Hacker comes from the English verb hack, which means "chop, chop" and is extended to "do it beautifully". In the early campus slang of MIT, "hacker" means "prank", especially a clever and skillful prank. In Japan's new hacker dictionary, hackers are defined as "people who like to explore the mysteries of software programs and grow their personal talents from them." Unlike most computer users, they only know a small part of the knowledge specified by others. " From these definitions, we still can't see the meaning of being too derogatory. They usually have advanced hardware and software knowledge and the ability to analyze systems through innovative methods. Hackers can make more networks more perfect and secure. They aim to protect the network and find network vulnerabilities through improper intrusion.
Another type of intruder is someone who uses network vulnerabilities to destroy the network. They often do repetitive work (such as brute force cracking passwords), and they also have extensive computer knowledge, but unlike hackers, their purpose is to destroy. These groups become "hackers". Of course, there is also a class of people who are between hackers and intruders.
It is generally believed that hackers originated in the laboratory of Massachusetts Institute of Technology in 1950s. They are full of energy and keen to solve problems. In the sixties and seventies, the word "hacker" was very meaningful. It was used to refer to computer addicts who thought independently and obeyed the law. They are super intelligent and devoted to computer research. Hacking activity means exploring the maximum potential of computers intellectually freely, which has made great contributions to the development of computer technology. It is these hackers who initiated a personal computer revolution and the current open computer architecture, which broke the previous situation that computer technology was only in the hands of a few people, created personal computers, and put forward the view that "computers serve the people." They are heroes in the history of computer development. At present, the basic techniques used by hackers to invade computer systems, such as password cracking, trap door, back door and Trojan horse, were invented during this period. The experience of hacking has become an indispensable part of the resumes of many computer giants. For example, Steve Jobs, one of the founders of Apple, is a typical example.
In the 1960s, the use of computers was far from universal, and there were not many databases for storing important information, not to mention hackers illegally copying data. In the 1980s and 1990s, computers became more and more important, and there were more and more large databases. At the same time, information is increasingly concentrated in the hands of a few people. This "enclosure movement" in the new era has aroused great resentment from hackers. Hackers believe that information should be enjoyed by a few people rather than monopolized, so they turn their attention to information databases involving all kinds of secrets. At this time, the computerized space has been privatized and has become a property owned by individuals. Society can no longer turn a blind eye to hacking, but must take action to control it by legal means. Hacking activities have been dealt an unprecedented blow.
However, the government and company managers are increasingly asking hackers to teach them computer security knowledge. Many companies and government agencies invite hackers to check the security of their systems, and even ask them to design new security programs. After two hackers discovered the flaws in the credit card shopping program designed by Netscape and made an announcement to the business community, Netscape corrected these flaws and announced that it would hold a contest called "Netscape Defect Grand Prix". Those hackers who discover and discover the security vulnerabilities of the company's products will receive a bonus of $65,438+$0,000. There is no doubt that hackers are making contributions to the development of computer protection technology.
2. Hacking attacks
Some hackers often take several methods, but I really want to say that a good hacker will never attack others casually.
1) to get the password.
There are three methods: first, illegally obtaining user passwords through network monitoring, which has certain limitations, but it is extremely harmful. Listeners can often get all the user accounts and passwords of their network segments, which poses a great threat to the security of local area networks. Second, after knowing the user's account number (such as the previous part of email @), use some special software to forcibly crack the user's password. This method is not limited by network segments, but hackers should have enough patience and time; Third, after obtaining a user password file on the server (this file becomes a shadow file), use a brute force cracker to crack the user password. The premise of this method is that the hacker obtains the shadow file of the password. This method is the most harmful of all methods, because it does not need to repeatedly try to log in to the server like the second method, but can easily crack the user's password by comparing the encrypted password with the password in the shadow file locally, especially for those mentally retarded users (users with extremely low password security factor, such as users with zys accounts, whose passwords are zys666, 66666, or simply zys, etc.). ).
2) Place Trojan horse program
Trojan horse programs can directly invade users' computers and destroy them. It is often disguised as a utility program or a game, which induces users to open email attachments with Trojan horses or download them directly from the Internet. Once users open these email attachments or execute these programs, they will stay in their computers like Trojan horses left by soldiers outside enemy cities, and hide a program in their computer systems that can be quietly executed when windows starts. When you connect to the Internet, this program will inform hackers to report your IP address and preset port. After receiving this information, hackers can use this latent program to modify the parameter settings of your computer, copy files, peek into the contents of your entire hard disk and so on. Feel free to control your computer.
Deception technology of WWW
Online users can use IE and other browsers to visit various websites, such as reading newsgroups, consulting product prices, subscribing to newspapers, e-commerce and so on. But the average user may not think of these problems: the web page being visited has been tampered with by hackers, and the information on the web page is false! For example, a hacker rewrites the URL of a web page that a user wants to browse to point to the hacker's own server. When users browse the target web page, they actually send a request to the hacker server, and the hacker can achieve the purpose of cheating.
4), mail attack
E-mail attacks are mainly manifested in two ways: one is e-mail bombing and e-mail "snowballing", also known as e-mail bomb, which refers to sending thousands, tens of thousands or even unlimited times of spam with the same content to the same mailbox with forged IP addresses and e-mail addresses, resulting in the "bombing" of the victim's mailbox, which may bring danger or even paralysis to the operating system of the e-mail server in serious cases; The second type is email spoofing, in which an attacker pretends to be a system administrator (the email address is exactly the same as the email address of the system administrator) and sends an email to the user, asking the user to change the password (the password may be a specified string) or load a virus or other Trojan horse program in a seemingly normal attachment (as far as I know, network administrators in some units are obliged to send firewall upgrade programs to users free of charge on a regular basis, which provides an opportunity for hackers to successfully use this method). As long as users are vigilant, this kind of spoof will generally not do much harm.
5) Attacking other nodes through one node.
After a hacker breaks through a host, he often attacks other hosts based on this host (hiding its intrusion path to avoid leaving clues). They can use network monitoring methods to try to destroy other hosts in the same network; You can also attack other hosts through IP spoofing and host trust relationship. This kind of attack is cunning, but because some technologies are difficult to master, such as IP spoofing, it is rarely used by hackers.
6), network monitoring
Network monitoring is a working mode of the host computer. In this mode, the host can receive all information transmitted on the same physical channel, regardless of the sender and receiver of the information. At this time, if the communication information between the two hosts is not encrypted, then using some network monitoring tools, such as NetXray for windows 95/98/nt, sniffit for linux, solaries, etc., you can easily intercept information including passwords and accounts. Although the user accounts and passwords obtained by network monitoring have certain limitations, listeners can often obtain all user accounts and passwords of their network segments.
7), looking for system vulnerabilities
Many systems have bugs, some of which are in the operating system or the application software itself, such as Sendmail vulnerability, password verification vulnerability of * * * directory in win98, IE5 vulnerability and so on. Before the patch is developed, these vulnerabilities are generally difficult to defend against hackers unless you unplug the network cable; Others are vulnerabilities caused by system administrator configuration errors. For example, in the network file system, calling out directories and files in a writable way and storing shadowless user password files in a directory in clear text will bring opportunities to hackers and should be corrected in time.
8), using the account to attack.
Some hackers will use the default account and password provided by the operating system to attack. For example, many UNIX hosts have default accounts such as FTP and Guest (their passwords and account names have the same name), and some even have no passwords. Hackers use the commands provided by Unix operating system, such as Finger and Ruser, to collect information and constantly improve their attack ability. This kind of attack can generally be overcome as long as the system administrator is vigilant, closes the default account provided by the system or reminds users without passwords to increase their passwords.
9), stealing privileges
Various Trojan horse programs, backdoor programs and programs written by hackers themselves that cause buffer overflow are all used to attack. The former can enable hackers to gain full control of users' machines illegally, while the latter can enable hackers to gain super-user rights, thus having absolute control over the whole network. This means of attack, once effective, is extremely harmful.
