Ultimate Beginner’s Guide to Computer Hacking in 2016
Chapter 1: All about Hacking
Hacking is a term that is mostly associated with malicious and illegal activities. You might have heard a lot of about a social media account getting hacked or someone gaining access to someone’s emails. All of this is entirely possible and in a world where everyone uses the Internet, no information is private.
Hacking in and of itself is not illegal. If someone hacks into Facebook to point out the security flaws then that isn’t hacking. If it is done with good intentions, for instance to check the security of a system or network in order to help a company, then hacking is not illegal. Intentions matter a lot and so does the actual act. If you do not cause harm to anyone or anyone’s property then hacking is not illegal. A person who hacks with evil intentions and causes grievous harms is known as a cracker and not a hacker. Hence, hacking and cracking are extremely different.
Simply speaking, if someone hacks into a network just to point out the flaws in the system then it’s called hacking. Even if the person broke into the system without permission, it’s still not illegal. The main aim behind hacking is to point out the security flaws so that they can be patched.
A cracker is someone who gets into a system to steal or cause harm. It’s done with evil intentions and in most cases crackers leave malware behind to cause problems to the system and to steal information.
Hacking and its Types
Hacking isn’t just limited to a computer. Hacking can be done in various ways and can be done to all sorts of electronic devices. It’s even possible to hack into a refrigerator with the right amount of knowledge and skills. It’s important to look at hacking in a multi- dimensional way, especially because we live in 2016.
1. Network Hacking- Hacking into a network is mainly done to get information. There are various tools that can be used to hack into a network. Hacking into a network also gives control of the whole network to the hacker.
2. Website Hacking- Hacking into a website helps you to take over that website. This way you can post whatever you want on the website. It’s like changing the ownership of the website for your own benefit.
3. Ethical Hacking- Many companies hire hackers so that they can try to hack into their system. This is done to find out the security flaws that exist in the network. It’s completely legal and is done with the consent of the employer.
4. Email Hacking- When the hacker gains control of the email account of a person and is able to get all the information he wants from those emails.
5. Password Hacking- Password cracking is all about trying to figure out the password of a person on the basis of transmitted data and other tools.
6. Computer Hacking- Computer hacking involves taking over a person’s computer so that you have complete access over the person’s files and data. You can also make changes and download information depending on what you want.
Types of Hackers
Hackers are not of a single type. A lot of people hack and all of them do it for different reasons. This is why it is almost impossible to classify hackers. Every hacker is not the same; most of them do hacking in a legal way and actually earn money through it while others use it illegally for their own monetary benefits.
White Hat Hackers
These are hackers who conduct their work in a legal manner. They are official hackers and offer their services to companies. They tend to work on checking the security of the networks of the company and also work on patching the security issues that come up in the applications of the company.
White hackers are ethical hackers and all of they have to do is find the flaw in the system, notify their employer that the flaw exists and are also required to erase any data and information that they may have about the project. Sometimes they are also entrusted with coming up with solutions to patch the problems. They do this under the complete authority of their employer and hence, do nothing illegal.
Black Hat Hackers
Black Hat hackers are the exact opposite of what you just read. The work that they do is completely illegal and they tend to attack the systems through various malware in order to gain information. They usually do it for their own monetary benefit and have no code of conduct. They leave no trace of what they have done and cause a lot of problems.
It’s also common for black hat hackers to get into hacking and blame others. It’s really easy for them to leave footprints that can be traced back to a certain person. They tend to do this to draw suspicion off of themselves.
They are the best in the hacking community. They usually have a ton of information; codes and software that they can use t0 hack into anything. It’s nearly impossible to stop a hacker if they have the correct tools and knowledge. This is why Elite hackers are a forced
to be reckoned with.
They are the ones who are sponsored by the government itself to hack in a legal way. They are required to keep tabs on all kinds of hacking activities and they even monitor the activities of other people. They are mostly elite hackers and whatever they do is completely legal since they are sanctioned by the government.
They don’t use what they find for any personal benefit and tend to simply forward the data and analysis to the requisite authorities. Most government organizations have a large number of hackers on staff in order to keep their systems secure and to attack others if needed.
They are the ones who tend to protect the citizens from hacking and from government surveillance. They also try to promote the rights of people. They believe that information is for everyone and try to uncover government secrets and projects. What they do is technically for a good cause but it is still illegal. They are very popular among the masses and sometimes they even form groups for social welfare.
