Page 1 of 2 12 LastLast
Results 1 to 40 of 53
  1. #1
    devil1's Avatar
    devil1 is offline Jacked Jarhead
    Join Date
    Jun 2004
    Location
    working:(
    Posts
    3,337

    how do hackers hack?

    do they have programs they use or is it all in some sort of code?

  2. #2
    max2extreme's Avatar
    max2extreme is offline Anabolic Member
    Join Date
    Aug 2004
    Posts
    0
    very quietly

  3. #3
    Lavinco's Avatar
    Lavinco is offline Anabolic Member
    Join Date
    Oct 2005
    Location
    901 N 2nd St Philadelphia
    Posts
    2,492
    there's no one answer to that question.

    read this to get your career in crime off the ground. It shows advanced searches through Google to find vulnerabilities on websites. Gotta love Google, they find everything.

    http://johnny.ihackstuff.com/index.p...le=prodreviews

  4. #4
    max2extreme's Avatar
    max2extreme is offline Anabolic Member
    Join Date
    Aug 2004
    Posts
    0
    take a look at knoppix std.

  5. #5
    Slick Arrado is offline Member
    Join Date
    Dec 2003
    Location
    Texas
    Posts
    792
    Quote Originally Posted by Lavinco
    there's no one answer to that question.

    read this to get your career in crime off the ground. It shows advanced searches through Google to find vulnerabilities on websites. Gotta love Google, they find everything.

    http://johnny.ihackstuff.com/index.p...le=prodreviews

    You think Johnny's taking note of IP addys for future victims?



  6. #6
    powerliftmike's Avatar
    powerliftmike is offline ~Elite AR-Hall of Famer~
    Join Date
    Aug 2005
    Location
    gates of hell
    Posts
    5,712
    Hacking just refers to getting into a system. Just like there is not one way to break in a locked house, there are many different ways, depending on the system, to get in. Hackers are good people, while Crackers are not. Big difference. The teen trying to deface websites with "you suck" is a cracker.

  7. #7
    aspengc8 is offline Junior Member
    Join Date
    Oct 2004
    Posts
    141
    "Hacking" is malicious. They know right off the bat, if they get caught, they are in deep ish. Remote access to a system (secure or not) your not suppose to be on, for example. "Cracking" is more software/piracy related. Someone that uses pre-written software to hack a website, or crack a serial for some software, is know as a "script-kiddie". They have no skill, but yet take credit for accomplishments.

  8. #8
    ironmike250's Avatar
    ironmike250 is offline Associate Member
    Join Date
    Dec 2005
    Location
    Washington DC
    Posts
    253
    I am an IT major, and I can tell you that hackers are fu#king smart people bro. Hacking is some very sophisticated shit!

    A hacker can do port scans to search for open ports and enter your machine for one.

    It's a whole world of hi tech crap out there.

  9. #9
    aspengc8 is offline Junior Member
    Join Date
    Oct 2004
    Posts
    141
    Quote Originally Posted by ironmike250
    I am an IT major, and I can tell you that hackers are fu#king smart people bro. Hacking is some very sophisticated shit!

    A hacker can do port scans to search for open ports and enter your machine for one.

    It's a whole world of hi tech crap out there.
    Someone that uses Ethereal to do a port scan is not a hacker, they are script kiddies.

  10. #10
    oldman's Avatar
    oldman is offline Anabolic Member
    Join Date
    Sep 2005
    Posts
    2,224
    Quote Originally Posted by aspengc8
    "Hacking" is malicious. They know right off the bat, if they get caught, they are in deep ish. Remote access to a system (secure or not) your not suppose to be on, for example. "Cracking" is more software/piracy related. Someone that uses pre-written software to hack a website, or crack a serial for some software, is know as a "script-kiddie". They have no skill, but yet take credit for accomplishments.

