1. Obtaining Passwords
There are three methods for this: First, intercepting passwords illegally through network monitoring. While this method has limitations, its potential harm is immense. Eavesdroppers often manage to obtain all user accounts and passwords within their network segment, posing a significant threat to local area network security. Second, after acquiring a user's account (such as the portion before the "@" symbol in an email address), hackers may utilize specialized software to forcefully crack user passwords. This method isn't restricted by network segments but requires hackers to possess significant patience and time. Third, after obtaining a user password file from a server (referred to as the Shadow file), hackers use brute-force cracking programs to decrypt user passwords. This method poses the greatest threat, as it doesn't require repetitive attempts to log in to a server, unlike the second method. Instead, it directly compares the encrypted passwords locally with those in the Shadow file, making it very easy to crack user passwords. This method is particularly effective against users with weak passwords (i.e., those with extremely low password security, such as a user account "zys" with passwords like "zys666," "666666," or simply "zys"), often taking just a couple of minutes or even seconds to compromise them.
2. Deception Techniques on the WWW
Users online can utilize browsers like Internet Explorer (IE) to access various web sites for reading news groups, checking product prices, subscribing to newspapers, engaging in e-commerce, and more. However, typical users may not be aware of potential issues: the webpage being accessed has been tampered with by hackers, and the information on the page is false! For instance, hackers can alter the URL of the webpage the user intends to browse to redirect it to their own server. As a result, when users visit the target webpage, they are actually sending requests to the hacker's server, allowing the hacker to deceive them.
3. Deployment of Trojan Horse Programs
Trojan horse programs can directly infiltrate a user's computer and cause damage. They are often disguised as utility programs or games to entice users to open email attachments containing Trojan horse programs or to download them directly from the internet. Once users open these email attachments or execute these programs, they remain on their computers like the Trojan horse left by the Greeks outside the enemy city, hiding a program that quietly executes when Windows starts up. When you connect to the internet, this program notifies the hacker, reporting your IP address and a pre-set port. Upon receiving this information, the hacker can exploit this program to freely modify your computer's settings, copy files, peek into the contents of your entire hard drive, etc., thereby achieving control over your computer.
4. Attacking Other Nodes through a Node
After breaking into a host, hackers often use it as a base to attack other hosts (to conceal their intrusion path and avoid leaving traces). They may use methods like network monitoring to attempt to breach other hosts within the same network, or they may attack other hosts through IP spoofing and host trust relationships. Although such attacks are cunning, they are less frequently used by hackers due to the difficulty of mastering certain techniques, such as IP spoofing.
5. Email Attacks
Email attacks primarily manifest in two ways: one is email bombing and email "snowballing," commonly referred to as a mail bomb, which involves sending thousands, tens of thousands, or even an infinite number of spam emails with identical content to the same mailbox, causing the victim's mailbox to be "bombed." In severe cases, this may pose a danger to the email server's operating system, even causing it to crash. The other is email deception, where attackers pretend to be system administrators (using email addresses identical to those of system administrators) and send emails to users requesting password changes (often specifying certain passwords) or loading viruses or other Trojan horse programs in seemingly normal attachments (to the best of the author's knowledge, some network administrators in certain units have the obligation to regularly send firewall upgrade programs to users for free, providing hackers with an opportunity to successfully exploit this method). While such deception can be harmful, its impact is generally not significant if users remain vigilant.
6. Exploiting System Vulnerabilities
Many systems have security vulnerabilities (Bugs), some of which are inherent to the operating system or application software itself, such as the Sendmail vulnerability, shared directory password authentication vulnerability in win98, and IE5 vulnerability, etc. These vulnerabilities are often difficult to defend against before patches are developed unless you disconnect the network cable. There are also vulnerabilities caused by misconfigurations by system administrators, such as configuring directories and files in writable modes in network file systems, or storing unencrypted user password files in plain text in a directory. These provide opportunities for hackers and should be promptly corrected.
7. Network Monitoring
Network monitoring is a mode of operation for hosts where they can receive all information transmitted on the same physical channel within their network segment, regardless of the senders and recipients of this information. At this point, if the information exchanged between two hosts is not encrypted, using certain network monitoring tools, such as NetXray for Windows 95/98/NT, Sniffit for Linux, Solaris, etc., intercepting information including passwords and accounts becomes effortless. Although the user accounts and passwords obtained through network monitoring have certain limitations, eavesdroppers often manage to obtain all user accounts and passwords within their network segment.
8. Utilizing Accounts for Attacks
Some hackers exploit default accounts and passwords provided by the operating system for attacks, such as many UNIX hosts having default accounts like FTP and Guest (with passwords identical to the account names), some of which may even have no passwords. Hackers use commands provided by the Unix operating system such as Finger and Ruser to gather information, steadily increasing their attack capabilities. As long as system administrators remain vigilant and deactivate or prompt passwordless users to set passwords for default accounts provided by the system, they can generally overcome these attacks.
9. Stealing Privileges
Using various Trojan horse programs, backdoor programs, and programs causing buffer overflows written by hackers, they can launch attacks. The former allows hackers to gain unauthorized complete control over a user's machine, while the latter enables hackers to obtain superuser privileges, thereby gaining absolute control over the entire network. Once successful, these attack methods pose significant harm.
