Wednesday, 18 April 2012

Internet for Dummies -- skip this if you are a Unix wizard. But if you read on you’ll get some more kewl hacking instructions.


The six Guides to (mostly) Harmless Hacking of Vol. 1 jumped immediately into how-to hacking tricks. But if
you are like me, all those details of probing ports and playing with hypotheses and pinging down hosts gets
a little dizzying.
So how about catching our breath, standing back and reviewing what the heck it is that we are playing with?
Once we get the basics under control, we then can move on to serious hacking.
Also, I have been wrestling with my conscience over whether to start giving you step-by-step instructions
on how to gain root access to other peoples’ computers. The little angel on my right shoulder whispers,
“Gaining root without permission on other people’s computers is not nice. So don’t tell people how to do
it.” The little devil on my left shoulder says, “Carolyn, all these hackers think you don’t know nothin’!
PROOVE to them you know how to crack!” The little angel says, “If anyone reading Guide to (mostly)
Harmless Hacking tries out this trick, you might get in trouble with the law for conspiracy to damage other
peoples’ computers.” The little devil says, “But, Carolyn, tell people how to crack into root and they will
think you are KEWL!”
So here’s the deal. In this and the next few issues of Guide to (mostly) Harmless Hacking I’ll tell you several
ways to get logged on as the superuser in the root account of some Internet host computers. But the
instructions will leave a thing or two to the imagination.
My theory is that if you are willing to wade through all this, you probably aren’t one of those cheap thrills
hacker wannabes who would use this knowledge to do something destructive that would land you in jail.
*****************************
Technical tip: If you wish to become a *serious* hacker, you’ll need Linux (a freeware variety of Unix) on
your PC. One r>
------------------------------------------------------------------------
Transfer interrupted!
o root legally all you want -- on your own computer. It sure beats struggling around on someone else’s
computer only to discover that what you thought was root was a cleverly set trap and the sysadmin and FBI
laugh at you all the way to jail.
Linux can be installed on a PC with as little as a 386 CPU, only 2 Mb RAM and as little as 20 MB of hard
disk. You will need to reformat your hard disk. While some people have successfully installed Linux without
trashing their DOS/Windows stuff, don’t count on getting away with it. Backup, backup, backup!
*****************************
*****************************
You can go to jail warning: Crack into root on someone else’s computer and the slammer becomes a definite
possibility. Think about this: when you see a news story about some hacker getting busted, how often do
you recognize the name? How often is the latest bust being done to someone famous, like Dark Tangent or
se7en or Emmanuel Goldstein? How about, like, never! That’s because really good hackers figure out how to
not do stupid stuff. They learn how to crack into computers for the intellectual challenge and to figure out
how to make computers safe from intruders. They don’t bull their way into root and make a mess of things,
which tends to inspire sysadmins to call the cops.
*********************************
Exciting notice: Is it too boring to just hack into your own Linux machine? Hang in there. Ira Winkler of the
National Computer Security Association, Dean Garlick of the Space Dynamics Lab of Utah State University
and I are working on setting up hack.net, a place where it will be legal to break into computers. Not only that,
we’re looking for sponsors who will give cash awards and scholarships to those who show the greatest
hacking skills. Now does that sound like more phun than jail?
*****************************
So, let’s jump into our hacking basics tutorial with a look at the wondrous anarchy that is the Internet.
Note that these Guides to (mostly) Harmless Hacking focus on the Internet. That is because there are many
legal ways to hack on the Internet. Also, there are over 10 million of these readily hackable computers on the
Internet, and the number grows every day.
Internet Basics
No one owns the Internet. No one runs it. It was never planned to be what it is today. It just happened, the
mutant outgrowth of a 1969 US Defense Advanced Research Projects Agency experiment.
This anarchic system remains tied together because its users voluntarily obey some basic rules. These rules
can be summed up in two words: Unix and TCP/IP (with a nod to UUCP). If you understand, truly
understand Unix and TCP/IP (and UUCP), you will become a fish swimming in the sea of cyberspace, an
Uberhacker among hacker wannabes, a master of the Internet universe.
To get technical, the Internet is a world-wide distributed computer/communications network held together
by a common communications standard, Transmission Control Protocol/Internet Protocol (TCP/IP) and a bit
of UUCP. These standards allow anyone to hook up a computer to the Internet, which then becomes
another node in this network of the Internet. All that is needed is to get an Internet address assigned to the
new computer, which is then known as an Internet "host," and tie into an Internet communications link.
Thes e links are now available in almost all parts of the world.
If you use an on-line service from your personal computer, you, too, can temporarily become part of the
Internet. There are two main ways to hook up to an on-line service.
There is the cybercouch potato connection that every newbie uses. It requires either a point-to-point (PPP)
or SLIPconnection, which allows you to run pretty pictures with your Web browser. If you got some sort of
