Theoretical bases of hacking

There's no respect for you, man, if you decided to read my article to raise your level of knowledge)). Perhaps it is so low that you do not understand even those articles that are on the portal under the label "Beginners". In that case, I want to say that you are a lamer, and do not think that you will become cool after reading this and other articles. And you will have to get used to the status of "lamer", you will be like this for a long time. But do not blush, it's all gone, but you have to strain. My name is DrWeb, I will help you to pass that barrier through which in my times)) it was much harder to get through. Take an explanatory dictionary and read carefully, re-read many times, practice. Good luck!

Run the commands
Now you are sitting in Windows. Many programs are console, or terminal, which does not allow you to enjoy their interface and functionality right after the silk icon. To do this, there is a program that has its own commands designed to work with programs and data on the computer. For Windows XP, this is the cmd.exe program located in the Windows system files directory in the system32 subdirectory. For Windows 98, it's command.com, located at the root of the OS drive. Quick start of the program can be done next. Start: Run - Enter without quotes "cmd" - ok. After starting the command line (console, terminal, cmd) will open. To find out what commands are available, type help. To obtain information about a particular team (its format, parameters), we supplement the command of interest to us with the symbols R. For example, copy /? Or help / ?. If the parameters in the command format are specified in square brackets, then they are optional. Let's look at the help command. We introduce help / ?. The format will appear on the screen: HELP [command]. This means that the help command can be executed without a parameter, just: help. And if we want to get help on any cmd command (for example, cd), then we need to enter: help cd or help help. Now you must learn how to freely work with files from the command line. The obtained knowledge for this is enough. I will just say that launching an executable file from the current directory (it is always shown on the screen before the sign>, for example, C:>) is done by simply typing its name, without commands, and launching the application. File not from the current directory is performed in the same way, only with the full path specified: c: \ windows \ system32 \ calc.exe. If the specified file or directory names contain spaces, then the file path must be in double quotes: "c: \ documents and settings \ qwe".

