Ready to Start Your Career?

Hacking and Hackers: "See What Others See and What They Hardly See"

abmmhasan 's profile image

By: abmmhasan

July 22, 2016

Introduction

A good question that’s asked all around these days is, "What is hacking?" In my opinion, hacking is finding brilliant solutions to interesting problems. Well, that shows how broad the term “hacking” is.

Real life hacking is trying all the ways possible to exploit your targets' weak links and/or to get him/her motivated. It's elaborate.

As for the technical work of hacking, hackers are just trying to find loopholes inside code so they can exploit them. You might ask, "Why?" There are reasons:

  1. So a bug can be fixed/patched or

  2. Using a bug to operate the computer another way they're not supposed to or

  3. To do bad jobs that harm others

Exploitation works in several ways in our real life (you can use a person's weakness to strengthen another person or demolish them - it depends on you).

Classifications and Groups (Choose your Path)

In classifying hackers, there are 3 primary types:

  1. White Hat: Security tester, Cyber Detectives etc. Normally does bug fixing, Govt Cyber Army, Organizational code tester etc.

  2. Black Hat: A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for some gain." Works as a freelancer. Sometimes works for bad gains, sometimes for ethics.

  3. Grey Hat: A grey hat hacker lies between a black hat and a white hat hacker. Can be a person of both worlds.

In grouping hackers, there are 6 primary types:

  1. Elite Hacker: A social status among hackers, elite is used to describe the most skilled.

  2. Script Kiddie: Unskilled hacker who breaks into computer systems by using automated tools written by others (usually by black hat hackers)

  3. Neophyte: Someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.

  4. Hacktivist: A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.

  5. Cracker: Known to be bad hackers. Though, they're mainly patch/keygen makers.

  6. Blue Hat: Known as bug tester.

You may classify more and the list goes on. Some may debate my writings. But, these primarily describe the types and groups of hackers.

Type of Attacks (What Happens)

Primarily, there are 3 types of attacking styles:

  1. Non-technical: Exploits that involve manipulating people

  2. Technical: Exploits that involve direct to machine base

  3. Physical: Directly invading the area to gain access

Forming Attack (or Defense) Plans

To attack a specific system, there are routine tasks that need to be performed and items that need to be confirmed:

  1. Test the target system

  2. Check the risks involved

  3. Secure the work timeline

  4. Determine if you want to detected or not

  5. Gather as much knowledge as possible on the target system

  6. Define actions to be taken once the exploit starts

Gathering Information (Primary Step for Every Hack)

Start by:

  • Searching the target organization name, computer name, IP address in Search engines

  • Narrowing the scope by making target specific

  • Performing tests, scans to narrow down more

These steps can be performed via publicly available information:

  • Use Social Media (Facebook, Google+. LinkedIn, Twitter etc.)

  • Search the web (do as much as possible - even by the name of client, employer or employee, patents, trademarks, media monitoring etc.)

  • Search using keywords; perform advanced web searches

  • Perform search actions using Google Dork keywords (intitle, allintitle, inurl, allinurl, filetype, intext, allintext, site, link, inanchor, numrange, daterange, author, group, insubject, msgid)

  • Use webcrawlers (checking directory structure, page list, layout, comment fields etc.)

  • Use WhoIs to find owner information

  • Check privacy policies. In many cases, you may find many technical information of company in their privacy policy.

These can be performed via system scans:

  • Host checking (Ping etc.)

  • Find open ports

  • Through a wrong URL on the site to see the error page; in most cases, these page expose system information

  • Detect the technology used by the site

  • Determining system OS

  • Check if any system dumped file can be found

  • Check if there is any banner information

  • Check HTTP header information and extract

  • Send an email to an invalid email address may send back a failure message with details mail server information in it

  • Prepare exploit

Conclusion

And, now you have information to get started! Congratulations!

Remember, hacking is not about just getting information and exploiting. It’s about “Seeing what others see along with what others hardly see!” You need to use your 6th sense.

And, educate yourself (all resource available from course section on Cybrary):

Phase 1: A+, Linux+, Network+, Security+, Cryptography

Phase 2: CEH, Pentesting, Malware Analysis, Exploit CISSP etc.

Bonus: Google is best place to get everything you need, so use it!

Schedule Demo