05 October 2008

Hacking Techniques Part-2

Here are the remaining hacking techniques.

3) THE DECOY: One of the more sophisticated hacking tools is known as the decoy, and it comes in three versions.The first version requires that the hacker have an account on the system in question. As in my case,the hacker has a low-security account,and he tries this method to get higher-security account.He will first use his low-security account to write a program that will emulate the log-on procedures of the systems in questions.
This program will do the following:

*- Clear the terminal screen and place text on it that makes everything
look as if the system is in charge.

*- Prompt for, and allow the user to enter, both an account name and a password.

*- Save that information in a place the hacker can access.

*- Tell the use the account/password entries are not acceptable.

*- turn control of the terminal back over to the system.

The user will now assume that the account name or password was mistyped and will try again...this time (since the real operating system is in control) with more success.You can see a diagram of the way these steps are accomplished.

4) CALL FORWARDING: Many people use call forwarding by special arrangement with the phone company.When a customer requests call forwarding, the phone company uses its computer to forward all the customers incomeing calls to another number. Lets say, for example, that you want calls that come to your office phone to be forwarded to your home phone: A call from you to the phone company,some special settings in the phone company's computer, and all calls to your office will ring at your home instead.This little bit of help from the phone company is another tool used by hackers.

Lets say you thought that the computer you were hacking into was being watched-because the sysop might have seen you and called the fed's and your sort of bugged by this nagging feeling that they will trace the next hacker that calls, just call the phone company and ask for call forwarding, pick a number, (ANY NUMBER) out of the phone book and have your calls forwarded to that number,Hea,Hea, the number you picked is the one that will be traced to, not yours, so you could be hacking away,they think that they have traced you, but actually the number you had your calls forwarded too. they enter chat mode and say (YOUR BUSTED!!!!, WE'VE TRACED YOUR PHONE NUMBER THE FEDS ARE ON THE WAY!!), You could reply (Hea, SURE YA DID! I'D LIKE TO SEE YA TRY AND GET ME! GO AHEAD!) ,that wont seem very important to them at the time, but it will sure piss them off when they bust the wrong guy!

5) RAPID FIRE: Memory-location manipulation can be helpful, but there is another, more powerful,possibility, in some cases: the Rapid-fire method.To understand how this methods works, you have to know something about the way operating systems work.When a user enters a command, the operating system first places the command in a holding area, a buffer, where it will sit for a few millionths of a second.The system looks at the command and say's "Does this
person really have authorization to do this, or not?" Then, the command sits there a few thousandths of a second while the system runs off to check the user's authorization.When the system comes back to the command, it will have one of two possible answers: "OK, GO AHEAD," or "SORRY, GET PERMISSION FIRST."

No comments: