This page has been robot translated, sorry for typos if any. Original content here.

Theory of Hacking

There is no respect for you, people, if you decided to read my article in order to raise your level of knowledge)). Perhaps it is so low that you do not even understand the articles that are on the portal under the label "Beginners". In this case, I want to say that you are a lamer, and you should not think that you will become cool by reading this and other articles. And you will have to get used to the "lamer" status, you will be so for a long time. But do not blush, everyone went through it, but you have to strain. My name is DrWeb, I will help you cross the barrier through which in my times)) it was much more difficult to pass. Take the explanatory dictionary and read carefully, read it many times, practice. Good luck

We execute commands
You are currently sitting on Windows. Many programs are console or terminal, which does not allow you to enjoy their interface and functionality immediately after clicking on the icon. To do this, there is a program that has its own commands designed to work with programs and data on a computer. For Windows XP, this is cmd.exe, located in the Windows system files directory in the system32 subdirectory. For Windows 98, this is the command.com program located at the root of the OS drive. A quick launch of the program can be done next. Arr .: Start - Run - Enter without quotes "cmd" - ok. After starting, the command line will open (console, terminal, cmd). To find out what commands are, enter help. To obtain information about a specific command (its format, parameters), we supplement the command of interest with the symbols / ?. For example, copy /? or help / ?. If the parameters in the command format are indicated in square brackets, then they are optional. Let's look at the help command information. Enter help / ?. The format will appear on the screen: HELP [command]. This means that the help command can be executed without a parameter, simply: help. And if we want to get help with any cmd program command (for example, cd), we must enter: help cd or help help. Now you must learn to work with files from the command line yourself. The knowledge gained is enough for this. I can only say that the launch of the executable file from the current directory (it is always shown on the screen before the> sign, for example, C:>) is carried out by simply entering its name, without commands, and the start is. A file not from the current directory is performed the same way, only with the full path: c: \ windows \ system32 \ calc.exe. If the indicated file or directory names contain spaces, then the file path must be taken in double quotes: "c: \ documents and settings \ qwe".

