication between the IRC server and the client computer. Therefore, whether it is a hacker or a network administrator, it is necessary to learn the protocol to achieve the purpose of understanding the mechanism of network operation.
Each protocol has been modified and used for many years, and most of the newly generated protocols are established on the basis of the basic protocol. Therefore, the protocol has a relatively high security mechanism, and it is difficult for hackers to find security problems in the protocol. Go straight to cyberattacks. However, for some new protocols, due to their short appearance and lack of consideration, they may also be exploited by hackers due to security issues. Regarding the discussion of network protocols, more people believe that the basic protocols used today have security risks at the beginning of their design, so no matter what changes are made to the network, as long as the current network system does not undergo fundamental changes, it will be fundamentally insecure. It is impossible to prevent the emergence of network hackers. But this hacking capability is beyond the scope of this book, so it won't be covered in detail here.
2. Server and client: The simplest form of network service is: several computers are used as clients, and one computer is used as a server. Each client has the ability to make a request to the server, and then the server responds and completes the request. The requested action, and finally the server will return the execution result to the client computer. There are many such agreements. For example, the email servers, website servers, and chat room servers we usually contact all belong to this type. In addition, there is another connection method, which does not require the support of the server, but directly connects two client computers, that is to say, each computer is both a server and a client, and they have the same functions. Peer to peer to complete the connection and information exchange work. For example, the DCC transmission protocol belongs to this type.
It can be seen from this that the client and the server are respectively the request application computer and the response computer stipulated in various protocols. As a general Internet user, they all operate their own computer (client), not to mention sending regular requests to the network server to complete actions such as browsing the web, sending and receiving emails, etc. For hackers, they use their own computer ( client) to attack other computers (possibly client or server) to achieve the purpose of intrusion, destruction, and information theft.
3. System and system environment: To operate a computer, an operating system must be installed. Today’s popular operating systems are mainly UNIX, Linux, Mac, BSD, Windows2000, Windows95/98/Me, Windows NT, etc. These operating systems run independently. It has its own file management, memory management, process management and other mechanisms. On the network, these different operating systems can be operated by users as servers or clients, and information exchange is completed through "protocols" between them Work.
Different operating systems and different application programs constitute the system environment. For example, the Linux system and Apache software can configure the computer as a web server, and other computers using the client can use the browser to obtain the web server for the viewer to read. For example, Windows2000 cooperates with Ftpd software to configure the computer as a file server, and you can obtain various file resources on the system through remote ftp login.
4. IP address and port: When we surf the Internet, we may browse the web, send and receive emails, and conduct voice chat at the same time... so many network service items are completed through different protocols, but the network is so large that our computer How can I find the computer needed for the service project? How can so many jobs be done on one computer at the same time? Here we will introduce the IP address. Every computer on the Internet has a unique IP address, which is similar to the home address of people in life. Through various physical devices such as network routers (no need for beginners to understand), the network can be completed from one computer to another. The information exchange work between them, because their IP addresses are different, so there will be no confusion of not being able to find the target. However, hackers can forge the IP address of their own computer through a special method, so that when the server receives a request from the hacker's computer (fake IP address), the server will send the response information to the fake IP address, thereby causing network chaos. Of course, hackers can also easily find any Internet users or servers based on their IP addresses, and then attack them (think of burglary in reality), so now we will see many articles about "How to hide your IP address".
Next, let me explain the second question mentioned above: why can a computer use multiple network services at the same time. It's like there are eight city gates in Beijing. Different protocols are reflected in different network services, and different network services will open different ports (city gates) on the client computer to complete its information transmission work. Of course, if a network server opens multiple network services at the same time, it also needs to open multiple different ports (city gates) to accept different client requests. The "back door" that is often heard on the Internet means this. The hacker has opened up a network service on the server through a special function. This service can be used to specifically accomplish the purpose of the hacker, and then a new port will be opened on the server to complete. This kind of service, because this port is used by hackers, will not be easily discovered by ordinary Internet users and network administrators, that is, "hidden ports", so "backdoors".
