digg

Facebook Connect Join Digg About

Theoretical Research; An article on gaining root to a remote system

hackthissite.org — Too often have I seen articles that claim to teach how to hack into a server, but all they do is just show you how to scan open ports, and many many people have no idea what to do with an open port. So I am going to show you pretty much all the basics, to get you well on your way to your first ever successful hack of a server, giving you root privs

Who dugg this? Made popular Aug 5, 2007

submitted by

inactive Aug 4, 2007

815 diggs
digg

60 Comments

Junkyarddawg, on 10/10/2007, -3/+41This article is an IQ test: with a bit of luck it'll lead to a bunch of idiots going to jail.
RyeBrye, on 10/10/2007, -1/+20"... just look through each one, and check if the exploits for the programs there match any of the programs you have in your .txt file, and finally check the versions. If you see an exploit there, then click on it, if it's a Perl exploit (will start with #!/usr/bin/perl) this is even better because it means that you don't have to mess about compiling the exploit."

I think the title of this article should be: How to train a monkey to hack a server run by a monkey.

Seriously... Port scanning? Please. Running exploits without any knowledge of what they do? - This article is the biggest piece of crap I've seen on the front page in a long time.

Marked as LAME. (Now if only I could find some shell script that would let me root digg.com so I could delete this lame-ass article... Oh wait... maybe I should run a port scan first!?)
kethraal, on 10/10/2007, -3/+16To any l337 kiddies out there who might think to try this advice against the next *nix system you stumble across:

Don't.

No matter how smart you think you are, or how closely you follow some "filez", there is ALWAYS someone smarter. If you have to read a guide on "how to hack" (or some such), the admin of your target is likely that someone.

You will get caught. You will get reported. You will get busted. You may or may not go to jail, but I assure you, it will not be a pleasant experience.
inactive, on 10/10/2007, -3/+15Junkyarddawg is right, I hope that many kiddies follow the instructions and get into serious troubles for that.
The article is actually accurate, but it completely lacks the security and privacy aspect, which cannot be described that easily.
crapmatic, on 10/10/2007, -0/+11Man, what a bunch of pussies cowering about how illegal it is. What did I do? Sniffed my own computer 100 miles away, as I've never actually tried putting on a black hat against my own computer. I consider that a worthwhile 15 minutes spent.
inactive, on 10/10/2007, -2/+12Isn't this the electronic version of natural selection? Kind of like when someone is stupid enough to actually try playing with thermite at home?
tehmoth, on 10/10/2007, -1/+10err, whois doesn't do dns lookups it does lookups in the NIC databases. Also the best way to find out what the open ports are running is to use -sV from nmap, not telnet (definitely not telnet, you should at least be using netcat). What an awesome article, must be for ubuntu users.
worldofsmut, on 10/10/2007, -0/+7"using these methods illegally and improperly will probably land you a one way ticket to jail, you will not pass go, will not collect £200 and will get raped by a big white man called Bubba"

Wait. Bubba's white?
el_taco, on 10/10/2007, -1/+8The article talks about being elite and showing newbs how it's really done... but all the article is about showing newb script kiddies where to get the scripts.
vulcanius, on 10/10/2007, -1/+7There's a lot of ass-kissing in those comments.
espire, on 10/10/2007, -0/+6I see what you did there.
qpn6ph9q, on 10/10/2007, -2/+8How did this piece of scriptkiddy prose get so many diggs?
inactive, on 10/10/2007, -0/+5http://www.linuxhaxor.net/2007/07/10/a-comprehensive-guide-to-nmap-with-screenshots/#more-256
Eight pages long, with real life examples...
tedades, on 10/10/2007, -1/+5He does not mention that a nmap -O will certainly be noted by the admin, who's then watching your moves. And because you're on your home computer, your going to be in trouble sooner or later.
select, on 10/10/2007, -0/+4Theoretical Research?!? What the f*** ? If this is the kind of stories coming on the digg front page, I am going elsewhere.
Error601, on 10/10/2007, -0/+4Should be titled "introduction to being a script kiddie".
shade73, on 10/10/2007, -0/+4WTF?! Ok, seriously, no talk about clearing all the log files after running said exploit? how many script kiddies are you trying to get thrown in jail this week! Not to mention who uses live.com for email?! Beware, if you try the things from this site you *will* get caught, and it *will not* be pretty.
bIuebonics, on 10/10/2007, -0/+3i agree with your incredulous exclamation of the absurdity of running exploits without knowledge of what they do... but scanning ports is pretty useful. any attempted hacking aside, i've run across plenty of open ftp/telnet, web based security cameras, isps that give out routers/cable modems with remote admin enabled by default; you'd be amazed at the massive amount of people with open ports...
AkiraXXX, on 10/10/2007, -1/+4Yeah... if you, like, had to be TAUGHT to read by, like, a teacher in order to read this article, then don't do it. In fact, if you've ever had to be taught anything at all, you sux and should just die because you are lame and I'll pwn you! Be like me and just, like, *know* everything.
bIuebonics, on 10/10/2007, -0/+3"No matter how smart you think you are there is ALWAYS someone smarter." always? that's a bit stretching it, don't you think? also, people have to read to learn how to hack (99.99%)... just not guides on how to hack, usually technical manuals or college texts... just remember, as smart as many system admins think they are in their egotistical delusions of grandeur, there is always someone smarter than them.
bIuebonics, on 10/10/2007, -0/+2you mean: people stupid enough to improperly handle thermite. playing with thermite at home is fun until someone melts off a hand.
smacksaw, on 10/10/2007, -5/+7Further proof: people will Digg anything that Zaibatsu submits.