The whole truth about IP
You ask yourself about the IP address: why it is assigned, where it is registered, how to find out what can be done, knowing it, what can they do to me after hooliganism on the web, what should I do not to be recognized? If not, then skip this top, otherwise read it, but bear in mind that I will not explain to you the subtleties of the protocol.
The IP address is needed for network data transmission. You surf in the internet, download software, talk on ace, email etc - in all these cases data is transferred, and this can not be done without a unique identifier - ip-address. Why unique? Yes, because he is the only one on the Internet in a certain second, and know that while you are in an Internet, for example, under the IP address 81.123.200.4, then there is no one else with you except you.
You assign an IP address immediately after connecting to the Internet, no matter how you do it: ISDN, ADSL, Dial-Up, Wi-Fi, GPRS. In Europe, the most common method of connection is dialup, i.e. Via a conventional modem and a telephone line (not to be confused with ADSL). You connect, and you get an ip. For you, this IP is now external (but often it is not external to the Internet, ie in the internet you are under another IP). You can determine ip, issued by the provider, by typing the command in cmd: ipconfig. Next to the line "IP address ....." shows your IP.
If your IP is dynamic (as usual), then at each connection to the provider the latter gives you a new ip, and the old IP can then belong, for example, to your neighbor. Each newly acquired IP is registered with the provider in accordance with the time, and not by what is ticked under your ear, or on the monitor screen, but with the clock that they have. Also in the registration log the number of your phone is entered (the identifiers are now on all providers, and it is impossible to deceive them). Well, it's okay, the time of disconnection from Ineta is registered, i.e. Since when do you not own this ip. This is the minimum that is logged in the log of the gap when dial-up connection. As you can see, there is everything to find out whether you climbed at a certain point in time to a site, as well as the full home address and passport details of the person whose name the phone was registered from which there was a "call to the Internet."
Now about how to change your IP. You can not change your IP, otherwise the Internet would have a big problem that would lead to a ruin, if not create a new protocol. But you can make sure that in the logs of the servers you visited, it was not your IP (not very true, for those same ISP logs that are saved when you connect to the Internet, this does not work). You can do this with proxy (proxy) or sockets (socks). You need a proxy server. A program preconfigured to use a proxy (for example, your browser) first connects to a proxy server, it executes your command (for example, download a file, and downloads it first to itself), and then sends you the result of executing the command (in our case it transmits You file). And in the logs of the site from which the file was downloaded, the IP address of the proxy server remains, and not yours. With sockets everything is the same. The problem is that when using proxy / socks (unlike VPN, where traffic is encrypted), a huge loss in time. To show you the difference between a proxy and a sux, I'll give you a clipping of your post in the forum:
"
Proxy and Sox do not make each other a competition, but perfectly combined together. In a situation where it's necessary to go anonymously to a page without a hemorrhoid, you can simply register a new proxy in the browser settings, or even use CGI-PROXY. If you need to achieve anonymity for a long time, and not partial (only a browser), and complete, it is more convenient to configure the SOXS immediately on several applications and include them as needed. Also, if there is a network application that does not support the PROXY configuration, the only output is SOCKS.
Additional information about anonymity and setting up proxy and socks here:
Http://antichat.ru/txt/old/anonumus.shtml
Http://antichat.ru/txt/old/socks.shtml
".
Now let's talk about how to learn the IP of your enemy. If your enemy's computer is used as a web server on the Internet (it has an HTTP server installed) and has its own registered domain name (ie it can be accessed not just by IP, but by name, for example, www.hackzona .ru), then you can find out its IP by running the command: ping www.hackzona.ru. If your enemy does not apply to such a thing, you can do it with a simple soap trojan: you configure the Trojan server to send the enemy IP to your email, slip it to the victim, as soon as the victim launches into the Internet after launching the Trojan, so immediately On your soap will send the right IP victim. Just do not forget that the IP can be dynamic, and the victim can already be offline when you try to hack it. There are, of course, more rational ways to learn IP, but they are complex to use them at this stage of training.
Knowing the victim's IP, you can hack it. Burglary refers to access to victim files. I can not help but mention hacking with Trojans (not soap) and scanners of shared resources. Trojans: you configure the file server using a configurator file, so that when you run it, the first one sends to the specified e-mail of the victim's IP; The server is given to the victim, it launches the file, goes online; You receive a letter with the IP address of the victim, run the client file, specify the stolen IP address in the connection parameters, connect and control the victim's computer (the options are limited to Trojan functions). Shared resources (RR). Many people who have a local network open access to files so that they can be managed from another computer on the local network. But if access is opened, then it opens for any computer on the Internet! That is, anyone can connect and work with other people's files. To limit this access, passwords are set, but often they are not set :) To detect shared resources, there are scanners. The most convenient and fast is at the moment Essential Net Tools. After finding the PP in this program, you can immediately connect them. A free, but slow analogue is XSharez. Also there is Legion - an old man who scans faster than XSharez, but is paid, like Essential Net Tools, but does not have the function of connecting PP. These two methods of hacking though practiced so far, but are considered not relevant. I'll talk about the third method. It is to use holes in the software. Since this is about hacking through the Internet, I will say the following. Programs, drivers, system modules that use the network may have vulnerabilities. Silly example, but you can understand: the Internet browser "Ivanovets" when processing the string received from the socket (which is always in the connection standby mode), and having the exit command in the body, goes into the Windows command line command execution mode (that Most cmd). The browser producers did not take this into account, but this is a bug. We, knowing this vulnerability in advance, are making such a request that in the transmitted string instead of the supposed service commands of the browser "Ivanovets" write the following: exit; dir. The browser will see exit ;, go into a different mode, and execute the dir command line command. Thus. We will get a list of files and folders in this victim's computer directory through a hole in the browser "Ivanovets". And the line exit; dir, which we made for hacking, will be called an exploit. True, splats are usually published in the form of programs that immediately give you everything: connect, send commands, process the response etc. Splits into the most serious vulnerabilities of common programs are distributed, in addition, in a compiled and ready to run in Windows form. But it is accepted that all the links are distributed in the form of source code, which must be precompiled. Compilation, too, will cause trouble, if the authors of the links specifically admit errors in some places and you do not know the language on which the exploit is written. Splits are most often written in C / C ++, PERL, PHP and in many other languages, depending on the scope of the layer. I think now it's time to try something hack. In WinXP <= SP1, as well as some versions of Win2000 and WinNT, there is a serious vulnerability that opens a complete remote access to user files. The exploit kaht2.exe was written under this vulnerability. At the time, find the documentation for kaht2, download the exploit itself and try to hack it with it.

