Sign in to follow this  
CryoGenesis

Not Really Game Related - How do people hack networks?

Recommended Posts

CryoGenesis    528
I've been programming for quite a while and I've done all kinds of stuff on a single PC. What I don't get is, how do people hack into networks and steal information? I have literally no idea how that works in a language like C++? Where would you even start? Does anyone have any tutorials for this anywhere? What languages are hacking programs written in?

I'm not looking to do anything illegal I'm just very curious.

Share this post


Link to post
Share on other sites
Haps    1331
Generally breaches occur by taking advantage of a known exploit, (before it's patched or by finding unprotected systems,) convincing someone to install software that will provide outside access or record/send information, or using social engineering to pick up enough information to get in another way Edited by Haps

Share this post


Link to post
Share on other sites
teccubus    307
Take a look at phrack.org (not necessarily early issues). For example, issue #49, article "Smashing the stack for fun and profit".
It explains basics of one fundamental, widely used technique of abusing code. Of course, there are many, many other techniques.

Share this post


Link to post
Share on other sites
wicked357    2424
I am not a hacker and I will never claim to be, I have done research though and came across things like first scanning ports of the known IP address, once you have that connect via telnet and check the ports see what kind of technology is running on them and look for known exploits in that technology. That is as far as I got because I honestly have zero desire to go any further. It can be handy to know in some instances. Programming comes in because you can make your own tools to make your life easier.

Share this post


Link to post
Share on other sites
Telastyn    3777
[quote name='CryoGenesis' timestamp='1353960902' post='5004290']
What I don't get is, how do people hack into networks and steal information?
[/quote]

Often times they simply walk right in and ask for it, both figuratively and literally.

When I worked in network security, there was an often quoted figure where 90% of unauthorized access occurred from [i]within [/i]a network. Some disgruntled programmer, an accountant that got a little greedy, a dimwitted VP with a laptop, some guest that liked looking around electronically...

Another good quote was how the most used hacking tool was a clipboard. Physical security is fairly well addressed these days, but it used to be that if you showed up to a business with a clipboard and a smile, people would let you into any phone closet you needed to get access to. [url="http://www.imdb.com/title/tt0105435/"]Sneakers[/url] is a fantastic movie, well ahead of its time in this regard. [url="http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/"]Wired[/url] just had an article about someone calling customer support to steal a guy's info.

For all the wild stories about the evils of hackers, these are still the most common forms of attack.

The next layer are similar sorts of things. You provide input, and the server inside the network does the work for you. Some badly configured networks just let you in and ask for data. Open your browser or query tool, point it at their network and look at things that you maybe shouldn't see. [url="http://xkcd.com/327/"]SQL injection[/url] is the easiest 'attack' to understand here. Some programmer expected you to type in a name, so pasted that text into a SQL statement. You put in a SQL statement instead of a name. So when the code runs, it runs your SQL statement rather than querying by name. C/C++ buffer overflows work the same way, though it's much harder to craft assembly to do what you want than a SQL statement.

The actual tools tend to vary pretty significantly. C is likely still popular because the hardest (and most effective) hacks still involve a whole lot of bit-fiddling. perl used to be pretty popular since it allowed command line web requests easily. JavaScript is increasingly important to perform attacks against poorly implemented website security.

Share this post


Link to post
Share on other sites
MrJoshL    810
It starts with dicks that have nothing better to do with their lives but to steal stuff and go where they are not supposed to go and break laws. Please, excuse the language, but you have to admit it is true.

Share this post


Link to post
Share on other sites
Michael Tanczos    5681
One of the easiest ways to gain entry is to ask.. people are a liability when it comes to computer security. If you can overload someone's brain with enough computer speak they cease to question your authority and start to become even helpful.

One of my personal favs is ARP poisoning as it is easy to overlook for almost everyone. On an Ethernet LAN with computers running the TCP/IP protocol stack it is easy to forget that the stack is actually Ethernet/TCP/IP. IP addresses are most necessary for internetworking (networking between networks) as they provide a way to group and organize a network under a single subnet. A subnet might look like this: 201.100.100.* where the asterisk could be any number from 1-254.

