Hacking and Hackers: “See What Others See and What They Hardly See”

July 22, 2016 | Views: 8609

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Introduction

A good question that’s asked all around these days is, “What is hacking?” In my opinion, hacking is finding brilliant solutions to interesting problems. Well, that shows how broad the term “hacking” is.

Real life hacking is trying all the ways possible to exploit your targets’ weak links and/or to get him/her motivated. It’s elaborate.

As for the technical work of hacking, hackers are just trying to find loopholes inside code so they can exploit them. You might ask, “Why?” There are reasons:

  1. So a bug can be fixed/patched or

  2. Using a bug to operate the computer another way they’re not supposed to or

  3. To do bad jobs that harm others

Exploitation works in several ways in our real life (you can use a person’s weakness to strengthen another person or demolish them – it depends on you).


Classifications and Groups (Choose your Path)

In classifying hackers, there are 3 primary types:

  1. White Hat: Security tester, Cyber Detectives etc. Normally does bug fixing, Govt Cyber Army, Organizational code tester etc.

  2. Black Hat: A “black hat” hacker is a hacker who “violates computer security for little reason beyond maliciousness or for some gain.” Works as a freelancer. Sometimes works for bad gains, sometimes for ethics.

  3. Grey Hat: A grey hat hacker lies between a black hat and a white hat hacker. Can be a person of both worlds.

In grouping hackers, there are 6 primary types:

  1. Elite Hacker: A social status among hackers, elite is used to describe the most skilled.

  2. Script Kiddie: Unskilled hacker who breaks into computer systems by using automated tools written by others (usually by black hat hackers)

  3. Neophyte: Someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.

  4. Hacktivist: A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.

  5. Cracker: Known to be bad hackers. Though, they’re mainly patch/keygen makers.

  6. Blue Hat: Known as bug tester.

You may classify more and the list goes on. Some may debate my writings. But, these primarily describe the types and groups of hackers.


Type of Attacks (What Happens)

Primarily, there are 3 types of attacking styles:

  1. Non-technical: Exploits that involve manipulating people

  2. Technical: Exploits that involve direct to machine base

  3. Physical: Directly invading the area to gain access


Forming Attack (or Defense) Plans

To attack a specific system, there are routine tasks that need to be performed and items that need to be confirmed:

  1. Test the target system

  2. Check the risks involved

  3. Secure the work timeline

  4. Determine if you want to detected or not

  5. Gather as much knowledge as possible on the target system

  6. Define actions to be taken once the exploit starts


Gathering Information (Primary Step for Every Hack)

Start by:

  • Searching the target organization name, computer name, IP address in Search engines

  • Narrowing the scope by making target specific

  • Performing tests, scans to narrow down more

These steps can be performed via publicly available information:

  • Use Social Media (Facebook, Google+. LinkedIn, Twitter etc.)

  • Search the web (do as much as possible – even by the name of client, employer or employee, patents, trademarks, media monitoring etc.)

  • Search using keywords; perform advanced web searches

  • Perform search actions using Google Dork keywords (intitle, allintitle, inurl, allinurl, filetype, intext, allintext, site, link, inanchor, numrange, daterange, author, group, insubject, msgid)

  • Use webcrawlers (checking directory structure, page list, layout, comment fields etc.)

  • Use WhoIs to find owner information

  • Check privacy policies. In many cases, you may find many technical information of company in their privacy policy.

These can be performed via system scans:

  • Host checking (Ping etc.)

  • Find open ports

  • Through a wrong URL on the site to see the error page; in most cases, these page expose system information

  • Detect the technology used by the site

  • Determining system OS

  • Check if any system dumped file can be found

  • Check if there is any banner information

  • Check HTTP header information and extract

  • Send an email to an invalid email address may send back a failure message with details mail server information in it

  • Prepare exploit


Conclusion

And, now you have information to get started! Congratulations!

Remember, hacking is not about just getting information and exploiting. It’s about “Seeing what others see along with what others hardly see!” You need to use your 6th sense.

And, educate yourself (all resource available from course section on Cybrary):

Phase 1: A+, Linux+, Network+, Security+, Cryptography

Phase 2: CEH, Pentesting, Malware Analysis, Exploit CISSP etc.

Bonus: Google is best place to get everything you need, so use it!

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
18 Comments
  1. Good stuff!
    Saving for reference later!

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel