Basics of Hacking

The Basics of Hacking and Viruses

THIS IS FOR EDUCATIONAL PURPOSES ONLY (although I know readers will ignore this)

In the hacking world, there are 3 groups of hackers, distinguishable by their nonexistent colored hats:

• White Hat 
• These are the "good guys" who help people out with their computer problems.

• Grey Hat

• A mixture of white and black, these hackers can either do both white and black hat hacking, or black hat hacking and then white hat hacking. For example, let's say a website has an exploit. The grey hat would use the exploit to hack into their website, but wouldn't cause any harm; only notify the admin that there is an exploit on their site.

• Black Hat

• The worst of them all, Black Hats hack to steal and steal to hack... if that makes any sense at all. They're the ones who could possibly steal your credit card info, crash your website, etc. You don't want to get on the bad side of these guys. 

Hacking can be ILLEGAL, but only if you break into unwanted areas, such as websites that are not yours, computers that are not yours, you get the point. It's like robbing; it's illegal only when you steal/break in from somebody else.


There are hundreds of different things to hack, and there are hundreds of ways to hack them. Here are the basics:

• Exploiting/Injection - Using problems or holes/faults in the victim to gain access.
• Flooding/DoS/DDoS - Using programs or multiple computers to send trillions of bytes to one location in an attempt to overload it.
• Brute Forcing - Using programs to try to access protected areas by guessing the password from a list or by words in the alphabet thousands of times a second. 
• Cracking -  Changing code inside the victim to gain access.
• Phishing - Tricking victims into entering personal data about themselves.
• RATing - Using programs called RATs to gain access to a victim's computer through a back door and control it.

 Exploiting/Injecting
 All exploiting and injecting I can think of is used on websites. To exploit, hackers use scripts that trick the website into thinking the hacker is admin, or doing something only an admin can do, going the hacker power over parts or all of the site.

Exploiting/injecting can be done with programming code such as PHP, SQL, Javascript, basically anything that can write a website can be used to exploit a site. Example seen at right (drawn by me, like those drawing skillz?)
















Flooding/DoS/DDoS
 DoS (Denial of Service) and DDoS (Distributed Denial of Service) are powerful attacks that can be dangerous when used correctly. What it is, is basically the hacker sends trillions of billions of data to one location in an attempt to slow or shut the victim down. the victim can be a website, computer, or anything that has an IP address.

The difference between DoS and DDoS attacks is DoS attacks are by one person, whereas DDoS attacks are Distributed, as in across many computers. In DDoS attacks the hacker usually has control over all the victim's computers, nicknamed "Zombies". The Zombie are controlled by the hacker, the "Leader". The Leader sends commands to all the Zombies to ping, or send data to, one location. DDoS attacks are MUCH stronger than DoS simply because there are so many more attackers.

Example drawing of control at left, and example DoS program at right (the creator of that program mistakenly typed DDoS at the title instead of DoS since it can't control zombie computers).














Brute Forcing
Brute Forcing is slow, ineffective, and easily detected by a victim. A hacker would most likely use this as their last resort to attack a victim.

It's so ineffective because it needs to use either a dictionary (giant list of words in a text document), or guess random letters/numbers. Rarely do you ever see someone get brute forced, because they get caught so easily. The brute forcer tries to guess THOUSANDS of passwords per second, so of course the victim would know the hacker is trying to brute force because they look at the logs and see that someone tried to log in thousands of times.
















Cracking
Used mostly on programs, cracking can be either patches (modifications to a program that can be downloaded and installed) or manual code changing (often with hex editors). hex (Hexadecimal) is a number system that counts by 16 values, in contrast to the decimal system that counts by 10 values (0-10), and  uses the alphabetic letters A-F to represent the 6 values past 9. For example, counting in hex would be:

0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0A, 0B, 0C, 0D, 0E, 0F, 10.

All computer files are able to be edited in a hex editor, and when in hex, the file contains such code like:

48 65 6C 6C 6F 2C 20 79 6F 75 72 20 61 72 65 20 72 65 61 64 69 6E 67 20 74 68 69 73 20 74 65 78 74 20 6F 6E 20 4F 63 74 6F 70 69 27 73 20 62 6C 6F 67 2E

(That text said "Hello, your are reading this text on Octopi's blog.") Most files can be edited in hex and able to be executed again, but some cannot. I'm not very knowledgeable about hex editing, but it requires a lot of knowledge on how to do it.

