January 11th, 2005 03:56 PM
(sigh)I'm kind of tired of this...
Alright. Whenever I try to find some kind of way to learn how to hack, I always get the "ABOUTS" on the subject. The books I try to read... 'I will only tell you the basics so you can be on your way...' WTF!
What I am looking for is the step by step guide to doing this stuff. I have a small network. My main man (computer) is my laptop with Wi-Fi, and XP. I would really like to practice. Teach me something. I hear the people and websites and books say that DoS, spoofing, interception...etc is HOW they do it. BS. The word how is what I expect to tell me the details. So start me off. I've been trying to learn this stuff since I was 15. All the resources tell me the same thing. (sigh). I would prefer doing this stuff for the government or some buisness one day instead of being in a cubicle typing out paperwork for agendas. If you aren't comfortable replying out the open to this post then please pm me.
Thank you for your time,
Sam L. Fisher
January 11th, 2005 04:02 PM
You need to learn it, because you need to be aware of the cause and effects of such activitites. Plus every system is different you can't just say do step 1, 2, & 3 and your in. This is a very immature way about it. I suggest you start cracking some books and clicking away at some sites or you won't learn JACK!
January 11th, 2005 04:06 PM
Well how about taking this old skool approach....
1) Learn exactly how something operates under normal conditions. This is easier said than done.
2) When you completely understand how something operates, see what happens when you attempt to use it in ways not intended.
3) Document your findings when it behaves in ways it should not.
Congrats. You are on your way to discovering and documenting exploits/bugs.
As a side note, if step-by-step guides are what you are looking for, perhaps this site isn't the exact right place for you. Step-by-step guides have not been seen here in eons.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
January 11th, 2005 04:11 PM
You seem to be approaching this vast subject from the wrong point of view - you want to learn it all right now. Forget it, most of the most able here have spent many years learning all the different facets of the subject. The first thing you really need is to understand how a network _really_ works and an operating system of your choice. Without that basis of knowledge everything will pass you right by.
Then you need to begin with the small steps. The first thing to realize though is that if you have nice gleaming fully patched systems on your network then most of the small steps won't work because they have already been patched. You need to install a base system and not patch it. Then try a little NETBIOS hacking for example... Once you get the hang of that you can move on up to the more complicated ways of gaining access.
As you build from the "lesser" techniques that are well documented on the net you will find the documentation for the more advanced stuff easier to find.
Just make sure you have full permission to use the techniques on the boxes you do, otherwise your life could become very unpleasant.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
January 11th, 2005 04:23 PM
DoS: There are tools for DoS all over the place. Also you might be interested in DDoS if you are looking to take down a bigger web site. The tools are available for a number of operating systems. Looking on Google for you, I have found some stuff:
http://security.royans.net/info/post...aq_ddos4.shtml this runs in *NIX. Includes a make file and is all done for you. Read the header on how to compile it.
http://data.uta.edu/~ramesh/cse4392-5392/DOS.html this is pretty explainatory.
spoofing- That's a big subject. What kind of spoofing? Somebody can spoof a web site and call it real to steal your credit card numbers. Some spoof IPs to bypass firewalls. The list goes on and on. Okay, I looked on Google (There's the magic URL again) and found these:
That may be useful. Maybe not. To spoof a website to steal credit card numbers from unsuspecting saps, make sure you make the site look just like the real one, and send out e-mails asking people to "verify" a credit card number. Sould be easy enough, and watch the money roll in... jut do not let the cops catch you.
interception: You mean packet sniffers? There are a lot of packet sniffers. http://www.ethereal.com/ comes to mind. Also, do not forget your handy-dandy nmap to scan hosts. Oh, you may want the URL to that as well: http://www.insecure.org/nmap/
Here is the moral of the story: Nobody is going to hold your hand. You need to research yourself, use Google. Use your head. Learn to ask the right questions. Take a class. Slow down because you need to learn to crawl before you can fly. Blah, blah, blah.
Testing vulneralbilities on your own network or whatever setup you have is a good idea, and there is plenty of ways to learn about it. Step by step. there are a lot of automated tools to check for network holes, and other ways to protect yourself. Look around. It IS there. The problem is, it is not in just ONE book as we all want it to be. If it were that simple, everybody would be an expert.
Sadly. I am not one of them. Ah forget I said anything in this post.
January 11th, 2005 04:35 PM
A good place to learn basics on webhacking for example is doing the missions @ hackthissite.org.
But do not try to do the missions to impress people. If you get stuck google and read on the subject while you have a good playground to test things, since its legit there. I found that a very nice and playful way in learning some basic techniques.
Oh and you might wanna learn the OSI and TCP/IP - models first ....
January 11th, 2005 05:09 PM
I think hollywood is to blame for most of these types of questions. Movies like wargames/hackers/swordfish/The Matrix (all great movies) make it look so easy. Point and click with some cool Gui.
Hacking is not just knowing how to use a packet sniffer or run a DoS on a site. Hacking is what you know. Can you make the computer do what you want? Do you have an understanding of more than one OS/programming language? If so your already becomming a hacker.
I too have spent every minute I have to spare on computer since 15. I am now 23 in those short years I have learned that most "Hackers/Crackers" who say they are "elite" so to speak. Are simply script kiddies running programs designed to do all the work for them.
With that said, there are several REAL hackers out there. A good system admin is a hacker, a software engineer is a hacker.
If you want to know how to break into computers you do not own, run DoS attacks against random sites or cause damage to what someone has worked hard to create this is not a hacker. This is not even a black hat hacker. I call these types Flackers. (Fake Lazy Hackers) Simply put people who can click "Run" but can not find out what is really going on.
If you want to be a real hacker like everyone has said read, read, read. Forget those "Hacker secrets revealed" books, those are trash. Check http://www.oreilly.com/ for some great books on networking, linux, unix, tcp/ip. These books are hacking books.
Whats a \"START\" button?
January 11th, 2005 06:02 PM
This is the perfect way to become a skript kiddie. By the way, being told how to do something is just as bad. You don't know what your really doing, your just following someone elses directions to see what happens.
Originally posted here by Donkey Punch
DoS: There are tools for DoS all over the place.
What a lame way to go about it. Why don't you just pick up the next issue of Blacklisted 411 and educate yourself.
January 11th, 2005 06:23 PM
Uh.. there is already a well known term for these types: script kiddies.
If you want to know how to break into computers you do not own, run DoS attacks against random sites or cause damage to what someone has worked hard to create this is not a hacker. This is not even a black hat hacker. I call these types Flackers. (Fake Lazy Hackers) Simply put people who can click "Run" but can not find out what is really going on
January 11th, 2005 07:02 PM
A step by step guide to the netbios hack is attached.
It's not my work and I can't remember where I go it from...............It's bloody old.
But as per Tiger sharks post, some place to start.
and an up yours to The horse
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry