Free Essay


In: Other Topics

Submitted By parthapegu
Words 3455
Pages 14
ngA Basic UNIX Overview



Introduction ------------

One of the most common operating systems in existance is Unix. Unix exists in many different flavors, from Berkeley BSD to AT&T System V to SunOs. Basic working knowledge of Unix is almost essential to a hacker, as it is the system a hacker is most likely to come across. If you intend to use the internet at all, or to do any serious exploration of Telenet, the ability to navigate through Unix is a necessity. (Unix is also the single most interesting system in existance: it's just fun to fuck with). Unix Logins -----------

Most Unix logins look essentially the same. A general Unix login prompt looks something like this:

connected to login:

That first line is the system identifier. Although it's not at all essential to what you are doing, it's good to know what system you are attempting to log on to. The second line is what typically identifies the system you are on as Unix. Almost all Unix systems greet a user with the same prompt: login:. Well, there's not much to do in Unix from the outside, and Unix systems are typically fairly secure at this point. You may be able to obtain a list of users, or current users, by logging in as 'who', but other than that there are few functions available here. Unless you are on the internet, or have accounts specifically for the specific machine you are on, the only way on to the system is to try the default passwords. What are the default passwords? Unix systems come installed with certain passwords automatically. In addition, some accounts must exist on a system. One such account is 'root'. This user is the divine Kami of the Unix system... in short, an all access pass. Unfortunately, few systems allow root logins remotely, and even fewer leave 'root' unpassworded. Nevertheless, it's always worth a shot... try this:

connected to login: root password: root invalid login login:

well, nice try anyways... other possible passwords for root include 'sysadmin', 'sys', 'admin'... you get the idea. You may also want to try these passwords with a single digit appended (added, idiot) to them... meaning the password 'root' could be 'root1' or 'root2'. An interesting tip about passwords in general... many people that use passwords under 8 characters tend to add a digit or a non-alphanumeric character to the password. This is done in order to hinder guessing, and to stop password breakers (more on this later). In this case, you may want to try adding a space before root... or even an ascii 255 to the end. Fortunately, there is more than one default password in a unix system... a quick list:

sys sys bin bin daemon daemon rje rje setup setup uucp uucp/nuucp/anonymous nuucp uucp/nuucp/anonymous mountfsys mountfsys

In the System -------------

Ok, at this point, I'm going to assume you've gotten past the login... as painful as that may sound. Although Unix may be secure from the outside, without effort from the system administrators, the inside of the system is not. First off, you'll likely by asked for a terminal. vt100 serves your purposes sufficently, and it's typically the default, so hit enter. Now, hopefully, you have a prompt. There are many different types of unix prompts, some of which contain current directory information, some of which are just a single character. Just don't panic when my examples don't look exactly like what you've got on your screen. The first thing you *need* to do on the system is establish your tty paramters. As eldritch and arcane sounding as this term may seem, it's actually quite simple... you need to tell the system what keys are going to do what. The command to set these parameters is 'stty'. Watch:

squinkyB ] stty erase ^h squinkyB ]

There... that wasn't so bad, was it? Well, it's also pretty meaningless to you, unless you have the ascii table memorized and are pretty good at on-the-spot deduction. The tty erase parameters determines which key is to be used as a backspace. At times, this may already be set when you log in, or it may be set to a suitable alternate (such as delete). Most of the time the system will tell you when you log on if this is so. In this case, we've entered ^h in order to make the backspace key, appropriately enough, backspace. Another extremely important parameter is 'intr'. The 'intr' paramter tells the Unix system what you intend to use as a break character... you should have this set to ^c.

Getting Around --------------

A good thing to remember about Unix is that it's alot like DOS. Files are laid out in directories just as in DOS... in fact, the only immediate difference in the directory structures is that Unix uses a forward slash ("/", moron!) instead of a backwards one. Also, the basic Unix directory navigation command is identical to DOS. In order to change directories, you use the command 'chdir', or 'cd'. A quick example:

1 /usr1/astoria ] cd .. 2 /usr ]

Wala. That simple. Quick notes:

ю cd / will take you to root. ю cd /*pathname* will take you to *pathname* ю cd home will take you to your home directory.

