How do you hack?

KTdesigner

Crackers can't hack unless they're tracker nackers with no sack and a small jack between the crack (of dawn) so relax, let it slack, get back on track and no hack or smack jack.

Cake Fiend

KTdesigner wrote:

Crackers can't hack unless they're tracker nackers with no sack and a small jack between the crack (of dawn) so relax, let it slack, get back on track and no hack or smack jack.

That cack be wack!

evilhomer

PhantomBeaker wrote:

I remember in the Annals of Improbable Research, they wrote an article about some research that was done, and it turned out that a horribly high amount of people would give up their passwords for chocolate.

I forget the figures, but it was an INSANE number.

The lesson, if you're doing any social engineering - offer chocolate :P

What kind of chocolate are you offering?

jmcc

Goodshape wrote:

You should check out this movie. It's a bit out of date now but still a fairly accurate look at what being a cool hacker is all about.

Nah! "Sneakers" is a far more accurate movie. Though if you want to get esoteric about it, check out the "Pi" and "Enigma" movies. Pi does deal with the kind of obsessive nature that some hackers can develop when engaged in a hack.

And as for the whole cracker vs hacker thing - blame clueless technology journalists. I rem one of them interviewing a supposed security expert who was busy trying to factor prime numbers with his management consultancy "security" group. A rather obvious gaffe but the tj in question never spotted it and it was aired on the TV programme.

The reality is that most tjs are technologically ignorant and trying to explain the difference between a cracker and a hacker to them is a waste of time because the media now uses "hacker" as the accepted term for what we would call a cracker. These tjs just run press releases and call it journalism rather than doing real journalism. The good thing is that these people rarely last more than half a bubble cycle before they are dumped into the books/arts review section of the media. But being a hacker is a way of mind and lasts a lifetime.

Regards...jmcc

Capt'n Midnight

Yeah chocolate's good

or you could go fishing http://www.boards.ie/vbulletin/showthread.php?p=51690248&highlight=password#post51690248

projectmayhem

PhantomBeaker wrote:

I remember in the Annals of Improbable Research, they wrote an article about some research that was done, and it turned out that a horribly high amount of people would give up their passwords for chocolate (check out this article: http://news.bbc.co.uk/1/hi/technology/3639679.stm ).

I forget the figures, but it was an INSANE number.

The lesson, if you're doing any social engineering - offer chocolate :P

ha.. people are great

on a serious note, people are very willing to hand over passwords to "bob from tech support*", so willing that if i were an employer i'd be fairly worried.

*for legal reasons: i am not, or never have been "bob from tech support"

PhantomBeaker

evilhomer wrote:

What kind of chocolate are you offering?

I offer from a selection Green & Black's Maya Gold, Cadbury's Bourneville and Galaxy... take your pick. If they still did it, I'd offer Cadbury's Top Deck as well.

For any of the above, just send your boards.ie password to me by Private Message and we can work something out.

Aoife

weeder

does that distro come with aids 1.0 or herpes 2.876

scojones

dlofnep wrote:

Instead of giving you the cliche hacking/cracking debate.. I'll answer the question as honestly as I can.

Put the words aside and their true meanings - What is it exactly you want to do? Do you want to compromise a machine or network at any cost for the fun of it or do you want to spend countless hours, getting 4 hours sleep searching nooks and crannies of code, understand principles of sql injection, buffer overflows, user input flaws in code, understanding concepts of networks, the securing of networks, the various methods of security, from hardware firewalls to different forms of access control..

I'm sure you want the easy way - Scaning a couple of subnets with a security scanner like retina or nessus which will give you a link usually to securityfocus, which in turn you can download the code for a local or remote exploit, compile, run, escalate privileges - Wallah. This is what most "script kiddies" spend hours every week doing, all just to deface some website to brag on IRC. Hey, I was one of them. I know how things run.

But really at the end of the day, it's not worth the hassle. at first you start out with the mentality that you just want to hack stuff cos it's cool and want to show off to your friends, but hanging around with influential people on IRC usually turn you to looking deeper into it. You spend more time programming, reading up more - Actually reading "lectures" on IRC.. Getting off on the fact that now people come to ask YOU questions about security related material.

Then you either stick with it and become semi-famous in the underground like gobbles, rain forest puppy or kevin mitnick.. Or you realise there is more to life than spending every night on PC's, losing valuable time that you could of spent with buds.

