Hacking is an interesting field but it is not easy. To become a hacker one has to have an attitude and curiosity of learning and adapting new skills. You must have a deep knowledge of computer systems, programming languages and operating systems. In this article you will learning how to hack; the basics, advanced hacking and preparations before you hack.
Some people think that a hacking is always a unethical activity but they are wrong. Actually many big companies hire hackers to protect their systems and information and are highly paid.
Firstly you should know who a hacker actually is and what he does. You would have seen in movies some hackers with black terminals just enter few keywords and green fonts going up. Trust me most of the hacking scenes in movies are opposite of what actually hacking looks like. It requires a lot of dedication hours of code and research to hack.
What does Hacking mean?
There are many definitions of hacking. In this article, we will define hacking as identifying weakness in computer systems and/or networks and exploiting the weaknesses to gain access. An example of hacking is using by passing the login algorithm to gain access to a system. A hacker is a person who finds and exploits weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.
And according to Google..
Just like there are good and bad guys in the real world with different shades of their personality, the types of hackers vary by their agenda, methodologies and skill practice.
If you wish to learn about the various types of hackers in the online world and burst the Hollywood image of a hacker in your mind, keep reading on…
Types of Hackers
A 15-year-old boy sits behind a glowing black monitor, typing furiously. The green text streams across his screen like a waterfall. His nervousness escalates dramatically as he sends rapid-fire commands to the strained computer. Suddenly, he lets out a triumphant laugh and proceeds to steal money.
Such is the stereotypical view of a hacker. Yet, there’s so much more to this fine art than Hollywood or the media describes. Hackers are varied creatures and include these types:
- Script Kiddie – Script Kiddies normally don’t care about hacking (if they did, they’d be Green Hats.). They copy code and use it for SQLi or something else. Script Kiddies will never hack for themselves; they’ll just download overused software and watch a YouTube video on how to use it.
- White Hat – Also known as ethical hackers, this type of hackers are considered the good guys of the hacker world. Most White Hat hackers hold a college degree in IT security or computer science and must be certified to pursue a career in hacking.
- Black Hat – These are the men and women you hear about in the news. They find banks or other companies with weak security and steal money or credit card information.
- Gray Hat – Gray Hat hackers don’t steal money or information (although, sometimes they deface a website or two), yet they don’t help people for good (but, they could if they wanted to).
- Green Hat – Unlike Script Kiddies, they care about hacking and strive to become full-blown hackers. They’re often flamed by the hacker community for asking many basic questions. When their questions are answered, they’ll listen with the intent and curiosity of a child listening to family stories.
- Red Hat – They’re like White Hats in that they halt Black Hats, but these folks are downright SCARY to those who have ever tried so much as PenTest. Instead of reporting the malicious hacker, they shut him/her down by uploading viruses, DoSing and accessing his/her computer to destroy it from the inside out.
- Blue Hat – Blue Hat hackers will seek vengeance on those who’ve them angry. Most Blue Hats are “n00bz”, but like the Script Kiddies, they have no desire to learn.
Where to Begin?
If you wish to learn how to hack you have to run a UNIX-like OS, such as Linux. UNIX and UNIX-like operating systems are the operating systems of the Internet. While you can learn to use the Internet without knowing UNIX, you can’t be an Internet hacker without understanding UNIX. For this reason, the hacker culture today is pretty strongly UNIX-centered. There are many types of UNIX-like operating systems, the most popular being Linux.
There are other UNIX-like operating systems besides Linux, such as the *BSD systems. The most popular *BSD systems are FreeBSD, NetBSD, OpenBSD and DragonFly BSD. All are open source just like Linux. However, it’s important to remember that they are BSD and not Linux.
It is probably a good idea to use a good starting platform such as Backtrack 5 R3, Kali or Ubuntu 12.04LTS.
HTML and CSS are the most basic and primary languages you will see in every website… when you visit your favourite sites like Facebook, Twitter, Instagram, etc.
You can write HTML in a basic word processing program like Notepad or Simple text and save your files as “yourCoolFileName.HTML” so you can upload them to a browser and see your work translated.
Before you start writing poems, you have to learn basic grammar. Before you break the rules, you have to learn the rules. If your goal is to become a hacker, you’re going to need more than basic English to write your masterpiece. Here is a list of some programming language you can start with:
- HTML5 (Somewhat Easy)
- CSS3 (Somewhat Easy)
- PHP (Somewhat Average – Hard)
- mySQL (Somewhat Average – Hard)
Hackers are like artists, philosophers, and engineers all rolled up into one. Creative brains are a valuable, limited resource. They shouldn’t be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.