And how are sites hacked?
A site is the same computer on a network that is also physically located somewhere. Your computer can also be there if you install an HTTP server (such a program) on it and register a domain name (this condition is not necessary, since in the absence of a domain name you can access the site by external IP). Here you are, sobsno, and received almost the whole answer to the question. But the number and variety of software on the sites is much larger, hence the likelihood of having "holes" is also greater. On this, probably, about the hacking through the bugs admitted by the software producers, I will finish and tell about the bugs that users allow themselves, while becoming a victim of hacking. To make it clear, I'll first say that any software directly interacts with the user, while often allowing you to create something of your own. This is the "own" users just can not create humanly, without holes. There are many moments, but I will focus on the most frequently used. HTTP-servers, depending on their capabilities, allow the use of special scripts on the sites: CGI (they can be written in almost all languages, depending on the implementation of their support by the server), PERL, PHP, ASP and many others. These scripts are slyly written by users, and hackers, roughly assuming what is written in them (because they can not be viewed by normal downloading without the rights), send these scripts ordinary queries, slightly modified for various purposes. That's about it, and he writes a lot of articles on the portal, so I'm not going to tell you about the details.
Well, the last method, which is called "brute force" (brute force). This is a search of passwords for any service that provides the user with a certain access. For example, an FTP server is installed on the computer, which is kept only as needed by the administrator. FTP-server provides access to files on the computer, only the administrator knows the password for the login. You take any FTP bruteforter with a large password list (list), and it starts consistently, one by one, to select a password for FTP.

How are e-mail accounts hacked?
To do this, you first need to understand the principles of e-mail. To process messages, an SMTP server is used - a program that anyone can also set up for themselves. This means that to hack a mailbox (the ability to manage emails from someone else's account) it is enough to hack the site on which the SMPT server hangs (if the account database is located there). This is the best way. Less is hard. The second way is to select passwords to the account (brute force, bruteforce). It involves a sequential search of passwords. The plus of this method is that the probability of hacking is directly proportional to the value of the dictionary, which is busted. The minus is the time that goes to the brute force, directly proportional to the value of the dictionary)). The third, most rational way is to steal cookies, if such are used on the site. Most users do not use mail programs, but work with mail directly on the mail server's site, using the mail control functions implemented by scripts, or they use mailers with included HTML-code. Here, the hacker is helped by the XSS vulnerability of the site. I wrote about them in the article "XSS to newbies: The Purpose of XSS Attacks" (http://www.hackzona.ru/hz.php?name=News&file=article&sid=5005&mode=&order=0&thold=0). On how to implement the cracking of akka in the third way, I will quote a clipping of my post from the forum:
"
If this cookie is created by the authorization system on the site, in most cases it stores the md5 hash of the account password. With the help of such tools as md5inside, johntheripper, you can crack this hash (bruteforce method: a normal password is taken from the dictionary, then an md5 hash is generated and compared to an existing (hashed) hash).
But this is done to find out the password; Since It, as a rule, coincides with the passwords of other services belonging to the same administrator, it is possible to take possession not only of the account.
If you just need to fetch an acc, then you form a stolen cookie on your computer, and the next time you visit the site, you already have the rights of the administrator.
So that there are no unnecessary questions, I'll say in advance ...
-to edit the cookies of the IEC CookiesView;
-before editing them, log in to the site under your acc (in the Internet Explorer browser);
-in a given prog this cookie, insert a hash, save, go back to IE. All.
".
Another way of hacking soaps is practiced - SI (social engineering), but this is more a fraud than hacking, so we will not consider it.

How are ICQ-yunks hijacked (stealing, stealing)?
I do not want to raise this topic, tk. There are a lot of articles on it, but for the sake of completeness of the article I'll just briefly tell. 1 way: hacking ICQ server. It is not acceptable because of inaccessibility, but I can not exclude it. 2 way: bruteforce. Here everything is analogous to cracking soaps, just consider 2 options. 1) you can go through a lot of passwords to one yuinu; 2) you can go through one (several, few) passwords to a lot of yuinov (if you are not pursuing the goal of hacking one particular specific yuin). The third method is simple, does not require any large costs and the most affordable. (Warning: Applies only to people who have more than 5 digits in the room, i.e. starting with six digits!). When registering a new yen, the "primary email" (Primary mail, PM) is indicated. It is very important, because In case of losing the password from the user, the user can always make a retrieve (a new password is generated and sent to PM). You can do this on the official ICQ site. So, the third way is to crack the primari soap. Also, many of the world's postal services remove soapboxes if they are not used for a long time. So, if such a PM does not exist, you can register it (and if this service does not exist at all - you can raise it for a while), and then make a password retrieval.