The whole truth about IP
You are wondering about the IP address: why is it, how is it assigned, where is it registered, how to find out what can be done, knowing it, what can be done to me after hooliganism on the Web, what needs to be done so that it is not recognized? If not, then skip this top, otherwise read, but keep in mind that I will not explain to you the subtleties of the protocol.
An IP address is needed to transfer network data. You surf the Internet, download software, talk on ace, email etc - in all these cases data is transmitted, and this cannot be done without a unique identifier - ip-address. Why unique? Yes, because he is the only one on the Internet at a certain second, and know that while you are on the Internet, for example, under the IP address 81.123.200.4, then there is nobody else except you with that address.
The IP address is assigned immediately after connecting to the Internet, no matter how you do it: ISDN, ADSL, Dial-Up, Wi-Fi, GPRS. In Europe, the most common connection method is dialup, i.e. via a regular modem and telephone line (not to be confused with ADSL). You connect, and you get an IP. For you, this IP is now external (but often it is not external to the Internet, that is, on an Internet you are on a different IP). You can determine the ip issued by the provider by typing the command in cmd: ipconfig. Next to the line "IP Address ....." is your IP.
If your IP is dynamic (as usual), then with each connection to the provider the latter gives you a new ip, and the old IP can then belong, for example, to your neighbor. Each newly received IP is registered with the provider in accordance with the time, and not with what is ticking under your ear, or on the monitor screen, but with the clock that they have. Also, your phone number is entered in the registration log (identifiers are now on all providers, and it is impossible to deceive them). Well, eating, but, the time of disconnecting from the Internet is registered, i.e. since when you are not the owner of this ip. This is the minimum that is logged in the dip when dialup connection. As you can see, there is everything to find out if you climbed onto a website at a certain point in time, as well as the full home address and passport data of the person whose name the telephone from which the "Internet call" was registered.
Now about how to change your IP. You can’t change your IP, otherwise the Internet would have a big problem that would lead to ruin if you did not create a new protocol. But you can make it so that the logs of the servers you visited do not have your IP (esesso, this does not work on the very provider logs that are saved when connected to the Internet). This can be done using proxies or sockets. A proxy server is required. A program preconfigured to use a proxy (for example, your browser) first connects to the proxy server, it executes your command (for example, download a file, and downloads it first to itself), and then sends you the result of the command (in our case, it transfers you file). And in the logs of the site from which the file was downloaded, the IP address of the proxy server remains, and not yours. With sockets, everything is similar. The problem is that when using proxy / socks (unlike VPN, where traffic is encrypted) there is a huge loss in time. To show you the differences between a proxy and a socks, I will give you a clipping of my own post in the forum:
"
Proxies and Sox do not compete with each other, but are perfectly combined together. In a situation where you need to go anonymously to a page without crap, you can simply register a new proxy in the browser settings, or even use CGI-PROXY. If you need to achieve anonymity for a long time, and not partial (only one browser), but full, it is more convenient to configure the SOX for several applications at once and turn them on as needed. Also, if there is a network application that does not support PROXY configuration, the only way out is SOCKS.
Additional information about anonymity and proxy and socks configuration here:
http://antichat.ru/txt/old/anonumus.shtml
http://antichat.ru/txt/old/socks.shtml
"
Now let's talk about how to find out the IP of your enemy. If your enemy’s computer is used as a web server on the Internet (it has an HTTP server installed) and has its own registered domain name (i.e. it can be accessed not only by IP, but also by name, for example, www.hackzona .ru), then you can find out his IP by running the command: ping www.hackzona.ru. If your enemy does not belong to these, then you can do it with a simple soap trojan: you configure the Trojan server to send the enemy IP to your email, slip it on to the victim, as soon as the victim goes to the Internet after the Trojan starts, so immediately the necessary IP of the victim will be sent to your soap. Just do not forget that IP can be dynamic, and the victim may already be offline when you try to crack it. There are, of course, more rational ways to learn IP, but they are difficult to use at this stage of training.
Knowing the IP of the victim, you can crack it. Hacking means access to the victim’s files. I cannot but mention hacking with the help of trojans (non-soap ones) and scanners of shared resources. Trojans: you configure the file server using the configurator file, so that when it starts, the first one sends the victim's IP address to the specified e-mail; give the server to the victim, she launches the file, goes online; you receive a letter with the victim’s IP address, launch the file client, specify the stolen IP address in the connection parameters, connect and control the victim’s computer (the control capabilities are limited by the Trojan’s functions). Shared Resources (PP). Many people who have a local network open access to files so that they can be controlled from another computer on the local network. But if access is opened, then it is opened for any computer on the Internet! That is, everyone can connect and work with other people's files. To limit this access, passwords are set, but often not set :) Scanners exist to detect shared resources. The most convenient and fastest at the moment is Essential Net Tools. After finding the PP in this program, they can be immediately connected. A free but slow counterpart is XSharez. There is also Legion - an old man who scans faster than XSharez, but is paid, like Essential Net Tools, but does not have a PP connection function. Although these two methods of hacking are still practiced, they are considered not relevant. I will talk about the third method. It consists in using holes in software. Since we are talking about hacking through the Internet, I will say the following. Programs, drivers, system modules that use the network may have vulnerabilities. A stupid example, but you will be able to understand: the Internet browser "Ivanovets", when processing a string received from a socket (which is always in connection standby mode), and having an exit; command in the body, goes into Windows command line command execution mode (that most cmd). Browser manufacturers did not take this into account, but this is a bug. We, knowing such a vulnerability in advance, compose such a request that instead of the expected service commands of the Ivanovets browser, in the transmitted line we write the following: exit; dir. The browser will see exit ;, go into another mode and execute the dir command line command. T.O. we will get a list of files and folders in this directory of the victim’s computer through a hole in the Ivanovets browser. And the line exit; dir, which we compiled for hacking, will be called an exploit (exploit, split). True, sploits are usually published in the form of programs that immediately give everything for you: they connect, send commands, process the response, etc. Spoilers for the most serious vulnerabilities of common programs are distributed, among other things, in a compiled and ready-to-run form in Windows. But it is customary that all splits are distributed in the form of source codes, which must be precompiled. Compilation will also be troublesome if the authors of the sploits specifically make mistakes in some places and you don’t know the language in which the exploit is written. Splits are most often written in C / C ++, PERL, PHP and many other languages, depending on the scope of the layer. I think now it’s time to try to crack something. In WinXP <= SP1, as well as some versions of Win2000 and WinNT, there is a serious vulnerability that opens up full remote access to user files. An exploit of kaht2.exe is written for this vulnerability. In time to find the documentation for kaht2, download the exploit itself and try to hack with it.

