Sunday, April 28, 2013

About Hacking and different types of Hacking


Who is a Hacker?

A hacker is someone who has the deep knowledge in computer programming and all things related to the technical working of a computer. He is curious in the technical working of a computer and find's vulnerabilities in it. Hackers needed to be very knowledgeable so that they were able to identify bugs themselves (a task requiring extensive knowledge about the operating system, and reading complex manuals) and often write their own programs to exploit them. They had to keep track of the leading developments in the field (latest bugs, latest patches, latest bugs in the patches, etc.)

What all are the different types or methods of Hacking?
1. Website hacking

2. Software hacking

3. System hacking
 
What damage can a Hacker do? 
 
This depends upon what backdoor program(s) on your PC and the mental strength of the hacker. Different programs can do different amounts of damage. These programs might allow a hacker to smuggle another program onto your PC. This means that if a hacker can't do something using the backdoor program, he can easily put something else onto your computer that can. Hackers can see everything you are doing, and can access any file on your disk. Hackers can write new files, delete files, edit files, and do practically anything to a file that could be done to a file. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information.
 
These are some ways in which a hacker can hack:-
NetBIOS Attack
ICMP Ping - DOS Attack
FTP Attack
rpc.statd Attack
HTTP Attack
NetBIOS Attack 

NetBIOS Attack
 
NetBIOS hacks exploits a bug in Windows. They don't require you to have any hidden backdoor program running on your computer. This make NetBIOS the worst attack. NetBIOS is meant to be used on local area networks, so machines on that network can share information. The bug in NetBIOS is that it can also be used across the Internet, this gives the hacker a chance to access your machine remotely.
ICMP - DOS Attack
 
ICMP is one of the main protocols that make the Internet work. 'Ping' is one of the commands that can be sent to a computer using ICMP. A computer will respond to the ping request, telling the sender that the computer does exist or not. Pings may seem harmless enough, but a large number of pings can make a Denial-of-Service (DOS) attack, which overloads a computer. Also, hackers can use pings to see if a computer exists and does not have a firewall (firewalls can block pings). If a computer responds to a ping, then the hacker could then launch a more serious form of attack against a computer. 
 
FTP Attack
 
FTP is the File Transfer Protocol and we use it to upload or download the files from websites. If you have a web page of your own, you may use FTP to upload it from your computer to the web server. FTP normally requires some form of authentication for access to private files, or for writing to files. FTP is also used by hackers. FTP backdoor programs, such as Doly Trojan, Fore, Blade Runner simply turn your computer into an FTP server, without any authentication. 
 
rpc.statd Attack
 
rpc.statd Attack is specific to Linux and Unix. A fixed amount of memory is set aside for storage of data. If data received is larger than the buffer, the program should either truncate the data or send back an error. The data overflows the memory that has been allocated to it, and the data is written into other parts of the memory. This causes the data crashes. This will lead to system hang up. A skilled hacker could write bits of program code into memory that will execute the hacker's files. 
 
HTTP Attack
 
HTTP hacks is harmful if you are using Microsoft web server software, such as Personal Web Server. There is a bug in this software called an 'unchecked buffer overflow'. If a user makes a request for a file on the web server with a very long name, part of the request gets written into various other parts of memory that contain active program code. This will make the sever down and function improperly. 
 
Software Attack
 
A hacker can create software that can automatically install and run on your system. This makes us impossible to remove the files that are generated by the software and it also destroys all the important data in our system.
Most of the Hacking occur due to some weaknesses which include poor configuration of Web servers, old or unlatched software, disabled security controls, and poorly chosen or default passwords.

Saturday, February 23, 2013

TELNET SERVER

What is TELNET? –
            TELNET is a user command and an underlying TCP/IP protocol for accessing remote computers. Through Telnet, an administrator or another user can access someone else's computer remotely. On the Web, HTTP and FTP protocols allow you to request specific files from remote computers, but not to actually be logged on as a user of that computer. With Telnet, you log on as a regular user with whatever privileges you may have been granted to the specific application and data on that computer.

The result of this request would be an invitation to log on with a UserID and a prompt for a password. If accepted, you would be logged on like any user who used this computer every day.

Configuring TELNET on Server computer
STEP 1 –
      At 1st we should run required RPMs for TELNET.

#yum   install   xinetd-2.3.14-10.el5.i386

STEP 2 –
        Now configure the following files....

#vi   /etc/xinetd.d/krb5-telnet 

 

  • Change the last line of the file...

Disable   =   No         or      Enable   =   yes

STEP 3 –
        Now restart the service...
#services   xinetd   restart
#services   xinetd   stop

                         ON CLIENT COMPUTER
STEP 1 –

For login remotely

#telnet   <IP of remote computer>
Username = ajay/root
Password = *******

                                   ~: Login successful :~

                     ON MICROSOFT COMPUTER

STEP 1 –

         Start ------------- program -------------- command prompt

C:\>telnet   <IP of remote computer>
Username – ajay/root
Password - *******

                                   ~: Login successful :~
 

Wednesday, January 9, 2013

ACL (Access Control List)



What is ACL? –
              File and directories have permission sets for the owner of the file the group associated with the file and all other user for the system. How ever these permission sets have limitation. For example different permission can not be configured for different user Thus access control list (ACL) was implemented. ACLs are supported in all the major Linux file systems — ext2, ext3, XFS, ReiserFS, and JFS (begin ritual debate over which filesystem is best). ACLs on Linux are still bleeding-edge, though, with the major distributions just beginning to include them.

Applying ACL –

STEP 1 –
         Before using ACL for a file or directory. The partition for the file or directory must be mounted with ACL support. If a local ext3 file system. It can mount with the following command.
#mount   -t   ext3   -o   acl   /dev/hda7   /mnt



Ext3 – is file system,
/dev/had7 - is the partition on which the (/) root is mounted.
/mnt – is the directory where I mounted the ACL.

 

For mount it permanently –

/dev/hda7
/mnt
Ext3,acl
Defaults
 0  0

STEP 2 –
       Now set the ACL permission on the users or groups.
#mkdir   ajay   (at 1st I created a directory for understanding ACL)


#getfacl   ajay/
                  The above command is used to check the detail of permissions.

Applying ACL on users –

#setfacl   -m   u:ram:r-x   ajay/

         ram = user name
         r-x = type of permission for ram user.
         ajay = is directory
Now ajay directory is permitted for read and execute.

Applying ACL for groups

#setfacl   -m   g:raja:rwx   ajay/

         raja = group name
         rwx = type of permission for raja group
         ajay = is directory.

                                            ACL TYPES
There are two types of ACL
1.     Access ACLAccess ACL Is the access control list for specific file or directory.
2.     Default ACLCan only be associated with a directory if files with in the directory dose not have an access ACL. It uses the rules of the default ACL for the directory default ACL are option.

ACL can be configuration:-
~ Per user.
~ Per group.
~ via the effective rights mask.
~ For users not in the user group for the file.