Forums, chat rooms, guest books
Forums, chat rooms and guest books (hereinafter simply forums) are part of the site, and, therefore, hacking the site, you will get access to the forum. This was the first way.
If under the hacking of the forum you understand simply stealing one another's account, then than hacking the whole site, it's easier to steal the cookies of this account, as in the case of the theft of cookies in the case of hacking e-mail. If you steal the cookie of the forum administrator, then you will have the rights, respectively, of the Admin (full management of the forum). Do not forget to reread again about breaking the soap by stealing cookies.

What is DoS / DDoS? What is the difference?
DoS - the abbreviation of Denial of Service, translates as "denial of service." Он заключается в использовании DoS-уязвимостей ПО, не предоставляющих доступ к чему-либо, а банально заставляющих критически завершить работу какого-либо ПО (или компьютера вообще)). DoS может осуществиться не только с помощью сплойтов, но и с помощью спуфинга IP (не подразумевающего перехват TCP-сессии). Но последним способом сделать это будет трудновато, зато при некоторых условиях будет справедливо утверждение, что любой сервер уязвим. DDoS - Distibuted Denial of Service, распределённая атака с целью вызова DoS. Различные вирусы-черви, или же хакеры при взломе большого количества машин, строят ботнеты - сети компьютеров-зомби. Червь/хакер может установить на взломанной машине программу, которая начинает DoS-ить определённый компьютер в сети при поступлении определённого хакерского запроса. Массовый дос, когда одну машину досят сразу несколько, и называется DDoS-ом. Кое-что о DoS и DDoS вы можете почерпнуть из моей статьи "Введение в хакинг на низком уровне. Спуфинг IP - начальные сведения" (http://hackzona.ru/hz.php?name=News&file=article&sid=4831&mode=&order=0&thold=0)

Какая связь хакинга с сетевыми портами и что такое порт?
ЛЮБОЕ сетевое приложение использует как минимум один порт. Порт - это как обычный компьютерный порт (COM, LPT), к которому происходит подключение чего либо и через который происходит передача данных, только он не существует физически. Он играет большую роль, но в реальности это просто цифра от 1 до 65536. Пример. Наш IP 81.123.200.4. У нас есть две сетевые проги, которые работают одновременно: HTTP- и FTP-сервер. Обе они используют протокол TCP/IP. Как же данные распределяются между ними, ведь трафик просто напросто может перемешаться? Ответ: HTTP-сервер висит на порту номер 123, а FTP- - на 125. (В реальности любой порт можно изменить, но по стандарту FTP-сервер использует порт №21, а HTTP- - 80.)
Для того, чтобы узнать, какие сетевые проги используются на удалённом компьютере, существует большое количество прог - сканеров портов. Не могу не сказать о, ИМХО, лучшей из них - это "NMAP". Она имеет также функцию определения ОС на компьютере (fingerprint).

Снифферы - их функции и виды.
Сниффер в буквальном смысле означает "нюхач". Под сниффером подразумевается любая прога/скрипт, совершающая какие-либо "подслушивающие", "перехватывающие" или содействующие первым двум действия. Из определения, которое я дал, видно, что типов снифферов может быть сколь угодно, но чаще всего под сниффером подразумевают один из двух следующих типов. 1)сниффер, обрабатывающий информацию, которая передаётся ему вредоносной программой. Чаще всего практикуется снифф, которому передаётся кукис, "украденный" XSS-эксплоитом. 2)Анализатор траффика. Название говорит само за себя, однако, алнализатор может быть двух видов: файервол (firewall, "огненная стена", брэндмауэр) и "сниффер". Файер анализирует траффик, проходящий через какой-либо сетевой интерфейс, при этом не перехватывая траффик, а лишь уведомляя о его наличии, при этом неся информацию типа: "Входящий IP 234.57.40.7 пытается подключиться к порту 22", или "Исходящее приложение alb.exe пытается подключиться к IP 234.57.40.7 на 31337 порт". Пользователь, благодаря файерволу, может как блокировать входящий/исходящий трафик, так и разрешать его. Сниффер же, как второй вид анализатора, перехватывает весь трафик, проходящий через твой сетевой интерфейс, и в зависимости от функциональности, может отфильтровывать определённые данные из трафика, например, пароли. Такие снифферы чаще всего используются в сетях с хабом, который, в отличие от свитча, шлёт любой передаваемый трафик не только адресату, но и всем компьютерам в сети (просто обрабатывает его только адресат).

