As usual, feedback is appreciated. ********************************** TNHG Part 2 Introduction Welcome back to the Total Newbie Security/Hacking Guide. This is part two of the tutorial, and assumes you have read part one, which can be found a little ways below. If you haven't read part one, at least have some background in computer security. Just to make sure that you do have enough background knowledge to understand this tutorial, here' s a little quiz you can use to check yourself. I won't provide answers here- the whole purpose of the quiz is to make sure you know things, and if you don't, read the last tutorial. 1. What is a port, and what is its function? 2. What is a firewall, and how does it help secure a computer or network? 3. Define: FTP HTTP SMTP 4. What is a honeypot, and why does it suck if you get caught in one? If you knew none of those, don't read on. If you knew 1 or 2, then you may want to brush up on your reading before continuing. If you got most or all right, congratulations and thank you for bearing my rambling in the first part. Anyway, I'm going to cover a lot of new ground in this tutorial, so you will need to remember your old terms, as well as what you learn here. If you can remember just a few things after you've read this part through once, that's good- you can always come back to see what you missed. My aims for this part of the tutorial are simple: to provide you with more knowledge of terms and security, teach you the basic pre-hack steps you should (and need to, quite often) take, and finally, the first steps into actually hacking something. At the end, I've also decided to throw in a basic C++ lesson that I'll build on in the coming parts of the tutorial. If you're ready to read, then let's go. Terms Again, I'm going to throw in a terms section. All of these terms here will likely be brand new to you (if you're a newbie), as I'm not including any terms from the last tutorial in this section- if you need to know those, look back. Client and Server- these are the two parts of a direct connection between computers. For example, let's say you're downloading some porno off of an FTP server. You, the sex-deprived computer user, are the client. The client is the end of a connection that makes a request to the server to connect. The FTP server that provides you with porno is obviously the server. This is the end of the connection that listens (waits) for incoming connection requests. It can either accept or decline these requests. Sockets- sockets tie in with the last example. A socket is the endpoint of connection (there are two, one at the server end and one at the client end) that will be bound to a certain port and IP (or IP range; see next definition) in order to establish the connection- you can think of it like a real socket, in which things are connecting to get a power supply. IP Range- this term refers to (obviously) a range of IP addresses. For example, if you are given IP range 192.168.1.xxx, that would refer to any computer that has an IP address from 192.168.1.1 to 192.168.1.255- however, these only refer to local machines on the same network (IPs with the 192.168 prefix), so hopefully I didn't just break forum rules. Telnet- this is a utility that was originally used for legal purposes- for example, logging into an e-mail account from a remote location to check stock reports or something. Nowadays, Telnet is still used, for both legal and illegal purposes, but its use has dwindled due to more advanced programs and computer-illiterate people that wouldn't know how to use Telnet. Anyway, when used correctly, Telnet can become a nice friend to hackers. Those are really all of the terms you'll need- if there are any others, I'll define them when we first see them. However, you may hear other hackers refer to different types of people- and here are the definitions. Script Kiddie- script kiddies are the most useless and childish form of "hackers" but sadly the most common. Script kiddies are people that do no work on their own, have no knowledge about computers, how they work, or how to hack, but just use simple programs to do what they think is hacking- such as trojans, AIM password stealers, etc. Script kiddies are hated by most everybody in the computer community- you do not want to be one. Hacker- somebody who breaks into single computers or computer networks for a number of different reasons- the types of hackers are defined below. White Hat Hacker- an ethical hacker, sometimes called a "Noble Hacker", who breaks into computers/networks for the purposes of information and fascination- they feel that information should be shared, and as such they attempt to break into systems for this information- and the fascination with computers ties in because they want to see how things work, what types of hacking work and what doesn't. White hats will sometimes release programs to exploit vulnerabilities that they find- they will not use these, because it damages things, and they don't want to do that. They leave damage up to black hats, or sometimes script kiddies will try exploits- and always land in jail. Many people on the forums, including myself, are