Introduction to the right way of thinking

I'd just like to say, this is a little article but I'm not posting it in the articles section because I DID NOT WRITE IT. Just wanted to get that out of the way, a good buddy wrote it. Here is a link to the original article:

http://www.totse.com/community/showthread.php?t=2147675

now on with the article:

I get a ton of questions during the week. Most of them are "Hey, can you teach me how to hack xxxxxx.com?" Now, I've tried my hardest to try and explain to everyone that it isn't as easy as point click, enter in a few keys and bam!. I've tried to explain the theory, and the process of things. 98% of the time they don't get it. I guess what I'm trying to accomplish from this paper is to educate some of you out there on basic hacking theory and motive. I've actually been wanting to do this for a while now, and it's not a complete guide to hacking. It's not even going to be very thourough.I just wanted to do, even just a little bit, of educating some of the people who think they want to learn.

:Basic Theory:

So, we've all probably seen the movie hackers. Yeah, it was an okay movie, but it's total bullshit. To those that know nothing about hacking, that is NOT how it goes. I know the movie was made a long time ago, but even then, that is how it wasn't done. Hacking is a very time consuming, dirty, and downright frustrating thing. It's not as simple as portayed in any movie. You can't just pick a site and go "I'M GOING TO HAXXX THIS MOTHER FUCKER!" Well, you could, but I doubt any one of us are Kevin Mitnick. There are a few hurdles, loops, ponds and cliffs you have to run, jump, skip, hop and drown in.

Today, there is multiple kinds of hacking. There is your every day skript kiddie web page hacking (Yes, I'm guilty of it for fun, but who isn't ) server hacking, wireless hacking and just about anything else that you can think of that connects to the internet hacking. For starters, the easiest kind of hacking is web hacking. It's pretty simple if you have a internet connected computer and know what to look for. (No, I'm not going to tell you what to look for) There is server hacking, basically, it's hacking STRAIGHT into the server. This can be done by finding vulnerable services run by said server, or a web based hole that spits vital bits of information out at you like the girl from the Exorcist. Now, you're probably saying "But he just said finding holes in web pages was totally skript kiddie!?". You would be correct, I did say that. People tend to get this confused. Being a skript kiddie is using pre-made code to exploit things, just getting access to a CMS and deleting shit, or changing the index to display their name. Not really knowing what could be further obtained if they would chill the fuck out and actually think of the possibilities. Breaking into a server via a web hole and not letting anyone know you did is something skript kiddies can't do(I don't know why, maybe they are mentally challenged?). There are countless possibilities if you can get it, and keep access to a server without letting someone know you were there. I'm not going to go into anything else, because this is only suppose to enlighten you guys on hacking, not cover all the bases. :Advanced Theory:

Here we get into the whole Hacking aspect a tiny bit. Here I'm going to give you a little insight into the lifestyle of the bored and the educated. Like I said before, not everything is hackable. You almost kind of need a 6th sense for it. You usually pick it up after a while. I really can't explain it, but you get a feeling. When it comes to hacking, there is a TON of recon work involved. There are tons of things you need to know before you can actually begin trying to get access. Here is a little bit of an example.

{ Steven is on a quest to hack something, he's bored, his girlfriend ditched him to go hang out with her friends at the mall, and he has nothing else to do. So, he sits at his computer and starts to bring up a few sites. He gets the feeling, the feeling that he might be able to get into this one. Now Steven has done this before, so he's not going to jump right into things. He cruises around the site. He takes into account what the website was written in, if they are using pre-made code, if the code is open source, if the site is big, is there a large user base, what type of web server they are running, are there login/search forms?. Steven makes mental notes of all these things. He cruises around the site, try's a few things, maybe tries a few SQL injections, maybe an LFI? He only tries the most common things. He figures there is no use in trying some crazy schemes to exploit this web page, it seems like it's locked up pretty well.

Seeing he can't get in through a web based hole, he scans the server to see what services it's running. He loads up his scanner and goes to town (cough nmap cough). Seeing as this is just a run of the mill site, and port scanning isn't illegal or looked down upon in the country of this server, he opts for the quickest but most effective return of services running on this server. He lets his scan go through, checks the output of the data and isn't quite happy with it. The data isn't sufficient enough. Could it be running a firewall that are blocking his probes? Could it just be his luck that there aren't any but two open ports? He figures he'll just scan it again, but be a bit sneakier. He lets this scan go through, a little pissed off at how long it takes, and is surprised by the output. Turns out it was running more services. Looking over the output, that looks a little something like this: Code:

Completed Parallel DNS resolution of 1 host. at 02:23, 0.44s elapsed
Initiating SYN Stealth Scan at 02:23
Scanning orbit.*********.co.nz (219.88.241.226) [1715 ports]
Discovered open port 443/tcp on 219.**.***.2**	http
Discovered open port 80/tcp on 219.**.***.2**      	http
Discovered open port 21/tcp on 219.**.***.2**      	ftp
Discovered open port 22/tcp on 219.**.***.2**      	ssh
Discovered open port 53/tcp on 219.**.***.2**      	domain
Discovered open port 465/tcp on 219.**.***.2**    	url 	//possibly something else running on this port (URL Rendesvous Directory for SSM)
Discovered open port 3306/tcp on 219.**.***.2**	mysql
Discovered open port 143/tcp on 219.**.***.2**	imap
Discovered open port 995/tcp on 219.**.***.2**	pop3 	//spop3 TLS/SSL
Discovered open port 110/tcp on 219.**.***.2**	pop3	
Discovered open port 993/udp on 219.**.***.2**	imap4 	//over TLS/SSL
Discovered open port 3389/tcp on 219.**.***.2**	MS WBT Server
Discovered open port 135/tcp on 219.**.***.2**```

Then he looks for anything that stands out to him.
}

There are a couple optoins that stand out here. He could run a DCOM exploit, and pray that the box isn't patched. He could connect to the Terminal Server and try guessing the password. There is exploiting the ftp server, if possible. Some exploits for FTP servers would enable you to run arbitrary command on the system or even create a user. You could try brut forcing the domain, you can spam email (if you are into that sort of thing) using their pop3, or even try guessing the password for ssh. Sometimes these things work out, some times they don't. If they don't, you could always see what other websites are run on that server by using Live Search from Microsoft http://live.com and entering IP:***.***.***.*** for more sites on that box and see if there is any exploitable bugs on any of those web pages.(if there is any, and if the server is shared hosting)
:If's, And's, Or's:

Lets just say, for the sake of it, that he did get access to the system through an exploitable service. There are countless things you could do once you are inside a box. You could just go "Oh shit..." and get out of there and never go back because you're a paranoid little rabbit, you could snoop around a bit, you could like totally navigate to the htdocs and change all the indexes to each website that hosts, you could delete everything, or you could be a sneaky little fucker. Say you want to be up to no good, you've done your snooping and find nothing good. You do happen to have a bot that you have just written and wanted to spread it. You could find a browser exploit to have your bot installed on every machine that visits that web page, you could have a prompt that asks for the user to install 'missing plugins' for the site that is actually your harmful bot. The list goes on and on for that. You could set up a back door, for tunneling if you are really into some crazy shit, or just 'want to stay off the radar and frame someone else for downloading/spreading child porn. Or, this might be a site where people pay for things! You can record credit card numbers and the whole shebang if you wanted. You could also set up a sniffer, who knows what you might find. The possibilities are endless.

:Conclusion:


Sorry if this was boring to you/you knew this already/was a waste of your time. I didn't intend for this to be a hacking guide, just an insight paper. I'm sure I'll get around to writing up some guides or something, or some POC papers, I just don't have the time right now. This is suppose to be a 'First things First' paper to give just a bit of insight into the world and how it kind of works. You guys are more then welcome to add on to this. In fact, I'd love it if you wrote something for this, maybe to turn it into a "Wanna get into hacking, this is the basic theory of operation paper"

Copyright 2008 O RLY inc.
All rights reserved

Zzz

Edit: This is a reaction to the information (or the lack thereof) in this article.

spyware wrote: Zzz

:ninja:

I didn't even know this stuff is copyrighted :P

Might be boring for most of us but might help some newcomers to have a little insight on what's going on. Hey wait you mean all that shit on the hackers movies was fake? You can't bruteforce a password in 2 seconds? Damn!!!

korg wrote: Might be boring for most of us but might help some newcomers to have a little insight on what's going on. Hey wait you mean all that shit on the hackers movies was fake? You can't bruteforce a password in 2 seconds? Damn!!!

What? You can't bruteforce a password in 2 seconds? That means I've been lied to all my life! nooo!!!!

Erh, you can bruteforce a password in two seconds. I mean, depends on what password we're talking about, but, it's possible.

Don't take it so serious there spy it was a joke, You know HA>HA.

I dunno why but there must be a shit ton of skiddies that have nothing better to do then waste time defacing websites. I actually thought of this earlier and figured while it has almost nothing in common I would post it anyways.

So here I am at work just browsing, figure I would go to milw0rm to see any new exploits that pop up on a daily basis. And one catches my eye to look at. So I read it and form my own dork to find vulnerable sites. Low and behold there are over 20,000 hits. page 1-30 all seem to be hacked, so I look into the vulnerability and EVERY SINGLE ONE just posted "Haxord" blah blah blah into the sites cms.

I guess what I want to say besides how pathetic it was, that people really dont know what they were doing. I changed an already hacked sites admin password, logged in to see what they were doing… Low and behold on one of the pages theres and FTP setup screen with location/username/and a * out password (you should all know what to do with those).

Anyways next thing I know I have FTP access to their server which just so happened to be root, with 6 other sites on the same server.

I know this is a rant, but here is what it comes down to. STOP BEING IN SUCH A HURRY TO HACK SOMEONES SITE. take some time, browse around you might find info a LOT more useful then merely posting "You got Hacked"

The nice person I am deleted the logs, not so much for the hacker, but for myself >.> and then left peacefully, laughing at what all these skiddes, both for their retarded hacks, and lack of forethought.