How They Hack Your Website: Overview of Common Techniques
We hear the same terms bandied about whenever a popular site gets hacked. You know… SQL  Injection, cross site scripting, that kind of thing. But what do these  things mean? Is hacking really as inaccessible as many of us imagine — a  nefarious, impossibly technical twilight world forever beyond our ken?
Not really.
When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You'll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.
         
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
       The Simple SQL Injection Hack
In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a Username field:
' OR 1=1 
 
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ?USRTEXT '
AND password = ?PASSTEXT?
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ?' OR 1=1 — 'AND password = '?
Two things you need to know about this:
['] closes the [username] text field.
' ' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE username = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let's hope you got the gist of that, and move briskly on.
Brilliant! I'm gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank, evidently.
But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:
Backdoor Injection- Modules, Forums, Search etc.
Hacking web forms is by no means limited exclusively to login screens. A humble search form, for instance, is necessarily tied to a database, and can potentially be used to amend database details. Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTO, UNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.
So you can have security locked down at the login, but poor security on other forms can still be exploited. Unfortunately this is a real worry regarding 3rd party modules for Web CMS products which incorporate forms, and for CMS products these 3rd party modules are often the weakest links which allows hackers access to your database.
Automated Injection
There are tools to automate the process of SQL Injection into login and other fields. One hacker process, using a specific tool, will be to seek out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (like those listed above, culled from innumerable Injection cheat-sheets on the Web), add a list of proxies to cover his movements, and go play XBox while the program automates the whole injection process.
Remote Injection
This involves uploading malicious files to inject SQL and exploit other vulnerabilities. It's a topic which was deemed beyond the scope of this report, but you can view this PDF if you'd like to learn more.
SQL Injection in the Browser Address Bar
Injections can also be performed via the browser address bar. I don't mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests with URLs of the following form are most often held to be vulnerable:
http://somesite.com/index.asp?id=10
Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11
See if both articles come up. Don't shoot your webmaster just yet if it's your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.
As we saw above, access to the database raises a number of interesting possibilities. The database structure can be mapped by a skilled hacker through ill-conceived visibility of error messages — this is called database footprinting — and then this knowledge of table names and so forth can be used to gain access to additional data. Revealing error messages are manna - they can carry invaluable table name and structural details.
The following illustrative string is from Imperva.
       http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT username, password FROM USERS
There are vast swathes of information on SQL Injection available, here are a couple of good sources:
XSS is about malicious (usually) JavaScript routines embedded in hyperlinks, which are used to hijack sessions, hijack ads in applications and steal personal information.
Picture the scene: you're there flicking through some nameless bulletin board because, yes, you really are that lazy at work. Some friendly girl with broken English implores you to get in touch. 'Me nice gurl', she says. You've always wondered where those links actually go, so you say what the hell. You hover over the link, it looks like this in the information bar:
[%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7…]
Hmmm…what the hell, let's give it a bash, you say. The one thing I really need right now is to see an ad for cheap Cialis. Maybe the linked page satisfies this craving, maybe not. Nothing dramatic happens when you click the link, at any rate, and the long day wears on.
When a link in an IM, email, forum or message board is hexed like the one above, it could contain just about anything. Like this example, from SandSprite, which helps steal a session cookie, which can potentially be used to hijack a session in a web application, or even to access user account details.