There you have it. As honest as I can be about it. I spent about 8 years in the whole scene, I'm long gone now - It was fun while it lasted. Ask me what the current security flaw trends are today, I couldn't tell you because I wouldn't know.. I'm now happy and enjoying life. The life of a hacker gives you no time for anything else.

Some reading for you off the top of my head if you are still interested.

Smashing the stack for fun and profit: http://www.insecure.org/stf/smashstack.txt

This has sentimental value. Anyone in the scene will tell you this is where hacking persay really exploded on the net. one of the most important pieces of writing in my opinion in the history of hacking.

Hacking Exposed: http://www.hackingexposed.com/

Hacking exposed is a very user friendly introduction to security. it's always worth the reading and a good way to expose you to security and flaws of security. I bought the original hacking exposed book and found it very insightful.. All the known exploits and flaws at the time were now carefully organised.. So for anyone who already knew them, it was a good reference book, and for anyone who didn't, it was a good way to learn and break into the world.

http://www.hackerslab.org/eorg/

This is a little wargame. A sort of controlled system that's mission is for you to hack your way up and escalate your privileges. It's fun to play and get's really challenging.

That's about that. Have fun with whatever you do.

penfold.

Summed up pretty nicely. A book I recommend, which is written by a very good friend of mine would be "Hacking: The Art of Exploitation". Here's a link.

projectmayhem

this thread should seek sponsorship from the 2600 tbh

Capt'n Midnight

projectmayhem wrote:

this thread should seek sponsorship from the 2600 tbh

If Sputtering cares to leave personal details, then I'm sure they'd be able to organise sponsorship in some form or other.

Saruman

Yup cracking.. not hacking is what he is asking about.. in which case i do it all the time! For instance today i was at a server that no one knew the admin password for (person who set it left company) so i had to "crack" in by logging in as a user who happened to have admin rights and re-setting the password. Its not cool 3d graphics, its not "wow im a hacker!" its just common sense and its my job. Sure there are harder ways to get access like getting access to systems remotely etc.. much harder to do if you are not actually there but the idea is the same.

NutJob

Saruman wrote:

Yup cracking.. not hacking is what he is asking about.. in which case i do it all the time! For instance today i was at a server that no one knew the admin password for (person who set it left company) so i had to "crack" in by logging in as a user who happened to have admin rights and re-setting the password. Its not cool 3d graphics, its not "wow im a hacker!" its just common sense and its my job. Sure there are harder ways to get access like getting access to systems remotely etc.. much harder to do if you are not actually there but the idea is the same.

No 3D gfx No matrix like hex dumps Still cant figure out what a gibson is (think its a guitar):( 15 years of jail sex :eek: For everything else theres mastercard


If you are interested in Computer Security and not jail time start learing Assembler, C/C++, PC architecture , Security Concepts, Os Design , Software Design ..............

Then you might undersand docs from places like phrack (nice and old now) or securityfocus (less old but unlikely you can get into trouble ther)

bert_man

Then there's

SQL Injection - where you enter malicious SQL into something like a password box on a Web Page and it gets wrapped up in a DB request and can do something like deleting or selecting stuff from a database table

Cross-Site javascripting where you can enter javascript into controls on a web page

and

The old Mixed Mode SQL Server login where you can fire passwords at SQL Server, gain access, use the query analyser window to run a command line stored proc, set up a user account for the domain and log on remotely that way

why people want to do this stuff though is beyond me

PhantomBeaker

By the way, to the OP, I'm in the middle of that smash the stack article, doing out example3, and there's a little flaw/bit of outdated trivia in that, which means that if you use the program out of the box, it'll break.

I've spent a number of hours (total, this was over a coupla days, with me nibbling on the problem every so often) playing with the examples, until I figured it out.

If you can do the same, then you're doing well for a beginner. Enjoy.

As an aside, if you're going to get anywhere with cracking, you're probably going to have to learn something about hacker mentality, as in the "Oooh, shiny, let's see what exactly I can do with this" type of attitude I've seen in the few people that I'd label as a "hacker". (And no, I don't label myself as one yet...) This is a very good article that describes it quite well: http://www.catb.org/~esr/faqs/hacker-howto.html

Aoife