There are myriad ways that a network can be compromised, and an administrator needs to be aware of them all (and anticipate new ways coming around the corner). This chapter will not to show how to attack something, but show how attackers take advantage of your mistakes. This will enable you to protect your network by avoiding the pitfalls attackers use.
There are fundamental security holes in most systems today that are not being addressed by any vendor.
Secure storage space is perhaps the most critical need. This would be a market-busting opportunity for a hard drive vendor or company such as Adaptec/LSI Logic.
And again, a hack is an attack, and a hacker is that bad guy that tries to gain access to goverment computers…
Sad.
the article had the writer logging on to the victim web server with a legitimate user name and password. err, how did he obtain that username/password?
smoke and mirror bullshit as usual.
[i]And again, a hack is an attack, and a hacker is that bad guy that tries to gain access to goverment computers…
Sad. [i]
Words change and definitions change as the language evolves…. sorry.
If you want to continue to call yourself a “hacker” because you’re a good problem solver, then you’re going to have to explain that’s what it USED to mean before the press changed it to mean “bad guy.”
Just like how being “gay” used to mean being happy. Sorry, but that word is lost too… I’ll just stick to calling myself “happy” rather than try to fight it and be misunderstood.
When 99% of the world thinks that the meaning of a word has changed, just give it up.
And again, a hack is an attack, and a hacker is that bad guy that tries to gain access to goverment computers…
Sad.
So tired of this.. It’s a cracker doing this. Hackers are nice people.
hacker n. [originally, someone who makes furniture with an axe] 1. A
person who enjoys exploring the details of programmable systems and how
to stretch their capabilities, as opposed to most users, who prefer to
learn only the minimum necessary. 2. One who programs enthusiastically
(even obsessively) or who enjoys programming rather than just theorizing
about programming. 3. A person capable of appreciating hack value. 4.
A person who is good at programming quickly. 5. An expert at a
particular program, or one who frequently does work using it or on it;
as in `a Unix hacker’. (Definitions 1 through 5 are correlated, and
people who fit them congregate.) 6. An expert or enthusiast of any kind.
One might be an astronomy hacker, for example. 7. One who enjoys the
intellectual challenge of creatively overcoming or circumventing
limitations. 8. [deprecated] A malicious meddler who tries to discover
sensitive information by poking around. Hence `password hacker’,
`network hacker’. The correct term for this sense is cracker.
I gave up after trying to read the first section of the chapter. Politically correct drivel.
“The Eggshell Principle: Networks today are typically hard and crunchy on the outside and soft and gooey on the inside.”
HAHAHAHAHAHAHA – I’ll take a 3 minute network please.
Just like how being “gay” used to mean being happy. Sorry, but that word is lost too… I’ll just stick to calling myself “happy” rather than try to fight it and be misunderstood.
When 99% of the world thinks that the meaning of a word has changed, just give it up.
TOUCHE!
the article had the writer logging on to the victim web server with a legitimate user name and password. err, how did he obtain that username/password?
According to the article, he used an SQL injection attack to get access to a command prompt, from which he was able to upload tools to get a list of users and hashed passwords, after that he run a cracker on the hashed passwords to get their plain text versions. Theres a rather large section on this.
Read the article.
When 99% of the world thinks that the meaning of a word has changed, just give it up.
Words can have more than one meaning, so there’s no need to give up “hacker” as a synonym for programmer. Context indicates the meaning, as do other words combined with hacker (as in “kernel hacker”).
You know, at one point 99% of the world believed the world was flat… 🙂
the article had the writer logging on to the victim web server with a legitimate user name and password. err, how did he obtain that username/password?
At no point did he do this. SQL injection was used to comprimise the web application.
Personally I thought this was a very good article and he explained at every point how the tools were used and why they worked in that situation. It’s opened my eyes to the power behind the SQL injection attack, however it does make some big assumptions with the privileges of the account connecting the SQL server to the application server.
No stop being geeky and arguing over the term “hacker”.
the article had the writer logging on to the victim web server with a legitimate user name and password. err, how did he obtain that username/password?
smoke and mirror bullshit as usual.
—————————————————————–
Well a legit login name and password can be obtained in a few ways:
1) Dumpster dive
2) Social Engineering
3) Default logins (Guest, TOOR, Null Sessions) just to name a few.
If someone is trying to get into a network, all is fair game. Granted, if an admin doesn’t take the time to check out default logins, then he should be shot.
It is not total BS.
Nice article but all very basic.Would like to see some coding going into action as well.
geek n. A carnival performer whose show consists of bizarre acts such as biting the heads off of live chickens.
yes 99% of the people did believe that.
then that changed.
in the same way the word hacker did. you cant morph everyone back just like you cant get them to bleieve the world is flat anymore.
it is a one way street.
move along