Stealing cookies is just the tip of the iceberg though — XSS attacks through links and through embedded code on a page or even a bb post can do a whole lot more, with a little imagination.
XSS is mostly of concern to consumers and to developers of web applications. It's the family of security nightmares which keeps people like MySpace Tom and Mark Zuckerberg awake at night. So they're not all bad then, I suppose…
For additional resources on this topic, here's a great overview of XSS (PDF) and just what can be accomplished with sneaky links. And here's an in-depth XSS video.
Authorization bypass, to gain access to the Admin backend, can be as simple as this:
Copy and paste these into Google:
inurl:passlist.txt
inurl:passwd.txt
…and this one is just priceless…
“login: *” “password= *” filetype:xls
Such strings return very random results, and are of little use for targeted attacks. Google hacking will primarily be used for finding sites with vulnerabilities. If a hacker knows that, say, SQL Server 2000 has certain exploits, and he knows a unique string pushed out by that version in results, you can hone in on vulnerable websites.
For specific targets Google can return some exceptionally useful information: full server configurations, database details (so a good hacker knows what kind of injections might work), and so forth. You can find any amount of SQL database dumps as well (fooling around with a Google hack while preparing this article, I stumbled across a dump for a top-tier CMS developer's website). And a vast amount more besides.
johnny.ihackstuff.com is the man to go to for Google hacks. One interesting one I toyed with invited me to the Joomla! install page for dozens of sites… people who had uploaded Joomla!, decided against installing it, and subsequently had either left the domain to rot, or else set a redirect on the page to, say, their Flickr account (in one case). Allowing anybody to walk in and run through the installer. Other query strings target unprotected email/IM archives, and all sorts of very sensitive information. What fun we can have!
 
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.
       