There are three methods for this: First, intercepting passwords illegally through network monitoring. While this method has limitations, its potential harm is immense. Eavesdroppers often manage to obtain all user accounts and passwords within their network segment, posing a significant threat to local area network security. Second, after acquiring a user's account (such as the portion before the "@" symbol in an email address), hackers may utilize specialized software to forcefully crack user passwords. This method isn't restricted by network segments but requires hackers to possess significant patience and time. Third, after obtaining a user password file from a server (referred to as the Shadow file), hackers use brute-force cracking programs to decrypt user passwords. This method poses the greatest threat, as it doesn't require repetitive attempts to log in to a server, unlike the second method. Instead, it directly compares the encrypted passwords locally with those in the Shadow file, making it very easy to crack user passwords. This method is particularly effective against users with weak passwords (i.e., those with extremely low password security, such as a user account "zys" with passwords like "zys666," "666666," or simply "zys"), often taking just a couple of minutes or even seconds to compromise them.
2. Deception Techniques on the WWW
Users online can utilize browsers like Internet Explorer (IE) to access various web sites for reading news groups, checking product prices, subscribing to newspapers, engaging in e-commerce, and more. However, typical users may not be aware of potential issues: the webpage being accessed has been tampered with by hackers, and the information on the page is false! For instance, hackers can alter the URL of the webpage the user intends to browse to redirect it to their own server. As a result, when users visit the target webpage, they are actually sending requests to the hacker's server, allowing the hacker to deceive them.
3. Deployment of Trojan Horse Programs
Trojan horse programs can directly infiltrate a user's computer and cause damage. They are often disguised as utility programs or games to entice users to open email attachments containing Trojan horse programs or to download them directly from the internet. Once users open these email attachments or execute these programs, they remain on their computers like the Trojan horse left by the Greeks outside the enemy city, hiding a program that quietly executes when Windows starts up. When you connect to the internet, this program notifies the hacker, reporting your IP address and a pre-set port. Upon receiving this information, the hacker can exploit this program to freely modify your computer's settings, copy files, peek into the contents of your entire hard drive, etc., thereby achieving control over your computer.
4. Attacking Other Nodes through a Node
After breaking into a host, hackers often use it as a base to attack other hosts (to conceal their intrusion path and avoid leaving traces). They may use methods like network monitoring to attempt to breach other hosts within the same network, or they may attack other hosts through IP spoofing and host trust relationships. Although such attacks are cunning, they are less frequently used by hackers due to the difficulty of mastering certain techniques, such as IP spoofing.
5. Email Attacks
Email attacks primarily manifest in two ways: one is email bombing and email "snowballing," commonly referred to as a mail bomb, which involves sending thousands, tens of thousands, or even an infinite number of spam emails with identical content to the same mailbox, causing the victim's mailbox to be "bombed." In severe cases, this may pose a danger to the email server's operating system, even causing it to crash. The other is email deception, where attackers pretend to be system administrators (using email addresses identical to those of system administrators) and send emails to users requesting password changes (often specifying certain passwords) or loading viruses or other Trojan horse programs in seemingly normal attachments (to the best of the author's knowledge, some network administrators in certain units have the obligation to regularly send firewall upgrade programs to users for free, providing hackers with an opportunity to successfully exploit this method). While such deception can be harmful, its impact is generally not significant if users remain vigilant.
6. Exploiting System Vulnerabilities
Many systems have security vulnerabilities (Bugs), some of which are inherent to the operating system or application software itself, such as the Sendmail vulnerability, shared directory password authentication vulnerability in win98, and IE5 vulnerability, etc. These vulnerabilities are often difficult to defend against before patches are developed unless you disconnect the network cable. There are also vulnerabilities caused by misconfigurations by system administrators, such as configuring directories and files in writable modes in network file systems, or storing unencrypted user password files in plain text in a directory. These provide opportunities for hackers and should be promptly corrected.
7. Network Monitoring
Network monitoring is a mode of operation for hosts where they can receive all information transmitted on the same physical channel within their network segment, regardless of the senders and recipients of this information. At this point, if the information exchanged between two hosts is not encrypted, using certain network monitoring tools, such as NetXray for Windows 95/98/NT, Sniffit for Linux, Solaris, etc., intercepting information including passwords and accounts becomes effortless. Although the user accounts and passwords obtained through network monitoring have certain limitations, eavesdroppers often manage to obtain all user accounts and passwords within their network segment.
8. Utilizing Accounts for Attacks
Some hackers exploit default accounts and passwords provided by the operating system for attacks, such as many UNIX hosts having default accounts like FTP and Guest (with passwords identical to the account names), some of which may even have no passwords. Hackers use commands provided by the Unix operating system such as Finger and Ruser to gather information, steadily increasing their attack capabilities. As long as system administrators remain vigilant and deactivate or prompt passwordless users to set passwords for default accounts provided by the system, they can generally overcome these attacks.
9. Stealing Privileges
Using various Trojan horse programs, backdoor programs, and programs causing buffer overflows written by hackers, they can launch attacks. The former allows hackers to gain unauthorized complete control over a user's machine, while the latter enables hackers to obtain superuser privileges, thereby gaining absolute control over the entire network. Once successful, these attack methods pose significant harm.
