This page has been robot translated, sorry for typos if any. Original content here.

Theoretical basics of hacking

There is no respect for you, man, if you decide to read my article to raise your level of knowledge)). Perhaps it is so low that you do not understand even those articles that are on the portal under the label "Novices". In this case, I want to say that you are a lamer, and you should not think that you will become cool by reading this and other articles. And you have to get used to the status of "lamer", you will be like this for a long time. But you should not blush, everything went through it, but you will have to strain yourself. My name is DrWeb, I will help you to cross the barrier through which in my times)) it was much more difficult to pass. Take the dictionary and read carefully, re-read many times, practice. Good luck!

We execute commands
Now you are sitting in the Windows OS. Many programs are console or terminal, which does not allow you to enjoy their interface and functionality immediately after the silk button on the icon. To do this, there is a program that has its own commands designed to work with programs and data on the computer. For Windows XP, this is the cmd.exe program located in the Windows system files directory in the system32 subdirectory. For Windows 98, this is the command.com program located at the root of the OS disk. Quick start of the program can be done next. sample: Start - Run - Enter without quotes "cmd" - ok. After launch, the command line will open (console, terminal, cmd). To find out what teams are, enter help. To obtain information about a specific team (its format, parameters), we supplement the command of interest with the characters / ?. For example, copy /? or help / ?. If the format of the command parameters are in square brackets, then they are not required. See information about the help command. We introduce help / ?. The format will appear on the screen: HELP [command]. This means that the help command can be executed without a parameter, simply: help. And if we want to get help on any command of the cmd program (for example, cd), then we must enter: help cd or help help. Now you have to learn how to work freely with files from the command line. The knowledge gained for this is enough. I can only say that the launch of the executable file from the current directory (it is always shown on the screen in front of the> sign, for example, C:>) is done by simply entering its name, without commands, and launching it. the file not from the current directory is the same, only with the full path: c: \ windows \ system32 \ calc.exe. If the indicated names of files or directories contain spaces, then the file path should be taken in double quotes: "c: \ documents and settings \ qwe".

