November 19th, 2003, 08:26 AM
Very inexperienced, need a little advice.
Hi, I'm quite new to hacking but have always been interested in computing. I've been reading up on the basics of port scanning, sniffing, telnetting and stuff like that through various sources (especially your superb tutorials) that I found through google.
I've also been playing about with programs like netcat, l0phtcrack, Essential nettools, Cain, and Ethereal, I'm finding it a bit hard to put the writing into practice though,
I've used l0phtcrack to brute force my own password from the SAM file to see how secure it was and used ettercap to explore my local network (I'm on cable broadband) but I cant seem to be able to do anything constructive as I only have 1 PC (running Windows XP) and my ISP blocks various ports (137 (UDP), 138 (UDP), 139 (TCP), 445 (UDP & TCP), 593 (TCP), 1433 (TCP), 1434 (UDP) and 27374 (TCP) Inbound only. ) So I can't explore via NETBIOS at peoples network shares and stuff like that.
I'm determined to stay away from sub7 and similar programs as I want to explore and learn the right way, and not damage peoples computers and lame stuff like that. I've played around using these tools on my own PC but there's only so much I can learn that way. Any general advice and a push in the right direction would be greatly appreciated.
Sorry for the long post.
November 19th, 2003, 08:29 AM
Well a good way to learn is to set up your own home network with different OS's and read everything you can find. A good way to get computers is usually just put in an ad in your local newspaper asking for computers and/or parts that people dont want anymore.
#!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)
November 19th, 2003, 08:32 AM
Looks like you're on the right track, but remember this is an online security site.
November 19th, 2003, 08:33 AM
I will say this much atleast your not a true lamer.
Dude first thing. Dis the wanting to learn about hacking. Learn to secure yourself and it will come.
*He/She that can secure can also make insecure, say the Great Idiot
Ok... Next pick up a programming book. It has all you will need to know. Languages come in handy when doing anything.
Next stop asking hacking questions here please. That is not the direct point of the site. The direct route is about helping you protect your Computer.
I will save my own comments about what you said. Alot of it doesn't make sense.
I thought access to your same wasn't granted while someone was logged in.
I could be wrong. As I always say. I can be wrong. And just might be.
November 19th, 2003, 08:37 AM
These tutorials do rock
November 19th, 2003, 08:47 AM
Thanks for the replies. I've only got one PC at the moment, with another one half built due to money problems. Once I manage to finish it I intend to network them together so I can learn on my own network. I've got no intention of trying to break into other peoples computers to do damage them or anything like that , I probably phrased my last post a little wrong. I just want to learn as much as possible about networking, security, and general computing. Once my other PC is ready I will (hopefully) be putting linux on it and learning to use that, as I've never used it before, and then using each computer to explore the other one, looking for flaws in the security and learning how they work and how to protect them. I'm just gonna keep reading stuff off here and then trying to apply it to my own network. I suppose after all the only way to know you're secure is by trying to break your security yourself.
Thanks again for replying and I hope I learn a lot from you guys.
*Edit, It's true that the SAM file is locked while you're logged in but the copy of the file stored in the "\Windows\repair" folder isn't. It's an older version of the sam, probably from when I installed XP, It's only got the default accounts on it but the Administrator account you set up when you first install is there (as long as you didn't change it since then).
November 19th, 2003, 01:21 PM
I think that most of it has been said. I appreciate the cash situation when you are a student.....it is not unusual for a student to leave college in the UK owing $30,000 to their bank......takes some catching up on!
I think fl34bit3 gave some good advice about unwanted equipment
Corporations depreciate (amortize) their equipment over time. Typically this is 3 years. After this time the machines have no book value in the Corporations assents inventory. Because they are relatively low spec. and as the Corporation gets bulk discounts, they were probably not that expensive in the first place.
You should be able to pick up old ex-corporate machines quite cheaply.............I got a PI/133 Digital and a PIII/533 IBM for about $35 each, and that included the screen, mouse and keyboard. Remember for your private network you do not need a screen and input devices for all the machines, and you can get connectors that let you run more than one PC from the same mouse/keyboard/screen. At the end of the day even old 486s will do the job that you want, and I doubt if you need more than two of them (without a screen & keyboard you should be able to get those for free..............time to prime family and friends to keep their eyes open?).
As they are ex-corporate, they will usually have a 10/100 network card in them already? which is a saving. Although local shops that refurbish used machines usually have a lot of those that they have no use for. These are they guys who get old ex-corporate boxes and upgrade them for home use.
November 19th, 2003, 01:45 PM
I have some Pentium 75 base units with 10mb network cards. (several of)
If anyone wants one or all PM me.
I ask only that you pay the postage or swap something equally useless.
November 19th, 2003, 03:09 PM
Hye Dami3n u sound pretty similar 2 me.Though i am also new 2 this place,
Hope we have a nice time round here,
November 19th, 2003, 03:57 PM
Good post. Let me offer a couple suggestions.
Be careful with the use of port scanning on random sites. That is normally viewed as the first step in an attempted break-in, and it is possible a complaint will be sent to your ISP.
There are sites that exist TO be hacked, checked out, and explored. If you want to learn more and utilize some tools, these sites are a great (legal) way to get your feet wet.
I am sure there is a complete list on this site somewhere, or you can go to www.happyhacker.org and get a list of such sites.
By the way - happyhacker is posted as a legal site to try and hack.