What Is Hacking ?
The first and foremost question is what the hell is this ‘hacking’ thing ? So let me tell you, the word ‘hacking’ derived from ‘hack’ which was just the method of solving a problem during the 50’s and 60’s long before it was associated with the thriving computer programming scene.
In the modern world, the word hacking means the ‘art’ of gaining unauthorized access into computer systems for personal gain or just for the sake of amusement. A person who carries out this process is known as a hacker doing it for his personal reasons or for his employer.
If you want to know more about hackers like who are they ? why do they hack ? etc, then take a look at my previous post Hackers : Everything There Is To Know About or you could read these 7 Ebooks On Hacking.
The HisTory :-
People have been hacking much before the computers were even invented. In 1878 teenagers who were hired by The Bell Telephone Company as switchboard operators used to eavesdrop customers’ calls and intentionally misdirected calls, purely for amusement.
1932 – Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
1943 – French computer expert René Carmille, hacked the punched card used by the Nazis to locate Jews.
1965 – William D. Mathews from MIT found a vulnerability in a Multics CTSS running on an IBM 7094. The standard text editor on the system was designed to be used by one user at a time, working in one directory, and so created a temporary file with a constant name for all instantiations of the editor. The flaw was discovered when two system programmers were editing at the same time and the temporary files for the message-of-the day and the password file became swapped, causing the contents of the system CTSS password file to display to any user logging into the system.
1983 – The group KILOBAUD is formed in February, kicking off a series of other hacker groups which form soon after.
The movie WarGames introduces the wider public to the phenomenon of hacking and creates a degree of mass paranoia of hackers and their supposed abilities to bring the world to a screeching halt by launching nuclear ICBMs.
The U.S. House of Representatives begins hearings on computer security hacking. In his Turing Award lecture, Ken Thompson mentions “hacking” and describes a security exploit that he calls a “Trojan horse”.
1988 – The Morris Worm. Graduate student Robert T. Morris, Jr. of Cornell University launches a worm on the government’s ARPAnet (precursor to the Internet). The worm spreads to 6,000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three years probation, and fined $10,000.
1993 – The first DEF CON hacking conference takes place in Las Vegas. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering was so popular it became an annual event.
1996 – Hackers alter Web sites of the United States Department of Justice (August), the CIA (October), and the U.S. Air Force (December).
2003 – The hacker group Anonymous was formed.
2008 – Project Chanology; Anonymous attacks Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet.
2014 – The Bitcoin exchange Mt.Gox filed for bankruptcy after $460 million was apparently stolen by hackers due to “weaknesses in their system” and another $27.4 million went missing from its bank accounts.
The Home Of Hackers :-
The countries from where the better part of total percentage of hacking originates are :
- United States Of America : 20.3 %
- China : 9.1 %
- Italy : 6 %
- Taiwan : 6 %
- Brazil : 5.7 %
- Japan : 4.3 %
- Germany : 4.2 %
- Hungary : 4.2 %
- Spain : 3.9 %
- Canada : 3.5 %
Types Of Hack Attacks :-
There are many creative ways by which hackers could compromise the security of your computer system. Some of these attacks are categorized under 5 broad points below :
Denial Of Service : –
This type of attack causes your computer or network to crash or become so busy processing data that you are unable to use it. It is important to note that in addition to being the target of a DoS attack, it is possible for your computer to be used as a participant in a denial-of-service attack on another system. Preventing these types of attacks is next to impossible and we could only be prepared for it.
Social Engineering Attacks : –
Social engineering refers to the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.
Social Engineering is a broad topic containing many methods of hacking, some of which are :
- Phishing : Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business—a bank, or credit card company—requesting “verification” of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate—with company logos and content—and has a form requesting everything from a home address to an ATM card’s PIN.
- Shoulder Surfing : Shoulder surfing involves observing a person’s private information over their shoulder. This type of attack is common in public places such as airports, airplanes or coffee shops.
- Quid Pro Quo : Quid pro quo means something for something. In this an attacker calls random numbers at a company, claiming to be calling back from technical support. Eventually this person will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will “help” solve the problem and, in the process, have the user type commands that give the attacker access or launch malware.
Network Hacking : –
Network hacking includes hacking websites and other network resources. There are tons of ways to hack websites depending on the hosting server and technology used on the site (such as ASP.net, PHP, etc.).
- Cross-site Scripting (XSS) Attack refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.
- SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
- Man-In-The-Middle attack provides an attacker the ability to both monitor and alter or inject messages into a communication channel.
Password Attacks : –
As the name suggests these are the attacks which decrypts or guesses the passwords already stored on a server or a personal computer. A hacker could use different types of methods to crack a password like :
- Bruteforce Attack is a type of attack in which an automated application tries all the possible combination of certain words until the correct password is found.
- Dictionary Attack refers to the process of taking and checking a password one by one from a pre-combined source of possible passwords generally known as wordlist to find the password.
