Howdy all, requesting help on a media project

[SAI-Revenant]

Hi there.

I am by no means a hacker, I do not intend to ever hack, save for the basic knowledge I need to have to protect myself and my things.

What I am asking for, is help on some terminology for a media project that myself and my team are working on. I am sick and tired of seeing movies like Live Free or Die Hard try to tell us that the entire world will blow up with a few key strokes. That's terrible.

I was hoping some of you would be willing to help me out with terminology, so that I may better portray the intended story. I can't go into specifics, but I can tell you that the characters are supposed to be rather versed in cryptology and encryption.

Let me assure you, I am not here to learn how to do this, I am only looking for terminology. If the staff of this website wants me to talk to them about that, I am more than willing to talk in private. This info will be used on a media project with fictional characters, no actual application.

Again...just terminology, no application please. I want to make our project look realistic without going over the deep end. If some of these things arent possible, please let me know, so we can get things back on track.

If anyone is willing, I am looking for the following:

1. what someone would do to prevent someone from viewing a website forum without having administrative powers?
2. what would one do to guess the password on a user in a forum? (This password is completely incoherent, using numbers symbols and letters, if that matters)
3. Use an IP to find a location for a user (not the source of the provider, but latest point of access...if that is even possible?)
4. Make a user look like he is apart of the system, even though its an exterior computer.
5. Monitoring one location contacting another by Email, from one specific email account to another, without interfering.

Thanks kindly!

[insomaniacal]

1. what someone would do to prevent someone from viewing a website forum without having administrative powers?
2. what would one do to guess the password on a user in a forum? (This password is completely incoherent, using numbers symbols and letters, if that matters)
3. Use an IP to find a location for a user (not the source of the provider, but latest point of access...if that is even possible?)
4. Make a user look like he is apart of the system, even though its an exterior computer.
Thanks kindly!

1: Not quite sure what you mean, most forums have options to restrict users from viewing certain things though.

2: Guessing is pretty much all you could do. You could try to SQL inject the forum and download a list of the usernames and passwords. The passwords will more than likely all be hashed, in which case you'd have to run them through a cracker, using either a brute force method, or a dictionary attack.

3: You can look up a fair bit about an IP with WHOIS lookups. However, to find out any more, you'd have to make some phone calls and social engineer people into giving you more specific information.

4: You could somehow get root access to a computer that is a part of a network, and then use that computer as a proxy. But you should be more specific, do you mean a part of a LAN?

These are some pretty basic answers, but hope they help a bit.

[Bren2010]

1. what someone would do to prevent someone from viewing a website forum without having administrative powers?
2. what would one do to guess the password on a user in a forum? (This password is completely incoherent, using numbers symbols and letters, if that matters)
3. Use an IP to find a location for a user (not the source of the provider, but latest point of access...if that is even possible?)
4. Make a user look like he is apart of the system, even though its an exterior computer.

1. You can use DoS/DDoS, and with enough power you can block everyone from a forum. However, you can't be picky with DDos/DoS attacks, it's everybody or nobody. You can read about them here.

2. I would imaging a brute-force script. However nowadays almost every forum has something to protect against that (CAPTCHA, temporarily locking accounts).

3. I'm not going to say that impossible, but it's pretty hard. Using some sort of computer program, you'll normally only get the providers location or a general location, (I checked my IP, it only showed up to the the county). However, I have heard about people using SE to trick providers into revealing an exact location.

4. I'm sorry, I don't understand. You mean like some sort of AI experiment?

[SAI-Revenant]

1. what someone would do to prevent someone from viewing a website forum without having administrative powers?
2. what would one do to guess the password on a user in a forum? (This password is completely incoherent, using numbers symbols and letters, if that matters)
3. Use an IP to find a location for a user (not the source of the provider, but latest point of access...if that is even possible?)
4. Make a user look like he is apart of the system, even though its an exterior computer.
Thanks kindly!

1: Not quite sure what you mean, most forums have options to restrict users from viewing certain things though.

2: Guessing is pretty much all you could do. You could try to SQL inject the forum and download a list of the usernames and passwords. The passwords will more than likely all be hashed, in which case you'd have to run them through a cracker, using either a brute force method, or a dictionary attack.

