Jump to content
xisto Community
rantsh

Hacker Wannabe If youre a hacker please come in

Recommended Posts

rantsh,I am impressed to say the least. You are taking this seriously and that makes me want to help you even more. I guess I will have to get off my lazy butt and get to work on putting together some material.The material presented at HackR is not the most challenging but does show the biggest part to hacking, it’s the mind set. Just because the system says something is not possible does not always mean it is so. Go ahead and proceed to the intermediate levels. If I remember correctly this will involve starting to reverse engineer pieces of software. You will perhaps learn more here than the entire beginner levels combined. Let me know when you get through this and get your books.I hope this is a good lesson for everyone reading this thread. Learning is an action that requires a person to actually do something. Rantsh has taken the first steps and I commend him for it. Perhaps I can get a few more people on board and we can have a very enlightening experience here. I know that this is not a college class in box site but as long as you are interested I will lay everything on the line. Once you get your cryptography books we will start discussing the first chapters and I will give further assignments, if of course that is ok with you.

Share this post


Link to post
Share on other sites

rantsh,

 

I am impressed to say the least.  You are taking this seriously and that makes me want to help you even more.  I guess I will have to get off my lazy butt and get to work on putting together some material.

 

The material presented at HackR is not the most challenging but does show the biggest part to hacking, itâs the mind set.  Just because the system says something is not possible does not always mean it is so.  Go ahead and proceed to the intermediate levels.  If I remember correctly this will involve starting to reverse engineer pieces of software.  You will perhaps learn more here than the entire beginner levels combined.  Let me know when you get through this and get your books.

 

I hope this is a good lesson for everyone reading this thread. Learning is an action that requires a person to actually do something.  Rantsh has taken the first steps and I commend him for it.  Perhaps I can get a few more people on board and we can have a very enlightening experience here.  I know that this is not a college class in box site but as long as you are interested I will lay everything on the line.  Once you get your cryptography books we will start discussing the first chapters and I will give further assignments, if of course that is ok with you.

1064322367[/snapback]


I have to say, that I might have more skill than what I thought (??? B) ) It took me a couple of days to figure out Intermediate challenge #1, but just a few minutes to complete #2. I'm only missing the 4 advanced challenges which are cracking challenges, and I have to admit this are going to take some serious time...

 

Either way I invite everyone who reads this thread to try out hackr.org, as it was said before it's not the hardest site ever, but take my word for it... you learn a lot solving this problems...

Share this post


Link to post
Share on other sites

rantsh, Here's another simple challenge for wou to try. Get a copy of the book "Jurassic Park" by Michael Crichton. There are several pictures of a simple fractal in that book. Each one is the same fractal at a different progression. One of the pictures was flipped the wrong way in the copy I got, but once you start seeing the pattern, it should be easy to spot. The challenge is to figure out the algorithm used to create that fractal. It's a simple enough kind of fractal that you can figure it out on paper, without any help from a computer. In fact, that's how I decided to figure it out, just for a mental excercise. It's a good way to look at information in way simular to encryption. Granted, this example is more or less like shifting letters "a=b, b=c, c=d", since it is a standard pattern. It is a little bit more, because the pattern is progressive. The pattern, although simple, never completely repeats itself.Because of that feature of that particular algorithm, I have used it in my own sercurity on my personal network. Using it, along with some other tools I've made, passwords never need to be sent across my network.Here's how I used it, along with the general concept of the security I'm using:Let's say I want to telnet to my server.1: The client software opens up a connection to the server2: The client then uses the "password", connection info, and time to encrypt the string "Login: Username"3: The server takes this encrypted string, and decrypts it using the real password, connection info, and time.4: If the server gets the correct string from the decryption, it accepts the connection.Notice, the password itself never crossed the network, it was just used in the encrypting & decrypting.The reason for this is that the password is actually the control for the encryption. My security uses 256 different encryption algorithms. Each one is tied to a character. To help you understand the concept of what's going on, picture this:algorithm "r" shifts the bits one to the right,algorithm "a" reverses the order of the bits,algorithm "n" NOT's the bitsalgorithm "t" XOR's the byte with the previous byteapplying any one of those simple algorithms would be broken very fast, however when stacked, it would take longer. But it would still be breakable. But on top of that, I add the algorithm for the fractal. What it controls is the rotation of the algorithms. It makes it so that the algorithms are rotated periodically, and not in static way. So maybe first it waits 5 bytes to shift algorithms, and next time it waits 7, and the next 3, etc... as you can see, each piece is used to make it harder to break. And since much of it relies on having previous pieces correct, one mistake will corrupt the rest of the stream.Also, another part that helps ensure protection is the length of the password as the computer sees it. You may only be typing in something like "ProtectMe", but the computer would use something like "ProtectMe/154.87.243.16:1024/125.13.4.156:8080/14:24:56:99/12/15/2005"As you can see, it makes for a rather complex "password" and since the order of the algorithms is critical, it doesn't see "pass" as "asps" or anything like that. Also since there is no comparing of a password against a list, there isn't a time differential between a valid login, and a false login.Hope this gives you some idea what kind of protection and it can give you some insight as to what hacking encryption can entail B)-YB

