#Read(t)#
The only way of finding the limits of the possible is by going beyond them into the impossible
Loading...
$History Of Hacking$
A history of hacking
Hacking has been around for more than a century. In the 1870s, several teenagers were flung off the country's brand new phone system by enraged authorities. Here's a peek at how busy hackers have been in the past 35 years.
Early 1960s
University facilities with huge mainframe computers, like MIT's artificial intelligence lab, become staging grounds for hackers. At first, "hacker" was a positive term for a person with a mastery of computers who could push programs beyond what they were designed to do.
Early 1970s
John Draper makes a long-distance call for free by blowing a precise tone into a telephone that tells the phone system to open a line. Draper discovered the whistle as a give-away in a box of children's cereal. Draper, who later earns the handle "Captain Crunch," is arrested repeatedly for phone tampering throughout the 1970s.Yippie social movement starts YIPL/TAP (Youth International Party Line/Technical Assistance Program) magazine to help phone hackers (called "phreaks") make free long-distance calls.Two members of California's Homebrew Computer Club begin making "blue boxes," devices used to hack into the phone system. The members, who adopt handles "Berkeley Blue" (Steve Jobs) and "Oak Toebark" (Steve Wozniak), later go on to found Apple Computer.Early 1980s Author William Gibson coins the term "cyberspace" in a science fiction novel called Neuromancer. In one of the first arrests of hackers, the FBI busts the Milwaukee-based 414s (named after the local area code) after members are accused of 60 computer break-ins ranging from Memorial Sloan-Kettering Cancer Center to Los Alamos National Laboratory. comprehensive Crime Control Act gives Secret Service jurisdiction over credit card and computer fraud.
Two hacker groups form, the Legion of Doom in the United States and the Chaos Computer Club in Germany.
2600: The Hacker Quarterly is founded to share tips on phone and computer hacking.
Late 1980s
The Computer Fraud and Abuse Act gives more clout to federal authorities.
Computer Emergency Response Team is formed by U.S. defense agencies. Based at Carnegie Mellon University in Pittsburgh, its mission is to investigate the growing volume of attacks on computer networks.
At 25, veteran hacker Kevin Mitnick secretly monitors the e-mail of MCI and Digital Equipment security officials. He is convicted of damaging computers and stealing software and is sentenced to one year in prison.
First National Bank of Chicago is the victim of a $70-million computer heist.
An Indiana hacker known as "Fry Guy" -- so named for hacking McDonald's -- is raided by law enforcement. A similar sweep occurs in Atlanta for Legion of Doom hackers known by the handles "Prophet," "Leftist" and "Urvile."
Early 1990s
After AT&T long-distance service crashes on Martin Luther King Jr. Day, law enforcement starts a national crackdown on hackers. The feds nab St. Louis' "Knight Lightning" and in New York grab Masters of Deception trio "Phiber Optik," " Acid Phreak" and "Scorpion." Fellow hacker "Eric Bloodaxe" is picked up in Austin, Texas.
Operation Sundevil, a special team of Secret Service agents and members of Arizona's organized crime unit, conducts raids in 12 major cities, including Miami.
A 17-month search ends in the capture of hacker Kevin Lee Poulsen ("Dark Dante"), who is indicted for stealing military documents.Hackers break into Griffith Air Force Base, then pewwwte computers at NASA and the Korean Atomic Research Institute. Scotland Yard nabs "Data Stream," a 16-year-old British teenager who curls up in the fetal position when seized.
A Texas A&M professor receives death threats after a hacker logs on to his computer from off-campus and sends 20,000 racist e-mail messages using his Internet address.
In a highly publicized case, Kevin Mitnick is arrested (again), this time in Raleigh, N.C., after he is tracked down via computer by Tsutomu Shimomura at the San Diego Supercomputer Center.
Late 1990s Hackers break into and deface federal Web sites, including the U.S. Department of Justice, U.S. Air Force, CIA, NASA and others. Report by the General Accounting Office finds Defense Department computers sustained 250,000 attacks by hackers in 1995 alone. A Canadian hacker group called the Brotherhood, angry at hackers being falsely accused of electronically stalking a Canadian family, break into the Canadian Broadcasting Corp. Web site and leave message: "The media are liars." Family's own 15-year-old son eventually is identified as stalking culprit.Hackers pierce security in Microsoft's NT operating system to illustrate its weaknesses.Popular Internet search engine Yahoo! is hit by hackers claiming a "logic bomb" will go off in the PCs of Yahoo!'s users on Christmas Day 1997 unless Kevin Mitnick is released from prison. "There is no virus," Yahoo! spokeswoman Diane Hunt said. 1998 Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad, costing $1.3-million for 30 seconds, shows two Russian missile silo crewmen worrying that a computer order to launch missiles may have come from a hacker. They decide to blow up the world anyway. In January, the federal Bureau of Labor Statistics is inundated for days with hundreds of thousands of fake information requests, a hacker attack called "spamming."
Hackers break into United Nation's Children Fund Web site, threatening a "holocaust" if Kevin Mitnick is not freed.
Hackers claim to have broken into a Pentagon network and stolen software for a military satellite system. They threaten to sell the software to terrorists.
