As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Hacking tutorials

SpawnbrokerSpawnbroker Registered User regular
edited March 2010 in Help / Advice Forum
So I've been looking to get into hacking, but I am unsure of where to start. Would you guys be able to point me in the right direction? Anything online would be helpful, preferably free. I have programming experience with Java, C++, Prolog, Assembly, BASIC, and Ada.

I would prefer if these tutorials had some way of setting up virtual machines and how to break into those, as I don't want to do anything illegal. I just want to learn how to hack, as I'm interested in getting into the field of network security (eventually). This is something I'd like to do on my own in addition to my course load.

Steam: Spawnbroker
Spawnbroker on

Posts

  • corky842corky842 Registered User regular
    edited March 2010
    I haven't been to the site in years, but http://www.hak5.org/ should still be good.

    corky842 on
  • FantasmaFantasma Registered User regular
    edited March 2010
    If you have not done so, try setting up a machine with different Operating Systems in a multi boot environment. Linux is a good start to download, compile and test utilities.

    You can read about topics such as proxy servers, firewalls, honey pots and such online.

    http://en.wikipedia.org/wiki/Honeypot_(computing)

    http://en.wikipedia.org/wiki/Prorat

    Fantasma on
    Hear my warnings, unbelievers. We have raised altars in this land so that we may sacrifice you to our gods. There is no hope in opposing the inevitable. Put down your arms, unbelievers, and bow before the forces of Chaos!
  • Jimmy KingJimmy King Registered User regular
    edited March 2010
    I would also recommend keeping an eye on reputable security websites and newsletters like http://www.securityfocus.com/. This will let you see what kind of things to look for, I believe sometimes you can get proof of concept code, etc.

    Maybe you can contact someone who works on a FOSS project who could let you work with them on fixing security related issues? I would think that would also give a lot of insight, I just don't know what kind of time the guys doing that sort of stuff for big FOSS apps really have for mentoring in that way.

    Jimmy King on
  • underdonkunderdonk __BANNED USERS regular
    edited March 2010
    If you're serious about this, the course outlined below is WELL worth the ~$700 that you will spend.

    http://www.offensive-security.com/penetration-testing-backtrack-online-training.php

    This is a fantastic course and an excellent way to dabble in offensive security. You'll get a certification out of the gig and get experience in a lab environment actually doing stuff you would otherwise only be reading about. Remember that penetration testing is an incredibly difficult field to get your foot in the door (within the INFOSEC industry) and one that generally takes a lot of time to break into (pun intended). Good luck!

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • DanMachDanMach Registered User regular
    edited March 2010
    Two words: Script Kiddie.

    You can't "learn to hack", you can learn the systems, programming languages, OS's, programs, etc etc... then you can read up on common attacks(Buffer overflows, crosssite scripting exploits, spoofing, blah blah blah), then YOU can put all the knowledge together.

    If you have to read how to do a specific attack, you are a script kiddie. If you want to be good at it, and do it for useful reasons, you 100% must absolutely learn how to program. Thats all hacking REALLY is.

    You decipher a programs methology for doing something(say the memory buffer it uses for storing a picture). You then determine if that buffer is exploitable, can you overflow it? Can you insert code into it and have another exploitable part point to it? Is the buffer marked as non executable? Can you unmark it?

    Hacking isn't how it seems on TV. It is incredibly tedious, highly creative, and insanely logical style of work.

    As a quick tutorial to get your feet wet:

    Lets say theres a program that takes the input of a text file. It reads the text file, and then sends it off to another computer. Thats it. Heres the psuedo code:

    int buffer[9000] ; Create an area of memory 9000 bytes long to store numbers.
    buffer[] = openfile(file.txt) ; Fill that memory area with the file.txt
    Socket = opensocket() ; Requests the system open a socket, the system returns the socket #
    for i = 0 to 8999 ; For loop
    WriteSocket(Socket, buffer) ; Writes the data to the socket using the buffer
    next i



    Thats it basically. In order to exploit this you would have to decompile the program and you'd get it all in assembly probably. No variable names, just randomly assigned ones. You could then notice that the buffer says its only 9000 long. So you change the file.txt to some very specific mumbo jumbo.. then you read the memory the program runs in, locate where the buffer is, and local how far from that buffer in memory is the executing code of "WriteSocket", you could fill the buffer with so much data that it fills the buffers, and then pushes beyond its memory boundrys into the WriteSocket area(which is code to be executed), then replace the write socket with "Run code at this memory location, minus 9530 bytes". It will go back to the start of the buffer, which you filled with the program you want to run.