    Very well put.. For the most part what you will encounter today are script-kiddies. Once an exploit is found such as in the popular phpbb.com forum the exploit will be spread underground by all these kids and they will grub the web for phpbb forums and exploit them. Most are done using hack "tools" that take zero skills but if you go to zone-h.com you will see lists of sites that have been hacked, defaced and whatever. They run contests (not zone-h) but hacker groups to see who can deface the most sites in a set time. As a person that runs many many web servers these guys are always trying to get into our systems and unfortunately we have had a couple. We actually had a Real hacker get in as "root" on one of our boxes and set up a spam system and shot out about 100k spams before we caught him (of course that was within 30 minutes or so). We removed his spam tools and it pissed him off so he wiped the data stripe clean.. not pretty.. We do on-server and off server backups so it only took a few hours to restore but what a pain in the arse it was.

    why do people hack?? because they can't lift weights.


    Oldman

  11. #11
    max2extreme's Avatar
    max2extreme is offline Anabolic Member
    Join Date
    Aug 2004
    Posts
    0
    anyone go to black hat this year (or any other year)? if you're interrested in that stuff, thats the place to be every year. this past year it was down in vegas. lots of cool stuff. the thing they do every year is set up a super protected computer and have teams to see who can be the first to crack it.

  12. #12
    aspengc8 is offline Junior Member
    Join Date
    Oct 2004
    Posts
    141
    As a network engineer for a fairly large ISP, keeping web servers, DNS, VPN, etc contantly up do date (patches), not to mention Cisco routers (advisory's on exploits every day)...what can I say, It's a living . We get alot of customers that get DDOS, or their web server might get hacked, or cisco router CPU jumps to 99.9%...we try to work with the customer to help them prevent this kind of stuff from happening, or take action if its ongoing (web/ddos).

  13. #13
    S.P.G's Avatar
    S.P.G is offline AR Workout Scientist
    Join Date
    Mar 2005
    Location
    uk/ south east
    Posts
    4,535
    very interesting stuff i have no idea what any of you are talking about lol

  14. #14
    Flexor is offline Banned
    Join Date
    Aug 2004
    Location
    L'Inghilterra
    Posts
    1,611
    Quote Originally Posted by oldman
    why do people hack?? because they can't lift weights.

    Oldman
    Well spotted

    Can someone hack a router with NAT? Because the computers that are connected cannot by seen by IP address, is there a way for someone to see beyond the static IP of the router?

  15. #15
    scriptfactory's Avatar
    scriptfactory is offline Anabolic Member
    Join Date
    Jul 2004
    Location
    Germany
    Posts
    1,553
    Quote Originally Posted by Flexor
    Well spotted

    Can someone hack a router with NAT? Because the computers that are connected cannot by seen by IP address, is there a way for someone to see beyond the static IP of the router?
    No, but you can scan the open ports on the router and hopefully some of them will be forwarded to a PC you want to connect to. If you find an open port with an exploitable weakness you can use that to access the particular machine. You might then be able to use that machine to connect to other machines in the LAN.

  16. #16
    Flexor is offline Banned
    Join Date
    Aug 2004
    Location
    L'Inghilterra
    Posts
    1,611
    Quote Originally Posted by scriptfactory
    No, but you can scan the open ports on the router and hopefully some of them will be forwarded to a PC you want to connect to. If you find an open port with an exploitable weakness you can use that to access the particular machine. You might then be able to use that machine to connect to other machines in the LAN.
    I don't do P2P file sharing, but do I still have open ports? Is there just one open port for internet use, how does this work? Thanks for replying...

    I have a firewall that blocks other computers trying to connect to ports anyway...

  17. #17
    crash187ct's Avatar
    crash187ct is offline Senior Member
    Join Date
    Jul 2005
    Location
    St. Paul, MN
    Posts
    1,475
    Quote Originally Posted by powerliftmike
    Hacking just refers to getting into a system. Just like there is not one way to break in a locked house, there are many different ways, depending on the system, to get in. Hackers are good people, while Crackers are not. Big difference. The teen trying to deface websites with "you suck" is a cracker.
    Sorry to bust your bubble, but hacking is neither good nor bad. Its the person in control, and everyone is different. Cracking is neutral also. You can write a cracker to test an applications security potential for testing purposes, but that doesn't necessarily mean you're bad. There are many people trying to deface websites also, not just teens. Hacking does not refer to getting into a system. Hacking more or less, in a nutshell, is doing something the code is not usually permitted to do. You can hack many things, and there isn't an actual system on the other end.

