How do hackers get through?

Hi guys!

I have a question about hackers. I know how they find out the weaknesses of your computer. But how are they able to connect to your computer (so that they gain full control over it)? I'm talking about an unprotected computer (no firewall, no router,...). Don't explain me how this works via trojans which were sent to you by email,... I know all about that already. I'm just interested how they open ports on your computer. Anyone knows about that?

The purpose of this question isn't that I wanna hack a computer (far from that!), but I think that I have to understand how they attack, that I'm able to defend my computer. Right?

Would be nice if you could enlighten me about that!

Greetings!

Patrice

 

Entering a computer is all about (mis)using permissions. And permissions are coupled with accounts on a system.
Hackers most likely are on the lookout for privileged accounts (like root, system, admin).
Apart from trojans (installed software that uses privileged system-like accounts) a hacker can try to login to a system by guessing account - password combinations, or he can try to find a vulnerability in one of the components that he can find by scanning an ip address.
A vulnerable component that is visible on the net (like a service that is listening at a port) could be hacked by using an exploit. Vulnerabilities most often are buffer overflows, or not well programmed functions.

That's all there is to it.

A firewall will hide most services, so less vulnerabilities can be found.

 

Hi meneer!

O.K., thanks for your answer! I was aware that accounts are being hacked by guessing or with password cracker tools (I was myself a network administrator some times ago). I also read the Security Recommendation Guides from the National Security Agency (NSA), which treats this problem quite well.

http://www.nsa.gov/snac/index.html

But about vulnerabilities (exploits): can you get access to a computer with a buffer overflow? Normally it hangs the computer if for example you're sending signals non-stop to the attacked computer. Right? How are you able to connect to a closed port then? Again with an exploit?

Thanks for helping me!

Patrice

 

You can't just get access to a computer by using a buffer overflow only. But By using an exploit for this vulnerability, you can manipulate the program that's awaiting input by sending it input that it can't handle, or that results in overwriting the program in memory, so the original program is mutilated and turns into a kind of trojan.

Another example is the Mime header exploit in IE. IE was waiting for a kind of input, but by using an exploit one feeds IE with input that the program didn't know how to handle, and was unable to block executing or send to an effective error handling routine.

So, a buffer overflow doesn't always result in death of the process.

A closed port cannot easily be opened form the outside. But suppose a hacker probes a port and finds it closed, he could try to analyse the identification of the process behind the closed port and try misleading it, by using other tools to find a backdoor (secret or not).

If you're not running any IP-listener service on a computer, chances are that you're not vulnerable and a firewall is not needed.
But when you're running Windows, you probably have lots of services running, that may cause trouble (rpc, unpnp, ident, pop) and for which a firewall can help you.


edit: more security baselines: www.cisecurity.org

 

Thanks meneer for your valuable input! Now I think I got it!

 

There are many well twisted Definitions of a Hacker but I’m sure all agree that Hackers aren’t those who toys with Trojans, Anything in Reference to Trojaning is not considered hacking…

And whether or not you use a Software Firewall or a Router with Hardware Firewall Capabilities doesn’t necessary mean you can’t become hacked just as easily, depends on the Software Firewall product and its Features and configurations and what you use for Clients and what you use for hosting Applications and how the Router is configured and so forth…

Also guessing passwords and doing Brute Force Cracking isn’t anything referred to Hacking, Hax0rs who don’t know the actual meaning of hacker does these things…

In Addition; just because ones System became breached by other means like Exploiting using Hacker’s code doesn’t mean a Hacker breached your System…

People’s gotta automatically assume that if CD Devices starts Opening/Closing, Systems re-booting, popping up weird looking Window Messages with Text like “You are 0wned!!!” and so forth that they definitely have an Hacker on their butts…

 

Hi Ph33r!

Yeah, you're certainly right about what you're writing. But to be honest, I don't care much how you wanna call these guys. If they are hackers, crackers,... isn't that important. The more important fact is that they try to breach through your security systems to have access to your system (or whatever). And that's in all ways despicable! The definition of who and what they are is less important than the goals they have.

You're right that you aren't safe behind a router, a firewall, etc. But as I already told you in another post there's no 100% security and there will never be! It's up to the user to set those defensive systems correctly.

Phil Zimmermann (inventor of PGP) once made a nice statement which went more or less like that: Why don't you write your letters,... simply on a post card? It's because of privacy -everyone has the right to have some privacy. The same is with computer files,... That's why we encrypt sensitive data (for example in our firm).

Best regards!

Patrice

 

If you can’t comprehend the difference between a Hacker and a Hax0r then I surely don’t expect you to know even the simplest things like their motives, like they wanting to either Destroy or 0wn your b0x…

But I never said the means for 100% Top Level Software Security doesn’t exists…

 

Interesting comments.........enjoyed reading.

Over the years a very real mis-comception has evolded regarding hackers.....pro hackers. Suffice it to say that a truely pro cracker/hacker is not what many think by definition.......its extremely un-likely that even an experience computer user will quickly notice the presence of a hacker..if noticed at all...., a pro will even tweak your os to avoid large noticeable resource useage.......by turning off programs you most likely don't even know are running.......
Tracking a true pro is all but impossible.....first off the pro will notice the moment you begin trying. How do pro obtain access......in many if not most cases its the computer user who invites the pro in........try an count the ways an you will collect retirement before finishing.

 

Hi Wasnotme!

I guess you are right concerning pro hackers. But if you are using TDS-3 for example, you are aware which processes are running on your computer. If there is a new, unknown process which starts you get suspicious very fast...And I'm sure that this happens to all users of TDS.

I know that most of the people don't have any clues about which processes are started on their computer. That's the way it is, unfortunately. But I think that the more defensive layers you have, the more possible it is, that the hackers gives up. There are easier targets out there and being caught (if possible) there is quite improbable.

And last but not least I love the Russian way of seeing things: Attacking is still the best defense! With TDS-3 you have a very powerful tool to make counter-attacks...

Greetings!

Patrice

 

The coders (true hacker in a sense) way in is exploiting a running service which can be.. hacked actually a lot of processes which have a socket open and will accept data from a remote PC could be vulnerable, there is every chance that there are a lot of unknown vulnerabilities in any given OS. Malformed data packets or even SYN / ACK / FIN and other segments could overflow a data buffer and lead to the execution of the code that is then sent.

I cant find a good example right now for Windows.. plenty around for *nix though, just do a search on google for "smashing the stack". I remember a good Windows one, possibly by dildog (Cult Dead Cow team, BO2K) which explains this technique and an example that needed only a few (100 or so) bytes to then call a function such as URLDownloadToFileA and ShellExecuteA - to download and execute further code leading to a total compromise. Even the URL was crafted to be very short.. not much space to work with

The main thing being a knowledge of buffer overflows and bad coding practices which lead to such a possibility. It may have mentioned some good coding practices to do with buffer checking, these are probably available in books such as "Writing Secure Code" seen at the DiamondCS recommended reading area (haven't read it yet sorry )

Of course my memory on all these details could be bad

 

Then there's also insecurity by design...
I recall the vulnerability in IIS due to it's response to Unicode commands. I don't know if this can be classified as a buffer overflow vulnerability, but at least you might classify it as a Design Flaw (I once advised the Agnitum folks to register this expression )