The U.S. Justice Department unveils National Infrastructure Protection Center, which is given a mission to protect the nation's telecommunications, technology and transportation systems from hackers.
Hacker group L0pht, in testimony before Congress, warns it could shut down nationwide access to the Internet in less than 30 minutes. The group urges stronger security measures.
As the cost of hacking attacks continues to rise, businesses have been forced to increase spending on network security. However, hackers have also developed new skills that allow them to break into more complex systems. Hacking typically involves compromising the security of networks, breaking the security of application software, or creating malicious programs such as viruses.
The most popular forms of network hacking are denial of service (DoS) attacks and mail bombs. DoS attacks are designed to swamp a computer network, causing it to crash. Mail bombs act in a similar fashion, but attack the network's mail servers. When eBay was attacked in February 2000, its Web server was bombarded with fake requests for Web pages, which overloaded the site and caused it to crash. Network hackers also try to break into secure areas to find sensitive data. Once a network is hacked, files can be removed, stolen, or erased. A group of teens in Wichita, Kansas, for example, hacked into AOL and stole credit card numbers that they then used to buy video games.
Application hackers break security on application software—software including word processing and graphics programs—in order to get it for free. One way they gain access to software that requires a serial number for installation is by setting up a serial number generator that will try millions of different combinations until a match is found. Application hackers also sometimes attack the program itself in an attempt to remove certain security features.
Hackers that create viruses, logic bombs, worms, and Trojan horses are involved in perhaps the most malicious hacking activities. A virus is a program that has the potential to attack and corrupt computer files by attaching itself to a file to replicate itself. It can also cause a computer to crash by utilizing all of the computer's resources. For example, e-mail systems were inundated with the "ILOVEYOU" and the "Love Bug" viruses in May of 2000, and the damage to individuals, businesses, and institutions was estimated at roughly $10 billion. Similar to viruses, logic bombs are designed to attack when triggered by a certain event like a change in date. Worms attack networks in order to replicate and spread. In July of 2001, a worm entitled "Code Red" began attacking Microsoft Internet Information Server (IIS) systems. The worm infected servers running Windows NT 4, Windows 2000, Windows XP, and IIS 4.0 and defaced Web sites, leaving the phrase "Welcome to http://www.worm.com/ Hacked by Chinese!" Finally, a Trojan horse is a program that appears to do one thing, but really does something else. While a computer system might recognize a Trojan horse as a safe program, upon execution, it can release a virus, worm, or logic bomb.
The most popular forms of network hacking are denial of service (DoS) attacks and mail bombs. DoS attacks are designed to swamp a computer network, causing it to crash. Mail bombs act in a similar fashion, but attack the network's mail servers. When eBay was attacked in February 2000, its Web server was bombarded with fake requests for Web pages, which overloaded the site and caused it to crash. Network hackers also try to break into secure areas to find sensitive data. Once a network is hacked, files can be removed, stolen, or erased. A group of teens in Wichita, Kansas, for example, hacked into AOL and stole credit card numbers that they then used to buy video games.
Application hackers break security on application software—software including word processing and graphics programs—in order to get it for free. One way they gain access to software that requires a serial number for installation is by setting up a serial number generator that will try millions of different combinations until a match is found. Application hackers also sometimes attack the program itself in an attempt to remove certain security features.
Hackers that create viruses, logic bombs, worms, and Trojan horses are involved in perhaps the most malicious hacking activities. A virus is a program that has the potential to attack and corrupt computer files by attaching itself to a file to replicate itself. It can also cause a computer to crash by utilizing all of the computer's resources. For example, e-mail systems were inundated with the "ILOVEYOU" and the "Love Bug" viruses in May of 2000, and the damage to individuals, businesses, and institutions was estimated at roughly $10 billion. Similar to viruses, logic bombs are designed to attack when triggered by a certain event like a change in date. Worms attack networks in order to replicate and spread. In July of 2001, a worm entitled "Code Red" began attacking Microsoft Internet Information Server (IIS) systems. The worm infected servers running Windows NT 4, Windows 2000, Windows XP, and IIS 4.0 and defaced Web sites, leaving the phrase "Welcome to http://www.worm.com/ Hacked by Chinese!" Finally, a Trojan horse is a program that appears to do one thing, but really does something else. While a computer system might recognize a Trojan horse as a safe program, upon execution, it can release a virus, worm, or logic bomb.
#Hacking Accessing Tools#
Nmap
I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.
Nessus Remote Security Scanner
Recently went closed source, but is still essentially free. Works with a client-server framework.
Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).
SuperScan
Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.
If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.
p0f
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:
– machines that connect to your box (SYN mode),– machines you connect to (SYN+ACK mode),– machine you cannot connect to (RST+ mode),– machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.
Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.
Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
Yersinia
Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).
The best Layer 2 kit there is.
Eraser
Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.
An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.
Cain and Abel
My personal favourite for password cracking of any kind.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
NetStumbler
Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
Verify that your network is set up the way you intended.
Find locations with poor coverage in your WLAN.
Detect other networks that may be causing interference on your network.
Detect unauthorized "rogue" access points in your workplace.
Help aim directional antennas for long-haul WLAN links.
Use it recreationally for WarDriving.
