Is hacking personal computers really possible ?

[ElCrabman]

Hi, I'm new to pentesting and I'm really beginning to question the feasability of hacking personal computer. I have a few questions and I would like some highlights.

1 - When we launch a scan or an exploit, we must put the target's ip as an input. It's easy when we targets servers, but what about casual internet users ?

2 - It seems to me that starting Windows 7, it's getting REAL hard to develop exploit. Just look at metasploit. There are plenty of XP exploits, but very few 7 or 8. So is it possible to succeed an attack against those ?

3 - How can people actually manage to hack facebook and twitter accounts ? The only way I can think of is social engineering, and with people getting more and more paranoïd, it doesn't get easier.

I'm not asking for in depth explanations. Just some basic answers.

[iTpHo3NiX]

1. Yes
2. Yes
3. Keyloggers, Phishing, MiTM, etc

[ElCrabman]

1. Yes
2. Yes
3. Keyloggers, Phishing, MiTM, etc

Too basic, and the first question wasn't a "yes or no" question.

For the 3rd one, keyloggers have to be installed in the victim's computer, so, it is still social engineering, right ?

[iTpHo3NiX]

1. Servers and casual internet users are one in the same, an internet user will play games and services with open ports to be excluded. The apps and various exploits would be different

2. Are you sure "getting too hard" is the correct term here? Most people are keeping exploits to themselves and don't want to share for free these days. They are plentiful and in abundance, you either have to pay for them or find them yourself.

3. Social networks are commonly stolen via SE, whether it be phishing, keylogging, browser stealing, etc. Also if running http which most dont these days and ssl strip doesn't work MiTM isn't as practical. Furthermore there are other methods of installing malware that doesn't require user interaction. Without physical access SE is the main route, other than that, a vulnerability in software they're running (java, flash for example) that allow remote code execution and drop a payload

You're only limited by your brain

[ElCrabman]

1. Servers and casual internet users are one in the same, an internet user will play games and services with open ports to be excluded. The apps and various exploits would be different

2. Are you sure "getting too hard" is the correct term here? Most people are keeping exploits to themselves and don't want to share for free these days. They are plentiful and in abundance, you either have to pay for them or find them yourself.

3. Social networks are commonly stolen via SE, whether it be phishing, keylogging, browser stealing, etc. Also if running http which most dont these days and ssl strip doesn't work MiTM isn't as practical. Furthermore there are other methods of installing malware that doesn't require user interaction. Without physical access SE is the main route, other than that, a vulnerability in software they're running (java, flash for example) that allow remote code execution and drop a payload

You're only limited by your brain

It's not really my brain, it's the fact that I'm not well-documented. There is SO MANY different areas of hacking, and I'm always misguided. I am scared to waste my time and finally discover that what I have learned was useless.
Anyway, you seem to know your business. I hope I can bother you a bit longer.

1 - My problem is I don't see how to get the ip adress and how to prope the "victim's" OS for vulnerabilities. They might turn off their PC any time !

3 - You're getting my interest, here ! Would you mind sharing some links or guide me towards the things I need to learn ?

[xor]

Are you trying to hack a particular person or device, someone you know, or are you trying to target a random device?

There are a lot of consumer routers on the internet these days with simple default username and passwords.
They can be used as pivot points to the internal network, or they can be used to transparently redirect a users traffic through a malicious server where the data can be sniffed. Even for things like facebook that use HTTPS, you can man in the middle the SSL connection, though they might get a warning for something like that unless you happen to use a certificate in their trusted store.

Most of the time you will be hacking a device at the border of their network. Not all are vulnerable, but a lot of them have well known and documented exploits.

-- xor

[proxx]

What a despicable title, instant delete where it not for the responses already posted.

[iTpHo3NiX]

What a despicable title, instant delete where it not for the responses already posted.

Lol sorry ProxX, but I felt it needed some answers.

[ElCrabman]

Are you trying to hack a particular person or device, someone you know, or are you trying to target a random device?

