Hacking blueprint for n00b
- From: hackfreak <suren.click@xxxxxxxxx>
- Date: Tue, 1 Feb 2011 18:38:12 -0800 (PST)
I keep seeing the n00bs ask "How to hack" -- The folks who've been
into this scene for awhile get tired of these questions. So what's a
n00b to do?
Well I'm here to help.
While this short tut will not give you a step-by-step, hold-your-hand
solution ( such a solution is impossible for reasons you'll find out
in this text. ) This text will give you a serious guideline to
developing your own techniques and methodologies for hacking.
Next I must tell you the following: With penalties for hacking going
up and up all over the world, in every nation (almost) doing a sloppy
hack can get you from 20 years to LIFE IMPRISONMENT. The ball game has
changed since I first got into it. Security is harder and tighter,
penalties are going sky high. I'm reminded of the bad-old-days of the
'60's in the USA when posession of a marijuana *seed* could get you
life in prison. Those days have changed for you tokers, but the 'bad
old days' are right now for hackers. It's easier than ever to get
caught and you'll seriously screw up your life if you do get caught.
Tell me -- is doing that DDOS or crashing some SOB who 'wronged' you
or publishing those warez to be leet -- is that worth the prison time?
How much reward or inducement would someone have to give you before
you'd agree to rob a bank at gunpoint and risk 20 years to life in
jail? Don't laugh, The penalties for armed robbery of a federal
depository such as a bank and hacking your neighbor's PC are the same
- 20 to life!!!
The only difference is that you stand a better chance of a reduced
sentence for robbing a bank. Therefore I do not advocate you doing any
exploits until and unless you really know what you are doing and are
willing to take total responsibility for your actions. Bottom line --
do whatever the heck you want -- I'll not really change your mind
because you won't/don't believe me and you 'know better' than I. I'll
just leave you with this -- I've been hacking for 30 years now and
I've never been caught nor charged - because I'm careful - I would
never do any exploit without a proper investigation of the target -
So now I'll give you an outline of the do's and don't's as well as a
little advice... Doing a real exploit involves much, much more than
finding a vulnerable system and running a script to root it. Before
you even consider using an exploit you must do the following MINIMUM:
1) Ensure that you are as hidden as possible, Chain of proxies; hidden
cutouts; work thru a rhost or shell on a previously rooted machine;
spoofed the hell out of everything; and last but definately not least
-- NEVER EVER UNDER ANY CIRCUMSTANCES RUN AN EXPLOIT FROM YOUR HOME,
SCHOOL OR OFFICE. In fact never run one from an inet cafe for obvious
reasons. This is because you can and will be traced if your hack is
noticed. This is because, no matter what you do, no matter how well
you try to hide, in order to enter and snoop around in someone's PC
you *must* establish a connection from you to them. Even if you work
through a chain of proxies you can be traced. Those machines have
logs, the machines they connect to have logs and so on and so on.
which brings us to point 2.....
2) Clean up after yourself. This involves some very delicate surgery
on the target. You should try to remove any log entries that pertain
to you out of ALL logs. This is almost impossible without root access
to the target. So if you got in, but didn't get root -- you could be
screwed big time. Don't just erase the logs, that's way to crass. Edit
the logs to remove your entries. Very time consuming, but very much
worth it. Next clean up is your proxies/cut-outs, etc. Well you
probably don't have root access on each machine in your chain of
proxies. this is a problem because anyone who finds the first link of
a back trace to one of the proxies will track you. If you can you must
break the chain by destroying one or more of the proxies. This is not
easy in and of itself as it involves compromising the proxy and wiping
the HDD. However, even doing this you're not totally in the clear as
recovery of the HDD may be possible or logs may be kept on external
devices/media for that proxy. So even if you do crash it -- you're
still screwed (potentially). Now to the 3rd point, how to find a
3) Find a vulnerable system by UNOBTRUSIVE scanning techniques. Most
of the regular scanners use very blatant scanning techniques that
would wake the dead. They do this because they're made for security
admins to test their networks, not for hackers to be sneaky. To scan a
target use a scanner that allows very fine grain control of the
scanning techniques and has several different techniques. Scanners
like Xscan, GFI LanGuard and the like are totally unsuited for
hacking. Be sure you really know HOW to use the scanner, all it's
options and how it works. Select the most delicate of scans first and
go from there after analyzing the results. You may want to do several
types of scans, I know I do. 4th point -- Watch your back...
