09.02
There’s a long weekend coming up, and while many of you may be out of town, the majority of the Tech Bytes crew will be holding things down in Houston at the Coffee Groundz this Friday. Things start a little after seven at 2503 Bagby at McGowan. WiFi and Geeky camraderie are free, but the coffee, beer and eatz will cost you. Parking violations and towing fees can also make a dent in your wallet, so be sure to not park along McGowan directly in front of the coffee shop if you do come out Friday night.
You can find more information about the Coffee Groundz, as well as a couple of pictures from our past Geek Gatherings on their main page at www.coffeegroundz.net. And of course, you can get always all the details at www.geekradio.com, along with some pictures of phliKtid the Coffee Groundz has yet to grok.
Now, even though the Geek Gathering is on for the weekend, pretty much everything else of a techy nature is off.
VB Programming at HAL-PC? Cancelled.
The Basic 101 Seminars at HAL-PC? Cancelled.
Samba and Network Administration? Cancelled.
And Monday’s Chief Architect Special Interest Group Meeting? Cancelled.
So what to do with all the extra time and no user group meeting to go to?
Well, you could always use the long weekend to improve your hacking skills. Gone are the days when a hacker was forged from equal parts curiosity, technical prowess and thousands of hours at the keyboard. With the advent of YouTube, you, too, could become an uber hacker in only a matter of minutes; just four minutes and twenty six seconds, if all you want to do is view other people’s IP addresses. That’s right, in just under five minutes, NextGenHacker101 will walk you through using the l33t hacker tool Tracer-T to see who’s connecting to a particular website, their IP addresses and their connection speeds.
If you haven’t seen this video yet, you’re really missing out on some excellent mis-information. The joke is that Tracer-T doesn’t really do any of the things that NextGenHacker101 believes – it simply shows each piece of network routing equipment that sits between you and a particular host on the Internet. If you want to check out the tools that *really* get the job done, carve out some time this weekend to get familiar with the following current gen hacker toolkits:
Pin-G: Pin-G is installed by default on most modern operating systems as well as a few ancient ones. To use it, simply type in Pin-G, spelled p i n g, onto the command line followed by the IP address of the computer you’d like to hack. You’ll immediately see if that computer is reachable from your own, as well as a report on how much lag may exist between you and the target. You can even use Pin-G to build other more nefarious attacks like Smur-F or Floo-D.
OK, now that you’ve determined that your target exists, you’ll want to see what kinds of Internet Aware programs it may be running. To do that, we’ll need to reach for the next tool in our arsenal, Inma-P.
Inma-P is a free network security scanner that can do things like list the open ports of a particular computer on the Net or even detect the operating system of a remote host. All in all, it’s a very robust and powerful tool. Inma-P comes installed by default on many Unix based operating systems, and is available for download for Windows, Mac and other Operating Systems at n m a p . org. To use Inma-P, type n m a p onto the command line followed by the IP address we used in our previous example. Using it like this, in its most simple form, will yeild a list of open ports on the target computer.
So, Now that you know what kind of services are running on your target, you may want to capture some of that traffic to see what’s really going on.
We’re getting away from the command line now and going graphical. After all, the Internet is a series of tubes and you’re going to need to crawl up a couple of them if you’re truly going to make the metamorphosis into a l33t haxor. And as all hackers know, the command line is not for crawlers: we’re going GUI on this one.
The last tool of the evening is called Wireshar-K. It’s a packet capture tool that will allow you to save and inspect the individual packets traveling over your local network segment. If nothing else, use of this tool will scare you into using end-to-end encryption whenever possible. That means using https instead of http in your URLs and using products such as PGP or GPG to encrypt email and attachments.
Of course, all of these next gen hacker tools have real world counterparts. Ping, nmap and Wireshark all all great network diagnostic tools with legitimate uses: they can give an experienced network admin quite a bit of detail about what’s actually happening on their network at the packet level. If you do spend some time with them this weekend, be sure not to direct your next gen attacks at anyone other than yourself, as many servers run Network Intrusion Detection Systems and don’t appreciate being scanned.
That’s it for this NextGenHacker Fourty One One and that’s that for BarretTime.
