Hacker's Adda

FOOTPRINTING

What Is Footprinting?

Footprinting is the first and most convenient way that hackers use to gather
information
about computer systems and the companies they belong to. The purpose of
footprinting to
learn as much as you can about a system, it's remote access capabilities, its
ports and
services, and the aspects of its security.

In order to perform a successful hack on a system, it is best to know as much as
you can,
if not everything, about that system. While there is nary a company in the world
that
isn't aware of hackers, most companies are now hiring hackers to protect their
systems.
And since footprinting can be used to attack a system, it can also be used to
protect it.
If you can find anything out about a system, the company that owns that system,
with the
right personell, can find out anything they want about you.

In this talk, I will explain what the many functions of footprinting are and what
they do.
I'll also footprint everyone's favorite website, just to see how much info we can
get on
Grifter.

Open Source Footprinting

Open Source Footprinting is the easiest and safest way to go about finding
information
about a company. Information that is available to the public, such as phone
numbers,
addresses, etc. Performing whois requests, searching through DNS tables, and
scanning
certain IP addresses for open ports, are other forms of open source footprinting.
Most
of this information is fairly easy to get, and getting it is legal, legal is
always good.

Most companies post a shit load of information about themselves on their website.
A lot
of this information can be very useful to hackers and the companies don't even
realize it.
It may also be helpful to skim through the webpage's HTML source to look for
comments.
Comments in HTML code are the equivalent to the small captions under the pictures
in high
school science books. Some comments found in the HTML can hold small tid-bits of
info
about the company, otherwise not found anywhere else.

Network Enumeration

Network Enumeration is the process of identifying domain names and associated
networks.
The process is performing various queries on the many whois databases found on the
internet. The result is the hacker now having the information needed to attack
the system
they are learning about. Companie's domain names are listed with registrars, and
the
hacker would simply query the registrar to obtain the information they are looking
for.
The hacker simply needs to know which registrar the company is listed with. There
are
five types of queries which are as follows:

Registrar Query : This query gives information on potential domains matching
the
target.
Organizational Query: This is searching a specific registrar to obtain all
instances of the target's name. The results show many different domains
associated
with the company.

Domain Query: A domain query is based off of results found in an
organizational
query. Using a domain query, you could find the company's address, domain
name,
administrator and his/her phone number, and the system's domain servers.
The
administrative contact could be very useful to a hacker as it provides a
purpose
for a wardialer. This is also where social engineering comes into play.
But
that's a talk for another time. Many administrators now post false phone
numbers
to protect themselves from this.
Network Query: The fourth method one could use the American Registry for
Internet
Numbers is to discover certain blocks owned by a company. It's good to use
a
broad search here, as well as in the registrar query.
POC Query: This query finds the many IP adresses a machine may have.

DNS Interrogation

After gathering the information needed using the above techniques, a hacker would
begin to
query the DNS. A common problem with system adminstrators is allowing untrusted,
or worse,

unknown users, to perform a DNS Zone Transfer. Many freeware tools can be found
on the
internet and can be used to perform DNS interrogation. Tools such as nslookup,
for PC, and
AGnet Tools, for Mac, are some common programs used for this.
Other Helpful Techniques Used In Footprinting
Ping Sweep: Ping a range of IP addresses to find out which machines are
awake.
TCP Scans: Scan ports on machines to see which services are offered. TCP
scans
can be performed by scanning a single port on a range of IPs, or by scanning
a
range of ports on a single IP. Both techniques yeild helpful information.
UDP Scans: Send garbage UDP packets to a desired port. I normally don't
perform
UDP scans a whole lot because most machines respond with an ICMP 'port
unreachable'
message. Meaning that no service is available.
OS Indentification: This involves sending illegal ICMP or TCP packets to a
machine.
The machine responds with unique invalid inputs and allows the hacker to find out
what the
target machine is running.
Let's Try It!
Ok, I've explained as best I can what the functions of footprinting are. Now
we're going
to actually use them. Let's footprint 2600slc.org to find out as much as we can
about
Grifter. Keep in mind that I am using a mac and I don't know the necessary tools
to use
on a PC when footprinting. For all the procedures listed below, I will be using a
utility
known as AGnet Tools version 2.5.1. This application allows you to use all of the
basic
funtions of footprinting in one easy to use program. I know there are other
security
auditing tools for the mac out there which offer more functions, but AGnet is the
most
user friendly program I can find.
Now, just by looking at the website, we know where the 2600 meetings are held and
at what
time. This information really isn't useful right now because you obviously
managed to find
your way here. Good for you. We find that Grifter also runs staticdischarge.org,
and by
going further into the website, we find that Grifter has three main email contacts
which
are:


