This page has been robot translated, sorry for typos if any. Original content here.

Theoretical bases of hacking

There's no respect for you, man, if you decided to read my article to raise your level of knowledge)). Perhaps it is so low that you do not understand even those articles that are on the portal under the label "Beginners". In this case, I want to say that you are a lamer, and do not think that you will become cool after reading this and other articles. And you will have to get used to the status of "lamer", you will be such a long time. But do not blush, it went through everything, but you have to strain. My name is DrWeb, I will help you to pass that barrier through which in my time)) it was much harder to get through. Take an explanatory dictionary and read carefully, re-read many times, practice. Good luck!

Run the commands
Now you are sitting in Windows. Many programs are console, or terminal, which does not allow you to enjoy their interface and functionality right after the silk icon. To do this, there is a program that has its own commands designed to work with programs and data on the computer. For Windows XP, this is the cmd.exe program located in the Windows system files directory in the system32 subdirectory. For Windows 98, it's command.com, located at the root of the OS drive. Quick start of the program can be done next. Ex: Start - Execute - Enter without quotes "cmd" - ok. After the startup, the command line (console, terminal, cmd) will open. To find out what commands are available, type help. To obtain information about a particular team (its format, parameters), we supplement the command of interest to us with the symbols / ?. For example, copy /? or help / ?. If the parameters in the command format are specified in square brackets, then they are optional. Let's look at the help command. We introduce help / ?. The format will appear on the screen: HELP [command]. This means that the help command can be executed without a parameter, just: help. And if we want to get help on some cmd command (for example, cd), then we need to enter: help cd or help help. Now you must learn how to freely work with files from the command line. The obtained knowledge for this is enough. I can only say that launching an executable file from the current directory (it is always shown on the screen before the> sign, for example, C:>) is done simply by entering its name, without commands, and launching the application. file not from the current directory is performed in the same way, only with the full path specified: c: \ windows \ system32 \ calc.exe. If the specified file or directory names contain spaces, then the file path must be in double quotes: "c: \ documents and settings \ qwe".

