Session #1BITS Pilani

WEB AND $HELL HACKING

Basic Introduction Group Formation Motivation :- Terms and Definition Language Symbols Assignments Its Over

AGENDA

Terms

Definitions and Questions

Hacker Hacker is a term used to describe different types of

computer experts. It is also sometimes extended to mean any kind of expert, especially with the connotation of having particularly detailed knowledge or of cleverly circumventing limits. The meaning of the term, when used in a computer context, has changed somewhat over the decades since it first came into use, as it has been given additional and clashing meanings by new users of the word.

Currently, "hacker" is used in two main ways

A possible middle ground position observes that "hacking" describes a collection of skills, and that these skills are utilized by hackers of both descriptions, though for differing reasons.

Cracker

A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.

The term "cracker" is not to be confused with "hacker". Hackers generally deplore cracking. However, as Eric Raymond, compiler of The New Hacker's Dictionary notes, some journalists ascribe break-ins to "hackers.“

l337 5p34k ??

PHr3Ku3N7ly H4s|{3d K0o£St330nZ! Pronounced “leet speak”, from “elite”. A

system of spellings of English words or phrases using numbers and symbols to replace common letters and featuring deliberate misspellings. Supposedly the “language of hackers”, in reality it’s used more seriously by the “script kiddie” crowd, although it is commonly used jokingly by experienced Internet users.

Elite and BBC Master/ Micro Cult of the Dead Cow NSF ???

Ninja Strike Force (NSF) is the name of the "community outreach" arm of CULT OF THE DEAD COW. It was established in 1996.

Membership in the NSF is granted by the cDc to those individuals who stand out in their support of the cDc and its ideals. Members are recognized for their abilities, capabilities, and being the best of the best in their skills.

http://www.cultdeadcow.com/

Primitive l33t Primitive Leet was generally much less elaborately substituted

than modern forms. Typical spelling changes were to swap "f" and "ph" (as in "fone phreaks"), using "z" for "s" (generally only in the final position, ie. "phi1ez" but not "za1ezman"), "1" for "l", "k" for "c" and "0" for "o". In some positions, "y" was used for "i", most notably in the earliest spelling of elite as "e1yte“

Another early derivation of the letter replacing phenomenon was the prefix "k-" to some words. This began with the redundant substitution of "k" for "c" as seen in "k-kool" but was soon transposed to the much more common and enduring "k-rad"

IRC / AIM and Leet Through this process, Leet acquired an expanded

vocabulary. As Internet slang grew (such as w00t and so on), it was absorbed into Leet (and subsequently enciphered).

In addition to the broader vocabulary, Leet's ciphers became even more complex and dynamic. Where originally, a one-to-one relationship existed between the source and cipher text (such as "e" -> "3"), newer one-to-many and many-to-many ciphers began to emerge (such as "a" -> "@", "4", and so on).

l33t Some common l33t words/phrases:

0wn3d – beaten in a humiliating fashion, compromised h4x0r - hacker, can be used for a real hacker or simply

a very skillful person. l4m3r - Lamer, someone who is lame, someone who

uses an unfair tactic or generally makes the things around him or her less fun.

n00b - Short for noobie, misspelling of newbie; someone who is new to something, or just not very good at it.

L33t was brought into the height of its popularity by the webcomic “Megatokyo”, with the following early strip:

l33t

Interpreting The Language

Numbers are often used as letters. The term "leet" could be written as "1337," with "1" replacing the letter L, "3" posing as a backwards letter E, and "7" resembling the letter T. Others include "8" replacing the letter B, "9" used as a G, "0" (zero) in lieu of O, and so on.

Non-alphabet characters can be used to replace the letters they resemble. For example, "5" or even "$" can replace the letter S. Applying this style, the word "leet speak" can be written as "133t5p34k" or even "!337$p33k," with “3" replacing the for E in

speek..

Letters can be substituted for other letters that may sound alike. Using "Z" for final letter S, and "X" for words ending in the letters C or K is common. For example, leetspeekers might refer to their computer "5x1llz" (skills).

Rules of grammar are rarely obeyed. Some leetspeekers will capitalize every letter except for vowels (LiKe THiS) and otherwise reject conventional English style and grammar, or drop vowels from words (such as converting very to "vry").

Mistakes are often left uncorrected. Common typing misspellings (typos) such as "teh" instead of the are left uncorrected or sometimes adopted to replace the correct spelling.

Non-alphanumeric characters may be combined to form letters. For example, using slashes to create "/\/\" can substitute for the letter M, and two pipes combined with a hyphen to form "|-|" is often used in place of the letter H. Thus, the word ham could be written as "|-|4/\/\.“

The suffix "0rz" is often appended to words for emphasis or to make them plural. For example, "h4xx0rz," "sk1llz0rz," and "pwnz0rz," are plural or emphasized versions (or both) of hacks, skills, and owns.

