Google Answers Logo
View Question
Q: My assignment: learn to hack. ( Answered,   8 Comments )
Subject: My assignment: learn to hack.
Category: Computers
Asked by: hkmustang-ga
List Price: $9.50
Posted: 03 Nov 2002 04:19 PST
Expires: 03 Dec 2002 04:19 PST
Question ID: 97210
I'm a student in Internet security course. I'm required to illustrate
to my tutor a practical way to hacking. Actually I'm successful to
scan ip addresses and ports. However I can't locate a freeware to
demonstrate a practical method to break in (no need to execute but
really practical).
Moreover, can I ask if there is any freeware available on Internet
which is able to capture tcp packet and display its format (IP layer,
TCP Layer & Data Layer formats)
Subject: Re: My assignment: learn to hack.
Answered By: dannidin-ga on 10 Nov 2002 00:48 PST
Hi hkmustang,

I will demonstrate to you one rather nice and practical way of
"hacking" that I've been using for years. The wording of your question
is a bit vague, so I hope this will be sufficient as an answer, if not
please do not hesitate to ask for clarification. As for the part about
hacking software, I believe that was already answered rather well in
the comments.

My method is an elaboration on the trick mentioned by syn-ga for
sending out mail that seems to come from anyone/anywhere you want.
Rather than ask you to "check out the rfc's on smtp", I will show you
a complete telnet session that sends out a fake email:
In what follows, any line that does not begin with a 3-digit number is
a line that you type in. I have added comments to some of the lines
after a ";" character - these must not be typed in.

% telnet <your local mail server> 25   ; on a unix command line, you
run telnet

220 <mail server address> ESMTP Sendmail 8.9.3+Sun/8.9.3; Sun, 10 Nov
02 10:25:12 +0200 (IST)
helo rrr   ; this identifies you as a computer named "rrr"
250 <mail server address> Hello <your real address> [ip address],
pleased to meet you   ; the mail server will usually identify that you
are not "rrr" but
             will know your true address! see comments at the end
mail from:  ; this tells the server that you
                                       about to send an email coming
from this
250 Sender ok
rcpt to: ; write email address of the
recipient here
250 Recipient ok
data  ; this indicates that you are about to input the message body
354 Enter mail, end with "." on a line by itself
here you write the body of the message (including lines such as
250 KAA01894 Message accepted for delivery
221 <mail server address> closing connection

Some useful tips:

1. In principle, on connecting to any mail server you can send a
message to any address in the world. However, some mail servers will
refuse to "relay" messages not destined for a computer on their local
systems. Thus, you may have to find the mail server address of the
system to which you want to send the message.

2. At any point during the telnet session, if you are confused just
type "help" and you will get a list of the commands available to you
(such as "HELO", "MAIL FROM:", "RCPT TO:" etc.). Typing "help
<command-name>" gives you an explanation for that command.

3. With this method you can produce messages that "seem" to come from
a given address. This will fool most people. However, the evidence for
the fraud will be there and can easily be detected by anyone with a
little experience at reading mail headers. Do NOT try to use this for
anything but the simplest and most innocent practical jokes, to
impress your tutor and friends etc...

I hope this helps, and again if this is not satisfactory please let me
know and I will try to help.


Clarification of Answer by dannidin-ga on 10 Nov 2002 00:50 PST
oops, sorry for the lousy text formatting! It looked better in my
editing window, I hope it's still readable...
Subject: Re: My assignment: learn to hack.
From: skbenja-ga on 03 Nov 2002 05:40 PST
Hacking is more than using programs to scan an ip address to find open
ports or using some program to exploit a vulnerability.  It's not
about running CRASH_SERVER.EXE and taking down an IIS server, or using
some other lame program.

