99frshipfrmon100rebatedouble

                                              HOW HACKERS HACK(Part I - The Basics)

                                   An Article By GAURAV KUMAR (ethicalhackers@yahoo.com)

Hello friends!
This article is part 1 of 3  that will teach you the basics of hacking. This tutorial is meant for those who wanna know how hackers hack. In this article I will tell you the techniques used by hackers and also some counter methods that should be taken to avoid being hacked. Please note that this article is to be used only for educational purpose and should not be misused. The author will not be responsible if the article is misused.

What is hacking and Who is a hacker?

There are many definitions of a hacker. Originally it meant a person who has in-depth knowledge of computer working but now this term is used for a person who gets unauthorized access to a computer. Note that in case DoS (Denial of Service) attack the hacker do not get illegal  access to computer data but crashes computer so that it can not be used. A hacker can be 10 year old boy or a 60 year old man. There are many so called hackers (actually known as script-kiddies) who use ready made tools to hack. An ethical hacker is one who hackers target computer for ethical purpose like telling the administrator vulnerabilities in the their network.

Basic process of hacking.

The first step of hacking is to select a target computer. And then use port scanner to get open ports and then using the banner information to know daemon (service) running on target computer. Then searching a suitable exploit and on executing that exploit code remote computer will be hacked. Note that it is always not necessary to use exploit code (like in case of netbios hacking click here for more information). Banner 10000011

Now we will learn the actual process used by hackers.

The first step is to get the ip address of target computer. (click here to know more about ip address). Though ip address is not always required but most of the exploit code need ip address instead of host name. To know ip address of a remote computer we can use ping command. Let suppose you wanna know the ip address of a web site www.something.com you will issue command ping www.something.com at the ms dos prompt. You will get something like this
Pinging www.something.com  [127.0.0.1] with 32 bytes of data. In this case 127.0.0.1 is the ip address of www.something.com
Please note that you can give any host name as parameter to ping command it need not be a web site. For example, you can give computer name of one of your LAN computer as a parameter (host name) to ping command.

Now that the hacker has ip address of the target computer he will use a port scanner to get open ports. A port is a communication channel through which computers transmit and receive data. For example when you type www.hotmail.com in your web browser your computer connects to port number 80 of the web server of www.hotmail.com There are two types of port TCP and UDP. TCP provides reliable but slow communication and UDP provides fast but unreliable communication. Each service has its own assigned port e.g web server runs on port 80, outgoing mail server (SMTP) use port 25 and so on. Please note that it is not necessary that these services or any other service use its own assigned port..it can be modified to use any port.

Now we come to port scanning. There are hundreds of port scanners available on internet. Most of these scan only tcp ports..only few scan UDP ports. We must know that if a UDP port scanner is showing that a particular port is not open on a target then it is not always true. The port may be open but UDP communications being not reliable UDP port scanning is not 100 % correct especially scanning remote computers (not on LAN). Now a days we have many half scanners. Actually what a port scanner does is that it connects to port 1 (user defined) of remote computer if it is available to connect successfully it will show that the port is open and then it will try to connect to port 2 and so on. Some good scanners (like NSCAN) scan many ports simultaneously using threads. Hackers must understand that most of firewalls can detect this type of port scanning and if port scanning is detected firewall can block ip address of attacking computer and port scanning will be stopped. But in case of half-scanners the port scanner does not connect fully to the target computer but send a SYN tcp packet (used to initiate connection ) and if the target computer sends a affirmative answer the port is open. Now that port scanner has not actually connected to target computer this type of port scanning can be detected only by advanced firewalls. Let us assume that port scanner shows port 21, 25 and 80 are open on a target computer. Now the hacker can assume that target computer is running FTP (port 21) email (port 25) and a website (port 80)

Now let us try to get some more information about the target. As the target computer is running FTP service we can connect to port 21 of this computer. Let me assume a hypothetical ip address 260.195.136.155 of target computer. We will use telnet program to connect to this computer. Let us run command telnet 260.195.136.155 21 at the ms dos prompt. If we are able to connect successfully we will get the welcome banner like SOMENAME FTP SERVICE  v 2.3 WELCOMES YOU . This SOMENAME is the name of company like Microsoft and v 2.3 tells that target computer is running version 2.3 of the Microsoft ftp server program. Similarly we can connect to port 25 to get welcome banner of EMAIL service. In case of port 80 (HTTP) we can simply type some  name and press enter twice (HTTP requires this) to get some response from the server. Carefully look at the bottom of the reponse. You will get something like this 'somename' running on port 80 . This somename is generally apache or IIS (both are very popular web servers).
To get name of the operating system running on target computer hacker can use NMAP (www.insecure.org/nmap)- a very efficient port scanner that can detect remote operating system name also. Also if port scanner shows that port 139 is open we can deduce that target computer is running on windows.

Now we come to exploits. Now the hacker will try to search exploit code for the web service (port 80)...(He can choose any of service but out of these three services web (http) service has more vulnerabilities than any other service ). There are many computer security related web sites that have exploit code like neworder and packetstormsecurity and many others. Note that most of the exploits code are written using C language on UNIX like (LINUX) platform so the hacker must have linux installed on his attacking computer. He may have to modify the exploit code if that is written on a different platform for example if a exploit code is written on FreeBSD platform the hacker may have to modify code to be able to compile and run the code. Exploit codes are of two types. One that allows attackers to execute code of their choice and other one that allows that to launch DoS attack. In case of DoS attack target computer crashes so that it can not be used. It has to be rebooted to be able to recover.

Before I end this article I must give you some tips on how to avoid being hacked.

1) Disable all the services that you are not using. For example- by default windows xp comes with UPnP service automatically enabled on startup. You should disable this service as it has 3 critical vulnerabilities. You can use netstat comamnd.

2) Update your operating system and services (like webservers, ftp servers etc). If you are using windows you should visit www.windowsupdate.com and update it.

3) Have a good firewall installed. Make sure that you set your firewall to block incoming connections from untrusted networks.

4) Enable logging. This will help you to trace the hacker in case your computer is hacked.

Your comments are most welcome. Send your comments to ethicalhackersa@yahoo.com
 
  laptop100rebate99ship468x60