Understanding More About Manual Hacking - Hacking Psychology

Lots of my friends who thought that if I break down the security of a site with a manual hacking technique is to use SQL injections when in fact it is not. Some even suspect that the technique I use is a buffer overflow technique. I wanted to tell you all that each technique has many variations and the creation of variations of each technique depends on your understanding of computer networking, programming, information about the bugs and the experience you have. However the demands of your ability in the mastery of the system unix / linux in depth (not only use but expert too).


In this article I want give you some global description about what the manual technic in hacking method. Actually many bugs exist in your web aplications but you do not know if your application have a bug. Sometimes we could get access in the command shell with only rich code of bugs in your aplications. If you always read some security site, you will find many information about the bug and maybe you will shock after that known bugs. Ahh forget in indonesia, I like Indonesian language, it's more easy to understand (for you and me): P.


Okay back to the matter, so before you play with the manual before hacking there a necessity for you to know a lot about security bugs. Understanding of these bugs and then you also have to think how can I make you can get access to the command shell via the bugs. Previously you may have read an article about the fingerprinting attack on port 80 through the CGI (search article in new.order.box.sk) that with some methods you can get access to run a shell command through your browser. Well at least it is for your initial capital to get into their system further not just a shell command in the browser but also access the console shell (bash shell, xterm, eterm etc) as well as when you go into a shell nix / linux via ssh or telnet and can run some command on the target server by using applications like putty. (yeah but how?: P)


As I said before, there is an obligation for you to master the programming language. That the intention here is unix / linux programming such as C / C + +, PHP, Perl, Python, and so on. Why? Let you see when you find such cases in the previous paragraph where you with certain bugs can get shell access via a browser command, and then you want the command shell access via the console directly either by using a putty or other socket client application so that it easier to gain access further in the target server will need a deep understanding of socket programming (should be in unix / linux, sukur if you can play socket programming in windows: P).


Furthermore what do you know?


The ability to master the system unix / linux or windows in depth is important because without it you'll get a blank actions (waste). As you already know about socket programming bugs and you'll hit the next problem is the firewall. Even if you are able to create a socket on the target server, but what solution you have to do to get through a firewall target with limited access?. We have a lot of servers so neat firewall like ipchains planted, iptables and some additional applications like Snort and IDS Snare and port system settings so secure it by using TCP Server, TCP Wrapper, etc.. So now how do you find the solution to penetrate a system like that? The key word is you have to know a lot about how the system works.


Currently, I see a lot of friends who stunned and depends on the exploits and does not try to dig deeper information about the bugs and security ultimately happens is that we always be faithful watchman came exploits, exploits and security applications, the latest (well how the nation we want to forward). I often provoke temen-temen on IRC channel with a file showing the results deface by adding the words "Hacking Manual" but the response was "Please do not say with your large mouth!". It was in regret, but the author meant is that you are motivated to learn more deeply and do not always wait and wait. There are some who could be interested as well when I paste a few links with the deface-frills "Try your Hacking capabilitiy in Manual", but very few who responded and if any, at best bagiamana question is how? Of course I answered in the information search securititeam.com, securityfocus.com or packetstormsecurity.nl or try downloading it documents in this site and the site was. They were silent and forced cuman directly in the way he taught. Even if I give way, well that happens there is no deep impression of security and, at best answer "oo ... it easy anyway!". But because musababnya had absolutely no idea. The bottom line is "Learning by doing and doing!" Because that's where your experience will be unearthed, continue to continued and eventually you will continue to be motivated to continue to hone your skills.


"Save It in your mind and feel It in your heart!"


So now the decision is in your hands A, try to change the paradigm in order to advance the science, especially in the field of security and of course for the advancement of our nation (cie ... he .. he .. he). Embarrassed to ask astray on the road, there will no no progress