There are various tools that have been developed by other hackers that are available on the Internet. You can use these tools to hack into any network that you want. They’re especially suitable if you want to crack a password. If you’re just starting with hacking then these tools are a must.
Vulnerability in a network can be used by any hacker to hack into a system. If there is some vulnerability, you can send malicious files to hack into the network or device.
Vulnerability Scanner is a program that scans a network for any openings to gain access. Both hackers and crackers can use it. It’s also an efficient way of finding out if there is something wrong with your network. If a hacker can find vulnerabilities then it can be used to gain access into the network. It can also be used to patch vulnerabilities.
The data in a network is transported through ports. Vulnerability Scanners go through those ports in order to find an opening that can be exploited. It’s still not necessary that finding a port will give you access because firewalls are another hurdle but Vulnerability Scanners act as a good starting point.
There are two types of Vulnerability Scanners-
1. Port Scanners- The main aim of this scanner is to find any open ports in a network or server. If you want to use this scanner then you need some basic knowledge about TCP/IP. The scanner tells you the services that are being used by the host and you can figure out a way to exploit them in order to gain access. You can also use it to probe your network. You can find any open ports and check if someone can gain access to them. It helps in patching the network and creating better firewalls.
2. Network vulnerability scanner- The main aim of this scanner is to find weaknesses that can be exploited in the network. The systems that are connected through the network act as places through which you can gain access to the network. Hence, the hacker can break into the network. The main purpose is to aim your attack at just one system. You can find if you gain access to the whole network through just one
Password cracking can be used to get the password of a computer or an account through the information that is stored and transmitted in the computer. It can be really time consuming if someone has an extremely strong password although chances of that are unlikely. Most people tend to keep passwords that are easily crack-able. Each and every password that is generated by the computer is checked separately.
There are a number of methods that are available to crack a password. One such method is the brute force method where you try all the combinations of the password and try to get the right one. To reduce the number of attempts there are tools available such as word list substitution, dictionary attacks, etc.
Packet sniffers are software or hardware that can be used to analyze a network. They are used to get into a network and analyze the traffic. They are also used to get into a packet and then decode it in order to gain information. They can be further used to crack passwords, as the raw information constitutes passwords as well.
Password Cracking Tools
There are some well-known password hacking tools that can be a great source to get anyone’s password. They save a lot of time for you and you don’t have to work too hard in order to get a simple password.
Cain and Abel
This is a popular way of getting passwords from those networks that run Windows OS. It tries to use cryptography and sniffing to get into the network and gain access to the passwords. This tool also uses the brute force method. It tries to use all the possible combinations in order to gain access. This tool is really helpful if the password that you’re trying to crack is in scrambled form.
John the Ripper
This is a great software for cracking passwords that are encrypted in the database. It uses a string to match with system passwords in order to crack the password. All the passwords are saved in an encrypted form in the database. This is because it’s really difficult to crack passwords that go through encryption and is then saved. John the Ripper helps you to crack these passwords easily.
An encryption is simply saving the password in a coded form that is different from the original form. Encryptions are created by cryptographers and are in the form of mathematical equations. The hacker has to simply provide the string, which may or may not be the password and this tool will run the string through its system. It will then use the same encryption algorithm that has been used in the actual database. Hence, it basically replicates the original encryption in order to get the password.
This tool is helpful to capture data packets so that they can be further analyzed in order to gain information. This tool is able to capture the data packets by sniffing around the network. If it gains access then it decodes the data packet in order to get raw information. This is then transmitted to the hacker who sanctioned the tool to attack in the first place. It’s also a great tool to find any weaknesses in the network. It helps to see which ports can
be used to gain access to data packets.
This tool can be used to find the vulnerabilities in a network. All you have to do is provide the tool with the IP address of the network that you want to hack into, and then you can leave it all on this tool. Nessus will then scan the whole network in order to find vulnerabilities. If it does find one, it will communicate it to you. The best part about Nessus is that it can be used on any OS. Windows and Linux are the most common operating systems to use Nessus on.
Chapter 2: Penetration Testing
No network in the world is perfect. All networks in the world have some security flaw that can be exploited by a cracker in order to gain access to a network. The reasons for these flaws are related to configurations. All software has some security configurations that are not airtight. Hence, these can be used to exploit the network and gain access. The data that the hackers get by exploiting such vulnerabilities can cause you a lot of harm. They can delete or alter the data and you wouldn’t even know till it’s too late.
Almost all companies regularly check their networks to find vulnerabilities. If they can find one then they issue a software patch to ensure that the vulnerability is patched. The main aim of Penetration Testing is to reduce the number of vulnerabilities that a hacker can exploit.
