What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front


Beginners' Series Number 7

The Exploit Files

by keydet89@yahoo.com and Carolyn Meinel

How many times have you read hacker newsgroups or email lists and seen posts that begged "teach me to hack," or asked "how do I hack this"? It often
looks as though the person asking the question just doesn't understand the
basics of vulnerabilities and their exploits. The purpose of this Guide is
to explain what vulnerabilities and exploits are, and how they relate to
computer security.

Let's start with an example. Suppose that you are trying to sell something
by phone. So you start by calling phone numbers, and you keep calling until
you get someone to answer, not an answering machine, but a real live person.
Then if the person who answers the phone speaks the same language as you and can understand you, you try to sell your product. Lots of people will hang
up on you, but eventually, someone will buy something...bang! You've scored!

In this Guide you will learn:

* What is a vulnerability
* What is an exploit
* How to look for vulnerabilities

So what does this have to do with 'hacking'? Look at your dialing of phone
numbers as port scanning IP (Internet protocol) addresses on the Internet.
Some Internet host computers won't answer. Maybe a firewall is blocking the
ports that you're scanning. Some hosts will answer, and at that point
maybe, just maybe, you've found a vulnerable computer.

Newbie note: What are these 'ports' we are talking about? This kind of
'port' is a number used to identify a service on an Internet host. For
this reason they are often called 'TCP/IP' (transfer control
protocol/Internet protocol) ports, to distinguish them from other kinds of
computer ports such as modems, ports to printers, etc. Each host computer
connected to the Internet is identified by an IP address such as
'victim.fooisp.com.' Since each host may have many services running, each
service uses a different port. To contact any of these ports across the
Internet, you use the host's IP address and port number -- it's kind of like
dialing a phone number.

Now maybe you have connected to telnet, port 23. You get a login prompt,
but you don't know any valid username/password combinations. So the host
"hangs up" on you. After many hours of trying, you connect to a host on the
right port, and Shazam!! You're greeted with a login prompt, and you quickly
guess a valid username and password combination. The next thing you know,
you have a command prompt. You have discovered a vulnerability -- an easily
guessed password! So being the 'white hat hacker' that you are, you send an
email to the sysadmin of the site and leave quietly.

Newbie note: A 'host' is a computer connected to the Internet. A 'service'
is a program that is running on a port of an Internet host. Each service is
a program that will respond to certain commands. If you give it the right
command, you will get it to do something for you.

More exploit files-->>

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group


Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.