Sunday, March 8, 2009

To the Beginners

To all the Beginners

The metamorphism into a hacker

Welcome to Hackthissite, a non-profit organization intended to teach you about computer security/hacking. Look around the site and you will find Missions to be completed and a well-maintained forum. Take time to read the articles available here and increase your repertoire of knowledge. Feel free to ask, and asking as a script kiddie is a skill in itself which I will cover later.

What is taught here
The main focus on Hackthissite is web hacking and exploitation. For this knowledge of HTML is necessary as it is the bread and butter of things to come. Take time to learn it here:

http://www.w3schools.com/

Have fun doing the challenges, have a determination to learn and you will become a great hacker in no time.

What about hacking in the movies

Movies such as Die Hard 4.0 show hacking as what most teenagers and villains do. This is entirely false as preteens as young as 12 learn and the majority of hackers are “White Hat”. This is a stereotype which many civilians believe hackers are.

Next is the “hacking part” in the movies. You hear them mention about Nmap and there is a certain program opened with black background and white text only with strange code on it. Now this is “Server Rooting,” a very advanced type of hacking. This is hacking into the server and exploitation of the operating system, which takes years of hacking to even get to the “newbie” part of it.

[u]How about the hacking programs online? Do they make me a hacker?[/u]

Most certainly not. There programs are made by hackers, obviously black hat, to infiltrate into the script kiddie community and wreck havoc. What you don’t know is that there may be a line of code in there which makes you contribute to a huge DOS attack.

A hacker can be defined as this:

http://www.catb.org/~esr/faqs/hacker-howto.html#attitude

A hacker hacks by exploiting code and hacks manually, not using the program of others. If he needs a program he shall program it himself.

[u]What programming language should I learn? Many people say that I shouldn’t start on BASIC but it’s so simple![/u]

I am a victim of the bad syntax of BASIC. Once you learn BASIC it is very hard to break the bad habit of its syntax. Especially a wide gap as switching from BASIC to C++. However this does not mean it’s a bad language. It still is a programming language but once you master BASIC you should stick to BASIC.

A better start would be Python, Perl or Ruby. These are also high-level programming languages such as BASIC but their syntax is much better. For seconds you should try C/C++. These are quite hard to learn for a beginner so you should master a simpler programming language first.

Why do I always get flamed on the forums when I ask them to hack a website for me? You told me that I should ask!

You were obviously asking wrongly. First here’s an introduction to the most-used forum rule:

Hackthissite shall not support illegal activities.

To ask smart and viable questions read this:

[url] http://catb.org/~esr/faqs/smart-questions.html#intro[/url]

Now a bad example would be:

Yooz peepz yuz gotza help me 2 hax0r tHis wak0 sitE.

A good example would be:

Hello there,

I’m really new to this site. Could you please kindly explain to me how this PHP exploitation works?

Thanks in advance,
-username here-

Now this is the way to ask smart questions. Don’t ask directly about hacking, just phrase it in an indirect way.

To the light side,
IncandescentLight

Saturday, February 28, 2009

Web Hacking and Server Rooting

Web Hacking and Server Rooting

For many newcomers and beginners, your might be confused about the difference between web hacking and server rooting. They are both different things, and firstly I shall introduce you to web hacking.

Web hacking

What is web hacking? It is the exploitation of vulnerabilities within a website to deface it or gain root access of the site. A prime example is the basic and realistic missions on hackthissite.

Example 1:

Bob finds a website he doesn’t like, www.website.com . He does a routine search and finds an improperly configured .htaccess file that leads him to be able to access the /haccess area.

After finding the password from the admin/.hpasswd area he realizes it is a hash. He opens up John the Ripper, cracks the hash and gains access to the website.

Example 2:

Bob finds another website, and he wishes to deface it. He finds a comment area, and finds it is vulnerable to directory transversals. So he sets the comment name to go back 2 directories to the index.php page and inputs the defacing code he wants.

Server rooting

This is the kind of hacking you see in movies involving Nmap, Backtrack and the “Black and white command prompt screen with strange code.” Unfortunately I have very little experience in rooting as HackThisSite teaches only web hacking. This type of hacking is also much more difficult because it involves exploiting vulnerabilities in the operating system.

Example 1:

Bob finds a website. He does a port scan of it and finds the telnet port open, port 23. He brings up the command prompt and inputs in the command:

telnet www.somewebsite.com 23.

He then exploits a vulnerability in the operating system which leads him to an Administrator account with full privileges.

