[I Want to Start at the Start]
[I Want to Go Straight to Hacking]
INTRODUCTION:
A little background is needed before we get into hacking techniques.When we talk about ‘Hacking’, we are talking about getting some access on a server we shouldn’t have. Servers are set up so that many people can use them. These people each have different ‘accounts’ on the server – like different directories that belong just to them. If Fred has an account with the froggy.com.au ISP (Internet Service Provider), he will be given:
(1) a login name, which is like the name of your directory; and(2) a password, which lets you get access to that directory.
This login name and password will usually give you access to all of Fred’s services - his mail, news services and web pages. There is also the ‘root’ account, which has it’s own login and password. This gives super-user access to the entire server. We will focus on ‘getting root’, in this help file.
[Ok, I want to move to the 'anatomy of the hack']
[I know all this, let me move straight to hacking]
[I don't have a clue what you're on about, let me read some backgroundon this so called "Internet" you keep referring to <http://www.cyberarmy.com/tute/htext1.shtml>]
THE ANATOMY OF THE 'HACK':
There are two main ways to break into a system. Think of a server as a Swiss Bank Vault. There are two main ways to get in. You can try to get in by finding the combination of the vault. This is like finding the password. It’s how you are meant to get in. The second way is by using dynamite. You forget all about the ‘proper’ way to get in. This is like using ‘exploits’, or weaknesses in the servers operating system to gain access.
[Ok, Let's Go. Tell Me About Not Getting Caught]
[Stuff it, I know how to not get caught, on to the techniques!]
'DON'T GET CAUGHT':
Hacking is illegal, and it is very easy to trace you if froggy.com.au realizes you hacked them. Wherever you go, your IP number (your computer’s unique identification) is left and often logged. Solutions:1. When you set up your account with an ISP, give a false name and address.
[Nah, I can't be bothered, what other things can I do?]
[Ok, I used this trick. What else can I do?]
2. Hack using a filched account (stolen password, etc.). A tool called Dripper <http://www.cyberarmy.com/files/dripper.zip> can steal passwords for you from public net cafes and libraries.
[Nah, just tell me something easy I can do right now]
[Ok, done. Anything else I should do?]
3. Port your connection through something else.
An easy way to do this is to change your proxy settings. By using the proxy settings meant for a different ISP, it can look like you are surfing from wherever that ISP is. A list of proxies you can use is here <http://www.cyberarmy.com/lists/proxy>.
You should also do any important info gathering through the IP Jamming Applet on the Cyberarmy.Com <http://www.cyberarmy.com> to hide your IP.
If you want super anonymity, you should be surfing in an account you set up under a false name, with your proxy settings changed, and also surfing through the IP Jamming applet! Be aware that some ISPs could use Caller ID to test the number of someone logging on. Dial the relevant code to disable Caller ID before calling your ISP.
[I don't understand about the proxy settings thing, let me read more <http://www.cyberarmy.com/tute/htext3.shtml>]
[Ok, I am wired for hyper stealth... Now, I want to HACK!]
INFO GATHERING:To start off, you will probably need to gather information about www.froggy.com.au using internet tools.
[Ok, how?]
[Give me some reading to do about info gathering <http://www.cyberarmy.com/tute/htext2.shtml>]
[No, I've already got all the info, just tell me what to do]
DIRT DIGGING STAGE:
We are now taking the first steps of any hack... Info Gathering.
You should be set up for stealth mode. Get a notepad, and open a new browser window (through the IP Jammer). Bring the www.froggy.com.au 's web page up in the IP Jammer's window. You can load the IP Jamming applet on the Cyberarmy.Com <http://www.cyberarmy.com>.
[Ok, What Now?]
CASE THE JOINT:
1. First, check out the site. Take down any email addresses, copy down the HTML of important pages.
[Done... What Else?]
THE OLD BOUNCING MAIL TRICK:
2. Send a mail that will bounce to the site. If the site is www.froggy.com.au , send a mail to blahblahblah@froggy.com.au . It will bounce back to you and give you information in its header.
Copy the information from the headers down.
