Is everything "Hackable"?

[Nerdz]

Well, I was thinking about it last day...

I know the step to get into a computer but what happen when you BLOCK at one step, the one to get the exploit code after you did the data gathering(banner grabing).

Here is an example:

You have Mr. X which is a nobody. He doesn't know anything about computer except that he has lot of friend on his new life, World of Warcraft. He is running WindowsXP, Msn messenger, TeamSpeak(or Ventrilo, Skype). He has a brother named Mr. Y which is also a nobody BUT.... he has a computer to and cry to his mother so he can get on the internet at the same time of his brother. So she buy a cheap router( let's say DI-604 which is a wired router...)

So now, how would you hack Mr. X? He has the DI-604 which act like a firewall at the same time and send back port 113 when you nmap it, so the only thing you see is port 113 and you don't find anything about a exploit for his router.

IMO to hack something( I don't mean Social enginering(trojan, physical access, etc)) the computer need to have service which can be exploited or at least a router(which can also be exploited) or wireless?

What you think?

( This situation is purely fictive )

[DNR]

After painfully reading through the post several times to grasp the meanings..

""""
So now, how would you hack Mr. X? He has the DI-604 which act like a firewall at the same time and send back port 113 when you nmap it, so the only thing you see is port 113 and you don't find anything about a exploit for his router. """

""
He is running WindowsXP, Msn messenger, TeamSpeak(or Ventrilo, Skype). He has a brother named Mr. Y which is also a nobody BUT.... he has a computer to and cry to his mother so he can get on the internet at the same time of his brother. So she buy a cheap router """


So I want to 'hack' one or two nobody's? a D-link router?
http://support.dlink.com/products/view. ... DI-604#faq

Also windows xp, msn, teamspeak, are available.
The router can't send back or port traffic out port 113, so thats a hole in the story here.
Furthermore, I am sure the mother (tired from all the crying and sibling rivalry) did an excellent job with installing the router, but since the Dlink router/firewall (actually a filter) is not capable of porting traffic to various standard (113 Ident??) or nonstandard ports, this hack is possible, the story though is not.

http://www.grc.com/port_113.htm

Just set the firewall not to respond to scans.

I liked the idea behind the post, discussing a theoretical network and how to..

DNR
You can always get the target to initiate the connection.

[Nerdz]

The point of this post simply mean: Can ANY Internet User be hacked? Is there any limits?

By being hacked, it doesn't involve social engineiring or trojan... Simply scan and exploit.

It sounds right in my mind, maybe I don't explain myself clearly....

[Chaos1986]

Well Nerdzoncrack I Would Have To Say Yes Any User Is Hackable Provided That 1.We Have An Open Port To Use 2.An Exploit To Manuplate 3.And A Good Connection To The Victim.
Just Remeber If Man Made It Man Can Crack Or Hack It.

[Nerdz]

OK but how would it be possible if the user doesn't run any exploitable services?

[Chaos1986]

Well Then We've Got To Make Our Own Exploit. With Some Programming Knowledge That Shouldn't Be To Hard. All We Need Is To Know What OS They Are Running. Is It Micro$oft Windows, Unix Or A Breed Of Linix? Once We Know That Then We Can Start Making Our Exploit. Then We Use Our Homemade Made With Love Exploit.

[DNR]

The only way to make a computer unhackable, is to disconnect it from a network and lock it in a very secure room -even then, don't let anyone near it..

The simple fact that a machine would be running any service, smtp, http, or a desktop accessing those services, _and_ connected to the internet, means that it has potential for exploitation. I have to admit, Chao's saying "if man made it, man can hack it, applies".

Security is sort of a illusion, given enough time and resource, any security can be breached. The front door lock on your house at best will keep out snoops, but someone determined to get in - will. You try to maintain a certain _level_ of security. Performing frequent security sweeps on your box/network, having 24/7 monitoring, and logs/audit apps, and upgrading security as criminals evolve.

See, I am moving out in the boonies. When I went to get my 4xexpresso, I left my lappie on the front seat of my oldsmobile, with my digicam, and nextel. The car next to me had a nice ladies purse, and her cellphone, on the seat. I knew I was in upper-middle class suburbia. The police patrol this area well due to its paid taxes. Here, the rich can be illusioned to 'security' that only exist by community cooperation, meaning one stranger could have a great day robbing them blind. They just accept that upper-crust people like themselves won't bust a window or lift the handle on a car with valuables laying in plain view. People on networks are the same way. Denial of reality?

Now, in the boonies, where I have to drive 10 minutes to get to food or fuel, the police will be far and few in between. So that means I need to compensate my security - .45auto locked and loaded. I don't condone violence, but I do know it will take the police longer to come help. Certain other features will be added, perhaps a safe room. I have compensated for security that is weak. But I am not fooled by any means of security, just call me a "hard target", guaranteed you'll wish you fuxed with someone else..

I think hacking involves security. You cannot 'target' a computer without mapping the network its on, thats like breaking into a house, without checking for a "Beware of Dog" sign (or perhaps large piles of shit in the yard). You also have to maintain the "Big Picture", everything is multitasked, and nfo is updated constantly. Everything is connected to something, in someway.

Lets say I did want to kill a computer described above, its locked in a room, disconnected from the outside networks. Having a big picture I can try to exploit what is available to me at the time. If someone has to access that computer, I can focus on that person as a target. Worst case, I'll kill the power to that computer, maybe I'll break into the room next to the locked computer and try to make an EMP weapon to fry it

Maybe a shaped-charge made out of a wine bottle and some ANFO?

DNR

[PLeXroD]

YES ... point reached

[Chaos1986]

DNR Is Right Once You Connect TO Any Network Or The Internet You Automacitly Become Hackable. This Is Because You Are Now Connected To The Outside World And Need To Have Open Ports To Use The Services. Now That You Are Connected Nothing Can Protect You Not Even Norton.

[LaBlueGirl]

Chaos and DNR are right, I think too.

Depending on what is being run on the computer (software firstly I would guess) you can see what each program does (its function, how the functions work etc). Then write a script/program to bypass channels of communication, trick them, corrupt them, trick/spoof it to gain entry or insert something/monitor in the data being sent and so forth.
Eventually, you could find a way to get around or through the firewall.

In another post by DNR, he said something to the effect of new viruses need to be used b/c most are in the software's database.
Also, a lock on your doors will help to stop someone from forcing their way into your house (through what, the main entrances?). They will just have to be more determined to get in there by using another method.

Then again, I would rather do other things with my time unless I had a serious vendetta against the person. Guess it's a lack of malice.