    And wham. You just exploited a simple file sending program to run whatever code you want. Which would allow you to, for example, create a new user ID with root priviliges. Thus giving you full control.

    Or you could have it download a program off the internet and install it, giving you trojan control over it.

    the thing is that every system is different, every program is different, and you have to take all of that into account.

    DanMach on
  • underdonkunderdonk __BANNED USERS regular
    edited March 2010
    The above is one of the reasons why I always recommend OSCP course to someone looking to get into the field - it really emphasizes the programming aspect and is 100% lab based so you get hands-on experience doing exactly what you're talking about. Plus, you're only spending about $700 and a couple of weeks time to figure out if it really is for you... or if you should go a different direction.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • JasconiusJasconius sword criminal mad onlineRegistered User regular
    edited March 2010
    Yeah. There is a skewed public perception of what hacking is.

    Most people think of 14 year old kids from Scandinavia with IV's full of some green soda shit, but in reality, hacking is a laborious, exhaustive process that requires deep technical knowledge of your target, and, in black hat, knowing how to not get caught.

    The script kiddie brand of "hacking" is taking an exploit that someone with actual skills discovered, and reproducing it.

    See: metasploit.

    Jasconius on
  • mrcheesypantsmrcheesypants Registered User regular
    edited March 2010
    DanMach basically has it nailed down. Basically non-script kiddie cracking is just over glorified software testing. The only difference is that instead of fixing the bug, you exploit it. Look into XSS attacks, SQL Injection and buffer overflow. Those are the big three.

    Personally, I think that every programmer should learn some cracking. It makes you paranoid about writing your routines.

    mrcheesypants on
    Diamond Code: 2706 8089 2710
    Oh god. When I was younger, me and my friends wanted to burn the Harry Potter books.

    Then I moved to Georgia.
  • JasconiusJasconius sword criminal mad onlineRegistered User regular
    edited March 2010
    Don't forget good old fashioned rainbow table exploits against things like Windows Authentication prompts.

    You can sniff out the authentication dialog network packets with the right tool, which in certain configurations delivers the expected password in hash format, and you can with the computing power available these days it's not impossible to brute force it.

    There ain't nothing wrong with brute forcing as a "valid" means of hacking and you'd be surprised how many sites do not restrict login attempts at all.

    Writing an app that compiles a SHA-256 dictionary (with certain limiting parameters so your harddrive doesn't explode) and launching it against a fake login is a pretty innocent thing to do... bonus points for then proofing your login against the attack. That way you learn something noble.

    Jasconius on
  • SpawnbrokerSpawnbroker Registered User regular
    edited March 2010
    Thanks guys, I know where to start now :)

    Spawnbroker on
    Steam: Spawnbroker
  • GothicLargoGothicLargo Registered User regular
    edited March 2010
    Thanks guys, I know where to start now :)

    I very highly doubt that. The first most important quality in investigation is acknowledging that ultimately you nothing and then taking stock of what you do know for certain.

    The vast majority of hacks (IMO) come from people who were given a task to do one way, in a way that was counterintuitive or annoying or time consuming, and so they kept looking for ways to cut corners and make that task less onerous then it was until at some point they realized... "wow, I could really use this for other stuff...".

    Or very, very occasionally, someone whistles while on a phone call and is totally surprised when they get a dial tone.

