Hacking can be difficult and there are many different ways to hack and
many different exploits to use. Hacking is neither defined nor limited by
exploitation or exploration. Hacking into someone else's system may be illegal,
so don't do it unless you are sure you have permission from the owner of the
system you are trying to hack.
Hacking was primarily used for learning new things about systems and
computing in general, 'in the good ol' days'. In recent years it has taken dark
connotations and in general has been looked down upon. Likewise, many
corporations now employ "hackers" to test the strengths and
weaknesses of their own systems. These hackers know when to stop, and it is the
positive trust they have built that earn them large salaries.
There is a major difference between a hacker and a cracker. A cracker
is motivated by malicious reasons; a hacker is attempting to gain knowledge
through exploration.
Steps
Learn a programming language. C++ is very useful, although difficult to
learn. Python is much easier to learn, although less flexible. In order to
break into web systems, learning server side languages such as PHP will help
you immensely. Perl is also a very useful language to learn, as it can be used
in many situations, and once you are familiar with the syntax (which is similar
to that of C), you will be able to create perl scripts very quickly.
Use Cygwin for Windows or *nix. Plain Windows and DOS are more
difficult to work with. The tools in this article can be found for Windows based
machines. Nmap particularly, uses WinPCap to run on Windows and does not
require Cygwin. However, Nmap works poorly on Windows systems due to the lack
of raw sockets. You should also consider using unix or linux, which are both
more flexible, more reliable, and more secure. Most linux distributions come
with many useful tools preinstalled, including the previously mentioned nmap.
Know your target, the process of gathering information about your
target is known as 'enumeration'. Can you reach the remote system? You can use
the ping utility (which is included in most operating systems) to see if the
target is 'alive', however, you can not always trust the
results of the ping utility, as it relies on the ICMP protocol, which can be
easily shut off by paranoid system administrators.
Determine the OS (operating system). This is important because how can
you gain access to a system if you don't know what the system is? This step
involves running a scan of the ports. Try pOf, or nmap from www.insecure.org.
nmap runs a port scan, showing you the ports that are open on the machine, the
OS, and can even tell you what type of firewall or router they are using so you
can plan a course of action. You can activate OS detection in nmap by using the
-O switch.
Find some path or open port in the
system. Common ports such as FTP (21) and HTTP (80) are often well protected,
and possibly only vulnerable to exploits yet to be discovered. Try other TCP
and UDP ports that may have been forgotten, such as Telnet and various UDP
ports left open for LAN gaming. An open port 22 is usually evidence of an SSH
(secure shell) service running on the target, which can sometimes be
bruteforced.
Crack the password. There are several methods for cracking a password,
including brute force. Using brute force on a password is an effort to try
every possible password contained within a pre-defined dictionary of brute
force software. Rarely is a password cracked through brute force, because using
a password that is a word in any language is poor security practice. Users are
often discouraged from using such 'weak' password.
Get super user (su) privileges (if targeting a *nix machine). Most
information that will be of vital interest is protected and you need a certain
level of authentication to get it. To see all the files on a computer you need
super user privileges. This is a user account that is given the same privileges
as the "root" user in Linux and BSD operating systems. For routers this is the "admin" account by default (unless it has
been changed), for Windows, this is the Administrator account, etc. Just
because you have gained access doesn't mean you can access everything, only a
super user, the administrator account, or the root account can do this.
Use various tricks. Often to gain super user status you have use
tactics such as creating a "buffer overflow" which is basically
causing the memory to dump and allowing you to inject a code or perform a task
at a higher level then you're normally authorized. Only writing or finding an
insecure program that you can execute on their machine will allow you to do
this.
Tips
Read books discussing TCP/IP networking.
This article discusses what is known in the hacking world as
"cracking". Hackers are those that built the internet, made Linux,
and work on open source software. It is advisable to look into hacking, as it
is respected and less likely to get you arrested.
Using these tactics on a popular corporate or government computer is
asking for trouble unless you're a professional hacker. Keep in mind there are
people a bit more knowledgeable than you who are protecting these systems for a
living. Once found, they sometimes monitor intruders to let them incriminate
themselves first before legal action is taken. This means you might think you
have free access after hacking into a system, when in fact, you're being
watched, and may be stopped at any moment.
Warnings
Misuse of this information may be a local and/or federal crime. This
article is intended to be informational and should only be used for ethical
purposes.
Do not delete entire logfiles, instead, just remove the incriminating
entries from the file. What do you think would look more suspicious; logs with
a few entries missing, or the entire log file destroyed?
Be extremely careful if you think you have found a very easy crack or a
crude mistake in security management. An experienced hacker that protects that
system maybe have just set up a trap (honeypot) for you.
Stay away from breaking into government networks. If you do find a
vulnerability in such a network, the best plan of action is to inform the
system administrator, and perhaps help them in patching the vulnerability.
Things You'll Need
A computer with a connection to the internet.
A proxy is always a good idea.
Patience.
No comments:
Post a Comment