Command query method
This method is to find out the IP address of the other friend through the network command "netstat" built into Windows system, but this method requires you to find a way to invite the other friend to the "two-person world" of QQ first to say a few words. The following are the specific implementation steps of the method:
First, click the Start/Run command. In the pop-up system operation dialog box, enter the cmd command. After clicking the OK button, the screen switches to the MS-DOS working state. Then execute the "netstat-n" command on the DOS command line. In the pop-up interface in Figure 4, you can see which addresses have been connected to your computer at present (if the corresponding status of a connection is "established", it means that your computer has successfully connected with the other computer);
Secondly, open the QQ program, invite the other friend to join the "two-person world" and chat with the friends inside, so that your computer will establish a TCP connection with the other friend's computer; At this point, execute the "netstat-n" command on the DOS command line to see which tcp connection is added now. The newly added connection is actually a UDP connection between another friend and you. Look at the "ForeignAddress" in the corresponding connection to know the IP address of the other friend.
Four methods g7
When you use QQ to chat with friends, you can get their IP addresses in many ways. I have introduced the most commonly used methods to you. pp%F
I. Ask a friend about his IP address by chatting with him)
This trick is usually difficult to work, but it is the easiest way to get the IP address of the other party. If you ask my IP address, I will tell you. Because I always surf the Internet in Internet cafes, no matter what bad things you do after knowing my IP address, it won't cause me any loss. So just ask. When you can't find out, you must take other methods. -
8F; Celluloid tablets
2. Get your friend's IP address through QQ patch \^Z5i.
Just download a qq patch that can display your friend's IP address online, or try to download a QQ chat software that can directly display the other party's IP. At this time, when you chat with the other party, the IP address of the other party will show you in the QQ window. But if the latest QQ "patch" is not made, you have to use other methods. }K
On the mirror of the western wall-the first gateway of Zhaodong, the general agent of CA>.
3. Get the IP address m of QQ friends through DOS command.
When chatting with friends, you can get each other's IP address through the DOS command "netstat", which is a command that comes with Windows. But it can only be used in chat mode. K3
When chatting with friends, enter the command "netstat -n" in the DOS window, and then you will see: m $} b.
Active connection v
Original address foreign address status <
TCP 202. 109 . 34 . 78: 1200 202. 12 1. 139.35:6 1555 established l[?
....... "The content here is different, but it is the same as the above lines, but the IP is different." yB^$]
TCP 202.109.34.78: 4869 211.202.1.227: 23 Established =fO.
On the mirror of the western wall-zhaodong' s first portal website $C~
Exit "Chat Mode" at this time, and then enter the above command again under DOS. You will see: qd(mVY
Active connection l4Mt[7
Original local address external address status
TCP 202. 109 . 34 . 78: 1200 202. 12 1. 139.35:6 1555 TIME _ WAITImQ
......)("
TCP 202.109.34.78: 4869 211.202.1.227: 23 f2-
The Mirror of the Western Wall —— the first portal website in Zhaodong
Comparing the above two sets of data, the difference is the IP address obtained by the other party. The IP address of the above example is: 202.101.139.35! Reason: When chatting with friends, both parties should establish contact. "ESTABLISHED" means "the connection has been established", and "TIME_WAIT" after exiting the chat means "waiting for the connection". It's simple. Nl$Q
On the mirror of the western wall-vg~, the first portal of Zhaodong? Physical quotient
4. Check QQ friends IP 1g through the software.
Among many softwares that check IP through QQ. I appreciate "IpLocate". The current version of the software is 6.0. The main functions are: ` 1
1. You can find the IP addresses and areas of friends and strangers on QQ. 2. Enter the IP to find the location of the corresponding country or region. 3. Be able to carry out IP attacks. 4. It can be hidden in the system tray. 5. Users can customize data. The use method is simple. Just press the monitor button of this software, and then send a message to others or wait for others to send a message to you. The program will display the person's QQ number, IP address, port and location. Please refer to its help for specific instructions. XkgSQ
Please note, however, that if the IP address cannot be found, it may be due to the following reasons: V\h'C
1.IpLocate.exe and wry.dat must be placed in the same directory. +Kc
2. Be sure to open QQ first, and then open this software, otherwise it can't be monitored. ! f
3. If I am in the LAN, the monitoring function may be invalid. 2}9d
4. If the message sent is forwarded by the server, you can't listen to the IP address of the other party. .
There are other ways to get a friend's IP address, so I won't introduce them here. As for the purpose of obtaining the other party's IP address, think for yourself and you won't be led here to do bad things.
