Sunday, November 18, 2007

An introduction to hacking !!

An introduction to hacking
--------------------------

This is a brief tutorial designed to show you how to get started with
hacking. It is not an in depth analysis of Unix and I will not show you how
to hack specific systems or give you any specific usernames or passwords.
Anything that you do after reading this file is NOT my responsibility, so
don't expect me to write to you in jail if you get caught. If you are an
advanced hacker, then I suggest you give this a miss as it's designed for
beginners...

Section 1 : What exactly is a hacker then?

Tricky one really. There are hundreds of definitions floating around, but
the basic description of a hacker would be someone who accesses and uses a
computer system in ways which a normal user might not think of. This may be
legal, but chances are that it will be illegal. Also, many hackers might not
consider you to be one of them unless you have the hacker attitude.
Basically what this means is that you have a certain view over the way in
which things should be done. For example, nearly all hackers are anti
authoritarian. Another thing which you really should do is give voluntry
help to other hackers. This may be in the form of debugging programs that
they have written, informing them of new bugs in systems e.t.c.... There are
plenty of detailed FAQ's out there, so I won't go into it in detail. Try
looking up 'hacker ethics' in any descent search engine (www.altavista.com
is pretty good) for more

Section 2 : Tell me how to hack!

Yeah right. You ask any hacker or newsgroup this and your gonna get flamed.
Flaming is when someone responds to your question by throwing a string of
anger and obsenities at you because they are mad. Why would they do this?
After all hacking is about giving voluntry help isn't it? Well, asking how
to hack is not only far too general, but it's also pointless. Nobody can
tell you how to hack. They can give you passwords, programs and bugs, but
they by doing this they would be stopping you from learning and discovering
new things, and let's face it, the best way to learn to hack is to do it.

Section 3 : Where to learn

Apart from actually hacking, the most important thing you can do is read.
Texts can come from a variety of sources, including your local library and
of coarse the internet. There are some around with titles like 'The secret
underworld of hacking' but these are mostly a waste of time, and contain no
valuable information. Instead, read books with titles like : 'Unix : An
introduction' or 'How to teach yourself Unix'. These will contain a wealth
of commands and information. You will not learn by simply downloading
programs to do your work for you, although some are essential (I'll tell you
which ones later).

Section 4 : The art of hacking

Hacking is in many ways an art. It takes time, patience and intelligence.
You won't get immediate gratification, but if you do get good, then it's
really worth it. There are several skills accosiated with hacking, but the
fundemental one, which is often overlooked by newbies is the ability to
program. Programming is basically telling the computer what to do, and a
programming language is the way in which you write it. Again, there are
millions of tutorials to do with this subject, and it is FAR too big to go
into here. The basic languages you will need to know are perl and c, which
are the main languages for the Unix operating system (I'll go onto that in a
second). Again, any good search engine will give you hundreds of sites
realted to these. Just to give you an idea of what programming is about,
here' some c source code (that's the text before it is compiled/interpreted
so the computer can understand it):

#include
using namespace std;
int main()
{
cout<<'Hi there, how are you!';
}

Note that this section of code is taken from a MSDOS application. Unix will
differ slightly. Although it can be a bit tedious, programming is very
rewarding, and is very important if you want to become a good hacker. You
won't need to become some programming genius to hack though, just have a
general idea of the syntax used by the languages. The next important skill
you need to learn is how to use the Unix operating system. This is an
operating system (like windows or DOS) which is specifically designed for
networking. Most big servers use it and it allows thousands of users to
connect to virtual (software) and hardware ports remotely ( if the computer
it is operating has them). Like programming, Unix is very complicated and
detailed, so I can only give you an introduction here. The best way to teach
you what Unix is is to give you an example. This example assumes that the
person using it has a shell account (a user name and password so that he can
log in and use the computers), and that the user has windows on their
computer. It is entirely fictional:

(In the run bar)
telnet shinracorperation.com 23
(Telnet starts up, there's a brief pause before the cursor starts flashing)
SunOS : 5.10
login:rudolf
password:########

Welcome to the shinra corperations main server. Type 'help' for more.
$

That is an example of a typical Unix system. To operate it, we run telnet
(the standard telnet program included with windows), this will allow our
computer to communicate with the remote server which is
shinracorperation.com. The number 23 after it tells telnet to connect to
port 23 on the computer. Ports allow remote users to input commands to the
computer. A computer can have thousands of ports, each with a different
number, but the most common and what they do are:

13 : Date and time port (pretty useless really)
21 : FTP (File transport Protocal) port
23 : Standard telnet port. This is the port which the telnet program will
try to open by default
25 : Send Mail port. This allows the user to operate an ancient send mail
program which can send messages to email addresses on that server (more
later)
79 : The 'finger' port. This allows the user to type in the name of a user
and get details on them (very useful)
80 : Standard http port (it's the one your browser opens)
110 : POP port. Allows you to operate a primitive POP email program.

