How do you hack?

Sputtering

I know this is an odd question and I've no intention of doing the sort but I've always been really curious as to just how do you hack? Is it computer programming or just random "enter password" and you try every combination under the sum??

Hobbes

You should ask in the security forum as they will really appreciate this post.

But here is the lesson for hacking..

<ruffkin2> HAHAHAH dat dude you sent me 127.0.0.1 iz enfected wit sub7 im ****in with him now
<andrw> oh good, format his computer
<Testicular_One> format his computer
<TheGreaterZero> format him

Goodshape

You should check out this movie. It's a bit out of date now but still a fairly accurate look at what being a cool hacker is all about.

Sabre0001

Of course you have no intention of doing it...That would be absurd!

By the way, does anyone here know where I can get my hands on some heroin...Just curiosity...

Hobbes

Goodshape wrote:

You should check out this movie. It's a bit out of date now but still a fairly accurate look at what being a cool hacker is all about.

They increased the password encryption on the gibson after that movie. The password is now sexgod.

Mutant_Fruit

Real hacking is getting out a dissasembler and examining the raw code in a program to find out what it does. Clicking "Hack Now" in a GUI hardly counts as hacking.

po0k

Reverse Engineer a Kiwi.

MrScruff

No programming required!

I'll break it down into steps for ya.

1/ Download this (It's a live linux CD)
2/ Run it and launch the program called Nessus.
3/ Enter the target machine.
4/ Look at the pretty report and use one of the holes it has found to break in.
5/ Find evidence of U.F.O activity OR get extradited to the US for an extended stay in scenic Guantanimo Bay.

*Disclaimer* You may need a screen that can project green text onto your face while you work.

Evil Phil

http://i.imdb.com/Photos/Ss/0244244/PC-1.jpg

TBH.

Zombrex

Sputtering wrote:

I know this is an odd question and I've no intention of doing the sort but I've always been really curious as to just how do you hack? Is it computer programming or just random "enter password" and you try every combination under the sum??

Technically you are talking about "cracking", as in cracking the security features in a computer system to stop unathorised access.

"Hacking" means hacking away at code and systems to figure out how they work and how to do cool things with them. For example "hacking" the Linux kernal does not imply trying to break it, or circumvent its secuirty, it just means trying to figure out how it works.

Unfortunately for people who consider themselves true hackers, the ill-informed media took the term "hacker" and ran with it, and now most people have a different idea of what hacker means, they think it means cracking.

Confused yet .....

Anyway, cracking is simply getting a computer to give you access when it shouldn't. All machines that interact with users or networks have to allow legitimate traffic in and attempt to block illegitamate traffic. You crack a system by convincing it that your malicious traffic is actually legitmate. How you do this depends on the circumstances, and what you want to crack.

It might be as simple as figuring out a system admins password and logging on pretending to be him, or it might be more complex like exploiting a bug in a network program to get it to do something it wasn't really meant to do.

There are millions of security bugs in the worlds software, with a million different ways to exploit these bugs.

PhantomBeaker

Actually anyone who's a member of the ACM, or has access to their most recent edition of the journal "Communications" (like if you're in college, it's in the library - definately in UCD, that's where I read it) there's a very good set of articles about hackers and hacking, their approach and how it differs from academia.

Really good article, and I'd recommend that anyone who can read it, does.

democrates

www.2600.com and the freedom downtime dvd for the insiders perspectives.

Also The Cuckoos Egg by Clifford Stoll, though outdated still a good read, his original article: stalking the wiley hacker (pdf). There was a tv program years back called 'spycatcher', would love to see it again.

Also slightly off-topic but if you want a good laugh check out the nerdcore rap "Rock Out With Your Hawk Out" by MC Hawking.

Tellox

Go and download a program called "Uplink". Thats excactly how the real life hackers work, in 2010.

Oh,and you should know, the CIA and the FBI are going to be monitoring your up-and-coming life of cybercrime, after posting this on public message boards. I would suggest restarting to the command prompt, and using fdisk c:\, and promptly throwing your harddrive into a bag full of strong magnets.

Evil Phil

Tellox wrote:

Go and download a program called "Uplink". Thats excactly how the real life hackers work, in 2010.

Oh,and you should know, the CIA and the FBI are going to be monitoring your up-and-coming life of cybercrime, after posting this on public message boards. I would suggest restarting to the command prompt, and using fdisk c:\, and promptly throwing your harddrive into a bag full of strong magnets.