To learn hacking, you have to believe that the thinking time of other hackers is precious — so much so that it’s almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.
You don’t have to believe that you’re obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It’s consistent with hacker values to sell enough of it to keep you in food and rent and computers.
Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.
You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you’ll learn enough to solve the next piece.
No problem should ever have to be solved twice. Think of it as a community in which the time of everyone is hackers is precious. Hackers believe sharing information is a moral responsibility. When you solve problems, make the information public to help everyone solve the same issue.
- Read older pieces, such as the “Jargon File” or “Hacker Manifesto” by The Mentor. They may be out of date regarding technical issues, but the attitude and spirit are just as timely.
Fight for Freedom
Anyone who can give you orders can stop you from solving whatever problem you’re being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.
The enemy of the hacker is boredom, drudgery, and authoritarian figures who use censorship and secrecy to strangle the freedom of information. Embracing hacking as a way of life is to reject so-called “normal” concepts of work and property, choosing instead to fight for equality and common knowledge.
If you think you are safe from government hacking, think again. The U.S. National Security Agency used a hack of Google’s data centers to spy on the Gmail messages of peaceful pro-democracy activists in New Zealand who were campaigning against the military regime of the island nation of Fiji.
You have to learn to distrust attitude and respect competence of every kind. Hackers won’t let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.
Anyone on Reddit can write up a ridiculous cyberpunk username and pose as a hacker. But the Internet is a great equaliser and values competence over ego and posture. Spend time working on your craft and not your image, and you’ll more quickly gain respect than modelling yourself on the superficial things we think of “hacking” in popular culture.
Advanced Hacking Fundamentals
Passwords and email accounts will not bring you any pleasure and you will try to go for bigger targets every time, only to end up in jail.
At the point I will assume you already know the basics but want to move to more “advanced” learning. Make sure that you have firm grip at basics because if not, you might face problems ahead.
Before you start I want you to familiarise yourself with the following terms used in the advance field of hacking:
- Worms, Malware, and Viruses
- Botnets, IRC Bots, and Zombies
- Cryptography, Encryption, and Decryption
- Pentesting and Forensics
- Decompiling, Reverse Engineering and Debugging
- Remote Administration Tool
Worms, Malware, and Viruses
Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It doesn’t harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in operating systems.
Examples of worm are:
Malware is short for malicious software and used as a single term to refer to virus, spyware, worm etc. Malware is designed to cause damage to a stand alone computer or a networked PC. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan. Example of malware are:
- Cryptolocker Ransomware
- Blackshades Backdoor RAT
Virus is a program written to enter to your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. A computer Virus is more dangerous than a computer worm as it makes changes or deletes your files while worms only replicates itself with out making changes to your files/data. Examples of virus are:
Botnets, IRC Bots, and Zombies
A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software.
An IRC bot is a set of scripts or an independent program that connects to Internet Relay Chat as a client, and so appears to other IRC users as another user. An IRC bot differs from a regular client in that instead of providing interactive access to IRC for a human user, it performs automated functions.
The term “Zombie” is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Most owners of “zombie” computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to fictional zombies.
Cryptography, Encryption, and Decryption
Cryptography involves creating written or generated codes that allow information to be kept secret. Cryptography converts data into a format that is unreadable for an unauthorized user.
Cryptography also allows senders and receivers to authenticate each other through the use of key pairs. There are various types of algorithms for encryption, some common algorithms include:
- Secret Key Cryptography (SKC): Here only one key is used for both encryption and decryption. This type of encryption is also referred to as symmetric encryption.
- Public Key Cryptography (PKC): Here two keys are used. This type of encryption is also called asymmetric encryption. One key is the public key that anyone can access. The other key is the private key, and only the owner can access it. The sender encrypts the information using the receiver’s public key. The receiver decrypts the message using his/her private key. For nonrepudiation, the sender encrypts plain text using a private key, while the receiver uses the sender’s public key to decrypt it. Thus, the receiver knows who sent it.
- Hash Functions: These are different from SKC and PKC. They use no key and are also called one-way encryption. Hash functions are mainly used to ensure that a file has remained unchanged.
Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
Encryption is widely used on the internet to protect user information being sent between a browser and a server, including passwords, payment information and other personal information that should be considered private. Types of Encryption are:
Decryption is generally the reverse process of encryption. It is the process of decoding the data which has been encrypted into a secret format. An authorized user can only decrypt data because decryption requires a secret key or password.
To make the data confidential, data(plain text) is encrypted using a particular algorithm and a secret key. After encryption process, plain text gets converted into cipher text. To decrypt the cipher text, similar algorithm is used and at the end the original data is obtained again.
