Hi Guys

First off it is more of a discussion than a question/s. Just to clarify a few/lot of things that i have heard and seen happening around me. Please feel free to share your knowledge about this "Taboo" topic.

I have been looking to post this somewhere but thought it might best be suited here as all the techies would be able to answer a few things. Now not sure what reaction i will get about this topc as Hacking is controversial topic, but I want to gain knowledge about it. I mean how is it possible for someone to do it? What are various levels of hacking?
Be aware of a few wierd questions as well as they will follow.

Just before someone asks me why Im asking about this, simple answer is curosity.

I wanna know. No intentions of doing it or watever but i guess you have to have knowledge about a lot of things when into computers and the biggest threat to the world of computing is Hacking, I guess. So I d rather have as much knowledge about it as I can get. Anyone out there who has answers would be greatly appreciated.

Raj

It is perfectly fine to learn about hacking. The more you know about it the easer it is to prevent getting hacked. 90% of hackers do it as a hobby, they will right little scripts that they plant in your computer to pop up a message or something innocent like that. the other 10% has a little more malicious intent. the main goal of hacking is to gain information that doesn't belong to you i.e. credit card info, top secret government files and so on.

the easest way to hack is to find the backdoor of the system that you are wanting to hack. on almost every OS, program or server the main adminstrator or programer will install a backdoor that bypasses all of the main security functions, so that if they need to get into the system again or need to make a change they don't have to go through the hastle of loging in and going through all the security options.

There is actually a lot to learn on this subject. i suggest looking up a few articles on it.

90% of hacking is exploiting the users own stupididy (inproper configuration , failure to keep up with security updates, inproper use)

Agreed !

White Hat Hacking = Good, (as opposed to Black Hat Hacking = Bad)and Penatration Testing have started to really take off as a valid "profession" within the IT Community. The pay is not the best compared to some other aspects of the IT world, but it is getting better and will all depend on your experience. Certified Ethical Hacking is a course taught by the EC Council and is worth checking into just to learn more about how your systems work.

very true....
if one has the proper security measures it is very very hard for one to hack.

The head of the CIA database security started out as a hacker. he hacked the CIA database just to show them their weaknesses. instead of prosecuting him they gave him a job.

yes, thats why i get annoyed when everyone always complaines about windows. A fuly-patched windows install, where users are not admins, and there is a decent policy in place, is very secure indeed

I have to say windows security is about the only thing i do like about windows.

right then, finally i started gettin the replies. So this is what i experienced about 3 odd years ago. I used to study in this college and one day we came to college and it was swarmed by police. Apparently someone somewhere in russia, i think, had hacked into the college servers during night time and using those servers he did some illegal stuff. Obviously he routed it thru college servers thats why police swarmed my college but was content after getting all the details from it staff. Now would that be classed as hacking. I mean college servers had quite a few security measures so it was not an average joe's play to do sommin like that. How can someone do sommin like that? Was it just that they used the college servers as proxies or something as i am not very clear about the purpose of proxies either. SO feel free to explain. I am hoping to keep this thread going for a while as i wanna make it a thread which could be a proper "Fountain of Knowledge" for anyone who wants to know the basic ABC of hacking. Hope you all dont mind inputting in your 2 cents/pence/paise etc etc.

Appreciate the responses guys

Raj

More than likely the college "servers" had a VNC connection open, or something as equally retarded, like someone posted above, 90% of hacking is taking advantage of retarded system configs, or exploits due to non-updated systems. To the OP: I'm going to caution you. This kind of knowledge can tempt you, whether you think it will or not. I will go over a few things I know, and by no means am I an expert hacker, more like a kid who got caught in a bad situation, and was forced to learn.
About my post: I am not going to give any links or any tools to "hack" other people. I will give a general overview of what is common and possible, but in no way am I going to give other people tools that can be used improperly to harm others.

Most people do not count DoSing (Denial of Service) as hacking, but I sure as hell do. Among the internet junkies, this is a fairly formidable approach to ultimately overwhelming and crashing a server/computer. A DoS attack is one in which too much information, ALOT, is sent far too quickly, which then blocks the target from processing other incoming connections. It pretty much just jams the desired target, and will keep remaining jammed, or slow if it's an unskilled and uncoordinated attack. This kind of attack can be devestating say if you run a business over the internet, e-commerce, and you are suddenly targeted.

Ports: While alot of people use exploits other people can "inject" there own backdoor torjans and other malicious code, via open ports on a system. The most common port open is 80, seeing as it is the port your computer uses for your browser to view webpages. There are a vast number of ports on your computer ranging from 1-30,000. I'm sure it's higher than that, but I don't feel like looking up the general number at the moment. Every program or game you run that connects to the internet, uses a different port, so you can imagine how quickly this could become a problem.

Alot of the time hacking results in a person's ignorance. I'm sure many people, even on this very forum, use one or two passwords for most of their online login's. That is a very big no-no. A skilled person can crack even the most complex hash, and even the forum "standard" which at the moment I believe is md5. Alot of times a forum will "salt" a hash, adding extra characters to the string, which makes it nearly impossible to crack. If I were to crack a database, steall all the hash's for the passwords, I could create a large ammount of headache, for a large ammount of people. This is even more dangerous if you use that password for an online banking site, or an account that has access to your paypal, googlecheckout, or credit card.

These are the most common things I have been forced to deal with, and I believe some of the more common things found on the internet. Most of the time though, someone who "hacks" doesn't really understand what they are doing. There are very few real hackers left in the world, and those who aren't employed by government agencies, are even smaller. Alot of the time when a site get's hacked, or something along those lines, they go to certain sites, ones I will not name here, and find general exploits for various operating systems, and various forums. I would have to say if you do indeed use SMF forum boards, you immediatley apply every patch that is released for it. SMF is easily one of the most hacked boards out there. Also, if you own Windows Server 2003, or windows 2000, make sure you have ALL the new patches, those two are the most commonly targeted operating systems. Windows 2003 is the OS that most datacenters use, other than linux.
If you have more questions, feel free to ask.

Also, as to proxies, the only thing they usually are used for is to change your IP. A VNC connection could use your computer as a Proxy, and do bad things from.