Share this post


Link to post
Share on other sites

Level 7 is wrong !!!it says my answer is wrong but 0xBADCAB12 hxadecimal is decimal 3 135 023 890or am i mis-understanding he question ???i did the base16 maths myself, then checked my answer with google converter.anyone else get this ?

Share this post


Link to post
Share on other sites

Ohh, and sorry for the shameless plug, but we have a few origonal hacking challenges here. in the challenge section.

and for an even more shamless plug, an encryption hacking challenge / tutorial written by myself.

http://forums.xisto.com/topic/83748-topic/?findpost=1064302535

It contains en encrypted web page, and the source code to the sotfware used to encrypt it.

you must try to de-crypt it.

Ive also included a spoiler, and a brute force source code i used to crack it.

So far, its only been managed by MasterComputers.

Share this post


Link to post
Share on other sites

rantsh I salute you for doing what I did not have the guts to do!

I have read through quite a few tutorials/RFCs and other references at this point and while I have learned a great deal I am still a bit lost. I have been going to college for a Computer Science degree and I am now in my second year. I do basic to intermediate Java programming and I know HTML. I have done little with C and C++. PHP frankly confuses me as I have not done much work with it or found a good reference. I have done bath files and limited DOS. I do simple troubleshooting for friends and family. I can read source code and with a little time and effort figure out what,how, and why. I personally think that the simple questions "Why?" and "How?" are the greatest questions ever devised by man. I love learning more and I think that I learn best by doing. I will start on a project and have a plan for what I want it to do and love it when I encounter something that I don't understand or know how to accomplish cause then I start on the journey of figuring out how to do it and inevitably learn something in the process.

I thought I would let you know a little about me and my background before I asked any questions as it would give you a better idea of what I seek.

 I love to learn and I love a good challenge, however I am finding it a bit difficult finding a good starting point to enter the wonderful and somewhat "mysterious" world of hacking. I have learned a good deal and found some good references by reading through the posts here and in a few other places but I have found that many of the sites that people praise and refer to no longer exist or have been moved. I have read the posts regarding hackr.Org and would love to find something like it with practice challenges to sharpen my teeth on but as of yet I have found none. I would love to find a site or reference that would offer some guidance to lead me from that limited background I have and teach me what I need to know to move forward as well as something that I can use to practice the skills I have learned. I am in no way asking for someone to hold my and show me the answers but instead point me in the right direction and give me a shove. As I mentioned before I love a good challenge and would love to find a exercise/challenge/goal to practice on without the risk of being arrested or committing any crimes. I want knowledge, not a criminal record or a path of destruction lying behind me.

Well if you have made it to this point in my post I thank you for listening to my ramblings and for any advise or guidance you can offer me.

  -TDJ

 

Share this post


Link to post
Share on other sites

According to old school "hacking" rules, you've already broken one of the main ones... asking for help to get started :P
I am a hacker by the old definition. One who goes into systems for knowledge, not to destroy. In fact, I would never go into personal info if I found any. At the most, the only changes I would make to a system that I got into is leave a message saying that thier system was insecure, and stating how I got in.

Most people that call themselves hackers are not true hackers. Most just run programs that other people make without understanding what is truely going on behind the scenes. All they usually want to do is cause damage to sites.

If you want to learn how to become a real hacker, I can point you in the right direction, but it is up to you to do the work.

I've told you alot more than I should have. I have one other recommendation, only hack your own computers. When you hack computers you don't own, you run the risk of going to federal prison. And don't forget the 3 R's of hacking.

