21 replies to this topic

[CryoGenesis]

I've been programming for quite a while and I've done all kinds of stuff on a single PC. What I don't get is, how do people hack into networks and steal information? I have literally no idea how that works in a language like C++? Where would you even start? Does anyone have any tutorials for this anywhere? What languages are hacking programs written in?

I'm not looking to do anything illegal I'm just very curious.

[Haps]

Generally breaches occur by taking advantage of a known exploit, (before it's patched or by finding unprotected systems,) convincing someone to install software that will provide outside access or record/send information, or using social engineering to pick up enough information to get in another way

Edited by Haps, 26 November 2012 - 02:26 PM.

[J. Evola's Apprentice]

Take a look at phrack.org (not necessarily early issues). For example, issue #49, article "Smashing the stack for fun and profit".
It explains basics of one fundamental, widely used technique of abusing code. Of course, there are many, many other techniques.

[wicked357]

I am not a hacker and I will never claim to be, I have done research though and came across things like first scanning ports of the known IP address, once you have that connect via telnet and check the ports see what kind of technology is running on them and look for known exploits in that technology. That is as far as I got because I honestly have zero desire to go any further. It can be handy to know in some instances. Programming comes in because you can make your own tools to make your life easier.

[Telastyn]

What I don't get is, how do people hack into networks and steal information?

Often times they simply walk right in and ask for it, both figuratively and literally.

When I worked in network security, there was an often quoted figure where 90% of unauthorized access occurred from within a network. Some disgruntled programmer, an accountant that got a little greedy, a dimwitted VP with a laptop, some guest that liked looking around electronically...

Another good quote was how the most used hacking tool was a clipboard. Physical security is fairly well addressed these days, but it used to be that if you showed up to a business with a clipboard and a smile, people would let you into any phone closet you needed to get access to. Sneakers is a fantastic movie, well ahead of its time in this regard. Wired just had an article about someone calling customer support to steal a guy's info.

For all the wild stories about the evils of hackers, these are still the most common forms of attack.

The next layer are similar sorts of things. You provide input, and the server inside the network does the work for you. Some badly configured networks just let you in and ask for data. Open your browser or query tool, point it at their network and look at things that you maybe shouldn't see. SQL injection is the easiest 'attack' to understand here. Some programmer expected you to type in a name, so pasted that text into a SQL statement. You put in a SQL statement instead of a name. So when the code runs, it runs your SQL statement rather than querying by name. C/C++ buffer overflows work the same way, though it's much harder to craft assembly to do what you want than a SQL statement.

The actual tools tend to vary pretty significantly. C is likely still popular because the hardest (and most effective) hacks still involve a whole lot of bit-fiddling. perl used to be pretty popular since it allowed command line web requests easily. JavaScript is increasingly important to perform attacks against poorly implemented website security.

[MrJoshL]

It starts with dicks that have nothing better to do with their lives but to steal stuff and go where they are not supposed to go and break laws. Please, excuse the language, but you have to admit it is true.

[Michael Tanczos]

One of the easiest ways to gain entry is to ask.. people are a liability when it comes to computer security. If you can overload someone's brain with enough computer speak they cease to question your authority and start to become even helpful.

One of my personal favs is ARP poisoning as it is easy to overlook for almost everyone. On an Ethernet LAN with computers running the TCP/IP protocol stack it is easy to forget that the stack is actually Ethernet/TCP/IP. IP addresses are most necessary for internetworking (networking between networks) as they provide a way to group and organize a network under a single subnet. A subnet might look like this: 201.100.100.* where the asterisk could be any number from 1-254.

Anywho, computers on an ethernet LAN can't communicate directly by IP address. They actually need to know the MAC address of a local workstation in order to communicate with it through a datagram called "Frames". You've heard packets before, which is what IP uses.. but IP itself is carried inside of Frames in this case.

Now here's the thing.. computers don't know other local computers MAC addresses. How do they get them? They have to ask.. Say Joe's computer is trying to contact IP 192.168.10.200, but to do this it has to get the MAC address for that machine first. It can do this by broadcasting a frame that everyone on the LAN receives asking "Who is 192.168.10.200?" EVERYONE on the LAN receives it.. guess who answers? The machine that is 192.168.10.200 answers back directly. This broadcast frame is called an ARP request.

So here's the hack. A hacker writes software that listens for ARP requests. When one is received the hacker answers the sending device (the one asking "Who is 192.168.10.200?") with the hacker's computer's OWN mac address. This would cause any traffic from the sending computer to go to the hackers computer rather than it's actual destination. This comes in handy if you do things like hijack their gateway. The hacker can even go so far as to do full routing of traffic so that anything that arrives at his computer is sent to the actual company router. This allows the hacker to snoop on everything you are doing online without you so much as even being aware it is going on.

