How do you hack?

Sputtering

I know this is an odd question and I've no intention of doing the sort but I've always been really curious as to just how do you hack? Is it computer programming or just random "enter password" and you try every combination under the sum??

Hobbes

You should ask in the security forum as they will really appreciate this post.

But here is the lesson for hacking..

<ruffkin2> HAHAHAH dat dude you sent me 127.0.0.1 iz enfected wit sub7 im ****in with him now
<andrw> oh good, format his computer
<Testicular_One> format his computer
<TheGreaterZero> format him

Goodshape

You should check out this movie. It's a bit out of date now but still a fairly accurate look at what being a cool hacker is all about.

Sabre0001

Of course you have no intention of doing it...That would be absurd!

By the way, does anyone here know where I can get my hands on some heroin...Just curiosity...

Hobbes

Goodshape wrote:

You should check out this movie. It's a bit out of date now but still a fairly accurate look at what being a cool hacker is all about.

They increased the password encryption on the gibson after that movie. The password is now sexgod.

Mutant_Fruit

Real hacking is getting out a dissasembler and examining the raw code in a program to find out what it does. Clicking "Hack Now" in a GUI hardly counts as hacking.

po0k

Reverse Engineer a Kiwi.

MrScruff

No programming required!

I'll break it down into steps for ya.

1/ Download this (It's a live linux CD)
2/ Run it and launch the program called Nessus.
3/ Enter the target machine.
4/ Look at the pretty report and use one of the holes it has found to break in.
5/ Find evidence of U.F.O activity OR get extradited to the US for an extended stay in scenic Guantanimo Bay.

*Disclaimer* You may need a screen that can project green text onto your face while you work.

Evil Phil

http://i.imdb.com/Photos/Ss/0244244/PC-1.jpg

TBH.

Zombrex

Sputtering wrote:

I know this is an odd question and I've no intention of doing the sort but I've always been really curious as to just how do you hack? Is it computer programming or just random "enter password" and you try every combination under the sum??

Technically you are talking about "cracking", as in cracking the security features in a computer system to stop unathorised access.

"Hacking" means hacking away at code and systems to figure out how they work and how to do cool things with them. For example "hacking" the Linux kernal does not imply trying to break it, or circumvent its secuirty, it just means trying to figure out how it works.

Unfortunately for people who consider themselves true hackers, the ill-informed media took the term "hacker" and ran with it, and now most people have a different idea of what hacker means, they think it means cracking.

Confused yet .....

Anyway, cracking is simply getting a computer to give you access when it shouldn't. All machines that interact with users or networks have to allow legitimate traffic in and attempt to block illegitamate traffic. You crack a system by convincing it that your malicious traffic is actually legitmate. How you do this depends on the circumstances, and what you want to crack.

It might be as simple as figuring out a system admins password and logging on pretending to be him, or it might be more complex like exploiting a bug in a network program to get it to do something it wasn't really meant to do.

There are millions of security bugs in the worlds software, with a million different ways to exploit these bugs.

PhantomBeaker

Actually anyone who's a member of the ACM, or has access to their most recent edition of the journal "Communications" (like if you're in college, it's in the library - definately in UCD, that's where I read it) there's a very good set of articles about hackers and hacking, their approach and how it differs from academia.

Really good article, and I'd recommend that anyone who can read it, does.

democrates

www.2600.com and the freedom downtime dvd for the insiders perspectives.

Also The Cuckoos Egg by Clifford Stoll, though outdated still a good read, his original article: stalking the wiley hacker (pdf). There was a tv program years back called 'spycatcher', would love to see it again.

Also slightly off-topic but if you want a good laugh check out the nerdcore rap "Rock Out With Your Hawk Out" by MC Hawking.

Tellox

Go and download a program called "Uplink". Thats excactly how the real life hackers work, in 2010.

Oh,and you should know, the CIA and the FBI are going to be monitoring your up-and-coming life of cybercrime, after posting this on public message boards. I would suggest restarting to the command prompt, and using fdisk c:\, and promptly throwing your harddrive into a bag full of strong magnets.

Evil Phil

Tellox wrote:

Go and download a program called "Uplink". Thats excactly how the real life hackers work, in 2010.

Oh,and you should know, the CIA and the FBI are going to be monitoring your up-and-coming life of cybercrime, after posting this on public message boards. I would suggest restarting to the command prompt, and using fdisk c:\, and promptly throwing your harddrive into a bag full of strong magnets.

Pressing Alt + F4 will clear your cache and render you untraceable.

Hobbes

Tellox wrote:

Go and download a program called "Uplink". Thats excactly how the real life hackers work, in 2010.