white hats- we don't damage things, but just get information. Grey Hat Hacker- a grey hat is a person who generally sticks to the principles of white hat hacking, but will sometimes damage systems- they are in between white hats and black hats. Black Hat Hacker- as all good hackers are, black hats are very competent at what they do- and that is breaking in to wreck systems. Rather than break in and follow the white hat path of getting information, black hats will screw up everything that people have worked hard to do- they will wipe data, plant viruses, and do other things that will damage systems. Anyway, that's about it for terms/hackers. As I said before, any new terms in this part of the tutorial will be defined, if necessary, when we meet them. Legal Stuff As you probably know, hacking (even white hat) is totally illegal (although gathering info shouldn't be) and will land you in jail or juvenile hall. That is not good. I will not take responsibility for your actions- this whole tutorial is for educational purposes only, and as such, I won't take the blame when you get busted and land in jail- which is likely to happen if you don't know much. Sorry, but I have to cover my own ass. Now back to the actual tutorial. Reading As I've mentioned before, you will need to do a very sizable amount of reading in order to become competent. If you want, you should experiment on IP address 127.0.0.1, which is your local machine's loopback address- your own computer. Do not attempt to hack anyone else's computer until you are competent and confident in your abilities. Unfortunately, many people (especially script kiddies) who know nothing about computers will attempt to hack something and just get caught. Don't be one of those people- and also, the more knowledge you have, the more respected you will be by other hackers, espeically those of lower skill- and I'm sure you want respect, don't you? Having a good knowledge of many security topics is best- you shouldn't know only a few things, however. You should be as knowledgeable as possible in many topics, because the more knowledge you have in a vast area of topics, the more competent you'll be, and the better you'll be able to overcome obstacles. Think of your knowledge as tools in your toolbox (brain.) In real life, the more tools you have, the easier it is to get the job done- and if you run into a problem one way, you can always adjust. The same applies to hacking/security. You should have a good base in areas such as: ? Anonymity/Proxy ? Programming ? Telnet ? Basic Terms (they will come in handy!) ? Ports ? Firewalls ? Exploits and many others that I don't list here. Google (www.google.com) and AstaLaVista (www.astalavista.com) will become your friends. You will find infinite text documents explaining how to do things, how to hide yourself, how not to get busted (or Slarty's tutorial on how to get busted) and a good background in security among many other things. Since these resources are abundantly available, use them before running to other people to ask questions. Now that I have succesfully bored you to death, we'll liven things up a bit- it's time to move onto pre-attack stuff so you can be on your way with basic hacking. Ping Hopefully you know what and where the Command Prompt (or MS-DOS Prompt, on some OS's) is. Open that, as it will be a good friend of yours, as will many things you'll uncover along the way. The first thing that I do once I've obtained a target's IP is ping. Ping is a command that was originally designed (and still is used) in order to see whether a computer is connected to the 'Net, or if the machine even exists. Ping is very simple, and is done from the Command Prompt. NOTE: MS-DOS Prompt works the way as Command Prompt, but I only refer to Command Prompt because that's what I use- but MS-DOS Prompt users, do the same stuff. To ping a computer, you first need its IP address. Once that's done, go into Command Prompt and type: ping IP address where ping is the IP of the target. So, if you pinged IP 127.0.0.1 (you should know what that is by now) you would type this- ping 127.0.0.1 and hit Enter. If you get text below that says "Request timed out", it means the computer is not connected or doesn't exist, and thus is not hackable at this point (if it doesn't exist, you won't be able to hack it at all.) However, if you get something that says "Reply from (IP here)" and some other data, you're in luck. That means the computer exists AND is connected- you don't have to worry about all the other stuff that appears, as "Request timed out" and "Reply from" are really the important parts of pinging. However, you may not have any clue how to get anyone's IP address, and I won't leave you hanging. Read on. Obtaining an IP Address There are numerous ways to get somebody's IP address, and the easiest way is to just ask them while you're on a messenger service or something. If you ask them to go to www.ipchicken.com and tell you "those big numbers in blue", it's likely they'll oblige if they're computer-illiterate. If your target isn't that braindead but you still want to use this method, then think up a creative story- make sure you throw in some computer terms that they don't know (hell, YOU don't have to know what they mean, so long as you can lie about their meaning) and hopefully you'll be able to persuade them in the end. This type of info-gathering, just asking somebody to do something for you, is called social engineering. If that doesn't work or seems too risky, go on a messenger. While talking with somebody, say you have an awesome file you want them to see and click the messenger's option to connect to share files. Once you are connecting or connected, go into command prompt and type netstat -n and hit Enter. You'll see a list of protocols (it says proto), IP addresses, and connection statuses. Do netstat -n before connecting, and then while connecting or connected. The second time, look for a new IP address with a connection status that says ESTABLISHED- you now have your victim's IP. Don't fear if you need the IP address of a website- it's real easy. Go into Command Prompt, and ping the site in the same way you would a computer. So, if you wanted to get Google's IP, type into Command Prompt: ping www.google.com and you'll see reply from (IP address here) [www.google.com] and that is the IP. Another way to get an IP of a website: the netstat -an command (NOT netstat -n.) Just open that page up in a browser and type into Command Prompt: netstat -an Look for a connection ESTABLISHED between you and another IP on port 80. If you see a line like this: TCP 127.0.0.1: 80 ESTABLISHED it means that you have established a connection with IP 127.0.0.1 on port 80. And that's about it for getting IP's. You should now have enough methods to successfully get pretty much anyone's IP address. Back to more pre-attack stuff: port scanning. Port Scanning If you read the last part of the tutorial, you'll undoubtedly have a good handle on ports and their functions. You may not know which port does what, but that's okay, as you don't need to memorize many- only a few ports will be of real importance to you. Anyway, once you have an IP address, ping it. If it is connected, then it is time to do a port scan. Port scanning is simply scanning a computer to find out what ports are open on that machine- remember that, since a port acts like a door, you can only come in through an open door (active, open port.) You'll need to download a port scanner first. There are many out there, and they do essentially the same thing- for many, it's a matter of personal preference. Sure, some port scanners won't work on some machines for whatever reason, but there are more than enough port scanners for you to find and stick with a certain one that you like. Here is a list of a few highly regarded port scanners. Just search on Google for 'em and you'll find them in no time. Blue's Port Scanner Scanline XScan NMap Once you have your port scanner, it's very simple to find out what ports a specific computer has open. For the sake of saving at least some space, I'm only going to use the port scanner that I have, and my favorite one- Blue's Port Scanner. While the directions will sometimes be specific to the layout of Blue's Port Scanner, every port scanner asks you for the same info. Blue's is also a good one for newbies- it doesn't bombard you with advanced terminology, is fast, accurate, and ridiculously easy to use. The first thing you'll want to figure out is whether you want to port scan a specific IP address or an IP range (see Terms section.) In general, since you want to have one specific target, I'd recommend a single IP rather than a range- although scanning an IP range can sometimes help to find a target- whatever you prefer. For an IP range, enter the beginning of one set of IP addresses in one box and the end in another. To clarify, if you wanted to scan from computer 127.0.0.1 to 127.0.0.255, you would input this: First Box- 127.0.0.1 Second Box- 127.0.0.255 Some port scanners may just allow you to enter 127.0.0.x, but I don't know. To scan a specific IP, put it into the first AND second boxes- make sure the IP is exactly the same in both boxes, or you'll scan a small IP range. Either way, you'll get results like: TCP: 127.0.0.1 [80- http] or another similarly-syntaxed result. The 80, in this case, is the open port- HTTP is the protocol, which you should know. Some commonly known port protocols and numbers are: Port 21- FTP Port 22- SSH (encrypted server) Port 23- Telnet (we'll get to this in a bit) Port 25- SMTP Port 80- HTTP Port 110- POP3 There are tens of thousands of ports with different functions, ranging from AIM to KaZaA to trojans, anything you can think of. However, you'll generally be connecting to a commonly-known port. If you have an IP address and an open port, it's time to attack. The Fun Part- Attacking Okay- you've finally made it, after reading through lots of my incoherent babble from which you've hopefully learned a few things. Now, since hacking is a crime, it's imperative that you cover your tracks. One thing you'll hear about is a proxy. This simply serves as a middle man in your connection with a target- so, rather than a direct connect with a target, you connect through the proxy server to your