Thursday, March 5, 2009

How To Be A Hacker



Expertise with the hacker can see & fix software on the computer; usually then publish openly on the Internet for the system to be better. Sialnya, take a few evil men use the information to crime - they are usually called cracker. Basically the hacker & cracker does not vary with the art world, here we are talking art Internet security network.

I hope the science of network security in this paper is used for things that good - not the Hacker cracker. Do not until you hit karma for using science to damage property of others. Moreover, the current needs of hacker growing in Indonesia and many more who want to dotcommers IPO shares in the various exchanges. Name good value & a dotcom can not fall into even if valuable in the dotcom collapse. In this case, the hacker can be expected in the security consultant for the dotcommers it - because the police HR & Indonesian security apparatus is very sad & very weak in the field of Information Technology & Internet. What could make cybersquad, cyberpatrol private budayakan perhaps necessary for survival in dotcommers Indonesia on the Internet.


Various security techniques in the Internet network can be obtained easily on the Internet, among others, in http://www.sans.org, http://www.rootshell.com, http://www.linuxfirewall.org/, http:// www.linuxdoc.org, http://www.cerias.purdue.edu/coast/firewalls/, http://www.redhat.com/mirrors/LDP/HOWTO/. Some of the techniques in the form of books that the number of its several hundred pages that can be taken for free (free). Some Frequently Asked Questions (FAQ) about the security of the network can be obtained in http://www.iss.net/vd/mail.html, http://www.v-one.com/documents/fw-faq.htm. And for the experimenter some script / program that is so can be obtained, among others, in http://bastille-linux.sourceforge.net/, http://www.redhat.com/support/docs/tips/firewall/firewallservice.html .

For readers who want to gain knowledge about the network can be downloaded for free from http://pandu.dhs.org, http://www.bogor.net/idkf/, http://louis.idaman.com/idkf . Some books that shaped softcopy can be free to take on the capture of http://pandu.dhs.org/Buku-Online/. We must be especially grateful to the team by I Made Wiryana for this. At this time, I do not know the place of a discussion on the techniques of hacking this - but it may be in part discussed in the mailing list information such as the kursus-linux@yahoogroups.com & linux-admin@linux.or.id operasikan by the Linux User Group Indonesia (KPLI) http://www.kpli.or.id.

The simplest way to see the weakness of the system is to explore how information from various vendors, for example in # 3b http://www.sans.org/newlook/publications/roadmap.htm about the weakness of the system that they own. In addition, monitoring the various mailing lists on the Internet related to network security as in the list

Described by Front-line Information Security Team, "Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks," fist@ns2.co.uk http://www.ns2.co.uk. A cracker usually men aged 16-25 years. Based on the statistics of Internet users in Indonesia, then in fact the majority of Internet users in Indonesia are children at a young age also. Indeed, this age is the age that is the ideal draw in the new science of science, including the Internet, be pitied if we are not successful menginternetkan to 25,000 Indonesian schools s / d in 2002 - because the object of a future of Indonesia is in the hands of young children we.

Well, the young are generally cracker cracking do to improve / use of resources in the network for its own sake. Generally, the cracker is opportunis. See the weaknesses with the system program mejalankan scanner. After obtaining access to root, will install the cracker back door (backdoor) and close all existing general weakness.

As we know, most companies / dotcommers will use the Internet to (1) they are hosting a web server, (2) e-mail communication and (3) provides access to web / internet to its employees. The separation of Internet and Intranet networks generally done by using the techniques / software firewall and proxy server. See the condition of the use of the above, weaknesses in the system generally can penetrate through, for example with external Mailserver / used outside for easy access to the mail out of the company. In addition, by using the agressive-SNMP scanner & programs that force the SNMP community string can change the router into a bridge (bridge), which can then be used for the stepping stone for entry into the company's internal network (Intranet).

