Sign in to follow this  
tom_mai78101

What is "hacking"?

Recommended Posts

tom_mai78101    693
I mean, in movies, in books, in some online chat, in games, etc., I know a lot of people think of hackers as some people who can use their computer skills and go through firewalls, tap into private files, access secret information, and do amazing things with computers.

What is hacking?

I could not think of anything that does what a hacker does. Try searching this in Google: "How do you take down someone else's firewall?". You won't find any answers out there.

I'm not trying to go over the line, not making you or me or anyone else become an illegal hacker or something. I'm being skeptical about "hacking". In a technical sense, I'm a wimp at knowing these things.

For example,

[img]http://i1207.photobucket.com/albums/bb464/tom_mai78101/Untitled-3.png[/img]

You are in Room A, and you want to hack into a firewall and go to Room B. Let's say this firewall is infinitely powerful with a weakness you have exploited yourself, and you are this firewall's owner. So, that way, hacking your own firewall is perfectly legal. And your mission is to hack through the firewall, and be able to reach Room B.

By using C or C++, I don't seem to see a way that allows your program to go through that firewall. I couldn't imagine how you write your source code that you can hack your way through that weakness.

And once you've reached Room B, what do you do after that?

And do you believe the fictitious "hackers" out there capable of doing those amazing things in movies, or books? Do they exist? If yes, tell your story please. :D

Share this post


Link to post
Share on other sites
Hodgman    51234
What is hacking?
Hacking is not necessarily malicious. It's not necessarily about breaking into things.

A hacker is someone who is enthusiastic about tinkering with things and learning how they work. A mechanic could be a hacker. A quilt-maker could be a hacker. A vet could be a hacker (although that would be scary).
[hr]
Regarding your firewall diagram, you write a program to send a network packet via one (or many) of the protocols the firewalls speaks. The packet is malformed in some way to deliberately exploit a bug in the firewall's software, which allows you to change the way that it operates.
Read this: [url="http://altdevblogaday.com/2011/06/06/buffer-overflows/"]http://altdevblogada...ffer-overflows/[/url]

If you don't know of any bugs in the firewall's software that you can exploit, you go to it's login page and type in:
[font="Courier New"]username: admin[/font]
[font="Courier New"]password: admin[/font]
and hope for the best [img]http://public.gamedev.net/public/style_emoticons/default/tongue.gif[/img]

As for real-life "hackers" who figure out these exploits, they've got [url="http://www.blackhat.com/"]their own conference[/url]!
[hr]
Before the internet was huge, a lot of effort went into 'hacking' the telephone networks, which people called 'phreaking'.
If you could handle a soldering iron, you could build yourself a [url="http://en.wikipedia.org/wiki/Blue_box"]small box[/url], which emitted certain tones that would fool the phone system into giving you free telephone calls.

Some of the early equivalents of The Pirate Bay (etc) thrived on the ability to connect to [url="http://en.wikipedia.org/wiki/Bulletin_board_system"]BBS[/url]'s for free via phreaking.

Another hacking arena is "[url="http://en.wikipedia.org/wiki/Social_engineering_(security)"]social engineering[/url]" (aka "meat hacking"), which is basically just the art of being a con-artist. Often this can be the most powerful a simplest kind of computer hack -- just trick someone into handing over their password!

Share this post


Link to post
Share on other sites
alvaro    21246
Typically the firewall will let some types of connections through. Otherwise, you may as well not be connected to the network in the first place. Let's say the firewall lets through requests on TCP port 80 (default HTTP port for the web). If there is a web server in room B which has some vulnerability (search the web for IIS or Apache vulnerabilities, for instance), a hacker might be able to force the web server to execute arbitrary code (learn about buffer-overflow attacks). That way the hacker might be able to run a remote shell in the server in room B. The hacker can probably do plenty of things from there, but if the server is running an OS with unpatched vulnerabilities, privilege escalation is possible.

So basically hackers rely on software defects to gain access. Unfortunately software defects seem to be a fact of life. But we software developers should try to learn enough about these techniques to make our software secure.