There was another one of these. Anyone remember the name? It wasn't as high tech'ish, revolved mostly console input.

Very fun though.

klash

Wicknight wrote:

Technically you are talking about "cracking", as in cracking the security features in a computer system to stop unathorised access.

Thank god someone knows something about the subject. I can't stand people calling cracking -> hacking. Its the bloody medias fault.

hacker n.

1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it; as in "a Unix hacker". (Definitions 1 through 5 are correlated, and people who fit them congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.

I'd love the op to ask Richard Stallman how to hack :cool:

smash

people see hackers or swordfish and they want to know how to do it... all the crap talk in these films where they just drop random phrases like logicbombs, trojans, 512 bit encryption!!!

It's like when I go to a meeting and a client says "ye ye, I think we should use a few applets maybe" - what the hell are you on about, this is nothing to do with the project and you're making no sense!

I always say stick to what you're good at because you'll probably end up on a forum some day and someone will be giving you "advice" - next thing you know, you'll have formatted your HD...

DeadParrot

good clean fun for learning to manipulate your own machine
http://www.happyhacker.org

just dont tell anyone Carol taught you...you'd be shunned as a n00b
and not l337

KTdesigner

(*Disclaimer* You may need a screen that can project green text onto your face while you work.) Lol, I love it, so true. Hollywood does not appear to know jack.

Last time I was flying through a 3D environment (of code) with my skateboard and superhuman antigravity powers, being chased by those nasty FBI types, I met a lovely "white hat" magician, who showed me the /exit. He said I should stop *DOSsing and Start > Run > CMD a new trace route 4 my life or I would end up like Neo (who likes pills and is a non-conformist). This *Prompt*ed me to change my ways and Refresh (F5 / Reload) my initial path.

smash

KTdesigner wrote:

(*Disclaimer* You may need a screen that can project green text onto your face while you work.) Lol, I love it, so true. Hollywood does not appear to know jack.

Last time I was flying through a 3D environment (of code) with my skateboard and superhuman antigravity powers, being chased by those nasty FBI types, I met a lovely "white hat" magician, who showed me the /exit. He said I should stop *DOSsing and Start > Run > CMD a new trace route 4 my life or I would end up like Neo (who likes pills and is a non-conformist). This *Prompt*ed me to change my ways and Refresh (F5 / Reload) my initial path.

I know exactly what you mean, last night I was jumped up on jolt cola and red liquorice and I was rollerbladding through these skyscrapers of garbage files... I got chased by a visual representation of cookie monster and I had to give him a cookie, then followed the breadcumbs home, stopped on the way for a bit of java though.

dlofnep

Instead of giving you the cliche hacking/cracking debate.. I'll answer the question as honestly as I can.

Put the words aside and their true meanings - What is it exactly you want to do? Do you want to compromise a machine or network at any cost for the fun of it or do you want to spend countless hours, getting 4 hours sleep searching nooks and crannies of code, understand principles of sql injection, buffer overflows, user input flaws in code, understanding concepts of networks, the securing of networks, the various methods of security, from hardware firewalls to different forms of access control..

I'm sure you want the easy way - Scaning a couple of subnets with a security scanner like retina or nessus which will give you a link usually to securityfocus, which in turn you can download the code for a local or remote exploit, compile, run, escalate privileges - Wallah. This is what most "script kiddies" spend hours every week doing, all just to deface some website to brag on IRC. Hey, I was one of them. I know how things run.

But really at the end of the day, it's not worth the hassle. at first you start out with the mentality that you just want to hack stuff cos it's cool and want to show off to your friends, but hanging around with influential people on IRC usually turn you to looking deeper into it. You spend more time programming, reading up more - Actually reading "lectures" on IRC.. Getting off on the fact that now people come to ask YOU questions about security related material.

Then you either stick with it and become semi-famous in the underground like gobbles, rain forest puppy or kevin mitnick.. Or you realise there is more to life than spending every night on PC's, losing valuable time that you could of spent with buds.

There you have it. As honest as I can be about it. I spent about 8 years in the whole scene, I'm long gone now - It was fun while it lasted. Ask me what the current security flaw trends are today, I couldn't tell you because I wouldn't know.. I'm now happy and enjoying life. The life of a hacker gives you no time for anything else.

Some reading for you off the top of my head if you are still interested.

Smashing the stack for fun and profit: http://www.insecure.org/stf/smashstack.txt

This has sentimental value. Anyone in the scene will tell you this is where hacking persay really exploded on the net. one of the most important pieces of writing in my opinion in the history of hacking.

