tailieunhanh - Code Hacking 1-2

derisory term meant something vastly different in its heyday. Hackers then, as now, were concerned about how things fit together, what makes things tick. Generally, many early hackers concerned themselves with understanding the nature of the telephone system, which encouraged the development of “blue boxes” and war dialers such as Ton Loc. Public bulletin boards (such as Prestel) had security flaws exposed and various services disrupted. Ten years later, teenagers with the same mindsets were “nuking” each other over IRC and discovering the inherent flaws in various implementations of Windows File Sharing. These teenagers of yesterday are now the security professionals. | If a hacker wants to exploit a particular Internet facing network, then one of the first jobs to do is some reconnaissance. Just because the organization in question has a Web site doesn’t necessarily mean that the best way in is through one of the Web servers. It is quite possible that there is another weaker machine available that is not listed publicly. From a hacker’s point of view, it would be really useful to get a list of all the machines in the domain with their names and IP addresses. This list might even contain the IP addresses that the Web server uses to communicate with the database server behind the DMZ’s second firewall. This is exactly the type of information that a zone transfer will supply. As previously stated, a zone transfer is run between the secondary and primary name servers to take a backup of the zone. If the primary name server is configured to only allow zone transfers from the secondary server, then this is harder to carry out, but until recently, the default on most DNS servers was to allow zone transfers from anywhere. A sysadmin may well choose to log all attempted zone transfers, as they often signal the start of something much bigger. Other than just asking for addresses, it is possible to perform various queries and tasks (such as zone transfers) against DNS servers. We examine tools, such as NSLookup, in

TỪ KHÓA LIÊN QUAN