How to Crash a Windows 7 Computer
You can hack Windows XP easily. Its younger “siblings” (Windows 7, 8, and 10),
however, are tough nuts to crack. These modern systems don’t have unresolved
vulnerabilities. That means you can’t run an exploit directly when hacking a modern OS. In this section, your goal is to bring down a Windows 7 computer using the Metasploit framework. If you are successful, the target machine will display a blue screen with some gibberish on it. This process is extremely easy when done over a local area network. Important Note: You must have Windows 7 on a virtual machine. Remember: don’t practice your hacking skills on an actual computer. The results can be disastrous. Let’s divide the process into several steps:
Data Gathering
You have to determine the IP address of your target. During an actual penetration test, this process can be difficult. You have to find a computer’s IP address without getting detected. In this lesson, however, identifying the IP address is quick and easy. You just have to access your virtual machine, launch a shell, and enter “ipconfig”. Look for the line that says IPv4.
Launching MetasploitGo back to your Kali Linux OS and open a terminal. Then, start the Metasploit framework by issuing the following commands:
service postgresql startThe “msf” (Metasploit Framework) console will appear on your current terminal.
service metasploit start
msfconsole
Executing the Attack
Choose the exploit for this attack. The command that you must issue is:
use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
Type “show options” to view the options offered by this exploit. You’ll find that it has two
requirements: RPORT and RHOST. Set “3389” as the RPORT, since it is the port for
remote desktops. Set the IP address of your target as the RHOST. Then, type “exploit”.
Your target machine will display a blue screen and restart. Computer users refer to that
blue screen as “blue screen of death”. Metasploit allows you to perform this trick many
times. In the real world, this attack can be frustrating. Imagine what a person would do if
his computer keeps on rebooting.
How to Protect Yourself From Hacker ??
Today, countless hackers are on the loose. These people are spreading computer viruses through the internet. If you aren’t careful, malicious programs might infect your machine.
In this blog, you’ll learn how to protect yourself from usual techniques and vectors that hackers use.
Prevent the Typical Attack Vectors
Hackers use the following vectors to lure victims:
Scams
It’s your lucky day. Someone from Nigeria needs your help in smuggling money from his country. You don’t have to do anything difficult. You just have to conduct some wire transfers and wait for the Nigerian to give you your share of the funds.While checking the inbox of your email account, you saw a message saying you won a contest. You just have to send some money for shipping and wait for your prize to arrive.
The situations given above are typical scams. You probably think that nobody would fall for them. Well, nothing could be further from the truth. Thousands of people fall for such tricks. Victims send money and/or confidential information to the hackers, hoping for a quick benefit. Think before reacting to any email. Scams work best against people who act quickly. If an email says something that is too good to be true, ignore it. If the message asks you to give
personal information, report the email and tag it as spam.
Trojan Horses
Some hackers, however, use social networking sites in spreading out Trojans. They post videos with interesting titles. Once you click on the video, the webpage will tell you that you must update your browser first if you want to view the content. Well, the “update” that you need to download and install is a Trojan.
A Trojan horse serves as a container for malicious programs. This “container” often appears as an interesting or important file. Once you download a Trojan horse, its contents will infect your computer. This technique is extremely effective in turning innocent users into hapless victims. In most cases, hackers use emails in sending out Trojans. They send a phishing email that
contains a Trojan as an attachment. The email will encourage you to download and open the included file.
The best way to fight this hacking vector is by using your common sense and running an updated antivirus program.
Automatic Downloads
Hackers exploit vulnerabilities present in a program by establishing a rigged website.
In some situations, even up-to-date security programs are not enough. Your computer might have one or more vulnerable programs that hackers can take advantage of. For
example, if you have an old version of a computer application, it may be vulnerable to viruses.
These people attract victims by sending out phishing messages through emails or social networking sites.
Keep in mind, however, that hackers are not limited to their own sites. They can attack a legitimate site and insert malicious codes into it. Once you visit a compromised site, the inserted codes will scan your machine for vulnerable programs. Then, the codes will
install viruses onto your machine automatically.