But what about hacked sites?
A site is the same computer on the network that is also physically located somewhere. Your computer can also be it if you install an HTTP server on it (such a program) and register a domain name (this condition is not necessary, because if there is no domain name, you can access the site using an external IP). Here you are, sobsno, and received almost the entire answer to the question. But the number and variety of software on the sites is much greater, hence the likelihood of the presence of "holes" is also greater. On this, probably, about hacking through bugs allowed by software manufacturers, I will end and talk about bugs that users themselves allow, while becoming a victim of hacking. To make it clear, I’ll first say that any software interacts directly with the user, while often allowing you to create something of your own. This very “own” users just cannot create humanly, without holes. There are many points, but I will focus on the most commonly used. HTTP servers, depending on their capabilities, allow you to use special scripts on sites: CGI (they can be written in almost all languages, depending on the implementation of their support by the server), PERL, PHP, ASP, and many others. These scripts are clumsily written by users, and hackers, roughly assuming what is written in them (because you cannot view them by normal downloading without having the right to), send these scripts regular requests, slightly modified for various purposes. That's about this and writes a bunch of articles on the portal, so I will not tell you about the details.
Well, the last way, which is called "brute force" (brute force). This is an enumeration of passwords for any service that provides the user with specific access. For example, an FTP server is installed on the computer, which is held only as needed by the administrator. The FTP server provides access to files on the computer, only the admin knows the password for entering. You take an FTP brute force file with a large dictionary (list) of passwords, and it starts sequentially, one by one, to select an FTP password.

How are e-mail accounts hacked?
To do this, you first need to understand the principles of e-mail. To process letters, an SMTP server is used - a program that anyone can install as well. This means that to hack a mailbox (the ability to manage letters from someone else’s account), it’s enough to hack the site on which the SMPT server hangs (if the account database is located there). This is the best way. The downside is hard. The second way is to select passwords for the account (brute force, brute force). It implies a sequential search of passwords. The advantage of this method is that the degree of probability of hacking is directly proportional to the size of the dictionary that is being searched. Minus - the time that is spent on brute force is directly proportional to the size of the dictionary)). The third, most rational, way is to steal cookies, if they are used on the site. Most users do not use mailers, but work with mail directly on the mail server’s website, using the mail management functions of scripts, or they use mailers with HTML code enabled. Here, the hacker is helped by the site’s XSS vulnerabilities. I wrote about them in the article "XSS for Beginners. The Purpose of XSS Attacks" (http://www.hackzona.ru/hz.php?name=News&file=article&sid=5005&mode=&order=0&thold=0). On how to hack an account in the third way, I will give a clipping of my post from the forum:
"
If this cookie is created by the authorization system on the site, then in most cases it stores the md5 hash of the account password. Using tools such as md5inside, johntheripper, you can crack this hash (brute force method: a regular password is taken from the dictionary, then an md5 hash is generated and compared with the existing (stolen) hash).
But this is done to find out the password; because As a rule, it coincides with the passwords of other services belonging to the same admin, then you can take possession not only of the account.
If you just need to have an acc, then you create a stolen cookie on your computer, and the next time you visit the site you already have admin rights.
So that there are no unnecessary questions, I will say in advance ...
-for editing cookies yuzay IECookiesView;
-Before editing them, log in to the site under your account (in Internet Explorer);
-search for this cookie in the specified program, insert the hash, save, again go into IE. All.
"
Another version of soap hacking is practiced - SI (social engineering), but this is more likely a fraud than a hacking, so we will not consider it.

How are ICQ yuins hacked (stolen, stolen)?
I do not want to raise this topic, because There are a lot of articles on it, but for the sake of completeness, I will tell you briefly. 1 way: hacking the ICQ server. It is not acceptable due to inaccessibility, but I can not exclude it. 2 way: brute force. Here everything is similar to hacking soaps, just consider 2 options. 1) you can go through many passwords to one user; 2) you can sort out one (several, a little) passwords to many yuins (if you do not pursue the goal of hacking one particular yuin). The third method is simple, not requiring any large expenses and the most affordable. (Attention! Applies only to yuins with more than 5 digits in the number, i.e. starting with six digits!). When registering a new yuin, the "primary email" (Primary mail, PM) is indicated. It is very important because in case of losing the password from the yuin, the user can always retreat (a new password is generated and sent to PM). This can be done on the official website of ICQ. So, the third way is to crack the primari soap. Also, many mail services in the world remove soapy accounts if they are not used for a long time. So, if such a PM does not exist, then you can register it (and if this service has ceased to exist at all - you can raise it for a while), and then retry the password.

