1
Learn a programming
language. You shouldn't limit
yourself to any particular
language. C is the language
the systems are built in, it
teaches you what's very
important in hacking: how the
memory really works. Python
or Ruby are modern, powerful
scripting languages, that can
be used to automatize various
tasks; Perl is a good choice in
this field as well. PHP is worth
learning only because it's
what newbies use to "hack"
poorly written web-
applications (forums, blogs
etc). Bash scripting is a must,
that's how you can easily
manipulate most servers -
writing one-line scripts, which
will do most of the job. Finally,
you can't do much without
knowledge of ASM - you
*can't* exploit a program if
you don't know that.
2
Use a *nix terminal for
commands. Cygwin will help
emulate this for Windows
users. DOS is worthless in this
area. The tools in this article
can be found for Windows
based machines. Nmap
particularly, uses WinPCap to
run on Windows and does not
require Cygwin. However,
Nmap works poorly on
Windows systems due to the
lack of raw sockets. You
should also consider using
Linux or BSD, which are both
more flexible, more reliable,
and more secure. Most Linux
distributions come with many
useful tools pre-installed.
3
Try securing your machine
first. Make sure you fully
understood all common
techniques, including the way
to protect yourself. Start with
basics - found a server which
has site about racism,
homophobia or other bad
activities? Try to hack it, any
way you can. Yet again, don't
change the site, just make it
yours.
4
Know your
target.
Know your target.
Know your target. The
process of gathering
information about your target
is known as 'enumeration'.
Can you reach the remote
system? You can use the ping
utility (which is included in
most operating systems) to
see if the target is 'alive',
however, you can not always
trust the results of the ping
utility, as it relies on the ICMP
protocol, which can be easily
shut off by paranoid system
administrators.
5
Determine the operating
system (OS). This is important
because how can you gain
access to a system if you don't
know what the system is? This
step involves running a scan
of the ports. Try pOf, or nmap
to run a port scan. This will
show you the ports that are
open on the machine, the OS,
and can even tell you what
type of firewall or router they
are using so you can plan a
course of action. You can
activate OS detection in nmap
by using the -O switch.
6
Find some path or open port
in the system. Common ports
such as FTP (21) and HTTP (80)
are often well protected, and
possibly only vulnerable to
exploits yet to be discovered.
Try other TCP and UDP ports
that may have been forgotten,
such as Telnet and various
UDP ports left open for LAN
gaming. An open port 22 is
usually evidence of an SSH
(secure shell) service running
on the target, which can
sometimes be bruteforced.
7
Crack the
password or
authentication
process.
Crack the password or
authentication process.
Crack the password or
authentication process. There
are several methods for
cracking a password,
including brute force. Using
brute force on a password is
an effort to try every possible
password contained within a
pre-defined dictionary of
brute force software. Users
are often discouraged from
using weak passwords, so
brute force may take a lot of
time. These days there are
major improvenments in
brute-force techniques. Most
hashing algorithms are found
weak, and you can significally
improve the cracking speed by
exploiting these weaknesses
(like you can cut the MD5
algorithm in 1/4, which will
give huge speed boost). Also
new techniques use graphic
card like the processor - and
it's thousands times faster.
You may try using Rainbow
Tables for fastest password
cracking. Notice that
password cracking is good
technique only if you already
got the hash of password.
Trying every possible
password while logging to
remote machine is not a good
idea, as it's easily detected by
intrusion detection systems,
pollute system logs and may
take years to complete. It's
often much easier to find
other way into system, than
cracking password.
8
Get super user (root)
privileges. Try to get root
privileges if targeting a *nix
machine, or administrator
privileges if taking Windows
systems. Most information that
will be of vital interest is
protected and you need a
certain level of authentication
to get it. To see all the files on
a computer you need super
user privileges. This is a user
account that is given the same
privileges as the "root" user in
Linux and BSD operating
systems. For routers this is the
"admin" account by default
(unless it has been changed),
for Windows, this is the
Administrator account, etc.
Just because you have gained
access to a connection doesn't
mean you can access
everything. Only a super user,
the administrator account, or
the root account can do this.
9
Use various tricks. Often to
gain super user status you
have use tactics such as
creating a "buffer overflow",
which is basically causing the
memory to dump and allowing
you to inject a code or
perform a task at a higher
level then you're normally
authorized. In unix-like
systems this will happen if the
bugged software has setuid
bit set, so program will be
executed as different user
(superuser for example). Only
writing or finding an insecure
program that you can execute
on their machine will allow
you to do this.
10
Create a backdoor. Once you
have gained full control over a
machine, it's best to make
sure you can come back again.
This can be done by
'backdooring' an important
system service, such as the SSH
server. However your
backdoor may be removed
upon the next system upgrade
- really experienced hackers
would backdoor the compiler
itself, so every compiled
software would be a potential
way to come back.
11
Cover your tracks. Never ever
let the administrator know
that the system is
compromised. Do not change
the website (if any), do not
create more files than you
really need. Do not create any
additional users. Act as fast as
possible. If you patched a
server like SSHD, make sure it
has your secret password
hard-coded. If someone tries
to login with this password,
server should let him in, but
shouldn't tell shit
by ROTMANLUV 2023-07-08, 17:34
