Monday, 18 April 2011

Hacking...

Those who keep asking me about hacking FB and other types of accounts...



Lets me start by saying that to be a real hacker you must first understand how it all works.



There are NO real programs out there that allow you to hack into accounts simply by clicking and hoping to get in.



Hacking is NOT plug n play as most of you think.



Real hackers study their target, they research their systems and collect info before they start.



They are also well equipped both with knowledge, info and other tools to do the job properly.



Hacking from your own IP is the easiest and quickest way to get caught especially if you start hacking into accounts and get carried away with money fraud and laundering. Besides, software based IP Hiding slows your machine down and there is always a record of your real IP in the software and the route you take.



My advise is to learn how to do it but not use it.



Remember....



Knowledge IS Power  - for those who know how to do it properly and who can hold themselves back from causing harm to others.



With Knowledge and Power comes great responsibility.



Unless you like spending time alone in a small dark room and become the bitch of some big heavy guy, I strongly advise that you think again before doing something stupid.



However, I have provided some info for those who want to learn and find out more about real hacking. This info like all other info posted on my FB page or sites for educational purposes ONLY. I am NOT responsible for what you decide to do with the info I provide.



So, if you are really interested, Read On...



Introduction

An intrusion can be defined as an attempt to break into or misuse a computer system. The word "misuse" is broad, and can mean something as severe as stealing confidential data, or something as minor as misusing your email system for spam. Today, both the Internet and corporate intranets are simply crawling with people from all walks of life who are continuously trying to test the security of various systems and networks. Some of these people are seeking some sort of intellectual high, while others are fueled by more treacherous motives such as revenge or stealing for profit. In any event, no intrusion is innocent and no intrusion is benign. There is no silver bullet available out there that will totally secure our networks and systems. The only thing we can do as IT professionals is to make sure that all of the doors are locked, that the alarm is turned on, and to educate ourselves on what to look for. The primary focus of this practical paper is to educate the less security-conscious IT professionals and end-users on exactly who is out there, and what they are doing to get in. By attempting to establish this baseline of security knowledge, we extend the arm of IT security to include those who present the greatest danger today: the uneducated user.



Attacker Profiles

There are two words to describe people who are trying to get into systems and networks: hacker and attacker. A hacker is a generic term for a person who likes getting into things. The benign hacker is the person who likes to get into his/her own computer and understand how it works. The malicious hacker is the person who likes getting into other people's systems. The benign hackers wish that the media would stop bad-mouthing all hackers and use the term 'attacker' instead. Unfortunately, this is not likely to happen. In any event, the word used to denote anybody trying to get into your system in this paper is 'attacker'. “Script Kiddie” is a term used to describe a class of attacker who does not have sophisticated technical knowledge, but rather simply has a collection of tools created by advanced hackers, and the basic knowledge to use these tools to perform an attack. Attackers can be classified into two categories.



Insiders - these are attackers who have legitimate reasons to use/access your internal network. These include users who misuse privileges or who impersonate higher privileged users. According to a frequently quoted statistic, insiders commit 80% of security breaches. An insider is usually motivated by greed (cases of embezzlement or fraud) or revenge (disgruntled employees or former employees).



Outsiders – these attackers from outside your network attempt to attack your external presence by defacing web servers, forwarding spam through e-mail servers, etc. They may also attempt to go around the firewall to attack machines on the internal network. Outside attackers may come from the Internet, wireless networks, dial-up lines, physical break-ins, or from a partner (vendor, customer, reseller, etc.) network that is linked to your corporate network. They may be advanced attackers specifically targeting your corporate network for various reasons such as greed (e.g. credit card theft, corporate espionage) or “hacktivism” (defacement of public websites due to perceived social / political issues); or (and far more commonly) they may be Script Kiddies randomly attacking your systems based on the latest vulnerabilities.



Poor system administrator practices - A surprising number of machines are configured with an empty or easy-to-guess root/administrator password, possibly because the administrator is too lazy to configure one right away and wants to get the machine up and running quickly with minimal fuss. Unfortunately, they never get around to fixing the password later, allowing attackers easy access. One of the first things an attacker will do on a network is to scan all machines for empty or commonly used passwords. Password Cracking Passwords are possibly the single weakest link in the security chain. Any system worth protecting should be protected by some form of multi-factor authentication scheme, such as smart cards, tokens, biometrics, or digital certificates. Passwords are simply too easily compromised to be relied upon as a single factor for authentication. However, implementing multi-factor authentication can be difficult, expensive, and some systems may not fully support it. For that reason, it is still important to understand the different methods of cracking or guessing passwords:



Easy-to-guess passwords - These are passwords where people use the names of themselves, their children, spouse, pet, or car model as their password. Then there are the users who choose "password", “administrator”, or simply blank passwords. An attacker will almost always try these combinations first, before proceeding with any other password attacks.



