Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 23
Members Online: 2

Registered Members: 82885
Newest Member: ConiBE
Latest Articles

Preventing the Hack - Part 1

Arrow Image Part 1 in a series of articles designed to help you better understand how a hacker might attack your system or network infrastructure.



Disclaimer: This series of articles is presented to help you better understand the way a hacker might attack your system or network infrastructure. By understanding the mindset and approach of a hacker, you will be in a better position to prevent such an attack on your own systems. Should you choose to perform any attack covered in this series of articles, you should do so only on your own system or network, or where you have obtained prior permission from the systemís owner.




PART 1

The purpose of this article is to give you a basic overview of the different types of attacks a hacker has at his or her disposal when trying to gain unauthorized access to your private information. Each of these different types of attacks will be discussed in greater detail in subsequent articles.


*** Non-Technical Attacks ***

Attacks that involve manipulating computer users into compromising their own systems are probably the greatest vulnerability of any computer or network. Human nature causes most people to be naturally helpful and trusting of others. This trusting nature can be exploited by a hacker though a method referred to as Social Engineering. Social Engineering is often done over the phone or internet and frequently doesnít require the hacker to ever show his face to the target.

Other non-technical attacks against a computer or network infrastructure are physical in nature. A hacker will break into a building, computer room, or other area containing critical information. A very common type of physical attack is referred to as dumpster diving (or trashing). This is the act of looking through trash cans or dumpsters for discarded passwords, network diagrams, organizational leadership charts, dial-up access numbers, or generally any information that will allow the hacker to make his or her social engineering attack more believable and thus more effective.


*** Operating System Attacks ***

Every computer requires an operating system (OS) to run. By using either a personally discovered, or one of many well-known exploits, a hacker may be able to gain control of an individual target system. While some operating systems are more secure than others, all are vulnerable to attack. When these vulnerabilities turn up, theyíre shared among those in the hacking community.

The most vulnerable operating system is Windows, but Linux and Mac OS have their own vulnerabilities. Many hackers prefer to attack machines running Windows because they are more widely used and the larger number of vulnerabilities is better known.

Attacks on operating systems include exploiting built-in authentication methods, cracking passwords/hashes, cracking file-system security, and exploiting specific protocol implementations.


*** Network Attacks ***

Attacks on networks are many and varied but the basic attacks include the following: Denial of Service (DoS) to a network by flooding the network with too many requests. A popular variation of the Denial of Service is the Distributed Denial of Service (DDoS) which is harder for a targetís ISP to protect against as the packets are flooding the network from many different IP addresses. Installing a network analyzing/packet sniffer to capture every packet that passes. This type of attack will reveal any confidential information or password sent in clear text. Connecting to a rogue modem installed on a computer attached to the network behind the network firewall. ARP poisoning (or ARP spoofing) a network router. A hacker can change the Address Resolution Protocol (ARP) tables that store IP addresses to Media Access Control (MAC) mappings of a network. This causes the router to sent traffic to the hackerís computer, rather than the true destination. Exploiting an insecure 802.11b wireless configuration to allow an attacker to piggyback onto the network.


*** Application Attacks ***

Email server software and many popular web applications are frequent targets of hacker attacks. Hackers will try to attack applications that use Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) because the majority of firewalls are configured by default to allow full access to these programs from the internet. Malware such as viruses, trojan horses, worms, keyloggers, spyware, and remote administration tools (RATs) are also popular forms of application attacks.

Comments

fallingmidgeton May 14 2008 - 02:20:05
doesn't really give any real life examples. it is ok i just think you should add a little more.
dex_poeton May 14 2008 - 08:28:02
If you were going to talk to someone about hacking for the first time (hence the "Part 1"Wink, would you really want to get into things like OS vulns? If the idea is to prevent the hack, I would think a neat check list defining good practice would help more than going through a little hacker vocabulary. For people who don't know anything about hacking, it is all the same stuff and they don't care how it was done. Define the audience? Never too late to edit. And by the way, there is no such thing as unauthorized access ;D (someone/thing must have authorized it)
iantharanon May 15 2008 - 11:41:51
good article, but i think you should have added a few examples to it
Uber0non May 17 2008 - 12:35:12
Just like the others said - this isn't a prevention guide, just an explanation of a few words... :right:
alkaon May 19 2008 - 01:18:04
The most vulnerable operating system is Windows, ...
it's not entirely true because reason why there are so many exploit exist for M$, is because it's the most widely used, there for hackers attack them more often...
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.