The whole truth about IP
You ask a question about an IP address: what is it for, how is it assigned, where is it registered, how can you find out what you can do if you know it, what can you do with me after hooliganism on the Web, what should you do so that you don’t recognize it? If not, then skip this top, otherwise read, but bear in mind that I will not explain to you the details of the protocol.
An IP address is needed to transfer network data. You surf in the internet, download software, speak ace, email etc - in all these cases the data is transmitted, and this cannot be done without a unique identifier - ip-addresses. Why unique? Yes, because he is the only one on the Internet at a certain second, and know that while you are on the internet, for example, under the ip address 81.123.200.4, then there is no one except you with such an address.
The IP address is assigned immediately after connecting to the Internet, no matter how you do it: ISDN, ADSL, Dial-Up, Wi-Fi, GPRS. In Europe, the most common method of connection is dialup, i.e. via a regular modem and telephone line (not to be confused with ADSL). You connect, and you get an ip. For you, this ip is now external (but often it is not external to the Internet, i.e. in the internet you are under a different IP). You can determine the ip issued by the provider by typing the command in cmd: ipconfig. Next to the line "IP address ....." shows your IP.
If your IP is dynamic (as usual), then at each connection to the provider, the latter gives you a new ip, and the old IP can then belong, for example, to your neighbor. Each newly acquired IP is registered with the provider in accordance with the time, not by ticking under your ear or on the monitor screen, but with the clock that they have. Also, your phone number is entered in the registration log (determinants are now on all providers, and it is impossible to deceive them). Well, eats-but, the disconnection time from the Internet is registered, i.e. since when are you not the owner of this ip. This is the minimum that is logged to the Prow during dial-up connection. As you can see, there is everything to find out whether at a certain point in time you climbed onto any site, as well as the full home address and passport details of the person whose name you registered the phone from which there was a "call to the Internet".
Now how to change your IP. You cannot change your IP, otherwise the Internet would have a big problem that would lead to ruin, if not create a new protocol. But you can make it so that the logs of the servers that you have visited do not have your IP (essessno, this doesn’t work on those provider's logs that are saved when connecting to the Internet). This can be done using a proxy (proxy) or sockets (socks). Any proxy server is required. A program that is pre-configured to use a proxy (for example, your browser) first connects to a proxy server, it executes your command (for example, download a file, and downloads it first to itself), and then sends you the result of the command execution (in our case it sends you file And in the logs of the site from which the file was downloaded, remains the IP address of the proxy server, and not yours. With sockets everything is similar. The problem is that when using proxy / socks (as opposed to VPN, where traffic is encrypted) is a huge loss in time. To show you the differences between proxies and socks, I will give you a clipping of my own post in the forum:
"
Proxy and socks do not compete with each other, but blend beautifully together. In a situation where it is necessary to log in anonymously on some page without crap, you can simply register a new proxy in the browser settings, or use CGI-PROXY altogether. If you need to achieve anonymity for a long time, and not partial (only one browser), but full, then it is more convenient to configure SOX for several applications at once and turn them on as needed. Also, if there is a network application that does not support the PROXY setting, the only way out is SOCKS.
Additional information about anonymity and setting up proxy and socks here:
http://antichat.ru/txt/old/anonumus.shtml
http://antichat.ru/txt/old/socks.shtml
".
Now let's talk about how to find the IP of your enemy. If your enemy's computer is used as a web server on the Internet (it has an HTTP server installed) and has its registered domain name (i.e. it can be accessed not just by IP, but also by name, for example, www.hackzona .ru), then you can find out its IP by executing the command: ping www.hackzona.ru. If your enemy does not belong to such, then you can do it with a simple soap trojan: you configure the Trojan server to send the enemy's IP to your email, slip it to the victim, as soon as the Trojan server starts up, the victim The desired IP of the victim will be sent to your soap. Just do not forget that IP can be dynamic, and the victim may already be offline when you try to hack it. There are certainly more rational ways to learn IP, but they are difficult to use at this stage of training.
Knowing the victim's IP, you can hack it. Hacking means access to the victim’s files. I can not mention hacking using trojans (not soap) and scanners of shared resources. Trojans: you configure the file server using a configurator file so that when you start it, the first one sends the victim's IP to the specified e-mail; server give the victim, she runs the file, goes online; you receive a letter with the victim's IP address, launch the client file, specify the stolen IP address in the connection settings, connect and manage the victim's computer (the possibilities of management are limited to the functions of the trojan). Share resources (RR). Many people who have a local network open access to files so that they can be managed from another computer on the local network. But if access is opened, it opens for any computer on the Internet! That is, everyone can connect and work with other people's files. To restrict such access, passwords are set, but often not set. :) Scanners are used to detect shared resources. The most convenient and fast is at the moment Essential Net Tools. After finding the PP in this program, you can immediately connect. Free, but slower analog is XSharez. There is also a Legion - an old man who scans faster XSharez, but is paid, like Essential Net Tools, but does not have the connection function PP. These two methods of hacking, although they are still practiced, are considered not relevant. I will talk about the third method. He is to use holes in the software. Since this is about hacking via the Internet, I will say the following. Programs, drivers, system modules that use the network may have vulnerabilities. A stupid example, but you can understand: the Internet browser "Ivanovets" when processing a string received from a socket (which is always in standby mode), and having the service command exit; in the body, goes into the execution mode of Windows command commands ( most cmd). Browser manufacturers did not take this into account, but this is a bug. We, knowing in advance such a vulnerability, compose such a request that in the transmitted string, instead of the intended service commands of the Ivanovets browser, we write the following: exit; dir. The browser will see exit; will switch to another mode and execute the dir command line command. So we get a list of files and folders in this directory of the victim’s computer through a hole in the Ivanovets browser. And the string exit; dir, which we compiled for hacking, will be called an exploit (exploit). True, spambots are usually published in the form of programs that immediately give everything for you: connect, send commands, process the response, etc. The exploits on the most serious vulnerabilities of common programs are spread, besides everything, in a form compiled and ready to run in Windows OS. But it’s so accepted that all exploits are distributed in the form of source codes that need to be pre-compiled. The compilation will also cause trouble, if the authors of the exploits specifically make mistakes in some places and you do not know the language in which the exploit is written. The layers are most often written in C / C ++, PERL, PHP and in many other languages, depending on the application of the layer. I think now is the time to try to hack something. In WinXP <= SP1, as well as in some versions of Win2000 and WinNT, there is a serious vulnerability opening full remote access to user files. Under this vulnerability is written exploit kaht2.exe. At the time, find the documentation for kaht2, download the exploit itself and try to hack it.