3: You can look up a fair bit about an IP with WHOIS lookups. However, to find out any more, you'd have to make some phone calls and social engineer people into giving you more specific information.

4: You could somehow get root access to a computer that is a part of a network, and then use that computer as a proxy. But you should be more specific, do you mean a part of a LAN?

These are some pretty basic answers, but hope they help a bit.

1. Suppose 2 users are on a forum, neither have administrative access, but one of those users wants to prevent the other from being able to view the specific website. Suppose the admin team is trying to help, but cannot use the traditional forum banning and suspension procedures. Is that even possible?

2. We're using the second as an interactive thing with the intended audience, so, we'll be leaving hints...didnt think there was anything, thought I'd ask.

3. Sounds good. That's easy to work with.

4. Can someone wirelessly hack into an intranet system used by a "big bad firm"? I guess to supplement that, a security system name, and how someone would crack into it (an old system is fine...not the whistle hack though...but something plausible)? If Im making sense here?

I apologize, Im not to knowledgeable in this.

Thanks

[thetan]

1. Suppose 2 users are on a forum, neither have administrative access, but one of those users wants to prevent the other from being able to view the specific website. Suppose the admin team is trying to help, but cannot use the traditional forum banning and suspension procedures. Is that even possible?

2. We're using the second as an interactive thing with the intended audience, so, we'll be leaving hints...didnt think there was anything, thought I'd ask.

3. Sounds good. That's easy to work with.

4. Can someone wirelessly hack into an intranet system used by a "big bad firm"? I guess to supplement that, a security system name, and how someone would crack into it (an old system is fine...not the whistle hack though...but something plausible)? If Im making sense here?

I apologize, Im not to knowledgeable in this.

Thanks

1.) Still have no idea what you're trying to say

2.) To make it realistic, hackers rarely guess passwords. Instead you might want to look into something like using a SQL exploit to overwite or retrieve a password hash like insomaniacal suggested. or steal the logged in users session with XSS injection.

3.) GeoIP, http://www.geoiptool.com/

4.) Yes, most WEP encrypted wifi networks can be broken into in minutes using tools such as aircrack-ng. WPA networks can be brute forced relatively fast with distributed tools like this: http://www.wpacracker.com/ or japanese hackers have recently devised i way to crack WPA even faster: http://www.v3.co.uk/v3/news/2248580/res ... -crack-wpa

[SAI-Revenant]

Thanks for all the replies!

The first one...I guess my terminology sucks.

Easiest way I can say about this, can you deny a specific computer from being able to access a specific website, without affecting other users, or being in control of an administrative panel?

The point of this section, is that the protagonists want to lock the antagonist out of the website, without affecting other users, and without being able to use the administrative powers that the admins have (they'll claim that they are unable).

Thanks.

[sanddbox]

The point of this section, is that the protagonists want to lock the antagonist out of the website, without affecting other users, and without being able to use the administrative powers that the admins have (they'll claim that they are unable).

Yes, but it's not very elegant or 'hacker-y'. A simple DDOS attack (sending many requests to their IP address to eat all the bandwidth in their network) would do the trick (assuming you had more bandwidth than them).

[Goatboy]

As far as restricting a single user, unless you get root (admin) access to the server, it's pretty much up to physical means. Unfortunately, that usually means vandalism. As sanddbox just said, a DDos would work, but would require that you already had a botnet or some other means of carrying it out.

[tarantulas]

Call me old fashioned, but there is the old method of breaking the person's hands and fingers. They cannont access much of any websites that way.

[SAI-Revenant]

heh.

Thanks guys.

Better than just saying that the characters are able to control the world's internet and steal all the money and bring down planes and whatnot, eh?

Thanks for the knowledge.

I dont think a DDoS claim is gonna help...

how bout this route.

How can a person bring down a the server that the computer is being accessed on? (To note, the college around here, the entire system was forced down due to what they say was a Trojan, they didn't allow anyone on campus to sign on, thereby forcing the entire system from being used.) IE: Prevent a user from actually being able to use the computer?