how?
Printable View
how?
Your question is too large to answer. Start by being specific. Like, how are hackers breaking into banks. Or how are hackers breaking into webservers and defacing websites.
Then you get into Microsoft and *nix. Both are very different to break into. Narrow your question down a bit, and I am sure you will get some answers.
Breaking into what? Your toaster?
what is it exactly that you want to know?
how did hackers hack you?
how do they break physical security?
How do they break into windows?
A little more (actually a lot more) on the question would help a lot.
Please go into more detail.
I and no one else will be able to help with just "how?"
Take a look at the Hacking Exposed books and other computer security related articles.
Well, that's a bit of a broad questions. They could use any number of methods:
- remote exploit that gets access
- find old accounts/unused accounts
- social engineering
- trojans/viruses that create servers that can be connected to
- brute force
- phishing
And probably some I forgot. There isn't a single answer but there is a method to it. Generally, something like this:
1. Pick a target (reasons for the target varies from attacker to attacker)
2. Gain information on the target
- things like DNS, whois, nslookup, dig would be helpful
- searching newsgroups and forums for postings by people from the target location
- dumpster diving, social engineering, getting inside to gather more information ("sticky note gardens")
- fingerprinting scan to determine OS and services running
- create a diagram of the network based on the above information
3. Elevate privileges or DoS
- depending on the intention the attacker will do one of two things: either get an account to raise privileges or do a DoS. If it's a DoS his attack process stops here. Otherwise he continues
- brute force, old accounts, vacation accounts, etc.
4. Covering tracks
- the attack alters/deletes logs, resets permissions
- puts a backdoor in place so he can come back.
Make more sense now?
Nice post Msmittens, i will ahve to put that into the endless filing cabinets full of txt files.
(if thats alright with you :D )
Yeah i downloaded the wargames tutorial you did MsMittens (the pdf with all of them) really good tutorial, it shed some light on the wargames i have and will play in the future.
Keep it up
By all means.. The Wargames tutorials are based on that idea so if you haven't checked them out, might want to.
sorry2.. the exactly what i mean is ...
how's the hackers can get access to our system..
and exploit our system...
maybe they can view certain private info in the system..
in this case, the system running in windows environment..
that's all 4 this time...
It's still a broad question. Which Windows? Does it have a firewall? AV Software? an user that is aware of security risks and dangerous programs/activities?Quote:
in this case, the system running in windows environment..
Windows 95/98 has 0 security. Windows ME has some security but is very limited in it's security. Windows NT has some but not enough to really with stand simple attacks. Windows 2000/XP/etc are far better.
There is no one way to get in and any number of possible ways. Quite honestly, the biggest factor that determines the success/failure of an attack by an attacker, IMHO, is the user and their awareness of their computer and the risks it faces.
I can say this: there seems to be a trend of attacks using the following techniques:
- social engineering through phishing
- social engineering through P2P programs (Ohh... download Britney today!)
- virus/trojan propagation through the form of "official" support emails
- exploiting flaws in older software like IIS 4/5
- exploiting user 'unawareness' of remote access programs that run by default
- exploiting flaws in IMing software (Yahoo I think was a recent one)
- social engineering through IMing
This is probably a drop in the bucket but I think you get the idea. If you're looking for a step-by-step howto, however, I think you might be on the wrong track in life.
This is, of course, all my own opinion.
I have a window in the toilet closet of my bathroom. Do you think I am susceptible to being hacked?
/insert crickets here
potts> yeah.... hacked to little bits when someone breaks in to your bathroom while you are in the shower....
We could go into a lot of detail to answer the question, but I will answer the question just as general as the question was answered....
How do hackers break inot your computer.... They find an exploit and use it.
how do they exploit it.... bad configuration and crappy software.
Crappy software - No its just that programmers spend a whole lot of time on there projects and programs, but for every programmer there is 10 or more hackers willing to test and shall i say reverse engineer anything that the programmers put forward.
but i guess crappy software can be exploited too :D
you must be more specific.... you know in hacking is not just a simple softaware that you can learn... it's a combination of heart and high IQ...
Knowledge is Power...
Im not an expert, but for what i know, hackers break in, because of Software Exploits, and that includes Windows. Microsoft when have an exploit on there system, they get weeks or even months, to send out a securty update, that gives to hackers plenty time to explore this exploits, find i way to use them to break in, and install something like Backdoor, so that they still can enter even if the user installs the security update.
There are also other ways, has we all know, TCP/IP is not secure, they can hijack connections, spy, or even put thinks in those connections. Hackers and security experts are the supreme users on internet, they know what to look for, and how to use information. But his is my opinion.
Ahem!
Might I politely suggest that responses to threads that are out of date (the date at the top blinks at you ;) ) is not considered to be good practice.
Particularly with a thread of this nature.............the subject is so volatile that the answers would be different on a monthly basis, and this thread is six months old.
