Hackers, Crackers and Script Kiddies. I also have anti-virus software and a firewall, try to download all those. Today’s hacking tools mean anyone. Script kiddies typically hack to impress their friends, who are similarly challenged technically. Crackers, black hat hackers, script kiddies or what have you, they’re worth some paranoia. While Average Digital Joes aren’t likely to be targeted deliberately, today’s hacking tools mean anyone’s system is game, if they don’t take.
Hacking Tools For Script Kiddies
Welcome back, my greenhorn hackers!
I began this series on scripting awhile back to teach all aspiring hackers how to write some basic scripts for hacking and reconnaissance. Without developing some basic scripting skills, the aspiring hacker will be condemned to the realm of the script kiddie. This means that you will be limited to using tools developed by someone else, which decreases your probability of success and increases your probability of detection by antivirus (AV) software, intrusion detection systems (IDS), and law enforcement. With some scripting skills, you can elevate to the upper echelon of professional hackers!
In my previous scripting tutorials, I've covered BASH, Perl and PowerShell scripting, and along the way, we built our own network port scanner using Perl. Here we will begin looking at the most widely used scripting language for hackers, Python.
Python has some important features that make it particularly useful for hacking, but probably most importantly, it has some pre-built libraries that provide some powerful functionality. Python ships with over 1,000 modules and many more are available in various other repositories. This isn't to say that scripting languages like BASH, Perl, and Ruby can't do the same things as Python, but building those capabilities are much easier using Python.
Adding Python Modules
The Python standard library and modules provide an extensive range of capabilities including built-in data types, exception handling, numeric and math modules, file handling, cryptographic services, Internet data handling, and interaction with Internet protocols (IPs).
Despite all of the power offered by these standard libraries and modules, we may need or want additional third-party modules. The third-party modules available for Python are extensive and is probably the reason most hackers prefer Python for scripting. You can find a comprehensive list of third-party modules at PyPI: The Python Package Index.
If we need to install a third-party module, we can simply use wget to download it from the repository, uncompress the module, then run the python setup.py install command. As an example, let's download and install the Nmap python module from a small repository at xael.org.
First, let's download the module from xael.org:
kali > wget http://xael.org/norman/python/python-nmap/python-nmap-0.3.4.tar.gz
I’ve used some sort of computer since the 1970s, when Dad bought us kids a Commodore 64 (which I recently discovered sitting in the toy cupboard when I was home for the holidays). Over the years, I’ve experienced a wide range of feelings about these lumpy collections of circuits and plastic and intangibles. Plenty of frustration, of course, and anger and disgust, but far, far more appreciation, satisfaction, fascination and even joy. But the one constant, the thing that never leaves me, is fear.
My fear stems from the usual sources: ignorance and pain. I didn’t know much about the Commodore 64, which epitomized the high-maintenance PC, and so feared my own stupidity. Using the college minicomputer, I feared crashes and people throwing out my printouts, along with the occasional rogue student sys admin. Ea games. Fear even drove my first personal computer purchase: I bought a PC because I feared the brand-new, cool Macs sweeping through my college dorm. I feared it because it had such comparatively great graphics, and I knew if I bought one I’d spend all my time playing games and would fail my classes.
So I bought an IBM PC clone, a state-of-the-art ITT XTRA, the hot clone of 1984. With that machine, I learned the hard way to fear system crashes, power outages, bad floppy disks and, above all, forgetting to save. I still remember the stark terror I experienced after watching a term paper simply disappear from my screen, gone, never printed out.
Advances in software have rendered most of these old fears moot – even power outages don’t faze me now, since I use a notebook and the battery acts as a power back-up. But there’s a new fear – and it can hit the level of paranoid delusion. I’m deathly afraid of being hacked.
While I do have broadband access and a Web site, there’s little on my home machine that would interest a malicious hacker, let alone a lowly script kiddie, those hacker wannabes who take other people’s code and data files, and post them online for everyone to see. It’s good to be boring.
I also have anti-virus software and a firewall, try to download all those Microsoft patches once a month, and shun Outlook. Ccleaner network professional 2.0 keygen. Even so, any time my PC starts behaving weirdly – for instance, letters don’t appear on screen the moment I type them, or my cursor starts zipping around the screen, I instantly think “I’ve been hacked!” This might have some basis in reality if I worked at a financial corporation or the State Department, or maybe if I made a habit of posting obnoxious comments in hacking-related IRC chat rooms. But I’m not really a target. My fears, as I said, sometimes approach the paranoid delusional state.
Hacker History: Hackers weren’t always bad. Back when I bought my first PC, they were a benevolent force in software development. They went in and hacked around systems – hardware as well as software — mostly out of curiosity. Think of early hackers as the digital equivalent of kids who take apart car engines to see how they work. Only when they put the system back together, those hackers often discovered, and implemented, improvements. Today’s PC business mostly grew out of people hacking together personal computers.