You can make and delete your own directories with the mkdir/rmdir commands. Simply put, mkdir makes a subdirectory off of the current directory, and rmdir removes a subdirectory from the current subdirectory. Good to know if you plan to do a lot of file transfers. An important note about Unix directories, files, and concepts: Unix is a case-sensitive operating system. Thus, the files

ю Spleen ю spleen ю SPLEEN ю SpLeEn

are all different. This rule applies to directories and command line paramters, as well as most other Unix ideas. Another nice thing to know about Unix: Unix files are not subject to the normal DOS 8 character limit. Thus, you can have vast filenames, such as "this_file_ate_my_biscuit".

Some other important commands -----------------------------

First and foremost, you should know cp. cp is the basic Unix equivalent of the DOS COPY command. The command line for cp is identical to that of COPY. Next on the scale of cosmic import is cat. cat is the Unix equivalent of the DOS TYPE command, and once again, for simple file displaying, the command line is identical. Variations on the theme: pg: displayes a file page by page. Type "pg x filename", where x is a number of lines to display before pausing and filename is the file you wish to display. more: displays a file screen by screen. Stupid pet trick: You can use your cat to copy files, simply by using the directional operators. To copy a file from here to there using cat, simply type:

% cat here this is the file here % cat there this is the file there % cat here > there % cat there this is the file here

The operator ">" simply takes the output from the cat command and places is in the location specified after it. Another vital command to know is 'rm'. rm deletes a file from the system, in the same way DEL would on a DOS system. Not to much else to say. Critical in your navigation of a Unix system is the ls command. ls is DOS DIR on heroin. Simply type ls and you get a nice, neat list of files in the directory. DIR on controlled substances: There are a few command line parameters that you should know... foremost is l. ls -l gets you a list of files, and valuable information about each file, including permissions (more on that later), size, and linked files. Another useful command for long file lists is C. ls -C gets you a list of files in multiple columns, much the same as DIR /W would merit a double column report of all existing files. A quick reminder: ls -C is NOT the same as ls -c. Unix = case sensitive. Another good command to know, mv will move a file from directory to directory. For those of you without DOS 6.0 , mv simply copies a file to another directory and deletes the original. quick tip for files on the lam: if you want to rename a file (to protect the innocent), you need to mv a file to a different file name. A quick demo:

# ls myfile # cat myfile this is my file # mv myfile my_other_file # ls my_other_file # cat my_other_file this is my file

Another vastly important command is 'man'. In fact, man is probably one of the most important commands extant for a beginning user... it calls up the system's help files. To use man, simply type in 'man command', where command is a Unix command you seek to gain enlightenment regarding. It's a great way to gain an understanding of Unix commandline parameters. If you are interested in seeing who's been on of late, or just want a few names to try to hack, type 'who'. You get a quick list of users that have accessed the system lately. If you need to know who you are at this point, type 'whoami'. If you want to change your identity on the system, type 'su name' where name is an account on the system. It'll ask you for the account password, then, *presto*... instant transmogrification. A Caveat for smart alec hackers: Unix typically logs usage of the su command. While su may seem like a great opportunity to try to hack out passwords manually without worrying about the system hanging up after 3 attempts, it's typically not a good idea to do this, as it may alert the administrators to your presence. *Numero Uno on the list of commands NEVER to use on a Unix system: The 'passwd' command changes your password on a Unix system. Seems innocous enough, eh? Uh-uh. If your account is active, and there's a very strong chance that it either is or will be, there is no better way to lose the account than to change the password, only to have the legitimate user alert the sysadmins when he/she can't gain access to his/her normal account (well, there are better ways... you could simply mail the sysadmin and tell him you are trying to hack his grandmother's life support machine through your account). I've seen this single, quick command turn a extremely lax system into an ironclad security compound in less than a day. DONT-FUCK-WITH-IT. *Numero Dos on that same list: The 'mail' command reads and sends mail. So what? Well, unless your account is stable (and it isn't unless you either paid for it or killed the original owner in such a way that his body cannot claw it's way out of it's grave to it's keyboard), the user is more likely than not going to know if you read his mail. In addition, if you send mail out of the system (type 'mail', and a username/address; type in your message and end it with a ^d on it's own line), the response from your message will likewise alert the user to your presence.

System Spelunking -----------------

The first place you want to check out in the wild uncharted directory tree of your friendly neighborhood Unix system is the "/etc" directory. What's in it? The single most intensely important file on the system (besides a world writable root owned SUID file... but don't worry about that)... the passwd file. What is in the passwd file?

