I'm doing 28 things
Hi everyone, I’m back with a few more pointers for those who desire to learn how to hack.
I have a strong feeling that many people do not read all the comments here, if you are interested in this topic, read my past post to start with before continuing.
http://www.43things.com/entries/view/128215
Now, reading that, and understanding what I’m attempting to say, may not be as clear-cut as most would hope to hear. The truth is, as humans we do indeed like answers to be straight-forward. Most scientists would agree, complex answers wield little use to us. For really complex answers, we must first find other ‘small’ answers that eventually build into a bigger picture.
The average person looking into hacking is interested in ‘cracking’ into their friends, enemies, ex’s computer to joke/annoy/scare or get revenge.
If you want to learn how to hack so you can open their cd-rom, take over their mouse/keyboard, log keystrokes, or manipulate settings… then keep reading because this is for you.
All that I mentioned above is most commonly ‘accomplished’ by the use of a type of malicious software called a trojan. [Wonder where that name came from… ;)] And all that is really required of it, is to get your victim to run the right executable.
But here is the catch… it’s not hacking. Not even remotely.
Now at this point, you may feel you don’t care about hacking because it’s not even what you had in mind, and that is a good thing.
For those truley mystified by computers, you must learn what it takes to immerse yourself in technology. You must become curious, if you aren’t already, about how the computer works.
Figured that out already? Great, learn how the internet works. Learn the protocols commonly used on the internet. Mastering TCP/IP alone could give you an immense understanding of what hacking is about. Nevertheless, that isn’t to say, hacking is all about the internet. From day one, you should be learning a programming language.
There are so many languages to choose from, try a few, try many, see what fits you the best. C++, C#, Python, Perl, Java, Delphi the list goes on. If you feel very bold, learning Assembly can be a very powerful tool for understanding software and how the higher-level programming languages communicate with the hardware.
If you have the knowledge of a strong programming language, you will be able to put it to use through the rest of your learning experiences. Be imaginative. Think up with an idea/theory; write a program to test it. Use it as you learn TCP/IP to design your own chat software to share with friends. Keep expanding on it by adding new features; push the limits, if you can.
Most hackers I know are always playing with code, learning from it and finding out where it may be weak. This is where proof of concept exploits come in to play.
Exploits… a very descriptive name really, because they are usually used to show how a particular bug in a piece of software can be used to cause (normally) un-wanted harm or access to the machine running the software. Sound familiar?
Ever had a program crash on you almost out of nowhere? Something happened in the design of that program that caused that crash. When hackers see that happen, a great many of them would take it upon themselves to find out, what exactly caused the crash. Once they figure out what caused the crash, they usually (with knowledge of a programming language) can write an exploit that uses that crash to their own benefit.
It’s called a buffer overflow. One of the many techniques used by hackers and crackers alike. There are plenty of articles on buffer overflows out there, try looking on google.
A quick run-through of a buffer overflow…
First you need to have an understanding of how computer memory works. That would make the understanding of this so much easier, because it’s tricky to explain to someone who has no idea how memory works.
Every program reserves a certain amount of space in memory to run its processes. So think of that reserve, as a cup. Even the operating system (ie Windows, Linux, etc) have their own ‘cups’ in memory for their own processes. Now imagine that the information being processed by these applications is the water being poured into the cups. (Stay with me! I know it is confusing!)
Most properly designed applications, won’t allow themselves to go beyond the reserved memory. (The cups don’t overflow. Ha…who would have guessed.)
However, sometimes, things do not go the way the programmers hoped, and overflows occur, too much information (water) is shoved into the reserved memory space. (The cups)
When this happens, a clever exploit will use this overflow to push his OWN code into other places in memory, such as the operating system’s! gasp
So now, there could be malicious code running within the operating system’s area of memory…not good.
When hackers move onto finding real jobs, a lot of them analyze software, find bugs, learn how to exploit them, and how to fix the problem.
I won’t go any further because I know this analogy could be argued one way or another, but hopefully now, you’ll have some idea of what it’s going to take for you to open youre friends cd-rom over the net. Heh.
Knowledge is power.