destination. Visually, here's a respresentation: Non-Proxy Connection You ------> Target (Directly Connected) Proxy Connection You ------> Proxy Server ------> Target (Directly connected, but through a proxy) Hopefully, this makes it a bit easier to understand what proxies are all about. Since many sites log IPs of visitors, a proxy helps because IT does the actual connecting to the site, and thus your IP is covered. It's one of the most important things you can do. Download MultiProxy (www.multiproxy.org) and you can also establish a proxy chain, which is just multiple proxies linked together. To visualize a proxy chain: You ------> Proxy 1 ------> Proxy 2 ------> Proxy 3 ------> Target You can link as many proxies together as you want- the more proxies you have, the more protection and anonymity you are afforded. However, note that there is no way to be fully anonymous- even the most careful hacker can still get caught. Generally, if you take enough precautions, you should be okay, but never fall into the mental trap that you're safe- you never are fully protected. That is a myth that I want to clear up for your sake. There are many other tutorials devoted solely to anonymity, so I won't explain any more about it- read them, because the most important thing you can do is hide yourself in every way imaginable. With that said, let's hack... Telnet Hacking I've already explained Telnet in the Terms section, so you know (hopefully) what it is. All Telnet hacking can be done directly from the Command Prompt, and it's really quite simple. Note that you should always take anonymity measures before hacking- I won't explicitly state that, but you should do things like connecting to proxies before hacking in any way. Back on the subject of Telnet, it's real easy to use, and since you have a few ports you can use with Telnet, it's an excellent and versatile method of hacking. Open up your Command Prompt and get ready. You must have the IP address of the victim as well as an open port. Just using Telnet from the Command Prompt, you can only access 5 ports- 21(FTP), 23(Telnet), 25(SMTP), 80(HTTP), and 110(POP3). Just so you know, POP3 is Post Office Protocol 3 and is a mail transfer protocol based on SMTP. The syntax to connect to somebody's computer through Telnet is as follows: telnet (IP here) [port] Obviously, without the parentheses and brackets. So if you want to connect to IP 127.0.0.1 on port 25, then you would type the following command: telnet 127.0.0.1 25 And that's it. TELNET is the command that tells the machine to make a remote connection with another through the Telnet utility, in this case to IP 127.0.0.1 on port 25, the SMTP port- through this port, you can send mail to people, but I won't explain that here. Make sure that you enter the right port number, because as I stated above, only a few ports work with Telnet. To get connected to a few more ports like port 22 (SSH) you need to download PuTTY- it's an excellent tool that allows for connections to be made that are beyond Telnet's capabilities. You'll get messages if you're connected, like asking you for a username/password, or if a server name is at the top of your screen- just watch out you don't fall into a honeypot. You can tell sometimes by the server name (if it's unrealistic) or the fact a certain computer seemed too easy to hack into. Sometimes, however, you'll get a blank screen. This means that either the port is somehow dead or unusable, or the target computer has a firewall up, thus blocking incoming connections. For right now, do not mess with firewalls- just keep trying until you can get a good target. That's it for my fairly brief description of Telnet- the Telnet Hacking tutorial by Th3_R@v3n is an excellent resource for more detailed information. Trojans I know trojanning is not hacking, and I detest the script kiddies who use trojans to "hack", but I figure since many people, some of them undoubtedly script kiddies will be reading this, I decided to throw in this section to hopefully quell the immense flood of questions about using trojans. A trojan horse (trojan for short) is a program that is installed on another computer. It is open on a certain port, and once the virus (the actual trojan) is executed, you may connect to it from any computer- generally, yours. You can do any number of things with a trojan, ranging from deleting files to changing settings to deleting the Registry (NOT ADVISED) to, well, anything you want to do- however, you will get no respect from real hackers through the use of trojans, because they are so easy to use and require no knowledge of how computers work. Anyway, there are limitless trojans, but all work the same way. You must know the IP of the target and the port the trojan runs on- it may have it already filled in, though. If you don't know the port, check a port list- if you have Blue's Port Scanner, click the question mark and you'll see a full port list. Search (could take a LONG time) for the port. All you have to do is fill in the IP in one field and the port the trojan runs on in another and send it. First, make any modifications- add your email address in for notification, and