Ok, we have Grifter's three emails which we will use later. But for now, let's
get some
information on 2600slc.org. We type in 2600slc.org into the prompt of the Name
Lookup
window in AGnet tools, and our result is this IP address: **.**.**.**

But wait, just out of curiosity, what is the IP of staticdischarge.org? We type
the domain
into the Name Lookup prompt and we are given the same IP. We can safely say that
2600slc.org and staticdischarge.org are hosted on the same box. But if I were to
do a
reverse name lookup on the IP, which domain will come up? 2600slc.org or
taticdischarge.org? Neither, the result is linuxninjas.org. Ah ha! So
linuxninjas.org
is the name of the box hosting 2600slc.org and staticdischarge.org. Neat!
So now that we have the IP, let's check to see if linuxninjas is awake. We type
the IP
into the prompt in the Ping window. We'll set the interval between packets to 1
millisecond. We'll set the number of seconds to wait until a ping times out to 5.
We'll
set the ping size to 500 bytes and we'll send ten pings.
Ten packets sent and ten packets received. Linuxninjas.org returned a message to
my
computer within an average of 0.35 seconds for every packet sent. Linuxninjas is
alive
and kicking.
Moving on. Remember Grifter's three email addresses? What can we do with those?
This is
where Finger comes in. A lot of businesses nowadays don't run finger, because it
reveals
too much information about any one user on a system. But of course, it never
hurts to try.

Ok, since Finger gave us bupkuss, let's move on to Whois. We open the Whois
window and
type linuxninjas.org into the Query prompt, and whois.networksolutions.com into
the Server
prompt. This means we'll be asking Network Solutions to tell us everything they
know about
.

SNIFFER

Introduction :)

sniff (snif)
v. sniffed, sniff·ing, sniffs.
v. intr.

1. a. To inhale a short, audible breath through the nose, as in smelling something. b. To sniffle. 2. To use the sense of smell, as in savoring or investigating: sniffed at the jar
to see what it held.

3. To regard something in a contemptuous or dismissive manner: The critics
sniffed at the adaptation of the novel to film.

4. Informal.To pry; snoop: The reporters came sniffing around for more details.

As these definitions describe, the word sniffing has a number of meanings.
Although we believe that hackers generate irritating sniffling noises, sniff at jars
to determine their contents, and especially sniff in contempt, we really are interested
in the last meaning: the process of prying or snooping.
What Is Sniffing?
Sniffing is method by which an attacker can compromise the security of a network
in a passive fashion. A sniffer, in network security circles, is a program or
tool that passively monitors a computer network for key information that the
attacker is interested in. In most cases, this information is authentication information,
such as usernames and passwords, which can be used to gain access to a
system or resource. Sniffers are included with most rootkits. If your UNIX
machine has been broken into, it is likely running a sniffer right now.