The whole truth about IP
You ask yourself about the IP address: why it is assigned, where it registers, how to find out what can be done, knowing it, what can they do to me after hooliganism on the web, what should I do not to be recognized? If not, then skip this top, otherwise read it, but bear in mind that I will not explain to you the subtleties of the protocol.
The IP address is needed for network data transmission. You surf in the internet, download software, talk on ace, email etc - in all these cases data is transferred, and this can not be done without a unique identifier - ip-address. Why unique? Yes, because he is the only one on the Internet in a certain second, and know that while you are in the internet, for example, under the IP address 81.123.200.4, then there is no one else with you except you.
You assign an IP address immediately after connecting to the Internet, no matter how you do it: ISDN, ADSL, Dial-Up, Wi-Fi, GPRS. In Europe, the most common method of connection is dialup, i.e. through a conventional modem and a telephone line (not to be confused with ADSL). You connect, and you get an ip. For you, this IP is now external (but often it is not external to the Internet, ie in the internet you are under another IP). To determine ip, given by the provider it is possible, typing a command in cmd: ipconfig. Next to the line "IP address ....." shows your IP.
If your IP is dynamic (as usual), then at each connection to the provider the latter gives you a new ip, and the old IP can then belong, for example, to your neighbor. Each newly acquired IP is registered with the provider in accordance with the time, and not by what is ticked under your ear, or on the monitor screen, but with the clock that they have. Also in the registration log the number of your phone is entered (the qualifiers are now on all providers, and it is impossible to deceive them). Well, it's okay, it records the time of disconnection from Ineta, i.e. since when do you not own this ip. This is the minimum that is logged in the log of the gap when dial-up connection. As you can see, there is everything to find out if you at any given time climbed to any site, as well as the full home address and passport data of the person whose name the phone was registered from which there was a "call to the Internet."
Now about how to change your IP. You can not change your IP, otherwise the Internet would have a big problem that would lead to the devaluation, if not create a new protocol. But you can make sure that in the logs of the servers you visited, it was not your IP (unconditionally, for those same ISP logs that are saved when you connect to an Internet, it does not work). This can be done with the help of proxy (proxy) or sockets (socks). You need a proxy server. A program preconfigured to use a proxy (for example, your browser) first connects to a proxy server, it executes your command (for example, download a file, and downloads it first to itself), and then sends you the result of the command (in our case it sends you file). And in the logs of the site from which the file was downloaded, the IP address of the proxy server remains, and not yours. With sockets everything is the same. The problem is that when using proxy / socks (unlike VPN, where traffic is encrypted), a huge loss in time. To show you the difference between a proxy and a sux, I'll give you a clipping of your post in the forum:
"
Proxy and Sox do not make each other a competition, but perfectly combined together. In a situation where it's necessary to go anonymously to a page without a hemorrhoid, you can simply register a new proxy in the browser settings, or even use CGI-PROXY. If you need to achieve anonymity for a long time, and not partial (only a browser), and complete, it is more convenient to configure the SOXS at once for several applications and include them as needed. Also, if there is a network application that does not support the PROXY configuration, the only output is SOCKS.
Additional information about anonymity and setting up proxy and socks here:
http://antichat.ru/txt/old/anonumus.shtml
http://antichat.ru/txt/old/socks.shtml
".
Now let's talk about how to learn the IP of your enemy. If your enemy's computer is used as a web server on the Internet (it has an HTTP server installed) and has its own registered domain name (ie it can be accessed not just by IP, but by name, for example, www.hackzona .ru), then you can find out its IP by running the command: ping www.hackzona.ru. If your enemy does not belong to such a thing, then you can do it with a simple soap trojan: you configure the Trojan server to send the enemy IP to your email, slip it to the victim as soon as the victim launches into the Internet after launching the Trojan, so immediately on your soap will send the desired IP victim. Just do not forget that the IP can be dynamic, and the victim may already be offline when you try to hack it. There are, of course, more rational ways to learn IP, but they are complex to use them at this stage of training.
Knowing the victim's IP, you can hack it. Burglary refers to access to victim files. I can not help but mention hacking with the help of Trojans (not soap) and scanners of shared resources. Trojans: you configure the file server using a configurator file, so that when you run it, the first one sends to the specified e-mail of the victim's IP; the server is given to the victim, it launches the file, goes online; you receive a message with the victim's IP address, run the client file, specify the stolen IP address in the connection parameters, connect and manage the victim's computer (the options are limited to the functions of the trojan). Shared resources (RR). Many people who have a local network open access to files so that they can be managed from another computer on the local network. But if access is opened, then it opens for any computer on the Internet! That is, anyone can connect and work with other people's files. To limit this access, passwords are set, but often they are not set :) To detect shared resources, there are scanners. The most convenient and fast is at the moment Essential Net Tools. After finding the PP in this program, you can immediately connect them. A free, but slow analog is XSharez. Also there is Legion - an old man who scans faster than XSharez, but is paid, like Essential Net Tools, but does not have the function of connecting PP. These two methods of hacking, although they are still practiced, are considered not relevant. I'll tell you about the third method. It is to use holes in the software. As it is a question of hacking through the Internet, I will say the following. Programs, drivers, system modules that use the network may have vulnerabilities. Silly example, but you can understand: the Internet browser "Ivanovets" when processing the string received from the socket (which is always in the connection standby mode) and having the exit command in the body, goes into the Windows command line command execution mode (that most cmd). The browser producers did not take this into account, but this is a bug. We, knowing this vulnerability in advance, make such a request that we write the following in the transmitted line instead of the supposed service commands of the browser "Ivanovets": exit; dir. The browser will see exit ;, go into a different mode and execute the dir command line command. Thus. we will get a list of files and folders in this victim's computer directory through a hole in the browser "Ivanovets". And the line exit; dir, which we made for hacking, will be called an exploit. The truth is usually published in the form of programs that immediately give you everything: connect, send commands, process the response, etc. The rivals for the most serious vulnerabilities of the popular programs are distributed, in addition, in the compiled and ready to run in the Windows operating system. But it is accepted that all the links are distributed in the form of source code, which must be precompiled. Compilation, too, will cause trouble if the authors of the link are specially making mistakes in some places and you do not know the language on which the exploit is written. Splits are most often written in C / C ++, PERL, PHP and many other languages, depending on the application of the layer. I think now it's time to try something hack. In WinXP <= SP1, as well as some versions of Win2000 and WinNT, there is a serious vulnerability, which opens a complete remote access to user files. Under this vulnerability, the exploit kaht2.exe was written. At the time, find the documentation for kaht2, download the exploit itself and try to hack it with it.

