I used to "hack" when I was going to community college. I was a young, dumb, naive 19 year old kid at the time. My motive was to gain reputation and respect for my computer skills, with the hope of being hired to a lucrative job after college. My way of doing that was to try to prove that I knew more than everyone else there by "hacking". I had some experience in programming, which helped. Here's what I did:
-Browse the network shares. You have no idea how many folders are shared which contain sensitive data! I got a roster of all the phone numbers and addresses of all the staff members because it was publicly available! As well, I found an excel spreadsheet with all of the teachers salaries and all of the students SSN's. PUBLICY AVAILABLE! It was about the dumbest thing I've seen. -Shoulder surf dumb people who were put into admin positions. They type their password so slow that anyone can see what it is by watching them type it on the keyboard. -I wrote a Win32 app which pretended to be a network printer requesting login credentials for printing services. The app was stored on an open fileshare, and, with the admin password, I added a registry key to the run key which ran the app remotely and stored the stolen credentials in clear text on a file share. I also stored my source code on a school computer, which was found, and then I was caught. There was so much that I did wrong, and it was one of my greatest learning experiences in college.
Reputation: You want a good reputation, not a bad reputation. By even hinting at being a hacker of any sort, whether you are or not, creates a bad reputation for you. If you are a hacker, never, ever, ever talk about it with anyone else. You do not want the reputation which comes with it, or even the percieved reputation. Sys Admins: Be friends with them. Help them out. If you find a vulnerability or a security hole, tell them about it. You may or may not be the first to find it, but everyone is in danger as long as its open. My SSN was publicly available, just as well as everyone elses, and every day it was available was a day of borrowed time until an identity thief found it and exploited it. Some day, you too will be a sys admin, with the responsibility of keeping thousands of workstations and servers secure. And you'll be really thankful when someone tells you about a security problem. Philosophy: Hacking is inherently destructive. Destruction is counter-productive, helps no one, and is easy to do. It's better to pursue constructive endeavors. They're much more intellectually challenging and much more rewarding (financially and mentally), and generate the good type of reputation you want to have.
Open ports are a usual gateway. These can happen from bad software or something that can be sniffed and altered. Sly hackers have a low chance of being caught, they use internet proxies where the admins don't pay attention to logs or are giving out information freely to "be somebody" in resentment of their company morals. Right now I have 5 remote computers that I could use at any point because of my job and I'm not even a network admin but I have computer administrator rights because I need them for my job. If I wanted to go sour on the company, I could pass out any of the information to a trusted source.
I was in a group that did good and bad things and there were tons of things shared with me that I didn't use and you weren't mandated to do anything nefarious. They had non-traditional paths to media stored all over the net - I could basically get any book I wanted for free. People would post entry points and talk about scripts they dropped, they made it very easy to do anything you wanted. Now, I joined this group because it was a security forum but once I was made a moderator their darker side showed, this wasn't public information. They still exist but I won't say their name. It was mostly curiousity based searches that led them to issues online so I don't think that they need to be "exposed" for something like that.
Even myself I have found lots of things wrong while just roaming the net, I usually tell the website owners if they have addresses listed, I even got an email back from issues I found at a .gov site saying thanks. Hackers white or black have usually read the RFCs and understand how systems should work online, that's what makes them potent, not necessarily a programming base although I can't name one person from that community that didn't have an interest in programming. When you know how something is put together, you have better chances of taking it apart. Some of them also set up honeypots too for investigation, they offer resources or leave exploits open to watch people interact with the system and log what they do so that they have a method to combat them. Plenty of them were half and half or grey, they chose when to be naughty but the majority of the time were nice. All of them had a job in IT in some fashion, even if it was just help desk.
After being involved with that security group, I don't trust many templates, frameworks, or prefab anythings online because I saw so many have tons of security holes. That's what I learned from the experience so I'll pass that along.
On the subject someone mentioned of social engineering, that is useful stuff. I learned that a certain company wouldn't talk to third party providers when I was trying to get information for an API, once I figured out how to talk to them as if I was confused and threw a bunch of company information at them, they would cave in (against their own security policies) to give me the back-end login information I needed to complete my project without the client having to interrupt their tasks for me. Now, what if I really weren't authorized to do what I was doing... the customer service was a leak wide open. Guess the subject? Credit card transactions.
When I worked at the state we had to change our passwords every 15 days, one of the managers came up with a method to do it based on certain things, everyone was using the same password and there was one older woman that had the scheme on a sticky note on her monitor to remember it. Sometimes network tightening leads to humans doing workarounds that cause security problems that anyone roaming the buildings could find out. All you would need is a UPS uniform to walk freely around lots of buildings.
Edited by hybrid_ham, 02 December 2012 - 09:58 AM.