(To maintain anonymity, it might be a good idea to send and receive the mail from a free web based provider, such as hotmail.com. Use full stealth features when sending the bouncing mail. This will protect you when they check through the logs after they are hacked.)
TRACEROUTE:
3. Still using stealth features, Traceroute froggy.com.au . This Traceroute search is avaliable from the Hacker's Home Page, in the Net Tools section.
This will tell you the upstream provider of the victim server.
Top of Form 1
TOOLS
Bottom of Form 1
[Ok, what next?]
WHOIS:
3. Still using stealth features, Whois the site. This Whois search is avaliable from the Hacker's Home Page, in the Net Tools section.
This will give you information on the owners and servers that run the site. Write it down.
Top of Form 2
Bottom of Form 2
GIVE 'EM THE FINGER:
4. Finger the site. Use this finger service at Cyberarmy.Com to check the site. Try fingering just with “finger @froggy.com.au ” first. This sometimes tells you the names of all accounts. If this does not work, try fingering any email addresses you found on the site, and through Whois. This will sometimes give you useful information.
Top of Form 3
FINGER @
Bottom of Form 3
THE DEADLY PORT SCAN:
5. Now, we're about to get rough on the site. Port Scan the site.
Port scanning checks for all open ports for an IP. It is extremely useful, however, it practially screams to the webmaster's of the victim site that they are in the middle of being hacked. The is basically no legitimate reason to port scan a site unless you are about to hack it.
There are no very good ways to hide a port scan, but there are a few semi-stealthy port scanners. Most are only for Linux / Unix systems. However, the Exploit Generator for Windows is one that claims to be stealthy. However, if you are trying to enter a very secure site, perhaps forget about port scanning for now, unless you are running Linux.
Though, port scan will tell you all the services a site is running. If port 21 is open, it means they have an FTP server. If port 23 is open, it means they have telnet.
[Ok, What next?]
TELNETTING:
5. The aim of telnetting to the site is basically to try and find out the server type. While your browser is in stealth mode, use the Anonymous Telnet applet in the Cyberarmy.Com <http://www.cyberarmy.com> to open a Telnet window.
Telnet to the site to Port 23. Usually, if the address is “www.froggy.com.au ”, try telnetting to "froggy.com.au ". If this does not work, try to telnet to telnet.froggy.com.au or try telnetting to any of the sites listed as name servers in your previous Whois search. Once you have got access, note any information it gives you, such as server type.
[This worked - I got the server type!]
[None of that worked...]
Now change the telnet to port 21. This should send you straight in to the server's FTP port. If this works, try typing SYST to find out what server type it is.
Now, if you are lucky, try telnetting to port 80, the HTTP port. Note if this gives you any information.
RUNNING LAME PROGRAMS:
You *need* to know the server type to have any hope of hacking the thing. How do you expect to run exploits against it if you cant even figure out what you're dealing with here?
A final resort is to run a program called Whats Running? It doesn't work very well, but will sometimes tell you the server type. It will also probably be logged by the victim server.
If that doesn't work, do anything to find the server type. Even write them an e-mail asking what operating system they're running.
[Ok, I've got the Info... Now I want access!]
HACKING THROUGH THE PASSWORD:
We will now try to go through the front door of the server. As to our analogy, we are trying to find the combination of the safe.
[Ok, I Want Root!]
[Nah, I already know this server will need exploits]
EASY THINGS FIRST:You would kick yourselves if ya spent weeks trying advanced hacking with exploits, IP spoofing and social engineering, just to find that we could have got in by using:$Login: root$Password: rootSo, let’s just try this first and get it out of the way. Unix comes set up with some default passwords, and sometimes these are not changed. So, we telnet to froggy.com.au .Don’t use your usual telnet program. Unless you are using a filched or anonymous account, it will show your IP address to froggy.com.au . With your proxies changed, and everything set for stealth, switch back to the Anonymous Telnet window.Then try the following accounts and passwords:ACCOUNT: PASSWORD(login) root: (password)rootsys: sys / system / binbin: sys / binmountfsys: mountfsysadm: adm...
ms_lo