Basic learning: Final step =============================================== Version: 1.4 Date: 2003-10-31 Written by: anonymous@warindustries.com feedback: postmaster@warindustries.com or http://forums.warindustries.com/ url: http://www.warindustries.com =============================================== Document series Part1 - Basic Learning: Finding bugs Part2 - Basic Learning: Socketfunc Part3 - Basic Learning: Common techniques Part4 - Basic Learning: Tricks & Code Part5 - Basic Learning: Final step This is the last 'basic' document we will publish. With those 5 documents you will have enough knowledge to read our coming documents which will be slightly bit more complicated and instead focused on specific security related areas such as, coding remote exploits, disassemble applications in order to find bugs, and alot more. We hope that the 5 documents has been a good startup help for all the people that are new to computer security, internet communication, and so on. We are also working on a new project where we make simple guides with screenshots covering, Installing linux guides, packetsniffing guides, linux common configuration guides, useful utilities, researching bugs... Along with these we will be researching popular software with very detailed documentation where we find security holes and bugs, we hope you will enjoy our hard work as much as we do. Keep checking back at the website for more goodies! Introduction Sometimes you have to use your imagination in order to succeed, that goes not only for hacking but everything. We are already in the works of making realistic AI, the informative age, instead of interacting physically we now interact through tools. A computer can be a good friend, they never argue, and hopefully or most of the time do what you tell them to. There are a vast amount of Sattelites helping us persuade world wide communication. The society has gone into a state where it is and will become more vulnerable, what would we do if internet crashed? 20 years ago nothing would happend, today hell and chaos would break loose. We are so dependant of virtuality. Quote unknown author: Anything the mind of man can make, the mind of man can break [/Quote] You have probably seen on the news, (Teen) charged with bank hacking/abuse. Many people think, what a moron right, hack a bank and get caught. What you don't notice is the big percentage of bank hacks that never gets solved or even noticed. Quite a interesting thought, imagine a worm in a modern day bank system eating 1 cent of 100.000 random accounts each month, it's in the system, unnoticed. Imagine that within a random system like the lottery there is a pattern, fiction or reality? To be honest, there is today a very fine line between the two expressions. Some people say anything is possible, others are skeptical. Remember that, on the internet it's nothing more than data beeing sent between & , bank or not, encrypted data or not, it's still information beeing sent regardless of from where and what kind. Let's say I login to my internet bank, and I transfer 500 bucks to a friend, from the ground up it is 1's and 0's beeing processed, it is a command with data in it that tells the other bank that his funds has raised by 500, and mine has dropped. More advanced or not, bottom line is, it's only data. In fact, most of the money today does not exist, it exists only as numbers on harddrives, not hard material. If the various governments around the world would print out all the money that exists only as numbers we would probably run out of paper :) - Who knows, maybe someday we wont even use money as in papers, only cards such as credit cards or debit cards to pay, where we wont need any hard material, it is simply numbers beeing shifted around, in virtuality, it does not exist as hard material. Many people choose to educate themselves within this sort of area because they're afraid. The fact of the matter is that a large percent does not trust the internet, nor computers, and they shouldn't. Smart people should start learning this kind of stuff right now, not because they want to be criminals but because they want to be secure and feel safe. Remember that real power lies in what you know, not what you defeat. Software today are climbing a neverending ladder, the viruses gets smarter, after that happends the antivirus software gets better, and it goes on and on into eternity. There are and will come viruses with extreme sophistication, there are already a big amount of worms that shuts down running antivirus software when it attacks your computer, worms that has no pure origin but lives and spreads on the internet. A package of code that updates itself with new code when it needs to. A popular type of virus is the one that attaches itself to a file and then spreads around, but that is a bit outdated. The new better ones spreads through security holes, meaning they go straight into your memory, from there it has the power todo mostly anything. 1:1 Protection 1:2 WLAN / technology / dreams - warchalking 1:3 Proxies / Wingates / Stealth 1:4 Telnet Stuff 1:5 Unix/Linux stuff 1: 6 End game 1:1 Protection When it comes to protection the only way to know for sure that you are 100% safe is to pull the plug, cause even though you got the most paranoid, sophisticated and complicated security solution, firewall and whatnot you're still not safe. FBI, NSA, NASA, Pentagon gets hacked, well... you don't believe those guys has THE security of all security? Trust me they do, and they still get hacked, now go figure. There are ways to make it harder for hackers, and for you to become less vulnerable, but as long as you're connected you're always vulnerable, keep that in mind as a general rule. Some steps to follow, this affects mainly Windowx XP / 2000 users. Choose my computer, select [manage] from the right-click menu, now you should have a new window on your screen