BROWSE HOW TOs

How to Think Like a Hacker

By eHow Computers Editor

Rate: (1 Ratings)

Thinking like a hacker is not just for criminals, but also for companies who want to know how to protect themselves against hackers. If you know how a hacker uses their imagination to enter a company's computer security system, you will have a better chance of safeguarding your own system. Read on to learn more.

Flag Article

Instructions

Difficulty: Challenging

Step1

Identify possible exploits and their domain names, gathering as much information as you can to create a footprint analysis. Consider the size of the target, the number of potential entry points and the security mechanisms that may be in place. A hacker should think about company names and subsidiaries, phone numbers, domain names and their IP networks.

Step2

Pay attention to "back door" entry points. For example, identify startup companies that most likely have weak security, especially those recently acquired by large companies. Hacking into these smaller companies may provide information about the unrestricted virtual private networks the larger target companies.

Step3

Connect to the listening UDP and TCP ports of your possible targets and send random data, attempting to determine what versions of File Transfer Protocol, Web, or mail servers that they may be using. Many TCP and UDP services send data that will identify the running application as a response to random data. You can find exploits by cross-referencing the data you find in vulnerability databases, like SecurityFocus.

Step4

Think about how you will gain access to the target once you have learned the basic information. You will need a password and user account, which is usually acquired through a sneak attack. That is, many hackers will take information from a company website and directly contact an employee by phone, pretending to be the help desk or a web technician. Many unsuspecting employees will give valuable information to a person who sounds authoritative.

Step5

Take the username and password obtained and "Trojan" the system. For example, you can enter with the user's name and password and replace an everyday piece of software like Notepad.exe with a piece of Trojan code. This code can allow a hacker to become an administrator in the system, so that the next time that the hacker logs on, they will automatically be added to the administrators' group and will have instant access to "admin only" information.

Tips & Warnings

Use this information to create a well-protected system. Hackers generally give up on difficult systems and move on to something easier.
Hacking is a creative endeavor. Never let your guard down. You may think you are safe, but your security system is just a creative challenge for a hacker.
Thinking like a hacker is a great way to keep your computer systems and networks safe. However, hacking is illegal and you should only apply this information to testing the vulnerability of your own computer systems and networks.

Who Can Help:

Resources

SecurityFocus.

Comments

audriusa said

Flag This Comment

on 9/12/2007 This article is almost surely about "how to think like a cracker". Many great programmers (Edsger Dijkstra, Donald Knuth, Linus Torvalds, Dennis Ritchie, Ken Thompson, Richard Stallman and others) were all labelled as "great hackers" in the past. A large segment of the technical community insist that this is the correct usage of the word and do not want to follow some recent writings of the journalists that seem just not competent enough. At least, it should be written somewhere that the meaning of the word may be confusing.