Pressing Alt + F4 will clear your cache and render you untraceable.

Hobbes

Tellox wrote:

Go and download a program called "Uplink". Thats excactly how the real life hackers work, in 2010.

There was another one of these. Anyone remember the name? It wasn't as high tech'ish, revolved mostly console input.

Very fun though.

klash

Wicknight wrote:

Technically you are talking about "cracking", as in cracking the security features in a computer system to stop unathorised access.

Thank god someone knows something about the subject. I can't stand people calling cracking -> hacking. Its the bloody medias fault.

hacker n.

1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it; as in "a Unix hacker". (Definitions 1 through 5 are correlated, and people who fit them congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.

I'd love the op to ask Richard Stallman how to hack :cool:

smash

people see hackers or swordfish and they want to know how to do it... all the crap talk in these films where they just drop random phrases like logicbombs, trojans, 512 bit encryption!!!

It's like when I go to a meeting and a client says "ye ye, I think we should use a few applets maybe" - what the hell are you on about, this is nothing to do with the project and you're making no sense!

I always say stick to what you're good at because you'll probably end up on a forum some day and someone will be giving you "advice" - next thing you know, you'll have formatted your HD...

DeadParrot

good clean fun for learning to manipulate your own machine
http://www.happyhacker.org

just dont tell anyone Carol taught you...you'd be shunned as a n00b
and not l337

KTdesigner

(*Disclaimer* You may need a screen that can project green text onto your face while you work.) Lol, I love it, so true. Hollywood does not appear to know jack.

Last time I was flying through a 3D environment (of code) with my skateboard and superhuman antigravity powers, being chased by those nasty FBI types, I met a lovely "white hat" magician, who showed me the /exit. He said I should stop *DOSsing and Start > Run > CMD a new trace route 4 my life or I would end up like Neo (who likes pills and is a non-conformist). This *Prompt*ed me to change my ways and Refresh (F5 / Reload) my initial path.

smash

KTdesigner wrote:

(*Disclaimer* You may need a screen that can project green text onto your face while you work.) Lol, I love it, so true. Hollywood does not appear to know jack.

Last time I was flying through a 3D environment (of code) with my skateboard and superhuman antigravity powers, being chased by those nasty FBI types, I met a lovely "white hat" magician, who showed me the /exit. He said I should stop *DOSsing and Start > Run > CMD a new trace route 4 my life or I would end up like Neo (who likes pills and is a non-conformist). This *Prompt*ed me to change my ways and Refresh (F5 / Reload) my initial path.

I know exactly what you mean, last night I was jumped up on jolt cola and red liquorice and I was rollerbladding through these skyscrapers of garbage files... I got chased by a visual representation of cookie monster and I had to give him a cookie, then followed the breadcumbs home, stopped on the way for a bit of java though.

dlofnep

Instead of giving you the cliche hacking/cracking debate.. I'll answer the question as honestly as I can.

Put the words aside and their true meanings - What is it exactly you want to do? Do you want to compromise a machine or network at any cost for the fun of it or do you want to spend countless hours, getting 4 hours sleep searching nooks and crannies of code, understand principles of sql injection, buffer overflows, user input flaws in code, understanding concepts of networks, the securing of networks, the various methods of security, from hardware firewalls to different forms of access control..

I'm sure you want the easy way - Scaning a couple of subnets with a security scanner like retina or nessus which will give you a link usually to securityfocus, which in turn you can download the code for a local or remote exploit, compile, run, escalate privileges - Wallah. This is what most "script kiddies" spend hours every week doing, all just to deface some website to brag on IRC. Hey, I was one of them. I know how things run.

But really at the end of the day, it's not worth the hassle. at first you start out with the mentality that you just want to hack stuff cos it's cool and want to show off to your friends, but hanging around with influential people on IRC usually turn you to looking deeper into it. You spend more time programming, reading up more - Actually reading "lectures" on IRC.. Getting off on the fact that now people come to ask YOU questions about security related material.

Then you either stick with it and become semi-famous in the underground like gobbles, rain forest puppy or kevin mitnick.. Or you realise there is more to life than spending every night on PC's, losing valuable time that you could of spent with buds.

There you have it. As honest as I can be about it. I spent about 8 years in the whole scene, I'm long gone now - It was fun while it lasted. Ask me what the current security flaw trends are today, I couldn't tell you because I wouldn't know.. I'm now happy and enjoying life. The life of a hacker gives you no time for anything else.

Some reading for you off the top of my head if you are still interested.