Edited by Michael Tanczos, 27 November 2012 - 06:02 AM.

[hupsilardee]

It starts with dicks that have nothing better to do with their lives but to steal stuff and go where they are not supposed to go and break laws. Please, excuse the language, but you have to admit it is true.

+1 if it weren't the lounge. Anonymous, LulzSec, all these cracker groups you hear about on the news, I estimate that about 1% of the members are actually politically motivated, the rest are probably antisocial basement dwellers who just like breaking things. I concern myself with creating games, something I can enjoy after the fact and show people etc, rather than coding myself into prison, because that's invariably what happens to the biggest hackers.

[kuramayoko10]

It starts with dicks that have nothing better to do with their lives but to steal stuff and go where they are not supposed to go and break laws. Please, excuse the language, but you have to admit it is true.

Actually, it is hard to judge those people, as it is hard to judge criminals. I don't like to defend criminals, but I have a deep interest in psychology and how the human mind work. There is many people studying it and I like to hear what they say.

For example, there is a playlist on TED of 6 videos where they talk about hackers.
One of them is about how the biggest hackers got into this life (btw all of them were arrested and interviewed). But this video in specific is all about how the government should hire those hackers and provide better conditions to them instead of hunting them.

EDIT: Many people recommend Kevin Mitnick's The Art of Deception book (I personally can't because I haven't read it). Now, I have read some chapters of the recent (2011) Ghost in the Wires book on the bookstore, and it seems pretty insightful.

Edited by kuramayoko10, 27 November 2012 - 02:04 PM.

[ddn3]

Mostly its flaws in the OS its protocols or some higher level API ie web server etc.. Humans are probably incapable of writing flawless software so there will always be an opening, it's just a question of how persistent and knowledgable you are. There is some diversity too, some hackers focus on just a few types of API or specialize on some common protocol etc.. some hackers aim for the stars and try to break the big things like finding flaws in the crypto systems fundamental to the current Internet, but the attacks don't have to be directly tech related, alot of hackers also specialize in people hacks ( ie customer service phishing or backdoor hacks, etc.. ).

[slicer4ever]

Here's an awesome article about a guy who discovered an exploit in dns, it's pretty interesting, and very exciting that if such a flaw had been discovered by the wrong people, a shit storm could have been unleashed on the internet.

[ApochPiQ]

Social engineering is the king of covert intelligence gathering, period.


Next to that, reverse engineering is almost as useful, but far more difficult to master. A good reverser can look at a network traffic dump and figure out how to forge communications with a remote computer (or spy on someone else's communications, or whatever). By the same token, most "real" exploits are discovered by reverse engineering code.

If social engineering won't get you what you're after, the next best bet is to figure out how the systems work and find their vulnerabilities that way. Sometimes this is done without internal knowledge of the systems you want to break (black boxing) but more typically you gain access to the running system in a way that let's you poke and prod it at your leisure (white boxing). Ideally, you white-box against a system that is isolated and contained and under your own control; trying to break into a monitored network is extremely hard to do without being caught.


Basically, it all depends on three things:

- What do you want to gain?
- Who can you compromise to help you in your quest?
- Once you have exhausted the social aspects, what obstacles remain?

[MrJoshL]

Actually, it is hard to judge those people, as it is hard to judge criminals. I don't like to defend criminals, but I have a deep interest in psychology and how the human mind work. There is many people studying it and I like to hear what they say.

For example, there is a playlist on TED of 6 videos where they talk about hackers.
One of them is about how the biggest hackers got into this life (btw all of them were arrested and interviewed). But this video in specific is all about how the government should hire those hackers and provide better conditions to them instead of hunting them.

With all due respect to those TED speakers and yourself, that would be a foolish thing to do. If cracking (not hacking, technically) is a good payable job in the government or a corporation, obviously people would aspire to be a cracker, no pun intended. That is the wrong thing to do, because with more crackers, there would be obviously more e-crime. The government or a corporation would only hire a few consultants, and they would be the best of the best, the "cream of the crop." You do not want to encourage cracking. To keep the post relevant to games, imagine that you create an online-based multiplayer game and someone comes and ruins it with an easily downloadable crack. That has the potential to ruin your business. Now multiply that by 10x the crackers with 10x the experience and 100,000,000,000x the money from a place 1000x as big, such as Citi or Bank of America. The whole "mega-hacking heist" thing is mildly far fetched, if I may say so myself.