:)
Generally speaking, the hacker will first try to get in through the front door, just in case you've left it open. Then they will try the side doors. If those are closed, they try a backdoor. Next they will try the windows to see if they can pry them open. Or they try to pick the locks, which might take them a while. Others might attempt to get in through the roof while others might dig a tunnel under your floor to get in there.
The more brutal hackers will even attempt to ring the doorbell, hoping your child will open the door and make up some excuse for the kid to let them in. Or they just show you a fake badge telling they're from some official organisation and that they *must* have access to your house.
In general, hackers have hundreds of techniques to try and get inside those places where they don't belong. Trick is, is it really interesting for hackers to get inside? If the contents of the site has no value, hackers will be less likely to hack their way inside your site.
Since this thread came alive again, this is what I wanted to say about it, since when this thread was created, I wasn't here yet. :P
Katja: Bwahaha! :D Now, say if they want to perform a DoS attack, on a user, would that be like putting an extra lock on the house or something? :P
A DoS attack on someone's house is easy. Let me give an example: "Hey guys, Free beer at Noia's place! Go there, ASAP! There's unlimited beer available and also other drinks and even food! Believe me! You must go there!"
Not too many people will probably read this so I expect about a dozen visitors at your place. But basically, if this invitation was sent to millions of people, and about half of them would visit you, you would probably not be able to leave your house for a while. Besides, you'd be busy telling every visitor that the invitation is fake.
A computerized DoS attack is similar to this. Just tell as many systems as possible to visit your site. The more systems you get that will visit your site, the more trouble your site will be in.
And of course, your system will go completely mad at one point and crash with a serious nervous breakdown...
Oh gee whiz, you mean I can actually browse for "content"? How about the fact that here is a machine with alot up-time... never mind the amount of bandwidth and cpu cycles that can be used.Quote:
Trick is, is it really interesting for hackers to get inside? If the contents of the site has no value, hackers will be less likely to hack their way inside your site.
I still don't understand why people keep this sort of moronic view of what goes on... meanwhile I mention time and time agian on this site that 99.9% of attacks will have almost no human consciousness behind the scenes. Two or three computers will mass-exploit a few vulnerabilities while a couple others will use wordlists agianst shares and other compromised machines. All the user has to do is issue a command and review results.
MomAndPop.com has to get hit sometime.
And with that remark you just confirmed what I said! :DQuote:
Originally posted here by ¤The¤Spe©ialist
[B]Oh gee whiz, you mean I can actually browse for "content"? How about the fact that here is a machine with alot up-time... never mind the amount of bandwidth and cpu cycles that can be used.
Of course, satisfying their curiosity is one reason for hackers to break in. Some are just plain curious. And some of those hackers will turn out to be malicious and destroy data on your system.
And of course, bandwidth and CPU cycles are very popular for hackers too these days. They can use the bandwidth for spamming purposes, for example. Or to spread around their attacks to more and more systems, building networks of hacked computer systems for them to control. And the CPU time could be used by a hacker in an attempt to crack e.g. an encrypted password file, which would take a lot of brute force in some cases.
So it doesn't just have to be the content of the server that might be interesting to hackers. The server itself can be interesting for them too. Yet hackers who just steal bandwidth or CPU cycles are often less interested in the contents of a site and often will keep the contents alone, to avoid being noticed. In many cases they will even try to avoid spreading around through your webpages since that increases the risk of being detected. IF you want to set up a network of thousands of spambots, you don't want anyone to notice anything suspicious...
However, I do think there's a difference against protecting your server and protecting your site. Websites are often attacked by hackers to collect passwords, bank account numbers and other valuable data. You'll often see fake login pages asking you for this information and even today, many people tend to fall for this trick. Someone could create a website called www.antonline.com and make it appear as this site by just forwarding every client request to this site. And there will be people who don't notice the missing 'i' in the URL and thus nicely fill in username and password, and then they're suprised someone hacked their accounts a few days later. (And maybe a few spam messages will have appeared on this forum...)
But a hacker might also make use of code insertion in your website to steal the same information, and perhaps even more.
You could consider protecting a site and protecting a server as the same thing. I don't, though. Technically, every computer that is connected to the Internet is sensitive to a server attack, where hackers are trying to gain control over as many systems as possible. The chance of becoming the victim of a server attack just depends on the amount of time you're online. (And websites tend to be online 24/7 so they have a big risk.) The chance of becoming the victim of a site attack is relative to the value of the data on your site.
Thirteen year olds who read that crap in the hacker.faq or manifesto thingie do it with the hopes and dreams of turning on their computers and being something. A random title won't get you much attention... but toss the H word around for awhile and even the most mundane computer related tasks some how seem to gain more excitement.Quote:
And with that remark you just confirmed what I said!
Of course, satisfying their curiosity is one reason for hackers to break in. Some are just plain curious. And some of those hackers will turn out to be malicious and destroy data on your system.
curiosity...
I'll call curiosity just another buzzword at best.
hey, i want to know how do hackers see the files in our computer.i mean the way they see it...........im gettin confused myself,sorry.but if anybody who get what im trying to say,please answer it.