Results 1 to 8 of 8

Thread: How can a hacker finds exploits in my system

  1. #1
    Junior Member
    Join Date
    Feb 2003

    Exclamation How can a hacker finds exploits in my system

    How can a hacker finds exploits in my system

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    Plain and simple: research.

    Check out the Wargames tutorials as they give insight into the process of launching an attack. In a simple form:

    1. Attackers pick a target

    2. They do research on the target;
    - Whois, nslookups: find out physical locations, server locations
    - dumpster diving
    - social engineering
    - network/computer footprinting (find out what services are running on what OSes)
    - research vulnerabilities of what was found

    3. Either DoS attack or break into the system. If it's a DoS it stops here. If it's a break in..
    - Obtain account from step 2.
    - use said account to run exploit on system based on information found in step 2
    - exploit system to elevate privileges
    - take whatever the target is (data, CCs, etc.)

    4. Cover tracks and put in backdoors
    - alter logs or delete logs to hide activities
    - put in hidden account(s) so that target can be compromised again.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    A rather broad question but here goes:

    1. By getting physical access to your PC
    2. Scanning open ports and using an exploit that compromises whatever is using them
    3. By getting you to open a trojan in e-mail or P2P
    4. Via a malicious script on an infected website
    5. Via infected media like CDs & floppies (rare these days)
    6. Via a network aware worm.
    Just a few ideas


  4. #4
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Personally, I don't think it's as important to know how they get into your system (at first) as it is to know how to keep them *out*. There's plenty of info about either on this site.

    Securing: (Ennis's tutorial) (Prodikal)

    Windows exploits (Noodle) < I'm not exactly crazy about this one...

    And you can find all the tutorials on anything here: (Negative's massive index)

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    3rd Rock from Sun
    OS 98
    Skill Set network administration
    Occupation hacker

    these from the profile ?
    strange question from a hacker.
    stranger still the OS, unless they really enjoy the challenge of securing their PC ?
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    Deceased x acidreign x's Avatar
    Join Date
    Jul 2002
    all too often victim systems are not being (specifically) targeted for attack. The majority of attacks are done by scanning a range of IP addresses by testing connectivity to ports that correspond to services running on host computers that have known exploit(s) the attacker can take advantage of. For instance, the RPC DCOM exploit used by half the virii/worms that were written last year exploited a service running on port 135, so an attacker would send (or run a program that sent) packets to port 135 on every host within a given range of addresses and those that responded were noted and later exploited using what is called a buffer-overflow exploit, which basically tells your computer to send a command to your processor that is too big for it to process, the command is truncated, the first part of it is benign, imitating any other command the service that is being exploited would send to the processor, the remaining portion contained instructions telling the computer to open up a hole for the attacker to use to access your system. because this portion is being processed seperately from the first part of the command, it doesn't read as being sent from the process it was actually sent from, so it can be processed as a system level command (a command the computer has basically given itself) so it is not subject to security measures and thus has pretty much carte blanche to do with your system as it pleases. and it usually pleases very much to start a service called netcat on your system allowing the attacker remote system access via a remote-commandline utility of the same name, so your attacker has basically the same access as you do from command line logged in as administrator. this strikes me as funny, because most windows users log in as, at most, power users, meaning the attacker has more control of their computer remotely than they do sitting right in front of it. virii and worms dont bother running netcat when they have access, they go right to the destruction, copying themselves to the target system and running themselves.

    <EDIT> read this post, if there is any part of it you don't understand, do a little research before you ask another question like this. a person who can't even understand the simple network and computer hardware terms used above has no business attempting network security, nor the maturity to do so responsibly.</EDIT>
    :q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Originally posted here by foxyloxley
    OS 98
    Skill Set network administration
    Occupation hacker

    these from the profile ?
    strange question from a hacker.
    stranger still the OS, unless they really enjoy the challenge of securing their PC ?
    Based on this, now I wonder if you are really actually interested in how to secure your box, or if this isnt a weak social engineering attempt....AKA Im about the level of a skiddie and want to know how to increase my 1337 skilz
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  8. #8
    It depends on what your running....if they find a sploit on you, just remember it doesn't mean they can do everything to you....

    But as the guy with the cartmen avatar said, basically they look up your information and exploit you based on that. If you have a certain service running....lets say AOL that is exploitable, a hacker might know this and take advantage of it... Basically an exploit is where you take advantage of a vulnerability in a service, you can only protect yourself against exploits from patching certain things, having strict firewalls...av you know the like. Unless you can patch your own software wich I doubt if your asking this question..
    My guess is that your asking this question either to know how you exploit someone or to protect yourself. To protect yourself use the above.

    To find exploits, however, it takes alot of testing. There is 'black box' testing, where you don't have teh source code. And 'white box' testing where you do have the source code. Alot of people who program alot know the vulnerabilities of a certain aspect of a program, so they use that and test and test and test.. For instance, MS was using an unsigned integer for there bitoffset in processing .bmp files in IE.. Basically, you could take advantage of this bad programming practice and exploit it. Basically finding a vulnerability is just testing testing testing....or stumbling across it lol. Thats how you find a vulnerability to exploit in a given service. Now finding the actual service that you want to exploit a vulnerability on..that's tricky.

    As i'm sure some people stated above..nmap, nslookup, etc etc. Portscans give you alot of information as well, also fingerpriting. Basically, alot of common services run on teh same port. Lets say that from fingerprinting the person you found that he's on windows, and that he has ports 25, and 80 open..this could lead you to beleive that he's using http based e-mail..just in general. Once you find the services there running you can then plan on finding vulnerabilities to exploit. Thats just an overview..
    Signature image is too tall!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts