Hacking 101.3 from the December 2000 Actrix Newsletter

by Dean Moor

I am again grateful to Dean Moor for this next article in his series on hacking. To many it is a fascinating topic. It really would be a good idea for those interested but new to computers or the net to read over Dean's previous articles at:

http://editor.actrix.co.nz/0008.htm,
http://editor.actrix.co.nz/0009.htm
http://editor.actrix.co.nz/0010.htm and
http://editor.actrix.co.nz/0011.htm   -Ed

Hi Folks,

Wow, what a month! I don’t know about you, but I sure have been flat out with getting ready for Christmas. I hope you haven’t forgotten to update your virus definitions, there are always a few nasty surprises in some of these Christmas e-mails. Just a quick reminder and please beware of suspicious e-mails.

Anyway, getting back on track! What can a hacker do to your computer? Phew, where to start. Ok, for now I will just list a few of the most common attacks that I have come across, and attempt to explain each one in a little detail.

Firstly, there is the DDoS (Denial of Service) attacks. This is where the "Attacker" just wants to annoy you and prevent you from using the Internet. This can be done in a variety of ways, but the most common is to connect to you and then send a large amount of information to your computer – flooding. Generally with 56K (or slower) modems, this is easy to do because the bandwidth is so low, so the attacker hardly has to try to successfully block you from using the Internet. I mean, your information can’t get out of the driveway if someone else is parked in the way. Another method to accomplish this attack type is to crash your computer. This is a lot more complicated, and most "Attackers" wouldn’t know how to do this. Briefly, the attacker creates a specially worked piece of information to send to your computer. This information is designed for only one purpose and that is to exploit or utilise a vulnerability on your computer. (If you have been keeping up with your Microsoft Updates you should be protected from most of these Exploits and Vulnerabilities). Vulnerabilities are security weaknesses in your computer's software (usually Windows) that were not fully discovered or realised at the time of release. That's why Microsoft regularly publish security updates that you really should download from http://windowsupdate.microsoft.com.

The next basic type of attack is what I call the Trojan Attack. This appears to be the most common of all attacks that I have seen and works in much the same way that a large wooden horse was used to breach the security of Troy . A Trojan program or virus must first be installed on your computer. This can be done in several ways, but the most common two are via email, and download (Set-up Files). This attack is one that I personally consider a VERY HIGH risk! Why? Simply because the attacker, when successful, has got COMPLETE Control of your system! When I say complete, I mean more control than you probably have over your own computer. Just take a look at this partial list of features one popular Trojan has;

  • Telnet support. Access your PC’s MS-DOS-prompt with just a Telnet program.
  • HTTP support. Access your files, including download and upload support, with just a web-browser.
  • Host list integration with network neighbourhood.
  • General system information and cached passwords.
  • Window manager (full control over all windows).
  • Registry manager (list keys, fields and values, create keys and delete keys, change values among others).
  • Sound system (raise and lower volumes).
  • Port redirect (simple proxy support).
  • Application redirect (e.g. allows you to interact with MS-DOS prompts remotely, which gives you powerful access to the computer).
  • File actions (execute executable files, show image files, play audio files, open document files and print document files).
  • Spy functions (includes listen keyboard, get screen capture, record audio from microphone and get web camera image).
  • File manager (explorer, upload and download files, delete files and folders, create folders and share folders).
  • Exit Windows (reboot system, shutdown system or power down system).
  • Cool functions (Client chat, open and close CD-ROM, disable keys, key click, swap mouse buttons, Go to URL, Send text).
  • Host scheduler, predefine time to run scripts at hosts.

Netbus Interface

Simple Point and Click hacking

Did you notice the Port Redirect? With this, the attacker can use your machine to attack someone else! Imagine if that was the FBI, IRD, or even Police! How about the Spy Functions? Believe me when I say that these work very well! Some Trojans even have the ability to record Keystrokes while you are off line, and when you reconnect, the logs are sent to the person who installed the Trojan. I am not trying to scare you here, this is simple truth. What about the System Information? Well, This is a very detailed list, ranging from Swap File size, Logged on user, to amount of ram, windows directory, and even the amount of Hard Drive room you have left. Passwords? well, let’s finish up when I say, none of thepasswords stored on your machine are safe from this feature!

Now, the last basic category of attacks is very similar to the exploits. In these "Attacks" the attacker sends specific information to your computer to determine your operating system, firewall type, location etc. This information can prove to be very helpful to an attacker who may be planning to break into your machine. Why? Well, if he knows what Operating System you have, the Version and Brand of your firewall, Available Bandwidth and Location in the world he knows this;

  • What exploits to attempt
  • How to disable your Firewall
  • Whether its worth while regarding speed of attack
  • And the Local Laws Governing Hacking

Now, I assume when I say this that our "attacker" is a smart one who knows what they are doing, and thankfully there aren’t really too many of those around!

Well, I hope I didn’t scare you too badly. While these situations are VERY REAL, the chances of someone doing this to you are relatively low, depending on your bandwidth and whether you have a static IP address or a dynamic one. However, without any security at all, you may as well do the damage yourself! I firmly believe that it is not a case of IF, but WHEN, and I myself would much rather lock the doors and windows, than leave them open. What do you do when you leave home?

To find out just how secure you are, try clicking the Steve Gibson and Sygate links below. You may be surprised!

Thanks, and until next time, safe surfing and Merry Christmas.

Dean Moor
StarTech
www.startech.co.nz

Steve Gibson's Shields Up
Steve Gibsons Shields Up

Sygate's Advanced Scan Utility <http://scan.sygatetech.com/>
Sygate's Advanced Scan Utility

SubSeven v.2.1.4 hacker's interface