EPTHistory of Hacking (parts 1, 2 and 3) - Page 2
| Forum Index > General Forum |
|
AK-Nemesis
2005 Posts
| ||
|
Orome
Switzerland11984 Posts
 I'd be very interested in more information. | ||
|
oHInsane
France727 Posts
So as i said, to sum up a little bit, the "hacking scene" can be divided into two main streams: - The "real" hackers: they usually have good/extreme computer knowledge. They can use this knowledge to attack and to make damages on a specific target (black hat hackers) or they can be hekpfull by warning software/network or any companies about some flaws in their product, security softwares etc (white hat hackers) - The "lamers" who are the source of the majority of the attacks over the Internet. Those guys just use softwares coded by other people to look "cool", "1337" or whatever. This category is a pure pain as i said. The main reason is that they bring nothing to the "hacking" community. And the second reason is that they give a "bad" image about what hacking is really. So let's concentrate on the "real hackers". As someone said, some of them are working alone or with a little group and prefer staying "covered" by remainin anonymous. And a part of them releases and shares their discovery. Those guys are working on different fields (i can just talk here about what i know): Coding: being able to program is a "must have" tool. Basically, you can't be a hacker if you don't know what programing is. Why ? Because in order to find a flaw in a software, you should be able to know what is happening in this software and how it works. Under the term "sofware", you can find usual soft like MS WORD, MS OUTLOOK, you can also find websites (which is an intenet program), you can also find Operating System like Windows, Unix (Linux), Solaris , etc... and you can also find network program like Apache. Basically, any services or program can be hacked. So imagine someone wants to hack a website and he knows this website has been built with "phpnuke" (which is program that allow you to make your own website in a short amount of time). The hacker will download "phpnuke" then he will check the source code (how the program is made) to find if there is something that can be a flaw for the website. There are many possible flaws on a website portal. There are XSS flaws (which allows the hacker to introduce his own code on the website) , SQL Injection (which allows the hacker to interact with all the datas stored on a website like user password, user email and so on) , include flaws (which allows the hacker to execute his own program on the website, for example a program that will erase all the website), etc.... But don't misread me, i don't say every website has flaws, i just say that it is possible to find some of this flaw. You know a website has generally 100.000 + lines of code so it is reasonnable to think that the programmer could have made a little mistake while writing all those lines that would allow someone to find a XSS, a SQL Injection or anything else. So coding is a key for a programer. As i said, it allows the hackers to understand how his target work, but it also allows a hacker to make his own program. For example, a hacker found a flaw on Windows XP that allows him to reboot the machine if he enters some specific data onto windows. He will then write a program that will automatically send this data and make his target rebooting. Here is a typical example of that with the "lsass" flaw that was found in Windows like 4-5 years ago ( you know it was known as the "sasser" worm). The idea still remains the same: Finding a flaw on a software then build the software that will exploit this flaw. (more details about sasser here http://www.osix.net/modules/article/?id=527 ). Carding: this is something i don't really know well. Still, i just know the concept. The idea is to clone credit card (or any type of card but it is less profitable to clone a bus card than a credit card). This is very very VERY illegal so it is hard to find those guys and many of the websites are regularly closed. The last i hard of was carderplant and it has been closed for a while. The russians are really active (talk about russian mafia ??) into this area and most of the time, if they release websites about carding, it is all on russian so i can't get deep into it. As i don't know many things about pure carding, i won't go into the details. The ony way i know to steal credit card number is to keylog someone's else computer and get his credit card number back. A keylogger is just a program (as i said coding is the way to go) that will store everyting you can type and then send the content to the hacker. Usually those keyloggers are detected by antivirus cause their signature are easy to detect. Reverse Engineering: This area is closely related to coding. It is just a way to find a flaw in a compilated sofware without having the source code. To sum it up fast, you can't read the source code on a compilated software (like word, brood war and everything you can install on your computer). So in order to know how the program is working you should disemble it (with a program). So basically, you will have something which is not the source but something (if you know how to read it) that will the hacker to know how the program is working. FOr example, this is what is usually done to make a cd key generator. The hacker disembles the program, then he will look for the procedure that will check the validity of the cd key. Then the hackers will extract the algorithm of the cd key validation and will build his own cd key generator. Networking: Well, the idea here is to penetrate a network (ie the network of a private companie). That's where Kevin Mitnick (here is his story: http://en.wikipedia.org/wiki/Kevin_Mitnick ) was a master. The idea here is to allow you to remotely acces a network you should not have the right to access. There are many tricks depending on the network topology. One of them is the Man In The Middle (MITM). I like this example because it explains on itself quite well the ideology of attacking networks: you have a network where a computer in a company ( A ) is sending/receiving information from the server of the companies that stores for example financile information about customers (B). And you are on other computer in this company. So here is the idea of the MITM: A <--------------------------->B A <---------> C <----------> B So you have make B believing you're A and at the same time, make believing A you're B and put yourself in the middle of their transaction. Then you just have to capture the traffic (with a sniffer) and pick the information you need in it. One of the new field on the network attacks is the wireless network. The idea of this is to enter a wireless network outside ot the physic limitation but still in the range of the network. Let met explain. I know my neighboor is using a wireless internet connection and i want to use it too but he does not want me to do that. So physically, you're supposed to be out of the network since you don't live in your neigboor's place. But, the wireless acces point has a range of 35 meters so basically, you can be on its network range and so, you can be able to access the network. In theory, you just have to install a software that will find for you the password of the network and then you can go into his internet. Now, wireless protocols are being updated and it won't be that easy in the future but it is just the idea of the concept. Fingerprinting: To penetrate a network or a computer, you will have to know which operating system your target is running. So there is a field called fingerprinting that deals with the art to guess which system your opponent is running. There are softwares like nmap for example that will guess your OS target by analyzing the network traffic (the TCP windows to go a little more into the details). For instance, you want to attack someone but you have to know which operating system he has because you're a pro to hack windows system but if it's linux, you're fucked. So to be sure he is uing windows, you launch a fingerprint on him then if it 's a WIndows system, you will be able to try all your fresh new hacking knowledgre to get into his system. This field is very difficult to understand since you will have to know mostly everything about computer networks (tcp/ip and so on) and many things about Operating System. Ok there are many other fields but i just mention those to just give you an idea. Now, you should be able to understand that viruses are really not the mainstream for hackers. I am done writing for the moment. So i am gonna give you some other links to illustrate different things i dealt with. [vid] http://video.google.com/videoplay?docid=-1021256519470427962 : video that shows how to hack a wireless network [vid] http://video.google.com/videoplay?docid=-7477301395023415733 : video that just shows some reverse engineering [vid] http://video.google.com/videoplay?docid=3658264224674753229 : SQL injection | ||
|
Unforgiven_ve
Venezuela1232 Posts
LOL, omg...poor guy  | ||
|
Unforgiven_ve
Venezuela1232 Posts
/me fears 2600: The Hacker Quarterly is a quarterly American publication that specializes in publishing technical information on a variety of subjects including telephone switching systems, Internet protocols and services, as well as general news concerning the computer "underground" and libertarian issues. The magazine is published and edited by Emmanuel Goldstein (a pen name of Eric Corley and allusion to George Orwell's Nineteen Eighty-Four), who is also the magazine's founder, and his company, 2600 Enterprises, Inc. In the usage of 2600 Magazine and affiliates, the often loaded term "hacking" refers to Grey Hat hacking, which is generally understood to be any sort of technological utilisation or manipulation of technology which goes above and beyond the capabilities inherent to the design of a given application. This usage attempts to maintain neutrality, as opposed to the politically charged and often contentious terms White Hat hacking, which is designated as "hacking" motivated exclusively by good intentions (e.g. enhancing the performance of a device or exposing the vulnerabilities of a security system for the benefit of the system administrator), or Black Hat hacking, which is designated as "hacking" motivated exclusively by bad or selfish intentions (e.g. stealing useful information or exacting technological revenge through sabotage). The magazine's name comes from the phreaker discovery in the 1960s that the transmission of a 2600 hertz tone (which could be produced perfectly with a plastic toy whistle given away free with Cap'n Crunch cereal—discovered by friends of John Draper) over a long-distance trunk connection gained access to "operator mode" and allowed the user to explore aspects of the telephone system that were not otherwise accessible. Mr. Corley chose the name because he regarded it as a "mystical thing," commemorating something that he evidently admired. 2600 has established the H.O.P.E. (Hackers On Planet Earth) conferences as well as monthly meetings in Argentina, Australia, Austria, Brazil, Canada, Denmark, England, Finland, France, Greece, Ireland, Italy, Japan, Mexico, New Zealand, Norway, Poland, Russia, Scotland, South Africa, Sweden, Switzerland, and the United States. The meetings take place on the first Friday of the month at 5 p.m. local time. 2600 meetings exist as a forum for all interested in technology to meet and talk about events in technology-land, learn, and teach. Meetings are open to anyone regardless of age or level of expertise. 2600 Films has made a feature-length documentary about famed hacker Kevin Mitnick, the Free Kevin movement and the hacker world, entitled Freedom Downtime, and is currently working on one titled Speakers' World. Additionally, 2600 has been involved in many court cases related to technology and freedom of speech alongside the Electronic Frontier Foundation, perhaps most significantly Universal v. Reimerdes involving the distribution of DVD copy protection tool DeCSS, where courts upheld the constitutionality of the Digital Millennium Copyright Act anti-circumvention provisions. Corley is also host of Off The Wall and Off the Hook, two New York talk radio shows. Both shows can be downloaded or streamed via the 2600 site. thx wikipedia =) | ||
|
oHInsane
France727 Posts
Some of the 2600 people wrote and are still writing some webzines to release/explain some flaws/exploits/hacking state of the art paper. You can find some of them here: http://madchat.org/esprit/emags/ Most of those articles are very technicals but some of them are friendly readable if you can get into them a little bit. | ||
|
Alborz
Canada1551 Posts
Great thread, thanks Unforgiven_ve | ||
|
Resonate
United Kingdom8402 Posts
| ||
|
shinigami
Canada423 Posts
My respect for hackers shot up a several notches, except crackers. They seem to have the easier job, which explains why many of us never had to pay for our software in years. | ||
|
Orome
Switzerland11984 Posts
On May 23 2006 03:00 Resonate wrote: sheeckret shoshiety! ahahahaha now that was a nerd  | ||
| ||
