Dabarun ‘Yan Dandatsa (Hackers) da Hanyoyin Dakile Su (4)

Kashi na hudu cikin jerin kasidun da muke kawowa kan hanyoyin da yan dandatsa ke bi wajen aiwatar da ta’addancinsu ga kwamfutocin jama’a. A sha karatu lafiya.

314

Darasi Na (1): “Footprinting and Reconnaissance”

Darasi na farko dai shi ne: “Footprinting and Reconnaissance,” wanda ya kunshi tattara bayanai kan gidan yanar sadarwa (Website), ko kwamfuta, ko kamfanin da ake son kai hari gare shi, don darkake kwamfutocinsa.  Wannan shi ne abin da ‘yan Dandatsa ke yi da zarar sun yanke shawarar kai hari wani gidan yanar sadarwa ko sato wasu bayanai daga wasu kwamfutoci na wani kamfani.  Wannan dabara ta farko kenan, wanda sai ka aiwatar da ita da kyau, yadda ya kamata, sannan za ka ci nasara kan abin da kake son cin mawa. Idan ka kasa aiwatar da wannan mataki da kyau, da wahala ka cin ma bukatunka.

A wannan darasi dalilbi zai koyi yadda ake gudanar da bincike ne ta hanyar tattara bayanai kan wanda ake son kai wa hari.  Wato kwamfuta kenan mai dauke da bayanai ko wata na’ura ta sadarwa.  Wadannan bayanai sun hada da adireshin kamfanin da kwamfutocin suke, da kasa ko jihar da yake, da kuma bayani kan ma’aikatan dake lura da kwamfutocin, da adireshinsu na Imel, da sunaye (username), da lambobin kwamfutocin IP (Internet Protocol) dake gajeren zangon da ake son kai wa hari, ko kwamfutar dake dauke da gidan yanar sadarwar da ake son kai wa hari, da nau’ukan manhajojin da kwamfutocin ke dauke dasu, ko gidan yanar sadarwar ke dauke dasu (Web Applications), da sunayen gajeren zangon sadarwar, da sunan mai lura dasu (Network Administrator), da sunan da kowace kwamfuta ke dauke dashi (Domain Names), da kwamfutocin dake farke (Live System), da nau’ukan kafofin dake bude a kansu (System Ports) da dai sauransu.

Hanyoyin samun wadannan bayanai suna da yawa.  Sun hada manhajojin kwamfuta, da manhajojin gidajen yanar sadarwa.  Shahararru daga cikinsu dai su: manhajar “Google Search”, wato manhajar Matambayi Ba-ya-bata na kamfanin Google (www.google.com), da na sauran kawayenta, irin su: “Yahoo Search!” (http://search.yahoo.com) da “Bing” (http://www.bing.com) na kamfanin Microsoft da sauransu.  Za a koya wa dalibi yadda ake tattara bayanai ta amfan dasu, a al’adance.  Bayan nan, za a koya maka yadda ake amfani da “Google Search” wajen aiwatar da bincike na musamman, inda za ka iya zakulo bayanai na musamman wadanda ba kowa ke iya amfani da google wajen zakulo su ba.

Daga cikin shahararrun manhajoji akwai manhajar “Netcraft” (http://www.netcraft.com) wacce ke iya taimaka wad alibi wajen gano kwamfutoci ta amfani da lambobin IP dinsu ko adireshin gidan yanar da suke dauke dashi.  Da wannan manhaja kana iya gano sunan kwamfutar, da nau’in babbar manhajar dake dauke a kanta, da zubinsa (version).  Idan gidan yanar sadarwa ne ma kana iya ganin adireshin shafukan da gidan yanar ke dauke dasu.

Bayan “Netcraft”, akwai manhaja da shafin “SHODAN” (http://www.shodan.io), wanda ke dauke da tsarin neman bayanai kan na’urorin sadarwa da na kyamara dake dauke a ofisoshi dake warwatse a duniya.  A shafin Shodan kana iya hango kyamara dake haskaka wata ma’aikata ko kamfani da dake wata uwa duniya, kai tsaye (live), ba tare da kowa ya ganka ba.  Sannan ta wannan darasi, za a koya maka yadda ake neman bayanai kan na’urar sadarwa irin su: “Router” da “Webcam” da “Switch”, wadanda ake iya sarrafa su ta amfani da “password” dinsu na asali, wadanda masu su basu canza musu “Password” ba, saboda sakaci.

Har wa yau akwai manhaja ta musamman wacce ake amfan da ita wajen kwafo gidan yanar sadarwa dungurum dinsa, idan ana bukata.  Ta amfani da wannan manhaja, kana iya kwafo bayanan shafin duka, ka loda wa kwamfutarka, kayi nazarin bayanan a lokacin da kaga dama.  Sannan akwai manhajar “Google Map”, wanda manhaja ce dake zakulo bigiren duniya gaba daya, da adireshin wuri ko ma’aikata ko kamfanin da kake nema, cikin taswira da rubutu da zane, cikin sauki.