The initial stage of an attack is generally to find the IP address of the target. There are many ways to check other people's IP addresses, which can be roughly divided into four categories (defined by myself, inaccurate): check QQ users' IP addresses, check chat rooms' IP addresses, check anyone's IP addresses, and check the IP addresses corresponding to known domain names on the Internet. Let's take an example to see how to check someone else's IP address.
First, check the IP address of QQ users.
1. Check IP through FolkOicq.
FolkOicq is a program that can add IP display patches to QQ, the latest version of FolkQQ0530SE_B2. Get a Zip package after downloading, extract the file QQ2000.EXE with Winzip, and copy it to the installation directory of QQ (it is best to back up the original QQ2000.exe before to prevent future error recovery). Then run QQ2000, click on an online user, and you will find an IP address under QQ number.
The related pictures of this theme are as follows:
See 61.183.121.18? Yes! This is the IP address of the other party.
Check IP through IpSniper.
IPSniper is an IP address query tool for QQ2000. At present, all versions of OQ2000 are supported and can work normally under Win98 and Win2000 operating systems. When you run IPS Sniper program for the first time, a dialog box will pop up, asking you to set various parameters in the settings. Click "Settings", specify the directory and file name of the QQ execution file, and click "OK".
The next time you run IpSniper, you will directly start the QQ main program. When you talk to a friend or stranger, IpSniper will intercept the Ip address, port number and QQ number of the other party in real time, and display the geographical location of the other party together.
The related pictures of this theme are as follows:
3. Check the IP through the firewall
Because QQ uses UDP protocol to transmit information, and UDP is a connectionless protocol, in order to ensure that the information reaches the other party, QQ needs the other party to send an authentication to tell the machine that the other party has received the message, and the firewall (such as Skynet) has the function of UDP listening, so we can use this authentication to check IP, haha, it can be done as easy as blowing off dust!
Now give a practical example to see how to check IP with Skynet.
Step 1: Open UDP monitoring of Skynet firewall;
Step 2: Send him (her) a message;
Step 3: Check your QQ server address, which is 202.104.129.252 in this example;
Step 4: Exclude the QQ server address and determine the IP address of the other party, which is 61.133.200.90 in this example;
]
Well, he (she) can't get away, right? Leisure is too much trouble? Want to know that Teng Xun's QQ upgrade speed is faster than the rocket, there is always a version limit when using the first two methods, but this method can be done once and for all!
4. check IP through NetXRay
NetXRay is a powerful software developed by Cinco Networks for advanced packet error detection. Using such a powerful weapon to check the IP of QQ is a bit "overqualified".
Step 1: Run NetXRay and select Tools → Matrix from the menu.
Step 2: Select the IP label that appears at the bottom.
Step 3: Right-click and select Show Selection Node in the pop-up menu.
Step 4: Open QQ to chat with the person you want to check and observe the window at the same time. The data line whose color changes at the moment when the data packet is sent out is the IP connection between you and him. Look at the other end of the data line. That ip address (61.138.121.18) is your dream.
There are several ways to check the IP address of QQ users with NetXRay. You can try the rest yourself.
There are many methods and tools to check the IP address of QQ users. The method introduced here is enough for you, but it is really not good. It's easy to find some tools in this field by yourself.
Second, check the IP of the chat room
1. Use IP Hunter
IP Hunter is a software developed by lone swordsman. The method of using IPHunter to check IP in chat rooms is as follows: In chat rooms where posting and music are allowed, send pictures and music to each other in HTML language. If the path of the picture or music file is set to your own IP, even if the picture or music file with this URL address does not exist, you only need to send it to the other party, and the browser of the other party will automatically access your IP. Different chat rooms may use different formats, but you only need to set the path to your IP. Examples are as follows:
For example, the sending format of "* * * Chatroom" is as follows:
Send image: img src= ""
To send the IP address of music: img bgsound= ",just enter the command" Ping www.sina.com.cn "in the DOS window and you can see the IP.
Check with tools
Let's take Cyber Assassin 2 as an example.
Cyber Assassin II is a Chinese network security detection software specially designed for security personnel produced by Tianxing. Run CyberAssassin II, enter the main interface and select "IP"
The download address of network assassin II checks the client IP in the LAN in the same way.
Are hackers popular now?