So at the end...if he says he "warned" us, but it's the final paragraph, I don't think that's a warning. Warnings usually happen BEFORE you do something. Reminders happen AFTerward. Forewarning? Yes. Aftwarning? That's a new word to me.
kaph, on 10/10/2007, -1/+3Skiddies teaching skiddies. What's new? This is more of a how to.... no theory just another point and click tutorial. I wonder if paranoiahax lives up to his nick? If he is really paranoid it's probably because he is doing this from home with a direct connection to his target and leaving tells in logfiles all over the internet. Maybe he should have written a tutorial on how to achieve this process without leaving access trails on every machine that is scanned. Hacking should never be rushed even if it has to be, and you should know the tools you are using inside out. Point and click hacking is a prime cause for the state of the internet today.
Rijnzael, on 10/10/2007, -2/+4HackThisSite is a great community. Anyone interested in the basics of securing their site, or delving a little deeper into the computer security world would do well learning there. It's a shame that this is the article representing them on the frontpage.
Kugo, on 10/10/2007, -1/+3You're right. But it isn't digg's fault. It's the fault of all the you-know-what-they-are who think these articles are really something.
Bread, on 10/10/2007, -0/+1"Now to determine the IP address of a website, just run a WHOIS on it, http://whois.domaintools.com is the best one I know of and has many features, also check out http://www.dnsstuff.com/ which is also very useful and has many features."

What's wrong with dig, or nslookup...
rdivilbiss, on 10/10/2007, -0/+1Stolen from Oli Warner: http://www.digg.com/programming/New_Human-Test:_KittenAuth
skinfitz, on 10/10/2007, -1/+2You must be new here.
LordofShadows, on 10/10/2007, -0/+1I like how he says most sites just tell you how to scan for ports etc. Then procedes to tell you to scan for ports and try script kiddie tools. And then instantly assumes that you automagically have root access no matter what after having a successful entry.
Kugo, on 10/10/2007, -1/+2There are at least two instances of these imbeciles spamming at digg today. Now if they really knew something... But we can all relax for they don't. Look: they ASSUME you're running Windoze. How lame is that? "Theoretical research"? Someone should report these idiots.
Kugo, on 10/10/2007, -1/+2LOL See this? LMAO
"I am not too good at writing articles." Or this.
"Google really is a hacker's best friend, and it has all the answers to life's problems ;-) If all else fails, then please feel free to mail me at paranoiahax@live.com."

I suggest everyone write and ask how to hack the NSA.
Kugo, on 10/10/2007, -1/+2He doesn't mention it because he probably doesn't know. Home security hobbyists - they should hang out at grc.com and leave us here at digg alone.
inactive, on 10/10/2007, -8/+9this article speaks of milworm, metasploit and skiddish activities. Rooting, even basic is far more content than this article could pose. hackthissite should be ashamed to release such an article. I bet xec96 would agree.
slapthemonkey, on 10/10/2007, -0/+1there was lack of "proper" explaintion.....
fflush, on 10/10/2007, -0/+1uhm, what's wrong with ping?
sheptard, on 10/10/2007, -0/+1whomever wrote this article needs to die, and anyone who actually found it useful should have their Internet license revoked.
bIuebonics, on 10/10/2007, -0/+1"Point and click hacking is a prime cause for the state of the internet today." what an entirely meaningless phrase...
Archimboldo, on 10/10/2007, -0/+1Why did you have to warn all the pimply faced script kiddies? It would be great to see them do a little jail time not grinning through their braces.
simpleid, on 10/10/2007, -0/+1in a very brief comment, what you should really do this;

understand the standards involved in digital communication. Learn how information is formatted and sent over networks. Set up your own private network which mimics systems you plan on breaking in to. Learn how to use a programming language like C and some socket libraries to write your own software. This process will incorporate you needing to understand the underpinnings and theory behind viruses, software execution, when you develop working applications you use various social engineering techniques to get your software on other machines. Then you have a remote connection in to another persons PC. Certain pieces of software or processes running on a windows machine run commands with elevated privileges, you can exploit these with a virus, remotely sending it commands to execute locally on the target machine.