Forums, chats, guest books
Forums, chats and guest books (hereinafter referred to simply as forums) are part of the site, which means that by hacking the site you will gain access to the forum. This was the first way.
If by hacking a forum you mean simply theft of one another’s account, then it’s easier to hack the cookies of this account than to hack the entire site, as in the case of theft of cookies when hacking e-mail. If you steal the forum administrator cookies, then you will have the rights, respectively, of the administrator (full control of the forum). Do not forget to re-read about breaking the soap by stealing cookies.

What is DoS / DDoS? What is the difference?
DoS is an abbreviation for Denial of Service, which translates as denial of service. Он заключается в использовании DoS-уязвимостей ПО, не предоставляющих доступ к чему-либо, а банально заставляющих критически завершить работу какого-либо ПО (или компьютера вообще)). DoS может осуществиться не только с помощью сплойтов, но и с помощью спуфинга IP (не подразумевающего перехват TCP-сессии). Но последним способом сделать это будет трудновато, зато при некоторых условиях будет справедливо утверждение, что любой сервер уязвим. DDoS - Distibuted Denial of Service, распределённая атака с целью вызова DoS. Различные вирусы-черви, или же хакеры при взломе большого количества машин, строят ботнеты - сети компьютеров-зомби. Червь/хакер может установить на взломанной машине программу, которая начинает DoS-ить определённый компьютер в сети при поступлении определённого хакерского запроса. Массовый дос, когда одну машину досят сразу несколько, и называется DDoS-ом. Кое-что о DoS и DDoS вы можете почерпнуть из моей статьи "Введение в хакинг на низком уровне. Спуфинг IP - начальные сведения" (http://hackzona.ru/hz.php?name=News&file=article&sid=4831&mode=&order=0&thold=0)

Какая связь хакинга с сетевыми портами и что такое порт?
ЛЮБОЕ сетевое приложение использует как минимум один порт. Порт - это как обычный компьютерный порт (COM, LPT), к которому происходит подключение чего либо и через который происходит передача данных, только он не существует физически. Он играет большую роль, но в реальности это просто цифра от 1 до 65536. Пример. Наш IP 81.123.200.4. У нас есть две сетевые проги, которые работают одновременно: HTTP- и FTP-сервер. Обе они используют протокол TCP/IP. Как же данные распределяются между ними, ведь трафик просто напросто может перемешаться? Ответ: HTTP-сервер висит на порту номер 123, а FTP- - на 125. (В реальности любой порт можно изменить, но по стандарту FTP-сервер использует порт №21, а HTTP- - 80.)
Для того, чтобы узнать, какие сетевые проги используются на удалённом компьютере, существует большое количество прог - сканеров портов. Не могу не сказать о, ИМХО, лучшей из них - это "NMAP". Она имеет также функцию определения ОС на компьютере (fingerprint).

Снифферы - их функции и виды.
Сниффер в буквальном смысле означает "нюхач". Под сниффером подразумевается любая прога/скрипт, совершающая какие-либо "подслушивающие", "перехватывающие" или содействующие первым двум действия. Из определения, которое я дал, видно, что типов снифферов может быть сколь угодно, но чаще всего под сниффером подразумевают один из двух следующих типов. 1)сниффер, обрабатывающий информацию, которая передаётся ему вредоносной программой. Чаще всего практикуется снифф, которому передаётся кукис, "украденный" XSS-эксплоитом. 2)Анализатор траффика. Название говорит само за себя, однако, алнализатор может быть двух видов: файервол (firewall, "огненная стена", брэндмауэр) и "сниффер". Файер анализирует траффик, проходящий через какой-либо сетевой интерфейс, при этом не перехватывая траффик, а лишь уведомляя о его наличии, при этом неся информацию типа: "Входящий IP 234.57.40.7 пытается подключиться к порту 22", или "Исходящее приложение alb.exe пытается подключиться к IP 234.57.40.7 на 31337 порт". Пользователь, благодаря файерволу, может как блокировать входящий/исходящий трафик, так и разрешать его. Сниффер же, как второй вид анализатора, перехватывает весь трафик, проходящий через твой сетевой интерфейс, и в зависимости от функциональности, может отфильтровывать определённые данные из трафика, например, пароли. Такие снифферы чаще всего используются в сетях с хабом, который, в отличие от свитча, шлёт любой передаваемый трафик не только адресату, но и всем компьютерам в сети (просто обрабатывает его только адресат).

