When we hear the word hacker, we usually think of complex mysterious techniques, and only a few people in the world can perform it. However, this is a misleading and a major factor in the popularity of today's hackers.
In fact, the server intrusion is not so complicated. Hackers may show off their "crazy skills," but these people are not what we really need to worry about. On the contrary, it is usually those who are poorly skilled and make misjudgments that cause the most problems. In fact, these people are now in many networks looking for exploitable vulnerabilities. When
when it comes to protection of Windows servers to stop the invasion, I very much agree first goal in focus easy to achieve. Remember, this is the most basic security weakness that every time you stump. In the previous article, I introduced some of the reasons for Windows security vulnerabilities. Now let's look at two common weaknesses in Windows servers and describe how they are implemented.
Missing patches lead to remote command prompt
patch is very difficult, you think most Windows server can be updated on the patch. But usually it is not the case. Inconsistent patch management is the biggest cause of weakness in Windows servers.
The following is a step by how "hackers" can use an unpatched Windows server to make an attack
:
An attacker runs from the outside or (more commonly) in the network Free vulnerability scanning tool to find missing patches. The attacker confirmed that this weakness can be exploited using the free Metasploit tool. The attacker launches Metasploit and gets a remote command prompt.
The attacker sets up a backdoor user account and adds themselves to the local administrators group. The attacker has full access to the system, such as local login, remote desktop, VPN, and so on. No one else will notice their existence. Insecure network sharing leads to unauthorized file access Sharing files on the network is one of the basic functions of a Windows server.
However, this is a fatal weakness, making the so-called user "trusted" can not be authorized to access. Sometimes employees click on Windows Explorer for boring, curious, or revenge, and they stumble upon sensitive information that they should not be able to access. Step
The following is a "hacker" to make use of insecure Windows shared attacks:
attacker to run a free scan tools shared in the network (such as GFILANguard), Discovering a lot of shared information on a Windows server, most of the information happens to have full control authority for everyone. The attacker finds the information they need by clicking on these shares.
attacker may occasionally find some sensitive information or can download and install the free article search tools, such as FileLocatorPro. The attacker inserts some keywords into the search tool of this article, such as "password", "SSN" or "confidential" which can represent sensitive information. The attacker found Microsoft Excel spreadsheets, Word documents, PDF files, and databases, all of which were sensitive employee information and customer information that could be used for illegal purposes. Again, no one may find these behaviors.
have enough "sticktuitiveness", an attacker can in Windows Server, SQLServer configuration weak and based on missing or simple password on the IIS server configured to share the entire drive by anonymous FTP and so on. If the physical server is accessible, an attacker can restart the Windows server using a CD containing Ophcrack or ElcomsoftSystemRecovery. They then get full access to all user accounts and passwords, including ActiveDirectoryfile ntdis.dit.
entire Windows environment are exposed to, and no one will notice.
For external hackers or malicious insiders, on the Windows server has many weaknesses to dig. As long as there is enough time, they can become hackers. Your task is to find these weaknesses and take precautions before others attack.