And what about hacking sites?
The site is the same computer on the network, which is also physically located somewhere. Your computer can also be there if you install an HTTP server on it (the program is such), and register a domain name (this condition is not necessary, since in the absence of a domain name you can go to the site by external IP). Here you are, sobsno, and received almost the whole answer to the question. But the number and variety of software on the sites is much larger, hence the likelihood of having "holes" is also greater. On this, probably, about hacking through the bugs made by software vendors, I'll finish and tell you about the bugs that users allow themselves, while becoming a victim of hacking. To make it clear, I'll first say that any software directly interacts with the user, while often allowing you to create something of your own. This is the "own" users just can not create humanly, without holes. There are many moments, but I will focus on the most frequently used. HTTP-servers, depending on their capabilities, allow the use of special scripts on the sites: CGI (they can be written in almost all languages, depending on the implementation of their support by the server), PERL, PHP, ASP and many others. These scripts are slyly written by users, and hackers, roughly assuming what is written in them (because they can not be viewed by normal downloading without the rights), send these scripts ordinary queries, slightly modified for various purposes. That's about it, and he writes a lot of articles on the portal, so I'm not going to tell you about the details.
Well, the last method, which is called "brute force" (brute force). This is a search of passwords for any service that provides the user with a certain access. For example, an FTP server is installed on the computer, which is kept only as needed by the administrator. FTP-server provides access to files on the computer, only the administrator knows the password for the login. You take any FTP bruteforter with a large password list (list), and it starts consistently, one by one, to select a password for FTP.

How do e-mail accounts crack?
To do this, you first need to understand the principles of e-mail. To process messages, an SMTP server is used - a program that anyone can also install. This means that to hack a mailbox (the ability to manage the emails of someone else's account) it is enough to hack the site on which the SMPT server hangs (if the account database is located there). This is the best way. The minus is hard. The second way is to select passwords to the account (brute force, bruteforce). It involves a sequential search of passwords. The plus of this method is that the degree of probability of hacking is directly proportional to the value of the dictionary, which is busted. Minus - the time that goes to the brute force, directly proportional to the value of the dictionary)). The third, most rational way is to steal cookies, if such are used on the site. Most users do not use e-mail programs, but work with mail directly on the mail server's site, using the functions of managing letters, implemented scripts, or using mailers with included HTML-code. Here, the hacker is helped by the XSS vulnerability of the site. I wrote about them in the article "XSS to newbies: the purpose of XSS attacks" (http://www.hackzona.ru/hz.php?name=News&file=article&sid=5005&mode=&order=0&thold=0). On how to implement the cracking of akka in the third way, I will quote a clipping of my post from the forum:
"
If this cookie is created by the authorization system on the site, in most cases it stores the md5 hash of the account password. With the help of such tools as md5inside, johntheripper it is possible to crack this hash (bruteforce method: a normal password is taken from the dictionary, then an md5 hash is generated and compared with the available (falsified) hash).
But this is done to find out the password; since it, as a rule, coincides with the passwords of other services belonging to the same administrator, it is possible to acquire not only the account.
If you just need to fetch an acc, then you form a stolen cookie on your computer, and the next time you visit the site, you already have the rights of the administrator.
To avoid any unnecessary questions, I'll say in advance ...
-to edit the cookies of the IEC CookiesView;
- Before editing them, log in to the site under your acc (in the Internet Explorer browser);
-in a given prog this cookie, insert a hash, save, go back to IE. All.
".
One more variant of breaking soaps - SI (social engineering) is practiced, but it is more swindle than hacking, so we will not consider it.

How are ICQ-yuiny hacked (steal, steal)?
I do not want to raise this topic, tk. there are a lot of articles on it, but for a complete article I'll just briefly tell. 1 way: hacking ICQ server. It is not acceptable due to inaccessibility, but I can not exclude it. 2 way: bruteforce. Here everything is analogous to cracking soaps, just consider 2 options. 1) you can go through a lot of passwords to one yuinu; 2) you can go through one (several, few) passwords to a lot of yuinov (if you are not pursuing the goal of hacking one particular specific yuin). The third method is simple, it does not require any high cost and the most affordable. (Warning: Applicable only to people who have more than 5 digits in the room, i.e. starting with six digits!). When registering a new yen, the "primary email" (Primary mail, PM) is indicated. It is very important, because in case of losing the password from the user, the user can always make a retrieve (a new password is generated and sent to PM). You can do this on the official ICQ site. So, the third way is to crack the primari soap. Also, many of the world's postal services delete soapboxes if they are not used for a long time. So, if such a PM does not exist, you can register it (and if this service does not exist at all - you can raise it for a while), and then make a password retrieval.