There are a lot of consumer routers on the internet these days with simple default username and passwords.
They can be used as pivot points to the internal network, or they can be used to transparently redirect a users traffic through a malicious server where the data can be sniffed. Even for things like facebook that use HTTPS, you can man in the middle the SSL connection, though they might get a warning for something like that unless you happen to use a certificate in their trusted store.

Most of the time you will be hacking a device at the border of their network. Not all are vulnerable, but a lot of them have well known and documented exploits.

-- xor

I target someone I know. It's interesting, but it assumes that the router has a default username and pass. And I'm still wondering how to access these routers remotely without knowing the victim's ip ?

What a despicable title, instant delete where it not for the responses already posted.

What's so despicable about about it, you giddy goat ?
(Seriously, what's up with it ?)

[0E 800]

Post an intro, read a fucking book.

Quote from: ElCrabman on October 12, 2014, 06:15:40 pm
Hello,

I saw on your profile the mention VIP, which I think means that you are quiet a good hacker, so let me explain to you my situation.

I'm a student eager to learn hacking. I began my training this year, and I won't say I'm a pro, but I'm familiar with the basics (In other words, I'm a noob). The reason why I'm still lame is that in this year, I was completely perturbed by my environment, and I fell into depression. There are different reasons why I got into this depression, but I'll bother you with only one.

I will sound very... stupid and cheesy, but please, don't be harsh. You see, there's a girl in my college, and I think you guessed that I'm in love with her, not to say that I'm completely obsessed by her. I don't know what are her feelings about be, and if she really cares about my existence. I thinks that you also get the point of my story : get some data from her in a sneaky manner. Of course, I could ask her myself, but she lives too far away and the year is over and I have no contact with her.

You don't know me and I ask you this stupid favor, but please, I just need to get fixed, so I don't think about her anymore, so I can use what's left of my vacation to do something worthy, not to ruminate endlessly and pointlessly.

Thanks for reading, mate.

[ElCrabman]

Post an intro, read a fucking book.

Needed help that time, still need help, but rely on myself. Don't see what's so stupid...

[vanity]

I believe what he is trying to get at is that your post title is not a good question. It is obvious that hacking personal computers is possible.

What do you mean?

but it assumes that the router has a default username and pass.

also you are not asking the right questions, your questions are extremely vague. If you take some time and read more forum posts on here you will see that nobody wants to waste time on vague threads like this one. The answers to every question you have asked thus far I have read within the past week in other threads.

And I'm still wondering how to access these routers remotely without knowing the victim's ip ?

You cannot access their router without knowing the IP address. I would recommend some research on basic networking fundamentals.

[ElCrabman]

I believe what he is trying to get at is that your post title is not a good question. It is obvious that hacking personal computers is possible.

I had to make sure. Most of the time, when I hear about someone's computer being hacked, it's either a "blind attack" (a hacker who just throws some malicious code and waits til a radom person downloads it), or SE.

What do you mean?
also you are not asking the right questions, your questions are extremely vague. If you take some time and read more forum posts on here you will see that nobody wants to waste time on vague threads like this one. The answers to every question you have asked thus far I have read within the past week in other threads.

Sorry, then. Didn't know people already asked.

You cannot access their router without knowing the IP address. I would recommend some research on basic networking fundamentals.

I know this. I just can't manage to get someone's ip. This part of the procedure hasn't been mentionned in the tutorials and books I read. If you could point me to some relevant links, I would be grateful.

[0E 800]

Petition to Ban Hammer on GP.

OP is already mentioned for sending lame pm:
https://evilzone.org/random/am-i-the-only-one-receiving-this-kind-of-pms/msg91940/#msg91940

Another example:
https://evilzone.org/security-tools/any-good-alternative-to-openvas/msg78217/#msg78217

Another example:
https://evilzone.org/security-tools/problem-updating-metasploit/msg80904/#msg80904

Asked for ebook, didn't say thank you.
https://evilzone.org/ebooks/ebook-request-topic/105/

@OP
Pick the spoon up with your hands, and put it in your mouth... chew, swallow.

[white-knight]

I think the best way for OP to learn might be a paid course so he can get 1 on 1 help and guidance .