Hacking for Dummies
(Access to other peoples systems made simple – & some extra database lore).
The author is not responsible for any abuse of this information. It is intended for educational useonly. You may be quite shocked at how vulnerable you are! As an afterthought I added a sectionon database access due to a number of requests.The majority of successful attacks on computer systems via the Internet can be traced toexploitation of security flaws in software and operating systems. These few softwarevulnerabilities account for the majority of successful attacks, simply because attackers areopportunistic – taking the easiest and most convenient route. They exploit the best-known flawswith the most effective and widely available attack tools. Most software, including operatingsystems and applications, comes with installation scripts or installation programs. The goal of these installation programs is to get the systems installed as quickly as possible, with the mostuseful functions enabled, with the least amount of work being performed by the administrator. Toaccomplish this goal, the scripts typically install more components than most users need. Thevendor philosophy is that it is better to enable functions that are not needed, than to make the user install additional functions when they are needed. This approach, although convenient for theuser, creates many of the most dangerous security vulnerabilities because users do not activelymaintain and patch software components they don’t use. Furthermore, many users fail to realizewhat is actually installed, leaving dangerous samples on a system simply because users do notknow they are there. Those unpatched services provide paths for attackers to take over computers.For operating systems, default installations nearly always include extraneous services andcorresponding open ports. Attackers break into systems via these ports. In most cases the fewer ports you have open, the fewer avenues an attacker can use to compromise your network. For applications, default installations usually include unneeded sample programs or scripts. One of the most serious vulnerabilities with web servers is sample scripts; attackers use these scripts tocompromise the system or gain information about it. In most cases, the system administrator whose system is compromised did not realize that the sample scripts were installed. Samplescripts are a problem because they usually do not go through the same quality control process asother software. In fact they are shockingly poorly written in many cases. Error checking is oftenforgotten and the sample scripts offer a fertile ground for buffer overflow attacks.The simplest means to gain access to a system is by simple file and printer sharing. This is used toallow others on say, a home local area network share files, printers, and internet connections. If the computer having file and printer sharing enabled, this in fact allows these resources to beshared, and on offer, to the entire internet! This is largely due to the fact that Netbios wasoriginally intended for use on local area networks (LAN’s), where trusted sharing of resourcesmade sense for many reasons. It was never intended to ‘go global’.First, search using a Netbios scanner, for a system with sharing enabled. A program such as Netbrute, by Raw Logic Software, is ideal. These programs can help the would-be hacker, as wellas the network administrator. Run the scan over a subnet at a time, for example an IP addressrange from 184.108.40.206 to 220.127.116.11. Choose a system which has, preferably, it’s whole hard disk