4 Terms you should know for Hacking
In this section, I will extract some things that everyone who is going to walk on Hacking World should know in advance. In fact, there are many things you should know. If I were to list all of them, it would be like a dictionary, so let me discuss only some of the most important ones.
1. Attacks Types, Attack Mediums & Attack Vectors
Every attack that comes to a system is called an attack. You need to know the difference between the attack method and the object being attacked.
Attack vector is the place (route) where an attack can occur. Attack Type is the type (method/technology) that can be used to attack the attack vector. An attack meduim is something that can use the attack type (or a medium that helps the attack).
Direct attacks cannot have a medium. But some attacks require a medium. Please read the following case study to understand all these 3.
Let's say that a company employee named Aung Aung was at work when he downloaded and read a small pdf file that came as an attachment in the mail, and his computer was attacked.
In the case above, the attack vector (attack surface) is the Aung Ong computer system. The attack medium is the email sent to Aung Aung, and the attack is an exploit by inserting the code in the pdf file. The attack type used in this attack is malicious code execution, and there are vulnerabilities that are mainly used in this case.
2. Vulnerabilities
Vulnerability is weakness, defect The meaning of the plot. You can't attack without Vulnerability. Looking back at the case above, we can see that there are vulnerabilities that make the attack successful.
The attack was successful because the PDF viewer, which opens and reads the PDF file, has a vulnerability that accepts code execution. Another weakness is Aung Aung. Before opening the downloaded attachment, he can check it. You can also disable the ability to run scripts in the PDF viewer.
That's why when we say Vulnerability, System, I can't think of it as a flaw in the application. People can also have vulnerability. That's why there are attacks like social engineering based on people's vulnerability.
Every system has a door (or) entry point that can enter it. Hackers often attack by switching to another if they fail. The thing to remember in this section is that if you find a vulnerability, you will find a way to attack it.
3. Exploits Vs Payloads
If you find a vulnerability, you can exploit it depending on the vulnerability. Exploit means attacking the Vulnerability in any system or application or service. It can easily be noted that attacks such as Buffer Overflow and SQL injection are exploited.
Payloads are bundles of code that can be used together with exploits. For example, when attacking with the Metasploit Framework, Payloads are what allow us to reverse shell. Let's say the code that will be executed in the system after the exploit and attack. Because these 2 are often attached, there is even a thought that they are the same thing. For now, we need to remember these little terms.
If you want to make it visible to those who are about to take the first step of hacking, let's say they were bitten by a snake. A bite is an Exploit, and when a darn bite injects poison through its fangs, it is a Payload. (If the tiger bites, the payload will not be included 😁)
4. Malware
Malicious software is called. The applications (software) that we use almost every day are the software that is beneficial for us. Malicious software is not intended to benefit us, but to disrupt our systems for the benefit of the attacker. Types of software that can cause damage.
Details about malware are written in detail in the book "Easy Learning Basic Hacking Techniques". Anyone can get the pdf version for free on the My Books page.
Thank you for reading here.
0 Comments