How Does It Work? :)

There are two techniques for sniffing: old-school and new-school. In the old
days, computers were connected via a shared medium.They all shared the same
local wire, and network traffic was seen by all computers. Network cards filtered
traffic in the hardware so that the attached computer would see only its own
traffic, and not anybody else’s.This wasn’t a security feature; it was designed to
avoid overloading the machine. Sniffing software disables this filter, putting the
card into what is known as “promiscuous mode.”The software is specially tuned
to deal with the flood of traffic, and then either analyze it or capture it.
These days, more and more computers are connected by switches. Rather
than distributing network traffic to all ends of the network, switches filter traffic
at the hub.This prevents the computer from seeing anybody else’s traffic, even
when it puts the adapter into promiscuous mode. Attackers must either actively
attack the switch/router fabric in order to redirect traffic flows (which we’ll
describe later), or content themselves to monitoring only the traffic flowing
through the box they’ve compromised.
When network traffic enters the machine, it is first handled by the Ethernet
driver.The driver then passes the traffic to the Transmission Control
Protocol/Internet Protocol (TCP/IP) stack, which will in turn pass it to applications.
Sniffing software connects directly to the Ethernet driver, making a copy of
it. UNIX provides a more open set of interfaces for doing this, whereas Windows
systems have provided few tools for this.Thus, sniffers are usually part of UNIX
rootkits, and seldom part of Windows rootkits.

What to Sniff? :)

When monitoring a network, there are many interesting pieces of data to look
for. In the most obvious case, authentication information (usernames and passwords)
can be captured, and then used to gain access to a resource.Other types of
information can also be monitored, such as e-mail and instant messages.Anything
passing over the network is open to peering eyes.
Obtaining Authentication Information
The following subsections provide examples of the various types of network
traffic that is attractive to an attacker who is monitoring your network.The following
sections are organized by the protocol or service that the traffic corresponds
to, and by no means represent a comprehensive listing.
In the example traffic in the next section, bold text indicates that it was sent
by a client program, and standard text indicates it was sent by the server. In
almost all cases, we are interested only in client-generated traffic, since this traffic
will contain the authentication information. More advanced sniffers may also
examine server result codes to filter out failed authentication attempts.
The following sections provide a brief overview of the types of authentication
information that can be gleaned from the respective protocols.These examples
have been simplified, and in some cases, the current versions of these
protocols support more advanced authentication mechanisms that alleviate the
risks shown. In the case of common Internet protocols, a Request for Comments
(RFC) that can elaborate on its specifications is available.


Monitoring Telnet (Port 23)
Telnet historically has been the service that an attacker will monitor when
attempting to obtain login information.Telnet provides no session-level security,
sending username and password information in plaintext across a network as
shown here:
[~] % telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Red Hat Linux release 6.1 (Cartman)
Kernel 2.2.12-20 on an i686
login: oliver
Password: welcome
[18:10:03][redhat61]
[~] %

Monitoring FTP (Port 21)

The File Transfer Protocol (FTP) service, used for file transmissions across the
network, also sends its authentication information in plaintext. Unlike Telnet,
FTP can also be used to allow anonymous access to files, whereby a user uses the
username “anonymous” or “ftp” and issues an arbitrary password. FTP protocol
information is normally hidden by a friendly client interface; however, the underlying
authentication traffic appears as follows on a network:
[~] % telnet localhost 21
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost FTP server (Version wu-2.5.0(1) Tue Sep 21 16:48:12 EDT
1999) ready.
USER oliver
331 Password required for oliver.
PASS welcome
230 User oliver logged in.

Monitoring POP (Port 110)

The Post Office Protocol (POP) service is a network server by which clientbased
e-mail programs are connected to access a user’s e-mail on a central server.
POP servers appear commonly on an Internet service provider’s (ISP’s) network,
to provide e-mail delivery to customers. POP traffic is often not encrypted,
sending authentication information in plaintext. Username and password information
is specified to the remote server via the USER and PASS commands.An
example of the protocol is as follows:
[~] % telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK POP3 localhost v7.59 server ready
USER oliver
+OK User name accepted, password please
PASS welcome
+OK Mailbox open, 24 messages
Note that extensions to the POP protocol exist, which prevent authentication
information from being passed on the network in the clear, in addition to session
encryption.
Monitoring IMAP (Port 143)
The Internet Message Access Protocol (IMAP) service is an alternative protocol to
the POP service, and provides the same functionality. Like the POP protocol,
authentication information is in many cases sent in plaintext across the network.
IMAP authentication is performed by sending a string consisting of a user-selected
token, the LOGIN command, and the username and password as shown here:
[~] % telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK localhost IMAP4rev1 v12.250 server ready
A001 LOGIN oliver welcome