Cracker protected so that during the attack, technique cloacking (masquerade) is done with the jump from the previous engine was compromised (ditaklukan) program through telnet or RSH. In the intermediary machine that uses Windows attack can be done with the jump from the Wingate. In addition, the jump can be done through the proxy device configuration is less good.

After a successful jump and enter the other systems, cracker like to probing of the network and collect the information necessary. This is done in different ways, for example, (1) using the nslookup command to run the 'ls', (2) view HTML files on your webserver to identify the other machine, (3) to see various documents on the FTP server, (4) connecting the self to mail server and use the command 'expn', and (5) mem-finger user machines in the other external.

The next step, cracker will identify the network component that is trusted by the system only. Network components are the server administrator and machines that are usually in the most secure in the network. Start with a check & export NFS access to a variety of critical directory such as / usr / bin, / etc and / home. Exploit weaknesses engine through the Common Gateway Interface (CGI), with access to the file / etc / hosts.allow.

Next cracker network components need to identify the weak and the taklukan. Cracker can use the program in Linux like ADMhack, mscan, nmap and many other small scanner. Programs such as' ps' & 'netstat' on a trojan (remember the story of horse TROYA? Classic story in ancient greece) to hide the process of scanning. For the cracker can simply use the advanced aggressive scanning for SNMP-men-scan equipment with SNMP.

After a successful cracker identify network components that can be weak and in taklukan, the cracker will run the program to the daemon program menaklukan weak in the server. The program is a daemon program on the server is usually running behind the screen (as a daemon / Satan). The success of this menaklukan daemon program will enable a cracker to gain access as' root '(administrator in the server).

To remove the impression, a cracker is usually cleaning operation 'clean-up' operation with a variety of ways to clean the log file. And add the program to enter from the back door 'backdooring'. Changing the file. Rhosts in / usr / bin for easy access to the engine through the RSH taklukan & csh.

Then a cracker can use a machine that is already ditaklukan for their own interests, for example, take the sensitive information that should not dibacanya; mengcracking machine from another machine with a jump in taklukan; install a sniffer to see / record the various traffic / communication through; can even turn off the system / how to run the network with the command 'rm-rf / &'. The latter will be very fatal consequences because the system will be destroyed at all, especially if all the software on the hard disk letakan. The process of re-install the entire system must do, it will spin if this is done on machines that run mission critical.

Therefore, all machines & routers running mission critical should always check the security patch by & in the new software. Backup becomes especially important once the machines that run mission critical terselamatkan from the cracker ulah men-disable system with 'rm-rf / &'.

For us the day-to-day romp in the Internet generally, there would be very appreciative of the existence of the hacker (not cracker). Because thanks to the hackers, and there is the Internet we can now enjoy, such as this, even continue to refine the system to become better again. Various weaknesses in the system because the correct accomplishment colleagues hackers often do the repair page. voluntarily for hobbies. Moreover, often results in its hacking it for free on the Internet for the Internet community. A value & cultural gotong royong glorious thus grow in the virtual world of the Internet generally seemed futuristic and far from the social sense.

Development of the hobbiest hackers became important to the sustainability / survival vehicle on the Internet dotcommers Indonesia. As one of fact, in the near future Allah around mid-April 2001 will be conducted in hacking competition in the Internet to break a server that has been specified in advance. Hacking competition in motori by young people in the Linux User Group Indonesia (KPLI) of Semarang digerakan by children as young Kresno Aji (masaji@telkom.net), Agus Hartanto (hartx@writeme.com) & Lekso Budi Handoko (handoko @ riset.dinus.ac.id). As children usually other young, they generally have capital insufficient - support & sponsor of course very useful and will be expected by colleagues this young.

Hopefully all this will add to the spirit of readers, especially young readers, to move in the world of hackers mengasyikan and challenging. If the word Captain Jean Luc Picard in Movies Startrek Next Generation, "To boldly go where no one has gone before."


--------
see the full post in here



No comments: