Hello, this little post will explain in rough details how you start hacking a specific target.
First. There are many different ways going about this, but this is one way.
Information gathering
The
first thing you want to do when targeting a specific target is get as
much information as possible before a front attack(if any, being quiet
is much better)
Now this step can take ages if you really want a
detailed level of knowledge. And if you are serious about hacking your
target, you should be detailed here.
What sort of information do I
look for you might ask yourself? Well, anything really. Anything
surrounding the target and even things that surround things that
surround your target. Here is a short list of things that might be
useful;
Now there are tree ways of attacking in this guide.
- Service/software exploitation
- Web application exploitation
- Human factor exploitation
Service/software exploitation
Here
you will exploit one or more services/programs running on the target
system. In most cases, this will be called bufferoverflow. This can do
everything from bypassing a login to give you instant shell access. In
scenarios where the target is running services which is not a web
server(can be tho) this might be the way to go.
Web application exploitation
This
is without a doubt the most vulnerable field. Web applications are
flawfull, 70% or so of all pages got some sort of web application flaw,
this ofc may vary from an stupid XSS to a serious RFI. In scenarios
where the target system are running a web server, this is the first
thing to check. Do always check web applications before going on to
service exploitation if you just want to get the target hacked.
Human factor exploitation
Now
if all other things fail, there is ALWAYS a human factor. This can be
social engineering the target to give you limited access, and you work
your way up from there. Or simply tricking the target to trust you and
in some strange way share his password, perhaps not for the system you
are targeting, but for his email or an online account or whatever,
stupid people tend to use the same password or the same password syntax
everywhere. Keep in mind that the human factor doesn't necessarily have
to be your targets owner, could be the hoster, the DNS hoster, the ISP,
family.
Finale note
If you think its
necessary, clear your tracks. If you ask me, if you can see that you
have been there you didn't do it right. Take care, be safe.
-----------------------
First. There are many different ways going about this, but this is one way.
Information gathering
The
first thing you want to do when targeting a specific target is get as
much information as possible before a front attack(if any, being quiet
is much better)
Now this step can take ages if you really want a
detailed level of knowledge. And if you are serious about hacking your
target, you should be detailed here.
What sort of information do I
look for you might ask yourself? Well, anything really. Anything
surrounding the target and even things that surround things that
surround your target. Here is a short list of things that might be
useful;
- IP(s), some machines/domains/systems or whatever have multiple domains
- ISP(s), if small ISP(s), get owner details here as below
- Owner. Email, name, location, family, hobby's, Facebook account, phone number
- *Open ports. On ALL of the ips/servers if there are multiple
- Service signatures, find out as much as possible about all the open ports, are they in use? What software are they running at the other end? Do the services reveal any other information about the system? OS? Internal IPS?
- Hosters(In most cases there will be a hosting company)
- Hosters information - Owner and all of that(If the company is small)
- Hosters member system, how does the members login? Is there a login? Is there a forgot password function? Can you exploit the hoster instead?(might be easier in some cases)
- DNS records(if any), subdomains? Hidden domains/info? DNS hosters? Same as above.
- The physical server(s) location / datacenter
- Will this company/target rage crazy if I hack them? If so, check 3rd point.
- Will police or other agencies be contacted if I hack them? If so, check 3rd point.
- *Is my privacy good enough? Are you behind a proxy(s)? Should you? Do the proxy log?(It shouldn't)
- Are they running any services at all? If not, you don't really have any virtual way in..
- Are they running web applications? These are typically easier to hack than services. And have a higher percentage rate of flaws.
- Do the target got a open router/switch/modem system? This often happens with home computers/networks.
- Are your target running platforms with logins? These could be targeted.
- Do you have enough time? Its a good practice to have time enough to do the entire attack in one go. Else you might fire off warnings for the target, and he can go into a bombshelter We don't want that now, do we?
Now there are tree ways of attacking in this guide.
- Service/software exploitation
- Web application exploitation
- Human factor exploitation
Service/software exploitation
Here
you will exploit one or more services/programs running on the target
system. In most cases, this will be called bufferoverflow. This can do
everything from bypassing a login to give you instant shell access. In
scenarios where the target is running services which is not a web
server(can be tho) this might be the way to go.
Web application exploitation
This
is without a doubt the most vulnerable field. Web applications are
flawfull, 70% or so of all pages got some sort of web application flaw,
this ofc may vary from an stupid XSS to a serious RFI. In scenarios
where the target system are running a web server, this is the first
thing to check. Do always check web applications before going on to
service exploitation if you just want to get the target hacked.
Human factor exploitation
Now
if all other things fail, there is ALWAYS a human factor. This can be
social engineering the target to give you limited access, and you work
your way up from there. Or simply tricking the target to trust you and
in some strange way share his password, perhaps not for the system you
are targeting, but for his email or an online account or whatever,
stupid people tend to use the same password or the same password syntax
everywhere. Keep in mind that the human factor doesn't necessarily have
to be your targets owner, could be the hoster, the DNS hoster, the ISP,
family.
Finale note
If you think its
necessary, clear your tracks. If you ask me, if you can see that you
have been there you didn't do it right. Take care, be safe.
-----------------------
1 comments:
Hindi Latest Sex Stories From Bhauja.com
रात-दिन तुम्हारा लंड अपनी चूत में रखना है (Raat Din Tumhara Lund Chut me Rakhna hai)
शादी के बाद चूत की प्यास (Shadi Ke Baad Chut Ki Pyas)
भाभी ने छोटी बहन को चुदवाया
अपनी बीवी समझना (Apni Biwi Samajhna)
पराये मर्द के नीचे लेट कर लिया मजा-3
भाभी और उसकी बहन को जयपुर में चोदा
रीना ने अपनी सील तुड़वाई (Rina Ne Apne Seal Tudyai)
विधवा भाभी की चुदाई-2
शर्म, हया, लज्जा और चुदाई का मजा-2
प्रेम के अनमोल क्षण-1
भाभी तड़प गई ( Bhabhi Tadap Gayi)
रचना की चूत की खुजली (Rachna Ki Chut Ki Khujli)
भाभी की गाँड-चुदाई (Bhabhi Ki Gand Chudai Badi Kaske)
मेरी सीधी सरल भाभी (Meri Sidhi Saral Bhabhi)
Chacheri Bahen Ke Sone Ke Bad Nanga Karke Sab Kuch Dekha
Subah 5 Baje Padoswali Pinky Ko Choda (Long)
दोस्त की शादीशुदा बहन को चोदा-2
मेरी बेवफा बीवी
एक शाम अनजान हसीना के नाम
प्रेम के अनमोल क्षण-1 ( Prem Ke Anmol Khyan -1)
प्रेम के अनमोल क्षण-2 (Prem Ke Anmol Khyan - 2)
अब मैं तुम्हारी हो गई-2 (Ab Mein Tumhari Ho Gayi -2)
फरेज़ को पता है (Pharenj Ko Pata He)
कुड़ी पतंग हो गई (Kudi Patanga Ho Gayi)
एक जल्दी वाला राउंड (Ek Jaldi Bala Round)
Komal ki Komal Aur Reshma ki Reshmi Chut
Ek Doctor Hi Ye Samaz Sakta Hai
Pati Ke Batije Aur Ek Punjabi Loure Se Chudwaya
Post a Comment