how do hackers hack?

[cmax]

One simple way to hack into a password protected website is by using injection SQL. This works on some non-protected websites written in .asp or .aspx and using Microsoft SQL databases.

They use a statement similar to the following to determine if the username and password are authentic based on values stored in the SQL database:

SELECT count(*) FROM useraccounts WHERE username = <inputed username> AND password = <inputed password>

At the username and password prompt you simply type in the password: ' 1 or 1=1' in the password field and any username in the username field and bam your inside the restricted area.

When you enter in the password of ' 1 or 1=1' the SQL interprets it as follows:

SELECT count(*) FROM useraccounts WHERE username = anything AND password = 1 or 1=1

Since 1 always equals 1 this statement will always return true.

This was a relatively simple security vulnerability that was exploited by many hackers. It allowed people to gain access to restricted sites.

[scriptfactory]

I suppose thats true for some bad software. Most applications nowadays encrypt the passwords in MD5, but needless to say, MD5 is easily cracked and there are even websites dedicated to cracking MD5 hashes.

This forum probably stores the passwords as MD5 hashes, so if somebody got a hold of the database, they could easily crack the hash of a member and start using his account...

MD5 is NOT easily cracked. It's a one way algorithm. The only way to crack a password is to run a dictionary check (which is why a strong password is important) or try to brute force it which could take a LONG time unless you have some kind of server farm or super computer. I'm a web developer and that's the reason we use MD5. It's even better to use MD5 with a randomly generated salt as the cracker needs to know the salt before he can begin cracking the actual password.

[MoneyAddyct]

99% of the people who ever claim to have skill are scripty kiddies.

Agreed!

[crash187ct]

not to be a dick...but if you have to ask...there's no amount of explaining that will help you. 99% of the people who ever claim to have skill are scripty kiddies.

so when is the last time you went to a defcon convention? they seemed pretty boastful to me.

[SwiftMove83]

If you want to learn some hacking, go to http://www.hackthissite.org/ its a very good site..but I dont recommend going around and trying SQL Injections on random pages. Just so you dont try it from the SQL example cmax gave you. It's not the use of programs that make the best hacking, it's the clever and smart thinking of an individual to pick though the holes and flaws and collect information to get what they want. An example would be a good SQL injection hacker could enter information into a field to get a certain error respond back that would allow him to figure out information from that, like figuring out database and field names. and if found, data can easily be edited, deleted, or taken.

[305GUY]

i wish my university offered a course in hacking

[IronFreakX]

Network security

[outofthebox]

i wish my university offered a course in hacking

take a look into EC-Council's Certified Ethical Hacker course/cert...teaches you the thought process and SOME basic hands on attacks and defenses...good course/cert for beginners into the world of security, and again as stated before, social engineering will almost always turn up more results quicker than actually attempting to go after a machine...cleverly amusing, http://www.darkreading.com/document.....svl=column1_1 the usb key way...there are tons of attacks out there, but if you want to learn, start reading...don't ever stop...there's always someone out there better than you
-garrett

[Alex2]

One of the best places to learn hacking is hacking forums. There are few very good ones based in Europe but most of them are not in English (Russian, Dutch etc). They discuss the most recent hacking techniques and sell personal CC numbers and other stuff

[Microsoft2soft]

hacking must be fun

[305GUY]

hacking must be fun

plz take me under your wing... i shall be your apprentice... im ready to learn the ways of a hacker

[crash187ct]

i want to see more.

[Warrior]

Holy sh!t... either Microsoft2soft hacked the arcade or he registered here and took names!