I wrote this to highlight another security threat that no Microsoft Patch can resolve: USER IGNORANCE. Jellyfish covered a lot, and I would like to add this, because it affects anyone running windoze. To summarize, i will state that you should disable any open shares on your computer, the vunerability of this is explained in this post.
In fact, most plane crashes are caused by pilot error. Similarily, most computers that get viruses, malware, spyware, hacked! are owned by ignorant users, or users that click a popup saying "your computer is at risk".
I appriicate what Jellyfish has written regarding the issue of computer security. However, there is no exact method of avoiding spyware and all that scary stuff! Simply not opening email attachments, visiting only trusted sites, and using a firewall will keep you safe. There is no need for scaremongering.
I dont even have a virus scanner installed cause i know its pointless nowadays, but then again I also know which sites NOT visit, where to download SAFELY, and that any attachment from china in my inbox goes straight in the trash, even if it does say "I saw your profile and think your really cute and would like to suck your...".
HOW TO HACK INTO COMPUTER SYSTEMS WITHOUT ANY KNOWLEDGE OF COMPUTERS
Basic Internet protocol (IP)
-------------------------------
To get started we need to understand a basic netowrking term you have all come accross; IP Address
Every computer connected to the Internet will have a unique IP address, usually in the form 123.123.123.123. Each digit ranges from 0-255 (because it is 8-bits per digit, 2 to the power of 8 = 256, inc 0 = 256-1 = 255, duh!!!)
When data is sent from your computer (e.g. to request a webpage) the data is packaged in a packet that will contain your IP address. The IP address is essential in order for the website you are requesting data from to know where to return it to!
It is a common myth that you can "spoof" an IP address, or put simply; carry out any dodgy or illegal activity on the Internet without getting caught. Your IP address is given to you by your ISP when you connect to the Internet. Your IP address will also be logged to your username and account details that are known by your ISP. In simple terms, your IP address is as revealing as your actual name and postal address in the eyes of your ISP. If you go on websites and post evil comments about torturing small fluffy animals they can easily look at the logs, contact your ISP and instantly get a name, address, and disconnection order.
Ok, some more info: "When you connect to the Internet your ISP will give you an IP address." You will get or "lease" this IP address from a pool of IP addresses that your ISP has ownership of.
For example, the pool of users connected to the Internet via the ISPs network in CastleTown may have IPs ranging from:
86.20.155.3 --> 86.20.155.240
As you see only the last digit has changed. This equates in theoretical terms to: The House is the Last digit. The Street is the 3rd Digit (155), the Town is the 2nd Digit (20). The Country is the 1st digit (86). This is not necessarily exactly true, but IP addresses follow this hierachical structure in order to point to any Internet connected computer on the planet, just like phone numbers and phone codes.
Ok, so your IP address maybe 86.20.155.155, and Happy Keith down the road may have the IP address 86.20.155.60. But your secret lover Jean-Paul in france may have the IP address 70.10.144.10. Simple.
File sharing over a Network
--------------------------------
Microsoft are undoubtedly famous for being pretty stupid when it comes to security. In fact, a common updated XP install will have been patched over 500 times from the Windows update site to fill holes that hackers can exploit. Even when you install XP, it opens up your folder and files to the world in the form of "shares".
Even a complete newbie can exploit this, and I will show you how.
If you open up windows explorer right now you will see "My Shared Documents". Windows thankfully created this so that anything in it is accessible by any computer on the local network, and consequently the entire INTERNET. In fact, right click any folder and you can easily share it with the entire world. Simply click the Sharing tab and enter a Sharename for that folder.
So, how do you access such folders from outside? Use a browser and....
Easy: "\\IP address\sharename"
Example: "\\86.20.155.60\My Shared Documents"
Example 2: "\\86.20.155.60\WINDOWS\SYSTEM\"
People often use this system to share movies, software and games with other users on a "local" network without knowing they are actually sharing their files with the entire world. The question is, how to "find" these computers?
How to find open shares using IP range/port scan
---------------------------------------------------------
The answer to this is simple. Scan every IP address in a range of IP address for open shares. E.g. Scan from 86.20.155.0 --> 86.20.155.255 If any "open shares" are found, we can access them. If you are competant with VB, MS-DOS, or even better have access to the range of network scanning tools available in a real operating system such as Linux, the possiblities are endless. However, considering we are newbies and are running a Windows box then you will need to find some pre-written pretty software to do it for you.