-YB

i dont really hack, but i explore all weak windows systems i encounter to learn all their weaknesses and just learn about them. you can tell a lot about someone from the programs they use and what's in their documents. :mellow:
also, try this site: it is legal.
hackthissite.org
(sorry, i only know a little BBCode)
-wait, this is bbcode.
ok, [link]hackthissite.org[/link]
tell me if this helped!
Edited by Rhekatou (see edit history)

Share this post


Link to post
Share on other sites

rantsh,I agree with yungblood: research is the only way to get skills.
you should try to find out about the most recent security issues by using your favorite search engine to look up words like "bugtraq", "vuln", "pen testing" and so on (i am sure you will find more applicable words the longer you research...)
everything i know about getting access to remote computers i found on the internet, so you surely will, too.

cryptography is even more difficult. a good site to start with ist
http://www.cryptographyworld.com/

last but not least there are some web sites with hacking & cracking challenges whre you can try your skills ... You might like this one for a start: http://www.try2hack.nl/

greetz
calixt

thanks for quoting the site try2hack
i think it'll help me alot

Share this post


Link to post
Share on other sites

You don't learn to be a 'hacker', in order to exploit security weaknesses in systems, websites etc. you first have to learn all about the system. Once you have studies and become well hearsed in what it is you want to break in to then it's simply a case of using your new found knowledge to test weaknesses. For example, if you want to hack a website and it uses php, there is a page on the website where you can enter your email address to be added to the mailing list. Now we assume that when we enter our email address then that information will be added to a mysql database, which means the POST data sent will be inserted in to a query such as: mysql_query("INSERT INTO maillist (email) VALUES ('".$_POST['email']."')"); Notice that the data isn't being processed and is just being input directly to the database (obviously we can't see the code but hacking is all about trial and error). So what we could type in to the email address form is: x'); DROP TABLE maillist; -- Now what the new query will look like after the data has been inserted in to the query like above is: INSERT INTO maillist (email) VALUES ('x'); DROP TABLE maillist; -- Now our unfortunate Mr WebHost has lost his entire mailing list because he didn't use mysql_real_escape_string before inserting his POST data. Now this kind of thing you can expect to work on a site created by a complete noob to php programming, but very doubtful it will work on a pro's site, in fact it's probably impossible. When making attacks such as this you have to ensure you are selecting your targets carefully, some even put in measures to catch people in the act of hacking. I would demonstrate more examples over things such as .asp and through .exe files but I won't bother. I only learned about the different types of exploits myself to better protect my own software and website designs. Actually using this knowledge to cause random damage for no reason is just childish, it should only be used if you actually have a goal that needs accomplishing, such as gaining admin status for your favourite online game, or accessing a file on another persons computer and changing your college grades or such like. Once you have the ability, USE IT RESPONSIBLY!!!

Share this post


Link to post
Share on other sites

Programming languages are a great help.If you want to mess around with some web sites. Learn web design. A lot of successful hacks start with the knowledge of programming.http://www.w3schools.com/ is a great reference and tutorial site for anything related to web programming. This includes from the basic HTML to more server side programming of ASP and PHP and SQL.Also, http://www.hackthissite.org/ is a great website for hacking tutorials.Remember that hacking could be considered a criminal offense, so be careful on what you get in to. Don't try to mess up something that isn't yours.And for a security note, there is A LOT of *programs* that will claim to be a hackers tool that will do the work for you. Often these type of programs are designed to hurt the user more than anything. It is much safer(and much more of an accomplishment) if you learn how to make these type of tools for yourself.

Share this post


Link to post
Share on other sites

I could recommend the book web application hacker handbook. You'll learn all the nasty fun but with a nice clean white hat approach.


https://portswigger.net/burp/domore.html
https://portswigger.net/burp/domore.html

Programming languages are a great help.
If you want to mess around with some web sites. Learn web design. A lot of successful hacks start with the knowledge of programming.

http://www.w3schools.com/ is a great reference and tutorial site for anything related to web programming. This includes from the basic HTML to more server side programming of ASP and PHP and SQL.

Also, http://www.hackthissite.org/ is a great website for hacking tutorials.

Remember that hacking could be considered a criminal offense, so be careful on what you get in to. Don't try to mess up something that isn't yours.

And for a security note, there is A LOT of *programs* that will claim to be a hackers tool that will do the work for you. Often these type of programs are designed to hurt the user more than anything. It is much safer(and much more of an accomplishment) if you learn how to make these type of tools for yourself.


Share this post


Link to post
Share on other sites

becoming a hacker is not a child play i think no one can learn to become a hacker but will learn from it slef it need curiosity and if one have about comps and all then he or she can be a hacker because hacker needs to be some other cant be. Becoming a hacker needs a lot of conc. and effort and also an imense knowledge of society and the persons thinking. He should be able to think and analyse of what others think and how they think. The way to thinking. Its not a child play to be such a thinker but only a small man who is generally neglected are hacker of whom can never be thought and those who show off that they can hack its not true and they cant never be a hacker but just a ****. I hate those persone. Hackers live 2 lives one social and one is tech savy,

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.