ю a list of all accounts on the system ю a list of the passwords for these accounts ю a list of access levels for these accounts ю a list of the home directories for these accounts ю a list of information pertaining to these accounts.

Why the hell the Unix designers decided this file should be world readable is beyond me. Be content to know that your standard everyday run-of-the-mill-lacking-in-certified-cosmic-power 'cat' command WILL display this file. As will pg and more. However, because most users don't have write permissions (more on that later) to the /etc directory, 'cat' is pretty much the only applicable command here. However, if you need to copy the file to your own directory (for whatever reason), just cat it there with the directional operator (>). The catch: Well, there are two catches here. First off, regardless of system security, if the passwords are in the file, they are encrypted. You can't decrypt them. Although you can get a list of accounts without passwords this way (just look for accounts with no entry in the password field), and a list of accounts that can't be logged onto remotely/at all (NO LOGIN), you can't get much else. Sucks, don't it? Notice I said 'if' the passwords are there. Some horrible, paranoid, draconian system administrators mutilate their passwd files in such a way that (*gasp*) the passwords don't show up. All you get is one cold, icy X staring at you from the bowels of Unix Shell Siberia, mocking you as you pull your hair out in frustration (sorry, but this is a sore spot with me). The kidnapped passwords reside in the shadow file in the /etc directory, available with your standard everyday run-of-the-mill-but-distinct-in-the-fact- that-only-root-level-accounts-can-use-it-to-this-extent 'cat' command. Well, if the passwords are encrypted, what good are they? By themselves, nothing. A account with a Unix encrypted password will get you no further than an account with no listed password at all. You can't even deduce the amount of characters in the password if it's encrypted. So what's the use? The Unix method of encrypting files is available to the public. It is also, to most mortals, irreversable. Essentially, this means you can encrypt a string of characters, but not decrypt it. Even the unix system itself doesn't decrypt the password when you log on... When you log on, the Unix system takes whatever you enter at the password prompt, encrypts it, and matches it to the entry in the passwd file. Thus, the Unix system never decrypts the password... it only compares it to a different encrypted string. While this may not sound too particularly useful at first, it is. There are programs that have been written to do the same thing on a personal computer... you supply it a list of passwords and a list of words to attempt to use as passwords (called dictionaries), and it spends the night encrypting dictionaries and matching them to password entries. By running a dictionary through a passwd file, on a typical system, you can usually get 10-20 accounts. Good personal computer examples of this program idea include Killer Cracker (the industry standard, so to speak) and CrackerJack (faster than Killer Cracker). Quick tips for CrackerJunkies with leech access at an H/P BBS: A standard dictionary will not uncover passwords protected with an appended digit or non-alphanumeric character. In order to get around this, you need only grab a program that processes the dictionary file to add that digit to each entry in the dictionary... although this takes longer, and you'll need to do it multiple times, you can typically get 10 more accounts just by adding a 1 to every entry. Files and directories in Unix are characterized further by their permissions. Permissions are a standard system of who gets access to a specific function of that file or directory. Standard permissions include read, write, and execute. You can get a list of permissions by typing 'ls -l'. The first field in the listing contains the permissions, grouped as follows:

owner group world -------------------- rwx rwx rwx

(Not drawn to scale... in fact, it doesn't look anything like that). Essentially, as long as the letter is there, you have access to that facet of the file. If the letter is not there, you'll see a dash... meaning you don't have access to that function. An example:


In this case, the owner of the file can Read the file, Write to the file, and eXecute the file; members of his group (a bunch of linked accounts) can Read the file, CANNOT Write to the file, and can eXecute the file; and the rest of the user population CANNOT Read or Write to the file, but CAN eXecute the file.


is a WORLD-READABLE, WORLD-WRITABLE, WORLD-EXECUTABLE file. This simply means that anyone can read, write, or execute the file.

Another permission sometimes set to a file is the SUID bit. An SUID file contains a smallcase s in the user executable section of the permissions list...


