Rixort

Newbie FAQ

Before you even begin to read this FAQ, let me make one thing absolutely clear: I do not condone nor participate in illegal activities such as defacing web sites or gaining unauthorised access to systems. This FAQ is here in an attempt to start newbies off in the right direction, it will not teach you how to bypass system security, install trojans etc., except of course for when you are taking appropariate measures to secure your own systems.

What do I need to become a hacker?

Intelligence, persistence and a willingness to learn. If you cannot understand the basic principles of computing you will never become a hacker. Likewise, if you give up at the first obstacle the result will be the same. If you can't even be bothered to try and learn you will never succeed as a hacker.

Are you a hacker?

I'd consider myself to be at most a low-level white hat hacker, but that of course is an extremely subjective opinion.

How do I hack [some site]?

You don't; hacking is not about defacing or breaking into other people's web sites for fun. Neither I nor any other white hat hacker will teach you how to hack sites, unless you own the site in question and wish to test out the security measures that you have in place. Of course, breaking into a server without prior permission is illegal in most countries, so don't be surprised if you find yourself detained at Her Majesty's pleasure for your actions (this basically means that you get sent to prison for an unspecified period of time).

What's all this about white/grey/black hats?

The colours of hats are used to describe how hackers use their computer skills. White hats are the good hackers, the ones who create open source software programs, who standardised the protocols such as HTTP and FTP and made the Internet cross-platform through languages such as HTML. System administrators are also white hat hackers, since they only use such techniques to improve the security of their own systems. White hats are good guys, many of whom command the utmost respect in the hacker subculture. Richard Stallman, Linus Torvalds and Eric Raymond are all what I would consider to be white hat hackers.

On the opposite end of the spectrum, black hats are the malicious hackers. These are the ones who you read about the news when a web site is defaced or a DDoS attack is launched. Black hats are held with utter contempt by other hackers, and are more commonly referred to as crackers, although unfortunately the media generally ignores this distinction. Lame script kiddies such as Mafia Boy fall into this category, although they have even less sophistication and technological knowledge than the advanced black hat hackers (who at least have the partially saving grace of knowing what they are doing).

Grey hats are a mixture of both white and black, good and evil. I'd define them as someone who breaks into other systems when they're not supposed to, but with the best of intentions. For examples, I would classify someone who manages to get root priviledges on a machine and then informs the administrator and tells them how to fix the security hole. Technically what they do is illegal, but in my opinion not immoral.

How can I become like one of the elite people in the film "Hackers"?

The film "Hackers" does not give an accurate representation of the hacker subculture, nor does it have any relationship to real life. I appreciate the way in which it attempts to put hackers in a better light, but it is so technically inaccurate and cheaply made that it has no relevance whatsoever to the world of hacking or indeed computers in general. There are some mildly interesting historial and technological references, but you will only understand these if you already know something about the history of computing.

In fact, the majority of 'hacking' films are very similar to each other and aren't remotely realistic. So don't even bother trying to use any of the techiniques shown in them in real life.

Where can I download trojans such as Back Orfice and Sub Seven?

Trojans such as the ones you mention are easily available from download sites across the world, a quick search on Google should turn up some valid results. Just remember that using trojans isn't hacking, and using them to gain unauthorised access to a system is illegal in most countries. Also, a lot of the places that offer trojans for download enjoy having a laugh at your expense. As such, they will often include an edited version of the trojan so that you get the server version instead of the client version, which, if activated, will enable them to control your computer.

How do I circumvent an IP ban?

Before you do anything, think about why that site is banned (because of your network security policy) or why that site has banned you, whichever is the case. If there's a valid reason for them doing so, then you shouldn't be trying to get around the ban. However, occassionally some webmasters will, quite rightly, ban a range of IP addresses (e.g. 255.255.255.*) because of abuse by a particular user.

Getting round such restrictions is child's play. All you have to do is find a free proxy server on the Internet that you can use. I've used A Mega Proxy in the past, but there are hundreds more to choose from. Make sure you have at least two or three lined up, as these services come and go with the wind. Also, many of these services apply crippling restrictions, such as the inability to forward POST requests (which means that you can't use the vast majority of forms) and limiting the amount of time you can use them for.