|  Zephyr-The-Zeph | Aug 20, 2008 8:46pm | Because this group is SLOOOOOOWWWWWW, I figured I would start in on something I wrote long, long, long, ago.
Hopefully generate some discussion.
The most concise definition of hacking I could give you would be, "The remote manipulation of memory via unintended software and hardware flaws". That sums it up. Nothing More, nothing less. The fundamentals of hacking lie in the fact that no matter how great you are, You are not a computer, We have an intermediary language(s), C++, Ruby, Python, Java, etc. Neither the computer or us understand any of them very well, No matter how much we like to think otherwise. This leads to misunderstandings of exactly what must be done, and you take advantage of these aforementioned misunderstandings and poor design choices.
You cannot step in and begin hacking from a Windows or Mac OSX computer, Regardless of what you have seen, you MUST have tools, This is not an option. If you are serious about understanding deep network magic and general hacking, Then you have no other option than to run a form of the Unix operating system, preferably Linux, If you don't know what Linux is, or at least have a good idea, Nows probably a good time to stop. Likewise, if you don't have at least a vague idea of how networks exchange data, about how your computer works, and the most basic services of the internet, Now is also probably a good time to /quit.
Getting back to the discussion of the tools you WILL need.
A C++ Compiler, Preferably the free GNU toolchain
An assembler such as NASM, Comes with almost all Linux distros
A rudimentary portscanner such as SoCat, Or if you want to jump in the deep end, Nmap.
Netcat, Socat, etc.
This is all you will need for the most basic steps, but as you advance, You will find yourself needing Disassemblers, Libraries, etc.
In the meantime...
Lets go over basic attack types
Bounds Checking Attacks {All Overflow Attacks and Pointer Magic}
Language Ambiguity (Input validations) {SQL Injection, XSS attacks, Format String attacks, etc.}
Subversion of Lower Processes {Shatter Attacks, DRD Attacks}
Memory Leak attacks {Many examples, Mostly DoS related}
Race conditions {TOCs and generic Race Conditions}
Off-By-Ones and generic programming mistakes {Usually the result of a literal programming mistake}
As well, Theres are many other attacks which are not 'Hacking' But encompass interesting usage of existing protocols and services, Such as
FTP bouncing
TCP/IP decoy throwing (Better known as pullusion)
Death Pings
RST and RFC 2399 abuse (Better known as Dead Scanning)
TCP flag dropping
ARP Poisoning
SMB enumeration
Remote shutdown
etc. etc. etc.
Presumably, We will NOT start with a generic Buffer Overflow introduction, as using Buffer overflows correctly in a realistic setting is complicated and requires alot of fundamental ASM and C knowledge. We will start the next chapter with advanced usage of the basic unix (bash) toolchains, and usage of Incantations and the appropriate incantations related to SSH, rlogin, etc. |
|
| 
| | moookid | Aug 21, 2008 9:19am | Must resist... temptation to... troll about the definition of 'hack'...
¬_¬ |
|
| 
| |
| 
| | olegnep | Sep 30, 2008 8:09am | | name-caller |
|
| 
|
| L2notnoob - Part 1
| |
Stoppelism