Each computer can open 65,535 ports, so in theory we can develop at least 65,535 different network services, but in fact this number is very large, and the network often uses only dozens of service protocols, such as web browsing clients Both the client and the server use port 80, and for IRC chat, the server uses port 6667, and the client uses port 1026.
V. Vulnerabilities: Vulnerabilities are situations that are not considered in the program. For example, the simplest "weak password" vulnerability means that the system administrator forgets to block the accounts in some network applications; Perl program vulnerabilities may be caused by programmers designing When the program is not perfect, consider the code segment that "makes the program run at a loss". Insufficient resources caused; the special IP packet bomb is actually an error in the program when analyzing some special data, etc...
All in all, a loophole is a human negligence in program design, which cannot be absolutely avoided in any program, and hackers use various loopholes to attack the network. The word "network security" at the beginning of this chapter actually means "loophole". . The final result is that hackers use vulnerabilities to complete various attacks. In fact, the real definition of hackers is "people who look for loopholes". They do not enjoy network attacks, but indulge in reading other people's programs every day and try to find the loopholes in them. . It should be said that, to a certain extent, hackers are all "good guys". They only join in this trip in order to pursue perfection and build a secure Internet, but because some hackers or simply fake hackers often use offensive loopholes In recent years, people have become afraid and hostile to hackers.
6. Encryption and decryption: In the explanation of the "protocol", I mentioned that "there are problems at the grassroots level of the network design..." Simply put, this problem is to allow all Internet users to participate in information sharing, so it is harmful to some businesses, The transmission of personal privacy on the Internet will be exposed to the public. Our credit cards, personal emails, etc. can be accessed by others through monitoring or interception. How can we make these information safe? Readers may have thought of the espionage war in "World War II": when the participating countries used telegrams, they encrypted the codes, and only those who knew the "password book" could decode the codes. It is this ancient encryption method that still has its vigorous vitality on the modern network. The encrypted information is transmitted on the network. No matter who gets the document, as long as there is no "password book", it is still a waste of effort. of.
The longest use on the Internet is to set personal passwords and use DES encryption locks. These two encryption methods can respectively complete the work of users logging in to the system, website, email mailbox, and protecting information packets. The work that hackers need to do is to pass through loopholes. , brute force guessing, reverse application of encryption algorithms, etc. to obtain the plaintext of encrypted files, it is indeed appropriate for someone to use "the magic height is one foot, the road height is one battle" here! Encryption methods and systems that require verification of passwords are emerging on the Internet in an endless stream, and hackers are also looking for ways to break these systems.
It can be said that "vulnerability" and "decryption" are two completely different fields of hacking. Different learners' preferences for them will directly affect the type of hacker they will become in the future. Therefore, the choice between the two , should be carried out according to personal preference, this book will focus on learning the knowledge of "loopholes".
7. Trojan horse: A Trojan horse is a program that can do things that have not been intentionally designed by the programmer. However, the operations performed by the Trojan horse are not approved regardless of whether the user understands them or not. According to some, a virus is a special case of a Trojan horse, that is, one that spreads to other programs (that is, turns those programs into Trojan horses as well). A virus that does not intend to cause any damage is not a Trojan horse, according to another person's understanding. In the end, no matter how it is defined, many people just use "Trojan horse" to describe a malicious program that cannot be copied, so as to distinguish Trojan horses from viruses?
Section 3 Classification of common hacking software usage 1. Prevention: This is a type of software involved from the perspective of security, such as firewalls, virus checking software, system process monitors, port management programs, etc. all belong to this type of software. This type of software can guarantee the safety and personal privacy of computer users to the greatest extent, and will not be damaged by hackers. Network servers also attach great importance to the need for such software, such as log analysis software and system intrusion software, which can help administrators maintain servers and track hackers who invade the system.
