As the saying goes, do as the locals do, and since you have entered the door of hackers, you must understand the jargon of hackers, and the following are the real hacker-specific terms.

1. BROILER: THE SO-CALLED "BROILER" IS A VERY VIVID METAPHOR, WHICH IS A METAPHOR FOR THOSE COMPUTERS THAT CAN BE CONTROLLED BY US AT WILL, THE OTHER PARTY CAN BE A WINDOWS SYSTEM, OR A UNIX/LINUX SYSTEM, IT CAN BE AN ORDINARY PERSONAL COMPUTER, OR A LARGE SERVER, WE CAN OPERATE THEM AS IF WE WERE OPERATING OUR OWN COMPUTERS, WITHOUT BEING DISCOVERED BY THE OTHER PARTY.

2. Trojan horses: those programs that appear to be disguised as normal, but when these are run by the program, they will gain the entire control of the system. There are many hackers who are keen to use Trojan horses to control other people's computers, such as Gray Pigeon, Black Hole, PcShare and so on.

3. Web Trojan: On the surface, it is disguised as an ordinary web page file or inserts its own code directly into the normal web page file, when someone visits, the web Trojan will take advantage of the vulnerability of the other party's system or browser to automatically download the configured Trojan server to the visitor's computer for automatic execution.

4. Trojan: It is to put a web Trojan in someone else's website file or sneak the code into the other party's normal web page file, so that the viewer can be caught in the horse. 5. Backdoor: This is a figurative metaphor in which an intruder can implant specific programs or modify certain settings in the other party's system after successfully controlling the target host using certain methods. These changes are ostensibly difficult to detect, but the intruder can easily establish a connection to the computer using a program or method to regain control of the computer, as if the intruder had secretly assigned a key to the owner's room, allowing him to enter and exit at any time without being detected by the owner.

Usually most TrojanHorse programs can be used by intruders to make backdoors

6. Rootkit: Rootkit is a tool used by attackers to hide their whereabouts and retain root (root permission, which can be understood as system or administrator permission under Windows) access permission. Usually, an attacker obtains root access through a remote attack, or uses password guessing (cracking) to obtain normal access to the system, enters the system, and then obtains root access to the system through security vulnerabilities in the other party's system. Then, the attacker will install a rootkit on the opponent's system, in order to achieve their own long-term control of the other party's purpose, the rootkit is very similar to the Trojan and backdoor we mentioned earlier, but it is far more hidden than them, the hacker guardian is a very typical rootkit, and the domestic ntroorkit and other are good rootkit tools.

7. IPC$: It is a resource that shares the "named pipe", which is a hungry named pipe that is open for inter-process communication, and can be used when remotely managing the computer and viewing the shared resources of the computer by verifying the username and password.

8. Weak passwords: those passwords (passwords) that are not strong enough and are easy to guess, such as 123 and abc

9. Default sharing: The default sharing is to automatically open the sharing of all hard disks when the WINDOWS2000/XP/2003 system turns on the sharing service, because the "$" symbol is added, so you can't see the shared hand chart, also known as hidden sharing.

10. shell: refers to a command referring environment, for example, when we press the "start key + R" on the keyboard, the "Run" dialog box appears, and when you enter "cmd" in it, a black window for executing the command will appear, which is the shell execution environment of WINDOWS. Usually we use the remote overflow program to successfully overflow the remote computer, and the environment we get for executing system commands is the shell of the other party

11. WebShell: WebShell is a command execution environment in the form of web page files such as asp, php, jsp or cgi, which can also be called a web page backdoor. After hacking a website, hackers usually mix these asp or php backdoor files with the normal web files in the web directory of the website server, and then they can use the browser to access these asp or php backdoors to get a command execution environment to achieve the purpose of controlling the website server. You can upload and download files, view databases, execute arbitrary program commands, and more. Commonly used WebShells in China include Haiyang ASP Trojan, Phpspy, c99shell, etc

12. Overflow: To be exact, it should be "buffer overflow". The simple explanation is that the program does not perform a valid detection of the input data it receives, resulting in an error, which can be caused by a crash or execution of an attacker's command. It can be roughly divided into two categories: (1) heap overflow; (2) Stack overflow.

13. Injection: With the development of B/S mode application development, more and more programmers use this mode to write programs, but due to the uneven level of programmers, a considerable number of applications have security risks. The user can submit a piece of database query code and obtain some data he wants to know according to the results returned by the program, which is called SQLinjection, that is: SQL injection.

14. Injection Point: This is where the injection can be performed, usually a connection to the database. Depending on the permissions of the account that runs the injection point database, you will be given different permissions.

15. Intranet: Generally speaking, it is a local area network, such as Internet cafes, campus networks, company intranets, etc. If the IP address is within the following three ranges, it means that we are in the intranet: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255

16. Extranet: directly connected to the Internet (Internet), can be accessed with any computer on the Internet, and the IP address is not a reserved IP (intranet) IP address.

17. Port: (Port) is equivalent to a kind of data transmission channel. It is used to receive certain data, then transmit it to the appropriate service, and the computer processes the data and then transmits the corresponding recovery to the other party through the open port. Generally, the open couples of each port correspond to the corresponding services, and to close these ports, you only need to close the corresponding services.

18.3389, 4899 broiler: 3389 is the default port number used by Windows Terminal Services (TerminalServices), the service is launched by Microsoft in order to facilitate the network administrator to remotely manage and maintain the server, the network administrator can use the remote desktop to connect to any computer on the network that has turned on the terminal service, and after successfully logging in, it will operate the host as if operating their own computer. This is very similar to the functions implemented by remote control software or even Trojan programs, the connection to terminal services is very stable, and no antivirus software can detect and kill, so it is also very popular with hackers. After hackers invade a host, they usually find a way to add a backdoor account of their own, and then open the other party's terminal service, so that they can use the terminal service to control the other party at any time, such a host is usually called 3389 broiler. Radmin is a very good remote control software, 4899 is the default use of Radmin and is often used as a Trojan by hackers (it is for this reason that the current antivirus software also kills Radmin). Some people are using the service port number. Because Radmin's control function is very powerful, the transmission speed is faster than most Trojans, and it is not killed by antivirus software, Radmin is used to manage remote computers with empty passwords or weak passwords, hackers can use some software to scan the host with Radmin air passwords or weak passwords on the network, and then they can log in to remotely control the bad, so that the controlled host is usually made into 4899 broilers.

19. Non-killing: It is to modify the program through packing, encryption, modifying feature codes, adding flower instructions and other technologies to make it escape the detection and killing of antivirus software.

20. Packing: It is to use a special algorithm to change the encoding of the EXE executable program or DLL dynamic connection library file (such as compression and encryption) to reduce the file size or encode the encryption program, and even avoid the purpose of antivirus software detection. At present, the most commonly used shells are UPX, ASPack, PePack, PECompact, UPack, Immunity 007, Trojan Horse Coat, etc.

21. Flower instructions: It is a few assembly instructions, so that the assembly statement can make some jumps, so that the antivirus software can not judge the structure of the virus file normally. In layman's terms, "Antivirus software looks for viruses from head to toe in order." If we turn the head and feet of the virus upside down, the antivirus will not be able to find the virus."

There are some things you haven't heard, but that doesn't mean they don't exist!