|
-
September 21st, 2004, 12:16 PM
#1
Senior Member
Signs of being hack?
How is hacking done?
The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?
I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.
Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?
FYI, i'm using a winxp box. with ZA firewall 
-
September 21st, 2004, 12:42 PM
#2
Being scanned doesn't mean you're actively being "hacked". Being scanned is part of being online these days and is a result of scriptkiddies trying some program they've found and viruses roaming the Internet.
As for your other questions, you're on the right track but there's no one way to compromise a system. Most attacks have a common form but that doesn't mean it always works like that.
And yes, you can hide processes from the taskmanager. Therefor it is possible to hide a backdoor.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
September 21st, 2004, 12:44 PM
#3
1) Yes
2) By adding program to startup
3) Can reistrer some dll files to run with other programs, t.ex. internet explorer
// too far away outside of limit
-
September 21st, 2004, 12:45 PM
#4
Re: Signs of being hack?
The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?
an open port is a possibility, not a vulnerability. Attacker needs a open port AND a vulnerability to attack
I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.
on the contrary, it shows that your firewall is detecting and defending your computer from an attack. Attacker can load a malware in several ways, since the hard ways (thru a network attack, as ive mencioned before) to the easiest way: http exploits and e-mail attachments.
Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?
Unfortunatelly, there are still ways to avoid a program to be showed on task manager. However, you can see those on "hijackthis" utility, except if the malware is installed as a system driver or something like that (i dont know anyone that do that)
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
September 21st, 2004, 12:49 PM
#5
Re: Signs of being hack?
Be a hip cyber-beatnik...
Originally posted here by Death_Knight The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?
Been reading happy-hacker and playing uplink have ya?  Look up stack & heap overflows.
Originally posted here by Death_Knight I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.
Scans... external scans then, not likely. Every home user I've seen has some form of adware, get regprot and hijackthis!.
Originally posted here by Death_Knight Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?
Yes.
FYI, i'm using a winxp box. with ZA firewall
Ummm yeah, whatever. Help! Tech-support! Blehhh... Like I give a crap.
-
September 21st, 2004, 12:53 PM
#6
1.Scan for open ports
2.Find a daemon running on one of these ports which can be exploited
3.erm..exploit it
4.Get root if you can...the system's 0wn3d..so now the um..cracker can do w/e he likes...install a trojan/backdoor if you will for future access
5.Rot in jail after you're caught(couldnt help it sorry lol)
Yes,background processes are one of the ways you can check...it depends really...logs..all kinds..firewall etc etc..if you're a server then any signs of unusual traffic..you get the pic
Programs can be hidden from biew in the task manager but if it's a trojan then it'll usually start when you boot...hence it will show up in msconfig
[edit]
Dammit,I swear I started writing this when it just came out![/edit]
-
September 21st, 2004, 01:19 PM
#7
[edit]Dammit,I swear I started writing this when it just came out![/edit]
You need to type faster ;-)
As for checking your system, if the attacker installed a rootkit you'll have a very difficult time checking using the tools on that system (none of the tools on that system can be trusted). You'll need external, staticly linked tools to be able to scan such a compromised system.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
