How Do I Hack?
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
How can I hack?
It's a common enough question, asked on nearly every hacking board across the web, and yet, no one seems to be able to answer it.
One reason for this is the fact that the vast majority of people who really don't have, want, or need a clue. Then there's a small minority who have a good basic knowledge but simply not enough conviction to teach. Then there's the tiny minority who really know the ins and outs of computer systems, they can program exploits, bug fixes, and can generally fix, or find out how to fix nearly any problem. These are the people referred to as computer experts. An even smaller percentage of people again are called hackers. Hacker is a term that over recent time has been changed and exploited by the media to mean someone who breaks into and destroys a computer system. I don't like these people. These are the people who give true hackers a bad name. By dictionary definition, a hacker is someone who has an extraordinary ability to push a computer system, or program, to work beyond expected boundaries, "He hacked away at the program all night until he got it to work". A Hacker, in the true meaning should be respected, the modern interpretation, someone who breaks systems is traditionally known as a cracker.
The biggest reason for someone to truly want to become a hacker is to learn. There's no bigger reason than this. The simple craving to learn about, change, understand and improve a computer system and/or program is the single biggest goal for any hacker. Maybe the second biggest reason behind hacking is freedom. To understand this you must fist understand what I talked about in the previous paragraph, that hacking is not breaking systems, but improving them. Any one who considers themselves half knowledgeable about the Internet should have heard of Gnu/Linux. If you haven't please refer to http://www.linux.org/info/index.html. Linux and the GNU project embody the spirit of what I consider to be a true hacker goal. The ideas of freedom, improvement and development should be at the heart of every hacker's life. The Internet itself is another representation of this ideal. There is no one owner of the Internet; anyone can access it for no costs other than that of a phone call. The Internet is the single biggest source of information the world has ever seen. It contains information on billions of subjects, the vast majority of which is absolutely free. A person with a connection to the Internet can access information on everything from quantum computing to the exploration of mars, from pro-anarchy to pro-capitalist. It allows all this information to be accessible to everyone with no discrimination on the basis of age, colour, religious or political orientation. That's enough of a rant on freedom now. I'm sure most people are reading this to find out what it takes to become a hacker.
A hacker, as I have previously explained, is a person who has a craving for knowledge. If you don't have the will to learn continuously, spend countless hours reading, researching and improving then hacking defiantly isn't for you. Many people will give up after a few months, many I'm sure didn't even make it to this far into the document, if you did then well done, keep reading, in time, you will learn to truly enjoy hacking away at your own programs and helping others too. I am by no means a hacker; neither do I claim to be. However, I have been reading, learning and sometimes even contributing for quite a while now, and hopefully this document will allow you to do the same. Enough talk. This is where you start to learn.
As by now you will know, the main aim of hacking is knowledge. Before you can even hope to understand how to improve software you must fist understand how the current software works. Since most newbies (Newbie n. Someone who has little knowledge or experience with computer systems and/or programs) I assuming will be using a version of the Windows OS (OS - Operating System) Since you wish to learn how to hack I am assuming you have quite a strong grasp of the basics or Windows such as how to run programs, navigate your hard disk, install new software, hardware etc. If you do not know how to do this use the built in help function by clicking Start -> Help, or use your favourite search engine, I suggest google.com as it's probably the largest in the world. Learn how to use everything about your OS, including MS-DOS. To open a MS-DOS prompt, or shell Click on Start -> Programs -> MS-DOS Prompt , if this fails or the link isn't there for some unknown reason click Start -> Run and then type 'command.com'. This will run the program command.com, which is located in the c:\ directory of your hard disk. There are various programs that can be run from the dos prompt, which are very useful in basic hacking techniques.
Intro to MS-DOS
MS-DOS is a command line OS which is the basis for most windows OS's. It has many internal commands such as copy, cd, cls, ren, del. And several external commands including sys, move, format, deltree, syscopy. Internal commands are commands which are built into the command.com program and so can be run in any MS-DOS with no dependencies, External commands are commands which are not built into command.com, they are external programs which are usually found in c:\windows\command but can be found anywhere. In DOS, to find out what a command does you can type 'command /?' at a dos prompt where command is the name of the command you wish to learn about. This is invaluable and if you ever need to find out what a command does, this is the first thing you should try. Next I am going to explain some basic MS-DOS commands which will be useful during your exploration of the web.
