How easy is hacking in real life?
Watching TV shows such as NCIS, Spooks etc it seems that a clever geek can hack into just about anything, no matter how secure, in a mere matter of seconds. Surely it can't be that easy can it? :wonder:
How much is based on fact and how much on fiction? I'd like to do ethical hacking but am just not geeky enough ;) :D |
It used to be a hobby of mine when I was a child. Logging into computers that I shouldn't, attaching little boxes to my telephone to get free calls in and out etc... And it was quite easy. Then I discovered girls and getting access to various bits of them was far harder than computers :) This was 25 years ago.
Now from what I can see at a cursory glance it is harder and easier. Easier if you want to hack a webpage, someone's email account as there are many people who have bad passwords, get taken in to handing out their details. Harder because major corporations have people dedicated to security and the chance of happening on a password (or in fact just getting access) is very difficult. Steve |
it is getting harder with the newer security. but depends how up to date the security is and also what systems, some have inbuilt loopholes or flaws that just keep getting bodged patched up so they don't have to be writen from scratch again. Tends to mean the hackers can get in alot more easily than a new system due to being halfway tehre and understanding the system better.
Mates job is basicly to hack certain security networks purley to try to find weakness to stay one step ahead of the ilegal hackers. (i must add he works for a company that gets paid to do so and he does this legally lol) He said most home systems can easily be access and alot of companies can be, higher level stuff is alot more difficult. But no system is 100% secure, if it has internet access its vulnerable to cyber attack, if no internet then is much more difficult and means physicly breaking into the system (as in attching your own wire to the cable). |
Do big organisations (M15, FBI, Woolworths :Suspiciou) etc employ people whose full time job is to hack? Would they be given special tools that enable them to do it? I'm genuinely interested in it all but it annoys me a bit when someone on TV appears to break the Pentagon's security with two key strokes :D
|
tbh he doesn't realy admit to much about what he's working on, which isn;t unsurprising lol, i just know he hacks for a living lol
from what i gather its not as simple as two keys to get in though. |
Doubt you would get much info on what Five and Six use due to the OSA
I would not be too shocked to learn there are a bunch of chaps like Colin and Malcolm doing thier thing for the service I think a fair bit of hacking is mainly social engineering,as it is a little worrying how many people will give out details they really should not to total strangers |
Absolutely Marcus, some of the biggest hacks have been more to do with social engineering than keyboard crunching. Heard of Kevin Mitnik? Not a great hacker but had great success and jail time by asking for information. A survey was conducted in a London Train station, the public were asked for their passwords in return for a bar of chocolate, the results were startling.
|
I tried to hack the highschool systems once :D
I totally n00bed myself and ended up sending every single pc on the school system, some kind of notice telling them of my intentions :lol1: Doh!! We did discover a pretty neat trick in the art of school cyber warfare, when ever a new pupil arrived, they were given a username/password that was the full name, and the second name as the password, they were encouraged to change the password ASAP Grab a few squirts, give them a bit of a shake about and find out some names, steal the accounts and change the passwords :lol1: We were then free to send 50 copies of a penis to the networked printers, and other joyful shenanigans. Yes they could find out what machine we were at, but we were long gone by the time they realised :D |
Must be worse at schools now, switches everywhere, wireless routers for a penny on ebay, I'd be a bloody nightmare.
|
I hack into works network with my psp..... to watch movies of course !
LOL dunx P.S. I "social engineered" the necessary info :fight: :lol1: |
lol i did the same for my itouch, using the external broadband at work, mac address added to router, get the WEP passcode after plying applicable IT support guy with booze :lol1:
|
WEP? Could have saved the booze for yourself ;)
|
not WEP, WPA2
|
Script kiddies - people who exploit known vulnerabilities in various software / hardware systems are 10 a penny. Simple as download the script, insert target & run.
WEP cracking - pretty simple airsnort was a popular package at one point. Still works on 802.11b WPA/2 is also doable using aircrack - processor intensive. The actual brains behind cracking are the people who actually find the exploit in the first place. Very hard to do & you need quite a big skill set & resource. The popularity of script kiddies is why you should frequently patch your software / hardware. J |
I'm fairly surprised no-one has mentioned brute forcing their way into things. Just select your target and run a dictionary at the password entry point and wait for the correct word to be entered.
