In popular media, hackers are portrayed as evil characters who illegally gain access to computer systems and networks. In reality, these are just people who know those devices very well. Some hackers (known as black hats) actually use their abilities for illicit and immoral purposes, while others do so because they see it as a challenge. White hat hackers, on the other hand, use their technical expertise to solve problems and enhance security systems, for example by catching criminals or correcting weaknesses in computer systems. Even if you don't intend to become a hacker, it's a good idea to know how these professionals operate so you can avoid becoming a target. If you are ready to dive into this world and learn how to hack, this article contains some tips that will help you get started.
Steps
Part 1 of 2: Learning the Skills Required to Become a Hacker
Step 1. It is important to know what a hacker's activities are
In general terms, hacking refers to various techniques used to breach or gain access to a digital system, be it computers, mobile devices or entire networks. To succeed in this attempt, various specific skills are required, some of a purely technical nature, others psychological. There are many different types of hackers, motivated by different reasons.
Step 2. Learn the ethics of hackers
Despite how they are portrayed in popular culture, hackers are neither good nor bad, as their skills can be used for many different purposes. They are simply very experienced people who can solve problems and overcome restrictions. You can use your technical skills as a hacker to find solutions to a problem or to create them and participate in illegal activities.
-
Attention:
gaining access to a computer that does not belong to you is a serious crime. If you decide to use your hacking skills for similar purposes, consider that there are professionals who use their skills to do good (known as white hat hackers). Some are paid handsomely to hunt down cybercriminals (black hat hackers). If you get caught, you will end up in jail.
Step 3. Learn to use the internet and HTML
If you're going to be a hacker, you need to know how to use the internet perfectly; It is not enough to know browsers, but you will also have to employ advanced techniques for search engines, as well as knowing how to create content in HTML. Learning HTML also allows you to develop a certain mindset that will be useful for learning to program.
Step 4. Learn to code
It can take time to learn a programming language, so be patient. Make an effort to learn to think like a programmer, instead of focusing on individual languages. Give your attention to concepts that repeat themselves in all programming languages.
- C and C ++ are the basic languages of Linux and Windows. They teach (together with assembly) a very important concept for hackers: how memory works.
- Python and Ruby are powerful, high-level scripting languages, which you can use to automate various tasks.
- PHP is worth learning because it is used by most web applications. Perl is also a reasonable choice in this area.
- Knowing bash scripting is essential. It is this technique that allows you to easily manipulate Unix / Linux systems. You can use Bash to write scripts that will do most of the work for you.
- Knowing about assembly is imperative. This is the basic language that communicates with the processor and there are some variations. It is not possible to really break a program without knowing assembly.
Step 5. Get a system based on an open-source version of Unix and learn how to use it
There is a large family of Unix-based operating systems, including Linux. The vast majority of web servers on the internet use this technology. Consequently, you will need to learn about Unix if you want to use your internet hacking skills. In addition, open-source systems such as Linux allow you to read and modify the source code, in order to customize it at will.
There are many different distributions of Unix and Linux. The most popular is Ubuntu. You can install Linux as the primary operating system or create a virtual machine with Linux. You can also set up a Dual Boot system with Windows and Ubuntu
Part 2 of 2: Hack
Step 1. First, make your business secure
To become a hacker, you need a system to practice on. However, make sure you have clearance to attack your target. You can target your own network, ask for written permission, or create a lab with virtual machines. Attacking a system without permission, regardless of its contents, is illegal and will get you into trouble.
Boot2root systems are specifically designed to be attacked by hackers. You can download them from the internet and install them using a virtual machine. You can practice cracking these systems
Step 2. You must know your target
The phase of gathering information about your target is known as "enumeration". The goal is to establish an active link with the target and uncover vulnerabilities that you can use to further exploit their system. There are a variety of tools and techniques that can aid this process. You can take care of the enumeration through various internet protocols, such as NetBIOS, SNMP, NTP, LDAP, SMTP, DNS and on Windows and Linux systems. Below, you will find a list of some of the information you should collect:
- Usernames and group names;
- Host names;
- Sharing and network services;
- IP and routing tables;
- Service settings and configuration of audit files;
- Applications and banners;
- SNMP and DNS details.
Step 3. Probe the target
Can you reach the remote system? While you can use ping (included with many operating systems) to check if a target is active, you can't always trust the results you get; in fact, this method relies on the ICMP protocol, which can be easily disabled by a security-concerned system administrator. You can also use other tools to find out which mail server uses an email address.
You can find tools to perform hacks on the forums frequented by hackers
Step 4. Run a Port Scan
You can use a network scanner to do this. In this way, you will discover the open ports of the machine, of the operating system and you will also be able to know what kind of firewall or router the computer uses, in order to plan the best strategy.
Step 5. Find a path or an open door on the system
Common ports such as FTP (21) and HTTP (80) are often well protected and are probably not vulnerable. Try other TCP and UDP ports that have been forgotten, such as Telnet and others left open to play over LAN.
If port 22 is open, it usually means that a secure shell (SSH) service is running on the target, which in some cases can be hacked with so-called "brute force"
Step 6. Find out the password or bypass the authentication system
There are various methods of doing this and they include some of the following:
- Brute force. A brute-force attack simply attempts to guess the user's password. This method can be useful for gaining access for very simple keywords (like password123). Hackers often use tools that quickly test various words from a dictionary, trying to guess the password. To protect yourself from such attacks, avoid using simple words as credentials. Make sure you use a combination of letters, numbers and special characters.