Usage: ping [-options] hostname.domain
Pinging yahoo.com [188.8.131.52] with 32 bytes of data:
Reply from 184.108.40.206: bytes=32 time=306ms TTL=45
Reply from 220.127.116.11: bytes=32 time=430ms TTL=45
Reply from 18.104.22.168: bytes=32 time=295ms TTL=45
Reply from 22.214.171.124: bytes=32 time=340ms TTL=45
Ping statistics for 126.96.36.199:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 295ms, Maximum = 430ms, Average = 342ms
Ping sends a ping request to a domain name to test its reactivity and response times. It does this by sending a packet of information to the server in question and requests a response. The output, as you can see is tells you the domain name that is being pinged, its IP address, the size of packets sent out, the response times, and averages. Ping is a very useful command as it tells you the IP address of a domain name, and tells you if it is 'alive' and responsive. The uses of this will become apparent later on. To find out extra options that can be used with ping, type 'ping /?' at the dos prompt.
Usage: netstat [-options]
Proto Local Address Foreign Address State
TCP pbn-computer:1067 w3.dcx.yahoo.com:80 ESTABLISHED
TCP pbn-computer:1069 188.8.131.52:80 ESTABLISHED
TCP pbn-computer:1070 184.108.40.206:80 ESTABLISHED
TCP pbn-computer:1071 220.127.116.11:80 ESTABLISHED
Netstat gives a list of all connections coming to and from your computer. It displays the ports (A virtual port of a computer is like an imaginary route for information to come in and out of your computer (to the internet) All services and programs which use the internet use a different port to ensure that information does not get sent to the wrong program) and IP's of both ends of the connections. There are thousands of available ports, not something you run out of. Once again, typing 'traceroute /?' at the dos prompt to get more information. Netstat can also be used as a crude method of getting a person's IP. To do this you do the following, for the sake of simplicity you should try to minimise the number of connections, this can be done by closing internet browsers, chat programs etc. Firstly, you will need to talk to the person on a chat program such as msn messenger, aim, yahoo messenger or something similar. At the dos prompt type 'netstat > temp1.txt' this will give the standard output, but the output will be routed into the file temp.txt (which if does not exist, will be created, and if does exist will be over written). Next you will need to establish a direct connection with the target computer, this can be done by initiating a file transfer. Whilst the file transfer is talking place you will need to once again type 'netstat >temp2.txt'. The next task is to compare the two files (temp1.txt and temp2.txt), the second file should contain an IP address that is not in the first, this new connection is the connection you initiated o the target computer, hence the IP address is the IP of your target.
Usage: tracert [-options] IP
Tracing route to yahoo.com [18.104.22.168]
over a maximum of 30 hops:
1 * * * Request timed out.
2 175 ms 180 ms 180 ms cdf-dam1-a-fa11.inet.ntl.com [22.214.171.124]
3 185 ms 200 ms 200 ms 126.96.36.199
4 180 ms 170 ms 190 ms bir-bb-a-so-220-0.inet.ntl.com [188.8.131.52]
5 165 ms 180 ms 180 ms bir-bb-b-ge-720-0.inet.ntl.com [184.108.40.206]
6 320 ms 360 ms 320 ms yahoo-above-1.pao1.above.net [220.127.116.11]
7 400 ms 340 ms 339 ms ge-1-3-0.msr2.pao.yahoo.com [18.104.22.168]
8 315 ms 355 ms 345 ms vl11.bas2.scd.yahoo.com [22.214.171.124]
9 420 ms 320 ms 340 ms yahoo.com [126.96.36.199]
Tracert short for trace route does exactly that, it traces the route taken by individual packets of information as they are transmitted across the Internet to the destination. The uses of this are numerous and will become clear as you learn more. In its simplest form it can be crudely used to find out a persons ISP and even locate them on a international level. For example, is you tracert a persons ISP, and the final hop before reaching them is m284-mp1-cvx1c.car.ntl.com [188.8.131.52] , we know that the person uses ntl as an ISP, on further investigation it can be found that ntl is a UK based ISP and the abbreviation .car. stands for Cardiff, a city in the UK. From this we know that the person in question uses ntl and lives in the vicinity of Cardiff. Encase any one out their is wondering, I do live in Cardiff, UK and the IP address is mine, its a dynamic IP address (dynamic means it changes every time I connect to the internet as oppose to static which means the connection is constant and IP does not change). Use 'tracert /?' for more information.
