Thursday, March 25, 2010

Reynhardt van Blommenstein is a hacker in south africa

Hacker bending but not breaking laws - what is the diffs???????????
Reynhardt van Blommenstein - Great Brakriver - Garden Route South Africa
 
 
Contact Number: Fax: +27 44 696 6364 Tel: +27 82 798 6268

Hacker challenge sites, A list of hacker challenge sites

Hackthissite - http://www.hackthissite.org
A nice site (even though it has been having problems recently) including basic web challenges, "realistic" missions, basic cracking and encryption challenges.
 
ngsec - http://www.ngsec.com
A great website, with some tough final challenges. Including SQL Injection and some Buffer overflow challenges.
 
Try2Hack - - http://www.try2hack.nl
One of the most well known hacking challenge sites, its levels are basic and ideal for those new to security.
 
Hackerslab - http://www.hackerslab.org
A great site with levels based around unix security, you'll either want to use linux or have a copy of putty to complete any of these challenges.
 
SlyFX - http://www.slyfx.com
A great challenge site, starts off with some basic maths and moves onto solving application problems (starts with some basic debugging and moves onto solving stuff)
 
Mod-X - http://www.mod-x.co.uk
Never completed this site, got a little bored with it. But on the whole rather good, if you've played the game uplink it's that sort of story (i think, as I said, never really played it I got bored at lvl3 )
 
HackMe @ Elderson - http://hackme.elderson.net
Only a few challenges, but they are interesting ones.
 
Hope that this wil help our hacking curious members . Also the site admins.

5 Hacking Sites for a budding Hacker

Well well well..As I already told you,most of people ask me how to become a hacker,and my usual reply is that I cant make you a hacker,but I can tell you how to be one,and its your interest,your passion,your mindset which will drive you to be one.A hacker evolves from many stages,from the lower level script kiddie to the elite level Guru,one needs to be in constant research to develop their soft and hard skills.I m myself learning a lot,and I would like to share 5 Hacking sites,which you must visit,if you want to be an expert in security.
 
Phrack
 
Phrack is the granddaddy of all the hacking sites out there,and is the world's oldest hacker ezine,by hackers,for hacker. Described by Gordon Fyodor as "the best, and by far the longest running hacker zine" covers deep articles on Hacking and Cracking.A heaven for willing learners,Its articles are worth in gold.
 
Hacki9
 
Hakin9 offers an in-depth look at both attack and defense techniques and concentrates on difficult technical issues.Hakin9's target readers are those responsible for IT system security, programmers, security specialists, professional administrators, as well as people taking up security issues in their free time.
 
Milw0rm
 
When it comes to getting exploits,few sites are as comprehensive and updated as Milw0rm.Milw0rm provides a one stop platform for almost all security experts along the world to publish their new found exploits on the web so that other can study them for good or worse.
 
Hack this Site
 
Wanna test your hacking skills ? Hack This Site puts your skills to an ultimate test as it throws you real life challenges of almost every type,Trust me,If you have it in you,visit and complete its missions and nothing can beat you.
 
2600

A great collection of articles and podcasts on security,one has to visit 2600 to get a feel what hacking is. 
 
I believe you will get better and learn something.. 
 
Keep Learning

Cain & Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
 
Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.
 
The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and  some not so common utilities related to network and system security.

Advanced Process Termination

Advanced Process Termination (APT) is a tiny but powerful utility that provides 18 unique process attacks: - 2 kernel-mode termination techniques - 12 user-mode process termination techniques - 2 suspension techniques - 2 fatal crash techniques This arsenal makes APT ideal for testing the resistance of software to termination attacks, testing the configuration of your own security programs, as well as allowing you to terminate stubborn software that simply refuses to die. APT also has internal anti-hook capabilities which transparently enables it to bypass most user-mode hooks which may otherwise try to interfere with termination techniques.

Hacking a website

First of all,why you want to hack a webpage?Is it a certain webpage or any site at all? There are many reasons to hack a website, or a webmaster.Maybe you want to take a revenge or maybe you want to have fun or just learn how to do it ! You can deface the website which means replace the original index with a new one or you can gain access to the member area of the site which might be easier.
 
Defacing
You can deface the site through telnet or your browser by running remote commands on an old or misconfigured server, the hard thing to do is find an old server , maybe a network of a school or university would do,get a CGI BUG searcher.This program will scan ranges of IPs for web-servers and will scan them for known bugs in their cgis or other bugs and holes.You can learn how to exploite a certain hole by adding in yahoo the name of the bug/hole and the word exploit,search for " cmd.exe exploit".There are more than 700 holes that many servers might have! You can also deface a website by finding the ftp password and just browse through the sites ftp and replace the index.htm.You do that with the :
 
Brute force
To do that you need a brute forcer or brute force attacker and some word lists,the brute forcer sends multiple user/pass requests of words that picks up from namelists and tries to hack the account untill it does! So lets say imagine a porn site that asks for a password , you go there you copy their address , you add the address in a program called brute forcer and then from the brute forcer you choose a text file with names to be used as usernames and a text with names to be used as passwords,the brute forcer will try untill it finds a correct user/pass.
 
This should be easier for the newbies than exploiting cgi bugs , many of the newbies havent even heard of it i hope i didnt confuse you with this tutorial there might be more tuts about web hacking and cgi bugs and such.Till then try to find the way to cgi bugs yourself with the cgi scanners in the Web Hacks section or download a brute forcer to crack accounts.

Hacker breaks into gov. sites

U.S. House spokesman Jeff Ventura in the chief administrative office said hackers attacked 49 sites that are managed by a third-party vendor on Wednesday night.  Here is the story.
 
Ventura did not say if authorities had identified any suspects or who the third-party vendor was. But this is not the first time government sites' are attacked.
 
Chinese hackers have been suspected of penetrating White House sites several times, the Financial Times has reported. North Korean hackers have been suspected of hacking U.S. military secrets via a Chinese IP location, the Associated Press has reported. 
 

How Hackers Avoid Getting Caught

One of the first things that someone would learn about hacking tutorials when studying to be a hacker is how to cover their tracks. Of course, some are better than others. A young hacker is less likely to know all the little things that an expert hacker might know. Besides, the young hacker may be trying to impress others - and get a little careless about covering his tracks. This is why younger hackers are often caught.
 
An older hacker, on the other hand, will rarely leave any tracks. They know how to use their victim's computers as a tool for a launching place to get into another computer - leaving a phony IP address.
 
The truth is, and it is a good thing, that computer programmers are getting better software, and hardware (firewalls) that are constantly doing a better job - both in keeping hackers out, and in recording IP addresses better for tracking purposes.
 
There will always be hackers, and there will always be hackers in prison. The legislation is definitely turning against the hacker - with some hacking crimes becoming equal to terrorism, these days. Kevin Mitnick, a well-known hacker, had the Federal prosecutors accuse him of having caused $291 million in damages to corporate computers. A serious crime, and he remains in jail because of it - unable to touch anymore computers.
 
Even by learning some of the wrong type of hacking basics through hacking tutorials, a young person could start down a wrong path. Hacking computers, though often glorified on TV, is still criminal.