This section focuses on gaining access to computer devices, including phones, laptops, TVs, networks, routers, websites, and servers. Every device has an operating system with programs installed on them. The example provided in this section involves a Linux device being used to hack a Windows target device. However, the same concepts can be applied to other devices such as laptops, phones, and web servers. By setting up a web server on a computer, it can be made to appear and function like a website, TV, or any other desired device, as many devices are essentially simple computers with less complex hardware.
Server side
Server-side attacks, such as buffer overflow, SQL injection, and denial-of-service attacks, do not require any user interaction and can be used against web servers or any other devices that are configured and run automatically without much human interaction. In this section, we will focus on gaining access to a computer using a server-side attack without the need for user interaction, which is especially relevant for devices and applications that are not frequently used by people. By testing the security of the device or server using its IP address, we can exploit vulnerabilities and gain unauthorized access.
Client side
The second method we will explore is the client-side attack, which involves the user of the targeted computer taking some action. This may include opening an image, installing an update, or running a Trojan. We will learn how to create backdoors and Trojans, and how to utilize social engineering to convince the target to perform an action that will enable us to gain access to their computer. Effective information gathering is critical for this approach, as we must have knowledge of the target in order to successfully execute the attack. Common types of client-side attacks include session fixation, content spoofing, and cross-site scripting.
Post-exploitation
In this section, we will explore the actions we can take after gaining access to the target computer, which can be achieved through client-side or server-side exploits, or physical access. We will examine the possibilities of further exploiting the target system, such as elevating our privileges, targeting other computers in the same network, and conducting various types of attacks that can result in stealing information, damaging the system, or installing malware.
In conclusion of the Gaining Access Introduction topic, we invite you to follow us regularly @ tutorials.freshersnow.com if you would like to learn more about Ethical Hacking.