I'm a student in Internet security course. I'm required to illustrate
to my tutor a practical way to hacking. Actually I'm successful to
scan ip addresses and ports. However I can't locate a freeware to
demonstrate a practical method to break in (no need to execute but
really practical).
Moreover, can I ask if there is any freeware available on Internet
which is able to capture tcp packet and display its format (IP layer,
TCP Layer & Data Layer formats)

Hi hkmustang,

I will demonstrate to you one rather nice and practical way of
"hacking" that I've been using for years. The wording of your question
is a bit vague, so I hope this will be sufficient as an answer, if not
please do not hesitate to ask for clarification. As for the part about
hacking software, I believe that was already answered rather well in
the comments.

My method is an elaboration on the trick mentioned by syn-ga for
sending out mail that seems to come from anyone/anywhere you want.
Rather than ask you to "check out the rfc's on smtp", I will show you
a complete telnet session that sends out a fake email:
In what follows, any line that does not begin with a 3-digit number is
a line that you type in. I have added comments to some of the lines
after a ";" character - these must not be typed in.

% telnet <your local mail server> 25   ; on a unix command line, you
run telnet

220 <mail server address> ESMTP Sendmail 8.9.3+Sun/8.9.3; Sun, 10 Nov
20
02 10:25:12 +0200 (IST)
helo rrr   ; this identifies you as a computer named "rrr"
250 <mail server address> Hello <your real address> [ip address],
pleased to meet you   ; the mail server will usually identify that you
are not "rrr" but
             will know your true address! see comments at the end
mail from: president@whitehouse.gov  ; this tells the server that you
are
                                       about to send an email coming
from this
                                       address
250 preseident@whitehouse.gov... Sender ok
rcpt to: recipient@destination.com ; write email address of the
recipient here
250 recipient@destination.com... Recipient ok
data  ; this indicates that you are about to input the message body
354 Enter mail, end with "." on a line by itself
here you write the body of the message (including lines such as
Subject:)
.
250 KAA01894 Message accepted for delivery
quit
221 <mail server address> closing connection

Some useful tips:

1. In principle, on connecting to any mail server you can send a
message to any address in the world. However, some mail servers will
refuse to "relay" messages not destined for a computer on their local
systems. Thus, you may have to find the mail server address of the
system to which you want to send the message.

2. At any point during the telnet session, if you are confused just
type "help" and you will get a list of the commands available to you
(such as "HELO", "MAIL FROM:", "RCPT TO:" etc.). Typing "help
<command-name>" gives you an explanation for that command.

3. With this method you can produce messages that "seem" to come from
a given address. This will fool most people. However, the evidence for
the fraud will be there and can easily be detected by anyone with a
little experience at reading mail headers. Do NOT try to use this for
anything but the simplest and most innocent practical jokes, to
impress your tutor and friends etc...

I hope this helps, and again if this is not satisfactory please let me
know and I will try to help.

Regards,
dannidin

---

Clarification of Answer by dannidin-ga on 10 Nov 2002 00:50 PST

oops, sorry for the lousy text formatting! It looked better in my
editing window, I hope it's still readable...

Hacking is more than using programs to scan an ip address to find open
ports or using some program to exploit a vulnerability.  It's not
about running CRASH_SERVER.EXE and taking down an IIS server, or using
some other lame program.

Now if what you're saying is really true, and it is a requirement for
your "intenret security course" then -- The best site for the industry
on vulneabilities is SecurityFocus at http://www.securityfocus.com/. 
Another good reference is PacketStorm
http://www.packstormsecurity.com/.