Smashing the stack for fun and profit: http://www.insecure.org/stf/smashstack.txt

This has sentimental value. Anyone in the scene will tell you this is where hacking persay really exploded on the net. one of the most important pieces of writing in my opinion in the history of hacking.

Hacking Exposed: http://www.hackingexposed.com/

Hacking exposed is a very user friendly introduction to security. it's always worth the reading and a good way to expose you to security and flaws of security. I bought the original hacking exposed book and found it very insightful.. All the known exploits and flaws at the time were now carefully organised.. So for anyone who already knew them, it was a good reference book, and for anyone who didn't, it was a good way to learn and break into the world.

http://www.hackerslab.org/eorg/

This is a little wargame. A sort of controlled system that's mission is for you to hack your way up and escalate your privileges. It's fun to play and get's really challenging.

That's about that. Have fun with whatever you do.

penfold.

MrScruff

Technically you are talking about "cracking", as in cracking the security features in a computer system to stop unathorised access.

Everytime someone mentions "hacking" someone pipes up with "Actually, a hacker is a programmer.... a cracker is "

To %99 of the world a hacker is someone who breaks into computers.
A cracker is someone who breaks copy protection and the like.

You are not going to change this.

From the Cult of the Dead Cow:

A cracker is somebody who cracks warez, and/or a pejorative term for a white person. Any other meaning is never going to catch on in the media, nor with the old school. It's just too complicated to remember the distinction all the time. The people who are hackers by anybody's definition have done some... uh... mischevious things in their time; it's part of the nature of the beast. To say that "a real hacker would never break into a computer system" indicates - to me - a lack of understanding of the original meaning of the word. Of course a real hacker would break into a computer system, if it was an interesting enough problem and they didn't anticipate anybody having a problem with it. I agree that the media should widen it's definition of what a hacker is, but that's not the argument I usually see, especially here on slashdot. I see a lot more of "they aren't a real hacker, because they break into systems and/or do security stuff", which is plain silly.

Personally, I refer to people by whatever term they would like me to use, unless I don't like them.

Besides which, if you are doing something unexpected, unforseen, or disallowed to any system (which is my pocket definition of hacking) somebody is always going to think it's bad, until you laboriously convince them otherwise, on a case by case basis.

Why get caught up in semantic arguments when you could be doing cool things and get noticed for THAT, instead?

dlofnep

Mr. Scruff is correct.

PDelux

Is it computer programming or just random "enter password" and you try every combination under the sum??

In the context of a program where you need to enter a serial number or password. depending on the program, it can be easy as debugging the assembly to find where the program branches when you enter a good/bad serial number and then edit the file to replace a "branch if not zero" with a "branch if zero" so it will change the program flow.

bonkey

MrScruff wrote:

To %99 of the world a hacker is someone who breaks into computers.
A cracker is someone who breaks copy protection and the like.

To make life even more interesting...

Over here, people often refer to guru's as "cracks". On the other hand, a "hack" can be virtually anything...a kludge, a break-in, a neat solution....you name it.

People get too caught up with monikers and the like. They're all meaningless.

jc

x0n

so yeah, that sounds like the time I got myself reformatted to a 6-tab wide unix thread by a rogue html tag and had to rewire (dynamically of course) the inverse database flap that was oozing down my leg. I used everything I learned from Swordfish, including Halle Berry's tits, to hack into AIB's central muffin PCB detector and GUESS WHAT I FOUND OMGOMGOMG

zzz...kkkrrrrbb....zttzzzz...connection terminated...

pH

tbh

Capt'n Midnight

Hacking predates personal computers, it's about getting technology to do stuff it wasn't was designed to do, expanding the envelope if you like.

Cracking is usually negative.

projectmayhem

hacking is 70% social engineering (ringing up clueless secretaries and asking sneaky questions to get info -- namely passwords and the like), then 10% actual "computer hacking", then 10% getting the info... the final 10%? getting out unnoticed

not that i've ever done, or would ever do such a thing. it's illegal, and jesus will hate you for it

Cake Fiend

You're all wrong. A hacker is someone who fashions things out of wood by 'hacking' away at said wood.

Therefore, in order to hack, you must first acquire some suitable wood. Upon receipt of wood, obtain an implement (preferably metal), such as a chisel or hatchet, and commence fashioning something out of the aforementioned wood.

Happy hacking!