Anywho, computers on an ethernet LAN can't communicate directly by IP address. They actually need to know the MAC address of a local workstation in order to communicate with it through a datagram called "Frames". You've heard packets before, which is what IP uses.. but IP itself is carried inside of Frames in this case.

Now here's the thing.. computers don't know other local computers MAC addresses. How do they get them? They have to ask.. Say Joe's computer is trying to contact IP 192.168.10.200, but to do this it has to get the MAC address for that machine first. It can do this by broadcasting a frame that everyone on the LAN receives asking "Who is 192.168.10.200?" EVERYONE on the LAN receives it.. guess who answers? The machine that is 192.168.10.200 answers back directly. This broadcast frame is called an ARP request.

So here's the hack. A hacker writes software that listens for ARP requests. When one is received the hacker answers the sending device (the one asking "Who is 192.168.10.200?") with the hacker's computer's OWN mac address. This would cause any traffic from the sending computer to go to the hackers computer rather than it's actual destination. This comes in handy if you do things like hijack their gateway. The hacker can even go so far as to do full routing of traffic so that anything that arrives at his computer is sent to the actual company router. This allows the hacker to snoop on everything you are doing online without you so much as even being aware it is going on. Edited by Michael Tanczos

Share this post


Link to post
Share on other sites
hupsilardee    491
[quote name='MrJoshL' timestamp='1353977402' post='5004368']
It starts with dicks that have nothing better to do with their lives but to steal stuff and go where they are not supposed to go and break laws. Please, excuse the language, but you have to admit it is true.
[/quote]

+1 if it weren't the lounge. Anonymous, LulzSec, all these cracker groups you hear about on the news, I estimate that about 1% of the members are actually politically motivated, the rest are probably antisocial basement dwellers who just like breaking things. I concern myself with creating games, something I can enjoy after the fact and show people etc, rather than coding myself into prison, because that's invariably what happens to the biggest hackers.

Share this post


Link to post
Share on other sites
kuramayoko10    390
[quote name='MrJoshL' timestamp='1353977402' post='5004368']
It starts with dicks that have nothing better to do with their lives but to steal stuff and go where they are not supposed to go and break laws. Please, excuse the language, but you have to admit it is true.
[/quote]
Actually, it is hard to judge those people, as it is hard to judge criminals. I don't like to defend criminals, but I have a deep interest in psychology and how the human mind work. There is many people studying it and I like to hear what they say.

For example, there is a [url="https://www.ted.com/playlists/10/who_are_the_hackers.html"]playlist on TED[/url] of 6 videos where they talk about hackers.
One of them is about how the biggest hackers got into this life (btw all of them were arrested and interviewed). But this video in specific is all about how the government should hire those hackers and provide better conditions to them instead of hunting them.

EDIT: Many people recommend [url="http://www.amazon.com/dp/076454280X/ref=rdr_ext_sb_ti_sims_1"]Kevin Mitnick's The Art of Deception book[/url] (I personally can't because I haven't read it). Now, I have read some chapters of the recent (2011) [url="http://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037702/ref=pd_ybh_1"]Ghost in the Wires[/url] book on the bookstore, and it seems pretty insightful. Edited by kuramayoko10

Share this post


Link to post
Share on other sites
ddn3    1610
Mostly its flaws in the OS its protocols or some higher level API ie web server etc.. Humans are probably incapable of writing flawless software so there will always be an opening, it's just a question of how persistent and knowledgable you are. There is some diversity too, some hackers focus on just a few types of API or specialize on some common protocol etc.. some hackers aim for the stars and try to break the big things like finding flaws in the crypto systems fundamental to the current Internet, but the attacks don't have to be directly tech related, alot of hackers also specialize in people hacks ( ie customer service phishing or backdoor hacks, etc.. ).

Share this post


Link to post
Share on other sites
slicer4ever    6760
[url="http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky?currentPage=all"]Here's[/url] an awesome article about a guy who discovered an exploit in dns, it's pretty interesting, and very exciting that if such a flaw had been discovered by the wrong people, a shit storm could have been unleashed on the internet.

Share this post


Link to post
Share on other sites
ApochPiQ    23005
Social engineering is the king of covert intelligence gathering, period.


Next to that, reverse engineering is almost as useful, but far more difficult to master. A good reverser can look at a network traffic dump and figure out how to forge communications with a remote computer (or spy on someone else's communications, or whatever). By the same token, most "real" exploits are discovered by reverse engineering code.

