This document is aimed for people who wants some insight into the cyberworld. Hacking
explained, basic tricks,spot vulnerabilities, how to avoid beeing hacked, +alot of
other useful stuff. This article assumes you have no knowledge whatsoever of
Unix/Linux systems, networking/coding and is for educational purposes only. In short,
this is for people who wants an overview, and is written in a way to make people
without a clue understand. I see alot of text documents, aged, 3 years old stuff that
still hangs around and people read it, then
go on and try for themselves. Often with this old stuff they end up scratching their
heads, thinking why doesn't it work. Well it's just because of that, systems change,
so does the security.
Anyway enough of the intro, let's begin
===============================================
This document will cover:
1:1 Internet overview & Analogy
1:2 Packets & Analogy
1:3 Rules & Viewpoints
1:4 Services & Vulnerabilities
1:5 Security holes.
1:6 Requirements
1:1
You might be asking yourself alot of questions, like what exactly do you need to know
in order to hack, discover a vulnerability, and the other million things you would
want todo. To make any kind of sense you need to understand what we're doing.
Internet is like a virtual universe and each planet is a computer, at home, ISP,
server, or something else. Small packages are sent 24/7 everywhere on the Internet,
these packages are sent and received when you do something, like check your email for
example, browse a website or turn on icq. Now imagine for a second that you could run
around out there in the virtual universe and steal, intercept, or copy any packet you
want and open it.
1:2
I will try to be as simple as possible, but you have todo the thinking that way you
will test yourself. If you build up a picture in your mind, you will understand all
of this alot easier. Let's say you are checking your email, you click "inbox", and
the new mails are downloaded to your computer. Now imagine I intercepted all the
packages that was sent from your computer to your mailserver, and before your packets
reaches the server, I re-send them from my computer and voila your email is heading
my way. In theory this sounds easy right? Well, not exactly. It's not even a
'generic' hack, but in theory it does work. Part of this is to make you understand
just how vulnerable the Internet is. Sure you can download ZoneAlarm and play around
as much as you like, see all those IP numbers popup from people that scan large
networks, but are you really sure it makes any difference down the long road?
Software firewalls are in general crap, what you would need is a gateway/hardware
firewall. Always remember, it's only data beeing sent, if you have the power to send
data, and fake it's sender you can do alot!
1:3
Remember that using someone else's tools is not very appreciated if you want to be
taken serious. It's no sport just running someones executeable and enter a ip/port,
you want to make your own tools and figure out the tricks. When learning it's
important that you have the correct view of things, just as I explained before with a
simple analogy. In this world, the world of security & hacking, problems are not
problems, they're challenges, and most of them require alot of patience. Do you have
patience? Okay then, let's continue
1:4
What makes a computer vulnerable? Well first of all when you plug the Internet cable
in you're vulnerable, to make some sense here I will talk about services. What is a
service? A service is a process, that does exactly what it's called, it offers a
service. Take a FTP server for example, it lets you share files and create accounts
for other people to download, it's a service. These services usually opens a door to
your computer, in order to work. When you share a map on a local network in windows,
a door is opened to send and receive data. This for one is what make systems
vulnerable. Now remember, a service does not necessarily need to be a 'server'
application. Take Half-Life for example a very popular game, not a service according
to the general idea, but lets choose it as an example. When you start Half-Life and
connect to a server, again doors are opened and data is sent/received. Doors are
reffered to in network terms as 'ports' , remember that because from now on I will
use the real term.
1:5
There are a billion types of hacking, but one of the basic tricks is to learn to
exploit services, to be simple here, you find a 'hole' in a service, then use it
against the target computer. Someone playing Half-Life could be a victim of many.
Usually the exploits that people play with, are made by someone else, and are
available to download for anyone, these exploits probably won't work, or not work
long because the makers of the exploited service will fix the vulnerability. That is
why 'script-kiddies' often fail - the term reffers to kids, using exploits made by
others. This is not the idea of real hacking.
1:6
In order to find a bug, then make a simple application to 'exploit' the bug you
found, you will need some coding practice, you need to know how to send/receive data,
you need to know abit about sockets, udp/tcp. You could go the easy way, unless
ofcourse you want to code something for Unix in .C, but personally I would not
recommend that as a start unless you're geared with C-learning books. In the next
issue of this document I will use visual basic 'cough', and guide you through your
first exploit. Hopefully this language will be easier for you to understand in the
beginning before you take on big cheese. In future versions I will guide you through
perl/C in a unix/linux environment to assemble an exploit, but like everyone else you
have to start somewhere.
SOME PARTS ARE BY ME. NOT ALL .