I had posted a link here to a hacking bulletin board containing specific sql injections strings etc. The link pointed to a page which listed numerous hacks targetting various CMS platforms, but containing a disproportionate number of hacks for one platform in particular. In retrospect, and following a specific complaint, I have pulled down this link. Apologies to the complainant and to anyone else who found this link to be inappropriate.
Not really.
When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You'll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.
SQL Injection
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a Username field:
' OR 1=1
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ?USRTEXT '
AND password = ?PASSTEXT?
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ?' OR 1=1 — 'AND password = '?
Two things you need to know about this:
['] closes the [username] text field.
'
SELECT * FROM users WHERE username = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let's hope you got the gist of that, and move briskly on.
Brilliant! I'm gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank, evidently.
But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:
- admin'—
- ') or ('a'='a
- ”) or (“a”=”a
- hi” or “a”=”a
Backdoor Injection- Modules, Forums, Search etc.
Hacking web forms is by no means limited exclusively to login screens. A humble search form, for instance, is necessarily tied to a database, and can potentially be used to amend database details. Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTO, UNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.
So you can have security locked down at the login, but poor security on other forms can still be exploited. Unfortunately this is a real worry regarding 3rd party modules for Web CMS products which incorporate forms, and for CMS products these 3rd party modules are often the weakest links which allows hackers access to your database.
Automated Injection
There are tools to automate the process of SQL Injection into login and other fields. One hacker process, using a specific tool, will be to seek out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (like those listed above, culled from innumerable Injection cheat-sheets on the Web), add a list of proxies to cover his movements, and go play XBox while the program automates the whole injection process.
Remote Injection
This involves uploading malicious files to inject SQL and exploit other vulnerabilities. It's a topic which was deemed beyond the scope of this report, but you can view this PDF if you'd like to learn more.
SQL Injection in the Browser Address Bar
Injections can also be performed via the browser address bar. I don't mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests with URLs of the following form are most often held to be vulnerable:
http://somesite.com/index.asp?id=10
Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11
See if both articles come up. Don't shoot your webmaster just yet if it's your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.
As we saw above, access to the database raises a number of interesting possibilities. The database structure can be mapped by a skilled hacker through ill-conceived visibility of error messages — this is called database footprinting — and then this knowledge of table names and so forth can be used to gain access to additional data. Revealing error messages are manna - they can carry invaluable table name and structural details.
The following illustrative string is from Imperva.
There are vast swathes of information on SQL Injection available, here are a couple of good sources:
Cross Site Scripting (XSS)
XSS or Cross Site Scripting is the other major vulnerability which dominates the web hacking landscape, and is an exceptionally tricky customer which seems particularly difficult to stop. Microsoft, MySpace, Google… all the big cahunas have had problems with XSS vulnerabilities. This is somewhat more complicated than SQL Injection, and we'll just have a quick look to get a feel for it.XSS is about malicious (usually) JavaScript routines embedded in hyperlinks, which are used to hijack sessions, hijack ads in applications and steal personal information.
Picture the scene: you're there flicking through some nameless bulletin board because, yes, you really are that lazy at work. Some friendly girl with broken English implores you to get in touch. 'Me nice gurl', she says. You've always wondered where those links actually go, so you say what the hell. You hover over the link, it looks like this in the information bar:
[%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7…]
Hmmm…what the hell, let's give it a bash, you say. The one thing I really need right now is to see an ad for cheap Cialis. Maybe the linked page satisfies this craving, maybe not. Nothing dramatic happens when you click the link, at any rate, and the long day wears on.
When a link in an IM, email, forum or message board is hexed like the one above, it could contain just about anything. Like this example, from SandSprite, which helps steal a session cookie, which can potentially be used to hijack a session in a web application, or even to access user account details.
Stealing cookies is just the tip of the iceberg though — XSS attacks through links and through embedded code on a page or even a bb post can do a whole lot more, with a little imagination.
XSS is mostly of concern to consumers and to developers of web applications. It's the family of security nightmares which keeps people like MySpace Tom and Mark Zuckerberg awake at night. So they're not all bad then, I suppose…
For additional resources on this topic, here's a great overview of XSS (PDF) and just what can be accomplished with sneaky links. And here's an in-depth XSS video.
Authorization Bypass
Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases. Next thing you know, there goes the farmAuthorization bypass, to gain access to the Admin backend, can be as simple as this:
- Find weak target login page.
- View source. Copy to notepad.
- Delete the authorization javascript, amend a link or two.
- Save to desktop.
- Open on desktop. Enter anything into login fields, press enter.
- Hey Presto.
Google Hacking
This is by far the easiest hack of all. It really is extraordinary what you can find in Google's index. And here's Newsflash #1: you can find a wealth of actual usernames and passwords using search strings.Copy and paste these into Google:
inurl:passlist.txt
inurl:passwd.txt
…and this one is just priceless…
“login: *” “password= *” filetype:xls
Such strings return very random results, and are of little use for targeted attacks. Google hacking will primarily be used for finding sites with vulnerabilities. If a hacker knows that, say, SQL Server 2000 has certain exploits, and he knows a unique string pushed out by that version in results, you can hone in on vulnerable websites.
For specific targets Google can return some exceptionally useful information: full server configurations, database details (so a good hacker knows what kind of injections might work), and so forth. You can find any amount of SQL database dumps as well (fooling around with a Google hack while preparing this article, I stumbled across a dump for a top-tier CMS developer's website). And a vast amount more besides.
johnny.ihackstuff.com is the man to go to for Google hacks. One interesting one I toyed with invited me to the Joomla! install page for dozens of sites… people who had uploaded Joomla!, decided against installing it, and subsequently had either left the domain to rot, or else set a redirect on the page to, say, their Flickr account (in one case). Allowing anybody to walk in and run through the installer. Other query strings target unprotected email/IM archives, and all sorts of very sensitive information. What fun we can have!
Password Cracking
Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.
A Few Defensive Measures
- If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
- Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
- Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
- If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
- Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
- Do a few Google hacks on your name and your website. Just in case…
- When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes.
I had posted a link here to a hacking bulletin board containing specific sql injections strings etc. The link pointed to a page which listed numerous hacks targetting various CMS platforms, but containing a disproportionate number of hacks for one platform in particular. In retrospect, and following a specific complaint, I have pulled down this link. Apologies to the complainant and to anyone else who found this link to be inappropriate.
Helicopters: How They Work
Helicopter
The helicopter is an interesting object in our culture. Originally, it was thought that the helicopter would one day replace the car. However, prices never came down, leaving the helicopter as an icon of wealth or authority. Since the Vietnam War, helicopters have become more associated with conflict than commuting.
To dream of a helicopter probably means that you envision yourself in a situation of potential hazard or needing to be `whisked away' from your present circumstances. The former would be expressed in a helicopter as a means of escape. The latter equates images of romance and wealth.
 
