First, locking the target Internet has a name that meets your own name, just like everyone has a suitable call, calling the domain
Name; however, a person may have a few names, and the definition of the domain name will also have the same situation, and can truly identify the host on the Internet.
The domain name is just the name of the host specified by IP. Of course, you can use the domain name and IP address to find the host smoothly (unless your network is not
through). To attack who first want to determine the target, you must know the domain name or IP address of this host, for example: www.yahoo.com, 1.1.1.1, etc. know
The position to attack the target is still very insufficient, but also need to understand the system type, operating system, providing services, etc., to do "know each other and know each other."
Hundreds of battles, how to get relevant information, let's take a detailed introduction, if the network domain name and IP address are unclear, turn over the hand
Let's! And now practice the ping command! I believe it will be used in actual combat! What is the use? If the ping target host returns too long or you
Foundation ping does not go through the target host, how do you continue! (The target is not within your range) know each other - classic hacker remote attack process summary, lock
There is a name that meets your own name on the target Internet, just like everyone has a name, called the domain name;
And a person may have a few names, the definition of the domain name will also have the same situation, and can truly identify the host on the Internet, the domain name is only
It is the name that the host specified by IP is used in a good name. Of course, you can use the domain name and IP address to find the host smoothly (unless your network is not performed). Attack
Whoever must first determine the goal, it is to know the domain name or IP address of this host, for example: www.yahoo.com, 1.1.1.1, etc. Know the attack
The location of the target is still not enough, but also understand the system type, operating system, providing services, etc., can we do "know each other and know each other, hundred battle
"How to get relevant information, let's take a detailed introduction, if you don't know the network domain name and IP address, turn over the hand book! And
Practice now! I believe it will be used in actual combat! What is the use? If the PING target host returns too long or you fundamentally
Ping does not go through the target host, how do you continue! (Goal is not within your range) Second, the service analysis is mostly available
Network information services such as WWW, Mail, FTP, BBS, basically each host provides several services, why is a host to provide so many
Services? UNIX system is a multi-user system that divides network services many different ports, each with a different service.
A service will have a program time to monitor port activities and give a response. And the definition of the port has become standard, for example:
The port of the FTP service is 21, the port of the Telent service is 23, the port of the WWW service is 80, etc. If you still want to know more, please do the following steps.
Enter MS-DOS PROMPT C: / Windows> Edit Services (Enter) Slowly Read it! However, there is no use of a lot of ports, no
I must remember them! How do we know what services have the target host? It is very simple to try it with a application for different services.
, For example, using a user software such as Telnet, FTP to apply for a service, if the host has a response, the host provides this service, open this port service, but we only need to know if the target host is "Is" ", But this is more troublesome and the information is not
All, I often use some tools like Portscan to scan the ports of the target host. This can all grasp the target
The port of the host. Now introduce a good tool, lack of good tools, you can't work well. Haktek is a very practical tool
Software, which integrates many applications, including: ping, IP scan scan, target host port scan, mail bomb, filtration
Parts, finger hosts, etc. are very practical tools. Complete the target host scan task, first tell the Haktek target host location, namely domain name or
IP address. Then select a port scan, enter the scan range, start scanning, and the screen will return to the "live" port number and the corresponding service. Information receipt of information
The set is very fast and complete. Why master the target's service information? If the service of several critical ports on the target host is not available, or give up attack
Plan, don't waste too much time on this winning target, hurry to choose the next goal. First look at a scan example: scanning host xx.xx.xx, ports 0 to 1000 port 7 found. Desc = echo port 21 found. Desc = ftp port 23 found. Desc = telnet port 25 found. Desc = SMTP port 53 Found. DESC = Domain / Nameserver Port 79 Found. Desc = Finger Port 80 Found. DESC = WWW port 90 Found. Port 111 found. Desc = portmap / sunrpc port 512 Found. Desc = Biff / Exec Port 513 Found. Desc = login / who Port 514 Found. Desc = shell / syslog port 515 found. Desc = printer Done! If the system is mainly
The mouth is "live", don't be too happy, because the system may add some restrictions, not allowing any user to remotely connect or do not allow root remote connections,
Or after entering, the user can only do the designated activity, which is forcibly interrupted, which only refers to the Telnet service, in fact, there will be a lot of complex feelings.
condition. Here is only the target host has an open port, and we still don't know what the target host is used, and the service program for each port makes
What version of the system is used, don't worry, please contact the Haktek tool first! No, go to download it! Third, systematic analysis is now explaining
How to understand the system, what is the operating system used by the target host, is actually very simple, first open the Wi N95 RUN window, then enter the command:
Telnet XX.xx.xx.xx (Target Host) then [OK], see what your screen will appear? Digital UNIX (xx.xx.xx) (TTYP1) Login: No need
I said that you will also know what your target host and operating system are! Yes, of course, the DEC machine is used, which is Digital UNIX! Ok, let's look again
One: unix? System v release 4.0 (xx.xx.xx) Login: What is this? May be a Sun host, Sun OS or Solaris, what is the specific? I also say it! This method is not useful for all systems, such as what is the case below, it is not good to determine what system: xxxx OS
(xx.xx.xx) (TTYP1) Login: Some systems change the display information, so it is not good to determine the information of its system, but according to some experience
Preliminary judgment, it may be HP UNIX. Also use the tool Haktek described above, using the finger function of the target host can also be leaked
Information. Establishing Real-Time UserList ... (Only Works if the sysadmin is a moron) --- [finger session] ---------
---------------------------- Welcome to Linux Version 2.0.30 at xx.xx.xx ... The above It is already enough! How to know the system
What is the service used by other ports? For example, 23, 25, 80 and other ports. With the same means, use Telnet and its own application tools,
FTP, etc. Using Telnet is to use the port number as a command line parameter, for example, Telnet XX.xx.xx 25 will have the following information to you:
220 xx.xx.xx sendmail 5.65V3.2 (1.1.8.2/31jan97-1019am) WED, 3 JUN 1998 13:50:47 0900 This is very clear
The version of the machine Sendmail. Of course, it is not used at a number of ports and different systems. Therefore, the corresponding application tool is required to obtain the corresponding information.
For example: Connected to xx.xx.xx.220 xx.xx.xx FTP Server (Digital Unix Version 5.60) Ready. User (xx.xx.xx none):
Most of the Internet is the WWW host. How do I know what kind of web server used by the target owner, introduce a page's query tool,
As long as you tell the address of the target host, it will tell you about information.
