1 / 31

Session #1 BITS Pilani

WEB AND $HELL HACKING. Session #1 BITS Pilani. AGENDA. Basic Introduction Group Formation Motivation :- Terms and Definition Language Symbols Assignments Its Over . Terms. Definitions and Questions. Hacker.

lada
Download Presentation

Session #1 BITS Pilani

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEB AND $HELLHACKING Session #1 BITS Pilani

  2. AGENDA • Basic Introduction • Group Formation • Motivation :- Terms and Definition • Language • Symbols • Assignments • Its Over 

  3. Terms Definitions and Questions

  4. Hacker • Hacker is a term used to describe different types of computer experts. It is also sometimes extended to mean any kind of expert, especially with the connotation of having particularly detailed knowledge or of cleverly circumventing limits. The meaning of the term, when used in a computer context, has changed somewhat over the decades since it first came into use, as it has been given additional and clashing meanings by new users of the word. • Currently, "hacker" is used in two main ways • A possible middle ground position observes that "hacking" describes a collection of skills, and that these skills are utilized by hackers of both descriptions, though for differing reasons.

  5. Cracker A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system. • The term "cracker" is not to be confused with "hacker". Hackers generally deplore cracking. However, as Eric Raymond, compiler of The New Hacker's Dictionary notes, some journalists ascribe break-ins to "hackers.“

  6. l337 5p34k ?? • PHr3Ku3N7ly H4s|{3d K0o£St330nZ! • Pronounced “leet speak”, from “elite”. A system of spellings of English words or phrases using numbers and symbols to replace common letters and featuring deliberate misspellings. Supposedly the “language of hackers”, in reality it’s used more seriously by the “script kiddie” crowd, although it is commonly used jokingly by experienced Internet users.

  7. Elite and BBC Master/ Micro • Cult of the Dead Cow • NSF ??? Ninja Strike Force (NSF) is the name of the "community outreach" arm of CULT OF THE DEAD COW. It was established in 1996. Membership in the NSF is granted by the cDc to those individuals who stand out in their support of the cDc and its ideals. Members are recognized for their abilities, capabilities, and being the best of the best in their skills.

  8. http://www.cultdeadcow.com/

  9. Primitive l33t • Primitive Leet was generally much less elaborately substituted than modern forms. Typical spelling changes were to swap "f" and "ph" (as in "fone phreaks"), using "z" for "s" (generally only in the final position, ie. "phi1ez" but not "za1ezman"), "1" for "l", "k" for "c" and "0" for "o". In some positions, "y" was used for "i", most notably in the earliest spelling of elite as "e1yte“ • Another early derivation of the letter replacing phenomenon was the prefix "k-" to some words. This began with the redundant substitution of "k" for "c" as seen in "k-kool" but was soon transposed to the much more common and enduring "k-rad"

  10. IRC / AIM and Leet  • Through this process, Leet acquired an expanded vocabulary. As Internet slang grew (such as w00t and so on), it was absorbed into Leet (and subsequently enciphered). • In addition to the broader vocabulary, Leet's ciphers became even more complex and dynamic. Where originally, a one-to-one relationship existed between the source and cipher text (such as "e" -> "3"), newer one-to-many and many-to-many ciphers began to emerge (such as "a" -> "@", "4", and so on).

  11. l33t • Some common l33t words/phrases: • 0wn3d – beaten in a humiliating fashion, compromised • h4x0r - hacker, can be used for a real hacker or simply a very skillful person. • l4m3r - Lamer, someone who is lame, someone who uses an unfair tactic or generally makes the things around him or her less fun. • n00b - Short for noobie, misspelling of newbie; someone who is new to something, or just not very good at it. • L33t was brought into the height of its popularity by the webcomic “Megatokyo”, with the following early strip:

  12. l33t

  13. Interpreting The Language • Numbers are often used as letters. The term "leet" could be written as "1337," with "1" replacing the letter L, "3" posing as a backwards letter E, and "7" resembling the letter T. Others include "8" replacing the letter B, "9" used as a G, "0" (zero) in lieu of O, and so on. • Non-alphabet characters can be used to replace the letters they resemble. For example, "5" or even "$" can replace the letter S. Applying this style, the word "leet speak" can be written as "133t5p34k" or even "!337$p33k," with “3" replacing the for E in speek..

  14. Letters can be substituted for other letters that may sound alike. Using "Z" for final letter S, and "X" for words ending in the letters C or K is common. For example, leetspeekers might refer to their computer "5x1llz" (skills). • Rules of grammar are rarely obeyed. Some leetspeekers will capitalize every letter except for vowels (LiKe THiS) and otherwise reject conventional English style and grammar, or drop vowels from words (such as converting very to "vry"). • Mistakes are often left uncorrected. Common typing misspellings (typos) such as "teh" instead of the are left uncorrected or sometimes adopted to replace the correct spelling. • Non-alphanumeric characters may be combined to form letters. For example, using slashes to create "/\/\" can substitute for the letter M, and two pipes combined with a hyphen to form "|-|" is often used in place of the letter H. Thus, the word ham could be written as "|-|4/\/\.“ • The suffix "0rz" is often appended to words for emphasis or to make them plural. For example, "h4xx0rz," "sk1llz0rz," and "pwnz0rz," are plural or emphasized versions (or both) of hacks, skills, and owns.

  15. The 1337 Krew is a selectable "Terrorist Faction". 1337 Krews are skinny men, who wear thick glasses, green collared shirts and khaki pants, perhaps as a stereotype of a computer hacker. • However, In recent versions of Counter-strike (1.6 and beyond), the character was re-modeled into a stereo-typical terrorist (adding a head-wrap, and changing the clothes). Counter-Strike:Source, a port of Counter-Strike to the Source game engine, is yet to implement the "1337 Krew" model, although updates are said to be on the way • Counter-Strike:Source does have references to 'leet speek' however. One of the many randomly selected phrases a bot (CPU contolled opponant) can say upon winning a round is "We Owned Em'" With 'owned' being the reference to leet speek.

  16. 0\/\/n3d • pwn3d • pr0n • (n)00t • Joo • d00d • \_:_/3l_c()[]\/[]3 +0 <\>es i=

  17. Hactivism • Formed by combining “hack” with “activism,” hacktivism is the act of hacking into a Web site or computer system in order to communicate a politically or socially motivated message. • Unlike a malicious hacker, who may disrupt a system for financial gain or out of a desire to cause harm, the hacktivist performs the same kinds of disruptive actions (such as a DoS attack) in order to draw attention to a cause. • For the hacktivist, it is an Internet-enabled way to practice civil disobedience and protest.

  18. Hactivism Q/A • Q: Give me 1 pro and 1 con to hactivism, in terms of the person doing it. • A: • Pro: Their message is seen by all the people who would normally use a resource (it’s down in the case of DoS, a web page is defaced, etc.) • Con: Hactivism is illegal. Very illegal. In addition to getting you arrested, it links your cause to criminal actions and vandalism, which can have negative PR.

  19. . 0 . |_|0|_| 010 [ ][ 0 ][ ]. . 0 |_|_|0| 001 [ ][ ][0]000 |0|0|0| 111 [0][ 0 ][0]http://www.catb.org/hacker-emblem/

  20. White Hats • "White Hat" usually refers to hackers who don't break the law, commit any offense or engage in any malicious activity as part of their hacking. • The term is now commonly used by security consultants who offer hacking/penetration testing as part of their services. • When they find a hole in the system they alert the operators so they can fix it.

  21. Black Hats • "Black Hat" is the term that white-hat hackers and commentators often use to define malicious hackers who cause harm or break laws as part of their hacking exploits. • The term "cracker" is also used to describe black-hat hackers. But most black-hat hackers don't usually care what you call them, just as long as it's not "script kiddies." • “Black hat” hackers steal information, plant viruses, and wreak havoc.

  22. Grey Hats • "Grey Hat" is the term often given to hackers whose actions are not malicious but whose hacking methods may cross legal or ethical lines. It's also used to categorize hackers who may at one stage have broken the law in their hacking activities, but who have since come across to the more ethical white side. • “Gray Hat” describes a cracker who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Unlike a black hat, a gray hat acts without malicious intent. The goal of a gray hat is to improve system and network security. • However, by publicizing a vulnerability, the gray hat may give other crackers the opportunity to exploit it. This differs from the white hat who alerts system owners and vendors of a vulnerability without actually exploiting it in public. • “Grey Hat” Hackers don’t commit crimes but may give information to Black Hat Hackers who will.

  23. Hat colors Q / A • Q: Why (as a grey hat) post flaws publicly? • A: Many times, white hats say that when they notify a company privately of a security flaw, the company ignores them or attempts to silence them. By posting the flaw publicly, the company is forced to take action to correct the flaw, lest it leave a known security hole in place.

  24. Script Kiddies • A SCRIPT KIDDIE is a person, normally someone who is not technologically sophisticated, who seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. • A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan theentire Internet for a victim that possesses that vulnerability.

  25. Warez • Pronounced wayrz or wayrss. Commercial software that has been pirated and made available to the public via a BBS or the Internet. • Typically, the pirate has figured out a way to de-activate the copy-protection or registration scheme used by the software. • Note that the use and distribution of warez software is illegal. • In contrast, shareware and freeware may be freely copied and distributed.

  26. Warez / Script Kiddy Q/A • Q: Why are they called “script kiddies”? • A: Script kiddies do not really understand what they’re doing, as opposed to say, hackers or crackers. They use programs (scripts) written by other people. Traditionally, these programs automate detection and usage of known exploits, and the script kiddie will try multiple programs until they find one that works on a given machine. The “kiddie” part is deragatory and refers to their lack of experience and skills.

  27. Becoming a ReaL Hacker • The Internet is the most exhaustive and comprehensive library of information and knowledge. • Programming + one OS • RFCs • RFC 1150 FYI? • msdn.microsoft.com • neworder.box.sk • NSF site. 

  28. ANY QUESTIONS?????

More Related