2. Information collection: There are many types of information collection software, including scanning software such as port scanning, vulnerability scanning, and weak password scanning; there are also spying software such as monitoring and intercepting information packets, most of which are both good and evil software. That is to say, no matter decent hackers, evil hackers, system administrators or general computer users, they can use the software to achieve their different purposes. In most cases, hackers use software more frequently, because they need to rely on such software to scan the server in all directions and obtain as much information about the server as possible. After they have a full understanding of the server , to perform hacking actions.
3. Trojan horses and worms: These are two types of software, but their working principles are roughly the same. They both have the concealment and destructiveness of viruses. A well-designed program does a certain job. Of course, this kind of software can also be used by system administrators as a tool for remote management of servers.
4. Flood: The so-called "flood" is an information garbage bomb. A large number of garbage requests can cause the target server to overload and crash. In recent years, DOS distributed attacks have become popular on the Internet. class software. Flood software can also be used as mail bombs or chat bombs, which are simplified and programmed "dumb" software by cyber security enthusiasts, which is the software often used by the "pseudo-hackers" accused at the beginning of this book .
5. Password cracking: The most practical way to ensure network security is to rely on the password system of various encryption algorithms. Hackers may easily obtain a encrypted password file, but if there is no encryption algorithm, it still cannot obtain the real password. Therefore, it is imperative to use password-cracking software. Using the high-speed computing power of computers, such software can restore encrypted ciphertext by means of password dictionaries or exhaustive enumeration.
6. Deception: If you want to obtain the plaintext password mentioned above, the hacker needs to restore the encryption algorithm to the ciphertext, but if it is a complex password, it is not so simple to crack. But wouldn't it be more convenient for someone who knows the password to tell the hacker the prototype of the password directly? Deception software is designed to accomplish this purpose.
7. Masquerading: All kinds of operations on the network will be recorded by the ISP and the server. If you hack without a good disguise, it will be easy to be traced to the hacker by anti-tracking technology, so you can disguise your IP Address and identity are very important compulsory courses for hackers, but camouflage technology requires advanced network knowledge, and this type of software will be used without a solid foundation at the beginning.
Section 4, the basic environment for learning hackers
1. The choice of operating system:
We often hear that hackers love Linux systems, because Linux provides more flexible operation methods and more powerful functions than Windows. For example, for the forgery of IP address, it can be easily done by using Linux system to write special IP header information, but it is almost impossible to do it under Windows system. However, Linux also has its shortcomings. The system has complex commands and complicated operations, which is not suitable for beginners. For individual learners, not many people will give up "comfortable" Windows, wonderful computer games and Convenient operation mode, to devote ourselves to hacker learning. And for learners who are new to hacking, most of the network knowledge can be learned in the Windows system. Compared with the Linux system, there are not a few hacking software under the Windows platform. There are a large number of programs, so it is not necessary to start with Linux for initial learning of hackers.
The platform WindowsME used in this book, because for individual users, NT or 2000 is somewhat harsh - the system configuration requirements are too high; however, using 95 or 98 lacks some necessary functions - NET and TELNET commands are not perfect. However, most of the content of this book is tested for vulnerabilities from a remote server, so it is not necessary to learn the Windows ME operating system. For the differences between a few system versions, learners can contact me to obtain the learning methods of the corresponding systems.
Second, the commonly used software needed:
If your system is WindowsME, then let me tell you a good news - you don't need to install too much additional software, because the hacker knowledge we contact can be completed by relying on the commands and built-in software provided to us by the system! In addition to the basic operating system, learners also need to install various scanners, and then download a relatively good Trojan horse software, a monitoring software, and nothing else. If necessary, readers can install the above-mentioned software in this article by themselves, and then learn its usage, but I want to tell you that for all kinds of bombs and various hacking software on the Internet, after studying this book, you can Make it yourself, develop it yourself, there is no need to use software written by others.