Pentesting and Forensics
Penetration testing, more commonly called pentesting, is the practice of finding holes that could be exploited in an application, network or system with the goal of detecting security vulnerabilities that a hacker could use against it. Pentesting is used to detect three things: how the system reacts to an attack, which weak spots exist that could be breached, if any, and what data could be stolen from an active system.
Don’t confuse penetration testing with simply vulnerability scanning or security assessments – it’s those things plus more. Pentesting helps find some of the most complicated attack vectors across systems, finding vulnerabilities that tools and techniques used during development are unable to detect, as they are testing single systems, not yet embedded in the organization’s wider network. Pentesting is also often used after an intrusion to detect the vectors used by the attackers to recreate the attack and prevent it from happening again.
Decompiling, Reverse Engineering and Debugging
The term “Decompiling” means to convert executable (ready-to-run) program code into some form of higher-level programming language so that it can be read by a human.
Decompilation is not always successful for a number of reasons. It is not possible to decompile all programs, and data and code are difficult to separate, because both are represented similarly in most current computer systems.
Decompilation is sometimes used unethically, to reproduce source code for reuse or adaptation without permission of the copyright holder. Programs can be designed to be resistant to decompilation through protective means such as obfuscation.
Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. Software reverse engineering involves reversing a program’s machine code (the string of 0s and 1s that are sent to the logic processor) back into the source code that it was written in, using program language statements.
Debugging is the process of finding and resolving defects or problems within a computer program that prevent correct operation of computer software or a system.
Developing software programs undergo heavy testing, updating, troubleshooting and maintenance. Normally, software contains errors and bugs, which are routinely removed. In the debugging process, complete software programs are regularly compiled and executed to identify and rectify issues. Large software programs, which contain millions of source code lines, are divided into small components. For efficiency, each component is debugged separately at first, followed by the program as a whole.
A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard. Keylogger software is also available for use on smartphones, such as Apple’s iPhone and Android devices.
The main objective of keyloggers is to interfere in the chain of events that happen when a key is pressed and when the data is displayed on the monitor as a result of a keystroke. Here’s how keyloggers spread:
- Keyloggers can be installed when a user clicks on a link or opens an attachment/file from a phishing mail
- Keyloggers can be installed through webpage script. This is done by exploiting a vulnerable browser and the keylogger is launched when the user visits the malicious website.
- a keylogger can be installed when a user opens a file attached to an email
- a keylogger can be installed via a web page script which exploits a browser vulnerability. The program will automatically be launched when a user visits an infected site
- a keylogger can exploit an infected system and is sometimes capable to download and install other malware to the system.
Remote Administration Tool
A RAT or remote administration tool, is software that gives a person full control a tech device, remotely. The RAT gives the user access to your system, just as if they had physical access to your device. With this access, the person can access your files, use your camera, and even turn on/off your device.
Mostly the people who use RATs are skids trying to gain access to your information for malicious purposes. These type of RATs are also called remote access as they are often downloaded invisibly without your knowledge, with a legitimate program you requested—such as a game.
A well-designed RAT will allow the hacker the ability to do anything that they could do with physical access to the device. So remember, just like you don’t want your home infested by rats, you also don’t want a RAT on your device. Here are some tips on how you can avoid a RAT:
- Be careful what links you click and what you download. Often times RATs are installed unknowingly by you after you’ve opened an email attachment or visited an software in the background.
- Beware of P2P file-sharing. Not only is a lot the content in these files pirated, criminals love to sneak in a few malware surprises in there too.
- Use comprehensive security software on all your devices. Make sure you install a security software, which protects your data and identity on all your PCs, Macs, tablets and smartphones.
Early cyberattacks used proxies to hide the origin of their attacks. Many of these proxies were “slaved” machines controlled by trojan horse programs like Sub7.
90’s-era infosec research was rudimentary at best, and major cyberattacks (such as the early DoS attacks on e-commerce companies like eBay) relied on attackers forwarding attacks from their computers through proxies in western-unfriendly countries or “slaved” machines controlled by early RAT tools.
To stay private, hackers would complete their attacks then wipe their infected systems via basic attempts at self-destruction: deleting files then corrupting the Windows system flies, corrupting the master boot table on the hard drive that governs how a computer knows where an operating system is located, etc.
But as infosec research has matured, so too have attempts to obfuscate and anonymize attackers.
From a network perspective, most modern adversaries hide behind Tor, I2P, or a private cloud of onion-routed botnet systems (e.g.: Storm) that make it very difficult to establish the original point of origin. Rather than compromising a single proxy or 2-tier structure of proxies, this approach makes researchers have to sift through an impossibly dense set of servers forwarding traffic. If used properly, a system like Tor can almost completely anonymize a user.
