September 4th, 2004 09:17 AM
Tiger, I had exact the same thing going. I pretty much regret it tho, cause i would be far more than i am now of course, altho i believe I'm catching up quite good atm.
I then had a forced break from computing and, even though I have a pretty fine idea of how it works at the processor level... I'm still trying to catch up.....
September 4th, 2004 09:26 AM
I think I'm pretty good in programming Java, I am the worst C++ coder on this planet. I also mess with x86 assembly. I know html, xml and css and will never be able to make a profesionnal looking website because I have no leet photoshop skillz.
I f*** around with C++ in attempts to write exploits (non-remote) in which I succeed from time to time. I've also written various lame viruses in assembly, having studied the little/giant blackbook of computer viruses and numerous articles on the subject.
I consider myself knowledgable in the networking field. I have/am reading also (read) books dealing with Distributed computing and Operating system concepts.
I know how to abuse any protocol there is to abuse and can haxor your web based applications by utilizing xss, sql injection, ssi abuse and so on.
Yet, I lack practial experience in this. I might have the knowledge to exploit STP for example, I don't think I am able to use it practically to my advantage when presented a network which uses it. Although I have done assessments on various websites and then reported the webmaster about holes I have often trouble succesfully exploiting sql injection vulnerabilities.
I don't know much about cryptography apart from the general things.
I am pretty much unable to crack any algorithm. I think I will be reading on this in the future.
Like many know, appart from browsing around I can do nothing in Linux/Unix.
I don't understand why various people in the security field always want knowledge to be practically useful. What about simply the thurst for knowledge?
I don't think it's too important to know how exploits work, but instead learning how to be creative with the vectors so you can prevent an attack.
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content
September 4th, 2004 09:30 AM
I wish I could enumerate here trillions of skills and vast knowledge. Maybe in time...
Anyway given the fact that I first had a computer at home [and steady access to a computer in general] only about 4 years ago, my skills, although not very in-depth, are fairly varied. I learn a lot doing online wargames and challenges of sorts, and so far my skills include [all of the following at a pretty basic level]:
- SQL injections
- http spoofing
I also seem to have a [pretty] good eye for patterns, which helps out with some of the weaker cryptographic systems [that are linear]. I am pretty interested in cryptography and cryptanalysis and I spend time coding stuff in C/C++ just so I have a reason for feeling bad when code doesn't work. As for programming languages I know some C/C++, and although I did about 4 years of [not very intensive] Pascal in school I can't say I remember anything about it. Maybe if I see some code it'll come back to me... Oh yeah, and I tried out some Perl, didn't get a chance to dive into it as much as I would've liked. I guess starting Tuesday [and my first year in University] I'll get a better grasp of Java. And I'm set on really paying attention to math class [then stats] because they really give you an incredible advantage in programming. It's not that I don't like it, just that last 3 years were repetitive and uninteresting for me.
When it comes to networks my knowledge is even more limited. I don't think I fall into the script-kiddie category because of using tools like Nessus/Nmap once in a while, because let's face it, it would be stupid reinventing the wheel everytime somebody designs a new car. I'm currently working on getting a better grasp of general TCP/IP and understanding as much as possible from it.
OSes... I did use MS-DOS 6.0 when it was still something 'fresh', but I had better things to do then [like playing Lotus and Prince of Persia] Right now I completely dumped Windows and am working on understanding Linux better. I still maintain an above-average understanding of the Windows OS and whatnot.
Anyway too much babble over little things. At least I keep learning, just that sometimes I lose myself... being interested in a lot makes it hard to get really good in one thing, but it's not as bad as it might seem
September 4th, 2004 09:31 AM
It is embarrassing but I was on the defacing seen in early 2000. Then I got into network administration and pretty much IT helpdesk ****. Since 2002 I have been a network admin/IT helper dude
September 4th, 2004 11:33 AM
ok, i'll bite too.
i've "hacked" several web app's (like admin logins and online stores) and let the site admin know how i did this and how to fix it.
i've found a hole in the internet content filter at work (also told the admins what's wrong).
i've been able to (from a simple user account in win2k) get all the passwords (more then 1200) from our complete company . also told how to do this to the admins.
i've used wireless to access several VERY important (password protected) computers from the company next door (also told them how to fix it).
i've been able to get past the restrictions in the w2k domain at work (like no cmd.exe, no registry tools, no taskmgr, no search). all that kind of stuff.
i've written a couple of programs in C, a password generator, mastermind and a keylogger. nothing too fancy but just started learning it 3 months ago
i've passed the ngsec exam with 78 points (although i don't see this as "hacking".)
i have taken control over several computers via the netbios shares (also told the owners how i did this).
i've started linux about 7 months ago.
and the beauty of it all, i was a guy who really hated computers (since my dad has a lot of knowledge in them) and i wasn't able to format a floppy untill almost 2 years ago.
all the above things have happened in the last year, i just have a lot of luck learning extremely quick
so i don't really have that much experience, but in the next years to come, my experience and knowledge will grow...