Try LANGuard Network Security Scanner. Here are the simple steps now we know what we are dealing with.
1. Install LANGuard Network Security Scanner
2. Choose an IP address range you want to scan for open shares.
3. Scan 0->255 and wait for the results.
4. IF any have open shares, access them via "\\IP Address\Sharename"
5. Read someone else email, documents, and edit their photos.
LANGuard will tell you the names of the open shares and also list any security vunerablities for the target computers scanned. For example, you can even PRINT on someone else computer, "a funny hello message or xmas card is always good", or edit any documents in that share. E.g. draw horns on photos, obtain and change phone numbers, passwords etc. Furthermore we can go beyond that and even DELETE or CORRUPT documents and files for fun!!
What is a HACKER?
-----------------------
What a HACKER ISNT: A hacker isnt someone who accesses computer systems and destroys data. A HACKER is someone who accesses computer systems competently and leaves no trace of entry.
A CRACKER is someone who accesses computer systems competently and causes damage (Often for money, or some economic/political/socio-economic purpose)
Finally, a SCRIPT KIDDY is someone who is a NEWBIE to computer systems but aims to exploit any security vunerability the see fit without considering the consequences. E.g. a script kiddy may write basic code in VB to format C: drive, etc. These are NOT HACKERS but parasites that cause trouble the way you may have done in your RE class.
Final word of WARNING: If you wish to try the above I accept no responsibility for your actions. In fact, it was recently in the news that someone DID just the above, but accidently scanned an IP range assigned to FBI computers. That poor NEWBIE landed in Jail using this simple trick, and the guy obviously was no uber-hacker, but a stupid fool who accidently scanned some pretty unsecure but highly important data. I think it is very unlucky, since you would expect FBI computers NOT to have open shares!!!!!!!!!!!!!!!!!! It highlights IGNORANCE from both parties.
Be careful where you scan peeps
Disclaimer
-------------
I will say it again. I accept NO responsiblity for carrying out any of the actions in this post. Furthermore, the whole point in this post is to highlight the fact that YOU SHOULD DISABLE ANY SHARED FOLDERS, PRINTERS, OR RESOURCES to avoid being owned! Go to your SHARED DOCUMENTS now and DISABLE SHARING. There are a multitude of SCRIPT KIDDIES out there doing exactly what is descibed above, and as you can see, a 10 year old child is capable of such activity. Good luck.
In fact, most plane crashes are caused by pilot error. Similarily, most computers that get viruses, malware, spyware, hacked! are owned by ignorant users, or users that click a popup saying "your computer is at risk".
I appriicate what Jellyfish has written regarding the issue of computer security. However, there is no exact method of avoiding spyware and all that scary stuff! Simply not opening email attachments, visiting only trusted sites, and using a firewall will keep you safe. There is no need for scaremongering.
I dont even have a virus scanner installed cause i know its pointless nowadays, but then again I also know which sites NOT visit, where to download SAFELY, and that any attachment from china in my inbox goes straight in the trash, even if it does say "I saw your profile and think your really cute and would like to suck your...".
HOW TO HACK INTO COMPUTER SYSTEMS WITHOUT ANY KNOWLEDGE OF COMPUTERS
Basic Internet protocol (IP)
-------------------------------
To get started we need to understand a basic netowrking term you have all come accross; IP Address
Every computer connected to the Internet will have a unique IP address, usually in the form 123.123.123.123. Each digit ranges from 0-255 (because it is 8-bits per digit, 2 to the power of 8 = 256, inc 0 = 256-1 = 255, duh!!!)
When data is sent from your computer (e.g. to request a webpage) the data is packaged in a packet that will contain your IP address. The IP address is essential in order for the website you are requesting data from to know where to return it to!
It is a common myth that you can "spoof" an IP address, or put simply; carry out any dodgy or illegal activity on the Internet without getting caught. Your IP address is given to you by your ISP when you connect to the Internet. Your IP address will also be logged to your username and account details that are known by your ISP. In simple terms, your IP address is as revealing as your actual name and postal address in the eyes of your ISP. If you go on websites and post evil comments about torturing small fluffy animals they can easily look at the logs, contact your ISP and instantly get a name, address, and disconnection order.
Ok, some more info: "When you connect to the Internet your ISP will give you an IP address." You will get or "lease" this IP address from a pool of IP addresses that your ISP has ownership of.
