-
Use a *nix terminal for commands. Cygwin will help emulate a *nix for Windows users.
Nmap in particular uses
WinPCap
to run on Windows and does not require Cygwin. However, Nmap works
poorly on Windows systems due to a lack of raw sockets. You should also
consider using Linux or BSD, which are both more flexible. Most Linux
distributions come with many useful tools pre-installed.
-
Secure your machine first. Make sure you've fully
understood all common techniques to protect yourself. Start with the
basics — but make sure you have authorization to attack your target :
either attack your own network, ask for written permission, or set up
your own laboratory with virtual machines. Attacking a system, no matter
its content, is illegal and WILL get you in trouble.
-
Test the target. Can you reach the remote system? While you can use the
ping
utility (which is included in most operating systems) to see if the
target is active, you can not always trust the results — it relies on
the ICMP protocol, which can be easily shut off by paranoid system
administrators.
-
Determine the operating system (OS). Run a scan of
the ports, and try pOf, or nmap to run a port scan. This will show you
the ports that are open on the machine, the OS, and can even tell you
what type of firewall or router they are using so you can plan a course
of action. You can activate OS detection in nmap by using the -O switch.
-
Find a path or open port in the system. Common ports
such as FTP (21) and HTTP (80) are often well protected, and possibly
only vulnerable to exploits yet to be discovered.
- Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming.
- An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be brute forced.
-
Crack the password or authentication process. There
are several methods for cracking a password, including brute force.
Using brute force on a password is an effort to try every possible
password contained within a pre-defined dictionary of brute force
software
- Users are often discouraged from using weak passwords, so brute
force may take a lot of time. However, there have been major
improvements in brute-force techniques.
- Most hashing algorithms are weak, and you can significantly improve
the cracking speed by exploiting these weaknesses (like you can cut the
MD5 algorithm in 1/4, which will give huge speed boost).
- Newer techniques use the graphics card as another processor — and it's thousands of times faster.
- You may try using Rainbow Tables for the fastest password cracking.
Notice that password cracking is a good technique only if you already
have the hash of password.
- Trying every possible password while logging to remote machine is
not a good idea, as it's easily detected by intrusion detection systems,
pollutes system logs, and may take years to complete.
- You can also get a rooted tablet, install a TCP scan, and get a
signal upload it to the secure site. Then the IP address will open
causing the password to appear on your proxy.
- It's often much easier to find another way into a system than cracking the password.
-
Get super-user privileges. Try to get root privileges if targeting a *nix machine, or administrator privileges if taking on Windows systems.
- Most information that will be of vital interest is protected and you
need a certain level of authentication to get it. To see all the files
on a computer you need super-user privileges - a user account that is
given the same privileges as the "root" user in Linux and BSD operating
systems.
- For routers this is the "admin" account by default (unless it has been changed); for Windows, this is the Administrator account.
- Gaining access to a connection doesn't mean you can access
everything. Only a super user, the administrator account, or the root
account can do this.
-
Use various tricks. Often, to gain super-user status you have to use tactics such as creating a
buffer overflow,
which causes the memory to dump and that allows you to inject a code or
perform a task at a higher level than you're normally authorized.
- In unix-like systems this will happen if the bugged software has
setuid bit set, so the program will be executed as a different user
(super-user for example).
- Only by writing or finding an insecure program that you can execute on their machine will allow you to do this.
-
Create a backdoor. Once you have gained full control over a machine, it's a good idea to make sure you can come back again. This can be done by backdooring
an important system service, such as the SSH server. However, your
backdoor may be removed during the next system upgrade. A really
experienced hacker would backdoor the compiler itself, so every compiled
software would be a potential way to come back.
-
Cover your tracks. Don't let the administrator know
that the system is compromised. Don't change the website (if any), and
don't create more files than you really need. Do not create any
additional users. Act as quickly as possible. If you patched a server
like SSHD, make sure it has your secret password hard-coded. If someone
tries to log-in with this password, the server should let them in, but
shouldn't contain any crucial information.
Tips
- Unless you're an expert or a professional hacker, using these
tactics on a popular corporate or government computer is asking for
trouble. Keep in mind there are people a bit more knowledgeable
than you who protect these systems for a living. Once found, they
sometimes monitor intruders to let them incriminate themselves first
before legal action is taken. This means you might think you have free
access after hacking into a system, when in fact, you're being watched,
and may be stopped at any moment.
- Hackers are those who built the internet, made Linux, and work on
open source software. It's advisable to look into hacking as it's quite
respected, and requires a lot of professional knowledge to do anything
serious in real environments.
- Keep in mind, if your target is not doing their best to keep you
out, you won't ever become good. Of course, don't get cocky, don't think
about yourself as the best of the best. Make this your goal: you must
become better and better. Every day that you didn't learn something new
is a wasted day. You are all that counts. Become best, at any cost.
There are no half-ways, you must give fully of yourself. As Yoda would
say, "Do or do not. There is no try."
- Although it's great that there are many legal, safe training grounds
available for anyone, the sad truth is that you won't become even
mediocre if you don't perform potentially illegal actions. You can't
become anyone if you won't find real problems on real systems, with the
real risk of getting caught. Keep that in mind.
- Remember, hacking is not about breaking into computers, getting a
well paid job, selling exploits on the black market, nor helping anyone
compromise secure machines. You're not here to help the admin do his job. You're here to become the best.
- Read books discussing TCP/IP networking.
- There is a major difference between a hacker and a cracker. A
cracker is motivated by malicious (namely: money) reasons, while hackers
attempt to retrieve information and gain knowledge through exploration -
("bypassing security"), at any cost and in any way which may not always
be legal.
Warnings
- If you aren't confident with your skills, avoid from breaking into
corporate, government, or military networks. Even if they have weak
security, they could have a lot of money to trace and bust you. If you
do find a hole in such network, it's best to hand it to more experienced
hacker that you trust who can put these systems to good use.
- Misusing this information may be a local and/or federal criminal act
(crime). This article is intended to be informational and should only
be used for ethical - and not illegal - purposes.
- Be extremely careful if you think you have found a very easy crack
or a crude mistake in security management. A security professional
protecting that system may be trying to trick you or setting up a honeypot.
- Be careful what you hack. You never know if it has any thing to do with the government.
- Hacking into someone else's system may be illegal, so don't do it
unless you are sure you have permission from the owner of the system you
are trying to hack or you are sure it's worth it and you won't get caught.
- Never do anything just for fun. Remember it's not a game to hack
into a network, but a power to change the world. Don't waste that on
childish actions.
- Don't delete entire logfiles, instead, just remove only the
incriminating entries from the file. The other question is, is there a
backup log file? What if they just look for differences and find the
exact things you erased? Always think about your actions. The best thing
is to delete random lines of log, including yours.
- Although you may have heard the opposite, don't help anyone patch
their programs or systems. This is considered extremely lame and leads
to being banned from most hacking communities. And if you would release a
private exploit someone found, this person may become your enemy — and
this person is probably better than you are.
Things You'll Need
![NG-[A_BA[COMP_LAPT_ALLB]:Laptops_728x90](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sWwR3fmGvNJd_cmL9Qrelx7PaGF3HpOwsCGM6jzS5eJwgKiBSVnCGFInWVfJJ9faDPUMaO8UWO8tLK6VaaC26I6Ljv6RlKSfxeqcHEh9HmYoqoY1OfmAsVoV79TjxpcqOo1zkv_fnC8y23PDb0tfuCQD6udFvpjps7H342CNQLeY1_X8_J=s0-d)
