Computer Hacking question

[Master_Ghost_Knight]

@MGK

"Know how a computer works"? What do you mean?

Take a simple example, when you got in to the LOR site you most probably haven't logged in, that task was already done. Yet if you go to another computer you are not logged in there, this ofcourse because this website doesn't know who is using the computer. Surpisingly enough neither does it know which computer is being logged in, sure you can try to track it via IP, but if you are in a sub-network (which is most popular now a days) there can be several computers connect all of them with the same external IP.
The method by which the website knows who you are and that it should automatically log you in is by creating a coockie file with a specific encripted key and storing it on your computer and associated with your user account (the key can have many forms of validity but I will spare that for the moment), the hope of this is that only you use that user account and therefore you are the only one with acess to that key. Thus if you have that key the website will simply assume that it is you without asking for your account details.
Now there are 2 ways by which I can acess to your account, the first is by brute force trying to generae all possible keys and trying them until I manage to hit on the right one (takes to long), the other is by having a worm on your computer that sends me your coockies or some other method by which I can get acess to your coockies. One I have your coockies I can just use them and walk right in to your account (many low security pages are hackable by this process).
To avoid being hacked by this process is to start making an habbit of allways logging out and deleting the coockies, so that they can not get your keys and even if they get your keys while you are browsing the act of logging out deals away with all the locks so that no keys will work.

Another popular tool is traffic jaming. The internet is made to be a versatile comunication system, and the way to best meet the demands of a efficiecy is tosmartly re-route incoming communication to the right destinations and let the destination figure out what to do with it. The destination computer must issue a processor slot to deal with your connection and decide what to do with it (i.e. it must stop doing something else to deal with it), the problem is that it can not distinguish if the message comes from a legitimate user or from a user who just wants to fuck with you. Now if there are millions of users trying to fuck with you and you have to atend to each and every single one of them (even if only until it realises if it is a legitimate user or not) you will eventually run out of processing power to deal with all the connection and (legitimate or not) they all just start to get ignored.

A more old school example is the pay phones, altough they don't work like this anymore it was a popular hackable asset. The phone system is a comunication line best suited to transmit signals in the human audio range, and the way by which you would tell the central to which other phone it should re-route is by pressing a key that would produce a sound on a specific frequencie (this on the same line as you speak). A machine on the other end of the line would "hear" which frequencie was being ranged and translate it into numbers that where being pressed in order to make the proper re-route. The phone would only allow the keys to produce tones (and produce a tone that says that it has quarters in it) when you put quarters in it, but there was nothing that stopedyou from pre-recording the tones and play them on the microphone. The machine on the other end can't tell the difference between the sound being played by the phone or on the mic because they use the same line, so it just assumes that you payed the quarters and establishes the connection for free.

There are a million examples of this.

 

[)O( Hytegia )O(]

*HACK THE PLANET*

:roll:

Come on, mentions of hijacking user accounts without even talking about Spoofing, Token-based hijacking, or remote network monitoring protocols? Not a slight about SQL exploitation or the like?

Spoofing is, perhaps, the greatest tactic you could use in that situation other than a simple worm (and a Worm is a self-executing malicious program, usually with a design to infect an entire network of related persons via email, messages, etc.), and it is very difficult to defend against if I boot up BackTrack 5 and decide that your connection is better suited for someone of my stature and technical know-how.

I could simply ARP Spoof you and make your computer think that I'm the Router, and make the Router think that I'm your computer. Then run WireShark and just sit in the middle while your packets float around in Narnia for me to take, and capture the passwords out of.

As for typical MAC/IP Hijacking:

ifconfig wlan0 down
macchanger -m [your MAC address] wlan0
wlan0 successfully changed from [Old MAC Address] to [your MAC Address]
ifconfig wlan0 up

Then, it is simply a matter of breaking the router - that's the harder part of it all. WEP is cake, WPA/WPA2 requires Brute Forcing or other cool tricks to desalt the traffic flow - but it can still be done.

Now, once I have assigned myself your IP address and Spoofed your MAC address, I just connect to the router and kick you off with a resumed session. Your network access is now mine.

------------------------------------------------

There are so many tricks of the trade out there that it's ridiculous to only stop that conversation by saying "Worms" and "Cookies." Worms and Cookies are only the beginning to what's capable with your computer. Without writing any programs of your own, you can simply manipulate it to grant you access depending on your knowledge of networking topologies and the stupidity of whoever was setting up the router.
._.