But how are hacked sites?
A site is the same computer on a network that is also physically located somewhere. Your computer can also be one if you install an HTTP server on it (such a program), and register a domain name (this condition is optional, because if there is no domain name on the site, it will be possible to log in via external IP). Here you are, sobsno, and received almost the entire answer to the question. But the number and variety of software on the sites is much larger, hence the probability of the presence of "holes" is also greater. On this, probably, about hacking through the bugs admitted by software makers, I will finish and tell you about bugs that users themselves admit, while becoming a victim of hacks. To make it clear, I will first say that any software interacts directly with the user, while often allowing you to create something of your own. This very “users” cannot be created by humanity, without holes. There are many moments here, but I will focus on the most frequently used. HTTP servers, depending on their capabilities, allow using special scripts on sites: CGI (they can be written in almost all languages, depending on the implementation of their support by the server), PERL, PHP, ASP, and many others. These scripts are clumsily written by users, and hackers, roughly assuming that they are written (because they cannot be viewed by regular downloading, without rights), they send ordinary requests to these scripts, which are slightly modified for one purpose or another. This is what a bunch of articles on the portal are writing about, so I’m not going to tell you about the details.
Well, the last way, which is called "brute force" (brute force). This is a search of passwords for any service that provides the user with certain access. For example, an FTP server is installed on the computer, which is maintained only by the need of an administrator. The FTP server provides access to files on the computer, only the admin knows the password to log in. You take an FTP bruteformer with a large dictionary (list) of passwords, and it begins one by one to select a password for FTP.

How are e-mail accounts cracked?
To do this, you first need to understand the principles of e-mail. For the processing of letters, an SMTP server is used - a program that anyone can also install. This means that in order to hack a mailbox (the ability to manage emails of someone else's account), it is enough to hack a site on which an SMPT server hangs (if the account database is located in the same place). This is the best way. Minus - hard. The second way is to select account passwords (brute force, brute force). It implies a sequential search of passwords. The advantage of this method is that the degree of probability of hacking is directly proportional to the size of the dictionary that is being searched. Minus - the time it takes to brute force, is directly proportional to the size of the dictionary)). The third, most rational, method is to steal cookies, if such are used on the site. Most users do not use postal programs, but work with mail directly on the mail server site, using the functions of managing letters, implemented scripts, or use mailers with the included HTML code. Here hacker help XSS-site vulnerabilities. I wrote about them in the article "XSS to beginners. The purpose of XSS attacks" (http://www.hackzona.ru/hz.php?name=News&file=article&sid=5005&mode=&order=0&thold=0). To learn how to hack a third way, I will give a clipping of my post from the forum:
"
If this cookie is created by the authorization system on the site, then in most cases it stores the md5 hash of the account password. Using such tools as md5inside, johntheripper, you can crack this hash (brutfors method: a regular password is taken from the dictionary, then md5-hash is generated and compared with the existing (stale) hash).
But this is done to find out the password; because as a rule, it coincides with the passwords of other services belonging to the same admin, then you can take control of more than just an account.
If you just need to have an account, then you create a stolen cookie on your computer, and the next time you visit the site you have admin rights.
So that there are no unnecessary questions, I will say in advance ...
- to edit cookies yuzay IECookiesView;
-Before editing them, log in to the site under your acc (in the Internet Explorer browser);
- look for this cookie in the specified program, insert hash, save, again go to IE. Everything.
".
One more variant of hacking is practiced - SI (social engineering), but this is more fraud than hacking, so we will not consider it.

How to hack (steal, steal) ICQ-yuiny?
I do not want to raise this topic, because There are a lot of articles on it, but for completeness of the article I’ll tell you briefly. 1 way: hacking server ICQ. It is not acceptable because of inaccessibility, but I cannot exclude it. 2 way: brute force. Here, everything is similar to cracking soaps, only consider 2 options. 1) you can sort through multiple passwords to one Uyin; 2) you can sort through one (several, a little) passwords to a multitude of yuinov (if you do not pursue the goal of hacking one of a particular yuin). The third way is simple, does not require any large costs and the most affordable. (Attention! Applies only to yuins that have more than 5 digits in the number, that is, starting from six digs!). When registering a new uin, the primary email (PM) is indicated. It is very important, because in case of losing the password from the user, the user can always do a retry (a new password is generated and sent to PM). You can do this on the official website of ICQ. So, the third way is to break the primari soap. Also, many mail services in the world are removing soap accounts, if they are not used for a long time. So, if there is no such PM, then you can register it (and if this service has ceased to exist at all, you can pick it up for a while), and then do a password retrieval.