   
 
Here are some of the component parts that make up a helicopter. While this is an example of one specific helicopter (UH-1C), not all helicopters will have all of the parts listed here. Some of this may be a bit more of the same old stuff we have just discussed, but it will show everything as it relates to everything else on the aircraft and the location of each component.

  
      This picture illustrates how the helicopter moves when using the  appropriate controls. Up and Down movements are controlled by the  "Collective". Side to Side and Forward and Back motions are controlled  by the "Cyclic". Lateral control (Also called directional control or  "Yaw") is achieved by using the "Foot Pedals". 
     

 This picture illustrates how the helicopter moves when using the  appropriate controls. Up and Down movements are controlled by the  "Collective". Side to Side and Forward and Back motions are controlled  by the "Cyclic". Lateral control (Also called directional control or  "Yaw") is achieved by using the "Foot Pedals".
     This picture illustrates how the helicopter moves when using the  appropriate controls. Up and Down movements are controlled by the  "Collective". Side to Side and Forward and Back motions are controlled  by the "Cyclic". Lateral control (Also called directional control or  "Yaw") is achieved by using the "Foot Pedals".   
While you are looking at the picture of the controls (Left side of this paragraph), I will explain how to do a normal takeoff. First, you must make sure the throttle is all the way open (For a turbine powered helicopter, advanced properly for a reciprocating engine powered helicopter). Once you have established the proper operating RPM, then you can pull  up slowly on the collective. As you increase collective pitch, you need  to push the left pedal (In American helicopters...right pedal for  non-American models) to counteract the torque you generate by increasing  pitch. (In reciprocating engined models, you will advance the throttle  as you increase collective pitch). Keep pulling in pitch and depressing  the pedal until the aircraft gets light on the skids. You may sense a  turning motion to the left or right, if so, you may need more or less  pedal to maintain heading. The cyclic will become sensitive and  (depending on how the aircraft leaves the ground heels or toes of the  skids last) as you continue to pull in pitch and depress the pedal, you  will put in the appropriate cyclic input to level the aircraft as it  leaves the ground. As the aircraft eases into the air, forward cyclic  will be required to start the aircraft in a forward motion. As the  aircraft advances forward, it will gain speed until about 15 knots and  then the aircraft will shudder a little as you transition through ETL  (Effective Translational Lift...See the unique forces page for a more in  depth explanation of ETL). As you transition through ETL, the  collective will need to be reduced, the pedal will need less pressure,  and the cyclic will need to be forced forward to counteract the force  against the front of the rotor system. Failure to push forward will  result in an abrupt nose high attitude and a reduction in forward speed.  After the shudder of ELT is experienced, you will see a marked gain in  forward airspeed, a reduced need for pedal input and a reduced need for  collective pitch as the rotor system becomes more efficient. The  airspeed indicator will most likely jump from zero to 40 knots indicated  airspeed and will smoothly advance as the aircraft goes faster. Now you  have taken off and with a little release of foward cyclic pressure, the  aircraft will establish a climb and continue to gain airspeed. At this  point, the pedals are only used to trim the aircraft, and most maneuvers  are accomplished by using a combination of the cyclic and collective  controls. (That wasn't so hard...was it?)
  Once you have established the proper operating RPM, then you can pull  up slowly on the collective. As you increase collective pitch, you need  to push the left pedal (In American helicopters...right pedal for  non-American models) to counteract the torque you generate by increasing  pitch. (In reciprocating engined models, you will advance the throttle  as you increase collective pitch). Keep pulling in pitch and depressing  the pedal until the aircraft gets light on the skids. You may sense a  turning motion to the left or right, if so, you may need more or less  pedal to maintain heading. The cyclic will become sensitive and  (depending on how the aircraft leaves the ground heels or toes of the  skids last) as you continue to pull in pitch and depress the pedal, you  will put in the appropriate cyclic input to level the aircraft as it  leaves the ground. As the aircraft eases into the air, forward cyclic  will be required to start the aircraft in a forward motion. As the  aircraft advances forward, it will gain speed until about 15 knots and  then the aircraft will shudder a little as you transition through ETL  (Effective Translational Lift...See the unique forces page for a more in  depth explanation of ETL). As you transition through ETL, the  collective will need to be reduced, the pedal will need less pressure,  and the cyclic will need to be forced forward to counteract the force  against the front of the rotor system. Failure to push forward will  result in an abrupt nose high attitude and a reduction in forward speed.  After the shudder of ELT is experienced, you will see a marked gain in  forward airspeed, a reduced need for pedal input and a reduced need for  collective pitch as the rotor system becomes more efficient. The  airspeed indicator will most likely jump from zero to 40 knots indicated  airspeed and will smoothly advance as the aircraft goes faster. Now you  have taken off and with a little release of foward cyclic pressure, the  aircraft will establish a climb and continue to gain airspeed. At this  point, the pedals are only used to trim the aircraft, and most maneuvers  are accomplished by using a combination of the cyclic and collective  controls. (That wasn't so hard...was it?)  
 
