HOW TO BE HACKER ( Part 2)

Explained by the Front-line Information Security Team, "Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks," fist@ns2.co.uk http://www.ns2.co.uk. A Cracker generally men aged 16-25 years. Based on the statistics of Internet users in Indonesia is in fact the majority of Internet users in Indonesia are young children at this age, too. It's age is an ideal age in the new studying science, including the Internet, very unfortunate if we did not succeed to the 25,000 schools menginternetkan Indonesia s / d in 2002 - because the confluence of Indonesia's future in the hands of young children we are.

Well, the young cracker cracking is generally done to improve / use of network resources for its own sake. Generally, the cracker is opportunis. Seeing weakness carry out the program with the system scanner. After gaining root access, a cracker will install the back door (backdoor) and close all existing general weakness.

As we know, most of the company / dotcommers will use the Internet to (1) web hosting of their servers, (2) e-mail communication and (3) provides access to web / internet to its employees. Separation of Internet and Intranet networks generally performed using techniques / software firewall and proxy servers. Seeing the use of the above conditions, the weakness in the system can generally penetrate through the mail server for example with external / outside that is used to facilitate access to the mail out of the company. In addition, by using aggressive-SNMP scanner & a program that forced SNMP community strings can change a router into bridge (bridge) which can then be used for a stepping stone for entry into the company's internal network (Intranet).

In order for crackers are protected at the time of the attack, the technique cloacking (cover) is done by jumping from the previous machine has been compromised (defeated) via telnet or rsh program. At intermediate machines using Windows attack can be done by jumping from Wingate program. In addition, the jump can be done through a proxy device that the configuration is less good.

After a successful jump and into other systems, a cracker like to probing the network and gather information needed. This is done in several ways, such as (1) use nslookup to run the command 'ls ', (2) view HTML files on your web server to identify other machines, (3) to see various documents on the FTP server, ( 4) connecting to the mail server and use the command 'expn ', and (5) to a user finger on machines other external.

The next step, a cracker will identify a trusted network component by whatever system. Network components are usually machine and server administrators who are usually considered the most secure in the network. Start by checking the access & NFS export to a variety of critical directories like / usr / bin, / etc and / home. Exploitation of the machine through the weakness of Common Gateway Interface (CGI), with access to the file / etc / hosts.allow.

Next cracker must identify the network components that are weak and can be conquered. Crackers can use in Linux programs like ADMhack, mscan, nmap and many other small scanner. Programs like 'ps' & 'netstat' on the make trojan (remember the Trojan horse story? The classic story of ancient Greece) to hide the scanning process. For cracker advanced enough to use aggressive-SNMP scanning to scan equipment with SNMP.