PhantomBeaker

projectmayhem wrote:

hacking is 70% social engineering (ringing up clueless secretaries and asking sneaky questions to get info -- namely passwords and the like)

I remember in the Annals of Improbable Research, they wrote an article about some research that was done, and it turned out that a horribly high amount of people would give up their passwords for chocolate (check out this article: http://news.bbc.co.uk/1/hi/technology/3639679.stm ).

I forget the figures, but it was an INSANE number.

The lesson, if you're doing any social engineering - offer chocolate :P

KTdesigner

Crackers can't hack unless they're tracker nackers with no sack and a small jack between the crack (of dawn) so relax, let it slack, get back on track and no hack or smack jack.

Cake Fiend

KTdesigner wrote:

Crackers can't hack unless they're tracker nackers with no sack and a small jack between the crack (of dawn) so relax, let it slack, get back on track and no hack or smack jack.

That cack be wack!

evilhomer

PhantomBeaker wrote:

I remember in the Annals of Improbable Research, they wrote an article about some research that was done, and it turned out that a horribly high amount of people would give up their passwords for chocolate.

I forget the figures, but it was an INSANE number.

The lesson, if you're doing any social engineering - offer chocolate :P

What kind of chocolate are you offering?

jmcc

Goodshape wrote:

You should check out this movie. It's a bit out of date now but still a fairly accurate look at what being a cool hacker is all about.

Nah! "Sneakers" is a far more accurate movie. Though if you want to get esoteric about it, check out the "Pi" and "Enigma" movies. Pi does deal with the kind of obsessive nature that some hackers can develop when engaged in a hack.

And as for the whole cracker vs hacker thing - blame clueless technology journalists. I rem one of them interviewing a supposed security expert who was busy trying to factor prime numbers with his management consultancy "security" group. A rather obvious gaffe but the tj in question never spotted it and it was aired on the TV programme.

The reality is that most tjs are technologically ignorant and trying to explain the difference between a cracker and a hacker to them is a waste of time because the media now uses "hacker" as the accepted term for what we would call a cracker. These tjs just run press releases and call it journalism rather than doing real journalism. The good thing is that these people rarely last more than half a bubble cycle before they are dumped into the books/arts review section of the media. But being a hacker is a way of mind and lasts a lifetime.

Regards...jmcc

Capt'n Midnight

Yeah chocolate's good

or you could go fishing http://www.boards.ie/vbulletin/showthread.php?p=51690248&highlight=password#post51690248

projectmayhem

PhantomBeaker wrote:

I remember in the Annals of Improbable Research, they wrote an article about some research that was done, and it turned out that a horribly high amount of people would give up their passwords for chocolate (check out this article: http://news.bbc.co.uk/1/hi/technology/3639679.stm ).

I forget the figures, but it was an INSANE number.

The lesson, if you're doing any social engineering - offer chocolate :P

ha.. people are great

on a serious note, people are very willing to hand over passwords to "bob from tech support*", so willing that if i were an employer i'd be fairly worried.

*for legal reasons: i am not, or never have been "bob from tech support"

PhantomBeaker

evilhomer wrote:

What kind of chocolate are you offering?

I offer from a selection Green & Black's Maya Gold, Cadbury's Bourneville and Galaxy... take your pick. If they still did it, I'd offer Cadbury's Top Deck as well.

For any of the above, just send your boards.ie password to me by Private Message and we can work something out.

Aoife

weeder

does that distro come with aids 1.0 or herpes 2.876

scojones

dlofnep wrote:

Instead of giving you the cliche hacking/cracking debate.. I'll answer the question as honestly as I can.

Put the words aside and their true meanings - What is it exactly you want to do? Do you want to compromise a machine or network at any cost for the fun of it or do you want to spend countless hours, getting 4 hours sleep searching nooks and crannies of code, understand principles of sql injection, buffer overflows, user input flaws in code, understanding concepts of networks, the securing of networks, the various methods of security, from hardware firewalls to different forms of access control..

I'm sure you want the easy way - Scaning a couple of subnets with a security scanner like retina or nessus which will give you a link usually to securityfocus, which in turn you can download the code for a local or remote exploit, compile, run, escalate privileges - Wallah. This is what most "script kiddies" spend hours every week doing, all just to deface some website to brag on IRC. Hey, I was one of them. I know how things run.

But really at the end of the day, it's not worth the hassle. at first you start out with the mentality that you just want to hack stuff cos it's cool and want to show off to your friends, but hanging around with influential people on IRC usually turn you to looking deeper into it. You spend more time programming, reading up more - Actually reading "lectures" on IRC.. Getting off on the fact that now people come to ask YOU questions about security related material.