A virus I once dabbled with ran in the same thread as certain network services, which may have access to do things you might be interested in. things like this can be done by injecting corrupt data, buffer overflows, and more... (corrupt data from the perspective of the software your attacking obviously, it's really 'intended data' for you.)

it's very stupid to do anything to harm anyone though, it's not worth the trouble. it is however VERY enlightening to understand digital principles and communication technologies, what is even more fun is putting this information out there and watching retards remove themselves from the digital gene pool.

:-) aka script kiddies. you're set up from the get go. if i'm really curious about anything i can always trust you to be there for me. think about it, you kids always want to be "cool" so i can exploit that aspect of you to do anything i know is really too stupid to do.
Tanath, on 10/10/2007, -0/+1Uh, if people need the article, they're going to read the whole thing, and if the warning were at the beginning they'd probably forget it by the time they finished.
MasterSheep, on 10/10/2007, -0/+1"d00d! this is liek ubersweet!!1! now i kan B a 1337h@x0r lyke all teh other geniuses!1!11one!"

FAIL.
LordofShadows, on 10/10/2007, -0/+1An open port isnt a security threat...
LordofShadows, on 10/10/2007, -0/+1Why would you use ssh? He is testing ports...
kaph, on 10/10/2007, -0/+1Maybe to you.... but these days all it takes to send off a mailbomb or ddos/dos attacks or run an exploit these days is a couple of clicks on a gui and you are up and running. For example take a look at the state of every popular forum, spam threads everywhere. Check your emails without spamfilters. Javascript, ajax, php, mysql etc can all be exploited with simple point and click apps (running scripts falls into this category too, I might add. If you are pedantic I guess you could call it cut, paste, edit and execute..) My point is that because because exploits and attacks are easier to do, there are more people doing it. I'd like to bet that some, if not most of the people using these apps don't know what they actually do or how they do it. Remember mafiaboy?? He is an extreme case but it is a well known fact that all he did was download a few scripts and applications, change a couple of variables and press the OK button. You can buy botnets online, you can buy command and control apps for bot deployment and most of these run from a web interface and if that isn't point and click...well...I don't know what is.
If you are happy with the state of the internet, why would you need to run a firewall, ids, ips, av software and network monitoring applications to protect your data or your systems integrity? You are not protecting yourself from the real hacker/crackers you are protecting yourself from people using the same exploits/vulnerabilities. The storm worm is a good example, download it package it up and send it off..... not exactly...erm computer science. That being said, I am aware of the fact that botnets are a target for organized crime syndicates, where more than likely they will not employ a script kiddy as a bot herder as they would want someone with a bit of credibility I guess.... who knows maybe they would....
Wow, sorry for the length of that rant, but that it what I meant by, "Point and click hacking is a prime cause for the state of the internet today."
worldofsmut, on 10/10/2007, -0/+0Yeah! Because Digg is the number one 31337 hax0r site....
Kugo, on 10/10/2007, -1/+1LOL
Kr3w570, on 10/10/2007, -0/+0Lol! HackThisSite -> ThisSiteSucks

I have to agree with psychomarine on this one. PoC article. If you guys want to be limited when rooting, go ahead do this, but when servers upgrade their hardware, don't rely on us to keep you updated on the newest exploits. Milw0rm should die, no joke. Whitehat central over there. If you really want to learn how to hack, you're better off learning how to program (that's where to start) and finding exploits (bugs) in the other programs. Once you get to know your way around, you'll be good to go. HackThisSite only simulates a hack in a controlled demo. Don't waste your time, I didn't, and neither should you.
Show 51 - 56 of 56 discussions
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

Site Links: Home; Take a Tour; Search Digg; Digg Mobile; RSS Feeds; Popular Archive

Help: Frequent Questions; How Digg Works; Report a Website Bug

All About Digg: About Us; Contact Us; Community Guidelines; The Digg Blog; Digg Townhalls & Meetups; Jobs at Digg; Advertise on Digg; Diggnation Podcast

Digg Store: Get hats, shirts, hoodies, stickers, and more at the Digg Store.

Digg Tools & API: All Digg Tools; DiggBar Tools; Firefox Toolbar; Twitter Feeds; Add Digg to Google; Netvibes Widget; Integrate Digg Buttons; Digg Badges; Make a Digg Widget; API for Developers

Digg Dialogg!: Digg Dialogg lets you choose the questions.

Digg Labs: Get a real-time view beneath the surface of Digg.; Digg Labs Home; Arc, Swarm, Stack, Bigspy, Pics

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.