Hackers, Methods and Tools
SUMMARY
To ensure your safety, you must know the people who threaten it. Who is the hacker, what methods does he use, what tools does he have? The Internet is the world's fastest growing ocean of information. We need the internet to do our jobs, do our homework, get information and have fun. Every day, millions of people dive into this vast ocean of information... Only a few of the owners of the millions of computers that make up this global network are aware of the dangers of the internet, and very few of them are aware of the dangers and making an effort to take action. The main purpose of all of us connecting to the Internet is to access information. But there are people who believe in "freedom of access to information" in the depths of the ocean of information. They existed before the Internet and will exist in the future;
To ensure your safety, you must know the people who threaten it. Who is the hacker, what methods does he use, what tools does he have? The Internet is the world's fastest growing ocean of information. We need the internet to see our jobs, do our homework, learn and have fun. Every day, millions of people dive into this vast ocean of information.
Only a few of the owners of the millions of computers that make up this global network are aware of the dangers of the internet, and very few of them make an effort to recognize the dangers and take precautions. The main purpose of all of us connecting to the Internet is to access information. But there are people who believe in "freedom of access to information" in the depths of the ocean of information. They existed before the Internet and will exist in the future;
Who is a hacker?
Everyone who has been a little busy with computers and the internet has a definition of "hacker" in their minds...
Hackers are often portrayed in the media as destructive, malicious computer users. Do they really?
Hackers are the geniuses of the computer world. They are people who have an extraordinary talent for computers and an extraordinary intelligence. Contrary to popular belief, hacker does not just mean "hacking". There are two widely accepted definitions of hackers today. The first of these deals with computer programming, and the second one deals with computer security.
The first definition was made by Eric Steven Raymond, author of the famous hacker dictionary Argo File (Jargon File), the systems programmable program. Unlike most users who prefer to learn only as much as necessary, a person who likes to examine the details of systems and develops system capabilities is called a "hacker." In terms of hacking, "hacking" means revealing the unknown secrets of a system or reprogramming the system to serve a certain purpose. According to Raymond, people who damage computer systems are not hackers. It's called a "cracker." Raymond describes the difference as follows: "Hackers do things, crackers break them..."
As an example of programmer hackers Linus Torvalds, the creator of Linux, the founder of Linux' Richard Gates, the founder of the Microsoft Richard's Stallman project, the leader of the GNU project can be displayed.
Considering this definition, hackers are not very interesting and mysterious people. However, with the influence of the media, the use of this classic hacker definition has gradually decreased.
The mysterious world of hackers
The second hacker definition covers computer security. People who have superior knowledge and skills in computer systems and who gain unauthorized access to systems with special tactics are called hackers. We are sure that this definition is more familiar to you. Since the topics we are going to cover are about computer security, when we use the term "hacker" we will be referring to this second definition...
Hackers believe in the freedom to access free information. Their danger comes from hacking and infiltrating your system to get the information they want. According to hackers, knowing that two and two equals 4 makes you a mathematician, and bypassing system security makes you a hacker. So for them, the primary goal is not to break down security systems, but to access protected information.
Real hackers like to take risks. The higher the security of the system they are facing, the more they enjoy breaking it. A newly introduced security system means a new competitor for them. Hackers' ages vary. They are usually skilled at programming and are smart enough to stay out of sight. Hackers don't like to brag about their success. They often work behind the scenes and value privacy.
Despite the need for privacy, not all hackers work alone. They form hacker groups among themselves. But even within these groups, a certain degree of secrecy prevails, members may not even know each other's names. Hacker is not a person we can call "normal" in general. Hacker's most powerful weapon is his intelligence. A hacker has more practical thinking and decision-making skills than a normal person; What makes him a hacker is that he doesn't think the same as everyone else. Hackers are often a little disconnected from social life because of their attachment to their computers. Although it is not the same for all hackers, they do not like to talk and wander around. His circle of friends is not very wide.
Hackers working in the field of security have an air of mystery due to their work. It has been a matter of curiosity. Learning that nothing is as it seems on the Internet may cause you to fear them at first. A quote from the philosopher Francis Bacon is very popular among hackers: "Knowledge is power..."