Dictionary attacks - With this attack, the attacker will use a program that will try every possible word in the dictionary. Dictionary attacks can be done either by repeatedly logging into systems, or by collecting encrypted passwords and attempting to find a match by similarly encrypting all the passwords in the dictionary. Attackers usually have a copy of the English dictionary as well as foreign language dictionaries for this purpose. They all use additional dictionary-like databases, such as names (see above) and lists of common passwords. Brute force attacks - Just as in a Dictionary attack, an attacker may try all possible combinations of characters. Using a single modern CPU, a short 4-letter password consisting of lower-case letters can be cracked in just a few minutes. A longer 8-character password consisting of upper and lower case letters, as well as numbers and punctuation can take several hours or more to crack. However, this time can be greatly reduced using distributed methods, where many computers work on the problem simultaneously.



Pre-computed tables – Popularly known as “Rainbow tables”, this is essentially a brute-force attack where the work has been done ahead of time. Tables of all possible password hashes are pre-computed using the power of distributed computing. Once the tables have been generated, the amount of time to find a password of any strength is negligible -– even complex passwords can often be found within a matter of minutes. Popular tools such as Rainbow Crack, Ophcrack and Cain & Abel use pre-computed tables, and the tables themselves can easily be found online. Some sites will offer to crack password hashes for you (for a price), or sell the pre-computed tables. The bottom line is that passwords are no longer an effective barrier against a determined attacker, and other methods of authentication should be implemented wherever possible.



Acquiring Passwords

Clear-text sniffing - A number of protocols (Telnet, FTP, HTTP Basic) use clear-text passwords, meaning that they are not encrypted as they go over the wire between the client and the server. An attacker with a protocol analyzer can watch the wire looking for such passwords. No further effort is needed; the attacker can start immediately using those passwords to log in.



Encrypted sniffing -Most protocols, however, use some sort of encryption on the passwords. In these cases, the attacker will need to carry out a Dictionary- or Brute Force-attack on the password in order to attempt decryption. Note that you still don't know about the attacker's presence, as he/she has been completely passive and has not transmitted anything on the wire. Password cracking does not require anything to be sent on the wire since the attacker's own machine is being used to authenticate your password.



Replay attack - In some cases, attackers do not need to decrypt the password. They can use the encrypted form instead in order to log in to systems. This usually requires reprogramming their client software in order to make use of the encrypted password. Password-file stealing - The entire user database is usually stored in a single file on the disk. In UNIX, this file is /etc/passwd (or some mirror of that file), and under Windows, this is the SAM file or the Active Directory database file, ntds.dit. Either way, once an attacker gets hold of this file, he/she can run cracking programs in order to find some weak passwords within the file.



Observation - One of the traditional problems in password security is that passwords must be long and difficult to guess (in order to make Dictionary- and Brute Force -cracks unreasonably difficult). However, such passwords are often difficult to remember, so users write them down somewhere. Attackers can often search a person’s work site in order to find passwords written on little pieces of paper (usually under the keyboard). Attackers can also train themselves to watch typed-in passwords behind a user's back.



Social Engineering – One successful and common technique is to simply call the helpdesk and say "Hi, this is Ron Smith, the senior director for IT in San Jose. I have a presentation to give my boss, the CIO, and I can’t log into server XYZ to get my notes. Would you please reset my password now? I have to be in this meeting in 2 minutes." Many unsuspecting operators would simply reset Ron’s password in this situation. Most corporations have a policy that directs users/operators/helpdesk to never give out or reset passwords, even to their own IT director, but this technique is still successful. “Phishing” schemes also fall under this category. Phishing involves posing as a trusted source, usually through email, to trick users into revealing confidential information such as passwords or credit card numbers.



Keystroke logging – By recording a user’s keystrokes, either with software installed on the workstation or with a piece of hardware that plugs in between the keyboard and the computer, an attacker can easily gather plenty of useful information, including passwords. Obviously connecting hardware can be more difficult since it requires physical access to the site, so software keystroke loggers are generally much more prevalent. One of the more interesting methods of getting the software installed is to leave a “candy dish” full of cheap USB pen drives near the entrance to a building, or to give them out in a public area. Once users connect these drives, a Trojan horse program is installed that records keystrokes and sends the data back to the attacker.



Reconnaissance - The attacker will find out as much as possible without actually giving himself away. He will do this by finding public information or appearing as a normal user. In this stage, you really can't detect an attacker. He will do a 'whois' look-up on your registered domain names to find as much information as possible about your network and people involved. The attacker might walk through your DNS tables (using 'nslookup', 'dig', or other utilities to do domain zone transfers) to find the names of your machines. The attacker will browse other public information, such as your public web sites and anonymous FTP sites. The attacker might search news articles and press releases about your company.



Scanning - The attacker uses more invasive techniques to scan for information, but still doesn't do anything harmful. He might walk through all your web pages and look for vulnerable CGI scripts. He might do a 'ping' sweep in order to see which machines are alive. He will run utilities like Nessus in order to see what's available and what is vulnerable. At this point, the attacker has done 'normal' activity on the network and has not done anything that can be classified as an intrusion. At this point, an NIDS may be able to tell you that "somebody is checking door handles", but nobody has actually tried to open a door yet.



Hope this helps those of you who are finding it hard to get hold of useful real info on hacking.

0 comments:

Post a Comment

About Shubham..

My photo
Jamshedpur, Jharkhand, India
A cant-live-without-technology type of teen...Blogger by hobby...