Intro | Hacking Windows 9x | Hacking into Windows | Hacking from Windows | Get a Shell Account | Using Web | Computer Hacking | PGP for Newbies | The Exploit Files

The Exploit Files

by keydet89@yahoo.com and Carolyn Meinel

How many times have you read hacker newsgroups or email lists and seen posts that begged "teach me to hack," or asked "how do I hack this"? It often looks as though the person asking the question just doesn't understand the basics of vulnerabilities and their exploits. The purpose of this Guide is to explain what vulnerabilities and exploits are, and how they relate to computer security.

Let's start with an example. Suppose that you are trying to sell something by phone. So you start by calling phone numbers, and you keep calling until you get someone to answer, not an answering machine, but a real live person. Then if the person who answers the phone speaks the same language as you and can understand you, you try to sell your product. Lots of people will hang up on you, but eventually, someone will buy something...bang! You've scored!

*****************************************************************
In this Guide you will learn:

* What is a vulnerability
* What is an exploit
* How to look for vulnerabilities
*****************************************************************

So what does this have to do with 'hacking'? Look at your dialing of phone numbers as port scanning IP (Internet protocol) addresses on the Internet.
Some Internet host computers won't answer. Maybe a firewall is blocking the ports that you're scanning. Some hosts will answer, and at that point maybe, just maybe, you've found a vulnerable computer.

********************************************************************
Newbie note: What are these 'ports' we are talking about? This kind of 'port' is a number used to identify a service on an Internet host. For this reason they are often called 'TCP/IP' (transfer control protocol/Internet protocol) ports, to distinguish them from other kinds of computer ports such as modems, ports to printers, etc. Each host computer connected to the Internet is identified by an IP address such as 'victim.fooisp.com.' Since each host may have many services running, each service uses a different port. To contact any of these ports across the Internet, you use the host's IP address and port number -- it's kind of like dialing a phone number.
********************************************************************

Now maybe you have connected to telnet, port 23. You get a login prompt, but you don't know any valid username/password combinations. So the host "hangs up" on you. After many hours of trying, you connect to a host on the right port, and Shazam!! You're greeted with a login prompt, and you quickly guess a valid username and password combination. The next thing you know, you have a command prompt. You have discovered a vulnerability -- an easily guessed password! So being the 'white hat hacker' that you are, you send an email to the sysadmin of the site and leave quietly.

*****************************************************************
Newbie note: A 'host' is a computer connected to the Internet. A 'service' is a program that is running on a port of an Internet host. Each service is a program that will respond to certain commands. If you give it the right command, you will get it to do something for you.

Vulnerability | Looking | Exploiting | Links