Gaining access Introduction
In this section, we are going to look at gaining access to the computer device. The computer device means any electric device like a phone, a laptop, a TV, a network, a router, a website, a server. Each device has an operating system, and they have the program installed on these operating systems. We will look at how to gain access to the computers. In this example, we are going to use a computer. We are going to have a Linux device hacker, and we are going to have a window device target. We can apply the same concepts if we are targeting a web server, a laptop or a phone, but we will be considering them all just like a normal computer. We can set up a web server on our computer, we can make it look and act like a website, or even make it act like a TV, or for that matter, anything we want. TVs and all such things are just simple computers with less complicated hardware in them.
Server-side attack does not require any user interaction. These attacks can be used with the web servers. We can also use them against a normal computer that people use every day. We are going to have a computer, and we will see how we can gain access to that computer without the need for the user to do anything. This attack mostly applies to devices, applications, and web servers that do not get used much by people. Basically, people configure them, and then they run automatically. All we have is an IP. Now, we will see how we can test the security and gain access to that computer based on that IP. Various type of server-side attacks includes buffer overflow, SQL injection, and denial-of-service attacks.
The second approach we will try is the client-side attack. This approach requires the client who uses that computer to do something. It involves a number of things like opening a picture, opening a Trojan, or installing an update. We are going to learn how to create backdoors, how to create Trojan, how to use social engineering to make the target person do something so that we will gain access to their computer. In this case, information gathering is going to be crucial, because we actually need to know the person that we are targeting. The various type of client-side attacks includes session fixation, content spoofing, and cross-site scripting.
Once we get access to the target computer, we will see what we can do after we gain access to this computer. This could involve a client-side exploit, server-side exploit, or even just physical access, where the victim leaves their desk, and we get in. In this section, we are going to look at what we can do once we have access to the target. We will also see how we can further exploit that target and increase our privileges, or target other computers in the same place.