Роль UNIX-based ОС, сетевых протоколов и программирования в хакинге.
Все три фактора, перечисленные мной в сабже играют огромную и, наверно, основную роль в хакинге. Придерживайся их всегда напротяжении обучения, а я тебе расскажу об этом поподробней.
UNIX-based ОС - все операционные системы, базированные на UNIX. Сюда входят UNIX, Linux, BSD, Solaris и много других. Все они примерно схожи по основному составу команд. Почему необходимо занть *nix? Ты поймёшь это в ходе практики тех знаний, которые получил.
Сетевые протоколы. Думаю, ты уже понял, зачем они нужны. Будешь знать их устройство - сможешь не просто взламывать "по шаблону", но и "творить" взлом. Это намного серьёзнее.
Программмирование. Тут ты тоже, наверно, понял. В сочетании со знанием протоколов ты сможешь искать уязвимости, писать эксплоиты и знать их принцип работы. Зная лишь программирование, ты сможешь ВСЁ. Тех же сетевых протоколов не существовало бы без программирования. Да какие там протоколы! Не было бы компьютера! Но изучать программирование сложно. Вот что я посоветовал бы знать:
*язык C/C++/Pascal - для понимания устройства программ, принципов взаимодействия с ОС/ФС/сетью, развития логики программиста, которая в дальнейшем сыграет очень важную роль. В качестве компиляторов для этих языков я посоветую: для C - MSVisualC, BorlandC, GCC; для Pascal - Delphi, Kylix. С этих и только с этих языков нужно начинать!
*простенький HTML и дополняющий его JavaScript (не путать с Java).
*PHP, PERL.
*простенький язык запросов SQL.
*если останется сил и терпения, то Assembler, Python, ASP, BASIC и т.д. по мере желания и возможностей.

Послесловие
Тьфу.... вроде разобрался с основными вопросами. Если честно, то когда я писал статью, то немного жалел и жался, что знания, которые мне доставались долгим и упорным трудом, кладутся новичкам прямо на блюдечко. Но чувство патриотизма и осознавания скорого внедрения Интернет-2 )))), где будут совсем новые технологии, меня успокаивали. Если серьёзно, то я искренне хочу добиться доминирования нашей нации, т.е. наций бывшего СССР, над всеми другими.
Насчёт того, что я назвал тебя ламером - это для снижения самооценки, так работать будет легче. Тебе придётся очень много трудиться: два, три, четыре года - не знаю. Ещё совет: много практикуйся; узнал что-то новое - сразу же проверь на практике. А когда изучаешь язык, то обязательно должен быть включен компьютер и установлен компилятор. Прочитаешь книгу по кодингу не практикуясь - считай, что ты узнал 20% от возможного. And further. Чем задавать всем вопрос, лучше самому поискать информацию, а если нигде не найдёшь - можешь попробовать объяснить суть проблемы другим. Ты мучаешь других, снижаешь свой авторитет и главное - ты теряешь хлеб, за счёт которого поднимается уровень знаний. Преодолевание всех препятствий самостоятельно - то что способствует мгновенному росту профессионализма, уж это я знаю точно, можете не сомневаться.
Теперь немного психологии) . Если ты прочитал эту статью и у тебя сформировалась в голове мысль, или ты хочешь оставить комментарий, типа "ты тупица нах написал статью, это и так все знают, лучше бы чё-нить серьёзное написал. И знай, придурок, я её оценил на 2", то я сделаю вывод, что ты прочитал статью, узнал из неё много нового и сказал это лишь для повышения самооценки (обычная ситуация с человеком со слабо развитой психикой и интеллектом - как правило дети, или взрослые, у которых было "трудное" детство). Однако такие люди МОГУТ быть профессионалами, но многое придётся изменить. Остальные ситуации я рассматривать не буду, но скажу, что у некоторых положение может быть как лучше, так и хуже. Если у тебя покраснели уши за время прочтения всей статьи (в т.ч. и этого абзаца), то знай что ты сможешь быть в числе лучших, но надо стараться.
Good luck