If social engineering won't get you what you're after, the next best bet is to figure out how the systems work and find their vulnerabilities that way. Sometimes this is done without internal knowledge of the systems you want to break (black boxing) but more typically you gain access to the running system in a way that let's you poke and prod it at your leisure (white boxing). Ideally, you white-box against a system that is isolated and contained and under your own control; trying to break into a monitored network is extremely hard to do without being caught.


Basically, it all depends on three things:

- What do you want to gain?
- Who can you compromise to help you in your quest?
- Once you have exhausted the social aspects, what obstacles remain?

Share this post


Link to post
Share on other sites
MrJoshL    810
[quote name='kuramayoko10' timestamp='1354030081' post='5004537']
Actually, it is hard to judge those people, as it is hard to judge criminals. I don't like to defend criminals, but I have a deep interest in psychology and how the human mind work. There is many people studying it and I like to hear what they say.

For example, there is a playlist on TED of 6 videos where they talk about hackers.
One of them is about how the biggest hackers got into this life (btw all of them were arrested and interviewed). But this video in specific is all about how the government should hire those hackers and provide better conditions to them instead of hunting them.
[/quote] With all due respect to those TED speakers and yourself, that would be a foolish thing to do. If cracking (not hacking, technically) is a good payable job in the government or a corporation, obviously people would aspire to be a cracker, no pun intended. That is the wrong thing to do, because with more crackers, there would be obviously more e-crime. The government or a corporation would only hire a few consultants, and they would be the best of the best, the "cream of the crop." You do not want to encourage cracking. To keep the post relevant to games, imagine that you create an online-based multiplayer game and someone comes and ruins it with an easily downloadable crack. That has the potential to ruin your business. Now multiply that by 10x the crackers with 10x the experience and 100,000,000,000x the money from a place 1000x as big, such as Citi or Bank of America. The whole "mega-hacking heist" thing is mildly far fetched, if I may say so myself.

Share this post


Link to post
Share on other sites
ApochPiQ    23005
Don't be so eager to paint everyone who hacks/cracks with the "evil bastard" brush.


A lot of us are whitehats who do security for a living. To be good at this job, you have to understand what you're up against.

Share this post


Link to post
Share on other sites
kuramayoko10    390
@MrJoshL
I didn't mean that the government or corporations should get criminals/suspects and pay them to get more knowledge of their system. I was saying that the guy from the video saw some similarities between the hackers (I use hacker because I am not the media and I know what the term means) and he thinks that the government/corporations should find these guys while they are kids and give them oportunities.

If you watched the whole video you noticed that all of them except one had very little resources when they were kids, still they developed their geniuses in computers.

I know about the speculation of Usama Bin Laden and his training in CIA. But I think the government/corporations know better by now.
Just to give you a real life example. Have you heard about the [url="http://www.guardian.co.uk/media/2011/dec/01/gchq-computer-hackers-ad"]CrackIt[/url] project?
It is the GCHQ from UK doing a challenge to find some whitehats out there. That is awesome (the challenge was pretty cool as well ;)) Edited by kuramayoko10

Share this post


Link to post
Share on other sites
MrJoshL    810
[quote name='kuramayoko10' timestamp='1354061772' post='5004752']
government/corporations should find these guys while they are kids and give them oportunities.
[/quote] How would you find that? I would bet against a kid being able to do any kind of hacking/cracking whatsoever. If you ask a kid about hacking/cracking, they will most likely say, "Oh that's cool, I see that in movies."

Share this post


Link to post
Share on other sites
kuramayoko10    390
[quote name='MrJoshL' timestamp='1354062322' post='5004757']
[quote name='kuramayoko10' timestamp='1354061772' post='5004752']
government/corporations should find these guys while they are kids and give them oportunities.
[/quote] How would you find that? I would bet against a kid being able to do any kind of hacking/cracking whatsoever. If you ask a kid about hacking/cracking, they will most likely say, "Oh that's cool, I see that in movies."
[/quote]
I should probably put a value to kid: someone with more than 10 years old.
If you think they are not capable...
> [url="https://www.adafruit.com/blog/2012/11/23/summer-coding-contest-results-from-raspberry-pi-foundation-piday-raspberrypi-raspberry_pi/"]Raspberry Summer Coding Contest[/url] (Category 13 & under)
> [url="http://www.raspberrypi.org/archives/2544"]Another link with the other submissions[/url]