called Computer management or something similar. You can make a few selections from the list to the right, if you look at the bottom you should see something called "Services & Applications" or similar, it might not be at the bottom on your computer but somewhere in that list, select it, then select services in the new menu. Now you should have a long list in the window to the right, this is the list of all built-in services in your operating system, and the ones that are launched, you can from here disable or remove services. Note, in the previous documents I have mentioned services as beeing one of the largest security risks, so it is important for you to shut down the risky ones that you have running. Not all of the listed services are internet/communication based, some are just other functions in windows. For each service there is a description, if you think it is too vague you can do a search on google for example, there are also lists of all the services you don't need, that you can disable without loosing an important function in windows. Make sure you don't disable something that is required :) Spyware is very common these days, well both spy/adware. They usually comes through websites, activex controls, spam emails, some comes through widely spread software such as Gamespy Arcade or The all seeing eye, they're paid to bundle the stuff with the installation, not hidden but most people click through those setups too fast to read them. It is very easy to detect spyware with a packetsniffer, in fact you could detect all the fishy activity on your computer with one. Something to try here is shutdown all inet applications such as icq, msn, webbrowser, ftp, p2p, all software that uses the net, then launch a packetsniffer such as 'Iris' , start sniffing and see if there is any traffic, if there is...chances are that there might be hidden programs communicating on the net from your computer, this could be trojans, spyware, etc. You can then use a program called 'fport' to eliminate those programs, you need to check what ports you have open once you have no inet programs running. Iris network analyzer: http://www.warindustries.com/html/?p=3 [Packetsniffer section] fport: http://www.warindustries.com/html/?p=3 [Security section] When you penetrate a computer system you don't always leave tracks behind. If for example you get into the system by using a buffer overflow, executing code remotely in the memory will not be logged, unless the victim has a very sophisticated memory tracking application running. Once you're in the remote system, either by a trojan, remote shell or whatever method you're using here's some stuff to think about. Keep in mind that everytime a file is changed, modified somehow or deleted it will be logged. In windows you can search through the entire system for changes made to files, recent changes, new files, and so on. In linux depending if logging is activated which it is by default you can be pretty sure the remote machine is logging shell commands, program startups, normal system related stuff. Many people occasionally checks if there is any suspicius files listed in the autostart in their system, the register in windows is a very popular spot to place trojans in autostart. Usually the trojans will create an autostart entry for itself so that it is always running once you reboot your computer, incase you didn't know here are a few locations in the windows register you can look up: Using (regedit) [HKEY_LOCAL_MACHINE] >> [SOFTWARE] >> [Microsoft] >> [Windows] >> [CurrentVersion] >> [RUN] [HKEY_CURRENT_USER] >> [SOFTWARE] >> [Microsoft] >> [Windows] >> [CurrentVersion] >> [RUN] Those locations may variate depending on what Windows you're running, XP/2000/NT/ME etc. There are entrys with pathnames to exefiles, telling the system what files to launch at startup. There are also a few locations in inifiles such as: C:\Windows\win.ini C:\Winnt\win.ini Entries in those files may be called (load=) or (run=). 1:2 WLAN / technology / dreams - 'warchalking' Have you seen the old movie 'hackers' ? Any person with some knowledge would say that it's lame, the way they made it with the graphics, effects, and other bullshit that was supposed to represent 'real' hacking. Well, they did at one part in the movie connect to remote location(s) through payphones at the subway station, today you can do similar stuff only much cooler. You might have heard of it before, warchalking, wardriving, or other similar terms, what does it mean? It means hacking wireless networks and marking the spot that you can use to gain access, (parking lot, wall, etc) in order to use them to surf, steal bandwidth or listen to what large companys are doing. Imagine having your laptop with you and 5 hours battery lifetime, you decide to drive downtown and scan for wireless networks, let's say you find a few access points, make your way in, now you have free internet, you're totally anonymous. From here you can do whatever you want, sniff the companys network, hack other stuff, whatever you choose it will look like it came from the company who's security you compromised. So how does this work? It's not really that hard, all you need is a laptop, with a wireless network card, and some tools that scans for access points, some other tools to break possible security. You may stumble upon a open network though. You may also need to empower the signals with a stronger type of antenna. Here are some tools and websites you can look into: Scanners: Kismet: Sniffer and monitor, - http://kismetwireless.net/ Netstumbler: Searches for access points - http://www.netstumbler.com/ Crackers: AirSnort: Encryption cracker. - http://airsnort.shmoo.com/ In short, requirement: Laptop with wireless networkcard, example: Asus WL-100 IEEE 802.11b 11Mbit PCMCIA Any laptop with pcmcia card support will do. Some of the tools I mentioned, note there are more tools, some which uses brute force when trying password authentication, but if you can find one you can find them all, use google. preferably solution with stronger antenna to gain more range. 