When you execute an SUID file, your user ID becomes that of the owner of the file. While this may not look to important at first, by now you should know that no really important super elite hacker concept does. Take a look at this:


Synopsis? It's a world executable SUID file. In essence, anyone can execute the file, and in doing so, become the owner of the file for the duration of the time that file is operating. However, this doesn't get you much, because you typically can't do anything while the programis running. More likely than not, it's calculating how many pencils it needs to order for school tomorrow or some other such drivel. The real power of the SUID file comes into play in this situation:


You won't see a lot of these, but when you do, look out. What you have here is a world writable SUID file... and a world writable program can be any program on the system you have read access to. Like, say, /bin/sh... the Unix shell... Quick command line example... 'diablo' is a root owned, world writable SUID file. I'm going to ignore the rest of the output of the ls command.

#ls -l rwsrwxrwx... ...diablo #cat /bin/sh > diablo #diablo $

Oh, just so you know, the $ prompt denotes root access. Good deal, huh? In general, if you have right privs to an SUID file, copy it to your own directory and cat /bin/sh into it. You now have an instant gateway to the account of the owner of that file. If you want to find files that you can do this with, try this out:

#find / -user root -perm -4000 -exec /bin/ls -al {} ";"

This will give you a list of all root owned SUID files. If you want more info on the 'find' command, just 'man find'.

Well, I'm overdo for an appointment on the IRC in #warez... so I'll cut off here. I hope I've been of assistance to you.

---------------------------------------------------------------------------- A C T U A L A R T I C L E E N D S H E R E . . .

Please feel free to save an extra 1k of file space and invoke the DOS EDIT CUT command at the dotted line. Do not remove the rest of this article on penalty of law.


Greets go out to Nowhere Man, INC, THG, UNT, SaD, SoD, PTA, SOB Thanks to... ________________________ your ad here

Current DWE Akshul M3mbre Boards:

Nitro Burnin' Funny Cars WHQ/DWEnet HOST (312)582-1115 The Prodigal Sun CHQ/MECCA (312)238-3585 Dark Waters HQ/Infosite (312)667-0222 PyroTechnics II Infosite (708)991-9403

DWE M3/\/\B3R LiST

President and Dictator for Life: Xanax Head Courier/Warez Cracker: Asriel Head Fisherman/Trout Expert: Changeling Head Person That Gets Asriel Free CDs: Monk Head Person That Gets DWE Members Free WaReZ: Pyro Head Person That Knows More Than Asriel (Honorary Title): LVX Head Person That Actually Wrote for DWE without Coercion: Cosmos Head Know-It-All Stoner that runs 386bsd: Goldstein

Want to write for DWE? Neither do we. But if the spirit moves you, write up an article about anything we haven't discussed already, and post it somewhere in DWEnet or at any of the member boards, or call any of the members voice and dictate it to them, or submit it to them school newspaper of any of the members, or tack it on a bulletin board in the Third Coast Cafe in Century Mall, and chances are it'll be released as a s00per c00l DWE article.

(c) 2003 Hackers-Network Asriel(tm) appears courtesy of Hasbro, Inc.

Similar Documents

Premium Essay


...Danish Jamil et al. / International Journal of Engineering Science and Technology (IJEST) IS ETHICAL HACKING ETHICAL? DANISH JAMIL Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan MUHAMMAD NUMAN ALI KHAN Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan Abstract : This paper explores the ethics behind ethical hacking and whether there are problems that lie with this new field of work. Since ethical hacking has been a controversial subject over the past few years, the question remains of the true intentions of ethical hackers. The paper also looks at ways in which future research could be looked into to help keep ethical hacking, ethical. Keywords— Ethical hacking, hacking, hackers, education and training, risk management, automated security I. INTRODUCTION Understanding the true intentions of the general public is quite a hard task these days, and it is even harder so, to understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. The constant issues highlighted by the media......

Words: 3982 - Pages: 16

Free Essay

Ethical Hacking

...Ethical Hacking Overview    Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker Hands-On Ethical Hacking and Network Defense 2  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings, does not solve problems  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network Hands-On Ethical Hacking and Network Defense 3  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission Hands-On Ethical Hacking and Network Defense 4  Script kiddies or packet monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Experienced penetration testers write programs or scripts using these languages  Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript, Visual Basic, SQL, and many others  Script  Set of instructions that runs in sequence Hands-On Ethical Hacking and......