Types of hackers
Hackers are divided into two according to their qualifications and purposes: White hat people and non-hacker people. The terms "lamer" and "script kiddie" are used.
white hat
White hat hackers are bona fide hackers who do not break the security systems in order to harm them. They can work with the company that produced the software for Before publicizing the vulnerability they detect in any system, white hats notify the company/person who developed the software, allow a reasonable time to close the gap, and do not harm the system during this period. It then announces details of this vulnerability in various newsgroups and websites to inform the public. We can say that the white hats are working for defensive purposes. These people are also called "ethical hackers".
black hat
Black hat hackers are the opposite of white hat hackers. They engage in damaging activities such as information theft, fraud, terrorism, deliberate destruction by bypassing security systems without permission. They can do this by remotely accessing a computer or cracking software.
Software hacker
They are people who break the copy protections of software and allow them to be used without permission. They are experts in programming, they may not have knowledge of network security.
gray hat (grey hat)
They are hackers wandering around the border of legality. They guide the security policies by identifying the weak points and vulnerabilities of the systems they are the administrators of or support.
hacktvisit
People who engage in hacking actions in order to raise a social or political problem. Their purpose is to announce something that is "bad" or "wrong" for them and to give a message to those concerned. It should be noted that whatever the purpose, gaining unauthorized access to a computer system is a crime and such activities should not be supported.
Lamer
They are wannabe hackers who have no knowledge about hacking, try to show off with a few terms they learned and a few simple programs they got their hands on. Lamers are usually juveniles and only aim to harm.
script kiddie
Although they are not hackers, they are the most dangerous and most feared people. Script kiddies, like lamers, are hackers, but unlike lamers, they have some knowledge. Script kiddies mostly try to attack systems/persons, damage and misuse the information they get. For them, breaching a security system is the goal, not the tool. They can be described as anarchists of the hacker world. Script kiddies are often responsible for simple attacks on home users. Tampering with your files and stealing your passwords on your PC is a source of entertainment for them. Script kiddies use a variety of ready-made programs and tools that are readily available on the internet. They read and apply step-by-step documents written by others that explain how to do something. They do not know how the programs they use work and cannot understand the technical documents. They try to damage as many computers as possible by using the programs they have. They don't have a purpose. Script kiddies are mostly computer-savvy high school students. They aim to become popular by creating a hacker image. That's why they describe themselves as hackers and brag about it. If someone tells you they're a hacker, know that that person is most likely a script kiddie.
Phreaker
They are people who work on telephone networks and try to make free calls by hacking their telephone systems. Classical phreakers prepared various electronic circuits and sent special signals to the telephone line. With the modernization of telephone networks, these methods lose their validity. Modern phreakers are interested in detecting international toll-free numbers, hacking answering machines and hacking VoIP services...
hacking plan
"A hacker who does not work in a planned way is very difficult to succeed. Contrary to popular belief, hackers do not wander between computers and do not enter and exit the system they want at any time. A systematic study is required for a system to be hacked. This study covers the days and days of the hacker. It may even take months.Moreover, it is never guaranteed to achieve a successful result.
The attack plan of the black hackers consists of the following stages:
1- Obtaining preliminary information
2-Scan
3-Gaining access
• At the operating system or application level
• At the network level
• Denial Of Service/DOS
4-Taking advantage of access
• Downloading software or data
• Upload/send program or data
• Making changes to system/files
5-Do not remove traces
Stage one: Obtaining preliminary information
In the information acquisition phase, it is tried to gather as much information as possible about the target before attacking the target. At this stage, the company's domain name record is examined; operating information, accessible hosts (hosts), open ports, locations of routers, operating system and details about the services running on the system are determined. That is, it is like knocking on the door to find out if anyone is at home. It does not pose a serious danger.
Second stage: Scanning
The hacker scans the pre-attack stage to obtain more useful information, using the information obtained in the first stage. At this stage, port scanners, dialers, open scanners etc. tools are used and the network map is created. When there is even a single vulnerability in the system that can be exploited, the hacker enters the attack stage. Therefore, this stage is risky and should be blocked as soon as possible by the person responsible for the security of the system.
Stage three: Gaining access
This stage is the main attack stage. The hacker infiltrates the system by using or typing the exploit, which can be applied in the form of deception or theft, on the LAN or locally, while you are on the Internet or offline. The amount of damage that can occur at this stage may vary depending on the structure and configuration of the target system, the skill of the attacker, and the level of access gained.
