This thread is in response to someone who asked me to teach them how to hack, Now I don't pretend to know everyting about hacking, but I do intend to write a rough guide to computer hacking, and conversly securing against computer hacking...
It's bound to read a little all over the place as I'm more technically minded than litterary minded...
here goes.
===========
Installment 1
===========
Hacking
This is intended to be a quick guide to hacking, I by no means consider myself an expert, and would really urge people not to go off and hack anyone else's computers. By all means you can set up your own servers and hack your own servers. After all at the end of the day the only real reason for knowing how to hack is just so you can tell people! Personally my job as a network administrator sometimes brings me to the world of hacking, sometimes this will just be some kind of research, sometimes more direct action is taken and programs need to be written to do certain things. Any hacking that I actually do is usually proof of concept, and or checking the week's popular scripts against a web server to check its security. I've written a few programs to perform DOS attacks and have written some brute force telnet password hacking programs, and the best bit, I get paid to do this! But, alas all my exploits are safely contained in a private network, cut away from both the real world of the internet and the business world of the corporate network, my own little playground where I do all my hacking, I suggest, and strongly advise you sort yourself out with a playground for hacking. Certainly don't jump in at the deep end, the banks will not be forgiving, government agencies won't see the funny side of trial hacking, and any small company will just be straight onto your ISP reporting your illicit activities. (I know that for sure, another part of my job is reporting hacking etc to the persons ISP).
Background
Hackers can be split into a few small groups.
Social engineers
Social engineers don't look at the technical aspect of computer crime so much as they look at the targets. All a good social engineer needs is himself, (or herself). Social engineers study the owner of the machines that they are trying to hack in order to make educated guesses as to what passwords could be.
Script kiddies
Seen as the lowest of the low in the hacking world, script kiddies generally leech off of the hard exploratory work of others, running pre-made script against web servers in order to get results.
Hackers
Hackers can be either black hat or white hat; these terms generally mean good or bad. Be they either white hat or black hat, the methods of investigation will be the same, just the end result will be different. (A white hat hacker would usually report a bug whilst a black hat would exploit it!)
Hacking
Hacking is obviously very illegal, so I don't suggest that you try it. at least not on anyone else's' machine. if you want to practise your hacking skills then
I suggest you practise on your own machines. It's not too hard, -get an old second hand PC from eBay and set up a small network.
I recommend that you try to get a server OS, (Windows NT 4, windows 2000 professional, or windows 2000 server. windows XP pro or windows server 2003).
The reason I suggest that you should get these is because all of these OS's come with a version of IIS, you could also get apache from apache.org (It is the worlds most popular web server with a user base of >50% world wide sites served with apache).
Apache is free, relatively easy to configure.
As a last resort you could use a Linux / apache combination, - I say last resort because this will be a lot harder to hack than a Microsoft machine.
[I love the report Root; but we don't need to broadcast such things particularly, thanks] Along the same vein of interest, ASP support comes with IIS, but if you want PHP you'll have to download that from php.net and if you want a database you can get MySQL, the reason I mention these is because these are all services that may be running, and just about every service has an exploit.
It's bound to read a little all over the place as I'm more technically minded than litterary minded...
here goes.
===========
Installment 1
===========
Hacking
This is intended to be a quick guide to hacking, I by no means consider myself an expert, and would really urge people not to go off and hack anyone else's computers. By all means you can set up your own servers and hack your own servers. After all at the end of the day the only real reason for knowing how to hack is just so you can tell people! Personally my job as a network administrator sometimes brings me to the world of hacking, sometimes this will just be some kind of research, sometimes more direct action is taken and programs need to be written to do certain things. Any hacking that I actually do is usually proof of concept, and or checking the week's popular scripts against a web server to check its security. I've written a few programs to perform DOS attacks and have written some brute force telnet password hacking programs, and the best bit, I get paid to do this! But, alas all my exploits are safely contained in a private network, cut away from both the real world of the internet and the business world of the corporate network, my own little playground where I do all my hacking, I suggest, and strongly advise you sort yourself out with a playground for hacking. Certainly don't jump in at the deep end, the banks will not be forgiving, government agencies won't see the funny side of trial hacking, and any small company will just be straight onto your ISP reporting your illicit activities. (I know that for sure, another part of my job is reporting hacking etc to the persons ISP).
Background
Hackers can be split into a few small groups.
Social engineers
Social engineers don't look at the technical aspect of computer crime so much as they look at the targets. All a good social engineer needs is himself, (or herself). Social engineers study the owner of the machines that they are trying to hack in order to make educated guesses as to what passwords could be.
Script kiddies
Seen as the lowest of the low in the hacking world, script kiddies generally leech off of the hard exploratory work of others, running pre-made script against web servers in order to get results.
Hackers
Hackers can be either black hat or white hat; these terms generally mean good or bad. Be they either white hat or black hat, the methods of investigation will be the same, just the end result will be different. (A white hat hacker would usually report a bug whilst a black hat would exploit it!)
Hacking
Hacking is obviously very illegal, so I don't suggest that you try it. at least not on anyone else's' machine. if you want to practise your hacking skills then
I suggest you practise on your own machines. It's not too hard, -get an old second hand PC from eBay and set up a small network.
I recommend that you try to get a server OS, (Windows NT 4, windows 2000 professional, or windows 2000 server. windows XP pro or windows server 2003).
The reason I suggest that you should get these is because all of these OS's come with a version of IIS, you could also get apache from apache.org (It is the worlds most popular web server with a user base of >50% world wide sites served with apache).
Apache is free, relatively easy to configure.
As a last resort you could use a Linux / apache combination, - I say last resort because this will be a lot harder to hack than a Microsoft machine.
[I love the report Root; but we don't need to broadcast such things particularly, thanks] Along the same vein of interest, ASP support comes with IIS, but if you want PHP you'll have to download that from php.net and if you want a database you can get MySQL, the reason I mention these is because these are all services that may be running, and just about every service has an exploit.