For example, the pool of users connected to the Internet via the ISPs network in CastleTown may have IPs ranging from:
86.20.155.3 --> 86.20.155.240
As you see only the last digit has changed. This equates in theoretical terms to: The House is the Last digit. The Street is the 3rd Digit (155), the Town is the 2nd Digit (20). The Country is the 1st digit (86). This is not necessarily exactly true, but IP addresses follow this hierachical structure in order to point to any Internet connected computer on the planet, just like phone numbers and phone codes.
Ok, so your IP address maybe 86.20.155.155, and Happy Keith down the road may have the IP address 86.20.155.60. But your secret lover Jean-Paul in france may have the IP address 70.10.144.10. Simple.
File sharing over a Network
--------------------------------
Microsoft are undoubtedly famous for being pretty stupid when it comes to security. In fact, a common updated XP install will have been patched over 500 times from the Windows update site to fill holes that hackers can exploit. Even when you install XP, it opens up your folder and files to the world in the form of "shares".
Even a complete newbie can exploit this, and I will show you how.
If you open up windows explorer right now you will see "My Shared Documents". Windows thankfully created this so that anything in it is accessible by any computer on the local network, and consequently the entire INTERNET. In fact, right click any folder and you can easily share it with the entire world. Simply click the Sharing tab and enter a Sharename for that folder.
So, how do you access such folders from outside? Use a browser and....
Easy: "\\IP address\sharename"
Example: "\\86.20.155.60\My Shared Documents"
Example 2: "\\86.20.155.60\WINDOWS\SYSTEM\"
People often use this system to share movies, software and games with other users on a "local" network without knowing they are actually sharing their files with the entire world. The question is, how to "find" these computers?
How to find open shares using IP range/port scan
---------------------------------------------------------
The answer to this is simple. Scan every IP address in a range of IP address for open shares. E.g. Scan from 86.20.155.0 --> 86.20.155.255 If any "open shares" are found, we can access them. If you are competant with VB, MS-DOS, or even better have access to the range of network scanning tools available in a real operating system such as Linux, the possiblities are endless. However, considering we are newbies and are running a Windows box then you will need to find some pre-written pretty software to do it for you.
Try LANGuard Network Security Scanner. Here are the simple steps now we know what we are dealing with.
1. Install LANGuard Network Security Scanner
2. Choose an IP address range you want to scan for open shares.
3. Scan 0->255 and wait for the results.
4. IF any have open shares, access them via "\\IP Address\Sharename"
5. Read someone else email, documents, and edit their photos.
LANGuard will tell you the names of the open shares and also list any security vunerablities for the target computers scanned. For example, you can even PRINT on someone else computer, "a funny hello message or xmas card is always good", or edit any documents in that share. E.g. draw horns on photos, obtain and change phone numbers, passwords etc. Furthermore we can go beyond that and even DELETE or CORRUPT documents and files for fun!!
What is a HACKER?
-----------------------
What a HACKER ISNT: A hacker isnt someone who accesses computer systems and destroys data. A HACKER is someone who accesses computer systems competently and leaves no trace of entry.
A CRACKER is someone who accesses computer systems competently and causes damage (Often for money, or some economic/political/socio-economic purpose)
Finally, a SCRIPT KIDDY is someone who is a NEWBIE to computer systems but aims to exploit any security vunerability the see fit without considering the consequences. E.g. a script kiddy may write basic code in VB to format C: drive, etc. These are NOT HACKERS but parasites that cause trouble the way you may have done in your RE class.
Final word of WARNING: If you wish to try the above I accept no responsibility for your actions. In fact, it was recently in the news that someone DID just the above, but accidently scanned an IP range assigned to FBI computers. That poor NEWBIE landed in Jail using this simple trick, and the guy obviously was no uber-hacker, but a stupid fool who accidently scanned some pretty unsecure but highly important data. I think it is very unlucky, since you would expect FBI computers NOT to have open shares!!!!!!!!!!!!!!!!!! It highlights IGNORANCE from both parties.
Be careful where you scan peeps
Disclaimer
-------------
I will say it again. I accept NO responsiblity for carrying out any of the actions in this post. Furthermore, the whole point in this post is to highlight the fact that YOU SHOULD DISABLE ANY SHARED FOLDERS, PRINTERS, OR RESOURCES to avoid being owned! Go to your SHARED DOCUMENTS now and DISABLE SHARING. There are a multitude of SCRIPT KIDDIES out there doing exactly what is descibed above, and as you can see, a 10 year old child is capable of such activity. Good luck.
.