Words: 1129 - Pages: 5

Premium Essay

Ethical Hacking

...Danish Jamil et al. / International Journal of Engineering Science and Technology (IJEST) IS ETHICAL HACKING ETHICAL? DANISH JAMIL Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan MUHAMMAD NUMAN ALI KHAN Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan Abstract : This paper explores the ethics behind ethical hacking and whether there are problems that lie with this new field of work. Since ethical hacking has been a controversial subject over the past few years, the question remains of the true intentions of ethical hackers. The paper also looks at ways in which future research could be looked into to help keep ethical hacking, ethical. Keywords— Ethical hacking, hacking, hackers, education and training, risk management, automated security I. INTRODUCTION Understanding the true intentions of the general public is quite a hard task these days, and it is even harder so, to understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. The constant issues highlighted by the media always reporting some......

Words: 3974 - Pages: 16

Free Essay

Ethical Hacking

...#2 Research Topic – Ethical Hacking 1. This is a Network World article talking about the legal risks of ethical hacking. The article talks about whether or not ethical hackers risk prosecution themselves. The articles discusses developing a set of ethical guidelines that can be shown to the government when and if they starting taking a greater role in oversight. It mentions that it might be a good idea to work with law enforcements when it comes to ethical hacking. 2. This site provides information about becoming a certified ethical hacker. The group doing the certifying is the International Council of E-Commerce Consultants (EC-Council). This is a member-based organization that certifies individuals in various e-business and information security skills. The site provides a great FAQ, exam info, where to get training, and the path to get certified as an ethical hacker. 3. This is a great online forum for those who are ethical hackers, or interested in becoming one. The page warns that the forum is only for ethical or as a learning purpose. It gives many tips, tricks, and tutorials share amongst other ethical hackers in this online community. 4. This company offers penetration testing and other ethical hacking services for a company to......

Words: 339 - Pages: 2

Free Essay

Ceh Course

...attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50 Who Should Attend This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration 5 days (9:00 – 5:00) Certification The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification. Page 2 EC-Council Legal Agreement Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these...

Words: 458 - Pages: 2

Free Essay


...Hacking Computers seem very complicated and very hard to learn, but, if given time a computer can be very useful and very fun. Computers have taken over our lives. People could not function without them, our electricity is run by computers, the government could not function without computers, and there are many others. Hackers are people who illegally gain access to, and sometimes tamper with, information in a computer system. Due to recent media coverage and corporate interest, hacker’s activities are now looked down on by society as criminals. Despite the growing trend of hacking, very little research has been done on the hacking world and its culture. The image of a computer hacker has grown from a harmless nerd into a vicious techno-criminal. In reality most hackers are not out to destroy the world. The hackers in today’s society are not just board teenagers. Various types of people commit computer crimes; the most familiar is being hacker. A hacker is a person who enjoys exploring the details of a programmable system and how to stretch their capabilities. Hackers may affair any type of dodging to access this information depending on what they intend on doing in the form. Computer hackers in today's world are becoming more intelligent. They are realizing that people are constantly developing more hack-proof systems. This presents the hackers with a bigger challenge and a bigger thrill. The government is realizing this and is working on making harsher laws to,......

Words: 876 - Pages: 4

Free Essay


...HACKING Introduction • Hacking is unauthorized use of computer and network resources. • According to Computer Crime Research Center: “It is act of gaining access without legal authorization to computer or computer network.” • Traditionally hacking refers to the hobby/profession of working with computers. • But now a days it refers to breaking into computer systems. History • 1960s – MIT AI Lab – Ken Thompson invented UNIX – Positive Meaning • 1980s – Cyberspace coined – 414s arrested – Two hacker groups formed – 2600 published • 2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!,, Amazon and others. • 2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. Types of hackers Knowledge based: • Coders • Admins • Script kiddies Legality based: • Black hat hacker • White hat hacker • Grey hat hacker Script Kiddies: – who use scripts or programs developed by others to attack computer systems and networks and deface websites.[ Phreak – Person who breaks into telecommunications systems to [commit] theft Cyber Punk – Recent mutation of … the hacker, cracker, and phreak White hat hacker who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Black hat hacker A black hat is the villain or bad guy, especially in a......