Are you going to say that the 12yo boy who developed this software (the winner PySnap) is not a programmer and does not have skills? Edited by kuramayoko10

Share this post


Link to post
Share on other sites
MrJoshL    810
[quote name='kuramayoko10' timestamp='1354063039' post='5004762']
I should probably put a value to kid: someone with more than 10 years old.
If you think they are not capable...
> Raspberry Summer Coding Contest (Category 13 & under)
> Another link with the other submissions

Are you going to say that the 12yo boy who developed this software (the winner PySnap) is not a programmer and does not have skills?
[/quote] Well, I stand corrected. I should not have stereotyped as I did. There are intelligent children out there and foolish adults. Cracking is a part of digital life, and won't go anywhere in the future. If a kid stumbles on this website and this post, don't go you go on a crackin' now, youngin'. I will rest my case at that.

Share this post


Link to post
Share on other sites
kuramayoko10    390
[quote name='MrJoshL' timestamp='1354064430' post='5004772']
Cracking is a part of digital life, and won't go anywhere in the future. If a kid stumbles on this website and this post, don't go you go on a crackin' now, youngin'. I will rest my case at that.
[/quote]
I second that [img]http://public.gamedev.net//public/style_emoticons/default/smile.png[/img]

Share this post


Link to post
Share on other sites
Talroth    3247
It is all exploits of one kind or another as others have mentioned. Find a hole, some gap or oversight, and figure out a way to do something unexpected with it.

That, or just be bold and go after people directly.

I've been part of physical security reviews for a few agencies and allied governments in a past job. Some of the things myself and the team I worked with pulled off were down right scary. Carried loaded weapons and a (fake) explosive device into a room with representatives from half a dozen nations, with zero credentials on me or anyone else on the team. How? I wore a nice tailored suit, carried a brief case full of folders stamped Top Secret, and had one of the team member's 16 year old sister in tow pretending to be my intern/assistant. Get to the first check point, and I'm not on the list. "Why am I not on the list" Blame the intern for failing to confirm this meeting, go off on her for a series of previous mistakes. I get asked for ID, "Wait, I left it in the other bag"... The bag the intern forgot to bring when we were leaving the office. Go off on her some more, she is now crying, she is the reason we're late, etc, etc, etc, vitally important, national security, etc, etc, etc. Drop names of people who are there at a meeting that isn't suppose to be public knowledge... Suddenly myself, a pair of 'agents', and one watery eyed intern are being escorted by a single front desk guard, who should have known better, through the next two layers of security, manned by armed men should also should have known better. Got in the meeting room itself, apologized for interrupting, turned around, and asked to speak to the head of security for the event.

Why were we able to do this? Because people like to see what they expect to see. People assume things, and are overly trusting when they feel safe, and don't bother looking beyond what they think they already no. Computer systems are even worse, as they can't look beyond what their programmers have told them to.

Nothing will ever be 100% secure. There will always be flaws, gaps, and the like that one can exploit in one way or another. Whether these elements are part of a programmed system, or part of the human element involved in those systems, doesn't matter. The point is that they will exist, and all we can do is stay as alert as possible and patch holes as we find them.

Share this post


Link to post
Share on other sites
slayemin    6089
I used to "hack" when I was going to community college. I was a young, dumb, naive 19 year old kid at the time. My motive was to gain reputation and respect for my computer skills, with the hope of being hired to a lucrative job after college. My way of doing that was to try to prove that I knew more than everyone else there by "hacking". I had some experience in programming, which helped. Here's what I did:

-Browse the network shares. You have no idea how many folders are shared which contain sensitive data! I got a roster of all the phone numbers and addresses of all the staff members because it was publicly available! As well, I found an excel spreadsheet with all of the teachers salaries and all of the students SSN's. PUBLICY AVAILABLE! It was about the dumbest thing I've seen.
-Shoulder surf dumb people who were put into admin positions. They type their password so slow that anyone can see what it is by watching them type it on the keyboard.
-I wrote a Win32 app which pretended to be a network printer requesting login credentials for printing services. The app was stored on an open fileshare, and, with the admin password, I added a registry key to the run key which ran the app remotely and stored the stolen credentials in clear text on a file share. I also stored my source code on a school computer, which was found, and then I was caught. There was so much that I did wrong, and it was one of my greatest learning experiences in college.