For scanners and listening software, I give the following suggestions, and I will introduce these software in detail later in this book:
All three are free and incredibly powerful. For example, xscanner is a domestic software, which integrates multiple scanning functions in one, and supports both console and graphical interface operation modes, and also provides detailed instructions on how to use vulnerabilities. For beginners, with these two tools, learning hacking is more than enough.
3. Additional tools:
If you can install the following tools, it will be of great help to learn hacking. Of course, the following software is mainly for learning additional content and paving the way for the "second part", so it will not hinder the study of this book. 1. Background server: With some background service programs of network applications, you can set your computer as a small server to learn the corresponding network applications and understand their operating mechanism from the "inside", which will greatly improve your understanding of the network. The perceptual knowledge of the server can also monitor the data on your own server when activating the server. If other hackers attack, you can clearly record the attack process of the other party, so as to learn more hacker attack methods. For this book, it mainly introduces scripting language vulnerabilities such as Perl and asp of the website, so you can install an IIS or HTTPD. Then install ActivePerl so that your server has the ability to compile cgi and pl scripts. Another advantage of using your own server is that you can save a lot of time on the Internet, and put the process of learning and finding vulnerabilities on your own computer, which not only saves money, but also does not pose a threat to the network, killing two birds with one stone.
2. C language compilation platform: In the future, on the way of learning hacking, you will encounter many "problems of your own". Others on the Internet may not pay attention to these problems, so they cannot find the corresponding programs. At this time, learners It is necessary to develop related tools by yourself, so it will be very convenient to install a Borland C++. Through this compiler, learners can not only learn C language, but also modify some small programs listed at the back of this book to create a program of their own. tool library.
4. Classification of network security software
Now let's take a look at the classification of network security software, because learning hacking knowledge is two interrelated processes: not only learning how to hack, but also learning how to prevent being hacked. 1. Firewall: This is the most common security mechanism software on the Internet. There are hardware and software firewalls. Most readers may see more software firewalls. Its functions are mainly to filter spam (to ensure that the system will not be attacked by bombs), prevent worms from invading, prevent hackers from invading, increase system privacy (protect sensitive data), monitor system resources in real time, prevent system crashes, and maintain databases regularly. Back up the main information... The firewall can patch the loopholes in the system itself, so that hackers have no chance to attack. In addition, for enterprises with local area networks, the firewall can restrict the opening of system ports and prohibit certain network services (to eliminate Trojan horses).
2. Detection software: There are tools on the Internet that specifically target a certain hacker program, but these types of software are mostly integrated in antivirus software or firewall software, which can detect and remove Trojan horses and worms in the system. In order to protect the system from infringement, it will automatically protect hard disk data, automatically maintain registry files, detect content and code, monitor system port opening status, etc. If the user needs, the software can also write related scripts to shield the designated port (the firewall also has this function).
3. Backup tool: The tool specially used to back up data can help the server back up data regularly and update the data at a specified time, so that even if hackers destroy the database on the server, the software can completely restore the intruded data in a short time . In addition, for individual users, this type of software can perform a full image backup of the hard disk. Once the system crashes, users can use this type of software to restore the system to the original state. For example, Ghost is a leader in this type of software.
4. Log records and analysis tools: For servers, log files are essential. Administrators can use logs to understand server request types and request sources, and judge whether the system has been hacked based on logs. Through the log analysis software, the administrator can easily track the intrusion hacker, find the source of the hacker's attack, and then catch the hacker. This is why hackers often use IP address camouflage, server jumps, and clear log files after invading the server when attacking.
finally
In order to help you better learn about network security, the editor has prepared a set of introductory/advanced learning materials for network security for you. The content in it is all notes and materials suitable for zero-based beginners. I understand, all the information is 282G in total. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Introduction to Network Security & Advanced Learning Resource Pack" for free sharing
Network security source code collection + toolkit
Network
security interview questions
Finally, there is the network security interview questions section that everyone is most concerned about.
The total data is 282G. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free ( If you encounter problems with scanning the code, you can leave a message in the comment area to get it)~
Video supporting materials & domestic and foreign network security books and documents