To connect to each of these ports you would put the number instead of 23 in
the command line. The next line tells us what type of operating system the
computer is using. This will become important if you need to use a bug or
back door to get into the system, as they vary from operating system to
operating system. One advantage of Unix operating systems is that they don't
record your login attemps, so the sysadmin won't find 6000 attempts in his
log file when he has a look. Now, the only thing holding us back here is the
need for a username and password. In the early days of hacking, you could
telnet to any computer, type in root as your username and root as your
password and you'd be in with superuser privialges (root is the username
that should give you the ability to do anything on that computer). That
ain't gonna happen these days. There are some servers which you might be
lucky enough to guess a username and password on, so have a look at the list
below of common Unix users:

root
admin
adm
sysadmin
guest (VERY often the password will be guest too)
test
demo
uucp

Although unlikely, these may work if you enter the password the same as the
username, it's worth a try. I hope that gave you an idea of what Unix is.
The final part, by the way, was the command prompt, similair to the C:\>
prompt in DOS. Here you would enter commands for the computer. Since this is
only an introduction, I won't go into commands here, but there are plenty of
books, many from your local library which will tell you how to use Unix. You
can find more information on how to exploit bugs in Unix operating systems
and backdoors in them by using a search engine. Chances are that you will
not be able to guess the password. In this case you'll need to do some
research. Try looking at the companies web site, and finding out things
about them.

Section 5 : Toolz

Although you should use them as little as possible, you will need to use
some programs. One of the most essential is a password cracking program. In
most Unix systems, the password file is located in /etc/passwd. As I've
said, there are plenty of files which will tell you how to download it, so I
won't go into that here. Now, assuming you've got the password file, you'll
need a program called John the Ripper deencrypt the file and get the
passwords. If you open the passwd file with a standard editor like notepad
or edit, you will see something like:

root:h589798Hhgh:0:0:/etc

or

root:x:0:0:/etc

With many more lines added on. If it looks like the first one, then not only
are you lucky, but you've got the passwords for the entire system. Now run
Jack the ripper on it, and if your dictionary file (a file with lots of
standard passwords in it) is good enough, you should at least get a few of
the passwords. If you get root, then get very, very excited. You can now log
into the system and do anything. BUT be warned, you do ANY damage what so
ever, and they'll find you within a couple of hours, so DON'T. Not only
that, but it'll make you a cracker which is someone who breaks into a system
to do damage to it, they are looked down upon by real hackers. Now, if it
looks more like the second one, get ready to cry 'cos the password file is
shadowed. This means that although the users are stored in the passwd file,
the passwords are stored in different one, usually /etc/shadow. This
obviously means that you must download the shadow file (the server probably
won't let you), merge it with the passswd file, and then run john the ripper
on it. If you can get both the passwd and shadow files, you'll need to get a
program called VCU to merge them, although there are some others around.
Shadowing is used by most servers these days, and makes life a hell of a lot
more difficult

Section 6 : Using programs on the server

The first program I'm gonna look at is SMTP (send mail) which is usually
stored on port 25. I'm not gonna give any direct examples here, but replace
the xxx part with virtually any server name and you should find one:

telnet xxx 25

SMPT Version 1.3 Ready

And that is all you get. You are now ready to run this program. It allows
you to send mail to anyone who has an email address within that server. The
commands that you'll need to know to use this program are

help - gives you a list of commands. If you follow it with a command, it
will give you help on it

helo - This tells the computer who you are

mail from:xxx - It will say who the mail is from on the message (replace xx
with a made up or real email address)

rcpt to: - Who the mail will go to. It must be within the server that you
are hacking or you will get the error 'Relaying not allowed'

data : Press enter, and type in what you want the message to say. Put a full
stop (a period) and a seperate line and press enter to end and send the
message

quit : Disconnects you

vrfy xxx : Replace the xxx with a user name, and it will tell you if it
exists

This should give you a basic idea of how to use the program. The commands
should come in that order to send mail (vrfy is not needed to send mail, you
can simply use it to tell if a user exists. Oh yeah, and you won't see what
you type in.

The other program I'm gonna look at is in port 79 so type:

telnet xxx 79

You will be greeted by, well nothing. Loads of servers have closed this
port, but if they have it open, then it is very useful. All you do is type
in the name of the user you want to finger, and it will give you their
account details. Try all of the common users above. This program will
usually only let you finger one user before disconnecting.

Conclusion

I hope this has been an informative introduction into the world of hacking.
Even at this level, there are tonnes more things which you will need to find
out about so that you can hack. I suggest you look the following things up
in your search engine:

Unix operatins system
computer security
hacking
c programming
perl programming
hacking tutorials

Hopefully you will find what you need. One last word of warning, be VERY
careful about hacking, and don't do any damage, you WILL get caught if you
do. Oh yeah, and have fun...

Legal Stuff...

You may reproduce this document on any web page or on any CDROM or
otherwise. You do not have to ask my permission or anything, as long as it
remains unchanged and I get the credit. As I've already said, I'm not
responsible if you act on the information above, and this was intended for
EDUCATIONAL PURPOSES ONLY.


Source


Love happen's once and the rest is just life!!!!

No comments:

>