  18. #18
    scriptfactory's Avatar
    scriptfactory is offline Anabolic Member
    Join Date
    Jul 2004
    Location
    Germany
    Posts
    1,553
    Quote Originally Posted by Flexor
    I don't do P2P file sharing, but do I still have open ports? Is there just one open port for internet use, how does this work? Thanks for replying...

    I have a firewall that blocks other computers trying to connect to ports anyway...
    Haha! Sorry, I didn't see this post.

    Go to your command prompt (Start > Run > type 'cmd' without the quotes) and when the window opens up type 'netstat -an' (without quotes.) It will show you all of your open ports and their current status.

    If you have a firewall you don't really have much to worry about.

  19. #19
    Flexor is offline Banned
    Join Date
    Aug 2004
    Location
    L'Inghilterra
    Posts
    1,611
    Thanks man, interesting stuff. I might be ditching the firewall, it slows my computer's startup too much and even when the desktop is viewable, its still slow for about 30 seconds as it loads and catches up. Stupid 3ghz P4, 2048 DDR400 ram is crap. I should run my two SATA drives in RAID, but I can't be bothered to start over again. NOt sure it would speed them up that much though.

  20. #20
    CarbonCopy's Avatar
    CarbonCopy is offline Member
    Join Date
    Oct 2001
    Location
    USA
    Posts
    557
    Quote Originally Posted by Flexor
    Well spotted

    Can someone hack a router with NAT? Because the computers that are connected cannot by seen by IP address, is there a way for someone to see beyond the static IP of the router?

    Actually, yes... And NAT'ing itself really doesn't offer that much protection. Most good hackers want to get in and out of systems/networks undetected. But the script kiddies are very dangerous because they like to pull "amature night" and wreck systems. Most of the real hackers are well funded and well organized. They hack for profit, which I think has changed from days past when it was mostly for props from other hackers.
    Last edited by CarbonCopy; 01-17-2006 at 12:09 PM.

  21. #21
    CarbonCopy's Avatar
    CarbonCopy is offline Member
    Join Date
    Oct 2001
    Location
    USA
    Posts
    557
    Quote Originally Posted by aspengc8
    As a network engineer for a fairly large ISP, keeping web servers, DNS, VPN, etc contantly up do date (patches), not to mention Cisco routers (advisory's on exploits every day)...what can I say, It's a living . We get alot of customers that get DDOS, or their web server might get hacked, or cisco router CPU jumps to 99.9%...we try to work with the customer to help them prevent this kind of stuff from happening, or take action if its ongoing (web/ddos).
    Seems most router guys don't like to implement security into their networks. Although I think that trend is starting to change.

  22. #22
    purplelaceteddy is offline Female Member
    Join Date
    Mar 2004
    Posts
    679
    Quote Originally Posted by scriptfactory
    Haha! Sorry, I didn't see this post.

    Go to your command prompt (Start > Run > type 'cmd' without the quotes) and when the window opens up type 'netstat -an' (without quotes.) It will show you all of your open ports and their current status.

    If you have a firewall you don't really have much to worry about.

    ahh the good ole days of DOS is still supreme....there are some hacking tools out there but just like every one has stated....most are for the script kiddies who really don't know what they are doing.
    At a bookstore the other day, I saw a book entitled "Sex for Dummies." Why would someone want to teach dumb people how to reproduce? Aren't there enough of them now?

  23. #23
    Panzerfaust's Avatar
    Panzerfaust is offline Ron Paul Nuthugger
    Join Date
    Aug 2004
    Location
    Deutschland
    Posts
    8,787
    Quote Originally Posted by ironmike250
    I am an IT major, and I can tell you that hackers are fu#king smart people bro. Hacking is some very sophisticated shit!

    A hacker can do port scans to search for open ports and enter your machine for one.

    It's a whole world of hi tech crap out there.