The 1337 Krew is a selectable "Terrorist Faction". 1337 Krews are skinny men, who wear thick glasses, green collared shirts and khaki pants, perhaps as a stereotype of a computer hacker.

However, In recent versions of Counter-strike (1.6 and beyond), the character was re-modeled into a stereo-typical terrorist (adding a head-wrap, and changing the clothes). Counter-Strike:Source, a port of Counter-Strike to the Source game engine, is yet to implement the "1337 Krew" model, although updates are said to be on the way

Counter-Strike:Source does have references to 'leet speek' however. One of the many randomly selected phrases a bot (CPU contolled opponant) can say upon winning a round is "We Owned Em'" With 'owned' being the reference to leet speek.

0\/\/n3d pwn3d pr0n (n)00t Joo d00d \_:_/3l_c()[]\/[]3 +0 <\>es i=

Hactivism Formed by combining “hack” with “activism,” hacktivism is the act of hacking into a Web site or computer system in order to communicate a politically or socially motivated message.

Unlike a malicious hacker, who may disrupt a system for financial gain or out of a desire to cause harm, the hacktivist performs the same kinds of disruptive actions (such as a DoS attack) in order to draw attention to a cause.

For the hacktivist, it is an Internet-enabled way to practice civil disobedience and protest.

Hactivism Q/A Q: Give me 1 pro and 1 con to

hactivism, in terms of the person doing it.

A: Pro: Their message is seen by all the

people who would normally use a resource (it’s down in the case of DoS, a web page is defaced, etc.)

Con: Hactivism is illegal. Very illegal. In addition to getting you arrested, it links your cause to criminal actions and vandalism, which can have negative PR.

. 0 . |_|0|_| 010 [ ][ 0 ][ ]

. . 0 |_|_|0| 001 [ ][ ][0]000 |0|0|0| 111 [0][ 0 ][0]

http://www.catb.org/hacker-emblem/

White Hats "White Hat" usually refers to hackers

who don't break the law, commit any offense or engage in any malicious activity as part of their hacking.

The term is now commonly used by security consultants who offer hacking/penetration testing as part of their services.

When they find a hole in the system they alert the operators so they can fix it.

Black Hats "Black Hat" is the term that white-hat

hackers and commentators often use to define malicious hackers who cause harm or break laws as part of their hacking exploits.

The term "cracker" is also used to describe black-hat hackers. But most black-hat hackers don't usually care what you call them, just as long as it's not "script kiddies."

“Black hat” hackers steal information, plant viruses, and wreak havoc.

Grey Hats "Grey Hat" is the term often given to hackers whose actions are not

malicious but whose hacking methods may cross legal or ethical lines. It's also used to categorize hackers who may at one stage have broken the law in their hacking activities, but who have since come across to the more ethical white side.

“Gray Hat” describes a cracker who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Unlike a black hat, a gray hat acts without malicious intent. The goal of a gray hat is to improve system and network security.

However, by publicizing a vulnerability, the gray hat may give other crackers the opportunity to exploit it. This differs from the white hat who alerts system owners and vendors of a vulnerability without actually exploiting it in public.

“Grey Hat” Hackers don’t commit crimes but may give information to Black Hat Hackers who will.

Hat colors Q / A

Q: Why (as a grey hat) post flaws publicly?

A: Many times, white hats say that when they notify a company privately of a security flaw, the company ignores them or attempts to silence them. By posting the flaw publicly, the company is forced to take action to correct the flaw, lest it leave a known security hole in place.

Script Kiddies A SCRIPT KIDDIE is a person, normally someone who

is not technologically sophisticated, who seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else.

A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan theentire Internet for a victim that possesses that vulnerability.

Warez Pronounced wayrz or wayrss. Commercial

software that has been pirated and made available to the public via a BBS or the Internet.

Typically, the pirate has figured out a way to de-activate the copy-protection or registration scheme used by the software.

Note that the use and distribution of warez software is illegal.

In contrast, shareware and freeware may be freely copied and distributed.

Warez / Script Kiddy Q/A Q: Why are they called “script kiddies”? A: Script kiddies do not really understand what

they’re doing, as opposed to say, hackers or crackers. They use programs (scripts) written by other people. Traditionally, these programs automate detection and usage of known exploits, and the script kiddie will try multiple programs until they find one that works on a given machine. The “kiddie” part is deragatory and refers to their lack of experience and skills.

Becoming a ReaL Hacker

The Internet is the most exhaustive and comprehensive library of information and knowledge.

Programming + one OS RFCs RFC 1150 FYI? msdn.microsoft.com neworder.box.sk NSF site.

ANY QUESTIONS?????