Docstoc

Introduction To Hacking

Document Sample
Introduction To Hacking Powered By Docstoc
					                                       Introduction
                                    What is hacking?
Hacker is a term used by some to mean "a clever programmer" and by others, especially those in
popular media, to mean "someone who tries to break into computer systems."

1) Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever
programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the
act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we
paraphrase here:

      A person who enjoys learning details of a programming language or system
      A person who enjoys actually doing the programming rather than just theorizing about it
      A person capable of appreciating someone else's hacking
      A person who picks up programming quickly
      A person who is an expert at a particular programming language or system, as in "UNIX
       hacker"

Raymond deprecates the use of this term for someone who attempts to crack someone else's
system or otherwise uses programming or expert knowledge to act maliciously. He prefers the
term cracker for this meaning.

2) The term hacker is used in popular media to describe someone who attempts to break into
computer systems. Typically, this kind of hacker would be a proficient programmer or engineer
with sufficient technical knowledge to understand the weak points in a security system.




Who is not a Hacker?
Hacker is not a –
   1.A Criminal
   2. The person who Releases Viruses
   3. A Teenager sitting in a Dark Room eating pizzas and hacking into the fbi website.
   4. Not always a Computer Related Person.means can also belongs to some other field too.
   5. not even somebody,who can crack password to all the websites or softwares.
   6. Not also,who stole the money from bank by hacking into bank Server.
       Who is a hacker?
1.The Person ,who thinks outside the box
2. who wants to Test His/Her Limits.
3. Who wants to try such things which are not given in manual.
4. Has Unlimites Curosity to work.
5. Who Discovers Unknown Features and Properties.
6. Someone who is dedicated to his knowledge
7. Highly Creative.
8. who Bellieves in Stretching the Limits.i.e who wants to test his/her limits,that upto what
extent,He/she can go

           .


                Difference between Hackers and Crackers
   Hackers and Crackers are seems to be same words ,But a Great difference exists between
 Hackers and Crackers. First of all ,Hackers and Crackers have a same amount of knowledge
  and Experience,but the difference is about,How they are using their knowledge.Hackers are
     good guys,who use their Knowledge in positive direction.like hackers are appointed by
  companies and police to solve their problems or cases.On the other hand ,Crackers are Bad
 guys,who use their knowledge for Illegal and negative purposes.like Crackers stole the money
                      from the bank by hacking into the bank's website.



         Hackers                                                              Crackers
1. Lots of knowledge and experience                                1. Same amount of

about computers                                                        Knowledge and experience



          2. Good Guy                                                          2. Bad guy



        3. Strong Ethics                                                    3. Poor Ethics



      4. No Crime commited                                                4. Commits Crime



  5. Fights Criminals,defend From bad                                      5. They are Criminals
                                     E-mail Hacking
E-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern
email operates across the Internet or other computer networks. Some early email systems required that
the author and the recipient both be online at the same time, in common with instant messaging.
Today's email systems are based on a store-and-forward model. Email servers accept, forward, deliver
and store messages. Neither the users nor their computers are required to be online simultaneously;
they need connect only briefly, typically to an email server, for as long as it takes to send or receive
messages.

Today Email has become a need for communication even for the big organisations. And your e-mail can
be hacked and can be used unauthorized.So There are many threats to email system.as it is not
completely secure.

Email hacking is illicit access to an email account or email correspondence.[1][2]

Email on the internet is now commonly sent by the Simple Mail Transfer Protocol (SMTP). This
does not encrypt the text of emails and so intercepted mail can be read easily unless the user adds
their own encryption. The identity of the sender or addressee of an email is not authenticated and
this provides opportunities for abuse such as spoofing.[3]

As email has increasingly replaced traditional post for important correspondence, there have
been several notable cases in which email has been intercepted by other people for illicit
purposes. Email archives from the Climatic Research Unit were leaked to create the scandal
popularly known as Climategate.[4] Journalists employed by News International hacked email
accounts of celebrities in search of gossip and scandal for their stories.[5] Individuals such as
Rowenna Davis have had their accounts taken over and held to ransom by criminals who try to
extort payment for their return.[6] The email accounts of politicians such as Sarah Palin have been
hacked to try to find embarrassing or incriminating correspondence
How E-mail System Works?
For the vast majority of people right now, the real e-mail system consist of two different servers
running on the main e-mail server machine. One is called the SMTP Server (Simple mail transfer
protocol) which handles outgoing mail and the other is POP3 Server (Post Office Protocol)
which takes the responsibility of incoming mail. The SMTP server listens on well-known port
number 25, while POP3 listens on port 110.

Sending the mail (Role of SMTP server)

Whenever you send a piece of e-mail, your e-mail client interacts with the SMTP server to
handle the sending.

Lets assume that i want to send a piece of e-mail. My e-mail ID is admin and having account on
WinSpark.net. I want to send e-mail to manekari[at]live.com and i am using standalone e-mail
client like Windows live mail or Outlook Express. lets see what happens when i compose a
message and press the send button.