David R. Mirza Ahmad
Ido Dubrawsky
Hal Flynn
Joseph “Kingpin” Grand
Robert Graham
Norris L. Johnson, Jr. K2
Dan “Effugas” Kaminsky
F. William Lynch
Steve W. Manzuik
Ryan Permeh
Ken Pfeil
Rain Forest Puppy
Ryan Russell
Technical Editor

SPOOFING

As I watch the opening scene of the movie Mission: Impossible 2 (M:I2), I
am amazed as a person who I think is Tom Cruise gases everyone in the
airplane and takes the test tubes from the scientist who is sitting next to
him. How could this be? I thought Ethan (the character Tom Cruise plays)
was a good guy. Then, as he walks through the plane, much to everyone’s
astonishment, he peels off the fake face he is wearing and reveals the
true person. It’s not really Ethan, but someone who is impersonating him.
This has nothing to do with computers, but this is a form of spoofing.

By wearing a mask, the person I thought was Tom Cruise was able to
deceive or spoof the scientist into believing that he was someone else.
From a hacking standpoint, there are many reasons someone would want
to do this.

As we will cover in this chapter, there are various types of spoofing, each
with various levels of difficulty. In its most basic form, an attacker alters
his identity so that someone thinks he is someone else. This can be as
easy as changing his IP address or as deceptive as impersonating the
president of your company with email. The bottom line is he is altering his
identity to be someone or something that he is not.

Most of this chapter will cover computer-based spoofing attacks such as IP
spoofing, but because non-computer-based techniques can be just as
effective, they are also covered at the end of the chapter. Remember that
it does not matter how an attacker can compromise your network, just
whether he can be successful. This chapter will make sure that your
company is prepared to defend against any type of spoofing attack


Why Spoof? :)

As in the preceding example, if an attacker can convince a computer or a
network that he is someone else (a trusted party), he can probably access
information he normally could not get. For example, if you trust John but
you do not trust Joe, and Joe can spoof his identity to appear to be John,
you will trust Joe (because you think he is John); and Joe can get the
access he wants.

When engineers design networks, they often set up access permissions
and trusts based on information like IP addresses. It is critical that you
understand how easy it is to spoof such information, so that you can
design better security models for your computer networks. Only by
understanding the current limitations can you move forward and build
networks that are less prone to attacks.

Types of Spoofing :)

There are four types of spoofing that will be covered in this chapter. Here
is a brief explanation of each:

• IP spoofing :) An attacker uses an IP address of another computer
to acquire information or gain access.

• Email spoofing. Involves spoofing from the address of an email.
In essence, the email looks like it came from Eric, but in reality, Eric
did not send the email. Someone who was impersonating Eric sent
it.

• Web spoofing. The World Wide Web is being used for more and
more e-commerce. To use the web for e-commerce, people have to
be identified and authenticated so that they can be trusted.
Whenever an entity has to be trusted, the opportunity for spoofing
arises.

• Non-technical spoofing. These types of attacks concentrate on
compromising the human element of a company. This is done
through social engineering techniques.

ERIC COLE

BUFFER OVERFLOW

In this day and age, programmers who are building software are under
extremely tight deadlines. Usually, the software company commits to
shipping the product with unrealistic timelines that cannot be met. On top
of that, designers usually add new features at the last minute to make
their system more attractive to the consumer than a competitor’s product.
Putting all of these factors together means that programmers are working
until the last minute, which means minimal (if any) testing is performed
on the system.


The mentality of a lot of software vendors is create the product where
most of the functionality works and then give it to the consumer and let
him finish testing it. When consumers run across problems, the company
will fix them.

The problem with this approach (besides most consumers being unhappy
when software has a lot of bugs in it, especially when they feel they are
buying a fully-tested product after paying full price) is that it leaves the
door open for a large number of security issues.

Because developing software in this fashion means certain things are
overlooked, mainly the robustness of the software, it opens the door for
potential problems down the road. One of the main areas that is often
neglected is proper error checking. Error checking is the process of
verifying and validating that the information input into a program is what
the program is expecting. For example, if the program is expecting
numbers and the input is letters, error checking checks the input, realizes
it is not numbers, drops the input, and sends back an error message. The
key about error checking is that if the data is not valid, it stops the
program from executing on that data. Without error checking, the
program takes the data, regardless of whether it is valid or not, and
passes it on for processing. In this case, data that the program is not
expecting is passed on and executed, which is the main reason for buffer
overflow and other problems. Error checking can be done in one of two
areas: in the program itself, which is where it should be, or by an external
wrapper that calls the program. The latter is more often the case with web
applications such as CGI (common gateway interface) programs. Most
often a CGI program is not called directly but is called through a web
page. The web page prompts the user for input and passes it on to the
CGI program for processing. In this case, the web page is the wrapper,
and before it passes the input on for processing, it performs error
checking to make sure the input is valid. The CGI program could also have
error checking built in so it can check the data before it is processed by
the program.

In my opinion, error checking should be done in both places. A common
principle of security is defense in depth. This principle states that you
must have multiple mechanisms in place protecting the security of your
data. With error checking, having it performed in two locations provides
defense in depth, because if one of the error checking mechanisms is
bypassed, the other one will still work.

When it comes to error checking, you only need it if people do not play by
the rules. If everyone who uses the program does what he is supposed to,
you are in good shape. However, as soon as the user does not do what
the program expects—whether intentional or by accident—the program
falls apart. This lack of error checking in the software opens the door for a
wide range of problems that you will see throughout this book. One of the
main problems that can occur is a buffer overflow, which will be covered
in detail in the rest of this chapter


What Is a Buffer Overflow? :)

Most of the new exploits are based on buffer overflow attacks. A buffer
overflow attack is when an attacker tries to store too much information in
an undersized receptacle. A common implementation is when a user of the
program gives the program more data than the developers of the program
allocated to store it. For example, let’s say that a programmer only
allocates enough memory for a variable to hold 10 characters and
someone tries to have that variable hold 20 characters. As in this case,
the main cause of buffer overflow problems is not having proper bounds
checking in the software.

An example of a buffer overflow is a program that is only expecting a
string of 50 characters and the user enters 100 characters. In this case,
because you are putting too much data into an undersized receptacle, the
program cannot handle it, and it will overwrite memory.

Buffer overflow exploits are potentially the most insidious of information
security problems. A buffer overflow essentially takes advantage of
applications that do not adequately parse input by stuffing too much data
into undersized receptacles. They occur when something very large is
placed in a box too small for it to fit. Depending on the environment, the
resulting “overflow” of code typically has unfettered capacity to execute
whatever arbitrary functions a programmer might want. Programs that do
not perform proper bounds checking are common, and buffer overflow
exploits are well known across most UNIX and NT platforms. A large
number of exploits floating around the Internet take advantage of a buffer
overflow problem in one form or another.

A great paper on buffer overflows is “Smashing the Stack for Fun and
Profit” by Aleph One and was featured in Phrack, Volume 7, Issue 49.
Phrack is an online security/hacker magazine that can be found at
www.phrack.com. It contains a lot of useful information and great
explanations of security vulnerabilities.