filter any actions/ create passwords, basically just make the server how you want it. Then send it to somebody- remember that AV programs will always catch a trojan that you use, because the AV programs will have those trojans, which are viruses, defined as a virus. This is another reason trojanning is discouraged- because of the fact that moronic script kiddies use 'em, they almost always get caught- even if they eventually figure out the complicated workings of buttons and info fields. Anyway, there are a few ways to send them. You can send them through file sharing on a messenger, through a link in email, whatever- if you can't figure those out, trojans may be too advanced for you- in other words, sell your damn computer. You'll want to bind a file to the virus with a tool called a (very aptly named, I might add) binder. Just select the files you want to bind, and do it. The file you bind to the executable trojan must also be an executable file type, of .exe., .scr (screensaver), or any other file that is executed. And that's it for trojans- although I resent having to throw that section in, hopefully it'll save the stupid questions. C++ Lesson 1 That's it for the hacking stuff, but learning a programming language is a big help to yourself, and will earn you respect if you code tools that can be used easily and get results. Many people say that C++ is too hard to learn to be your first language, but I'm proof that that's a myth. C++ was my first programming language, since HTML is not programming. Anyway, C++ can be learned like any other language if you just get a solid grasp of the basics and build on everything you do. The best thing you can do for yourself as a programmer is, quite simply, WRITE PROGRAMS. Not only does it hone your programming skills and know-how, but it also improves upon your creativity, and creativity is really the key to programming. Anyway, this section can be found at the end of not only this tutorial, but ensuing tutorials as well, and it will give you an understanding of C++. However, I'm not saying that these sections will replace a C++ book that's a jillion pages long, because I can't cover everything- I can't be totally thorough without using up a jillion pages in the forum. So here's your first little C++ lesson- there are exercises at the end that will test you on what you've learned- if you do them and self-initiated programminng projects, you're doing yourself an immeasurable favor. The first thing we're going to cover is basically stuff that you will need to put in all of your programs in order to make them run. Here's the Hello, World! program, and I will dissect it afterwards. #include using namespace std; int main() { cout<<"Hello, world!"; return 0; } And that's it. The syntax may be a bit daunting, but program enough C++ and you'll get the hang of it. Anyway, let's dissect the program. The #include statement defines header files (you'll learn about them later) for the program to use- is a header file that allows you to input and output data, using the cin and cout statements, respectively. So put that in all your programs- we'll cover other header files, too. A namespace is basically something that defines all statements that can be used- otherwise, the compiler'll have no idea what you're trying to do. For example, the code #include int main() { cout<<"Hello, world!"; return 0; } Would create one massive screw-up of a debugging line. You may ask why- after all, the header file is used and the cout statement is the same. However, you'll probably notice the absence of the statement USING NAMESPACE STD, and that's what creates errors- sure, you have the header file, but without the std namespace, the compiler won't know what commands like cout are- so add the line, and make sure you put a semicolon at the end. This is an error of many new programmers (even experienced ones.) Every time you want to terminate a statment (can be single-lined or a block of code), you must use a semicolon (. Variables A variable, very simply put, is a bit of code that stores a value- it can be numbers, letters, sentences, or anything else, depending on the type of variable: int- integer number, used generally for smaller numbers. (1 byte) short- a 2-byte number variable. long- a 4-byte number variable that is used for large numbers. float- refers to a floating point (decimal) variable. double- used for larger decimals, this is an 8-byte variable. char- used to store one character (letter). string- a string is a string of words, like a sentence. With those variables, you should learn calculations, which are performed with the numerical operators: + (addition) - (subtraction) * (multiplication) / (division) % (modulus) The modulus you may not know about- it is simply the remainder of a division problem. You do not need to divide and then use a modulus operator- it will divide and output ONLY the remainder. Now we'll look at a program that declares two variables and calculates the modulus of the two, to illustrate my point about what the modulus operator does: #include using namespace std; int main() { int x = 10; int y = 3; cout<<"The modulus of x and y is " <