资源描述:
《admin security hacking hacking for dummies access to other peoples systems made simple外语英文电子书》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、HackingforDummies(Accesstootherpeoplessystemsmadesimple–&someextradatabaselore).IntroductionTheauthorisnotresponsibleforanyabuseofthisinformation.Itisintendedforeducationaluseonly.Youmaybequiteshockedathowvulnerableyouare!AsanafterthoughtIaddedasectionondatabaseaccessdu
2、etoanumberofrequests.ThemajorityofsuccessfulattacksoncomputersystemsviatheInternetcanbetracedtoexploitationofsecurityflawsinsoftwareandoperatingsystems.Thesefewsoftwarevulnerabilitiesaccountforthemajorityofsuccessfulattacks,simplybecauseattackersareopportunistic–takingt
3、heeasiestandmostconvenientroute.Theyexploitthebest-knownflawswiththemosteffectiveandwidelyavailableattacktools.Mostsoftware,includingoperatingsystemsandapplications,comeswithinstallationscriptsorinstallationprograms.Thegoaloftheseinstallationprogramsistogetthesystemsins
4、talledasquicklyaspossible,withthemostusefulfunctionsenabled,withtheleastamountofworkbeingperformedbytheadministrator.Toaccomplishthisgoal,thescriptstypicallyinstallmorecomponentsthanmostusersneed.Thevendorphilosophyisthatitisbettertoenablefunctionsthatarenotneeded,thant
5、omaketheuserinstalladditionalfunctionswhentheyareneeded.Thisapproach,althoughconvenientfortheuser,createsmanyofthemostdangeroussecurityvulnerabilitiesbecauseusersdonotactivelymaintainandpatchsoftwarecomponentstheydon’tuse.Furthermore,manyusersfailtorealizewhatisactually
6、installed,leavingdangeroussamplesonasystemsimplybecauseusersdonotknowtheyarethere.Thoseunpatchedservicesprovidepathsforattackerstotakeovercomputers.Foroperatingsystems,defaultinstallationsnearlyalwaysincludeextraneousservicesandcorrespondingopenports.Attackersbreakintos
7、ystemsviatheseports.Inmostcasesthefewerportsyouhaveopen,thefeweravenuesanattackercanusetocompromiseyournetwork.Forapplications,defaultinstallationsusuallyincludeunneededsampleprogramsorscripts.Oneofthemostseriousvulnerabilitieswithwebserversissamplescripts;attackersuset
8、hesescriptstocompromisethesystemorgaininformationaboutit.Inmostcases,thesystemadministratorwhosesystemiscompro