   
 
 
The helicopter is an interesting object in our culture. Originally, it was thought that the helicopter would one day replace the car. However, prices never came down, leaving the helicopter as an icon of wealth or authority. Since the Vietnam War, helicopters have become more associated with conflict than commuting.
To dream of a helicopter probably means that you envision yourself in a situation of potential hazard or needing to be `whisked away' from your present circumstances. The former would be expressed in a helicopter as a means of escape. The latter equates images of romance and wealth.
Rotary Wing Terminology
Lets talk a moment about terminology. There are many terms associated with rotary wing flight. One must become familiar with the terminology of rotorcraft before they can expect to understand the mechanics of rotary wing flight. Let's look at a few definitions.- Root: The inner end of the blade where the rotors connect to the blade grips.
- Blade Grips: Large attaching points where the rotor blade connects to the hub.
- Hub: Sits atop the mast, and connects the rotor blades to the control tubes.
- Mast: Rotating shaft from the transmission, which connects the rotor blades to the helicopter.
- Control Tubes: Push \ Pull tubes that change the pitch of the rotor blades.
- Pitch Change Horn: The armature that converts control tube movement to blade pitch.
- Pitch: Increased or decreased angle of the rotor blades to raise, lower, or change the direction of the rotors thrust force.
- Jesus Nut: Is the singular nut that holds the hub onto the mast. (If it fails, the next person you see will be Jesus).
Main Rotor System
- Leading Edge: The forward facing edge of the rotor blade.
- Trailing Edge: The back facing edge of the rotor blade.
- Chord: The distance from the Leading Edge to the Trailing Edge of the rotor blade.
Main Rotor Blade
- Swash Plate: Turns non-rotating control movements into rotating control movements.
- Collective: The up and down control. It puts a collective control input into the rotor system, meaning that it puts either "all up", or "all down" control inputs in at one time through the swash plate. It is operated by the stick on the left side of the seat, called the collective pitch control. It is operated by the pilots left hand.
- Cyclic: The left and right, forward and aft control. It puts in one control input into the rotor system at a time through the swash plate. It is also known as the "Stick". It comes out of the center of the floor of the cockpit, and sits between the pilots legs. It is operated by the pilots right hand.
- Pedals: These are not rudder pedals, although they are in the same place as rudder pedals on an airplane. A single rotor helicopter has no real rudder. It has instead, an anti-torque rotor (Also known as a tail rotor), which is responsible for directional control at a hover, and aircraft trim in forward flight. The pedals are operated by the pilots feet, just like airplane rudder pedals are. Tandem rotor helicopters also have these pedals, but they operate both main rotor systems for directional control at a hover.
Controls
Here are some of the component parts that make up a helicopter. While this is an example of one specific helicopter (UH-1C), not all helicopters will have all of the parts listed here. Some of this may be a bit more of the same old stuff we have just discussed, but it will show everything as it relates to everything else on the aircraft and the location of each component.
- Rotor Blade: The rotary wing that provides lift for the helicopter.
- Stabilizer Bar: Dampens control inputs to make smoother changes to the rotor system.
- Swashplate: Transfers non-moving control inputs into the spinning rotor system.
- Cowling: The aerodynamic covering for the engine.
- Mast: Connects the transmission to the rotor system.
- Engine: Provides power to the rotor systems.
- Transmission: Takes power from the engine and drives both rotor systems.
- Greenhouse Window: A tinted window above each of the pilot seats.
- Fuselage: The body of the helicopter.
- Cabin Door: Allows access to the cabin and cockpit.
- Skids: Landing gear that usually have no wheels or brakes.
- Crosstube: The mounting tubes and connection for the skids.
- Motor Mount: A flexible way to attach the engine to the fuselage.
- Tailboom: Also known as an "empenage" is the tail of the helicopter.
- Synchronized Elevator: A movable wing that helps stabilize the helicopter in flight.
- Tailrotor: Provides anti-torque and in-flight trim for the helicopter.
- Tail Rotor Driveshaft: Provides power to the tailrotor from the transmission.
- 45 Degree Gearbox: Transfers power up the vertical fin to the 90 degree gearbox.
- 90 Degree Gearbox: Transfers power from the 45 degree gearbox to the tailrotor.
- Vertical Fin: Holds the tailrotor and provides lateral stabilization.
- Tail Skid: Protects the tailboom when landing.
Anatomy of a Helicopter
- Swash Plate: Turns non-rotating control movements into rotating control movements.
- Collective: The up and down control. It puts a collective control input into the rotor system, meaning that it puts either "all up", or "all down" control inputs in at one time through the swash plate. It is operated by the stick on the left side of the seat, called the collective pitch control. It is operated by the pilots left hand.
- Cyclic: The left and right, forward and aft control. It puts in one control input into the rotor system at a time through the swash plate. It is also known as the "Stick". It comes out of the center of the floor of the cockpit, and sits between the pilots legs. It is operated by the pilots right hand.
- Pedals: These are not rudder pedals, although they are in the same place as rudder pedals on an airplane. A single rotor helicopter has no real rudder. It has instead, an anti-torque rotor (Also known as a tail rotor), which is responsible for directional control at a hover, and aircraft trim in forward flight. The pedals are operated by the pilots feet, just like airplane rudder pedals are. Tandem rotor helicopters also have these pedals, but they operate both main rotor systems for directional control at a hover.
Controls
- Rotor Blade: The rotary wing that provides lift for the helicopter.
- Stabilizer Bar: Dampens control inputs to make smoother changes to the rotor system.
- Swashplate: Transfers non-moving control inputs into the spinning rotor system.
- Cowling: The aerodynamic covering for the engine.
- Mast: Connects the transmission to the rotor system.
- Engine: Provides power to the rotor systems.
- Transmission: Takes power from the engine and drives both rotor systems.
- Greenhouse Window: A tinted window above each of the pilot seats.
- Fuselage: The body of the helicopter.
- Cabin Door: Allows access to the cabin and cockpit.
- Skids: Landing gear that usually have no wheels or brakes.
- Crosstube: The mounting tubes and connection for the skids.
- Motor Mount: A flexible way to attach the engine to the fuselage.
- Tailboom: Also known as an "empenage" is the tail of the helicopter.
- Synchronized Elevator: A movable wing that helps stabilize the helicopter in flight.
- Tailrotor: Provides anti-torque and in-flight trim for the helicopter.
- Tail Rotor Driveshaft: Provides power to the tailrotor from the transmission.
- 45 Degree Gearbox: Transfers power up the vertical fin to the 90 degree gearbox.
- 90 Degree Gearbox: Transfers power from the 45 degree gearbox to the tailrotor.
- Vertical Fin: Holds the tailrotor and provides lateral stabilization.
- Tail Skid: Protects the tailboom when landing.
Anatomy of a Helicopter
While you are looking at the picture of the controls (Left side of this paragraph), I will explain how to do a normal takeoff. First, you must make sure the throttle is all the way open (For a turbine powered helicopter, advanced properly for a reciprocating engine powered helicopter).
We don't need no stinking runways!
Subscribe to:
Comments (Atom)