Tuesday, October 11, 2011
Sunday, September 25, 2011
How to Become a Hacker
How to Become a Hacker
Most of us are very curious to learn Hacking and want to become a Hacker, but don’t know where to start. If you are in a samilar situation, then this article will most likely guide you to reach your goal.
On a regular basis, I get a lot of emails where people ask me ”How to Become a Hacker”.In fact, this question is not an easy one to answer, since hacking is not an art that can be mastered overnight. It requires knowledge, skills, creativity, dedication and of course the TIME. Everyone can become a hacker provided they learn it from the basics. So, if you wanna become a hacker, then all you need is a good source of knowledge that will guide you through various concepts of hacking from the basics.
What Skills do I Need to Become a Hacker?
In simple words, there is no magic to become a Hacker. But like anything else that is worthwhile, it takes dedication and willingness to learn. It is most important to have a basic knowledge of topics such as operating system basics and it’s working, computer networks, computer security and of course programming. However, you need not be the expert in each or any of those topics mentioned. As you gain the basic knowledge of various branches of computer, you can choose any one as your favorite and advance in it.
What is the Best Way to Become a Hacker?
As said earlier, the best way to become a hacker is to start from the basics. You will have to master the basics to build a strong foundation. And once this is done, you’ll be in a position to explore new ideas and start thinking like a Hacker.
There exists tons of books on the market that will teach you hacking, but unfortunately, it requires a set of pre-established skills and knowledge to understand the concepts explained in the book. Also, most of them are not suitable for the beginners who doesn’t know anything about hacking.
Anyhow, I have found an excellent Book for the Beginners that will teach you hacking from the basics. This book is the first step to fulfil your dream of becoming a hacker. When I first read this book, I myself was surprised at how simple and easy it was laid out. I decided to introduce this book for all those enthusiasts as it can be the right source for the beginners who are interested to learn hacking from the basics. The good thing about this book is that, any one can understand the concepts presented here, without the need for any prior knowledge. This book is called
This book will take you from the core to the top. It will tell you how to hack in simple steps. Everything in this book is presented in a simple and effective manner. It is a great source for the beginner who would like to become a hacker. This will install a Hacker’s Mindseton you.
The following skills are uncovered in this book
1. You will learn all the hacker underground tricks and learn to apply them in real world situations.
2. You will be put into a hacker mindset so that you will learn to think like a Hacker.
3. By learning how a hacker thinks and acts, you will be able to protect yourself from future hack attacks.
4. You will acquire knowledge nonexistent to 99.9% of the people in the world!
5. This underground handbook may get you interested in pursuing a career as an Ethical Hacker.
This book is of great value for all those who have a dream to become a Hacker.
So what are you waiting for? Go grab your copy now from the following link
Saturday, September 24, 2011
Hacking
Hacking can be difficult and there are many different ways to hack and many different exploits to use. Hacking is neither defined nor limited by exploitation or exploration. Hacking into someone else's system may be illegal, so don't do it unless you are sure you have permission from the owner of the system you are trying to hack or you are sure it's worth it AND you won't get caught.
Hacking was primarily used for learning new things about systems and computing in general, 'in the good old days'. In recent years it has taken dark connotations and in general has been looked down upon. Likewise, many corporations now employ "hackers" to test the strengths and weaknesses of their own systems. These hackers know when to stop, and it is the positive trust they have built that earn them large salaries.
There is a major difference between a hacker and a cracker. A cracker is motivated by malicious (namely: money) reasons; a hacker is attempting to gain knowledge through exploration, at any cost and in any way - not always legal.
Hacking was primarily used for learning new things about systems and computing in general, 'in the good old days'. In recent years it has taken dark connotations and in general has been looked down upon. Likewise, many corporations now employ "hackers" to test the strengths and weaknesses of their own systems. These hackers know when to stop, and it is the positive trust they have built that earn them large salaries.
There is a major difference between a hacker and a cracker. A cracker is motivated by malicious (namely: money) reasons; a hacker is attempting to gain knowledge through exploration, at any cost and in any way - not always legal.
Hacking Tips and Tricks
Learn a programming language. You shouldn't limit yourself to any particular language. C is the language the systems are built in, it teaches you what's very important in hacking: how the memory really works. Python or Ruby are modern, powerful scripting languages, that can be used to automatize various tasks; Perl is a good choice in this field as well. PHP is worth learning only because it's what newbies use to "hack" poorly written web-applications (forums, blogs etc). Bash scripting is a must, that's how you can easily manipulate most servers - writing one-line scripts, which will do most of the job. Finally, you can't do much without knowledge of ASM - you *can't* exploit a program if you don't know that.
Use a *nix terminal for commands. Cygwin will help emulate this for Windows users. DOS is worthless in this area. The tools in this article can be found for Windows based machines. Nmap particularly, uses WinPCap to run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to the lack of raw sockets. You should also consider using Linux or BSD, which are both more flexible, more reliable, and more secure. Most Linux distributions come with many useful tools pre-installed.