Basics of Penetration Testing
The basics behind Penetration Testing or Pen Testing is to find any security flaws that can be compromised by a hacker. It’s done in a controlled environment to ensure that the information uncovered cannot go into the wrong hands. A cyber security team will try to test the security of the system by constantly attacking the network to find an opening. It’s completely legal since it is done with permission and is used to further strengthen the network.
It will also help to curb the weak points of the network that can be used to gain access. This includes applications that are downloaded, devices and services, wireless networks, etc.
Pen Testing is done on software before it is released into the market. Ethical hackers try to find any security flaws and also suggest to the company how they can patch their security issues. Patching can be done by adding and strengthening firewalls and adding more encryptions.
The job isn’t over here. Even after the product has been launched, ethical hackers continue to test the software to find any vulnerability. Software patches are released if something like this is found.
Pen Testing can be performed on all types of devices and networks. This includes wireless networks and wired networks. Even mobile applications are pen tested because due to the advanced technology that we possess now, it’s simple to even hack mobile apps.
Pen Testing can be done through a variety of methods. There are numerous software programs available and you can use any of them depending on your needs.
Frequency of Tests
You should consider doing Pen tests whenever you feel like there is a security risk. The main reason behind frequency of tests is the security associated with the product that you are launching or have already launched. Whenever you undertake any major decision, it’s important to conduct a Pen Test. If you even consider adding a new system, a Pen Test should be conducted to ensure proper security. It’s especially important to conduct one when you’re switching the place of business, changing the network or launching a new product.
Using the Pen Test Tools
You have to consider what kind of OS you are using. Most of the pen test tools won’t work on your Windows or Macintosh laptops. Almost all pen test tools are compatible with Linux. Linux is the best software for Pen Testing because it is easy to learn and also offers added security that you wouldn’t find in your regular laptops.
Linux is also absolutely free and can be downloaded from the Internet. The only downside is that it takes a lot of time to understand and start using Linux, especially if you have been using Windows your whole life.
It’s only recently that some standards for Pen Testing having been built. The best software that you will find on the Internet will comply with these regulations and hence are completely suitable for any use.
Chapter 3: Security
Learning basic security is really important. If you want to go out there and hack others then you have to be very careful. A hacker is as good as his ability to leave no trace. If you cannot keep yourself secure then you can’t expect any company to hire you for securing their servers.
If you want to be a good hacker then you have to cover your tracks. You cannot leave any evidence behind when you get into a network. If you enter a network, a server or a computer you have to be careful to not leave any footprints behind that can be used to find who you are. Even if you enter a network for ethical reasons you still have to make sure that you leave no tracks. For an ethical hacker it’s essential to enter into a network and leave without anybody knowing about it. You cannot leave any trace behind that will alert people about any possible intrusion into their network.
You can cover your tracks by using certain malware that are available on the Internet. These malware help you to clear out any entry logs that the server maintains. They also ensure that you do not leave any footprints by mistake. They wipe all the data that’s related to your intrusion so that nobody is aware of the hacking.
If you want to get through a network to gain information that is classified and heavily protected then you have to use a proxy server. Proxy servers are networks that you use to hide your IP address. They help you cover your tracks so that detection software is not able to find you. That’s the main advantage of using proxy servers, they ensure that you are able to get into a network without being detected and also protect your identity from anyone who does find you.
If you want to ensure that you are secure on the Internet and that nobody can hack and get into your information, there are certain things that you have to follow. First of all, you have to make sure that you know what you are doing. If you go into hack someone, remember that there are repercussions. You have to be very careful and also have to think about the legal issues.
If you want to protect yourself from hackers then never use the same password for multiple accounts. You have to use passwords that are really strong and are unrelated to each other. This way if someone hacks into even one account, your other accounts will be safe. Some people tend to record their passwords in a document on their phone or laptop. Do not do that. If you have trouble remembering passwords then write them on a piece of sheet and keep it somewhere safe.
It’s also recommended to have passwords that cannot be found in the dictionary. If your password is extremely simple and has no numbers then anybody can hack you. It might seem like a lot of work but you might have been hacked and you wouldn’t even know. To ensure your safety and the safety of the information you have, make sure you have a good password.
Password manager is a great software that can help you out if you cannot remember your passwords. The important point is to have a tough password for the password manager. It helps you to store all of your passwords and it even helps to organize them on the basis of importance. Password Mangers are really safe because almost all of them are not connected to the Internet. This way there are no external applications that a hacker can use to gain access to the password manager. There are also some password managers that store your information on the cloud and they are only safe to a certain extent. The ones that store your information on your system are the ones that you can put your trust in.