You can protect yourself by keeping your computer applications updated. Software developers release updates and/or patches for their products. Most programs can detect whenever a new update is available. They will just ask you whether or not you would like
to update your program. Hit “Yes” and wait for the update process to complete.
Exploiting Weak Passwords
Fictional stories depict hackers as people who can guess passwords with ease. Real world hackers, however, rarely use this method. They don’t even bother guessing their victims’
passwords. They use various methods to obtain that crucial information. You can enhance your online security by using different passwords for different sites. For example, the password of your Facebook account should be different from that of your
Twitter account. This way, your Twitter account will still be safe even if a hacker successfully attacks your Facebook profile, and vice versa.
Using the same password for all of your accounts is extremely risky. When one of your accounts gets compromised, the rest of your accounts will also be in danger. You don’t have to use completely different passwords. It’s enough to add some characters to your main password to create different variations.
A hacker might also try to answer your security questions. You can protect your account by giving an answer that is not related to the question. This way, the hacker won’t be able to access your account, regardless of how diligently he conducted his research.
Taking Advantage of Open WiFi
The term “open WiFi” refers to a wireless network without any form of encryption. That means anyone can connect to the network and interact with the machines inside it. When a hacker gets into your network, he will be able to view and record all of the things you do.
He may also visit restricted websites and/or download files illegally through your internet connection. When that hacker does something illegal and gets tracked, the police will visit you.
It’s important to set a password for your WiFi network. Make sure that the encryption for your network is set to WPA/WPA-2. This encryption involves hashing, which makes hacking an extremely difficult task.
How to Protect Your Website from Hackers?
There are a lot of reasons why a hacker would attack a company website. For example, a hacker might try to steal your financial information for personal purposes. He might also try to obtain business-related data and sell it to your competitors. Because of this, you must do your best in protecting your site from malicious hackers.
Typical Hacking Attacks
SQL Injection – With this attack, a hacker can spoof your identity, access your site’s database, and destroy/modify the information inside your database. Here, the hacker will insert malicious SQL codes into the form fields of your website.
DDoS (Distributed Denial of Service) – The goal of this attack is to bring down a website temporarily. If a DDoS attack is successful, legitimate users won’t be able to use the website. Hackers perform it by flooding the target with continuous requests.
CSRF (Cross Site Request Forgery) – Here, the hacker will hijack a session to make purchases on the victim’s behalf. This attack happens when the victim clicks on a URL or downloads a file that runs unknown and/or unwanted actions.
XSS (Cross-Site Scripting) – Hackers use this technique to destroy your website and/or run their payloads. Basically, an XSS attack happens when a hacker injects malicious codes or payloads into a program that runs on the user’s end.
How to Protect Your Website from Hackers?
There are a lot of reasons why a hacker would attack a company website. For example, a hacker might try to steal your financial information for personal purposes. He might also try to obtain business-related data and sell it to your competitors. Because of this, you must do your best in protecting your site from malicious hackers.
Typical Hacking Attacks
The Defensive Measures
To protect your website from malicious attacks, you should:
Ask skilled programmers to review the codes on your website.
Run code scanners.
Offer rewards to people who will detect existing bugs within your site.
Make sure that your site has WAF (Web App Firewall). This type of firewall
monitors your system and prevents potential attacks.
Implement CAPTCHA or ask website visitors to answer a question. This way, you can make sure that each request comes from a human.
How to Keep Your Business Secure
Here are some practical tips that you can use in protecting your business:
Don’t store irrelevant customer information – Your website will be a tasty target for hackers if it contains various customer related information. If you want to protect your business, don’t save information that you are not going to use. For example,refrain from storing the credit card information of your customers if you don’t need it for your business.- Educate your people – The defense of your network is as powerful as your weakest employee. Keep in mind that hackers can use social engineering tactics. If one of your employees falls for such tricks, the security of your business will be in danger. Your firewall and flawless website codes won’t matter if your employees are reckless when dealing with their passwords.
These days, digital security is everyone’s job. Educate your employees regarding the
importance of vigilance and carefulness, especially when handling confidential
information. In addition, train your people on how to identify social engineering tactics.
0 Comments