Роль UNIX-based ОС, сетевых протоколов и программирования в хакинге.
Все три фактора, перечисленные мной в сабже играют огромную и, наверно, основную роль в хакинге. Придерживайся их всегда напротяжении обучения, а я тебе расскажу об этом поподробней.
UNIX-based ОС - все операционные системы, базированные на UNIX. Сюда входят UNIX, Linux, BSD, Solaris и много других. Все они примерно схожи по основному составу команд. Почему необходимо занть *nix? Ты поймёшь это в ходе практики тех знаний, которые получил.
Сетевые протоколы. Думаю, ты уже понял, зачем они нужны. Будешь знать их устройство - сможешь не просто взламывать "по шаблону", но и "творить" взлом. Это намного серьёзнее.
Программмирование. Тут ты тоже, наверно, понял. В сочетании со знанием протоколов ты сможешь искать уязвимости, писать эксплоиты и знать их принцип работы. Зная лишь программирование, ты сможешь ВСЁ. Тех же сетевых протоколов не существовало бы без программирования. Да какие там протоколы! Не было бы компьютера! Но изучать программирование сложно. Вот что я посоветовал бы знать:
*язык C/C++/Pascal - для понимания устройства программ, принципов взаимодействия с ОС/ФС/сетью, развития логики программиста, которая в дальнейшем сыграет очень важную роль. В качестве компиляторов для этих языков я посоветую: для C - MSVisualC, BorlandC, GCC; для Pascal - Delphi, Kylix. С этих и только с этих языков нужно начинать!
*простенький HTML и дополняющий его JavaScript (не путать с Java).
*PHP, PERL.
*простенький язык запросов SQL.
*если останется сил и терпения, то Assembler, Python, ASP, BASIC и т.д. по мере желания и возможностей.

Послесловие
Тьфу.... вроде разобрался с основными вопросами. Если честно, то когда я писал статью, то немного жалел и жался, что знания, которые мне доставались долгим и упорным трудом, кладутся новичкам прямо на блюдечко. Но чувство патриотизма и осознавания скорого внедрения Интернет-2 )))), где будут совсем новые технологии, меня успокаивали. Если серьёзно, то я искренне хочу добиться доминирования нашей нации, т.е. наций бывшего СССР, над всеми другими.
Насчёт того, что я назвал тебя ламером - это для снижения самооценки, так работать будет легче. Тебе придётся очень много трудиться: два, три, четыре года - не знаю. Ещё совет: много практикуйся; узнал что-то новое - сразу же проверь на практике. А когда изучаешь язык, то обязательно должен быть включен компьютер и установлен компилятор. Прочитаешь книгу по кодингу не практикуясь - считай, что ты узнал 20% от возможного. And further. Чем задавать всем вопрос, лучше самому поискать информацию, а если нигде не найдёшь - можешь попробовать объяснить суть проблемы другим. Ты мучаешь других, снижаешь свой авторитет и главное - ты теряешь хлеб, за счёт которого поднимается уровень знаний. Преодолевание всех препятствий самостоятельно - то что способствует мгновенному росту профессионализма, уж это я знаю точно, можете не сомневаться.
Теперь немного психологии) . Если ты прочитал эту статью и у тебя сформировалась в голове мысль, или ты хочешь оставить комментарий, типа "ты тупица нах написал статью, это и так все знают, лучше бы чё-нить серьёзное написал. И знай, придурок, я её оценил на 2", то я сделаю вывод, что ты прочитал статью, узнал из неё много нового и сказал это лишь для повышения самооценки (обычная ситуация с человеком со слабо развитой психикой и интеллектом - как правило дети, или взрослые, у которых было "трудное" детство). Однако такие люди МОГУТ быть профессионалами, но многое придётся изменить. Остальные ситуации я рассматривать не буду, но скажу, что у некоторых положение может быть как лучше, так и хуже. Если у тебя покраснели уши за время прочтения всей статьи (в т.ч. и этого абзаца), то знай что ты сможешь быть в числе лучших, но надо стараться.
Good luck!