Password Managers also help you to create good passwords. Whenever you visit a site and are going to enter your password, the password manager will create an alphanumeric password that is absolutely random to ensure that nobody is able to crack into your account.
They also help you to stay safe from phishing sites. These are sites that act as duplicates of the original site and if you enter your password here, the hacker can easily gain access to your original account. Whenever you encounter a phishing site the password manager will warn you and you’ll be able to protect yourself from the site.
You have to be careful of people on social media. If you see a friend request by someone you don’t know then it’s better to stay away from that person. People who are in your friend list can gain a lot of access to your profile. There are many software programs that can generate your password on the basis of your online profile.
Protecting your data is really important. Download ‘Find my iPhone’ or similar apps to ensure that you can remotely delete all the data in your phone if your phone gets stolen. Also, make sure that your phone has a security code. It may seem tiresome but it’s really important. Again, try to have a password that’s not easily crack-able.
If you are making an online transaction, then look for an icon before the URL. This icon will either be a key or a lock. If you do not see this icon while making a transaction then close your browser immediately. If you see a lock icon that’s open then it means that the server is not secure and you should not make the transaction.
Be careful of pop-ups. You can use an extension that is available in chrome called ad blocker to block all pop-ups. Many hackers use pop-ups to get you to visit a website that might have a malicious virus. Such viruses attack your computer as soon as you visit the website. Similarly, do not open any email that you receive that seems shady. Delete it immediately if it seems like a potential virus.
Chapter 4: Hacking Attacks
There are certain times when you might have to attack a system in order to gain entry. Sometimes sniffing the network is not enough and you have to try to gain entry by force. There are certain attacks that hackers tend to use the most and these are attacks that you should familiarize yourself with if you want to become a white hat hacker. If you understand these attacks then you can use them during Pen Tests to find flaws and patch them.
If you are someone who can provide security attack against simple attacks then you will always be in demand. The main aim of attacking your own system is to find out if the system is airtight and if the antivirus system is working perfectly.
Phishing is when a hacker tries to get the personal data of a person by getting into their actual accounts. It’s mostly done with the aim of getting the bank details of a person and if a hacker is actually able to do it, there are devastating consequences for the person who was hacked. The main way to conduct Phishing is to replicate the actual website so that the person uses a fake website where they enter all of their information which goes straight to the hacker.
Phishing can be done through various mediums. It can be done through emails, where you will be required to provide your details in order to win a prize and if you do fall for this then the transaction would never actually go through and you would have just given all of your information to the hacker.
Other ways include monitoring keystrokes. If you open a website and start typing out your details then a key logger malware would record everything you are writing in a separate database that you wouldn’t even know about it. This data would then be transferred to the hacker without your knowledge.
A virus is basically a malware that harms your computer. If it somehow ends up in your computer then it replicates itself in order to spread throughout your system. The virus remains safely hidden it its folder of origin. Viruses can be really harmful and can steal all your data or they can simply act as an annoyance. They take up unnecessary space, slow down your processor and cause other similar problems.
There are viruses that can be used to steal data from your computer. These viruses spread themselves and take over all the applications. If you do anything then this virus will record and store your data, which is then transmitted to the hacker.
Viruses are specifically coded by hackers to gain entry into a system and transmit privileged information back to the hacker. They are made mostly for Windows users since it is the most popular OS. Macintosh and Linux users are relatively safe because there are fewer viruses that target such OS. A good antivirus can generally work wonders against a stream of viruses but even they are not a full proof solution.
A distribution denial of service attack is one in which the hacker uses a network of zombie computers to send requests packets to a particular website through thousands of computers that are not even aware that they are being used in a DDoS attack. The main aim behind such an attack is to overload the server of a website or a company so that it gets shut down. The amount of packets that are sent ranges in thousands and it gets difficult for any server to handle such a load.
In this attack the hacker uses computers of people who have been affected by a malware. Together this network is known as a botnet. So, a hacker uses a malware to control the computers of thousands of people in order to send requests to one particular website. Botnets are available for purchase online and most of them have thousands of computers that constitute them.
It’s almost impossible to track a hacker during such an attack because thousands of computers are simultaneously sending out requests to the website. This includes the computer of the hacker itself. Hence, the hacker is able to hide in the crowd. DDoS attacks can be really annoying and can disrupt service for hours.