[I Want to Start at the Start]
[I Want to Go Straight to Hacking]
INTRODUCTION:
A little background is needed before we get into hacking techniques.
When we talk about ‘Hacking’, we are talking about getting some access on a server we shouldn’t have. Servers are set up so that many people can use them. These people each have different ‘accounts’ on the server – like different directories that belong just to them. If Fred has an account with the froggy.com.au ISP (Internet Service Provider), he will be given:
(1) a login name, which is like the name of your directory; and
(2) a password, which lets you get access to that directory.
This login name and password will usually give you access to all of Fred’s services – his mail, news services and web pages. There is also the ‘root’ account, which has it’s own login and password. This gives super-user access to the entire server. We will focus on ‘getting root’, in this help file.
[Ok, I want to move to the 'anatomy of the hack']
[I know all this, let me move straight to hacking]
[I don't have a clue what you're on about, let me read some backgroundon this so called "Internet" you keep referring to <http://www.cyberarmy.com/tute/htext1.shtml>]
THE ANATOMY OF THE ‘HACK’:
There are two main ways to break into a system. Think of a server as a Swiss Bank Vault. There are two main ways to get in. You can try to get in by finding the combination of the vault. This is like finding the password. It’s how you are meant to get in. The second way is by using dynamite. You forget all about the ‘proper’ way to get in. This is like using ‘exploits’, or weaknesses in the servers operating system to gain access.
[Ok, Let's Go. Tell Me About Not Getting Caught]
[Stuff it, I know how to not get caught, on to the techniques!]
‘DON’T GET CAUGHT’:
Hacking is illegal, and it is very easy to trace you if froggy.com.au realizes you hacked them. Wherever you go,
your IP number (your computer’s unique identification) is left and often logged. Solutions:
1. When you set up your account with an ISP, give a false name and address.
[Nah, I can't be bothered, what other things can I do?]
[Ok, I used this trick. What else can I do?]
[Stuff it, I know how to not get caught, on to the techniques!]
DON’T GET CAUGHT’:
2. Hack using a filched account (stolen password, etc.). A tool called Dripper <http://www.cyberarmy.com/files/dripper.zip> can steal passwords for you from public net cafes and libraries.
[Nah, just tell me something easy I can do right now]
[Ok, done. Anything else I should do?]
DON’T GET CAUGHT’:
3. Port your connection through something else.
An easy way to do this is to change your proxy settings. By using the proxy settings meant for a different ISP, it can look like you are surfing from wherever that ISP is. A list of proxies you can use is here <http://www.cyberarmy.com/lists/proxy>.
You should also do any important info gathering through the IP Jamming Applet on the Cyberarmy.Com <http://www.cyberarmy.com> to hide your IP.
If you want super anonymity, you should be surfing in an account you set up under a false name, with your proxy settings changed, and also surfing through the IP Jamming applet! Be aware that some ISPs could use Caller ID to test the number of someone logging on. Dial the relevant code to disable Caller ID before calling your ISP.
[I don't understand about the proxy settings thing, let me read more <http://www.cyberarmy.com/tute/htext3.shtml>]
[Ok, I am wired for hyper stealth... Now, I want to HACK!]
INFO GATHERING:
To start off, you will probably need to gather information about www.froggy.com.au using internet tools.
[Ok, how?]
[Give me some reading to do about info gathering <http://www.cyberarmy.com/tute/htext2.shtml>]
[No, I've already got all the info, just tell me what to do]
DIRT DIGGING STAGE:
We are now taking the first steps of any hack… Info Gathering.
You should be set up for stealth mode. Get a notepad, and open a new browser window (through the IP Jammer). Bring the www.froggy.com.au ’s web page up in the IP Jammer’s window. You can load the IP Jamming applet on the Cyberarmy.Com <http://www.cyberarmy.com>.
[Ok, What Now?]
CASE THE JOINT:
1. First, check out the site. Take down any email addresses, copy down the HTML of important pages.
[Done... What Else?]
THE OLD BOUNCING MAIL TRICK:
2. Send a mail that will bounce to the site. If the site is www.froggy.com.au , send a mail to blahblahblah@froggy.com.au . It will bounce back to you and give you information in its header.
Copy the information from the headers down.
(To maintain anonymity, it might be a good idea to send and receive the mail from a free web based provider, such as hotmail.com. Use full stealth features when sending the bouncing mail. This will protect you when they check through the logs after they are hacked.)
[Done... What Else?]
Tags: Hacking, Hacking & Security, telnet, telnet ftpRelated posts