    Its not that high tech bro (depends i will agree on what you are trying to do)...shit get a laptop and a wireless card and a network/package sniffer and drive around and see what you find...plenty of morons out there running wireless networks without encryption/security.

    Not that hard.

  24. #24
    JPLG is offline New Member
    Join Date
    Jan 2006
    Location
    NATO Land
    Posts
    0
    most of the hackers pay other hackers to do their job

  25. #25
    Warrior's Avatar
    Warrior is offline AR-Hall of Famer
    Join Date
    Oct 2002
    Location
    6'0"/248lbs
    Posts
    6,982
    ANyone ever put a connection to the hardware manufacturers? I mean, virus can generate new computer sales for the average Joe Computer Owner... "computer has been acting slow and messed up lately - time to buy a new one!"

    Not to start a conspiracy theory but big business has shown deviant ways to raise their bottomline's before... many times before... got to make the stock holders happy...

  26. #26
    DSM4Life's Avatar
    DSM4Life is offline Snook~ AR Lounge Monitor
    Join Date
    Jan 2005
    Location
    PA
    Posts
    30,963
    Blog Entries
    1
    If i can write a string command in JAVA saying, "Hello and welcome to JAVA" Does this make me a hacker ?

  27. #27
    aspengc8 is offline Junior Member
    Join Date
    Oct 2004
    Posts
    141
    Quote Originally Posted by DSM4Life
    If i can write a string command in JAVA saying, "Hello and welcome to JAVA" Does this make me a hacker ?
    No, it makes you a new student in a JAVA programming 101 class.

  28. #28
    DSM4Life's Avatar
    DSM4Life is offline Snook~ AR Lounge Monitor
    Join Date
    Jan 2005
    Location
    PA
    Posts
    30,963
    Blog Entries
    1
    Quote Originally Posted by aspengc8
    No, it makes you a new student in a JAVA programming 101 class.
    Naaa i can make madddddd infinite loops.

  29. #29
    tranzit is offline Senior Member
    Join Date
    Nov 2005
    Location
    Washington state
    Posts
    1,248
    Well i have some background in this.. from my younger years. I used to do a little hobby hacking back in the late 80's and early 90's i am not sure what the guys are doing these days.. but it all comes down to an understanding of exactly how the OS works for instance. Linux/Unix was one i used to dabble with quite a bit. The easyest way i learned how to get into these box's was pretty simple.. i would subcribe to the programmers news groups. they would talk about security flaws and fixes and you could exploit them. back then i would run a war dialer which is a program that was set up to dial numbers like this say the number was 555- you would enter 0001 to 9999 and it would dial every number in that range loging all computer activity that answered. you could go back later and attempt to get in. I would also use s Dos shell account for my dial up internet access and i could telenet multiple times and by the time i was done you really couldnt tell where i was comming from. These days it is much harder. Most hacking i would imagine look for open wireless access then use that on a secured cleaned computer.. sitting in their cars ect.. this way you cannot be tracked. Reserch guys like Kevin mitnick as well as emanual goldstein. Alt 2600 magazine. Blacklisted magazine ect.. its really rather interesting.

  30. #30
    extreme22's Avatar
    extreme22 is offline Associate Member
    Join Date
    Mar 2005
    Location
    canada Montreal
    Posts
    418
    hacking is all about math and see the number sequence and understanding the flow of Av flow as well OS implantation.

  31. #31
    DNoMac's Avatar
    DNoMac is offline Senior Member
    Join Date
    Feb 2004
    Location
    Ohio
    Posts
    1,684
    I live in an apartment comlex and pick up plenty of wireless signals. Anyway I can look on their computer to steal some porn?? Just playin, but I do pick up a lot of their music library and have been schemin on that. I wouldn't do anything harmful to their computer even if I knew how, but I'll def double my musci library.

