How to Win at Hacker Wargames
By Matthew Cook
The best way to learn is to play with all of the systems and
programs that you want to understand, and there's no better way
to get started than with a small network on which you can experiment.
Ideally, this network should be composed of many different
computers of varying specifications. There is no need for the
latest and greatest hardware, and because many people have older
computers lying around, you can often get 386's 486's and older
Pentium system for almost nothing. They may not be able to play
3d games, but they are more than adequate for a server.
If you happen to have access to a large car or van (or a good
friend with one), there are dozens of local businesses with small
IT departments full of older computers and half working models
that you will give you for free if you'll come by and pick them
up. You could even write up a business letter and mail it out
to a few dozen local businesses offering to take their old computer
junk off their hands, you'd be surprised how many responses you'll
get.
Even if you don't have access to a large stockpile right away,
all you really need to get started are maybe 2 to 3 old boxes.
Your network can always grow to accommodate new acquisitions
later.
Once you've got some hardware together, spend some time thinking
of the applications and services you would like to provide or
understand with your network, and then teach yourself how to
install and run them. You will probably want to run several of
the servers at once over a single internet connection - this
would call for a router of some sort, and the prefect opportunity
to learn all about the Linux or unix router tools like ipchains,
iptables and ipfw. Once you see how easy it is to route traffic
to your network, the next logical step would be to restrict it
with a firewall. Guess what, firewalls are made with the same
tools.
Maybe you'd like to learn about the domain name system, sounds
like the perfect excuse to register a domain name and set up
a DNS server. Maybe you would like to set up a shell server for
your friends, why not learn a bit about OpenBSD in the process.
Maybe you would like a web page so you can post info about the
shell accounts. Maybe you would like to do some 3d rendering,
a Beowulf cluster would sure speed things up, or OpenMosix, or
a Windows cluster...
As you work through your list, dedicate one box to each type
of service you want to run (or several for related services).
The only exception would be to have some sort of remote access
on all of the systems so you can toy with them from work/school/etc.
While you're at it, try not to limit yourself to one type of
operating system (at least not at first, eventually you will
probably find one you like to work with best). Some applications,
such as a workstation might lend themselves to Windows, while
something else like a Domain Name server would fit better with
Linux, or a shell server might fit better with OpenBSD. Try and
experiment.
Throughout this process, make friends with your local librarian
(or Barns & Noble employee), because you will be reading
a ton of books.
If you can afford it, try and buy the books outright, you'll
find yourself referring back to them again and again, even months
after you've finished whatever project you were working on. Online
tutorials are fine, but there's nothing like a book. A note of
caution, don't get over zealous and buy a bunch of books on different
topics and say you'll get to some of them later. In my experience,
by the time you get to the one at the bottom of the stack, its
3 versions behind and you just have to buy it again. If you're
looking for which books to buy, a great source of information
are news groups and mailing lists, they generally have a consensus
on who wrote the best book on what and you can often find this
information in their FAQ. As simply a personal preference, there
are a few publishers I usually like, including Sams, Prentice
Hall, Wiley, Addison Wesley, No Starch Press, and top of the
heap is O'Reilly & Associates. There are no bad computer
book publishers, but I would recommend you stay away from anything
marked "dummies" or "learn x in some period of
time".
Another piece of advice, don't buy anything you can make yourself.
Shelves and stuff are fine, and I wouldn't try and make my own
hub, but don't buy a router, make one; don't buy a print server,
make one; don't buy a web host, do it yourself. Heck, don't even
buy network cable, go down to Home Depot, buy a spool of category
5 cable (make sure its cat5 and not cat3 or something else) and
a box of RJ-45 heads and a crimper and make your own. Network
cable are a cinch to make, it takes 5 seconds to learn, and once
you do, you can make them any length you want (and even special
cables like crossover cables), and for pennies compared to what
it cost to buy them.
Once you have a few things running, it doesn't have to be
much, just enough to get started, set a few boxes aside to be
your "victims".
Sometimes it can be helpful to divide them into a different
subnet with your router the same way you would divide your LAN
into a protected zone and a DMZ. Choose some service you would
like to attack, start with something familiar and easy to install,
like throwing a copy of windows on one of the boxes or install
Linux and just sendmail or just bind. Then start working through
what information you can gather about your victim from the other
side of your network. Try looking up a few known vulnerabilities
or downloading a few script kiddy type scripts and dissect them
and see what they are doing. Set up a packet sniffer (ethereal,
or tcpdump are good, or whatever runs on your attack computer)
and run some service on the victims and see what kind of traffic
goes by and what it tells you.
Can you tell what's going on? Was there any useful info in
those packets? A username? A password? A command code? Set up
a vulnerability scanner like Nessus and see what you can learn
with it.
Another fun thing to do is to place an unsecured box in your
DMZ so that anyone from the internet can access it, and just
watch it to see if anyone tries to hack into it. This is called
a honey pot, and can be a great way to see the techniques of
other hackers (and believe it or not, meet a friend).
Once you've gotten the hang of these things, pick a program,
something simple and open source, something written in a language
you have some experience with, and download it and see how it
works. Toy around with it, change it, add something, contribute
to the project. Its very tempting to grab a book on C++, read
it cover to cover and maybe toy with 2 examples and then feel
like you understand it, but there is no better way to get a grip
on all the day to day challenges of writing with a particular
language until you're solving problems that haven't already been
worked out and planned ahead for you.
This is just a general outline, but you get the idea, its
all about exploring and trying new things. You will usually start
out with some grandiose idea of a super network, and quickly
get side tracked or bogged down in some seemingly trivial project,
but that's ok, if not exactly what you should be doing. Don't
worry about getting everything done or working on some little
something for months, even leaving and coming back to it. When
I started my network, I had this master plan of a really cool
website, but I was continually having problems with my second
hand Linksys router. I never wanted to deal with that stuff,
but I finally gave up and spent a month and a half setting up
a Linux router and writing a firewall script for it, and now
I can see how limited I was with that old router.
I hope some of this helps you out, and I wish you good luck
on your network ^_^
Carolyn's note: Matthew has done
a great job of revealing how a real hacker solves problems. You
can learn a great deal more about setting up a shell server and
running a hacker wargame from my book Überhacker. It's in second edition, just in from the publisher.