Let The Hacking Begin : –
Before you can start to hack, there are some prerequisites which you need to fulfill :
- Get Rid Of Windows and adopt any *nix operating system. Working on an *nix OS will get you acquainted with the command line interface which is very important, for someone who is learning this black art, to know. As you are a beginner i would suggest first get any basic Linux OS like UBUNTU then once you feel comfortable with the new environment you could proceed with installing, the operating system of hackers – KALI.
- Hacker Like Mentality, it doesn’t mean that you should behave like those nerdy guys with huge specs in Hollywood movies but you should always try to figure out how anything and everything works. Don’t show-off your skills unnecessarily, just be cool about it.
- Learn To Code, to become a successful hacker this one is the most important factor, without the knowledge of programming you won’t get very far. You could try starting with PYTHON (a very powerful and easy scripting language) and then get deep into learning C and C++.
- Get A Hold Of Networking Concepts. Knowing basic networking concepts will help and smooth-out your learning curve in this field immensely.
- Patience, hacking is not an skill that you could learn overnight. You will need to learn your whole life as this industry is very fast moving and you should patiently carve your way through.
As you now know what is required to begin your hacking career let me also tell you the consequences if you implement your newly acquired skills illegally.
- Don’t try to hack any corporate or popular network without proper permissions. If you found a way into the network don’t exploit it and report it to their technical department.
Note :- Sometimes big corporations and networks create a honeypot and intentionally open a way-in to monitor the intruder and they could catch you at any point of time.
- Never do anything just for fun. Remember it’s not a game to hack into a network, but a power to change the world. Don’t waste that on childish actions.
- Although you may have heard the opposite, don’t help anyone patch their programs or systems. This is considered extremely lame and leads to being banned from most hacking communities. And if you would release a private exploit someone found, this person may become your enemy — and this person is probably better than you are.
- Be careful what you hack. You never know if it has any thing to do with the government.
The Process : –
Assuming you are a novice into programming world you wouldn’t be creating your own exploits and tools to hack from the very start. Until you get proper hold of programming concepts and learn to create your own tools you could become a script kiddie and use the tools someone else created. You can use these 50 hacking tools to get a taste of how these things work.
- First step before you hack is Anonymity, i recommend using T.O.R. Network or V.P.N., you could also bounce over few proxies but using proxies doesn’t guarantee anonymity as their servers always keep record of I.P. addresses.
- Second is Know Your Target, do your homework and find out every little piece of information you can get about your target. This phase of information gathering is known as Enumeration.
- The next step is Testing The Target, using the ping utility to test if the target is active or not may not always be reliable as it relies on I.C.M.P. protocol which could be easily switched-off by network administrators.
- Now you should Identify The Operating System running on the target and also Find Open Ports, for this you could use a small but very powerful tool ‘nmap’. This tool could give information regarding OS, open and closed ports and even firewalls and routers on the network so you could plan your course of actions.
- Once you’ve found a open port or a way into the system next step is to Crack The Authentication (Password). You could try bruteforcing the password or you could simply guess the password if you know your target really well.
- Assuming you’ve made it in – your next step should be Privilege Escalation, if you are inside the system and don’t have administrative level privileges all your efforts become zero as the most vital information could only be accessed by only administrators. So the first step after breaking-in should be privilege escalation.
- After acquiring full access to the system what good it would be if you can’t access the same system afterwards easily, so you should create a Backdoor next which will ensure an easy entry next time. You could target backdoor-ing a system service such as SSH Server.
- Now what, you’ve completed your evil deed and done the work required but don’t exit the system just yet. Before leaving you should Cover Your Tracks so the administrators won’t know that the system is compromised. Delete any logs that could trace back to you and you would be a happy hacker.
Bonus Tips : –
- Never stop learning, if you stop you may forget things and you would have to play catch-up when you start learning again in this fast changing field.
- Learn every programming language atleast that much that you can read the program written in it. You don’t have to be expert in every other language.
- Join helpful communities, and make friends with people who know more than you! You can learn from them.
- Choose your favorite language and stick with it until you become a self-spoken expert in it.
- Always patch security holes in your system first before exploiting someone else as these get you traced or even hacked.
- The last one – don’t show off to the world that you have hacked something because some one might tell the authorities.
Always remember the last thing the hacking community needs is another wannabe cracker creating bad press for the legitimate hacking community and computer security experts everywhere.
The skills you will be learning and honing while hacking is very much in demand by large corporations and governments to secure their products and systems in every way possible. So don’t hear them who says that ‘it is waste of time’. These skills could land you a serious job.
And most importantly, enjoy the experience. Have fun learning and applying new techniques and you will find yourself among the hacking elite in no time.
In this post ‘The Unconventional Guide To Hacking’ did you find any point missing or felt some information is not accurate then please do let me know, You could also comment how you think this guide was. If you liked it enough show your appreciation by sharing it to your social networks. Ciao..