Words: 383 - Pages: 2

Free Essay


...HACKING Did you know that hackers exposed 110 million Americans personal information and roughly half of the nation’s adults in the last 12 months alone. 47% of U.S. adults had their personal information exposed by hackers. In December 8 at New Hampshire the hackers are alleged to have collected the credit and debit card data from over 80,000 victims by hacking. China has highest percentage of hackers, is that 41%. Kevin Mitnick, he has the world best hacking recode and he’s known as “black hate”. In now times big multination brands or company offers prize to hack his own brand or company. For Example google offer $2.7 Million prize fund for those that can hack the chrome OS and Apple offers $1 Million. Hackers are problem because of cybercrime, cyber extortion and virus attack. Hackers are problem because of earning money through business (cybercrime) for example transection money, hack data and sell those data to some on else, hack social sites and expose personal information. Cybercrime is on the increase as new technology allows hackers to be even more anonymous and more dangerous when attacking your computer, network or site. The number, type and seriousness of cybercrime attacks have all increased. Black hat hacker claim he can make $15k to $20k an hour and also he claim like that they can hack 300 billion bits of data in second. Black hat says like that “making money by hacking is easier than brushing your teeth”. For example in 2014 international hacking rings...

Words: 677 - Pages: 3

Premium Essay


...ports listening on the network. A vulnerability assessment scan will then be performed using Nessus® to identify known software vulnerabilities. Finally, a system running a vulnerable application will be exploited using a Backtrack 4 Live CD and the Metasploit Framework application. 1. What are the five steps of a hacking attack? There are different words and phrases on which step is labeled as what. a. Reconnaissance b. Scanning c. Gaining Access d. Maintaining Access e. Covering Tracks 2. During the Reconnaissance step of the attack, describe what ZenMap GUI performs to do passive OS fingerprinting? ZenMap (Nmap) doesn’t use probes to sniff specific hosts on the network. It rather doesn’t “touch” any systems on the network. It sniffs what is going on in the network and creates a fundamental report off of that. 3. What step in the hacking attack process uses ZenMap GUI? It is used during the Reconnaissance/Scanning step. 4. What step in the hacking attack process identifies known vulnerabilities and exploits? It is used during the Reconnaissance/Scanning step. 5. During the scanning step of the hacking attack process, you identified known software vulnerabilities...

Words: 574 - Pages: 3

Free Essay


...Certified Ethical Hacking - The 5 phases Every Hacker Must Follow The 5 Phases Every Hacker Must Follow Originally, to “hack” meant to possess extraordinary computer skills to extend the limits of computer systems. Hacking required great proficiency. However, today there are automated tools and codes available on the Internet that makes it possible for anyone with a will and desire, to hack and succeed. Mere compromise of the security of a system does not denote success. There are websites that insist on “taking back the net” as well as those who believe that they are doing all a favor by posting the exploit details. These can act as a detriment and can bring down the skill level required to become a successful attacker. The ease with which system vulnerabilities can be exploited has increased while the knowledge curve required to perform such exploits has shortened. The concept of the elite/super hacker is an illusion. However, hackers are generally intelligent individuals with good computer skills, with the ability to create and explore into the computer’s software and hardware. Their intention can be either to gain knowledge or to dig around to do illegal things. Attackers are motivated by the zeal to know more while malicious attackers would intend to steal data. In general, there are five phases in which an intruder advances an attack: 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks For More Informaton contact EC-Council –......

Words: 2322 - Pages: 10

Premium Essay


...Dr. Steve Johnsom Weak or strong the all fall sometimes. Nowadays, Internet hacking is the most dangerous things that may happen to you. Some people could think that their password is secured however, for other it is just a matter of time to hack into your system and turn your life into a mess. This research has proved me that most people think their live is secure, their password is save, on the other hand some of them thought that they might even find themselves hack someday. Today, I tried to hack into the system of three of my closest friends. The first one was an Email password, the other one was an online Banking, the last but not least was putting you in your friend mind and tried to figure out his Facebook password. Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is too repeatedly try guesses the password. Most of the time, people usually make up weak password, something related to yourself such as; your date and year of birth, sometime your boyfriend or girlfriend name or just something that identified you as a person. All in all, programmers or hacker always find a way inside your machine to hack your program or your system without your knowledge. There are many way of doing so just a manner of time and wisdom. For instance, let take a look of the most social network uses this day. Facebook; is an......

