Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works.
What are Hackers?
Technically, a hacker is someone who is enthusiastic about computer programming and all things relating to the technical workings of a computer. Under such a definition, I would gladly brand myself a hacker. However, most people understand a hacker to be what is more accurately known as a 'cracker'
What are Crackers?
Crackers are people who try to gain unauthorized access to computers. This is normally done through the use of a 'backdoor' program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking software, which tries billions of passwords to find the correct one for accessing a computer.
What damage can a Hacker do?
This depends upon what backdoor program(s) are hiding on your PC. Different programs can do different amounts of damage. However, most allow a hacker to smuggle another program onto your PC. This means that if a hacker can't do something using the backdoor program, he can easily put something else onto your computer that can. Hackers can see everything you are doing, and can access any file on your disk. Hackers can write new files, delete files, edit files, and do practically anything to a file that could be done to a file. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information
How do Hackers hack?
There are many ways in which a hacker can hack. Some are as follows –
- ICMP Ping
NetBIOS hacks are the worst kind, since they don't require you to have any hidden backdoor program running on your computer. This kind of hack exploits a bug in Windows 9x. NetBIOS is meant to be used on local area networks, so machines on that network can share information. Unfortunately, the bug is that NetBIOS can also be used across the Internet - so a hacker can access your machine remotely.
ICMP ‘Ping’ (Internet Control Message Protocol)
ICMP is one of the main protocols that make the Internet work. It standards for Internet Control Message Protocol. 'Ping' is one of the commands that can be sent to a computer using ICMP. Ordinarily, a computer would respond to this ping, telling the sender that the computer does exist. This is all pings are meant to do. Pings may seem harmless enough, but a large number of pings can make a Denial-of-Service attack, which overloads a computer. Also, hackers can use pings to see if a computer exists and does not have a firewall (firewalls can block pings). If a computer responds to a ping, then the hacker could then launch a more serious form of attack against a computer.
FTP (File Transfer Protocol)
FTP is a standard Internet protocol, standing for File Transfer Protocol. You may use it for file downloads from some websites. If you have a web page of your own, you may use FTP to upload it from your home computer to the web server. However, FTP can also be used by some hackers... FTP normally requires some form of authentication for access to private files, or for writing to files
FTP backdoor programs, such as-
- Doly Trojan
- Blade Runner
simply turn your computer into an FTP server, without any authentication.
This is a problem specific to Linux and Unix. The problem is the infamous unchecked buffer overflow problem. This is where a fixed amount of memory is set aside for storage of data. If data is received that is larger than this buffer, the program should truncate the data or send back an error, or at least do something other than ignore the problem. Unfortunately, the data overflows the memory that has been allocated to it, and the data is written into parts of memory it shouldn't be in. This can cause crashes of various different kinds. However, a skilled hacker could write bits of program code into memory that may be executed to perform the hacker's evil deeds.
HTTP – HTTP stands for HyperText Transfer Protocol..
HTTP hacks can only be harmful if you are using Microsoft web server software, such as Personal Web Server. There is a bug in this software called an 'unchecked buffer overflow'. If a user makes a request for a file on the web server with a very long name, part of the request gets written into parts of memory that contain active program code. A malicious user could use this to run any program they want on the server.
Where and how to start Hacking
After you get yourself a good scanner, scan some prefixes and find some cool dialups, then do the following:
- From your terminal, dial the number you found.
- You will hear a series of Beeps. (Telling you that you are connecting to a remote computer.
- After few seconds you will hear something like “CONNECT 9600”.
- It then identifies the system you are on.
- If nothing happens after it says “CONNECT 9600” try hitting ENTER a number of times.
- If you get a bunch of garbage adjust your parity, data bits, stop bits etc. until it becomes clear.
- Now when you get connected to the server you can apply either of the above mentioned methods.
The TELNET way
- Get your local dialups.
- Then you dial the number from your terminal & connect.
- Press Enter and wait for a few seconds.
- Then it will say “Terminal =”.
- Type your terminal emulation.
- If you don’t know what it is hit ENTER.
- It will give you a prompt @.
- Type ‘c’(connects to the host)
- Type NAU (Network user address) that you want to connect.
- Find out the type of system you are on UNIX, VAX/VSM, PRIME.
Here is a list of some Telenet commands and their functions.
- c Connect to a host.
- stat Shows network port.
- Full Network echo.
- half Terminal echo.
- Telemail Mail. (need ID and password)
- mail Mail. (need ID and password)
- set Select PAD parameters
- cont Continue.
- d Disconnect.
- hangup Hangs up.
- access Telenet account. (ID and password)
Anup Gaurav is a student of computer engg., questing for knowledge in computer science right from his childhood. Presently working on threats to computer such as Hacking and Viruses, he feels that computer systems are not at all secure and its easy to penetrate into even the highly secured systems just with a little effort and computer mind. He can be contacted at firstname.lastname@example.org.