Daga cikin hanyoyin da dalibi zai koyi amfani da su har wa yau akwai shafuka da dandalin sada zumunta, wato: “Social Media” – irin su Facebook, da Twitter, da LinkedIn, da sauran makamantansu.  A nan za a koya maka yadda ake tattara bayanai ta hanyar sakonnin da jama’a ke rubutawa ko suke yin ta’aliki a kai (comments) ko suke debowa daga wasu wurare (sharing).

- Adv -

Karkashin wannan darasi dai har wa yau, dalibi zai koya, cikin sauki, yadda ake tattaro bayanai cikin sauki, daga wani rumbu na musamman da wasu masana suke bude, don samun bayanai kan shafuka da kwamfutoci masu rauni da saukin kutsawa.  Wannan shafi shi ake kira: “Google Hacking Database.”  Ba shafi bane da kamfanin Google ya bude, a a, suna ne kawai aka sa masa.  Saboda bayanan dake shafin, wadanda ‘yan dandatsa ne zalla ke zuba su, sunyi amfani ne da hanyoyin zakulo bayanai na musamman daga babban rumbun adana bayanai na manhajar “Google Search.”  Wadannan dabaru da suka yi amfani dasu kuwa su ake kira: “Advanced Google Search Keywords.”  A wannann runbu ne zaka ga yadda ake zakulo bayanai daga wurare masu tsauri, cikin sauki.  Aiki sai mai shi.

Wadannan kadan ne daga cikin hanyoyin da ake karantar dasu a wannan marhala.  Kuma kamar yadda na sanar, idan ka kware wajen iya tattara bayanai, to hakika ka kama hanyar nasara kan aikinka.

Hanyoyin Kariya

Daga bayanan da suka gabata mai karatu zai fahimci cewa har yanzu akwai sakaci cikin al’amarin mutane wajen adana bayanai ko bayyana su ga wadanda suka cancanta.  Wannan shi yasa tattara su ke da sauki; ta amfani da manhajar Google Search ko wasu manhajoji na musamman.  In kuwa haka ne, to ina hanyar tsira take?

Abu na farko shi ne, duk wani bayani na sirri da ka san bai dace wani ko wasu su gani ba, to, kada ka dora shi a Intanet.  Abu na farko kenan.  Haka idan a dandalin abota ne, ka kiyayi yayata bayanan da suka shafi rayuwarka wadanda ka san wasu na iya amfani dasu wajen kaiwa gareka ko ga waninka.

Ga kamfanoni kuma, hanya mafi sauki shi ne a horar da ma’aikata yadda za su rika mu’amala da mutanen dake waje wajen bayar da bayanai, ko wajen hira dasu, ko wajen rubuta abin da ya shafi rayuwarsu na aiki.  Domin galibin ‘yan dandatsa na samun bayanai ne galibi ta wajen ma’aikatan kamfanonin da suke son kai wa hari.  Sannan hatta takardun dake dauke da bayanan kamfanin a san yadda za a rika sarrafa su idan ba a bukatarsu.  Wasu ‘yan dandatsa sukan je hatta bolar da kamfanoni ke zubar da shara, don neman bayanan da zasu taimaka musu wajen kaiwa kwamfutocin kamfanin hari.

Dangane da kwamfutoci kuma, dole ne a rika saita su da kyau; kada ka bar kwamfuta a tsari da kintsin da tazo dasu.  Idan ka sayi kwamfuta sabuwa, dole ne ka canza mata suna, ka tsara hanyoyin shiga da fita daga gareta. Sannan idan kamfani ne, dole ya zama yana dabbaka ka’idojin kariya (Security Policy) don baiwa kwamfutocin kamfanin tsaro daga ‘yan ta’adda.  Wannan ya hada da samar da tsari da ka’ida ingantacciya na zaba da adana kalmar sirrin (Password) ma’aikata.  Sannan, abu na karshe, kamfanin na iya gayyatar kwararre a fannin “Ethical Hacking” don yin gwaji da gano rauni ko kafofin da ‘yan dandatsa za su iya amfani da su wajen isa ga bayanai in akwai.  Wannan shi ake kira: “Penetration Testing” ko “Pentest,” a gajarce.

A mako mai zuwa in Allah Yaso, zamu shiga bayani kan darasi na biyu, wato: “Scanning Networks”, inda mai karatu zai ji yadda ake tace kwamfutoci don nemo wacce ake so daga irin bayanan da aka tattaro daga gare su.  A ci gaba da kasancewa tare damu.

- Adv -

You might also like
2 Comments
  1. mustapha a a kuriga says

    Allah ya kara basira

  2. Muryar Hausa24 Online Media says

    Masha Allah

Leave A Reply

Your email address will not be published.