802.11b wireless lans runs on a 2.4GHz radio frequency, any 2.4GHz radio device could have major impact on the stability of the WLAN itself. Some antenna solutions: http://shop.netstumbler.com/customer/product.php?productid=61 I think that pretty much sums the basic stuff up, you know enough to go out there and try on your own. Just read up on some of the tool documentation(s). 1:3 Proxies / Wingates / Stealth A proxy server is a forwarding type of server. A (http)-proxy let's you browse through the proxy so that each website you visit will think you are coming from the proxy hostname, not from your own. This is very useful when you want to be anonymous, or pull a nasty trick on someone. A wingate is more like a full featuted gateway that lets you use all kinds of protocols like, irc, ftp, http, etc. It does work just like the regular http proxy only it supports a bit more. There are other forms of forwarding servers such as (Socks) type, which you could use for irc. Usually the application you want connecting through a proxy has built in settings where you can specity the proxy hostname and port. Do not trust public proxy servers, if you scan ranges for specific proxys/wingates/forwarders on a certain port like (1080) which socks uses you will probably end up with a useable proxy, but you'll never know if it logs or not. Safest thing todo is to hack someone, make you're own program, forwarder, whatever and hack from there, or simply clean up after you have been into someones system. There are certain log cleaners, both unix/win related, that for example lets you change file creation dates, remove possible log files and entries. Applications such as wingate also has DHCP feature, if you want to run a Win32 box as dhcp wingate is a good choice. You can set it to share ip adresses on your local LAN and then let all your boxes connect to internet, given you have one box connected with two network cards in it. Just be careful so that other people does not use it as a anonymoity proxy :) People will say use a proxy dude, well yes but don't use a public proxy even though it is located in Afghanistan, it might log and that could mean bust for you. Personally I don't bother with proxies that much, if you're very focused on doing a specific hack, do it right and delete possible tracks. Here is a url with proxy listings etc, if you want to try: http://tools.rosinstrument.com/proxy/ 1:4 Telnet Stuff I have seen endless amounts of 'Guide to hack with telnet', 'Hacking with telnet' , and so on. For the new people this is very deceptive, 'telnet' is not a hacking tool, never was, never will be. Telnet is simply a application that lets you connect to remote workstations such as Unix/Linux shell accounts. It is ONLY a program that sends/receives data and commands. When you connect to a linux box, if the box has telnet service enabled you can login to it with 'telnet' and admin it, or work with it, once you login it will be like sitting locally in front of the box using a console, from here you can code, execute, or do whatever you want, but telnet itself is not a hacking tool. The difference between working remotely with telnet on a linux box and sitting in front of it is not that big if you use console on both ends, you can't however run a X-server over telnet (X-server is the *nix graphical window management application). Anyway I just wanted to make that clear, telnet itself is NOT a hacking tool, however if you have an account on a linux/unix box or another type of remote workstation you can use telnet to connect to it and send commands, admin it, and so on. 1:5 Unix/Linux stuff. We have received alot of requests to dig more into unix/linux, make lists of commands etc, but that sort of stuff is just too much to cover. Even if we wrote down long lists of commands it would be hard for the new user to grasp, instead we decided to make a few guides and make screenshots from *nix environment with explination for each one of those, and post it in a separate section of the website, maybe this will inspire some more people to get *nix aswell. A brief installation guide covering how to install Slackware are in the works, various other linux guides are in the works aswell, what tools can be good to have, how to use them, what effect they have and all will be documented with screenshots. 1: 6 End game This is the last 'Basic Hacking' document, from here it will go on to more advanced ground. We will be publishing lots of code, examples, and other stuff for you to try/follow. The basics you already know now if you read Part 1 to 5, hopefully you understand them aswell. As of now, we have compiled a little todo list: C -Coding guide, the basics. IRC sessions for newbies, where they can ask questions. Installing linux, with screenshots & documentation. Screenshots & more *nix guides, covering 'hacking' in general. A guide where we exploit a vulnerable server in windows, with code & explination. All this with the coming days/weeks. Hope you're looking forward to it as much as we do :-) We will dedciate a part of the website to making detailed guides with screenshots and easy explinations. We are also in the works of publushing a bit more advanced series of hacking/security related documents and tutorials where we will discuss/talk about specific areas such as Buffer Overflows, how to execute them and write proper code for remote penetration. You can chat with us on irc, we're normally there 24/7 ;) Any client will do, I guess most Win32 users will be using mirc (www.mirc.com) , Server adress: irc.warindustries.com Channel: #warindustries Be sure to check www.warindustries.com for updates, we will launch the new section of the website within a few days.