Look into Backtrack 5 - NOW IN GNOME!

 

[Master_Ghost_Knight]

I just gave well known simply understandable examples on how knowing how stuff works enables you to know how to hack, and somethings that he can test for himself without to much sofistication.
Ofcourse there are way more sofisticated methods that envolve decoding algoritms and emulator platforms to break trough flimsy security, you can have key recorders on public computers so that unsuspectd victims using it get their session recorded, and others not so much sofisticated like simply asking the user for their password and expect them to give it to you (some people do fall for that just by making an interface that looks legit, many e-bank accounts are stolen this way).

 

[CosmicJoghurt]

@MGK

I'm already familiar with all of that. I was hoping you meant, with "how a computer works", more technical stuff. Low-level code... getting deeper into the OS and knowing what the fuck goes on there. I was mistaken

 

[Master_Ghost_Knight]

@MGK

I'm already familiar with all of that. I was hoping you meant, with "how a computer works", more technical stuff. Low-level code... getting deeper into the OS and knowing what the fuck goes on there. I was mistaken

That to. I have suspended my topic on introduction to digital systems due to aparent lack of interest, where I explain the theory behind how computers work from the ground up, you need to know some math tools to do the job but I guess that throws people off.
I'm not very proficient in OS, I only have some lights like the filing systems and some technics to optimize ressources. And that can be used for example to hide information in your hard drive that you couldn't get while using the system the way it was designed to, and how to use the system to get information that most people assume you got rid of but is in fact still there, when you delete a file the OS doesn't realy goes over that section of memory an writes it all out to 0 but simply raises a flag saying that you can write stuff over it (so if you have kidy porn and the police knocks at your door and you hit the delete button to erase the evidence, they can take your hardrive look at it and still find the evidence to encriminate you).

But don't get swayed but allot of the movies, there is allot of the type being portrayed as a guy looking at ones and zeros flashing at the screen in fancy graphics and being able to tell what the hell is goin on and that is just bullshit. The computer is much to fast for you to be able to see anything, much less being able to translate the ones and zeros and figuring it out into machine instruction and out of that low level instructions be able to figure out what exactly the machine is doing on the spot. You can do some hacking looking at raw low level code but it generaly takes alot of time to study the code, that simply can not be done on the spot and without going trough translation tables.

And the example of the phone is a low level solution, it is possible due to the fact that they made to share the line to send instructions to machines and transmite voice and both work in the audio range which enables you to easily record, this deals almost directly with the mechanics of the process.
Of course I don't really know what you know, and I didn't knew that you already knew those examples. I'm sorry that I can't give you more examples closer to the OS level because I'm not very good at OS and what I do know about it I am not confortable enough to share.

 

[CosmicJoghurt]

Oh, the movies. They're a fuck lot of fun to watch, but of course they're usually bullshit. Mockup laptops with cool keyboards... "surfing" through the computer files through a GUI that resembles a fucking spaceship

Except for Matrix: Reloaded. It has a part where trinity nmaps the server, finds out a vulnerable service and uses a fake exploit (sshnuke, the only bullshit thing on there) to get the root password, then uses ssh to connect and BAAM disables evil shits.

 

[drento]

Well, you really do not have to know anything technical to be even considered hacking as even plainly looking over when someone is typing his password is already considered some form of hacking but there are more to it than what meets the eye.

But to be able to gain access to someone's account, you have to persuade them more, than know how to do it as that would be the most basic step with making it work.

 

[Prolescum]

Well, you really do not have to know anything technical to be even considered hacking as even plainly looking over when someone is typing his password is already considered some form of hacking but there are more to it than what meets the eye.

That isn't hacking by any real definition; see page one.

But to be able to gain access to someone's account, you have to persuade them more, than know how to do it as that would be the most basic step with making it work.

That is social engineering.

 

[Zephemus]

As much as I know about computers, hacking and the hacker culture, hacking is merely the practice of finding alternate ways to interface with a system. That is to say, finding a way to make a system work that isn't the intended method designed by the developer.

It's just plain a skill, like knowing how to fight. It's what you do with it that makes you either chill or a dick. Don't be a dick.