Ok, so they are three basic, and surprisingly simple yet useful commands to give you a basic understanding of DOS. If you want to learn more then I suggest you search the internet, http://www.google.com is, as far as I know, the biggest search engine on the web and along with the most simple of knowledge should allow you to find anything about anything.
The next step in your journey towards hackerdom is a programming language. Many people wonder why they should 'waste their time' learning a language to help them hack when they could just as easily download a trojan or other script kiddie (A 'script kiddie' is someone who uses other peoples programs to crack without the knowledge of how they work) tool to break into someone's computer. If you search the web I'm sure you can very easily find programs and viruses that let you take control of peoples computers, delete their programs and cause havoc. This is not hacking. Trojans, getting their name from the Greek trojan horse, require a program to be run on the target computer to allow you access. This will probably work on your friends who don't have virus scanners (as virus scanners will very easily pick up viruses) but if you set your sights on a computer owned by anyone with more than half a brain trojans simply are not effective. Again, to refer back to the original definition of hacking, it is about learning how systems work, how to improve them, not simply to break in and gain control. It is for this reason that in order to hack effectively you _must_ learn a programming language.
Their are many different languages out there to learn, they fall into two categories. There are interpreted languages, such as perl, python, bash scripting and even batch scripting (feel free to do a search on any of these to learn more about them). These languages are text files that contain commands that are interpreted by a program and then executed by the computer. They have the advantage of being quick to write and edit but the major advantage is that they can be run on any machine which supports the interpreter of that language but on the downside they run much slower than compiled languages and are generally less powerful. Compiled languages on the other hand create binary files, which do not require an interpreter. They are created when the language is written in a readable text file and then compiled by a compiler. This changes it into a binary file which understandable to humans. To change them you must edit the source code file and recompile them. They have the advantage of being much faster and they allow you to perform much more complex operations. However on the downside they take longer to edit and are OS specific. Examples of compiled languages are C and C++. It is advisable to learn at least one of each of the types of language as this will give you the advantages of both types of language. I suggest that you do some basic reading (again using a search engine) on all the languages I have mentioned. On a personal note, I would suggest that you learn perl, due to its power and simplicity as well as cross-platform compatibility and C, because it is as close as you will get to an Internet standard and is used by most open source programmers.
This brings me on to my next topic. Operating systems. As you immerse yourself into the world of hacking I'm sure you will hear everyone shouting at you to run gnu/Linux instead of windows. I'm also sure that most of you will have no idea why. First, a little history. The GNU project was started in 1984 with the aim of developing a completely free and open source operating system. In 1990 Linus Torvalds finished writing a Unix based open source kernel. An operating system is basically a lot of programs grouped together to run computer hardware the kernel is the software that interfaces directly with the hardware, and the other software interfaces with the kernel. In short, an operating system cannot exist with out both software and a kernel. By the time that Linus Torvalds finished writing his kernel, the Gnu project has just about finished writing their OS, all they were short of was a kernel. The timing was perfect. Linus and the GNU project teamed up to release the operating system which is commonly called Linux, but should be more accurately know as GNU/Linux. Since that time, Linus has continued developing his kernel and the GNU project has continued developing their software. Since then variations of the GNU/Linux system have developed called distributions. Each distribution is configured differently with slightly different software, each designed for different reasons. Examples of commonly used distributions are SuSe, RedHat, debian and slackware (each have .com sites). Linux is considered _the_ operating system for various reasons, not least of which is its freedom. The GNU/Linux operating system was, and is being, developed under the GNU public licence. This licence is intended to keep software free, under it you are able to change, sell or give away the software for any charge as long as you supply the source code along with it as so to enable other people to have the same rights as you have. Another benefit of the freedom of GNU/Linux is its stability, the fact that the source code is available to anyone means that anyone is free to add to it, change it, modify it. This means that if someone finds a bug they can find it, write a patch and submit it to the author who may include it in his next update. Due to its fundamental Unix like design, Linux is very virus resistant, its user based system it is hard for viruses to spread. Once again, if an exploit is found in and GNU/Linux software you can almost guarantee that a patch will be written within a few days, if not the same day, this means if security is a concern, you can keep your box wrapped up tight.