Just last night, while sitting in the pub, I connected to the private WLAN in the place, rather than the one for the customers, just by guessing that the password was the landlord's name. One guess and was in. That was just from my N85, but I'm sure if I'd have had my laptop with me, I could have done more, though I expect it's easier just to ask for the WEP key to the public WLAN and use that. |
thers a few different ways to hack there all easy but theres a fast and easy way and theres a long and hard way. say you want to get into someones email account you could try guessing the password or use a automated program but this would take a long time but you prob would get in in the end. or you could try the password reminder if it asks where was xxxx born, the first thing i would try is add them as a friend on facebook find out where they was born then go back get into the account, but thats just the beginning think of all the password and things that you have in your email account :lol1:.
but then theres code based hack where you have to start breaking down code to get anywhere, and like some have said social engineering is easy because most people dont realize that there being scammed, you have to pick the best way to get to your goal the fastest way you can. a good book to read is hackers by paul a taylor it gives a insight to hackers but its a bit out dated now. adam |
BBS's is a popular target as well.
If you succeed and get member details, you would have their email address and possibly their password. How many people use the same password for all the sites they have accounts on? ;) |
Most BBS's store their passwords as an MD5 hash - which is not impossible to retrieve - but takes bloody ages
|
I've hacked ebay accounts before, just by seeing the username has the 6 digit dob included, and trying the dob to log in, surprising how many people must do that. Not done anything whilst logged in though, I'm not malicious.
My hotmail password is longer than 10 digits and not a word, a selection of alphanumeric characters that only means something to me. So how would something like that be hacked? |
brute force
9 chars is usually long enough if you mix Alpha (upper & lowercase), Numeric, control chars. |
I worked in out school that teacher could change passwords and all accounts where setup with a standard password of the surname plus first initial. Thus a teacher that never used the IT systems could be used to do with what we liked.
Was able to mess with people till the admin change a mate of mines password and as soon as he came in he change it back .. the tit .. caught and told off :( |
Originally Posted by JPL
(Post 9245895)
My hotmail password is longer than 10 digits and not a word, a selection of alphanumeric characters that only means something to me. So how would something like that be hacked?
99.99% of hacks where passwords are broken are because 1. they are still left as default 2 they are blank 3. password, Password, password123,p4ssw0rd, etc a few hundred time 4. the persons name, dogs name, car name, etc a few hundred times the UK hacker Gary McKinnon told how all the computers he "hacked" had blank passwords, he didn't use anything more sinister than an educated guess |
People leave themselves open to being hacked by not keeping Firewalls/Anti virus up to date.Hacking into a pc through the Router is a common way because people are unaware of going into the router set up utility and changing the default settings/password,basically i could hack your computer this way and you wouldn't even know it until i had changed your password/locked you out of your own network and then you have this :confused: look,a hard reset of the router don't always help either..Mac computers are less common with viruses/attacks than windows partly because windows is more popular and the mac is built around the Unix OS it's more secure.Some clever people out there in the world of computers..
|
Sites like Facebook are piss easy to do. My account has been hacked 3 times in the past. All you need is the person's E-mail address they used to register with Facebook. Then all you do is click the 'Forgoten Password' link and you just type the E-mail addy where you want it sent and then they send you a confirmation code, then you type this code in and you're in!!!!!
So, if you have an Facebook account make sure you hide your E-mail addy. |
I'm no hacker by any stretch, but I once did a search on Limewire for documents called 'password' and got a fair few results. The fourth one I downloaded bore some fruit, giving me access to a California womans life. She had $60k+ in an investment portfolio I could have plundered, but I'm clever enough to know I aren't clever enough to hide my tracks. To try and teach her a lesson I emailed the document back to her from an internet cafe using a dodgy account set up just for that, and to highlight it I changed all her Blockbuster selections to Jean Claude Van-Damme movies :D
I also spotted a very attractive laydee listed as a friend of a friend on FB. Within 10 minutes I'd plundered her email, acquired her MySpace, Photobucket and various other passwords, and even found some 'interesting' pics taken by her boyfriend ;) :norty: It's fun, in a naughty way, but I prefer to go out and live my own life than sit snooping on other peoples TBH :thumb: |
Originally Posted by mr_impreza
(Post 9253453)
Sites like Facebook are piss easy to do. My account has been hacked 3 times in the past. All you need is the person's E-mail address they used to register with Facebook. Then all you do is click the 'Forgoten Password' link and you just type the E-mail addy where you want it sent and then they send you a confirmation code, then you type this code in and you're in!!!!!