4) Get a GOOD packet sniffer. Use it to see if you're being
backtraced. Set it up to watch for incomming packets not only from the
target, but from at least his whole class-C subnet. In fact to be
really safe, you may want to watch his class-B instead. I set my
sniffer tolook at ALL incomming packets and filter to a seperate point
the ones from the target and then all other incomming. I also set it
to alert on any 'suspicious' packets that are common to a backtrace.
In this fashion I can see if a backtrace has hit me from anywhere. If
your sniffer doesn't have all these bells and whistles then do as I
did and write your own. Now we start to get into the meat of
5) Education. You could be considered an idiot if you attempt a live
exploit without knowing the following:
5-A) TCP/IP: how it works; packet layout; OSI model; everything. How
do expect to interpret a sniffer to see if you've been backtraced if
you can't read a TCP/IP packet?
5-B] Programming: You need to be able to compile the exploit yourself;
you may need to do some surgery once in the target.
5-C) Assembly Language: Since most exploits rely on shell code you
must know assembly to be able to handle and fix any exploits; Assembly
allows you fine-grain control of the target. If you are in a chroot
jail a small assembly program can bust you out and potentially give
5-D) Be an EXPERT on the target's OS: How can you be expected to do
all the things needed to perform a successful exploit if you can't do
simple OS functions once you get in?
5-E) Be an EXPERT with all the tools you use. Know them inside out,
understand how they work and what they do. Next item....
6) UNOBTRUSIVELY sniff AROUND the target. Look at machines potentially
on the same subnet that may be monitoring the target extenally. Also
examine for any firewall, routers or other network infrastructure that
could potentially aid or hinder your exploit. Sniff the target for
signs of an IDS (intrusion detection system). Insure the potential
target is not a honeypot. Failure to examine the machines/network
AROUND the target is a deadly sin. More n00bs get caught by honeypots
and IDS's because they fail to take the time to properly investigate
their target. investigation must not be limited to the target and its
immediate surroundings either.....
Examine whois and other relevant records to determine the owners of
the target. You might undercover a very well placed law-enforcement
honeypot this way. LE *sometimes* doesn't set up their domains and
such well ahead of time and so you might uncover a trail to point to
the *real* owner or a lack of trail indicating you should be cautious.
Additionally examining the whole 'paper trail' may lead you to other
networks the target is affiliated with. Some of those may have an
easier way in and a route to a backdoor on your original target.
Mandmins feel a false sense of security behind their own firewalls and
leave open access between various subnets inside. This is a weapon to
exploit whenever possible. However without proper safety procedures
you can be nailed very easily as you may be logged from many different
directions behind the firewall.
8) Hardware...What do you need? My recommendation is to get the
smallest, lightest, tiniest laptop avalable. Sony had a tiny one that
ran Win/ME, JVC has a couple small ones that they just released
recently. Also you'll need various cords: phone, ethernet, USB, etc.
You'll also need a phone cord for your modem that terminates in tiny
alligator clips. This is to use a junction box directly to get phone
service in a quiet place. The PC should have the following ports:
ethernet, wireless, bluetooth, 56kb modem and USB. The idea is that
everything fits into oversized coat pockets or a ditty bag under your
at. Right now carrying a tiny computer is still not a crime ( like
burglar tools), but give the feds a chance. Carry a computer - go to
9) Software ...What do you need? My recommendation is Linux with a
hand-picked assortment of tools: scanners, sniffers, assembler,
compilers and reference data on HDD. I won't go into much detail as
the choice of tools is a very personal thing. Over the last 10 years
or so I've been unhappy with the readily available tools and have used
the available source of several to create my own versions. As you
progress and are more concerned with doing an 'invisible' hack and not
being noticed, you'll undoubtedly do the same. I also hesitate to
recommend any of the readily bavailable tools just because of my
dissatisfaction with them. While some are quite good, many do not lend
themselves to stealth techniques. And last....
10) Ethics...Ah DAMN! The old fart is getting on his soapbox again.
Well perhaps, but you'd do well to at least read what I have to say
and *consider* my words. After all I've done more exploits than most
of you put together and I still have my freedom. I must be doing
10-A ) Don't do the crime if you can't do the time. By this I mean for
you to understand that if you attempt an exploit against a machine
that you do not have rights to -- you are breaking the law. Be a man
(or woman) and be prepared to accept your punishment. Nobody told you
to go out and hack, in fact I tell you not to do it. Most of you are
just not capable of the attention to detail, nor do most of you posess
the requisite knowledge at this time. Yes, there are exceptions to
what I'm saying, however I'm writing this for n00bs, not the
10-B ) The benefit of your actions must outweigh the risk. -- By this
I mean to take a good, hard look at REALITY. What is the punishment if
you get caught? Is it worth getting caught and suffering the
punishment for what I get out of doing the deed? If you're stealing
millions of dollars online -- well 20 to life is about the standard
risk for grand theft. But if you're just screwing with your buddy...is
that worth getting caught and convicted of a felony? Remember if you
are a convicted felon - no guns - no voting - no *many* things.
10-C ) Knowledge is Power and Information is Wealth. If I have to
explain this one - you're pretty dense.
10-D ) TANSTAAFL -- This is an anagram -- There Ain't No Such Thing As
A Free Lunch. This basically means that you don't get something for
nothing. The hacker's version of Newton's law of conservation of
energy. If that target seems too good to be true - it's probably a
trap. Watch you back, examine everyone's motives. You're wandering
into the hacker community, keep your wits about you, not everyone nor
everything is what it seems. After you've done all this then it MIGHT
be safe to run that exploit. But it might not -- there are other
checks that I go through, but I'm sure you get the idea. If all this
seems like too much trouble and there must be an easier way -- you're
right. Just log on from home, crank up xscan and find a vulnerable PC
and perform that exploit. But have some snacks and drinks ready,
sooner or later you'll get some visitors.
--- A reply by a member
1.what flavor of linux do you prefer for the tasks you presented us in
your article ? There are LOTS and LOTS of linux distro's. Though, they
all work the same, so the one you use to preform the task is up to
you. Some distro's are easy to setup and use (like mandrake, www.mandrake.org),
others are really customisable and/or faster but they are a lot harder
to install (like gentoo, www.gentoo.org). Personally I prefer gentoo.
Though, for the real experts, to have FULL control on your computer,
LFS (LinuxFromScratch, www.linuxfromscratch.org) is probably best. As
you may have noticed, almost every distro's have www.theirname.org as
website. though some sites will link to the real sites (like
mandrake). One exception is redhat, which is .com. So just try
www.thedistroname.org or if it doesnt exist www.thedistroname.com.
Otherwise try google.
2. the proggys for the newbies. is very important to start playing
with the tools of the trade, and as easy as it seems for the people
here that knows how to hack it would be nice to post at least the
names of the prefered software a hakcer must use, so we the nbies can
google it, or even better post (again) the link. Like Daremo said
specifically, you should NEVER use a tool before you have enough
knowledge. I don't have enough knowledge to use tools but I do. This
highly increases my chances on getting caught. And like Daremo said,
if you really want to hack you should program your own tools. Then you
exactly know how they work and you can make it as obsecure as
possible. Most of these tools wont be released, so there are only few.
An example of a tool which can do a bit unobtrusive scanning is nmap
(dont know the website), but still its not unobtrusive enough. And,
why the hell would you want to port scan if you do not have enough
knowledge to know what to do after the portscan?
3.when are you gonna write a tutorial for C the way you did for
assemble? There are lots of tutorials for C. And good ones, too. Just
look around here (ebooks, programming) and read them. And he isnt done
yet with the assembler one.... is he?
4. now how you delete your tracks? where are the logs in the operating
systems? Most targets for a hacker a linux boxes. Linux is -- unlike
windows -- customisable. You can set the places of the logs yourself.
I think even windows can do it. Though most of the times the logs will
be in /var/log/. In windows I don't remember where they are. I believe
somewhere like "%WINDOWSDIR%/system32/logfiles/" or "%WINDOWSDIR%/
system/logfiles/" or so. Im not sure. But again, I think this can,
even in windows, be changed.
YOUR COMMENTS IS LOT TO MEAN FOR ME...
- Next by Date: Re: Setting up dual boot with two hard disks
- Next by thread: Re: Setting up dual boot with two hard disks