      E-mail client connects to the SMTP server at mail.WinSpark.net using port 25.
      E-mail client has a conversation with the SMTP server, telling the SMTP server the
       address of the sender and the address of the recipient, as well as the body of the message.
      The SMTP server takes the “to” address (manekari@live.com) and breaks into two parts :
           o The recipient name (manekari)
           o The domain name (live.com)
               (If the “to” had been another user at WinSpark.net, the SMTP server would
               simply hand the message to POP3 server for WinSpark.net ) Since the recipent is
               at another domain, SMTP needs to communicate with the domain.
      The SMTP server has a conversation with a Domain Name Server, or DNS. It says, “Can
       you give me the IP address of the SMTp server for live.com?” The DNS replies with the
       one or more IP address for the SMTP server(s) that live.com operates.
      The SMTP server at WinSpark.net connects with the SMTP server at live.com using port
       25. It has the same simple text conversation that my e-mail client had with the SMTP
       server for WinSpark, and gives the message to the live.com server. The Live.com server
       recognizes that the domain name for manekari is at Live.com, so it hands the message to
       yahoo POP3 server, which puts the message in manekari’s mailbox.
Threats to E-mail Security
As per the defined secured protocols, E-mail system still have many Threats,which
leads to E-mail Hacking, Some of them are listed below:

      E-mail Tracing
      E-mail Forging
      E-mail Password cracking
      Identity Thefts Attacks
      Phishing

E-mail Tracing
Generally, the path taken by an email while travelling from sender to receiver can be explained
by following diagram.




The most effective and easiest way to trace an email is to analyze it's email headers. This can be
done by just viewing the full header of received email. A typical email header looks something
like this:

From Barr Thu Jan 3 05:33:26 2008

X-Apparently-To: prasannasherekar@yahoo.co.in via 203.104.16.34; Thu, 03 Jan
2008 05:25:38 +0530

X-YahooFilteredBulk: 189.160.34.89

X-Originating-IP: [189.160.34.89]

Return-Path: <atiles@destatis.de>
Authentication-Results: mta113.mail.in.yahoo.com from=destatis.de;
domainkeys=neutral (no sig)

Received: from 189.160.34.89 (HELO dsl-189-160-34-89.prod-infinitum.com.mx)
(189.160.34.89) by mta113.mail.in.yahoo.com with SMTP; Thu, 03 Jan 2008
05:25:38 +0530

Received: from dvapa ([141.203.33.92]) by dsl-189-160-34-89.prod-
infinitum.com.mx with Microsoft SMTPSVC(6.0.3790.0); Wed, 2 Jan 2008 18:03:26
-0600

Message-ID: <477C264E.3000604@destatis.de>

Date: Wed, 2 Jan 2008 18:03:26 -0600

From: "Barr" <atiles@destatis.de> Add to Address Book

User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)

MIME-Version: 1.0

To: prasannasherekar@yahoo.co.in

Subject: angel rubberneck

Content-Type: multipart/related; boundary="------------
030604060204000701040304"

Content-Length: 16433

The above email header gives us the following information about it's origin and
path:

a) Sender's email address :- atiles@destatis.de

b) Source IP address :- 141.203.33.92

c) Source mail server :- dsl-189-160-34-89.prod-infinitum.com.mx
d) Email client :- Thunderbird 2.0.0.6
As we know the ip of the sender, now we can easily trace the location of sender, or Many tools are
available which directly traces the location of the sender with received email.soma tools are Email
tracer.

E-mail forging
Email forging allows an attacker to disguise the source of an email and send it to the victim.
Most attackers use this technique to fool the victim into believing that somebody else has send
the particular email.
The SMTP protocol makes it extremely easy for an attacker to send forged emails to a remote
user.
Typically an attacker carries out email forging by following steps:

1) Start Command Prompt and type the following command-
c:/>telnet smtp.mailserver.com 25 or c:/>telnet mail.domain.com 25
example:- c:/>telnet smtp.gmail.com 25
The above command opens a telnet connection to the specified remote mail server on port-25.
Where port-25 is the default SMTP port on which outgoing mail daemon runs.

2) Once you are connected to the mail daemon of remote mail server, you would be greeted with
a message similar to following:-




If you are not familiar with the smtp mail daemon commands then enter the keyword 'help' at
daemon which may reveal all the supporting commands as shown below.
3) The correct sequence of commands to be executed is:-
a) helo mailserver1.com
b) mail from:abc@mailserver1.com
c) rcpt to:xyz@mailserver2.com
d) data
e) .(dot command represents end of mail body)
This all as shown in figure below:




       EMail forging by this technique does not possible, if mail relying is disabled by it's
       service provider.

				
DOCUMENT INFO
Description: Introduction to hacking, difference between hacker and cracker, project report on e-mail hackinng, minor project on e-mail hacking