which services are running there, but it doesn't necessarily need to be confined to the digital world. The act of foot printing can also be when you go to the company itself. You just walk in, it doesn't necessarily need to be a company it can be pretty much any building with the servers in it, and you have a look around.You try to gather some information there on site where you go and you dig into their trash cans. Go behind the building, jump into the trash containers, and get some information from there. Also, people have been known to go into parking lots to see who the employees are, who works there, all sorts of things. So this is just general information gathering in regards to your chosen target. It doesn't need to be confined to the digital world.Anyway, down below you have certain types of attacks. You have DoS and DDoS. Very simply the same thing implemented in a different way. DoS stands for denial of service. Usually called childish attacks because they were relatively easy to implement, and they still are provided of course you have enough machines. But that's the domain of DDoS. In general, what happens here is that you perform a certain amount of requests, more requests in a server can handle, and then the server begins dropping connections. For example, an Apache web server I believe by default it can handle up to 10,000 connections or so. And if you can make more than 10,000 requests, basically everybody else making any sort of requests will not be able to access the website because their connections will be dropped. Simply because Apache will say, OK I have too many users, I have more users than I can handle, all the other connecti
ons will be dropped by default. Thereby making the site inaccessible even though you haven't really broken any codes. You haven't really broken through any firewalls,or stole any passwords, or anything of a kind. But when you're DoS'ing something it's just you, so all the requests, everything is coming just from your own computer. And that is not always the most efficient of ways. In fact, it generally can only work if there is a flaw in the way in which requests are processed. However, that is why you have DDoS attacks.When you have multiple computers, multiple connections, and they are all making simultaneous requests to a certain server, and this is really difficult to fight off, I mean you really need to have a clever configuration of your firewall, and you need to have quite a good firewall as well. Usually you would need a physical one to prevent these sort of DDoS attacks, and by physical I mean a router firewall, or something of a kind. This is quite difficult to, it's not difficult to actually do the attack itself as it is difficult to make the necessary preparations. First of all, you need to go about infecting other devices which you will use, which you will enslave and use in order to perform this sort of an attack. This is the hard part. The DDoS part is quite easy compared to that. For that, in order for you to infect other computers, you need two things. You need RAT's, remote administration tools, and you need to FUD. Fully undetectable, that is what the term FUD stands for. So it just means that they cannot be detected by anti viruses,or the more precise term would be that they are not labeled as something malicious by antivirus programs. And by the way, sometimes, actually most of the time, most of the time you don't actually need to make your own applications fully undetectable. There are plenty of pen testing companies out there, and not just pen testing companies but other companies as well,who will pay very good sums of money if you can make their programs fully undetectable by antivirus programs. Down below the RAT's, remote administration tools. Now they themselves are not some sort of hacks, or anything of a kind,they just basically put them on a USB stick, or something of a kind, send them in the mail, send them and share them in a zip file, and in such away that's just one of the ways to infect other computers, other devices, enslave them, convert them into your slaves, in to the slaves to the main server, wherever that might be, wherever you might set it up, and then you
can use all of those computers to conduct all sorts of activity. This is very good because it anonymise you to a very large extent, it is very difficult to track you, it's very difficult to track somebody down, whoever is doing this, primarily because the users who are infected they have no idea that somebody else is controlling their devices,because nothing is really happening on your desktop. You can't really see all the processes running are being run in the background,
and your processor is executing them, the only way to see it would be basically to start up a task manager, or something of a kind, and then see the running processes and perhaps you could spot it there, but not even there if somebody has implemented a rootkit. So a rootkit is a tool, basically, which you install on to an operating system, and it is able to hide running processes from the system itself. So when you for example start a task manager in Windows,or something of a kind, the purpose of a rootkit would be to hide the processes from the task manager. Basically, how it works is that the task manager requests information from the system, from the kernel, and then the kernel of the system responds which is the core of the system where all the drivers and the key functionalities are. The kernel of the system then responds hey, I have this,this, this, and this process running, here you go, but what a rootkit would do is redirect those requests from the task manager to itself, and would basically say, I don't have such processes running. So, very, very dangerous and potent com
binations here that we will use later on as we progress through this tutorial, but for the time being I just wanted to give a bit of an introduction to it and give you an idea of what we shall be doing through some of these basic terms and concepts. Next up, we have phishing attacks.Now phishing attacks are basically when you apply some sort of bait, somebody bites it, then you pull on it. Simple as that, right, the same way you go phishing. Well, not quite. Phishing attacks would be when you get an email from someone and there's a link init, you click on it, and it throws you somewhere, I don't know, onto some website. It perhaps looks like something legit. It perhaps looks like a website that you are using, or something of a kind, but it is not, and you pass in your credentials and that can be a problem. But this is generally avoided today. This is not something that happens in such a way. Rather instead, what happens these days is that the DNS servers get changed on your routers, and once that happens all the requests that you make on your web browser would
get redirected. So, for example, if you type in facebook.com you're gonna get a domain with facebook.com from some private DNS server, god knows where,whose MX records are altered, and they have been configured for example to make redirections to interpret, sorry not redirections but rather instead to interpret facebook.com to a certain IP address that does not belong to Facebook, or anything like that. So you open up your Facebook, it looks exactly the same, there is no way to tell because in the upper left corner of the screen you have the domain name written, it's www.facebook.com, and basically you provide login credentials.Once you do that they're gone, somebody has them. One of the one of the ways to detect this, even though it's very, I mean it's not hard but nobody really pays any attention to it, in the upper left corner you might check whether the protocol is HTTPS instead of HTTP. Because usually if these kind of attacks are conducted it'snot going to be HTTPS as that is alot harder to implement. But if it is HTTPS,they really wouldn't be any legit way of figuring it out other than actually checking the keys, checking their certificates, and nobody actually does that. I mean well, maybe not nobody, but 99% of users out there are not gonna bother to go about conducting such checks. Anyway, I know it sounds a bit complex, but believe me I will explain this in great details, I will give you several demonstrations, and by the end of this course you will understand and know how to do this with great ease. It will not present a signific
ant obstacle in your line of work. Excellent! Now that we have approximately half of these terms out of our way I will continue to deal with them in the follow-up tutorial, and I hope to see you all there.
 |
| Kali Linux interface |
No comments:
Post a Comment