Forums, chat rooms, guest books
Forums, chat rooms and guest books (further - just forums) are part of the site, and, therefore, hacking the site, you will get access to the forum. This was the first way.
If under the hacking of the forum you understand simply stealing one another's account, then than hacking the whole site, it's easier to steal the cookies of this account, as in the case of the theft of cookies in the case of hacking e-mail. If you steal the cookie of the forum administrator, then you will have the rights, respectively, of the Admin (full management of the forum). Do not forget to reread again about breaking the soap by stealing cookies.

What is DoS / DDoS? What is the difference?
DoS - the abbreviation of Denial of Service, translates as "denial of service." Он заключается в использовании DoS-уязвимостей ПО, не предоставляющих доступ к чему-либо, а банально заставляющих критически завершить работу какого-либо ПО (или компьютера вообще)). DoS может осуществиться не только с помощью сплойтов, но и с помощью спуфинга IP (не подразумевающего перехват TCP-сессии). Но последним способом сделать это будет трудновато, зато при некоторых условиях будет справедливо утверждение, что любой сервер уязвим. DDoS - Distibuted Denial of Service, распределённая атака с целью вызова DoS. Различные вирусы-черви, или же хакеры при взломе большого количества машин, строят ботнеты - сети компьютеров-зомби. Червь/хакер может установить на взломанной машине программу, которая начинает DoS-ить определённый компьютер в сети при поступлении определённого хакерского запроса. Массовый дос, когда одну машину досят сразу несколько, и называется DDoS-ом. Кое-что о DoS и DDoS вы можете почерпнуть из моей статьи "Введение в хакинг на низком уровне. Спуфинг IP - начальные сведения" (http://hackzona.ru/hz.php?name=News&file=article&sid=4831&mode=&order=0&thold=0)

Какая связь хакинга с сетевыми портами и что такое порт?
ЛЮБОЕ сетевое приложение использует как минимум один порт. Порт - это как обычный компьютерный порт (COM, LPT), к которому происходит подключение чего либо и через который происходит передача данных, только он не существует физически. Он играет большую роль, но в реальности это просто цифра от 1 до 65536. Пример. Наш IP 81.123.200.4. У нас есть две сетевые проги, которые работают одновременно: HTTP- и FTP-сервер. Обе они используют протокол TCP/IP. Как же данные распределяются между ними, ведь трафик просто напросто может перемешаться? Ответ: HTTP-сервер висит на порту номер 123, а FTP- - на 125. (В реальности любой порт можно изменить, но по стандарту FTP-сервер использует порт №21, а HTTP- - 80.)
Для того, чтобы узнать, какие сетевые проги используются на удалённом компьютере, существует большое количество прог - сканеров портов. Не могу не сказать о, ИМХО, лучшей из них - это "NMAP". Она имеет также функцию определения ОС на компьютере (fingerprint).

Снифферы - их функции и виды.
Сниффер в буквальном смысле означает "нюхач". Под сниффером подразумевается любая прога/скрипт, совершающая какие-либо "подслушивающие", "перехватывающие" или содействующие первым двум действия. Из определения, которое я дал, видно, что типов снифферов может быть сколь угодно, но чаще всего под сниффером подразумевают один из двух следующих типов. 1)сниффер, обрабатывающий информацию, которая передаётся ему вредоносной программой. Чаще всего практикуется снифф, которому передаётся кукис, "украденный" XSS-эксплоитом. 2)Анализатор траффика. Название говорит само за себя, однако, алнализатор может быть двух видов: файервол (firewall, "огненная стена", брэндмауэр) и "сниффер". Файер анализирует траффик, проходящий через какой-либо сетевой интерфейс, при этом не перехватывая траффик, а лишь уведомляя о его наличии, при этом неся информацию типа: "Входящий IP 234.57.40.7 пытается подключиться к порту 22", или "Исходящее приложение alb.exe пытается подключиться к IP 234.57.40.7 на 31337 порт". Пользователь, благодаря файерволу, может как блокировать входящий/исходящий трафик, так и разрешать его. Сниффер же, как второй вид анализатора, перехватывает весь трафик, проходящий через твой сетевой интерфейс, и в зависимости от функциональности, может отфильтровывать определённые данные из трафика, например, пароли. Такие снифферы чаще всего используются в сетях с хабом, который, в отличие от свитча, шлёт любой передаваемый трафик не только адресату, но и всем компьютерам в сети (просто обрабатывает его только адресат).