- Social engineering. With this technique, a hacker contacts a user and deceives him, in order to have the password revealed. For example, they can impersonate an IT employee and inform the user that they need their password to solve a problem. Hackers can also rummage through trash cans or try to break into a private room. It is for this reason that you should never reveal your password to anyone, regardless of who they claim to be. Also, always destroy any documents that contain your personal information.
- Phishing. With this technique, a hacker sends an email to a user posing as a trusted person or company. The message may contain an attachment that installs spyware or a keylogger. It may also contain a link to a fake commercial website (created by the hacker) that looks authentic. At that point, the user is asked to enter their personal information, which the attacker will access. To avoid these scams, don't open emails you don't trust. Always check that the websites are safe (including "HTTPS" in the URL). Go to business sites directly, instead of clicking on a link in a message.
- ARP Spoofing. With this technique, a hacker uses an app on the phone to create a fake Wi-Fi access point that all people in a public place can access, considering it a public network. At that point, the application records all data transmitted over the internet by connected users, such as the username and password used to log in to a website, and makes them available to the hacker. To avoid becoming a victim of this scam, do not use public Wi-Fi. If you are forced to do so, ask the owner of the venue you are in for access data to make sure you connect to the correct access point. Also check that your connection is encrypted by looking for the padlock symbol next to the URL. If you want, you can also use a VPN.
Step 7. Get super-user privileges
Much vital information is protected and some level of authentication is required to view it. To access all files on a computer, you need super-user privileges, an account that has the same permissions as the "root" user on Linux and BSD operating systems. By default, on routers this is the "admin" account (if it has not been changed); on Windows it is the Administrator. There are a few tricks you can use to get these privileges:
- Buffer Overflow. If you know the memory layout of a system, you can provide input that the buffer cannot receive. This way, you can overwrite the code stored in memory with one you wrote yourself and take control of the system.
- On Unix-based systems, this trick may work if the software with the bug has set the setUID bit to authorize saving files. The program will be run with another user (super-user for example).
Step 8. Create a backdoor
Once you have complete control of a system, it's a good idea to make sure you can reenter again. To create a backdoor, you need to install malware on an important system service, such as the SSH server. This allows you to bypass the normal authentication system. However, your backdoor may be removed by the next system update.
An experienced hacker will create a backdoor into the compiler itself, so that all compiled programs will become a potential breach to re-enter the system
Step 9. Cover your tracks
Don't let the administrator find out that the system is compromised. Do not make any changes to the website. Avoid creating more files than you need or additional users. Act as quickly as possible. If you have installed a patch on a server like SSHD, make sure your secret password is programmed directly. If someone tries to log in with that keyword, the server should let them in, but there should be no important information.
Advice
- Unless you are really experienced or a professional hacker, you will certainly get in trouble if you use these tactics on the computer of a well-known company or the government. Remember that some people more capable than you protect these systems of work. Once an intruder is discovered, in some cases they control him and let him commit crimes before taking legal action against him. This means that you may think that you have free access to a system after hacking it, when in reality you are being observed and could be stopped at any moment.
- Hackers created the Internet, developed Linux, and worked on open-source programs. It is advisable to learn about hacking techniques, because it is a highly respected sector and it requires great professional competence to obtain concrete results in real scenarios.
- Remember: if your target doesn't do what they can to keep you from logging in, you'll never get good at it. Of course, you also need to avoid being presumptuous. Don't consider yourself the best of all. Your goal must be to continually improve and every day you learn nothing is wasted. As Yoda would say: "To do or not to do, there is no trying."
- Read books about the TCP / IP network.
- There is a main difference between a hacker and a cracker. The latter is motivated by immoral reasons (especially earning money), while hackers try to obtain information and knowledge through exploration ("bypassing security systems").
- Practice hacking into your own computer.
Warnings
- Be especially careful if you believe you have found a very simple crack or a major error in a security system. The professional running the system may be trying to trick you or have set up a honeypot.
- Don't do anything for fun. Remember that hacking a network is not a game, it is a world-changing power. Don't waste it on childish behavior.
- If you don't feel confident in your abilities, avoid hacking into corporate, government, or military networks. Even though they have weak security systems, they have very large financial resources to track you down and arrest you. If you find a breach in one of these networks, it is best to inform a more experienced hacker who knows how to exploit it for a good purpose.
- Avoid deleting entire log files. On the contrary, only remove the rumors that incriminate you. You should also ask yourself if there is a backup copy of the log file. What if they checked the differences and noticed what you deleted? Reflect on your actions. The best thing to do is delete random log lines, in addition to the ones you care about.
- While you may have heard otherwise, don't help anyone modify a program or system. Within the hacker community, this attitude is considered unfair and can lead you to be excluded. If you go public with a private exploit found by someone, you could make yourself an enemy, probably more capable than you.
- Using this information inappropriately can be considered a crime. This article is intended solely as a source of information and should only be used for ethically and legally appropriate purposes.
- Breaking into another person's system can be illegal, so don't do it if you don't have their permission and aren't sure it's worth it. If not, you will be found out.