Forums, chat rooms, guest books
Forums, chat rooms and guest books (hereinafter - simply forums) are part of the site, and, therefore, having hacked the site, you will get access to the forum. It was the first way.
If by hacking the forum you understand just the theft of one other account, then, than to hack the whole site, it is easier to steal the cookies of this acca, as is the case with the theft of cookies when hacking an e-mail. If you steal the forum administrator cookies, then you will have rights, respectively, Adimna (full management of the forum). Do not forget to re-read about breaking the soap due to theft of cookies.

What is DoS / DDoS? What is the difference?
DoS - an abbreviation of Denial of Service, translated as "denial of service". Он заключается в использовании DoS-уязвимостей ПО, не предоставляющих доступ к чему-либо, а банально заставляющих критически завершить работу какого-либо ПО (или компьютера вообще)). DoS может осуществиться не только с помощью сплойтов, но и с помощью спуфинга IP (не подразумевающего перехват TCP-сессии). Но последним способом сделать это будет трудновато, зато при некоторых условиях будет справедливо утверждение, что любой сервер уязвим. DDoS - Distibuted Denial of Service, распределённая атака с целью вызова DoS. Различные вирусы-черви, или же хакеры при взломе большого количества машин, строят ботнеты - сети компьютеров-зомби. Червь/хакер может установить на взломанной машине программу, которая начинает DoS-ить определённый компьютер в сети при поступлении определённого хакерского запроса. Массовый дос, когда одну машину досят сразу несколько, и называется DDoS-ом. Кое-что о DoS и DDoS вы можете почерпнуть из моей статьи "Введение в хакинг на низком уровне. Спуфинг IP - начальные сведения" (http://hackzona.ru/hz.php?name=News&file=article&sid=4831&mode=&order=0&thold=0)

Какая связь хакинга с сетевыми портами и что такое порт?
ЛЮБОЕ сетевое приложение использует как минимум один порт. Порт - это как обычный компьютерный порт (COM, LPT), к которому происходит подключение чего либо и через который происходит передача данных, только он не существует физически. Он играет большую роль, но в реальности это просто цифра от 1 до 65536. Пример. Наш IP 81.123.200.4. У нас есть две сетевые проги, которые работают одновременно: HTTP- и FTP-сервер. Обе они используют протокол TCP/IP. Как же данные распределяются между ними, ведь трафик просто напросто может перемешаться? Ответ: HTTP-сервер висит на порту номер 123, а FTP- - на 125. (В реальности любой порт можно изменить, но по стандарту FTP-сервер использует порт №21, а HTTP- - 80.)
Для того, чтобы узнать, какие сетевые проги используются на удалённом компьютере, существует большое количество прог - сканеров портов. Не могу не сказать о, ИМХО, лучшей из них - это "NMAP". Она имеет также функцию определения ОС на компьютере (fingerprint).

Снифферы - их функции и виды.
Сниффер в буквальном смысле означает "нюхач". Под сниффером подразумевается любая прога/скрипт, совершающая какие-либо "подслушивающие", "перехватывающие" или содействующие первым двум действия. Из определения, которое я дал, видно, что типов снифферов может быть сколь угодно, но чаще всего под сниффером подразумевают один из двух следующих типов. 1)сниффер, обрабатывающий информацию, которая передаётся ему вредоносной программой. Чаще всего практикуется снифф, которому передаётся кукис, "украденный" XSS-эксплоитом. 2)Анализатор траффика. Название говорит само за себя, однако, алнализатор может быть двух видов: файервол (firewall, "огненная стена", брэндмауэр) и "сниффер". Файер анализирует траффик, проходящий через какой-либо сетевой интерфейс, при этом не перехватывая траффик, а лишь уведомляя о его наличии, при этом неся информацию типа: "Входящий IP 234.57.40.7 пытается подключиться к порту 22", или "Исходящее приложение alb.exe пытается подключиться к IP 234.57.40.7 на 31337 порт". Пользователь, благодаря файерволу, может как блокировать входящий/исходящий трафик, так и разрешать его. Сниффер же, как второй вид анализатора, перехватывает весь трафик, проходящий через твой сетевой интерфейс, и в зависимости от функциональности, может отфильтровывать определённые данные из трафика, например, пароли. Такие снифферы чаще всего используются в сетях с хабом, который, в отличие от свитча, шлёт любой передаваемый трафик не только адресату, но и всем компьютерам в сети (просто обрабатывает его только адресат).