Buffer overflows can cause attacks against all three areas of security.
They can cause an attack against availability by running a denial of service
attack. Buffer overflows can also run arbitrary code that either modifies
data, which is an attack against integrity, or reads sensitive information,
which is an attack against confidentiality


How Do Buffer Overflows Work? :)

Buffer overflows take advantage of the way in which information is stored
by computer programs. On a computer, memory or RAM is the area where
data that is being executed is stored or variables that are going to be
accessed by a program are kept. Memory is volatile, which means thatwhen the computer is turned off, anything stored in memory is lost.
Because memory is very fast, it is used to store information that will be
needed by the computer to run programs. For long-term storage, hard
drives or other storage media are used, which can store the data even
when the power is turned off, yet they utilize slower access speeds.

In general, when a program calls a subroutine, the function variables and
the subroutine return address pointers are stored in a logical data
structure known as a stack. A stack is a portion of memory that stores
information the current program needs. The variables are data that the
program uses to make decisions. For example, if a program is going to
add two numbers together (x and y), the variables are the values for x
and y. The return pointer contains the address of the point in the program
to return to after the subroutine has completed execution. Because the
operating system has to return control back to the calling program when
the subroutine is done, the return pointer tells it which memory address to
go back to. The variable space that is allocated, sometimes called a
buffer, is filled from back to front, higher address to lower address, or
what is called last in, first out (LIFO). This means that the last element
that is put on the stack is the first element that is taken off. A good
example is an elevator. When you get on an elevator, the last person that
steps onto the elevator, is usually the first person to get off. (This
assumes that everyone gets on and off at the same floors.)

Note :)

Programs are made up of subroutines. Using subroutines in code makes it
easier to break down the functions of a program into module pieces. If all
the code for a large program were kept in one main module, it would be
very inefficient and difficult to troubleshoot. In addition, breaking a
program down into smaller pieces or subroutines makes it easier to reuse
code.

Types of Buffer Overflow Attacks :)

By nature of how a buffer overflow attack works, an attacker can
compromise a machine in one of two ways: by a denial of service attack
or gaining access. The easiest type of buffer overflow attack is to crash
the machine or cause a Denial of Service attack. Buffer overflow attacks
work by putting too much data onto the memory stack, which causes
other information that was on the stack to be overwritten. As you can

imagine, important information like operating system data needs to be
stored and accessed from the memory stack to ensure that the system
functions properly.

With a buffer overflow attack, if enough information can be overwritten in
memory, the system cannot function, and the operating system will crash.
As you learned in Chapter 6, “Denial of Service Attacks,” this is one form
of Denial of Service attack. To recover from this type of attack, you reboot
the system. If this system is a production machine, service is interpreted
until the system is rebooted and started up again.

As noted in the previous section, the other type of buffer overflow attack
is the execution of code that the attacker chooses to run. Because a buffer
overflow attack puts too much data into memory, if the attacker is careful,
he can overwrite just enough information on the stack and overwrite the
return pointer. By doing this, he can cause the pointer to point to the
attacker’s code instead of the actual program, causing the his code to be
executed. This code can be anything from printing out the password
hashes to creating a new account

ERIC COLE

DENIAL OF SERVICE ATTACK

You come home from work after a long day at the office and the phone
rings. You pick up the phone and no one is there. So you hang up, and
immediately the phone rings again. After several times of doing this, you
stop answering the phone, but the person keeps calling over and over
again. The next morning when you go to work your boss says, “I tried
calling you last night, but the phone was busy.” You actually weren’t on
the phone, but an attacker was able to use up all your resources, so that
legitimate calls did not come through. This is an example of a Denial of
Service attack. In this case, the attacker kept your phone line tied up, so
that your boss could not get through and legitimate users were denied
access. As you can already see from this non-technical example, Denial of
Service attacks can be very annoying and very difficult to protect against.
In this simplified example, it would be difficult to protect against the
attack. One solution to Denial of Service attacks is redundancy—you could
put in a second line. However, that would not stop the attacker from
launching an attack against both lines. As you will see throughout this
chapter, Denial of Service attacks are extremely difficult to prevent, and
from an attacker’s standpoint, they are very easy to launch.