Hacking Exposed: http://www.hackingexposed.com/

Hacking exposed is a very user friendly introduction to security. it's always worth the reading and a good way to expose you to security and flaws of security. I bought the original hacking exposed book and found it very insightful.. All the known exploits and flaws at the time were now carefully organised.. So for anyone who already knew them, it was a good reference book, and for anyone who didn't, it was a good way to learn and break into the world.

http://www.hackerslab.org/eorg/

This is a little wargame. A sort of controlled system that's mission is for you to hack your way up and escalate your privileges. It's fun to play and get's really challenging.

That's about that. Have fun with whatever you do.

penfold.

MrScruff

Technically you are talking about "cracking", as in cracking the security features in a computer system to stop unathorised access.

Everytime someone mentions "hacking" someone pipes up with "Actually, a hacker is a programmer.... a cracker is "

To %99 of the world a hacker is someone who breaks into computers.
A cracker is someone who breaks copy protection and the like.

You are not going to change this.

From the Cult of the Dead Cow:

A cracker is somebody who cracks warez, and/or a pejorative term for a white person. Any other meaning is never going to catch on in the media, nor with the old school. It's just too complicated to remember the distinction all the time. The people who are hackers by anybody's definition have done some... uh... mischevious things in their time; it's part of the nature of the beast. To say that "a real hacker would never break into a computer system" indicates - to me - a lack of understanding of the original meaning of the word. Of course a real hacker would break into a computer system, if it was an interesting enough problem and they didn't anticipate anybody having a problem with it. I agree that the media should widen it's definition of what a hacker is, but that's not the argument I usually see, especially here on slashdot. I see a lot more of "they aren't a real hacker, because they break into systems and/or do security stuff", which is plain silly.

Personally, I refer to people by whatever term they would like me to use, unless I don't like them.

Besides which, if you are doing something unexpected, unforseen, or disallowed to any system (which is my pocket definition of hacking) somebody is always going to think it's bad, until you laboriously convince them otherwise, on a case by case basis.

Why get caught up in semantic arguments when you could be doing cool things and get noticed for THAT, instead?

dlofnep

Mr. Scruff is correct.

PDelux

Is it computer programming or just random "enter password" and you try every combination under the sum??

In the context of a program where you need to enter a serial number or password. depending on the program, it can be easy as debugging the assembly to find where the program branches when you enter a good/bad serial number and then edit the file to replace a "branch if not zero" with a "branch if zero" so it will change the program flow.

bonkey

MrScruff wrote:

To %99 of the world a hacker is someone who breaks into computers.
A cracker is someone who breaks copy protection and the like.

To make life even more interesting...

Over here, people often refer to guru's as "cracks". On the other hand, a "hack" can be virtually anything...a kludge, a break-in, a neat solution....you name it.

People get too caught up with monikers and the like. They're all meaningless.

jc

x0n

so yeah, that sounds like the time I got myself reformatted to a 6-tab wide unix thread by a rogue html tag and had to rewire (dynamically of course) the inverse database flap that was oozing down my leg. I used everything I learned from Swordfish, including Halle Berry's tits, to hack into AIB's central muffin PCB detector and GUESS WHAT I FOUND OMGOMGOMG

zzz...kkkrrrrbb....zttzzzz...connection terminated...

pH

tbh

Capt'n Midnight

Hacking predates personal computers, it's about getting technology to do stuff it wasn't was designed to do, expanding the envelope if you like.

Cracking is usually negative.

projectmayhem

hacking is 70% social engineering (ringing up clueless secretaries and asking sneaky questions to get info -- namely passwords and the like), then 10% actual "computer hacking", then 10% getting the info... the final 10%? getting out unnoticed

not that i've ever done, or would ever do such a thing. it's illegal, and jesus will hate you for it

Cake Fiend

You're all wrong. A hacker is someone who fashions things out of wood by 'hacking' away at said wood.

Therefore, in order to hack, you must first acquire some suitable wood. Upon receipt of wood, obtain an implement (preferably metal), such as a chisel or hatchet, and commence fashioning something out of the aforementioned wood.

Happy hacking!

PhantomBeaker

projectmayhem wrote:

hacking is 70% social engineering (ringing up clueless secretaries and asking sneaky questions to get info -- namely passwords and the like)

I remember in the Annals of Improbable Research, they wrote an article about some research that was done, and it turned out that a horribly high amount of people would give up their passwords for chocolate (check out this article: http://news.bbc.co.uk/1/hi/technology/3639679.stm ).

I forget the figures, but it was an INSANE number.

The lesson, if you're doing any social engineering - offer chocolate :P