Hacker News new | past | comments | ask | show | jobs | submit login

How would one even go about doing this? Do you just keep trying difference ssh key values?

I never understood how people can just magically "gain access" to servers.

It can be pretty enlightening to read the few postmortems of big hacks that do get published.

Another seemingly common scenario (aside from a direct attack on the server) is to spear-phish someone else inside the company, not necessarily an admin or anyone technical, into clicking on some flash applet or trojan'd excel doc or something that owns their machine, then install keyloggers, proxies, etc., and work from there until you snag a credential that lets you into the server you actually want.

in this case it was supposedly done using SQL injections: http://en.wikipedia.org/wiki/SQL_injection#Incorrectly_filte...

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact