In Slavehack, we found different ways to hack remote computers, earn money, cover our tracks, prevent getting hacked or obtain information socially. These techniques actually exist in real life, and can be executed by running certain software or methods.
- Cracking passwords via Bruteforce: this can be done by using software like l0phtCrack, Dsniff or Hydra, which try multiple passwords to log into a
- DDOS attacks: A distributed denial-of-service attack. Is a way to make the attacked user’s PC’s resources unavailable. Tools to do this, tools such as DosHTTP 2.0 are available.
- Social Engineering: this method is actually developed without cracking techniques or software. It consists on tricking and manipulating people with social skills to gather confidential information, like IPs in the game. Methods like phishing, pretexting or baiting can be used
- Erasing of logs and records: This is used not to hack but to prevent being hacked. Methods to do this include, using Auditpool to disable logging, clearing log files with Winzapper, or Rootkits to hide hacker presence.
- Shoulder Surfing: this is a simple way to obtain information which consists only on standing behind the user and observe what they do.
-Firewall Bypasser/Proxy Server: This method is used to get through firewalls which prevent your IP from accessing certain pages or servers. Online tools such HideMyAss exist.
All tools are methods are possible to use, however some are harder than others.
Cracking passwords is probably the most unlikely of all: this is because most services such as web pages have limited amounts on password inputs. This gives the hacker a much smaller chance of actually getting the password and cracking the account. If this is not taken into account, hackers still need a very powerful computer to input the possible passwords very fast. The actual chance of getting the password is also incredibly small.
DDOS attacks are easier to execute than cracking passwords, but still difficult to run. Hacking knowledge is essential, although tutorials are widely available which include the tools. The attacks themselves are very feasible, as they do not require a powerful computer or luck. Social engineering is a not easy but yet simple method to obtain information. Important social skills are needed to manipulate people, especially when the importance of the classified information increases, like bank accounts or company secrets. The advantage is that no tools or software are needed. The cover of tracks is a very easy once the correct software is found, as the process is systematic. Shoulder surfing is highly improbable. Although the only specification required is to be standing or being behind the target, getting by unnoticed is really hard. Using a proxy server to bypass restriction such as MegaUpload is very easy, having to use only online pages. However, obtaining good proxy server software and different addresses to use is more difficult.
The risks and threats of hacking are various. When you are the hacker, there is a high chance of getting caught if the tracks aren’t covered, leading to legal issues and jail time. Being hacked consists on a bigger problem, as prevention is the only way to avoid it and you don’t know when to expect an attack. Important information like bank accounts, client databases, and confidential information can be exposed. An example of this is WikiLeaks, where the US government had to spend a lot of resources fixing systems and relations with other countries.