Роль UNIX-based ОС, сетевых протоколов и программирования в хакинге.
Все три фактора, перечисленные мной в сабже играют огромную и, наверно, основную роль в хакинге. Придерживайся их всегда напротяжении обучения, а я тебе расскажу об этом поподробней.
UNIX-based ОС - все операционные системы, базированные на UNIX. Сюда входят UNIX, Linux, BSD, Solaris и много других. Все они примерно схожи по основному составу команд. Почему необходимо занть *nix? Ты поймёшь это в ходе практики тех знаний, которые получил.
Сетевые протоколы. Думаю, ты уже понял, зачем они нужны. Будешь знать их устройство - сможешь не просто взламывать "по шаблону", но и "творить" взлом. Это намного серьёзнее.
Программмирование. Тут ты тоже, наверно, понял. В сочетании со знанием протоколов ты сможешь искать уязвимости, писать эксплоиты и знать их принцип работы. Зная лишь программирование, ты сможешь ВСЁ. Тех же сетевых протоколов не существовало бы без программирования. Да какие там протоколы! Не было бы компьютера! Но изучать программирование сложно. Вот что я посоветовал бы знать:
*язык C/C++/Pascal - для понимания устройства программ, принципов взаимодействия с ОС/ФС/сетью, развития логики программиста, которая в дальнейшем сыграет очень важную роль. В качестве компиляторов для этих языков я посоветую: для C - MSVisualC, BorlandC, GCC; для Pascal - Delphi, Kylix. С этих и только с этих языков нужно начинать!
*простенький HTML и дополняющий его JavaScript (не путать с Java).
*PHP, PERL.
*простенький язык запросов SQL.
*если останется сил и терпения, то Assembler, Python, ASP, BASIC и т.д. по мере желания и возможностей.

Послесловие
Тьфу.... вроде разобрался с основными вопросами. Если честно, то когда я писал статью, то немного жалел и жался, что знания, которые мне доставались долгим и упорным трудом, кладутся новичкам прямо на блюдечко. Но чувство патриотизма и осознавания скорого внедрения Интернет-2 )))), где будут совсем новые технологии, меня успокаивали. Если серьёзно, то я искренне хочу добиться доминирования нашей нации, т.е. наций бывшего СССР, над всеми другими.
Насчёт того, что я назвал тебя ламером - это для снижения самооценки, так работать будет легче. Тебе придётся очень много трудиться: два, три, четыре года - не знаю. Ещё совет: много практикуйся; узнал что-то новое - сразу же проверь на практике. А когда изучаешь язык, то обязательно должен быть включен компьютер и установлен компилятор. Прочитаешь книгу по кодингу не практикуясь - считай, что ты узнал 20% от возможного. And further. Чем задавать всем вопрос, лучше самому поискать информацию, а если нигде не найдёшь - можешь попробовать объяснить суть проблемы другим. Ты мучаешь других, снижаешь свой авторитет и главное - ты теряешь хлеб, за счёт которого поднимается уровень знаний. Преодолевание всех препятствий самостоятельно - то что способствует мгновенному росту профессионализма, уж это я знаю точно, можете не сомневаться.
Теперь немного психологии) . Если ты прочитал эту статью и у тебя сформировалась в голове мысль, или ты хочешь оставить комментарий, типа "ты тупица нах написал статью, это и так все знают, лучше бы чё-нить серьёзное написал. И знай, придурок, я её оценил на 2", то я сделаю вывод, что ты прочитал статью, узнал из неё много нового и сказал это лишь для повышения самооценки (обычная ситуация с человеком со слабо развитой психикой и интеллектом - как правило дети, или взрослые, у которых было "трудное" детство). Однако такие люди МОГУТ быть профессионалами, но многое придётся изменить. Остальные ситуации я рассматривать не буду, но скажу, что у некоторых положение может быть как лучше, так и хуже. Если у тебя покраснели уши за время прочтения всей статьи (в т.ч. и этого абзаца), то знай что ты сможешь быть в числе лучших, но надо стараться.
Good luck!