Stage four: Leveraging access
The hacker has infiltrated the system and it's time to proclaim his reign. At this stage, the hacker can damage the system. Some hackers prevent other hackers from entering the system by closing other vulnerabilities in the system and increasing security, and they ensure that the system belongs only to them. The hacker can install a backdoor, rootkit or trojan to easily re-enter the system. At this stage, the hacker can steal information by downloading a file or program from the system in accordance with its purpose, and change the system configuration by sending files or making changes to existing files.
Fifth stage: Destroying traces
Once the hacker has used the system for his own purposes, the hacker should get them off track so that their activities are not detected. The purpose of this is to stay in the system for a longer period of time (no action will be taken as long as it is not noticed), to reuse resources whenever it wants, to destroy hacking madmen and to avoid legal liability. Methods such as encryption, using interconnections (tunneling) and making changes to log files to destroy traces. As long as the hacker deletes his traces, he can take advantage of that system for a very long time or he can start to collect information about another system related to that system by using the system he has seized.
Hacker's toolbox
Hackers resort to various utilities to achieve their goals. These tools can be used for every stage we mentioned above. Some of the tools that hackers use (for example, information gathering tools) may be basically completely harmless, even useful tools for a normal user. Some are malicious tools developed purely for hacking. Since hacking tools are mostly developed by people who believe in freedom of access to information, they are distributed free of charge. In fact, we see that most of the linux-based software is open source, but it is not possible to say the same for the Windows-based ones. Now let's get to know the tools used by hackers by categorizing them...
Information collection tools
Information collection tools perform simple operations such as ping, whois, traceroute. For example, a whois query can provide you with which server a website is hosted on, its IP address, the IP address of the email server, and the site owner's contact information. The ping command is used to find out if any computer on the internet is responding to you. Normally, when you ping a computer, the other party sends you a response so that the data communication rate between the two computers can be calculated. Traceroute shows which points a data goes from your computer until it reaches the target computer. A hacker can infiltrate one of these intermediate points to take control of data communication or steal data.
Port and Vulnerability scanners
Port and vulnerability scanning is the most effective way a hacker can use to gather information. Many services are constantly running on potential target computers (especially servers). In order for these services to accept external connections, they must open certain ports and remain listening. Because the default ports are mostly not changed, a hacker can easily figure out which port is used by which program or service. After detecting the programs/services running on the target system through vulnerability scanners, the hacker will start to search for possible vulnerabilities related to that program or service and related vulnerabilities that have not been upgraded. It will be very easy to access the system through the vulnerabilities found.
Trojan horses (trojan)
You know the Trojan horse legend. The city of Troy cannot be conquered by fighting. Finally, a wooden horse is built and filled with soldiers. The horse is presented to the Trojans as if it were a gift, and after entering the city, the soldiers coming out of the horse ensure that Troy is taken.
Trojans have also been given this name because they work with a similar logic. When the user runs a trojan file (for example, a game is opened, an image is displayed, or an error message appears to be original), the actual malicious program starts running in the background and executes some hidden processes that the user is not aware of.
Trojan usually runs a server application so that an attacker can access your computer from outside. In addition, the trojan copies itself as a system file and automatically restarts at every system boot. Thus, the hacker can connect to your computer at any time and perform various operations allowed by the trojan.
Advanced trojans provide so much control over the computer; the user can control it as if they are sitting in front of your computer. Here are some things that can be done using the Trojan:
• Stealing all your registered account information and passwords
• Accessing your files on your computer
• File download, change, send, run
• Being able to follow what you write
• Being able to see your screen
• Audio/video recording from your microphone and webcam if connected
• Ability to turn your CD/DVD drive on and off (they usually do this as a joke)
• Ability to send output to your printer
• Locking/replacing your keyboard and mouse keys
• Attacking someone else through your computer
Also, the trojan can notify the owner of your current IP address as soon as you connect to the internet by sending an email or ICQ message to the owner. So it is difficult for you to hide it from the person who manages the trojan. As it is easy to understand, the attacker can use your computer as he wishes after installing a trojan on your computer.
Trojans consist of two parts: the client and server. The client is the program on the attacker's computer that he or she uses to connect to the server and manage the target computer. If it is a server, it is a program that needs to be run on the target computer, and when it is run, it opens a certain port and enables it to connect with the client. The size of the server is usually very small (a few Kb at most 100-200 Kb) and is embedded inside another program. Thus, a careless user may not notice at all that a trojan server is running. The client needs the IP address, the port number the trojan is listening on, and the password, if any, in order to be able to connect to the server. All trojans have predefined ports, by looking at these ports it can be determined which trojan is running on the system, but a clever hacker will definitely change the default port.
