I hope you feel identified with my stories and thoughts about Computer Security
Sunday, August 14, 2011
How easy is to hack a server? (Part 2 out of 2)
Today we will talk about the second type of hacking.
From my point of view, this is the most powerful hacking type due to directly attacks the weakest point in every system, people.
There lots of ways to perform social attacks, sometimes we will get some information to directly exploit and access the target system, other times we will get some information in order to access other information, and using the second one, get access to the target system.
It depends on the system strength, we will need more or less information to obtain this access.
I will tell a history based on phishing to get access to a enterprise server in a short way:
We will suppose we know that we have access to the company "X", "X" is a big company with lots of manager hierarchies, most of the company employees could use "Linkedin"; scanning the company profiles we can find a guy who is fan of old stamps.
We must think that a big company employee probably access his email at working time.
Now we will build a website that looks serious about old stamps, like an antiquarian shop where buys and sells old stamps. At this website we will place a malicious frame in order to execute a web-client exploit.
Then we will send him an email full of stamp discounts related to a very exclusive stamp collection.
And.... "voilà": full access to the company network from the manager PC.
This is a very simple and short history in order to explain an example about how easy could be to hack an enterprise server.
We can get three steps in social hacking:
1) Get information
2) Preparing our trap
3) Exploit and access
We must know that time spent in the first step will improve our second step effectiveness
We must know that time spent in the second step will improve our third step effectiveness.
Between steps 2 and 3 can take a while, due to the company manager could be on holiday or very busy.
Now we can ask our question: How easy is to hack a enterprise server?
Very much.
"We are legion"
Next Post: "Enterprise Hacking"
Subscribe to:
Post Comments (Atom)
Popular Posts
-
(Now you can access to the Spanish version of this post | Ya está disponible la versión en Español de este post) Hi there! Today we wil...
-
Today we will talk about differences between DDoSing a service and hacking a server. If you don't know what't DDoS and DoS, go to ...
-
(There is a Spanish version of this post | haga click aqui para acceder a este post en Español ) Just a few months ago we heard: "WP...
-
Hola de nuevo Hacía ya mucho tiempo del último post, muchos cambios en mi vida ultimamente pero estoy de vuelta :) Hoy estamos aqui para...
-
(Esta es la versión en Español de un post reciente | This is the Spanish version of a previous post ) Hace unos meses se escucho: ...
-
(Visit the brand new version of this old post in Spanish) Today we will write about "WifiWay". WifiWay is a free open linux d... -
(There is another post in Spanish | Puedes acceder a la versión de post en Español aqui ) Today, here we are with the next post about a kin... -
(Esta es la versión en Español de un post previo en ingles | This is the previous version of a post in English ) Hoy estamos aqui con ...
-
Today we will write about Nessus (from my point of view) the best vulnerability scanner. There are many network scanners: * nmap : a ver...
-
(Now you can access to the Spanish version of this post | Puede acceder a la versión en Español de este post) Hi there! Long time ago fro...
No comments:
Post a Comment