September 4th, 2004 11:37 AM
Now this explains my title under username 'AO newbie' . well i know little bit about both programming and networking. but last when i attended my CCNA classes, to increase my hold over this area i'm planning to buy second hand computer and learn it over my home network. As good labs are not available anymore which allow you to test your knowledge by hacking into test system in lab itself(security policy).
about programming i know pascal,C++,little C and worst level COBOL too.
It\'s all about sense of power.
September 4th, 2004 11:58 AM
Reminded to me by lepricaun's post... I did manage to gain access to somebody's wireless network while I was casually coding away over some coffee at a local StarBucks... decided to power up Airsnort and Ethereal and sniff out what was coming on the airwaves... found a bunch of default-install APs... changed MAC to a sniffed one [Ethereal capture told me what was what] then retried DHCP-ing... was online for about two minutes I think [because being the idiot that I am I forgot to try and access the AP config page instead of IRC and Yahoo :s]
It's not something that impressive, I know especially on a non-encrypted connection most WinXP default install machines will 'get hacked' into a wireless connection... but it felt good seeing some stuff I'd learnt working out so nicely 'in real life'.
September 4th, 2004 10:10 PM
two minor things which are not really hacking! Which makes me feel lame cause I don't know jack **** when it comes to "owning" a system. My former high school was the testing ground! Being bored as it comes,I decided to test out some ideas of mine which mainly deal with batch scripting with dos. My first thing was making a batch script which would run after autoexec.bat started up, this bypassed the novell login screen and bleeched ms-dos out on the desktop. I could, of course, run anything I wanted<iexplore, explorer, etc> without them knowing who I was unless they found out which computer it was running and walk down to where I was. Second, another batch job; which started again after autoexec.bat . It main job was to copy a certain text file to the printers and everyone hooked up to that server also copied itself to other puters. This of course created panic cause of all the printing and disappearing HD space. Over time it crashed the server two times to record. I fixed the problem after I seen what it had done and stoped messing with the system. Msmittens changed me around and I stopped doing stupid things like this. Since then I been trying to learn as much as I can: html,css,dos, and starting to get into real programing languages like c++ and assembly when I have my time.
What are you hacking achievements?
theres my lame history.
September 5th, 2004 05:32 AM
I'll bite because it's late and I'm bored.
I started off programming in Turing and GWBasic and I've been addicted ever since..
Most people here have read about my 'questionable' background in the past but I'll post it again for the sake of people who haven't seen other posts.
I originally coded some simple dos based apps (computer lockout software for example) and I also wrote (along with my cousin) a small application that appeared to be a useful calculator and filled your hard drive before you were done your first calculation (Mind you this was before the days of hard drives in the GB ranges).
I spent a couple years exploiting those conference call websites (they call you and up to 7 other people) and also various shopping cart web-apps when online shopping was still in it's infancy. Around the same time as this I was playing with skiddie tools and pinned down an ISP who'd dropped my account for a day or two. I still remember who excited I was when I wrote my own app to exploit the +++ATH0 Vuln in Hayes Compatible modems.. After I had that software I got into Warez and would drop the connections of people in DCC FServe Queues so that my buddies could download their software quicker. I also coded a small BASH script to determine a persons OS... this was before nmap was as good as it is today... when scripts like that were still needed.
I eventually got out of that phase and quickly learned how easy it was to get yourself an admin menu on the old novell systems at my HS with a little social engineering and a text editor. I made spending money by giving friends Internet access from the library. That was the same year that I wrote a DOS app that looked like it was formatting the hard drives of the library servers... Almost gave our admin a heart attack.
During the rest of my HS years I decided it was time to stop doing illegal things and moved over to the legal side. I started recovering lost data from disks and CDs, quite often with nothing more than a hex editor. Made 50 bux and 100% on a calculus exam one day to recover my Guidance Counsellors daughters validictory speech. I dabbled briefly on the darkside again by continuously crashing the Cisco routers during a CCNA exam using some HTTP exploits in older versions of the IOS.
These days I do minor security/pen testing for friends and small businesses as well as playing myself. I don't get to do a lot at work because it's more of a Helpdesk job, however I coded a port scanner last semester (I wanted a custom job) to scan Residence computers for virus infections which open remote ports and create a report. These days I find myself installing software and recovering files... I've recovered a few systems from toasted states.. but it's nothing like I used to do.. Most of my excitement comes from running around with a Fluke LinkRunner and MicroProbe.. I don't get to do it very often though.. but I've stumbled across a Rogue DHCP server lately.... which isn't very exciting but it was something... I'm also responsible for keeping our old eserver running... the ftp daemon died and no one else even knew how to restart it.. I think it's time for a reinstall but I'm not nearly excited enough. Last year at some point, I completed the Hack This Site challenges before it made it's move over to the new server (http://www.hulla-balloo.com/hack/topscores.php - #89 with Kwiep at #8 )... that was kinda cool.
I could go into more details, but I feel like I'm writing an autobiography.. there's lost more in there.. but some of it I don't want to mention and some of it isn't worth mention.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
September 5th, 2004 09:52 PM
Does anyone else feel this question is similar to walking into a national NRA meeting and asking:
"So how many of you have shot and killed someone? Please raise your hand."