Loading
Hacking, Old-School
When you mention hacking in the general public, the image most people think of is a nerdy guy breaking into a computer system from his bedroom. This month, I take a look at some of the tools available to do exactly that. Of course, this is for information purposes only, so please don't do anything nasty. Remember, with great power comes great responsibility. Most people have heard of tools like Nmap or Nessus, but here I look at some other available tools for playing with networks.
The granddaddy of network utilities is tcpdump. This utility simply listens to all network traffic going by and records the packets for later analysis. If you have more than one network interface, you can select which one to listen to with the option -i interface. By default, tcpdump puts your network card into promiscuous mode, so it can record all packets that exist on the network cable. If you want to limit the packets recorded simply to those destined for your machine, use the -p option to turn off promiscuous mode. Lots of options are available to tcpdump, so check out the man page for more details.
Say you want to find out what machines exist on your network. Several tools can do this by actively sending out queries on the network. The problem with this technique is that you end up creating traffic on the network, which may be noticed by a good network administrator. A way around this is to use the tool p0f. This utility uses passive techniques to try to guess what machines exist on the network and properties about those machines. If you have more than one network interface, you can select which interface to use with the option -i interface. p0f can work with tcpdump files. If you have a tcpdump file that you created earlier, you can make p0f use it rather than live capture with the -s file option. You also can use p0f to record network traffic into a tcpdump file with the -w file option. If you're using p0f in a script, use the -o file option to dump the output into a text file for later perusal.
By default, p0f looks only at network packets that are addressed to the machine where it is running. To look at all the packets that go by on the network, you need to set the card into promiscuous mode with the -p option. By default, p0f sees machines only when they open new connections. You can try to guess what's going on with already-opened connections with the -O option. This option can generate a lot of data, so you probably won't want to use it for an extended period of time.
More and more often, machines actually are located behind routers and NATs, so they don't really show up as individual machines. You can try to identify these types of machines with the -M option. This uses the masquerade-detection algorithm to try to identify individual machines in these situations.
Once you know what machines exist on the network, you may be interested in what traffic is traveling to those machines, as well as who is generating this traffic. You can use dsniff to see the user names and passwords being used to access services on the network. It can handle many different protocols, such as FTP, HTTP, POP, IMAP, X11 and many others. You can tell dsniff on which interface to listen with the -i interface option. Like most network tools, you can read previously recorded network data with the -p file option. Alternatively, you can use dsniff to record the network data rather than parsing it with the -w file option. You can enable automatic protocol detection by using the -m option. This can give you some of the gory details about people on your network.
Now that you know some details about your network, and the people on it, you may want to check the security of some of the services provided. One common target for security problems are Web servers. You can use the nikto tool to assess your Web server's security. Select the host with the -h hostname option. If you have a series of hosts you want to check, place the hostnames (or IP addresses) in a text file, and hand them to nikto with the -h file option. The default port nikto looks at is port 80. If you want to check out a Web server on some other port, simply use the -p port option. Tons of extra options exist in terms of what specific security issues to test for, far too many to mention here. See the manual at the project's home page for more information (cirt.net/nikto2).
The hack I cover this month is how to check your own backyard. Many people will use this kind of knowledge for nefarious purposes. A utility you can use is chkrootkit. This utility analyzes your systems and tries to determine whether they've been tampered with. You can get a list of the tests it can perform with the -l option. With the standard install on my Ubuntu box, chkrootkit has 69 available tests. You can check things like whether ls has been infected, or you can check for evidence of rootkits that may have been installed. Hopefully, you won't find anything when you run chkrootkit.
Now you have a few new tools you can use to play around with your networks. Hopefully, you won't find anyone doing anything nasty. And remember, if you are going to use these tools, be sure you have permission before you do anything that might be frowned on. Other than that, hack away and keep learning.
photo credit: © Štepán Kápl/Shutterstock
______________________
- Hack and / - Temper Temper
- Calculating Day of the Week
- Hack and / - Password Cracking with GPUs, Part II: Get Cracking
- Validate an E-Mail Address with PHP, the Right Way
- OpenLDAP Everywhere Reloaded, Part I
- RSS Feeds
- Hack and / - Password Cracking with GPUs, Part I: the Setup
- Networking Poll
- Tales From the Server Room: Zoning Out
- Boot with GRUB
- Really nice :-)
Something
3 hours 54 min ago - Have you experimented with
3 hours 57 min ago - Awesome..
4 hours 18 min ago - Good One..
4 hours 37 min ago - Nice One...
4 hours 40 min ago - very good web: ---(
4 hours 44 min ago - very good web: ---(
4 hours 50 min ago - very good web: ---(
4 hours 52 min ago - very good web: ---(
4 hours 57 min ago - very good web: ---(
4 hours 58 min ago
Comments
Free speech?
Talk about free beer and free speech huh?
better than tcpdump
tcpflow.
or iptraf
there's also iptraf that I discovered today, beautiful live monitoring tool with an ncurses interface.
Excellent article
Great article. While I'd heard many good things about tcpdump for network analysis, I'd never 100% understood its usage. This helped to fill in the gaps well. Just in time for me to use it to detect the network latency problems we're experiencing! I reckon I'll look into Wireshark in a little more depth too... Thanks!
Hacking
Ok you could do bad things with some of the software and networking applications, but if you are trying to learn how things work by using the software, and what actually does what in the software, without reading pages and pages of instructions.To find out what effect it has on your network, and how it gains access to your pc what ports and protocols it opens is hacking but if you dont destroy your info or anybody else's then this is ethical. I find myself by using and not being scared to use some software i learn.
The war on the word 'hacking' has been lost
As the author says: 'When you mention hacking in the general public, the image most people think of is a nerdy guy breaking into a computer system from his bedroom.'