Know you know,
IncandescentLight

Friday, February 13, 2009

The Art of Deception: Trojan horses

An introduction

Trojan horses are programs which appear to be legitimate but contain harmful payloads such as malware or virii. Trojan horses were actively used throughout warfare, not only as the Trojan horse Troy used but food trucks concealing missiles, etc. This tactic can also be used for cyber warfare, as many military tactics can.

Setting up the payload

Now decide on what payload you wish to use. I won’t go into much detail for this, because it’s simple, but I will focus on the “deception” part. Let’s say you wish to send an EXE concealed as a picture. Once the payload has been done, the file size isn’t very correct for a standard picture file.

Standard picture files are approximately 1 MB in size. To make your Trojan larger, just add large picture or music files into the project Trojan before compiling until you get the size wanted.

Next, a mistake which inexperienced Trojan makers make. Do not use the whole installation package. Otherwise, when the trap is sprung an installation application would pop up. Something like Troy giving the enemy a “Terms of use” contract and asking him to sign it. Just save it, compile the program in a sandbox and then get the app in the /bin file of your project in the Programming Language directory.

Concealing the Trojan

Now for the introduction of another program, Icon Changer, available from http://www.shelllabs.com/ . Download the trial version and install it. Now, go to the Trojan you wish to conceal and right click it. Select the option ‘Change Icon’.

The Icon Changer window will pop out. Now, select the icon you wish to use for the Trojan. Search your C: drive for icons. For this Trojan I will use the picture icon. Just double click it and the icon will be changed. The icon will stay the same on different Operating Systems because the core icon in the file is changed.

Springing the trap

Let’s say you’re going to upload it to a website/ send it over instant messaging. There will be security feature so that you can’t send EXEs over. Now, time for a little trick. Put the Trojan into a .zip file and send it. Of course there’s a little social engineering involved.

Have a nice day,
IncandescentLight

Saturday, February 7, 2009

Hackthissite Basic 11

Hello there, a new mission has been added, Basic 11. First of all take a quick peek at what the overview of the mission is:

“Sam decided to make a music site. Unfortunately he does not understand Apache.”

This basically tells us at first glance that Sam has messed up again, probably opening up a vulnerability or exploit somewhere which can help us with the mission.

Next, taking a brief look at the page, you will find something interesting in the source. Guess he is hiding that pirated music somewhere. Now, think of this:

How would a noob web designer stash his music when he has not much of an ability to write a PHP script to search for it?

Here’s a tip if you haven’t got it so far: Think who about the song title.

Then it’s time to get to basics and find out how he stashed the music. Found it so far? Hint: Take it one step until you’re fully up the ladder.

Then you will find that you cannot go any further. Now it’s time to do a little research. How does an Apache server keep files hidden? This will lead you to another file where the vulnerability search begins.

In the file you’ll see some code. Now, look at the first sentence. If you’ve done your research fully you will find that the settings will take place only if he restarts the server. This is where he made his mistake. The first sentence dictates that the file you are viewing cannot be viewed/is hidden. So the other file there is accessible. Now comes the part where if you’ve been to a grammar school will be easy.

Analyse the sentence which supposedly should contain the password. If you haven’t found it yet, there’s no need to take an English refresher course. Just think literally.

Found it? Now where do we input it? Since Sam doesn’t understand Apache, think where the default page should be. Then enter the password.

Congratulations, you have completed Basic 11!

Cheers,
IncandescentLight

Thursday, February 5, 2009

Levels of programming languages

There are many types of programming languages, and all of them consist
of different levels. There are three levels of programming languages:

Low-level programming languages
Medium-level programming languages
High-level programming languages
Very high-level programming languages

Firstly, let’s take a look at the low-level programming languages. A low level programming language does not need a complier or interpreter to run. Low-level programming languages are divided into two categories:

First generation: These programming languages are the only languages that a processor can understand directly, and is machine code. Writing code in machine code is highly difficult with it requiring alot of attention to the details.

Second generation: Assembly is an example of low-level second generation programming languages. This is easier to program in because it is not the microprocessor's native language but rather the programmer must understand registers and instructions.

Next, the medium-level programming languages. These programming languages are comprised of high-level and low-level language features. An example of this would be C++.

Thirdly, high-level programming languages are programming languages which are easy to use, portable and hide details of CPU operations. An example of this is BASIC. These come in three execution modes:

Interpreted- Interpreted languages are read and executed directly.

Compiled- Compiled languages are transformed into an executable file form and then run.

Machine code- The source code is directly compiled into machine code.

Translated- The source code is translated into a low-level programming language syntax.

Lastly, very high-level programming languages are programming languages which are used by professional programmers to increase productivity. A line of code in a very high-level programming language would translate to many lines of code in the lower levels of programming languages.