Trojans are used when attacking personal computers, not servers. A real hacker quickly gets the information he needs from the system he inserted the trojan and often destroys the trojan server because trojans are usually simple to detect. Trojans are not tools commonly used by hackers; On the other hand, we can easily say that the tool most used by script kiddies is trojan.
We said that Script kiddies are young people who are eager to show off. This is exactly what trojans offer them. They can infect various computers with trojan horses just for fun. Thus, they can easily get hold of your e-mail and MSN Messenger passwords, read your own texts to you, or damage your system just to satisfy their ego.
To get a trojan into the system, the target person often needs to be deceived and persuaded through social engineering. Here are the ways Trojans can reach the target:
• Chat environments such as MSN Messenger, ICQ, IRC
• Email attachments
• Physical access (attacker uses your PC)
• Vulnerabilities in web browsers and email software
• NetBIOS (file sharing)
• Fake programs
• Unsafe sites and software
The simplest way to protect yourself from Trojans is to use a good anti-virus program and firewall. Most anti-virus programs detect popular trojans instantly and neutralize them before they work.
Social engineers who realize that the cheats don't work will not try to convince you to temporarily disable your anti-virus software. Whatever they tell you, never fall for such scams and never turn off your anti-virus software.
Password crackers
Obtaining an authorized person's account information often makes it easier for a hacker to reach their destination. Having a valid account, the hacker can log into the system directly using the account information and get the desired information without dealing with exploits or other methods.
Passwords are stored encrypted rather than in plain text so that they cannot be easily intercepted. Various cryptography functions have been developed to store passwords (and other important information). To give an example, it is checked whether the password "7lekiust" is encrypted with the MD5 method, "061fd09716f00fed3a8866052db55a81". The result cannot be reversed, so it is not possible to crack this password instantly.
The hacker may have hacked into a database containing such encrypted passwords, or he may be trying to crack a web password form that he knows only the username. There are three ways to break:
Guess: It shouldn't surprise you to learn that most users choose extremely weak passwords. qwerty,12345,0000,date of birth and real name are some of the most used passwords.
Dictionary attack: Dictionary attack takes advantage of people's poor password selection propensity. The file called the dictionary (dictionary) or word list (word list) is formed by listing thousands or even millions of words that can be passwords. For example, dictionary files such as place names and Turkish words can be easily found on the Internet and uploaded to password cracking programs. After the program receives the list, it starts to try each word one by one. Modern computers can try hundreds of passwords per second, so this is a very sensible method.
Brute force attack: Trying all possible passwords is called brute force attack. Theoretically, any password can be cracked with this method. But this method is impractical unless the password is short, because a good password can take years to crack. A password of at least 8 characters, consisting of upper and lower case letters, numbers, and special characters is sufficient to not be easily cracked by today's computers.
Keyloggers (keylogger): Keyloggers are programs that secretly record everything you type. However, the capabilities of advanced keyloggers are not limited to this. An advanced keylogger can have:
• Saving your typing
• Saving the websites you entered
• Taking screenshots at regular intervals
• Save your emails and instantly send a copy to the attacker
• Keep your chat logs (eg MSN Messenger or ICQ)
Keyloggers can only keep their records in a secret file on the target computer or send copies of the records to the attacker at regular intervals. These programs are often used to steal passwords, to control children or office workers. Advanced keyloggers are usually paid and may not be recognized by antivirus software because they are legitimate-looking software.
In addition to software keyloggers, there are hardware keyloggers as well. Keyloggers are completely transparent, work independently of software and cannot be detected using software.
Sniffers
Sniffer literally means "sniffer". Sniffers "sniff" the data flowing over the network. The sniffer can be software or hardware with properly programmed firmware. Sniffers snoop on network traffic and never interfere with or modify the traffic, so they are very difficult to detect.
So, what kind of data can be obtained with a sniffer? Windows file sharing protocol, telnet, FTP3, etc. Although they are extremely popular, their structure is very simple and insecure. All passwords you use in these protocols are sent to the server in plain text. Here, the account information you use when connecting to such a server can be easily captured with a sniffer.