So, if you have an Facebook account make sure you hide your E-mail addy. Are you saying that you enter the "target's" e-mail address into the forgotten thingy, in which case they get sent a reset code - no use to you unless you can read their e-mail! Or are you saying that Faceache sends a reset code to any e-mail address that you supply - in which case that is totally bloody stupid of FB and they should have their arses seriously kicked?!?! mb |
Originally Posted by boomer
(Post 9253555)
Or are you saying that Faceache sends a reset code to any e-mail address that you supply - in which case that is totally bloody stupid of FB and they should have their arses seriously kicked?!?!
mb If you have another E-mail account that's different to your Facebook one, give it a try with your own Facebook account. Shocking!!!! |
I caught some Romanian paypal accounts scammers a few months ago. I had one of those dodgy update your paypal account e-mails. The link said www.paypal.com but the source went to an ip address something like:
http://89.46.90.100:8051/html/update-paypal.html They hadn't even bothered to create a domain name and the page looked properly fake. I did a look up on the IP and it was registered to a 3G network in Romania. The images for the paypal logo were being hosted on some foreign holiday companies web server, I doubt they would know their server had been hacked and was being used to help scam people. I thought I'd take a look, so I entered: http://89.46.90.100:8051/html/ It listed the directory and there was a file called 'passwords.txt' I downloaded it and it had the following for everyone that fell for the scam: date & time / e-mail / password / IP address of their PC Some people new the score and had entered user name and passwords like 'f*ck you scumbags', but there were lots of genuine ones too. I downloaded the list every 30 minutes for three hours until the IP went off-line and there were over 500 accounts in that amount of time. I sent the file to Paypal who froze the effected accounts. Anders |
Originally Posted by mr_impreza
(Post 9253453)
Sites like Facebook are piss easy to do. My account has been hacked 3 times in the past. All you need is the person's E-mail address they used to register with Facebook. Then all you do is click the 'Forgoten Password' link and you just type the E-mail addy where you want it sent and then they send you a confirmation code, then you type this code in and you're in!!!!!
So, if you have an Facebook account make sure you hide your E-mail addy. Pray tell how that works then as I cannot see how it would. It will cross reference the email address with the account details, and thus if you don't have an account with facebook you won't get an email, if you do, it'll send you the details associated with that email address. If you hack the persons email account then yes, if someone entered your email address they could get into your facebook account, but without doing that I cannot see how they would get into your facebook account. In regards to forum passwords, as mentioned they are an md5 hash which is a one time hash, thus you essentially need to know the password to retrieve it. For vBulletin, the password formula is as follows (this is a php string) Code:
$password_hash = md5(md5($thepassword) . $thesalt); Even if you had access to the database all you would be able to get are the hashed result and the salt for the user. You would then need to brute force the password, now using things such as rainbow tables to aid you, it is possible you might get the password (what you are actually doing is creating an md5 hash of a known string and seeing if it matches the string you got from the database - if it matches then you know what you entered as the string and that would be the password). Would someone really do this to get a normal user's password? An admin's password I could see, as you could then get up to all sorts. If I were to hack a forum I'd actually find out the host being used for the forum and if they use something like cpanel or webmin to administer things and then I'd try and hack into that. The reason being that from there you'd probably be able to get into the database for the forum, as most setups won't allow remote access to the sql databases, or if they do it'll be to specific hosts. If you have access to the database then you can pretty much do whatever you want. |
Originally Posted by mr_impreza
(Post 9253572)
Yes that's exactley what i'm saying. And yes i think Facecrap seriously needs to sort that out.
If you have another E-mail account that's different to your Facebook one, give it a try with your own Facebook account. Shocking!!!! This is on the same computer and same browser. If so then I have to say I think it's total tosh. I have just tried it in fact, on my machine here. I signed out of my facebook account and then clicked forgot password, I entered my work email address and clicked submit. The page refreshed with an "invalid email" message, which is what I'd expect as my work account isn't registered with facebook. I just cannot see how on earth it would know that my work account email has anything at all to do with my facebook account. I had used someone else's email address, one that I knew was registered with facebook, for example I do have another account on facebook and when enter that address it states the following: Your Password Has Been Reset An email has been sent to all contact emails associated with your account, including myemailaddress@mydomain.com. This email describes how to get your new password. Please be patient; the delivery of email may be delayed. Remember to confirm that the email above is correct and to check your junk or spam folder or filter if you do not receive this email. Your problem may be related to your internet browser. Please follow these instructions to clear your browser's cache and cookies. Please enter the confirmation code that was sent to you. This is not the same as your password. All I can see happening is that account will get a password reset message. It won't be sent to another account, just the email address provided, as mentioned previously, unless someone has access to my email then it won't do them any good at all. |
All times are GMT +1. The time now is 12:44 AM. |
© 2024 MH Sub I, LLC dba Internet Brands