Reputation: You want a [i]good[/i] reputation, not a [i]bad[/i] reputation. By even [i]hinting[/i] at being a hacker of any sort, whether you are or not, creates a [i]bad[/i] reputation for you. If you are a hacker, [i]never, ever, ever[/i] talk about it with anyone else. You do not want the reputation which comes with it, or even the percieved reputation.
Sys Admins: Be friends with them. Help them out. If you find a vulnerability or a security hole, [i]tell them about it[/i]. You may or may not be the first to find it, but everyone is in danger as long as its open. My SSN was publicly available, just as well as everyone elses, and every day it was available was a day of borrowed time until an identity thief found it and exploited it. Some day, you too will be a sys admin, with the responsibility of keeping thousands of workstations and servers secure. And you'll be really thankful when someone tells you about a security problem.
Philosophy: Hacking is inherently [i]destructive. [/i]Destruction is counter-productive, helps no one, and is easy to do. It's better to pursue [i]constructive[/i] endeavors. They're [i]much[/i] more intellectually challenging and [i]much[/i] more rewarding (financially and mentally), and generate the [i]good[/i] type of reputation you want to have.

That's about all I have to share.

Share this post


Link to post
Share on other sites
hybrid_ham    109
Open ports are a usual gateway. These can happen from bad software or something that can be sniffed and altered. Sly hackers have a low chance of being caught, they use internet proxies where the admins don't pay attention to logs or are giving out information freely to "be somebody" in resentment of their company morals. Right now I have 5 remote computers that I could use at any point because of my job and I'm not even a network admin but I have computer administrator rights because I need them for my job. If I wanted to go sour on the company, I could pass out any of the information to a trusted source.

I was in a group that did good and bad things and there were tons of things shared with me that I didn't use and you weren't mandated to do anything nefarious. They had non-traditional paths to media stored all over the net - I could basically get any book I wanted for free. People would post entry points and talk about scripts they dropped, they made it very easy to do anything you wanted. Now, I joined this group because it was a security forum but once I was made a moderator their darker side showed, this wasn't public information. They still exist but I won't say their name. It was mostly curiousity based searches that led them to issues online so I don't think that they need to be "exposed" for something like that.

Even myself I have found lots of things wrong while just roaming the net, I usually tell the website owners if they have addresses listed, I even got an email back from issues I found at a .gov site saying thanks. Hackers white or black have usually read the RFCs and understand how systems should work online, that's what makes them potent, not necessarily a programming base although I can't name one person from that community that didn't have an interest in programming. When you know how something is put together, you have better chances of taking it apart. Some of them also set up honeypots too for investigation, they offer resources or leave exploits open to watch people interact with the system and log what they do so that they have a method to combat them. Plenty of them were half and half or grey, they chose when to be naughty but the majority of the time were nice. All of them had a job in IT in some fashion, even if it was just help desk.

After being involved with that security group, I don't trust many templates, frameworks, or prefab anythings online because I saw so many have tons of security holes. That's what I learned from the experience so I'll pass that along.

On the subject someone mentioned of social engineering, that is useful stuff. I learned that a certain company wouldn't talk to third party providers when I was trying to get information for an API, once I figured out how to talk to them as if I was confused and threw a bunch of company information at them, they would cave in (against their own security policies) to give me the back-end login information I needed to complete my project without the client having to interrupt their tasks for me. Now, what if I really weren't authorized to do what I was doing... the customer service was a leak wide open. Guess the subject? Credit card transactions.

When I worked at the state we had to change our passwords every 15 days, one of the managers came up with a method to do it based on certain things, everyone was using the same password and there was one older woman that had the scheme on a sticky note on her monitor to remember it. Sometimes network tightening leads to humans doing workarounds that cause security problems that anyone roaming the buildings could find out. All you would need is a UPS uniform to walk freely around lots of buildings. Edited by hybrid_ham

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this