Words: 576 - Pages: 3

Free Essay


...way utilizing these resources. These materials and resources are for educational and research purposes only. Do not attempt to violate the law with anything enclosed here within. If this is your intention, then leave now. Neither writer of this book, review analyzers, the publisher, nor anyone else affiliated in any way, is going to admit any responsibility for your proceedings, actions or trials. About The Author Anurag Dwivedi is a 13 year old computer geek. Who likes to find vulnerabilities Doing Hacking , Programming , editing , cracking , web designing and writing books He Wants To Be An Software Designer..!!!! Join His Blog: Computer Expert Join Him On FB: Anurag Dwivedi Greetz : Hack The Universe Computer Expert Introduction What are Hackers Hackers Hierarchy Hacking Facebook Accounts using Tabnapping Hacking FB Accounts using Keylogger 10 Security Enhancements 5 Reasons Why PC Crash Delete An undeletable File Converting Movies To Psp Format Make Your Pc Faster Hacking Yahoo Messenger Multi Login Yahoo Chat Commands...

Words: 20358 - Pages: 82

Free Essay


...Hacking Hacking: Understanding It All John Williams INF 103: Computer Literacy Thomas Hennefer June 14, 2010 Abstract As technology has grown, so has the dependence of society on its role in everyday life. Like many things, this dependence on technology comes at a risk. Hacking is the risk that members of society must face. Hackers can find any information they wish to acquire, which puts information, such as finances and personal, at great risk. In order to understand how to prevent hacking, one must first understand what is at risk to be hacked and the way in which the act is done. Technology has become a constant part of every day life. People now manage their bank accounts, pay bills, deal with highly confidential information, and even personal information online. All these aspects of technology in daily life are a temptation to others throughout the internet. Those who find themselves tempted perform the task of hacking, which leaves others and their personal information vulnerable. This paper will discuss society’s reliance of technology in all aspects of life; thereby, leaving personal information vulnerable. Also being discussed will be information hackers find tempting, the steps that some take to hack into systems allowing them access to normally unavailable information and the steps that can be used to help prevent hacking from occurring. Method In the task of preventing hackers from gaining access to information that could be harmful to the......

Words: 307 - Pages: 2

Free Essay


...Computer Hacking is a very serious, yet common issue we face today. From Identity theft, personal information getting out, Bank and Credit card information being released, this “Hacking” has become an all too familiar epidemic in the world we live in. Generally speaking, you may think “I can’t get hacked, or this is rare and will not happen to me”, well, simply put, this couldn’t be further from the truth. Hacking happens to millions of Americans every year. Surprisingly, hacking a computer doesn’t take any special training or education. The majority of hackers have no degree in IT, no computer programming experience, and no experience in the technological work field. In fact, a large amount of hackers are young people, who spend hours on the computer making discoveries. There is an internal server called IRC (Internal Relay Chat) where computer hackers can interact, share encryption codes, and communicate amongst each other on a private network if you will. But what exactly is computer hacking? Think of it as a predator in your home, seeing all of your personal moments whenever they like. Have you ever been searching the web, and a random pop-up ad comes up with a “No Thank You” bar? If you have, someone has tried to hack you. These bars are used as decoys, and while you think you are closing the ad, you are really activating software that gives the hacker instant access to your IP address and network information. What about if you are searching for coupons or recipes,......

Words: 821 - Pages: 4

Premium Essay


...Abstract Hacking is breaking into computer systems. When people hack into a system, they often go after information in databases. There, they can find credit card information and other private and sensitive information. Sometimes, they can even find designs of yet-to-be-released products and other strategic information about a company. Search the Web and find an article that discusses a database that was hacked. Prepare a short (2-3 page) report detailing the incident. Also include in your report what the target company may have done to prevent the “Hack Attack”. “Hacking” Hacking refers to the re-configuring or re-programming of a system to function in ways not facilitated by the owner, administrator, or designer. Hacking is an array of activities which are done to intrude someone else’s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks (Haag, Cummings, & Phillips, 2012). According to reports by Gorman and Perez, the total number of records containing sensitive personal information involved in security breaches in the United States is 608,087,870 of the 3,763 data breaches since January 2005 (Gorman & Perez, 2009). In 2009, the Royal Bank of Scotland Group (RBS) was exploited, below is a description of one of the altercation reported above. In an article published, 11 November 2009 in the...

Words: 787 - Pages: 4