However, there are many patches of programs that can be downloaded off of the internet such as Photoshop, Vegas Pro, Call of Duty, etc. Most of them are ILLEGAL because it's allowing people to use programs for free that should be paid for. Plus, most of cracks of programs are disguised as viruses or RATs (see the section on RATs below), so make sure that if you decide to use a crack, download from a reliable location. ThePirateBay.org is a torrent site that provides pretty clean cracks.

Phishing
 Phishing, like it's name suggests, "hooks" victims like a fish to give the hacker their personal information. The victim gets tricked into thinking it's the legitimate website, but it's actually the hacker's website. When they attempt to log in, the website sends those credentials to the hacker.
Most phishing attacks are done by the hacker mass emailing thousands of random emails a fake website account email. Almost everyone who has an email gets spam, and I'm sure you've gotten one of those emails that say, "Your bank account has had suspicious activity! Log on here: http://www.hackersite.com/bankofamerica". That is a phishing attempt.

It's pretty easy to tell if an email is a phishing attempt, by following these rules:

• If the email has spelling/grammatical errors, it may be an attempt.
• If the URL of the website the email sends you is fraudulent, then it's definitely a phishing attempt.

• To tell if a URL is fake, make sure that the domain is real.
• Real: http://login.wellsfargo.com/
• Fake: http://wellsfargologin.qibgh3.com/
• ALWAYS check the subdomain and domain before visiting a suspicious link.
• For example, if you get an email from Wells Fargo, make sure the DOMAIN is Wells Fargo, not something else. 
• A email without images that tries to get you to log into a website is usually the case of a phishing attempt. However, hackers are getting smarter and disguising their emails with images that make the email appear real. But remember, ALWAYS check the URL.

At right: Fake email attempting to lure the victim into logging on to a fake eBay website. Notice how the hacker puts the image at the top to make it appear real.
 

RATing
This type of hacking is my favorite :D RATs are programs that install trojans on victims computers, giving the hacker access to them. Once they get access, they can do basically whatever they want, whether it's harassing them, changing their background, watching their screen, or even wiping their hard drive.
 Most RATs are easy to detect because they're used so often, but hackers now use crypters to stop anti-virus programs from detecting that it's a hacking program.  For example, scanning an infected file would come up in a result like this:

File server.exe received on 2010.01.18 07:16:13 (UTC)
Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.18	Riskware.Win32.DelfInject!IK
AhnLab-V3	5.0.0.2	2010.01.16	-
AntiVir	7.9.1.142	2010.01.17	TR/Spy.Gen
Antiy-AVL	2.0.3.7	2010.01.12	-
Authentium	5.2.0.5	2010.01.16	W32/Downloader.C.gen!Eldorado
Avast	4.8.1351.0	2010.01.17	Win32:Buzus-IV
AVG	9.0.0.730	2010.01.17	Generic15.AZNC
BitDefender	7.2	2010.01.18	Generic.Malware.SPV!PkWk!.92DC6447
CAT-QuickHeal	10.00	2010.01.18	Trojan.Mepaow.jty
ClamAV	0.94.1	2010.01.17	Trojan.Killav-109
Comodo	3621	2010.01.18	Heur.Packed.Unknown
DrWeb	5.0.1.12222	2010.01.18	Trojan.Apocalyps.1
eSafe	7.0.17.0	2010.01.17	-
eTrust-Vet	35.2.7243	2010.01.18	Win32/Dowque.AXR
F-Prot	4.5.1.85	2010.01.17	W32/Downloader.C.gen!Eldorado
F-Secure	9.0.15370.0	2010.01.18	-
Fortinet	4.0.14.0	2010.01.18	-
GData	19	2010.01.17	Generic.Malware.SPV!PkWk!.92DC6447
Ikarus	T3.1.1.80.0	2010.01.18	VirTool.Win32.DelfInject
Jiangmin	13.0.900	2010.01.18	Trojan/Mepaow.gv
K7AntiVirus	7.10.949	2010.01.16	-
Kaspersky	7.0.0.125	2010.01.18	-
McAfee	5864	2010.01.17	BackDoor-EIL
McAfee+Artemis	5864	2010.01.17	BackDoor-EIL
McAfee-GW-Edition	6.8.5	2010.01.17	Trojan.Spy.Gen
Microsoft	1.5302	2010.01.18	VirTool:Win32/DelfInject.gen!L
NOD32	4781	2010.01.18	a variant of Win32/Lypserat.A
Norman	6.04.03	2010.01.17	-
nProtect	2009.1.8.0	2010.01.18	Trojan/W32.Mepaow.73216.G
Panda	10.0.2.2	2010.01.17	Suspicious file
PCTools	7.0.3.5	2010.01.18	Trojan.IRCBot
Prevx	3.0	2010.01.18	Medium Risk Malware
Rising	22.31.00.03	2010.01.18	Backdoor.Win32.Undef.fcl
Sophos	4.49.0	2010.01.18	Mal/Behav-010
Sunbelt	3.2.1858.2	2010.01.17	RiskTool.Win32.ProcessPatcher.Nor!cobra (v)
Symantec	20091.2.0.41	2010.01.18	W32.IRCBot.Gen
TheHacker	6.5.0.6.154	2010.01.18	-
TrendMicro	9.120.0.1004	2010.01.18	PAK_Generic.001
VBA32	3.12.12.1	2010.01.17	Trojan.Win32.Mepaow.jrk
ViRobot	2010.1.18.2141	2010.01.18	-
VirusBuster	5.0.21.0	2010.01.17	-