Now if what you're saying is really true, and it is a requirement for
your "intenret security course" then -- The best site for the industry
on vulneabilities is SecurityFocus at 
Another good reference is PacketStorm

BUT before you do anything else, read these first:

Read this:
And this just for fun:
Subject: Re: My assignment: learn to hack.
From: skbenja-ga on 03 Nov 2002 05:41 PST
FOLLOWUP: it should be
Subject: Re: My assignment: learn to hack.
From: vivekrathod-ga on 03 Nov 2002 11:10 PST
I think answer to your 2nd question will probably help you figure out
the answer for your 1st one. There are a lot of freeware packet
sniffers around..
has got an exhaustive list.
Now what you need to do to show your instructor is that you can see
other people's data on the LAN by running a sniffer on one the LAN
machines. You can even get their HTTP,FTP,POP passwords ! Here is one
proggie exclusively for sniffing the passwords
Hope this helps ;)
Subject: Re: My assignment: learn to hack.
From: traniton-ga on 03 Nov 2002 16:51 PST
I hav several e-books/documents on hacking that I could send you that
would most definatly cover whatever you need to do.

But now, I have a question. How do I ANSWER someone's question. Does
the person who asks the question choose one of the comments, or is
there some button that I haven't seen that says "ANSWER QUESTION"?
Subject: Re: My assignment: learn to hack.
From: tehuti-ga on 03 Nov 2002 17:02 PST
tranitron-ga, you can only "answer" a question if you have been
accepted as a researcher. The FAQ has information about this:
Subject: Re: My assignment: learn to hack.
From: syn-ga on 04 Nov 2002 15:56 PST
Hi hkmustang,

I'm not a register researcher, but due to my work experience in this
area (I run a company that specializes in Network Securities) I
thought I'd add a comment.

If you have allready completed a scan of the network, you have a
really good idea of what services are running and what ports are open.
 This is probably the most important step.  Every open port is a
potential "door" if you will into the system you intend to hack.  Some
doors are more open then others.  Two good network scanners are
SuperScan and GFI LANguard network scanner.  These tools will give you
plethora of information, including what operating system is running
and what services are running on specified ports ( i.e. ftp, smtp,
pop3, etc.).  More importantly it might give you a clue as to what
version and piece of software is listening on a port ( i.e. Microsoft
IIS 5.0, WS_FTP, etc.).

After gather this information, you can start your attack.  FTP servers
usually have serveral vulnerabilities including buffer overflows,
default guest passwords, and of course all packets are sent in clear
text ( hint, this is where you could setup your network sniffer to
capture all data packets giving you usernames and passwords).  Perhaps
the easiest and most visually pleasing hack is the unicode
vulnerability associated with Microsoft IIS.  If you find that your
system is running the windows based Web Server, you can use the
unicode exploit to traverse all the way back to the root directory and
run code on the computer with root (administrator) priviledges.

My favorite nasty little trick is spoofed emails.  Its actually
relatively simple.  If a computer is running telnet and smtp, you can
simply use C:\>telnet hostname 25 (where hostname is the IP or host
name of the computer you're connecting to, and 25 is smtp port
number).  Once the terminal loads, you can type an email to anyone
from anyone.  Check out the rfc's on smtp.

On the sniffer's, check out snort, I believe its at, its
probably the most widely used sniffer.

Here's some of my favorite ports and services that are common hacks:

Service Name           Port Number              Description
telnet                 23                       clear text (sniff
ftp                    20, 21                   clear text, buffer
smtp                   25                       spoofed emails
pop3                   110                      dictionary attack for
netbios                130? - 139               all sorts of hacks
SQL                    387                      sql injection

There's many more...
Check out,,, etc.
Hint: I did not describe how to perform these hacks, that's a bit out
of the scope of your question, but by searching for some of the things
I mentioned, you'll find more than a few tutorials on the matter.

Good Luck.

P.S.  Use the information you learn for good purposes only... If you
don't know what you are doing (and sometimes even if you do) a good
Administrator will catch you.
Subject: Re: My assignment: learn to hack.
From: epideme-ga on 09 Nov 2002 18:36 PST
Not really what you're looking for, but this is a game based
completely on hacking.  You have to hack in to various computers,
bouncing your signal round the world and use bypassers, crackers, etc.
It's good fun, and might give you some ideas as to how to complete
your assignment.
You can download a trial version at
(Where you can also purchase the full version for 9.99 - including

Subject: Re: My assignment: learn to hack.
From: epideme-ga on 09 Nov 2002 18:37 PST
Sorry - forgot to mention - the game is called "Uplink"

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy