Girl Geekette dotNet

Hacking is not a bad thing. Hacking is a good thing! It is about learning, not being malicious. Learn what hacking is all about, and realize no one can teach you! Hacking IS about learning. you teach yourself by hacking.. hacking to learn more. The more you learn about computers, how they work, what they do, how they do it, the more you are computer hacking. And then, you take that knowledge and learn to apply it in future scenarios. In the end, you’ll ask more questions, find more answers, and learn more. You are hacking to learn.. not learning to hack.

Check out places like HowThingsWork, Whatis, Textfiles, Security Forums, and Google. Learn to use search engines to search for what you find interesting and want to learn more about. Using the right terms in search engines to try to get the results you are looking for can give you narrower or broader results. Play with search engines by using + and " " and - in the search, and see how different search engines react to different things you enter.  Most search engines have a "how to search" section. Read about different ones, Boolean searches, and narrowing down your search. Start from a broad topic and narrow it down to what you are specifically wanting. Many search engines are different, so read about different techniques each use. There are some helpful guides on searching at places like The Spiders Apprentice . Start learning to search by searching for how to search.

Take computers apart and put them together. Understand why each card does what it does for your computer to work the way it does. Read about what a motherboard is, the different types of motherboards, and what processors fit on different ones. Find out what the difference between an onboard video card is and an AGP or a PCI one. What are the advantages and disadvantages of onboard hardware such as modems, sound cards and network cards. There are more differences between an ISA modem and a PCI modem than just the length of the card and the bus architecture. Read up on the advantages and disadvantages of PCI vs USB hardware.

You can take old computers - even from the first generation Pentiums or lower and install various operating systems on them. Not only does Windows have different versions that will and will not run on different hardware, but other operating systems such as Linux and BSD can run on different and older hardware. A Pentium 133 with linux on it is perfect for a firewall and a DHCP server. It can sit there and serve to protect your network with no other processes running than those. Learn more to life than just Microsoft and Windows. FreeBSD and Linux are distributed freely. 

The Windows GUI you see when you boot up Windows is just a window or shell manager. It is a GUI - Graphical User Interface that does nothing but let you point and click to access information on your hardrive. Xwindow is a windows manager, yet it is not windows. It is the GUI that can be found on linux that manages the different windows which displays your hardrive contents and applications. The Windows operating system itself has different desktop managers that can be used such as Talisman.

Networking is fast becoming a way of life with computers. From sharing an internet connection to sharing files between computers and PDA’s, networks are all among us.. Understanding what networks are, how they are put together, how to troubleshoot them, why and how networks are there, and what protocols are used can open all new quests for knowledge. If you want to understand the internet better, learn about networks and IP addresses. Learn why each computer is assigned each address is. Learn about static IPS and DHCP. DHCP leases might be an hour, a day, week or a month. Who controls the lease? Why do some DHCP’d IP addresses get mistaken for Static IPs? Lease time. All of these can enlighten you on what an ISP actually does and that the internet is nothing more than a bunch of computers connected together by different ISPs that assign different IP addresses to more networks and computers. 

Figure out how to make a computer a DNS or SMTP server. File servers are nice too. A computer set out on its own on a network can run these services with little to no processing power. Installing Sendmail, DNS and Bind, you will get a better understanding on how traffic is directed on the internet and just what goes into an email being sent or received on an email client.

Built in commands such as ping, netstat, traceroute, whois, pathping and which different operating systems use. "They" can be considered "hacking tools" yet, they are free.. they come with the operating systems. You don’t have to download a program to "PING" something. Did you know you can change the size of the packets you ping with? With traceroute, you can see why it might take a simple website a long time to load, or you might just realize that there is a router on the internet that has a problem and it is not your ISP connection that is "down".

Learn how fiber and OC make the world go around. Understand and explain the difference between an intranet and an internet. Isn’t the internet one big network? 

Read about proxies. They are much more than most people realize.  They are not just about what a "malicious" hacker uses to have a different IP address show up in logs. Proxies are about controlling the content seen on a network, and keeping a network safe. Schools use them to keep kids safe from PORN by filtering the addresses the computers on school networks are allowed to go to. Libraries are the same. Employers use proxies in the work environment to keep employees from surfing the net all day long. Logs are kept. Proxies through the intranet are used. NetNanny is a Proxy. Squid is a free proxy. ISPs also use proxy’s to speed up the download and surfing of DSL customers or cable customers. Why? the pages, unless they have been updated are already in the cache, making the surfing faster for the customer.

Are you trying to ‘hack a website’ ? Learn about scripting - HTML, PHP, ASP, Javascript, PERL, regex… etc. FTP server, editing files, up and downloading. Apache, IIS and PWS are among the more popular web servers. Most worms attack IIS and PWS in certain default installed file locations, and Apache web servers are safer. FTP is where the "HTML" files are kept. There are even different FTP programs that run different and more advanced functions than the DOS FTP command. Hacking a website is about being able to edit the scripting code, not about defacement. I bet the media will never understood that one!

What are exploits? What programs have exploits, which operating systems are better or worse attuned to have more or less exploits? (SecurityFocus is an excellent resource - and yet, so is Microsoft’s own Knowledge Base.). If an exploit is discovered, it is not a bad thing. It means that there will be someone working on a patch to fix that exploit so another with malicious intent will not take advantage of it. Discovering the exploit itself is a good thing. If the discovery of these exploits were not brought to the attention of people who can fix them, then they would be taken advantage of and never fixed. Someone has to hack at it to learn and discover the exploit to understand what is broken so it can be fixed.

Learn what ports are, what vulnerabilities are associated with each port, and why buffer overflows occur. There are many well known ports, but about any program can be configured to run on any port. A web server may be running on 8080 instead of 80. Why? Is the port forward to an inside computer using 8080 instead of 80? Are there 2 web servers running? Is one an intranet? Different viruses and trojans are more susceptible to various ports because of the applications and services that commonly run on these ports. Knowing what ports you have open and what ports you have closed on a network or computer can also lead to noticing if you have a service running that you do not need or the idea that if one is running unusual activity you might have a virus. Look at places like nmap.org and teach yourself about the ports, what ports do what, what fingerprinting a system is, how to keep you own network  from being vulnerable by using tools like nmap to show you where your network is vulnerable. Patch your own network up  before someone discovers it for you and you lose every bit of data on comp. The media wants everyone to belive that all port scanners are "hackers tools" but what the media does not tell you is that these "tools" were actually created by network tecs and administrators  for the purpose of evaluating the security of their own networks. Even programs like "Jack the Ripper" were created to test your own passwords to make sure they could not be broken by brute force or easily guessed. It is the people that used these good tools for wrong reasons that have given "hacking" a bad name.

Learn about backups and restores, and why they are needed. Do you know how to back up your own registry? Know why you should? What about the differences between incremental backup, daily, weekly backups. What media is best used? Does it depend on the function? Did you know the best place to keep a back up is off location? If your computer gets infected by a virus, instead of having to reinstall windows, you might can get by with just doing a system restore from before the time it got infected. It takes less effort and time to do a system restore on Windows ME or XP than if you had to wipe the hardrive and completely reinstall the operating system. And you might not lose your data!

….. and on and on and on… I haven’t even begun. There is a whole world out there that has new information. Don’t expect hacking to be "Click and point and you have defaced a website" or "click and point, the person is offline". Hacking IS about learning. Unfortunately, the media these days do not understand the true concept of hacking. Many more media outlets than not - report news as if hacking is bad. Hacking itself is good, it is the malicious people that use that information for the wrong things that is bad. Hacking at chemistry to learn how to use different chemicals is not a bad thing. But the ones that take the knowledge gained from hacking and maliciously use it to build a chemical weapon of destruction are the ones that are bad. Not chemistry itself. Right?