GNU/Linux also has many features built in which make it very good as a development platform. It has built in compilers for C and C++, most distributions also contain perl and python interpreters. Its openness also means that you can customise your distribution much more effectively than with windows, optimising it for speed, stability or security. This is the reason why most hackers or computer enthusiasts use Gnu/Linux. I'm not going to include a guide to how to use Linux, simply because their are so many out there do a search on google.com. However, since I'm feeling nice today I will point you in the direction of my favourite reference http://www.slackware.com/book/, it is supposed to be specific to Slackware Linux, but what it teaches is quite general and will work on any Linux system.
As well as all of the above, you should also continuously be reading and learning about current exploits and 'tricks' on both windows and Unix based operating systems. There is no end of information out there for those willing to search. For information on current exploits I suggest www.insecure.org. Also, to become a hacker you must want to learn about and more importantly understand everything you come into contact with. If there is a new concept you come into contact with, learn about it, search for it on google.com and if all else fails, ask.
Most hacks aim to gain root access, as you will now know from your experience of Linux systems, root is a super user that can do anything on the system. There are five common ways of getting root.
If excessive permission exists on certain directories and files, these can lead to gaining higher levels of access. For example, if /dev/kmem is writable it is possible to rewrite your UID to match root's. Another example would be if a .rhosts file has read/write permissions allowing anyone to write them. Yet another example would be a script launched at startup, cron, or respawned. If this script is editable, you could add commands to run with the same privileges as who started them (particularly for startup rc files this would be as root).
Sometimes you will find scripts (shell or Perl) that perform certain tasks and run as root. If the scripts are writable by your id, you can edit it and run it. For example I once found a shutdown script world writable. By adding a few lines at the beginning of the script it was possible to have the script create a root shell in /tmp.
A Race Condition is when a program creates a short opportunity for evil by opening a small window of vulnerability. For example, a program that alters a sensitive file might use a temporary backup copy of the file during its alteration. If the permissions on that temporary file allow it to be edited, it might be possible to alter it before the program finishes its editing process.
Poor Temp Files
Many programs create temporary files while they run. If a program runs as root and is not careful about where it puts its temp files and what permissions these temp files have, it might be possible to use links to create root-owned files.
Buffer overflows are typically used to spawn root shells from a process running as root. A buffer overflow could occur when a program has a buffer for user-defined data and the user-defined data's length is not checked before the program acts upon it.
Four out of the five ways of getting root mentioned above are only applicable on a machine where you have local access. In these cases you will need to get an account on the machine. This could be in a school or collage that you attend, or simply an internet shell account. Since this text is only meant to be an introduction and outline guide I will not go into huge details about these. There is plenty of information on the web, once again I suggest you use google.com, I can't stress enough how useful a search engine is in the world of hacking.
By far the most common way to gain a root shell is through a buffer overflow. It is also unsurprisingly the most complicated of the about ways of getting root and deserves a bit more explanation. Firstly, a buffer is simply a block of computer memory, which holds data of a certain type. If, as I suggested, you have learnt, or are learning, how to program in C, you will probably associate buffers with arrays. A stack has a set amount of space in memory, if you overflow the buffer by sending too much information, the extra data overflows onto the next stack and can be used to execute arbitrary code. For a much better explanation of buffer overflow techniques I suggest you read Phrack 49, File 14, called "Smashing The Stack For Fun And Profit" which can be found at http://www.phrack.com/phrack/49/P49-14 .
Well, it looks like this guide has come to an end. There is only one thing that I have left to say. If you follow all the instructions I have mentioned above, you will have a very good understanding of how the Internet, Ms-dos, Windows, Linux and various hacking techniques work, You may even be considered by some to be a Hacker. If you do end up in this situation, the world is yours, continue to learn, expand and enjoy. There is only one thing I ask you to do, remember yourself when you started. If someone comes to you for help, point them in the right direction, there is no need to lead them by the nose, but it's a big world out there, and its always hard to start out with.