Try securing your machine first. Make sure you fully understood all common techniques, including the way to protect yourself. Start with basics - found a server which has site about racism, homophobia or other bad activities? Try to hack it, any way you can. Yet again, don't change the site, just make it yours.
Know your target. The process of gathering information about your target is known as 'enumeration'. Can you reach the remote system? You can use the ping utility (which is included in most operating systems) to see if the target is 'alive', however, you can not always trust the results of the ping utility, as it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators
Know your target. The process of gathering information about your target is known as 'enumeration'. Can you reach the remote system? You can use the ping utility (which is included in most operating systems) to see if the target is 'alive', however, you can not always trust the results of the ping utility, as it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators
Create a backdoor. Once you have gained full control over a machine, it's best to make sure you can come back again. This can be done by 'backdooring' an important system service, such as the SSH server. However your backdoor may be removed upon the next system upgrade - really experienced hackers would backdoor the compiler itself, so every compiled software would be a potential way to come back.
Cover your tracks.This is the most important part of hacking. Never ever let the administrator know that the system is compromised. Do not change the website (if any), do not create more files than you really need. Do not create any additional users. Act as fast as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to login with this password, the server should let them in, but shouldn't contain any crucial information.
Use a *nix terminal for commands. Cygwin will help emulate this for Windows users. DOS is worthless in this area. The tools in this article can be found for Windows based machines. Nmap particularly, uses WinPCap to run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to the lack of raw sockets. You should also consider using Linux or BSD, which are both more flexible, more reliable, and more secure. Most Linux distributions come with many useful tools pre-installed.
Try securing your machine first. Make sure you fully understood all common techniques, including the way to protect yourself. Start with basics - found a server which has site about racism, homophobia or other bad activities? Try to hack it, any way you can. Yet again, don't change the site, just make it yours.
Know your target. The process of gathering information about your target is known as 'enumeration'. Can you reach the remote system? You can use the ping utility (which is included in most operating systems) to see if the target is 'alive', however, you can not always trust the results of the ping utility, as it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators
Know your target. The process of gathering information about your target is known as 'enumeration'. Can you reach the remote system? You can use the ping utility (which is included in most operating systems) to see if the target is 'alive', however, you can not always trust the results of the ping utility, as it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators
Determine the operating system (OS). This is important because how can you gain access to a system if you don't know what the system is? This step involves running a scan of the ports. Try pOf, or nmap to run a port scan. This will show you the ports that are open on the machine, the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action. You can activate OS detection in nmap by using the -O switch.
Find some path or open port in the system. Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered. Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming. An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be bruteforced.
Crack the password or authentication process. There are several methods for cracking a password, including brute force. Using brute force on a password is an effort to try every possible password contained within a pre-defined dictionary of brute force software. Users are often discouraged from using weak passwords, so brute force may take a lot of time. These days there are major improvenments in brute-force techniques. Most hashing algorithms are found weak, and you can significally improve the cracking speed by exploiting these weaknesses (like you can cut the MD5 algorithm in 1/4, which will give huge speed boost). Also new techniques use graphic card like the processor - and it's thousands times faster. You may try using Rainbow Tables for fastest password cracking. Notice that password cracking is good technique only if you already got the hash of password. Trying every possible password while logging to remote machine is not a good idea, as it's easily detected by intrusion detection systems, pollute system logs and may take years to complete. It's often much easier to find other way into system, than cracking password.
Get super user (root) privileges. Try to get root privileges if targeting a *nix machine, or administrator privileges if taking Windows systems. Most information that will be of vital interest is protected and you need a certain level of authentication to get it. To see all the files on a computer you need super user privileges. This is a user account that is given the same privileges as the "root" user in Linux and BSD operating systems. For routers this is the "admin" account by default (unless it has been changed), for Windows, this is the Administrator account, etc. Just because you have gained access to a connection doesn't mean you can access everything. Only a super user, the administrator account, or the root account can do this.
Use various tricks. Often to gain super user status you have use tactics such as creating a "buffer overflow", which is basically causing the memory to dump and allowing you to inject a code or perform a task at a higher level then you're normally authorized. In unix-like systems this will happen if the bugged software has setuid bit set, so program will be executed as different user (superuser for example). Only writing or finding an insecure program that you can execute on their machine will allow you to do this.
Create a backdoor. Once you have gained full control over a machine, it's best to make sure you can come back again. This can be done by 'backdooring' an important system service, such as the SSH server. However your backdoor may be removed upon the next system upgrade - really experienced hackers would backdoor the compiler itself, so every compiled software would be a potential way to come back.
Cover your tracks.This is the most important part of hacking. Never ever let the administrator know that the system is compromised. Do not change the website (if any), do not create more files than you really need. Do not create any additional users. Act as fast as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to login with this password, the server should let them in, but shouldn't contain any crucial information.
Subscribe to:
Posts (Atom)