THANKS TO D33D nd L33tBB/\start
explained, basic tricks,spot vulnerabilities, how to avoid beeing hacked, +alot of
other useful stuff. This article assumes you have no knowledge whatsoever of
Unix/Linux systems, networking/coding and is for educational purposes only. In short,
this is for people who wants an overview, and is written in a way to make people
without a clue understand. I see alot of text documents, aged, 3 years old stuff that
still hangs around and people read it, then
go on and try for themselves. Often with this old stuff they end up scratching their
heads, thinking why doesn't it work. Well it's just because of that, systems change,
so does the security.
Anyway enough of the intro, let's begin
===============================================
This document will cover:
1:1 Internet overview & Analogy
1:2 Packets & Analogy
1:3 Rules & Viewpoints
1:4 Services & Vulnerabilities
1:5 Security holes.
1:6 Requirements
1:1
You might be asking yourself alot of questions, like what exactly do you need to know
in order to hack, discover a vulnerability, and the other million things you would
want todo. To make any kind of sense you need to understand what we're doing.
Internet is like a virtual universe and each planet is a computer, at home, ISP,
server, or something else. Small packages are sent 24/7 everywhere on the Internet,
these packages are sent and received when you do something, like check your email for
example, browse a website or turn on icq. Now imagine for a second that you could run
around out there in the virtual universe and steal, intercept, or copy any packet you
want and open it.
1:2
I will try to be as simple as possible, but you have todo the thinking that way you
will test yourself. If you build up a picture in your mind, you will understand all
of this alot easier. Let's say you are checking your email, you click "inbox", and
the new mails are downloaded to your computer. Now imagine I intercepted all the
packages that was sent from your computer to your mailserver, and before your packets
reaches the server, I re-send them from my computer and voila your email is heading
my way. In theory this sounds easy right? Well, not exactly. It's not even a
'generic' hack, but in theory it does work. Part of this is to make you understand
just how vulnerable the Internet is. Sure you can download ZoneAlarm and play around
as much as you like, see all those IP numbers popup from people that scan large
networks, but are you really sure it makes any difference down the long road?
Software firewalls are in general crap, what you would need is a gateway/hardware
firewall. Always remember, it's only data beeing sent, if you have the power to send
data, and fake it's sender you can do alot!
1:3
Remember that using someone else's tools is not very appreciated if you want to be
taken serious. It's no sport just running someones executeable and enter a ip/port,
you want to make your own tools and figure out the tricks. When learning it's
important that you have the correct view of things, just as I explained before with a
simple analogy. In this world, the world of security & hacking, problems are not
problems, they're challenges, and most of them require alot of patience. Do you have
patience? Okay then, let's continue
1:4
What makes a computer vulnerable? Well first of all when you plug the Internet cable
in you're vulnerable, to make some sense here I will talk about services. What is a
service? A service is a process, that does exactly what it's called, it offers a
service. Take a FTP server for example, it lets you share files and create accounts
for other people to download, it's a service. These services usually opens a door to
your computer, in order to work. When you share a map on a local network in windows,
a door is opened to send and receive data. This for one is what make systems
vulnerable. Now remember, a service does not necessarily need to be a 'server'
application. Take Half-Life for example a very popular game, not a service according
to the general idea, but lets choose it as an example. When you start Half-Life and
connect to a server, again doors are opened and data is sent/received. Doors are
reffered to in network terms as 'ports' , remember that because from now on I will
use the real term.
1:5
There are a billion types of hacking, but one of the basic tricks is to learn to
exploit services, to be simple here, you find a 'hole' in a service, then use it
against the target computer. Someone playing Half-Life could be a victim of many.
Usually the exploits that people play with, are made by someone else, and are
available to download for anyone, these exploits probably won't work, or not work
long because the makers of the exploited service will fix the vulnerability. That is
why 'script-kiddies' often fail
- the term reffers to kids, using exploits made by others. This is not the idea of real hacking.
1:6
In order to find a bug, then make a simple application to 'exploit' the bug you
found, you will need some coding practice, you need to know how to send/receive data,
you need to know abit about sockets, udp/tcp. You could go the easy way, unless
ofcourse you want to code something for Unix in .C, but personally I would not
recommend that as a start unless you're geared with C-learning books. In the next
issue of this document I will use visual basic 'cough', and guide you through your
first exploit. Hopefully this language will be easier for you to understand in the
beginning before you take on big cheese. In future versions I will guide you through
perl/C in a unix/linux environment to assemble an exploit, but like everyone else you
have to start somewhere.
SOME PARTS ARE BY ME. NOT ALL .
THANKS TO D33D nd L33tBB/\start