As a result, researchers tend not to look for a point of origin and look instead at the structure of the attack’s C2 (Command and Control) infrastructure. Without using outside tools like financial analysis or HUMINT you may never be able to determine the original identity of an attacker. But you can determine that the same attacker launched the same set of attacks. This is why most APTs (Advanced Persistent Threats) are given names like “Fancy Bear” and “Energetic “Panda” – they’re code words for attacks launched by the same adversary without saying who specifically that adversary is.
Because of these mechanisms, it is increasingly important for infosec researchers to employ “dummy” systems like honey pots that expose themselves to attack and allow the research community to study the vagary of ways that a determined and anonymous adversary strikes a system.
Anonymity for the modern adversary is no longer wearing a ski mask when you knock over a convenience store. It’s using encryption and complex C2 infrastructures to be the digital equivalent of the Zodiac killer.
Preparing Before You Hack
Learn a programming language. You shouldn’t limit yourself to any particular language, but there are a few guidelines. Learning a programming language might take time, so you need to be patient.
- C and C++ are the languages that Linux and Windows were built with. It (along with assembly language) teaches something that’s very important in hacking: how memory works.
- Python or Ruby are high-level, powerful scripting languages that can be used to automate various tasks.
- Perl is a reasonable choice in this field as well, while PHP is worth learning because the majority of web applications use PHP.
- Bash scripting is a must. That is how to easily manipulate Unix/Linux systems—writing scripts, which will do most of the job for you.
- Assembly language is a must-know. It is the basic language that your processor understands, and there are multiple variations of it. You can’t truly exploit a program if you don’t know assembly.
Know your target. The process of gathering information about your target is known as enumeration. The more you know in advance, the fewer surprises you’ll have.
Use a *nix terminal for commands. Cygwin will help emulate a *nix for Windows users. Nmap in particular uses WinPCap to run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to a lack of raw sockets.
Secure your machine first. Make sure you’ve fully understood all common techniques to protect yourself. Start with the basics — but make sure you have authorization to attack your target: either attack your own network, ask for written permission, or set up your own laboratory with virtual machines. Attacking a system, no matter its content, is illegal and WILL get you in trouble.
Test the target. Can you reach the remote system? While you can use the ping utility (which is included in most operating systems) to see if the target is active, you can not always trust the results — it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators.
Determine the operating system (OS). Run a scan of the ports, and try pOf, or nmap to run a port scan. This will show you the ports that are open on the machine, the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action. You can activate OS detection in nmap by using the -O switch.
Find a path or open port in the system. Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered.
- Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming.
- An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be brute forced.
Crack the password or authentication process. There are several methods for cracking a password, including brute force. Using brute force on a password is an effort to try every possible password contained within a pre-defined dictionary of brute force software
- Users are often discouraged from using weak passwords, so brute force may take a lot of time. However, there have been major improvements in brute-force techniques.
- Most hashing algorithms are weak, and you can significantly improve the cracking speed by exploiting these weaknesses (like you can cut the MD5 algorithm in 1/4, which will give huge speed boost).
- Newer techniques use the graphics card as another processor — and it’s thousands of times faster.
- You may try using Rainbow Tables for the fastest password cracking. Notice that password cracking is a good technique only if you already have the hash of password.
- Trying every possible password while logging to remote machine is not a good idea, as it’s easily detected by intrusion detection systems, pollutes system logs, and may take years to complete.
- You can also get a rooted tablet, install a TCP scan, and get a signal to upload it to the secure site. Then the IP address will open causing the password to appear on your proxy.
Get super-user privileges. Try to get root privileges if targeting a *nix machine, or administrator privileges if taking on Windows systems.
- Most information that will be of vital interest is protected and you need a certain level of authentication to get it. To see all the files on a computer you need super-user privileges – a user account that is given the same privileges as the “root” user in Linux and BSD operating systems.
- For routers this is the “admin” account by default (unless it has been changed); for Windows, this is the Administrator account.
- Gaining access to a connection doesn’t mean you can access everything. Only a super-user, the administrator account, or the root account can do this.
Create a backdoor. Once you have gained full control over a machine, it’s a good idea to make sure you can come back again. This can be done by backdooring an important system service, such as the SSH server. However, your backdoor may be removed during the next system upgrade. A really experienced hacker would backdoor the compiler itself, so every compiled software would be a potential way to come back.
Cover your tracks. Don’t let the administrator know that the system is compromised. Don’t change the website (if any), and don’t create more files than you really need. Do not create any additional users. Act as quickly as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to login with this password, the server should let them in, but shouldn’t contain any crucial information.