Skip to content

Update 06_System_Hacking.md #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ShubhamPalriwala wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update 06_System_Hacking.md #8

ShubhamPalriwala wants to merge 1 commit into from

Conversation

@ShubhamPalriwala
Copy link
Contributor

@ShubhamPalriwala ShubhamPalriwala commented Nov 6, 2020

No description provided.

g0rbe
g0rbe reviewed Nov 19, 2020
View reviewed changes
Copy link
Owner

@g0rbe g0rbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Read the comments and correct it.
Thanks, my grammar was (or still?) awful.

06_System_Hacking.md

A password cracking application is used along with with a dictionary file.
This dictionary file contains entire dictionary or a list of known and common words.
A password-cracking application is used along with a dictionary file.
Copy link
Owner

@g0rbe g0rbe Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pasword cracking is without dash. See: https://en.wikipedia.org/wiki/Password_cracking

06_System_Hacking.md
Domain controller responds to a challenge known as **nonce** to be encrypted by the password's hash.
This challenge is a 16 byte random number generated ny the domain controller.
By comparing the challenge with the database, domain controller permit or deny the login.
This challenge is a 16-byte random number generated by the domain controller.
Copy link
Owner

@g0rbe g0rbe Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are love dashes 😃

06_System_Hacking.md

Rootkit is a software designed to provide privileged access to a remote user over a system, creates a backdoor.
Deployed after attacker gain high-level access to a system.
A rootkit is software designed to provide privileged access to a remote user over a system, creates a backdoor.
Copy link
Owner

@g0rbe g0rbe Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"A rootkit is a software ..." maybe.

06_System_Hacking.md
#### Types

- **Application level rootkit**: perform manipulation of standard application file with an injection of codes.
- **Application-level rootkit**: perform manipulation of standard application file with an injection of codes.
Copy link
Owner

@g0rbe g0rbe Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dash! 😃
See: https://www.omnisecu.com/security/rootkits.php

06_System_Hacking.md

- **Application level rootkit**: perform manipulation of standard application file with an injection of codes.
- **Application-level rootkit**: perform manipulation of standard application file with an injection of codes.
- **Kernel-level rootkit**: inject malicious code to the kernel
Copy link
Owner

@g0rbe g0rbe Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mine is wrong too. It should be "Kernel level rootkit".

06_System_Hacking.md
Comparing a password using a rainbow table.
Rainbow Table is the pregenerated hashes of the words in a dictionary or the combination of characters.
The advantage of Rainbow Table is the speed, because it takes less time to compare the hashes.
Rainbow Table is the pre-generated hashes of the words in a dictionary or the combination of characters.
Copy link
Owner

@g0rbe g0rbe Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pregenerate is without dash. See: https://en.wiktionary.org/wiki/pregenerate

06_System_Hacking.md

The attacker uses the information extracted by initial phases and guess the password.
Not common method and the rate of failure is high.
Not a common method and the rate of success is low.
Copy link
Owner

@g0rbe g0rbe Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😃

06_System_Hacking.md
Applications need Dynamic Link Libraries (DLL) to run.
In Windows, most of the application search for DLL in directories, instead of using the full qualified path.
The Attacker replace the DLL to a malicious one.
In Windows, most of the application search for DLL in directories, instead of using the full, qualified path.
Copy link
Owner

@g0rbe g0rbe Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both wrong (mine and yours). The correct would be "fully qualified path". See: https://en.wikipedia.org/wiki/Fully_qualified_name#Path_names

@ShubhamPalriwala
Copy link
Contributor Author

ShubhamPalriwala commented Nov 20, 2020

I'm-just-glad-how-both-of-us-are-wrong-at-so-many-places-lol

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@g0rbe g0rbe g0rbe left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ShubhamPalriwala @g0rbe