Six common ways for hackers to attack servers

There is a certain chance that the server is invaded , There is also a certain inevitability , There are two kinds of hackers on the network , One is a hacker who casts a net aimlessly , One is targeted hackers who only invade designated targets , We call the former hacker rookie hacker , The latter kind of hacker is called advanced hacker . To put it simply , Novice hackers generally scan the network on a large scale , According to the scanning results, it is accidentally found that there are various vulnerabilities in the server system , So he launched an attack ; Advanced hackers are only interested in the target system or specify IP Expand scan , Use a variety of means to attack in an all-round way .

1. Server service information 、 Service software type and version .

Get the services provided by the target server and the software types of various services 、 edition . We should not only focus on ports , We should also pay attention to software , The software that provides the same service can also be different . for example , It also provides MAil service , have access to WebMail、IMail And other different software , and WebMail and IMail The loopholes are different , The method of exploiting vulnerabilities is also different from that of software .

2. Server Vulnerability Information

After collecting some information about preparing to attack the server , Hackers will detect every host on the server network , To find security vulnerabilities inside the system , This information is called vulnerability information , It mainly includes sharing information 、 Weak password information 、 Background information 、 Website version information 、 Website vulnerability information 、 Server Vulnerability Information .

Vulnerability exploitation and intrusion attempts

When enough information is collected , Hackers are about to attack . There are many kinds of vulnerabilities , There are different utilization methods and tools according to different vulnerabilities . Whether the attack was successful , Depends on whether the vulnerability exists and is properly exploited .

3. Target server permission acquisition and promotion

Successful invasion , You can obtain certain permissions of the target system , This is also the basic goal of the invasion . Get the permission of website administrator , You can add 、 Delete 、 Modify the news and all operation permissions in the background of the website . Get website Webshell． You can replace and modify the home page 、 Hang Black Pages 、 Hang a Trojan horse 、 Delete any program files of the website . Get the highest permission of the computer , It can achieve the effect of complete control .

The expansion of authority is what hackers often call power raising . Generally, hackers use certain vulnerabilities to attack the target system and obtain certain permissions on other machines remotely . Generally, the highest permission is not necessarily obtained by using remote vulnerabilities , And it is often only sufficient for the authority of an ordinary user , Such permission cannot realize the original intention of hackers . At this time, we need to cooperate with some vulnerabilities to expand the access , It is often extended to the administrator authority of the system .

Only after obtaining the highest administrator privileges , Hackers can do things like long-term control 、 Network monitoring 、 Clean up traces 、 Things like intranet penetration . After completing the permission promotion , These personal computers or servers will become hackers' chickens , For hackers to make full use of , Even part of it is used as a springboard 、 Puppet zombies attack and harm others

4. Long term control and removal of traces

After a successful invasion , Based on the different purposes of intrusion , Hackers usually choose two processing methods , First, long-term control , Convenient login to the target system anytime, anywhere ： Second, clean up the traces , Avoid being found and tracked .

5. Long term control

Hackers usually plant Trojans or leave backdoors to achieve their long-term control .

Here is just a brief introduction Web Script Trojan , That's what we often say Webshell. After the script Trojan horse is transformed by various means such as deformation or encryption , Put it in a deep directory , Detection is very difficult , While the administrator is doing backup , It will also be backed up as a normal website program file . So since , Through this script, the Trojan horse , You can permanently control the website . A good script Trojan can be combined with system vulnerabilities to raise rights , And then control a computer .

6. Clean up traces

Whether it's invading websites , Or invade the computer 、 The server , When performing various intrusion operations on the target system , Always leave traces in website logs and system logs . According to these logs , Security personnel can analyze the behavior of hackers , And then fix the loopholes 、 Clean the Trojan horse and the back door . And according to these logs , Internet police can investigate and collect evidence, and then track and arrest criminal hackers .