BUT before you do anything else, read these first:

Read this: http://www.tuxedo.org/~esr/faqs/hacker-howto.html
And this just for fun: http://w3.ime.net/~josep/Manifesto.htm

FOLLOWUP: it should be http://www.packetstormsecurity.com/

I think answer to your 2nd question will probably help you figure out
the answer for your 1st one. There are a lot of freeware packet
sniffers around..
http://lists.gpick.com/pages/Packet_Sniffers~Info.htm
has got an exhaustive list.
Now what you need to do to show your instructor is that you can see
other people's data on the LAN by running a sniffer on one the LAN
machines. You can even get their HTTP,FTP,POP passwords ! Here is one
proggie exclusively for sniffing the passwords
http://freedownloadscenter.com/Network_and_Internet/Misc__Networking_Tools/Ace_Password_Sniffer.html
Hope this helps ;)

I hav several e-books/documents on hacking that I could send you that
would most definatly cover whatever you need to do.

But now, I have a question. How do I ANSWER someone's question. Does
the person who asks the question choose one of the comments, or is
there some button that I haven't seen that says "ANSWER QUESTION"?

tranitron-ga, you can only "answer" a question if you have been
accepted as a researcher. The FAQ has information about this:
https://answers.google.com/answers/faq.html#researchervsuser

Hi hkmustang,

I'm not a register researcher, but due to my work experience in this
area (I run a company that specializes in Network Securities) I
thought I'd add a comment.

If you have allready completed a scan of the network, you have a
really good idea of what services are running and what ports are open.
 This is probably the most important step.  Every open port is a
potential "door" if you will into the system you intend to hack.  Some
doors are more open then others.  Two good network scanners are
SuperScan and GFI LANguard network scanner.  These tools will give you
plethora of information, including what operating system is running
and what services are running on specified ports ( i.e. ftp, smtp,
pop3, etc.).  More importantly it might give you a clue as to what
version and piece of software is listening on a port ( i.e. Microsoft
IIS 5.0, WS_FTP, etc.).

After gather this information, you can start your attack.  FTP servers
usually have serveral vulnerabilities including buffer overflows,
default guest passwords, and of course all packets are sent in clear
text ( hint, this is where you could setup your network sniffer to
capture all data packets giving you usernames and passwords).  Perhaps
the easiest and most visually pleasing hack is the unicode
vulnerability associated with Microsoft IIS.  If you find that your
system is running the windows based Web Server, you can use the
unicode exploit to traverse all the way back to the root directory and
run code on the computer with root (administrator) priviledges.

My favorite nasty little trick is spoofed emails.  Its actually
relatively simple.  If a computer is running telnet and smtp, you can
simply use C:\>telnet hostname 25 (where hostname is the IP or host
name of the computer you're connecting to, and 25 is smtp port
number).  Once the terminal loads, you can type an email to anyone
from anyone.  Check out the rfc's on smtp.

On the sniffer's, check out snort, I believe its at www.snort.org, its
probably the most widely used sniffer.

Here's some of my favorite ports and services that are common hacks:

Service Name           Port Number              Description
telnet                 23                       clear text (sniff
passwords)
ftp                    20, 21                   clear text, buffer
overflows
smtp                   25                       spoofed emails
pop3                   110                      dictionary attack for
passwords
netbios                130? - 139               all sorts of hacks
here
SQL                    387                      sql injection

There's many more...
Check out NewOrder.box, SamSpade.org, astalavista.com, etc.
Hint: I did not describe how to perform these hacks, that's a bit out
of the scope of your question, but by searching for some of the things
I mentioned, you'll find more than a few tutorials on the matter.

Good Luck.

P.S.  Use the information you learn for good purposes only... If you
don't know what you are doing (and sometimes even if you do) a good
Administrator will catch you.

Hi
Not really what you're looking for, but this is a game based
completely on hacking.  You have to hack in to various computers,
bouncing your signal round the world and use bypassers, crackers, etc.
It's good fun, and might give you some ideas as to how to complete
your assignment.
You can download a trial version at http://www.introversion.co.uk/
(Where you can also purchase the full version for £9.99 - including
delivery)

Epideme

Sorry - forgot to mention - the game is called "Uplink"