Basic question on hacking servers (clarication)

Printable View

November 16th, 2001, 03:46 PM
Inferno_x_2001

Basic question on hacking servers (clarication)

For a little while now ive been wondering how big name server hacks go down, such as fbi, nasa stuff, even just corporate sites and stuff. How do they actually break in? I hear "Exploit" everywhere, but what do these exploits actually exploit, i mean, i know they exploit bugs, but what kind of bugs?

I just don't see how they're hacked other than getting bad/easy user+pass combos (admin:admin, guest:guest etc), but what else? I think you'll get my drift now.

I don't want to know this to do it myself, i just want some clarification..... thanks in advance.

(PS im not a total newbie just to this kind of hacking)
November 16th, 2001, 03:59 PM
pwaring

Bugs in scripts (particulary CGI) can allow crackers to execute commands on the server through their web browser, including copying the password file to their computer. A particualy infamous example of this is the PHF script - however now almost every web server is protected from this exploit (damn!) :D
November 17th, 2001, 03:04 AM
Inferno_x_2001

oh ok, thanks for that. Just needed clarification on the subject
November 17th, 2001, 12:51 PM
Therealmaster

Re: Basic question on hacking servers (clarication)

Quote:

Originally posted by Inferno_x_2001
but what else?

Well...as pwaring said there are bugs in scripts and in programs, there are also systems that "trust" you, when they shouldn't and allow you to do things that you shouldn't, this could be a bad setup or ip spoofing where you pretend to be another user. there are also buffer-overruns, which exploit problems in code, not necessarily bugs, that let you run code that you shouldn't. hope this helps.:)
November 20th, 2001, 05:36 AM
Tedob1

Lets not leave out the ubiquitous email trojan, thats how m$ became a playground for a couple of weeks.