In general language 'hacking' has largely become a synonym for 'computer crime'. It has just happened, as language related to computer technology has evolved.
Computer experts can spend endless hours in trying to explain the original differences between 'hackers' and 'crackers'.
Those hours could be spent more productively.
If you want to call yourself 'hackers', do not be surprised if that raises suspicion.
But maybe that is just the point. Being a hacker sounds like living dangerously. If you express a desire for dangerous living, you advertise good condition of your genes to potential mates.
If you want to do business, call yourself a computer expert. If you want lead a quiet family life, admit you are a nerd.
Just do not try to change language. Language is an overwhelming social force.
Inconsistent use of Hacking
Funny thing is that hacking when not tied to computers is often used in the traditional -correct- sense, i.e. not as in meaning cracking.
Hacking definition
My definition to HACKING is:
"A creative solution to an interesting problem" let's keep it that way!!
google chrome - does not let save the page in PDF
Hi,
I read your article and it is very interesting because one can learn network tricks that may be useful in the everyday work.
I disagree with Umar Rizwan in the point that the article is not intended for one to use it as a means of doing illegal things, but to use it to augmentate the skills one has to do a particular job.
For example, I work with laserjet software, and many times under windows server 2008 there are communication issues and i do not have a clue on why these kind of things happen, with these tools i can find out if a networked laserjet printer or multifunction printer is properly communicating with a server, for example.
I also wanted to let you know that when I tried to save the page in PDF format using google chrome I had an issue, it happens that just when reaching the save dialog the page is made blank and it only shows a folder icon with a pity face on it, and it reads something like: "Aw, snap! Something went wrong while displaying this web page. To continue, press Reload or go to another page."
The above thing did not happen using Mozilla Firefox. I use Ubuntu Ultimate 2.8 updated regularly.
Thanks and sorry for my poor english as it is not my mother tongue.
hacking is a crime
hacking is a crime
Nonsense
Here's an article I wrote shortly after my daughter's first birthday that explains what hacking is, and why it is far from a crime.
http://offmygourd.wordpress.com/2010/04/13/why-i-want-my-daughter-to-be-...
Thanks,
Kevin
Nice note
I read and liked your note... it brought me memories of that book, A Hacker Manifesto by McKenzie Wark...
...but be careful
Those pesky law maker types are always trying to make modifying our own things illegal. Take for example, what has been happening with ad blocking hacks...
http://news.cnet.com/Web-ad-blocking-may-not-be-entirely-legal/2100-1030...
http://www.broadbandreports.com/shownews/Are-Ad-Blockers-Illegal-87575
If you don't conform to what the man wants, you are a criminal.
Don't worry.
I am curious to see how that would play off.
Sites depend on "viewership" (if that word doesn't exist I just coined it), and viewers on the Internet are put off by strong-handed tactics. Sites that force the victim - I mean, visitor - to subject him/herself to a bombardment of ads *and* forbid the use of ad-blockers will soon put themselves out of business.
The legality of ad-blockers is another matter, but I don't think the law has a say in that. The Internet is supposed to be public and, if your are showing yourself or your business to the public, you have no right to control the access of the public to what you are showing. If you don't want to go public, go somewhere else, not the Internet. There are very few exceptions to this rule - none of which relating to the ads battle.
Of course, I am oversimplifying. But that's more or less it.
> "Sites that force the
> "Sites that force the victim ... to subject him/herself to a bombardment of ads *and* forbid the use of ad-blockers will soon put themselves out of business."
One would think the same sites that lose revenue to support streaming of said videos would also, "soon put themselves out of business."
It takes an audience, providers and advertisers to bring you the content you're ingesting.
Catch-22, then?
Hmmm, what a dilemma!
If the site I am visiting craps on me with irritating, distracting, bandwidth-eating, obnoxius ads, and does not allow me to block then, I will not visit that site anymore. They will lose audience, therefore will lose ad revenue, therefore will go out of business.
If the site does not force ads down my throat, the site is not "aggressive" and the advertisers won't waste money on it. It will lose revenue and go out of business.
"Oh", I wonder, "how does the Internet keep itself alive?"
i remember...
I remember a time when there where absolutely no ads on websites. Then the erotica ads came. Now they advertise everything.
I long for the past
"I remember a time when there where absolutely no ads on websites."
Ahhh, the good 'olden' days...
Thank you!
Just read your post over there. Loved it. Agree with it one thousand percent! :-)
Thank you.
hacking is a crime The law
The law prefers to define things in more concrete terms, like "unauthorized access".
You are perfectly within your rights to hack whatever you have authorized access to.
hacking is a crime
hacking is a crime
What...
I can't even begin to describe how I loathe cliché-repeating morons like you...
trolling is the real crime here, Umar
so please stop spouting non-sense you can't back up with facts. the term 'hacking' has been used for a long time to mean 'creative solutions to difficult problems'. it's only the media in the last 30 years who have perpetuated the myth that hacking is *only* for illegal things.
someone who fixes your car with a clothes hanger and rubber band? a hacker.
an astromomer who figures out a better way to control a telescope? a hacker.
solving a crime thought to be impossible to solve? a hacker.
get over it people.
:-)
Hey, dude, you replied to the wrong guy/post... :-)
It is one above.
Good article
I've used Wireshark and nmap to look around networks. These days most (cr|h)ackers use something like Metasploit to do the work for them.
jackal
I hadn't come across p0f or nikto before, will check them out.
For viewing tcpdump files Wireshark is quite useful (can also capture them itself of course).
Nice Article
I hadn't come across p0f or nikto before, will check them out.
For viewing tcpdump files Wireshark is quite useful (can also capture them itself of course).
Thanks
I have wondered how I can have a look around new networks that I oversea
p0f and nMap I think are the answer to my problems. Thank you