Роль UNIX-based ОС, сетевых протоколов и программирования в хакинге.
Все три фактора, перечисленные мной в сабже играют огромную и, наверно, основную роль в хакинге. Придерживайся их всегда напротяжении обучения, а я тебе расскажу об этом поподробней.
UNIX-based ОС - все операционные системы, базированные на UNIX. Сюда входят UNIX, Linux, BSD, Solaris и много других. Все они примерно схожи по основному составу команд. Почему необходимо занть *nix? Ты поймёшь это в ходе практики тех знаний, которые получил.
Сетевые протоколы. Думаю, ты уже понял, зачем они нужны. Будешь знать их устройство - сможешь не просто взламывать "по шаблону", но и "творить" взлом. Это намного серьёзнее.
Программмирование. Тут ты тоже, наверно, понял. В сочетании со знанием протоколов ты сможешь искать уязвимости, писать эксплоиты и знать их принцип работы. Зная лишь программирование, ты сможешь ВСЁ. Тех же сетевых протоколов не существовало бы без программирования. Да какие там протоколы! Не было бы компьютера! Но изучать программирование сложно. Вот что я посоветовал бы знать:
*язык C/C++/Pascal - для понимания устройства программ, принципов взаимодействия с ОС/ФС/сетью, развития логики программиста, которая в дальнейшем сыграет очень важную роль. В качестве компиляторов для этих языков я посоветую: для C - MSVisualC, BorlandC, GCC; для Pascal - Delphi, Kylix. С этих и только с этих языков нужно начинать!
*простенький HTML и дополняющий его JavaScript (не путать с Java).
*PHP, PERL.
*простенький язык запросов SQL.
*если останется сил и терпения, то Assembler, Python, ASP, BASIC и т.д. по мере желания и возможностей.

Послесловие
Тьфу.... вроде разобрался с основными вопросами. Если честно, то когда я писал статью, то немного жалел и жался, что знания, которые мне доставались долгим и упорным трудом, кладутся новичкам прямо на блюдечко. Но чувство патриотизма и осознавания скорого внедрения Интернет-2 )))), где будут совсем новые технологии, меня успокаивали. Если серьёзно, то я искренне хочу добиться доминирования нашей нации, т.е. наций бывшего СССР, над всеми другими.
Насчёт того, что я назвал тебя ламером - это для снижения самооценки, так работать будет легче. Тебе придётся очень много трудиться: два, три, четыре года - не знаю. Ещё совет: много практикуйся; узнал что-то новое - сразу же проверь на практике. А когда изучаешь язык, то обязательно должен быть включен компьютер и установлен компилятор. Прочитаешь книгу по кодингу не практикуясь - считай, что ты узнал 20% от возможного. И ещё. Чем задавать всем вопрос, лучше самому поискать информацию, а если нигде не найдёшь - можешь попробовать объяснить суть проблемы другим. Ты мучаешь других, снижаешь свой авторитет и главное - ты теряешь хлеб, за счёт которого поднимается уровень знаний. Преодолевание всех препятствий самостоятельно - то что способствует мгновенному росту профессионализма, уж это я знаю точно, можете не сомневаться.
Теперь немного психологии) . Если ты прочитал эту статью и у тебя сформировалась в голове мысль, или ты хочешь оставить комментарий, типа "ты тупица нах написал статью, это и так все знают, лучше бы чё-нить серьёзное написал. И знай, придурок, я её оценил на 2", то я сделаю вывод, что ты прочитал статью, узнал из неё много нового и сказал это лишь для повышения самооценки (обычная ситуация с человеком со слабо развитой психикой и интеллектом - как правило дети, или взрослые, у которых было "трудное" детство). Однако такие люди МОГУТ быть профессионалами, но многое придётся изменить. Остальные ситуации я рассматривать не буду, но скажу, что у некоторых положение может быть как лучше, так и хуже. Если у тебя покраснели уши за время прочтения всей статьи (в т.ч. и этого абзаца), то знай что ты сможешь быть в числе лучших, но надо стараться.
Good luck!