packaged software from your ISP, it automatically gives you this sort of connection.
Or you can connect with a terminal emulator to an Internet host. This program may be something as simple
as the Windows 3.1 “Terminal” program under the “Accessories” icon. Once you have dialed in and
connected you are just another terminal on this host machine. It won’t give you pretty pictures. This
connection will be similar to what you get on an old-fashioned BBS. But if you know how to use this kind of
connection, it could even give you root access to that host.
But how is the host computer you use attached to the Internet? It will be running some variety of the Unix
operating system. Since Unix is so easy to adapt to almost any computer, this means that almost any
computer may become an Internet host.
For example, I sometimes enter the Internet through a host which is a Silicon Graphics Indigo computer at
Utah State University. Its Internet address is fantasia.idec.sdl.usu.edu. This is a computer optimized for
computer animation work, but it can also operate as an Internet host. On other occasions the entry point
used may be pegasus.unm.edu, which is an IBM RS 6000 Model 370. This is a computer optimized for
research at the University of New Mexico.
Any computer which can run the necessary software -- which is basically the Unix operating system -- has a
modem, and is tied to an Internet communications link, may become an Internet node. Even a PC may
become an Internet host by running one of the Linux flavors of Unix. After setting it up with Linux you can
arrange with the ISP of your choice to link it permanently to the Internet.
In fact, many ISPs use nothing more than networked PCs running Linux!
As a result, all the computing, data storage, and sending, receiving and forwarding of messages on the
Internet is handled by the millions of computers of many types and owned by countless companies,
educational institutions, governmental entities and even individuals.
Each of these computers has an individual address which enables it to be reached through the Internet if
hooked up to a appropriate communications link. This address may be represented in two ways: as a name
or a number.
The communications links of the Internet are also owned and maintained in the same anarchic fashion as the
hosts. Each owner of an Internet host is responsible for finding and paying for a communications link that
will get that host tied in with at least one other host. Communications links may be as simple as a phone
line, a wireless data link such as cellular digital packet data, or as complicated as a high speed fiber optic
link. As long as the communications link can use TCP/IP or UUCP, it can fit into the Internet.
Thus the net grows with no overall coordination. A new owner of an Internet host need only get permission
to tie into one communications link to one other host. Alternatively, if the provider of the communications
link decides this host is, for example, a haven for spammers, it can cut this “rogue site” off of the Internet.
The rogue site then must snooker some other communications link into tying it into the Internet again.
The way most of these interconnected computers and communications links work is through the common
language of the TCP/IP protocol. Basically, TCP/IP breaks any Internet communication into discrete
"packets." Each packet includes information on how to rout it, error correction, and the addresses of the
sender and recipient. The idea is that if a packet is lost, the sender will know it and resend the packet. Each
packet is then launched into the Internet. This network may automatically choose a route from node to node
for each packet using whatever is available at the time, and reassembles the packets into the complete
message at the computer to which it was addressed.
These packets may follow tortuous routes. For example, one packet may go from a node in Boston to
Amsterdam and back to the US for final destination in Houston, while another packet from the same
message might be routed through Tokyo and Athens, and so on. Usually, however, the communications
links are not nearly so torturous. Communications links may include fiber optics, phone lines and satellites.
The strength of this packet-switched network is that most messages will automatically get through despite
heavy message traffic congestion and many communications links being out of service. The disadvantage is
that messages may simply disappear within the system. It also may be difficult to reach desired computers if
too many communications links are unavailable at the time.
However, all these wonderful features are also profoundly hackable. The Internet is robust enough to
survive -- so its inventors claim -- even nuclear war. Yet it is also so weak that with only a little bit of
instruction, it is possible to learn how to seriously spoof the system (forged email) or even temporarily put
out of commission other people's Internet host computers (flood pinging, for example.)
On the other hand, the headers on the packets that carry hacking commands will give away the account
information from which a hacker is operating. For this reason it is hard to hide perfectly when on the
Internet.
It is this tension between this power and robustness and weakness and potential for confusion that makes
the Internet a hacker playground.
For example, HERE IS YOUR HACKER TIP YOU’VE BEEN WAITING FOR THIS ISSUE:
ftp://ftp.secnet.com
This ftp site was posted on the BUGTRAQ list, which is dedicated to discussion of Unix security holes.
Moderator is Aleph One, who is a genuine Uberhacker. If you want to subscribe to the BUGTRAQ, email
LISTSERV@netspace.org with message “subscribe BUGTRAQ.”

No comments:

Post a Comment

LinkWithin

Related Posts Plugin for WordPress, Blogger...

Popular Posts