[ApochPiQ]

Don't be so eager to paint everyone who hacks/cracks with the "evil bastard" brush.


A lot of us are whitehats who do security for a living. To be good at this job, you have to understand what you're up against.

[kuramayoko10]

@MrJoshL
I didn't mean that the government or corporations should get criminals/suspects and pay them to get more knowledge of their system. I was saying that the guy from the video saw some similarities between the hackers (I use hacker because I am not the media and I know what the term means) and he thinks that the government/corporations should find these guys while they are kids and give them oportunities.

If you watched the whole video you noticed that all of them except one had very little resources when they were kids, still they developed their geniuses in computers.

I know about the speculation of Usama Bin Laden and his training in CIA. But I think the government/corporations know better by now.
Just to give you a real life example. Have you heard about the CrackIt project?
It is the GCHQ from UK doing a challenge to find some whitehats out there. That is awesome (the challenge was pretty cool as well ;))

Edited by kuramayoko10, 27 November 2012 - 06:22 PM.

[MrJoshL]

government/corporations should find these guys while they are kids and give them oportunities.

How would you find that? I would bet against a kid being able to do any kind of hacking/cracking whatsoever. If you ask a kid about hacking/cracking, they will most likely say, "Oh that's cool, I see that in movies."

[kuramayoko10]

government/corporations should find these guys while they are kids and give them oportunities.

How would you find that? I would bet against a kid being able to do any kind of hacking/cracking whatsoever. If you ask a kid about hacking/cracking, they will most likely say, "Oh that's cool, I see that in movies."

I should probably put a value to kid: someone with more than 10 years old.
If you think they are not capable...
> Raspberry Summer Coding Contest (Category 13 & under)
> Another link with the other submissions

Are you going to say that the 12yo boy who developed this software (the winner PySnap) is not a programmer and does not have skills?

Edited by kuramayoko10, 27 November 2012 - 06:41 PM.

[MrJoshL]

I should probably put a value to kid: someone with more than 10 years old.
If you think they are not capable...
> Raspberry Summer Coding Contest (Category 13 & under)
> Another link with the other submissions

Are you going to say that the 12yo boy who developed this software (the winner PySnap) is not a programmer and does not have skills?

Well, I stand corrected. I should not have stereotyped as I did. There are intelligent children out there and foolish adults. Cracking is a part of digital life, and won't go anywhere in the future. If a kid stumbles on this website and this post, don't go you go on a crackin' now, youngin'. I will rest my case at that.

[kuramayoko10]

Cracking is a part of digital life, and won't go anywhere in the future. If a kid stumbles on this website and this post, don't go you go on a crackin' now, youngin'. I will rest my case at that.

I second that

[Luckless]

It is all exploits of one kind or another as others have mentioned. Find a hole, some gap or oversight, and figure out a way to do something unexpected with it.

That, or just be bold and go after people directly.

I've been part of physical security reviews for a few agencies and allied governments in a past job. Some of the things myself and the team I worked with pulled off were down right scary. Carried loaded weapons and a (fake) explosive device into a room with representatives from half a dozen nations, with zero credentials on me or anyone else on the team. How? I wore a nice tailored suit, carried a brief case full of folders stamped Top Secret, and had one of the team member's 16 year old sister in tow pretending to be my intern/assistant. Get to the first check point, and I'm not on the list. "Why am I not on the list" Blame the intern for failing to confirm this meeting, go off on her for a series of previous mistakes. I get asked for ID, "Wait, I left it in the other bag"... The bag the intern forgot to bring when we were leaving the office. Go off on her some more, she is now crying, she is the reason we're late, etc, etc, etc, vitally important, national security, etc, etc, etc. Drop names of people who are there at a meeting that isn't suppose to be public knowledge... Suddenly myself, a pair of 'agents', and one watery eyed intern are being escorted by a single front desk guard, who should have known better, through the next two layers of security, manned by armed men should also should have known better. Got in the meeting room itself, apologized for interrupting, turned around, and asked to speak to the head of security for the event.

Why were we able to do this? Because people like to see what they expect to see. People assume things, and are overly trusting when they feel safe, and don't bother looking beyond what they think they already no. Computer systems are even worse, as they can't look beyond what their programmers have told them to.

Nothing will ever be 100% secure. There will always be flaws, gaps, and the like that one can exploit in one way or another. Whether these elements are part of a programmed system, or part of the human element involved in those systems, doesn't matter. The point is that they will exist, and all we can do is stay as alert as possible and patch holes as we find them.