Share this post


Link to post
Share on other sites
Telastyn    3777
[quote name='tom_mai78101' timestamp='1310996216' post='4836797']
What is hacking?
[/quote]

This will vary depending on who you're talking to or what the context is. In general hacking in this context refers to exploiting a flaw in a program. It could be a buffer overrun, it could be SQL injection, it could be a timing issue, it could be exploiting a random number generator's un-randomness....

[quote]
By using C or C++, I don't seem to see a way that allows your program to go through that firewall. I couldn't imagine how you write your source code that you can hack your way through that weakness.

And once you've reached Room B, what do you do after that?
[/quote]

It depends on the weakness. In the most traditional version, a buffer overflow attack there's a flaw in the firewall about how it uses C style strings (or buffer parsing). You would write a program (or simple script) to send data to the internal host that is malformed so that the firewall tries to read say... 10000 bytes into a 64 byte buffer. Due to the details of how programs work on many systems, code sits next to data. When the bytes are written to the buffer (remember, buffers in C are just pointers) it writes over the bytes after the actual 64 byte buffer. If you send the right data, it will overwrite the firewall's code with the code you sent. That code is usually something like 'open me a command prompt and listen for more instructions'. As the firewall continues running, it then runs that code instead of the code that it should've.

After that it's academic to go where ever you'd like in the DMZ. Firewalls though are pretty bulletproof. Finding a flaw in code on B (that you can legitimately access) is more common these days.

[quote]
And do you believe the fictitious "hackers" out there capable of doing those amazing things in movies, or books? Do they exist? If yes, tell your story please. :D
[/quote]

[url="http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBUQFjAA&url=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0105435%2F&rct=j&q=imdb%20sneakers&ei=CT4kTt6gMcyatwe11tG-Aw&usg=AFQjCNFq41RTE50hV9Rsx8Ev6koZOtP5sA&cad=rja"]Sneakers[/url] is probably the most accurate hacking movie you'll find (mostly because it points out that many exploits are human in nature, not technological). By and large, movies overplay their capabilities and never show what it actually involves because it's boring, tedious work.

Share this post


Link to post
Share on other sites
tom_mai78101    693
Thanks for those.

So, hacking is "tinkering objects to find exploits that gives you what you wanted"?

Other than using firewalls, movies depicted that hackers can lock out other users, and take the computer as if the hacker owns it in that person's room. Is that possible, taking control of remote computers?

Since, hacking and firewall are two compassionate objects, strung together very easily. I was thinking if the term "hacking" has other technical uses other than "firewall breaching"?

Share this post


Link to post
Share on other sites
Telastyn    3777
[quote name='tom_mai78101' timestamp='1310999632' post='4836821']
Other than using firewalls, movies depicted that hackers can lock out other users, and take the computer as if the hacker owns it in that person's room. Is that possible, taking control of remote computers?
[/quote]

Absolutely. The buffer overflow example I gave should make that clear. Once you've found the exploit, you can run [i]any[/i] code that the user running the code with the exploit could run. If the user is root/admin that means removing users, creating users, (un)installing software... anything. SQL injection follows a similar path. You can run any DB commands as the user who's running the software with the exploit.

Other exploits tend to have less impact.

Share this post


Link to post
Share on other sites
Ecofina    84
I happen to have much experience with hacking, and I'd like to point you to some sites that have helped me develop and polish my hacking skill.

[url="http://www.hackthissite.org/"]Hack This Site[/url] ~ This is the ultimate resource for hackers, imo. It teaches you all the basics of hacking on the internet, such as using JavaScript and SQL injections, and even has "missions" for you to test your skills out on. Highly recommended, a great forum community too.

[url="http://www.happyhacker.org/"]The Happy Hacker[/url] ~ This is a little more advanced, but it teaches you how to use your command line (a little black window that comes with your computer to type special commands in) to hack. You can use it to do stuff on your computer, normally, but there are also a handful of commands that can access the internet and aid you in hacking someone, such as the telnet command, which you can use to enter a computer through an open port. It also teaches you how to forge email.

These are great for beginners to intermediate hackers. The more advanced stuff is rather secretive, and us high level hackers don't generally tell new comers about these resources, because if everyone knew exactly how to hack, the internet would be rather unsafe. :wink:

Good luck!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this