Then you either stick with it and become semi-famous in the underground like gobbles, rain forest puppy or kevin mitnick.. Or you realise there is more to life than spending every night on PC's, losing valuable time that you could of spent with buds.

There you have it. As honest as I can be about it. I spent about 8 years in the whole scene, I'm long gone now - It was fun while it lasted. Ask me what the current security flaw trends are today, I couldn't tell you because I wouldn't know.. I'm now happy and enjoying life. The life of a hacker gives you no time for anything else.

Some reading for you off the top of my head if you are still interested.

Smashing the stack for fun and profit: http://www.insecure.org/stf/smashstack.txt

This has sentimental value. Anyone in the scene will tell you this is where hacking persay really exploded on the net. one of the most important pieces of writing in my opinion in the history of hacking.

Hacking Exposed: http://www.hackingexposed.com/

Hacking exposed is a very user friendly introduction to security. it's always worth the reading and a good way to expose you to security and flaws of security. I bought the original hacking exposed book and found it very insightful.. All the known exploits and flaws at the time were now carefully organised.. So for anyone who already knew them, it was a good reference book, and for anyone who didn't, it was a good way to learn and break into the world.

http://www.hackerslab.org/eorg/

This is a little wargame. A sort of controlled system that's mission is for you to hack your way up and escalate your privileges. It's fun to play and get's really challenging.

That's about that. Have fun with whatever you do.

penfold.

Summed up pretty nicely. A book I recommend, which is written by a very good friend of mine would be "Hacking: The Art of Exploitation". Here's a link.

projectmayhem

this thread should seek sponsorship from the 2600 tbh

Capt'n Midnight

projectmayhem wrote:

this thread should seek sponsorship from the 2600 tbh

If Sputtering cares to leave personal details, then I'm sure they'd be able to organise sponsorship in some form or other.

Saruman

Yup cracking.. not hacking is what he is asking about.. in which case i do it all the time! For instance today i was at a server that no one knew the admin password for (person who set it left company) so i had to "crack" in by logging in as a user who happened to have admin rights and re-setting the password. Its not cool 3d graphics, its not "wow im a hacker!" its just common sense and its my job. Sure there are harder ways to get access like getting access to systems remotely etc.. much harder to do if you are not actually there but the idea is the same.

NutJob

Saruman wrote:

Yup cracking.. not hacking is what he is asking about.. in which case i do it all the time! For instance today i was at a server that no one knew the admin password for (person who set it left company) so i had to "crack" in by logging in as a user who happened to have admin rights and re-setting the password. Its not cool 3d graphics, its not "wow im a hacker!" its just common sense and its my job. Sure there are harder ways to get access like getting access to systems remotely etc.. much harder to do if you are not actually there but the idea is the same.

No 3D gfx No matrix like hex dumps Still cant figure out what a gibson is (think its a guitar):( 15 years of jail sex :eek: For everything else theres mastercard


If you are interested in Computer Security and not jail time start learing Assembler, C/C++, PC architecture , Security Concepts, Os Design , Software Design ..............

Then you might undersand docs from places like phrack (nice and old now) or securityfocus (less old but unlikely you can get into trouble ther)

bert_man

Then there's

SQL Injection - where you enter malicious SQL into something like a password box on a Web Page and it gets wrapped up in a DB request and can do something like deleting or selecting stuff from a database table

Cross-Site javascripting where you can enter javascript into controls on a web page

and

The old Mixed Mode SQL Server login where you can fire passwords at SQL Server, gain access, use the query analyser window to run a command line stored proc, set up a user account for the domain and log on remotely that way

why people want to do this stuff though is beyond me

PhantomBeaker

By the way, to the OP, I'm in the middle of that smash the stack article, doing out example3, and there's a little flaw/bit of outdated trivia in that, which means that if you use the program out of the box, it'll break.

I've spent a number of hours (total, this was over a coupla days, with me nibbling on the problem every so often) playing with the examples, until I figured it out.

If you can do the same, then you're doing well for a beginner. Enjoy.

As an aside, if you're going to get anywhere with cracking, you're probably going to have to learn something about hacker mentality, as in the "Oooh, shiny, let's see what exactly I can do with this" type of attitude I've seen in the few people that I'd label as a "hacker". (And no, I don't label myself as one yet...) This is a very good article that describes it quite well: http://www.catb.org/~esr/faqs/hacker-howto.html

Aoife