To put Denial of Service attacks in perspective, let’s examine the three
main areas of security: confidentiality, integrity, and availability. Denial of
Service attacks are attacks against the third component, availability.
Availability is preventing, detecting, or deterring the unauthorized denial
of access to information and systems. Types of Denial of Service attacks
range from crashing a user’s machine by sending them data they are not
expecting, to overloading a machine by sending it too much information.
No matter which type of attack is being performed, the end result of a
Denial of Service attack is the same—a legitimate user cannot get access
to the information he needs.

What Is a Denial of Service Attack? :)

A Denial of Service attack (DOS) is an attack through which a person can
render a system unusable or significantly slow down the system for
legitimate users by overloading the resources so no one else can access it.
This can also result in someone damaging or destroying resources, so they
cannot be used. Denial of Service attacks can either be deliberate or
accidental. It is caused deliberately when an unauthorized user actively
overloads a resource. It is caused accidentally when an authorized user
unintentionally does something that causes resources to become
unavailable. An organization should take precautions to protect a system
against both types of Denial of Service attacks.

Most operating systems (including NT and numerous variants of UNIX),
routers, and network components that have to process packets at some
level are vulnerable to DOS attacks. In general, DOS attacks are difficult
to prevent. However, restricting access to critical accounts, resources, and
files and protecting them from unauthorized users can hinder many DOS
attacks.

It seems that the number of Denial of Service attacks are increasing every
day. If an attacker is unable to gain access to a machine, most attackers
will just crash the machine to accomplish a Denial of Service attack. This
means that even though your systems may be patched and properly
secured, an attacker can still do damage to your company.

Types of Denial of Service Attacks :)

There are two general types of Denial of Service attacks. The first type
involves crashing a system or network. If an attacker can send a victim
data or packets it is not expecting, and it causes the system to either
crash or reboot, then in essence, the attacker has performed a Denial of
Service attack because no one will be able to get to the resources. From
an attacker’s standpoint, what is nice about these attacks is that you can
render a system inaccessible with a couple of packets. In most cases, for
the system to get back online would require intervention from an
administrator to reboot or power off the system. So, this first type of
attack is the most damaging because it requires little to perform and
human interaction to fix.

The second type of attack involves flooding the system or network with so
much information that it cannot respond. For example, if the system can
only handle 10 packets a minute, and an attacker sends it 20 packets a
minute, then when legitimate users try to connect to the system, they are
denied access because all the resources have been exhausted. With this
attack, an attacker has to constantly flood the system with packets. After
the attacker stops flooding the system with packets, the attack is over and
the machine resumes operation. This type of attack requires a lot more
energy on the part of the attacker because he has to keep actively
flooding the system. In some cases, this type of attack could crash the
machine, however in most cases, recovering from this attack requires
minimal human intervention.

It is important to note that both of these attacks can be launched from a
local system or over a network

Types of Denial of Service Attacks :)

• Ping of Death
• SSPing
• Land
• Smurf
• SYN Flood
• CPU Hog
• Win Nuke
• RPC Locator
• Jolt2
• Bubonic
• Microsoft Incomplete TCP/IP Packet Vulnerability
• HP Openview Node Manager SNMP DOS Vulnerability
• Netscreen Firewall DOS Vulnerability
• Checkpoint Firewall DOS Vulnerability

Some of these attacks have been around for a while, however, they are
included because they cover very important concepts of how DOS attacks
work, and they give you an idea of the range of services or protocols that
can be attacked, to cause a Denial of Service attack. For example, the
exploit Ping of Death is covered because it is one of the “classic” DOS
attacks, and it shows how simple an attack can be. Others, such as smurf,
have been around for a while, but they are still widely used, for example
in the DDOS attacks that occurred February of 2000.

This is not meant to be a complete list because new Denial of Service
attacks are coming out daily, however it is meant to show you the wide
range of attacks that exist. Now, let’s start covering each exploit in detail.

ERIC COLE

CRACK THE PASSWORD

Crack the Passwords

As far as the password hacking programs are concerned the John the Ripper is a worth mentioning
hacking program that makes an algorithmic approach to hack and crack the passwords and password files.
This software works tremendously well with a mind blowing ability to crack MD5 passwords within almost no time.
John the Ripper requires a great amount of space in the CPU.
Rainbowcrack is another traditional password cracker that try every possible plaintexts one after the other during the
time of cracking, thereby consuming a great amount of time to accomplish cracking successfully.
This disadvantage gave birth to a new concept of time-memory trade-off. By the dint of time-memory trade-off concept
all the cracking time computation is successfully done in advance and stores the result in files known "rainbow tablets".
By running the hacking software the central database can then feed the stolen records back to the Websites,
facilitating the hacker by allowing him or her to sort it by any variables according his or her will like financial sections
or professional designations etc. By the dint of such powerful illegitimate hacker software the hackers try to suck out as
much amount of money as possible. The free hacking software may not be as powerful as the others but still they are strong
enough to bring immense harm to the business concerns or secret department of a nation.

THIS INFORMATION FROM
HACKINGGALERT.

HACK SERVER EASILY NETWORK

Hack Servers Easily: Network Hacking Tools

Another way that hackers use to get inside networks, like hacking teamspeak servers or hacking windows
terminal services, is thanks to the unknown help of the network users. How? Simple,
they send emails with attachments that will execute a worm, virus or Trojan that will spread into the network.
If it is a Trojan horse, this little program will convert the computer into a zombie, under the control of it's creator.
Thanks to it, the hacker will gain a way to enter the network without being detected.
A virus used for network hacking is a bit different. Although it spreads in similar ways to Trojan horses
(through email attachments or downloaded files from peer to peer networks), they cause havoc and destruction inside the network.
A hacker will make use of this panic situation and try to enter the system while it's defenses are down.
It may be considered a parallel to the siege strategies of ancient history, when cities were intentionally infected with
diseases by their enemies.
Worms are similar to viruses, but have a slight difference. They are self contained and do not require of other file,
as a virus does, to infect a computer. Their main application for network hackers are installing backdoors inside computers.
Once the new "door" is secure, the hacker will use that entrance to establish a position inside the network.
Hackers can even install a key logger for remote password hacking and the user will never know how they did it! Of course,
someone could think that all of the fault is with the operating system Windows, but in reality, the amount of people who are
hacking Windows XP is not because the program is bad. It is because most of the planet uses it as it's operating system.

What Tools Does He Use? :

If you are a hacker who just began his activities, it's most probable that you will download one of the dozens
of free tools that are available in the internet. These programs have been previously made and tested by more
experienced hackers. When you trespass the barrier of experience and become a seasoned hacker,
then you may start making improvements over these old programs. Or even you may start creating your own
network hacking software.
Since internet is always evolving (getting bigger and implementing new tools and software)
it is an almost infinite source of fun for a hacker who wants to test his skills.
f you want to make scan the ports of a network, there are several freewares available.
The most common ones are Portscan 2000, Scanmetender Standard, Angry IP Scanner, Netmon ,
FastTCPPortScanner, nmap and Unicornscan.
In the case of worms, viruses and Trojan horses, the list is almost infinite. And with each month that passes,
hackers improve or make slight modifications to these programs so they are not detected by the security systems.
And, if you are using a wireless network, do not think that you are more secure than a traditional network.
As a matter of fact, hacking wireless networks is easier for a hacker since many users don't know how to configure it.

What Is The Damage When Automated Tools Are Used? :

It doesn't matter if you are a network hacker who is trying a windows 2000 password hack or a system administrator
that wants to defend from a password hacker. In either case, you need to learn the tricks of this job and maintain yourself
updated on the latest trends and network hacking tools. Consider how the world was fifteen years ago, with virtually no
Internet and with most computers using DOS (the precursor to Windows). Although those good old days are gone,
network hacking hasn't, and will never disappear