These are the main levels of programming languages. I hope this adds to your repertoire of knowledge.

Saturday, January 24, 2009

Instant Messenger hacking

There can be many hectic things online such as rampaging perverts, spammers and script kiddies on instant messaging programs. It would be good, then, to learn a self-defence method I am going to teach you. This is a Denial of Service method which will disconnect or badly lag your opponent if used.

First thing is to understand how your text messages are sent to your messaging partner. In MSN messenger and Yahoo they are using an old method of instant messaging, which looks something like this.

Your computer->MSN/Yahoo IM server->Friend’s computer

This is like a relay, in which athletes pass the baton to they’re team members to complete the race. However, this is usually the slower method compared to direct sending, such as Skype, and it is harder to extract the IP this way.

MSN/Yahoo messengers, however, allow a direct connection if a file, being larger than 1 MB, is sent. This is so that they’re servers don’t lag up. So the connection would look something like this:

Your computer->Friend’s computer

And also this direct connection is faster. So we start up command prompt (Run>cmd) and enter the command netstat. This is a command used to find all the active connections to the computer. So to avoid complication, close down all other internet connections except the Instant Messenger. Then, send him/her any file which is larger than 1 MB. After he accepts it, enter the netstat command into command prompt and search for his IP. It should be the odd one out of all the connections, plausibly and FTP type connection or the odd-one-out IP.

After obtaining your victim’s IP address, you can write your own script or download one of my programs which I wrote from here:

http://www.filefactory.com/file/a0361gc/n/Pinger_zip

Extract it and enter the IP you wish to DOS and also the payload.

The DOS attacks heavily rely on your bandwidth as I have mentioned in my previous article here, http://www.hackthissite.org/articles/read/1016.

Wednesday, January 7, 2009

DOS attacks

DOS (Denial of Service) attacks, heard of them taking down servers, restricting traffic and even bringing down a country's communications. But, how do they work? A simple example would that being a heart. Let’s say the veins are the internet. And you are pumping blood through this tube. The blood is good traffic. What happens if you overload the veins with fat (bad traffic)? And so the heart has a failure and can’t pump blood to the other organs, a Denial of Service.

DOS attacks are one of the simplest ways to bring down a server, by overwhelming its bandwidth or computing resources. A simple DOS attack code would be:

ping {ip} -t -l 50000

In which you can just enter into the command prompt. This command sends 50000 bytes (roughly 50 kilobytes) of data to the ip, in a single packet. The -t is to ping the specified host until stopped and -l is to specify the buffer size. DOS are commonly used by script kiddies.

However, DOS attacks may crash systems by overloading their computing resources like having a heart attack. Sooner or later you have to get to a doctor or die (no offense meant). This only works in older systems due to the tremendous increase in computing power.

To prevail in a DOS attack, however, the attacker's bandwidth must be wider than the defender's bandwidth to overwhelm it with traffic, so more fat can get to the heart. This is only for singular attacks only (one on one). However, in a DDOS(Distributed Denial of Service) attack, the attacker may use zombie computers to send packets to the victim, therefore intensifying the attack. Imagine a huge clog with more than a few hundred computers streaming it.

Instead of using zombie computers, attackers may also choose to spoof their ips to that of their victim's computer. By doing so, he can send ip packets to many computers, and so the computers respond in pinging to the sender's ip. However, the sender's ip has been spoofed and so they unknowingly flood the victim. This is known as a Reflected attack.

DOS attacks can be so harmful that they may cause system damage in which the system is attacked so badly when they exploit flaws in the system, and then 'update' the device to modify it to make it permanently unusable.

DOS defense tactics

Firewalls provide protection from some DOS attacks by differentiating good traffic from DOS attacks but however a more complex attack on port 80 would have the server fully vulnerable because it is the web service port. Another way is the ISP(Internet Service Provider) noticing the attack and disconnecting the attacker.

Rerouting traffic through routers to auxiliary servers to help in filtering the bad traffic from good traffic also helps as it weighs less strain on the main server and allocates computing resources. Another way is to hide the host. The best foolproof way, however, is to plug out the internet cable and wait it out.

DOS attack tools:
FATA-jack
HyperWRT
MDK2

Recent famous DOS attacks include:

The DOS attack of Georgia weeks after the Russian-Georgian war. This caused multiple Georgian servers to be shut down and overloaded communications.

In July 2008 4chan received a 10gbps attack and suffered 2 weeks of downtime.

In September 2008 Digg and Gamesurge went under heavy DOS attacks and became offline for 6 hours.

Peace out,
IncandescentLight

*This article was also published in hackthissite under my user IncandescentLight