  32. #32
    Alex2's Avatar
    Alex2 is offline Senior Member
    Join Date
    Oct 2004
    Location
    R these guns registered?!
    Posts
    735
    Quote Originally Posted by DNoMac
    I live in an apartment comlex and pick up plenty of wireless signals. Anyway I can look on their computer to steal some porn?? Just playin, but I do pick up a lot of their music library and have been schemin on that. I wouldn't do anything harmful to their computer even if I knew how, but I'll def double my musci library.
    It seems like you are my neighbor

  33. #33
    DNoMac's Avatar
    DNoMac is offline Senior Member
    Join Date
    Feb 2004
    Location
    Ohio
    Posts
    1,684
    Thanks for the songs Alex. Btw, I like the pics of your gf...

  34. #34
    Warrior's Avatar
    Warrior is offline AR-Hall of Famer
    Join Date
    Oct 2002
    Location
    6'0"/248lbs
    Posts
    6,982
    Ste****g WiFi is a given. IMO - if you broadcast in the open you are allowing people to join your network. If you drop 20 bucks in my driveway - I'll spend it for you If you don't want people to piggy back - lock down your signal.

    If I had wireless network set up I wouldn't care if people joined it, I ain't a scrooge - but the minute it messed up my bandwidth (a noticeable decrease in speed) - fuk them all, I would secure it...

  35. #35
    jackedmofo is offline New Member
    Join Date
    Feb 2006
    Posts
    11
    Quote Originally Posted by scriptfactory
    Haha! Sorry, I didn't see this post.

    Go to your command prompt (Start > Run > type 'cmd' without the quotes) and when the window opens up type 'netstat -an' (without quotes.) It will show you all of your open ports and their current status.

    If you have a firewall you don't really have much to worry about.
    How do you close the open ports? I have a few "foreign" ip's

  36. #36
    kynetguy's Avatar
    kynetguy is offline Senior Member
    Join Date
    Jul 2006
    Posts
    1,446

    Wink

    This is an interesting topic I thought should be brought back to life. I had a few rambling thoughts that I wanted to post. (plus I need to get my numbers up so I can PM, but wanted to do so in a manner which was worthwhile to people)

    Script Kiddies - Don't let the Kiddie part fool you. Your dad could be one. These are beginner hackers trying well known exploits on systems to gain access, do damage, or just to have fun. These guys are dangerous because most often even they do not know what the results of their actions will be. They just download some script, code, packet injector and try their luck. Luckily, being mostly untrained, uneducated and inexperienced, these guys are NOISY on a network. Any halfway decent commercial or free software firewall will stop them provided you update it regularly and reasonably secure it. Mostly the things they are doing are out of date exploits.

    NAT - No network security here. The only thing NAT does it make it harder on the Script Kiddie, no real security there for an experience hacker. The main purpose for NAT is to conservere the finite number of real addresses available.

    Port Scans - annoying. I would venture to guess that most of you get port scanned at least once a day. (for the record, someone mentioned Ethereal. . .this is not a port scanner. Its a packet sniffer) Port scans are often the beginning of an amature hack or script kiddie. Often they are used to fingerprint your OS to see what you are running. Port scans are noisy and generate a lot of traffic visable to firewalls. Unless you do a more stealthy scan and not scan a serious of well known ports in one scan. A hit on port 80, then a while later port 23, another while later on 21, another while on 389. . .not going to be detected as a port scan and likely ignored.

    WEP/WPA/WPA2 - Don't think you are secure. That's all I am saying. There isn't a wireless encryption scheme publicly available to date, that hasn't been broken. Once again, you are only slowing people down. Even if they cannot get ONTO your wireless, they can still capture your traffic and decrypt it. Anyone care to challenge me on this one?

    If someone REALLY wants into a system, they will get in. Bet your last bottle of Test E on it. Bu chances are, 99.999999% of you have nothing no one is going to target. And if you do, hand it over because they will get you eventually if its that valuable to them.

    With that in mind, let me give you some tips to keep the annoying kiddies out and most other amatuer hackers.

    1 - Keep windows up to date with Windows Update. . .preferably run auto updates.

    2 - Do not have any BLANK passwords.