Many tech geeks still see themselves as hackers in the original, positive sense of the word. You can find a lot of them driving the open source movement today. Linux started out as a hack, really, with Linus Torvalds as hacker-in-chief, and it continues to build on the backs of hackers.
Emergence of the Evil Hacker: The earliest crackers – malicious hackers – were primarily “phone phreaks,” people who spent their time and energy figuring out ways to make free long-distance calls. That eventually gravitated into hacking AT&T’s computer systems directly. One famous 1980s hack involved switching the company’s rate clocks, so people who called during the day got the bargain-basement late night calling rates, and vice versa.
The phone system was a natural place for cracking to start. It was really the first widely used network – in the 1970s and 1980s there just weren’t a lot of computer systems connected to each other, and computer hacking was basically a local affair. For more, our sidebar features some of the more famous hacks and cracks of the last 30 years.
So if some hackers are good, then why are they all considered so notorious? Blame Hollywood, really. It took some of the early crackers and called them hackers in films like “Sneakers” (based on the AT&T billing swap) and “War Games.” Thus was born the image of the hacker as evil. Traditional, benevolent hackers have tried to reclaim their good name – by differentiating the cracker, or black-hat hacker from what they do. But it hasn’t really caught on.
Script Kiddies: This is the worst insult you can give a cracker. A script kiddie is so brain dead, they don’t know enough about technology to find and exploit security holes or flaws, but instead take advantage of the works of others. Typically they use and modify code scripts written by someone who does understand the technology issues. Script kiddies typically hack to impress their friends, who are similarly challenged technically.
Crackers, black hat hackers, script kiddies or what have you, they’re worth some paranoia. While Average Digital Joes aren’t likely to be targeted deliberately, today’s hacking tools mean anyone’s system is game, if they don’t take precautions, like using anti-virus software and firewalls. Our sidebar helps you protect your PC and keep it safe.
Some hacks are more annoying than devastating. For instance, Web site defacements are the Internet equivalent of graffiti. More damaging, potentially, are when hackers take over your PC — “own,” in hacker jargon – and turn it into a zombie.
Zombie Attacks: Then your system can be used as part of a denial-of-service (DoS) attack, where hackers use your bandwidth to automatically send messages to a specific IP address. It was DoS attacks that made it impossible to get to Yahoo!, Amazon.com and other major Internet sites recently.
A DoS attack replicates what happens when more people come to a site than its servers can handle. Remember the Victoria’s Secret online fashion show that was advertised on the Super Bowl in 2000?. So many people attempted to connect that in fact very few could.
Crackers can also put a keylogger on your PC, hoping to pick up things like credit card numbers when you type it into sites. This summer, a hacker used about a thousand zombie PCs to distribute porn, though usually they use them as virtual hard drives, putting stolen software and the like on it.
So how do you know if you’ve been zombied? Some signs include your modem or hard drive working overtime when you aren’t, or that sluggish system performance I get so worried about. For more details, see Don’t Let Your PC Become a Porn Zombie at PCMag.com.
Spoof Hack: A clever recent type of hack involves a hacker building a Web site that mimics a well-known business, such as Target or Best Buy, to name two recent examples. They then send e-mail purporting to be from customer service, telling you there’s a problem with your account and asking you to go to their Web site and fill in a variety of information. It seems legit, but what they really want is your credit card information. Do not, under any circumstances, ever give your credit card or other account-oriented personal information online, except when you are actually buying something online.
Never open attachments, either, unless you know for sure what they are. The most damaging hacks of today come from writers of “mal-ware” — computer viruses, worms and Trojan Horses. Those present an ongoing and ever-shifting challenge for all computer users. At the moment, file attachments in e-mail represent the most dangerous way to spread these cyber afflictions, though music and video files downloaded from file-sharing networks can also contain mal-ware. Instant messaging is also being used more often to spread mal-ware.
As in the real world, it’s very difficult to stop a break-in by someone who’s determined to do it. But it’s also true that so many online users fail to take even basic security measures, like using firewalls, changing passwords or turning on basic security features in software programs like Outlook, that those of us with a little bit of paranoia stand a good chance of being ignored.
Three cheers, then, for fear.
Hacking And Spy Tools For Script Kiddies Downloads
Michael Fitzgerald is an award-winning technology writer and editor. His writing on technology appears in The Economist, Inc., MIT Technology Review, Business 2.0 and a number of other publications. He’s spoken at numerous industry events and frequently appeared on CNN and other major television networks. Mike’s favorite early encounter with technology was playing Pong with his brother on the family TV.