    GothicLargo on
    atfc.jpg
  • BuddiesBuddies Registered User regular
    edited March 2010
    Thanks guys, I know where to start now :)

    I very highly doubt that. The first most important quality in investigation is acknowledging that ultimately you nothing and then taking stock of what you do know for certain.

    The vast majority of hacks (IMO) come from people who were given a task to do one way, in a way that was counterintuitive or annoying or time consuming, and so they kept looking for ways to cut corners and make that task less onerous then it was until at some point they realized... "wow, I could really use this for other stuff...".

    Or very, very occasionally, someone whistles while on a phone call and is totally surprised when they get a dial tone.

    Don't forget calling up your users and asking what their password is or reading it off the sticky-note attatched to their monitor.

    Buddies on
  • GothicLargoGothicLargo Registered User regular
    edited March 2010
    Buddies wrote: »
    Don't forget calling up your users and asking what their password is or reading it off the sticky-note attatched to their monitor.

    Social engineering is not hacking.

    GothicLargo on
    atfc.jpg
  • underdonkunderdonk __BANNED USERS regular
    edited March 2010
    Buddies wrote: »
    Don't forget calling up your users and asking what their password is or reading it off the sticky-note attatched to their monitor.

    Social engineering is not hacking.

    You're right, but it's usually much more effective and easier to pull off, and the end result is often the same.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • FantasmaFantasma Registered User regular
    edited March 2010
    Actually, according to Kevin Mitnick, Social Engineering is hacking.

    http://en.wikipedia.org/wiki/Kevin_Mitnick

    Fantasma on
    Hear my warnings, unbelievers. We have raised altars in this land so that we may sacrifice you to our gods. There is no hope in opposing the inevitable. Put down your arms, unbelievers, and bow before the forces of Chaos!
  • SpawnbrokerSpawnbroker Registered User regular
    edited March 2010
    Thanks guys, I know where to start now :)

    I very highly doubt that. The first most important quality in investigation is acknowledging that ultimately you nothing and then taking stock of what you do know for certain.

    The vast majority of hacks (IMO) come from people who were given a task to do one way, in a way that was counterintuitive or annoying or time consuming, and so they kept looking for ways to cut corners and make that task less onerous then it was until at some point they realized... "wow, I could really use this for other stuff...".

    Or very, very occasionally, someone whistles while on a phone call and is totally surprised when they get a dial tone.

    Okay I think this thread is done. I don't need derision every time I say something. I asked for advice on where to begin, and almost every response in this thread so far has been "well, you just need to start from scratch and asking for help from us is part of the problem"

    Get off your high horse guys, and thanks for those of you that posted something constructive.

    I don't need lectures on how much I don't know, I needed help on where to start.

    Spawnbroker on
    Steam: Spawnbroker
  • JasconiusJasconius sword criminal mad onlineRegistered User regular
    edited March 2010
    Fantasma wrote: »
    Actually, according to Kevin Mitnick, Social Engineering is hacking.

    http://en.wikipedia.org/wiki/Kevin_Mitnick

    That's because Kevin Mitnick owns a company that makes money off of consulting in defense of things like social engineering.

    So of course he's going to say it's hacking.



    Social engineering is corporate espionage. It is not any sort of defeat of software itself.

    Jasconius on
  • TomantaTomanta Registered User regular
    edited March 2010
    Jasconius wrote: »
    Fantasma wrote: »
    Actually, according to Kevin Mitnick, Social Engineering is hacking.

    http://en.wikipedia.org/wiki/Kevin_Mitnick

    That's because Kevin Mitnick owns a company that makes money off of consulting in defense of things like social engineering.

    So of course he's going to say it's hacking.

    Social engineering is corporate espionage. It is not any sort of defeat of software itself.

    That being said, social engineering is a component in penetration testing.

    Tomanta on
  • TubeTube Registered User admin
    edited March 2010
    You got some good advice and I'm locking this before anyone says anything stupid. Some people already have said stupid things, but I'm ignoring them because I just found a potato in my fridge that looks like it's smiling.

    Tube on
This discussion has been closed.