Whereas a crypted RAT would return results like this:

File Keygen.exe received on 2010.02.03 07:09:18 (UTC)
Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.02.03	-
AhnLab-V3	5.0.0.2	2010.02.03	-
AntiVir	7.9.1.156	2010.02.02	-
Antiy-AVL	2.0.3.7	2010.02.02	-
Authentium	5.2.0.5	2010.02.03	-
Avast	4.8.1351.0	2010.02.02	-
AVG	9.0.0.730	2010.02.02	Dropper.Small.CGH
BitDefender	7.2	2010.02.03	-
CAT-QuickHeal	10.00	2010.02.03	-
ClamAV	0.96.0.0-git	2010.02.03	-
Comodo	3802	2010.02.03	-
DrWeb	5.0.1.12222	2010.02.03	-
eSafe	7.0.17.0	2010.02.02	-
eTrust-Vet	35.2.7278	2010.02.03	-
F-Prot	4.5.1.85	2010.02.01	-
F-Secure	9.0.15370.0	2010.02.03	-
Fortinet	4.0.14.0	2010.02.03	-
GData	19	2010.02.03	-
Ikarus	T3.1.1.80.0	2010.02.03	-
K7AntiVirus	7.10.963	2010.02.02	-
Kaspersky	7.0.0.125	2010.02.03	-
McAfee	5880	2010.02.02	-
McAfee+Artemis	5880	2010.02.02	-
McAfee-GW-Edition	6.8.5	2010.02.02	-
Microsoft	1.5406	2010.02.03	-
NOD32	4830	2010.02.03	a variant of MSIL/TrojanDropper.Agent.T
Norman	6.04.03	2010.02.02	-
nProtect	2009.1.8.0	2010.02.03	-
Panda	10.0.2.2	2010.02.02	-
PCTools	7.0.3.5	2010.02.03	Trojan.Generic
Prevx	3.0	2010.02.03	-
Rising	22.33.02.03	2010.02.03	-
Sophos	4.50.0	2010.02.03	-
Sunbelt	3.2.1858.2	2010.02.03	-
TheHacker	6.5.1.0.177	2010.02.03	-
TrendMicro	9.120.0.1004	2010.02.03	-
VBA32	3.12.12.1	2010.02.02	-
ViRobot	2010.2.3.2169	2010.02.03	-
VirusBuster	5.0.21.0	2010.02.02	-

As you can see, it can be dangerous when crypted files are sent out to the public. That's why its always good to have an anti-virus on your computer (I recommend AVG), because you don't always know when there's a virus on your computer.

Here's a few screenies of different RATs.