    3 - Use STRONG passwords. (one of your best defences, I will go into that in a bit)

    4 - DO NOT, I RePEAT DO NOT, use the same passwords for forums that you use to protect internet banking sites, your private data or anything you REALLY want to keep secure. Most forum software packages use MySQL or MS SQL as a database to store user info. All your passwords are typically stored UNENCRYPTED in these data bases. Sure these data bases are password protected. But if I have the database file, then I have all the time I want to brute force it into submission. This isn't directed to this sites admin or any other admin for that matter. But these databases are stored at an ISP. The ISP has full access to these files. If the ISP is compromised, so is the database.

    5 - Run Anti-virus and keep it up to date.

    6 - Clean your PC of spyware/cookies regularly.


    Passwords - Passwords are cracked several ways.

    Dictionary attacks. Where a dictionary of words is used against your password to break it. If your word is a real word, 30 seconds or less it can be broken. This includes foreign languages.

    Modified Dictionary Attacks - This could be spelling words backwards, replacing numbers/symbols for letters (leet speak - 1337 5p3@< ) and varying capitolizations. (kYneTgUY , which to a computer is not the same as KYnetGuy)

    Brute Force - this will generally get ALL passwords eventually. Your goal is to make your password take longer than its worth to crack.

    Strong Password rules:

    1 - Use at least one number, one lowercase letter, one up1 rcase letter and one non-alpha numeric character (~!@#$%^&*()_...etc)
    2 - Make your password 10 charaters or longer.
    3 - Do not use real words.

    A very strong password would be: <I8@The!nt3rNet?>

    This uses all the above. ANd it is not a real word. I ran 2 different crackers on this and in 48 hours, it still wasnt cracked by either. Its really easy to remember. the < and the > that starts and ends it are easy. And phonetically its I ate at the internet?.

    Maybe this will help some of you out.

    Cheers

  37. #37
    Damien_III's Avatar
    Damien_III is offline Junior Member
    Join Date
    Mar 2005
    Location
    North East England
    Posts
    85
    There is social engineering hacking aswell. Read this http://www.zone-h.org/content/view/13848/31/ humans are easier to hack than machines lol

  38. #38
    k0nsl's Avatar
    k0nsl is offline Banned
    Join Date
    Apr 2002
    Location
    Kopenhagen
    Posts
    170
    Quote Originally Posted by kynetguy
    4 - DO NOT, I RePEAT DO NOT, use the same passwords for forums that you use to protect internet banking sites, your private data or anything you REALLY want to keep secure. Most forum software packages use MySQL or MS SQL as a database to store user info. All your passwords are typically stored UNENCRYPTED in these data bases. Sure these data bases are password protected. But if I have the database file, then I have all the time I want to brute force it into submission. This isn't directed to this sites admin or any other admin for that matter. But these databases are stored at an ISP. The ISP has full access to these files. If the ISP is compromised, so is the database.
    I suppose thats true for some bad software. Most applications nowadays encrypt the passwords in MD5, but needless to say, MD5 is easily cracked and there are even websites dedicated to cracking MD5 hashes.

    This forum probably stores the passwords as MD5 hashes, so if somebody got a hold of the database, they could easily crack the hash of a member and start using his account...

  39. #39
    crash187ct's Avatar
    crash187ct is offline Senior Member
    Join Date
    Jul 2005
    Location
    St. Paul, MN
    Posts
    1,475
    lol, interesting to hear you all add to this post. for the most part...its entertaining. i thought i remember seeing a post saying hackers are good, and crackers are bad. lol....wtf is that all about? hacking and cracking are neither good, nor bad....the intent is where you can apply your accusations.

    umm, read another saying something about all hacking is, is math. well, you would be right, if you weren't wrong.


    hacking is good and bad. depending on how you look at it. "pre-hacking a network" (aka vuln. testing) can be used to prevent a certain attack. most of you have misconceptions about hackers/crackers/scriptkiddies.

  40. #40
    zimmy's Avatar
    zimmy is offline Anabolic Member
    Join Date
    Jan 2006
    Location
    Houston
    Posts
    4,225
    not to be a dick...but if you have to ask...there's no amount of explaining that will help you. 99% of the people who ever claim to have skill are scripty kiddies.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •