Basic learning: Finding bugs. =============================================== Version: 1.0 Date: 2003-09-16 Written by: anonymous@warindustries.com feedback: postmaster@warindustries.com or http://forums.warindustries.com/ url: http://www.warindustries.com =============================================== This document is aimed for people who wants some insight into the cyberworld. Hacking explained, basic tricks,spot vulnerabilities, how to avoid beeing hacked, +alot of other useful stuff. This article assumes you have no knowledge whatsoever of Unix/Linux systems, networking/coding and is for educational purposes only. In short, this is for people who wants an overview, and is written in a way to make people without a clue understand. I see alot of text documents, aged, 3 years old stuff that still hangs around and people read it, then go on and try for themselves. Often with this old stuff they end up scratching their heads, thinking why doesn't it work. Well it's just because of that, systems change, so does the security. Anyway enough of the intro, let's begin :) =============================================== This document will cover: 1:1 Internet overview & Analogy 1:2 Packets & Analogy 1:3 Rules & Viewpoints 1:4 Services & Vulnerabilities 1:5 Security holes. 1:6 Requirements 1:1 You might be asking yourself alot of questions, like what exactly do you need to know in order to hack, discover a vulnerability, and the other million things you would want to do. To make any kind of sense you need to understand what we're doing. Internet is like a virtual universe and each planet is a computer, at home, ISP, server, or something else. Small packages are sent 24/7 everywhere on the Internet, these packages are sent and received when you do something, like check your email for example, browse a website or turn on icq. Now imagine for a second that you could run around out there in the virtual universe and steal, intercept, or copy any packet you want and open it. 1:2 I will try to be as simple as possible, but you have todo the thinking that way you will test yourself. If you build up a picture in your mind, you will understand all of this alot easier. Let's say you are checking your email, you click "inbox", and the new mails are downloaded to your computer. Now imagine I intercepted all the packages that was sent from your computer to your mailserver, and before your packets reaches the server, I re-send them from my computer and voila your email is heading my way. In theory this sounds easy right? Well, not exactly. It's not even a 'generic' hack, but in theory it does work. Part of this is to make you understand just how vulnerable the Internet is. Sure you can download ZoneAlarm and play around as much as you like, see all those IP numbers popup from people that scan large networks, but are you really sure it makes any difference down the long road? Software firewalls are in general crap, what you would need is a gateway/hardware firewall. Always remember, it's only data beeing sent, if you have the power to send data, and fake it's sender you can do alot! 1:3 Remember that using someone else's tools is not very appreciated if you want to be taken serious. It's no sport just running someones executeable and enter a ip/port, you want to make your own tools and figure out the tricks. When learning it's important that you have the correct view of things, just as I explained before with a simple analogy. In this world, the world of security & hacking, problems are not problems, they're challenges, and most of them require alot of patience. Do you have patience? Okay then, let's continue :) 1:4 What makes a computer vulnerable? Well first of all when you plug the Internet cable in you're vulnerable, to make some sense here I will talk about services. What is a service? A service is a process, that does exactly what it's called, it offers a service. Take a FTP server for example, it lets you share files and create accounts for other people to download, it's a service. These services usually opens a door to your computer, in order to work. When you share a map on a local network in windows, a door is opened to send and receive data. This for one is what make systems vulnerable. Now remember, a service does not necessarily need to be a 'server' application. Take Half-Life for example a very popular game, not a service according to the general idea, but lets choose it as an example. When you start Half-Life and connect to a server, again doors are opened and data is sent/received. Doors are reffered to in network terms as 'ports' , remember that because from now on I will use the real term. 1:5 There are a billion types of hacking, but one of the basic tricks is to learn to exploit services, to be simple here, you find a 'hole' in a service, then use it against the target computer. Someone playing Half-Life could be a victim of many. Usually the exploits that people play with, are made by someone else, and are available to download for anyone, these exploits probably won't work, or not work long because the makers of the exploited service will fix the vulnerability. That is why 'script-kiddies' often fail :) - the term reffers to kids, using exploits made by others. This is not the idea of real hacking. 1:6 In order to find a bug, then make a simple application to 'exploit' the bug you found, you will need some coding practice, you need to know how to send/receive data, you need to know abit about sockets, udp/tcp. You could go the easy way, unless ofcourse you want to code something for Unix in .C, but personally I would not recommend that as a start unless you're geared with C-learning books. In the next issue of this document I will use visual basic 'cough', and guide you through your first exploit. Hopefully this language will be easier for you to understand in the beginning before you take on big cheese. In future versions I will guide you through perl/C in a unix/linux environment to assemble an exploit, but like everyone else you have to start somewhere. ================================================================================ Unlike many other texts that teaches you to use one exploit, I think it would be more appealing for people to get a more indepth view, and finally beeing able to create a simple exploit on their own. Starting from absolute scratch to make you understand easier. If I give you the hammer, you can use it to build your own stuff, that is the purpose in the endgame, the hammer beeing the basic knowledge. I hope you will enjoy these texts, I will try to make one each week, feel free to publish them on your website if you want, it's all ok as long as you don't rip me off :) - if you want to send feedback or ask questions, or just flame me for trying to teach people that can't be arsed to learn on their own, feel free todo so, I will try to answer as many mails as possible when I have the time ;-) I also work on other documents at the moment, unix/linux stuff, kernel security, daemon research for vulnerabilities. ================================================================================ Next week: Step by step, find a bug/wormhole in a service>create a tool to exploit the bug. Note, these lessons will come with 2 executeables in the end, I will let you compile the stuff so that you can be sure I didn't screw around with the code :-) , you will need a visual basic compiler. You could just look at the code, but not compile it. Anyway, one will be the service, the other beeing the exploit. Your assignment will be to find a bug in the created service and exploit it. ---------------------------------------------------------------------------------------------------------------------------------------------- (c) warindustries.com 2003 - To be continued. check by every week for updates and followups. ----------------------------------------------------------------------------------------------------------------------------------------------