Get started with Hacking

By -
Hi all this is Haclovers again.
I'm back with my new and awesome blog on the readers demand.
By now you may be understood by seeing the Heading of my blog that In this blog I'm going to tell you about How to Hack.
Before that  you can refer my last blog on Start up for Hacking. 
Here's the link https://sidceh.blogspot.in/2016/08/start-up-for-hacking.html 
You can click on this for Early knowledge.
This Blog is only for Educational Purpose.

So here's I'm going to start with my topic.


Primarily, hacking was used in the "good old days" for leaking the information about the other systems. In the past recent times till present times hacking has taken on dark connotations conversely.
Now a days many companies hire hackers as their employ to test their systems for the strengths and weakness.

Before you start with the Hacking you should be aware of some basics you will get to know about that in my last blog for that you can click on the above link. More further information is that you must gather all the information of your target is know as enumeration. The more you know about your target the lesser you will get surprised further.

So here we start How to Hack.
1. Use a *nix terminal for commands: Cygwin will help emulate a *nix for Windows users. Nmap in particular uses WinPCap to run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to a lack of raw sockets. You should also consider using Linux or BSD, which are both more flexible. Most Linux distributions come with many useful tools pre-installed.

2. Secure your machine first: Make sure you've fully understood all common techniques to protect yourself. Start with the basics — but make sure you have authorization to attack your target : either attack your own network, ask for written permission, or set up your own laboratory with virtual machines. Attacking a system, no matter its content, is illegal and WILL get you in trouble.

3. Test the target: Can you reach the remote system? While you can use the ping utility (which is included in most operating systems) to see if the target is active, you can not always trust the results — it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators. 

4. Determine the operating system (OS): Run a scan of the ports, and try pOf, or nmap to run a port scan. This will show you the ports that are open on the machine, the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action. You can activate OS detection in nmap by using the -O switch.

5. Find a path or open port in the system: Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered.
  • Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming.
  • An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be brute forced.
 6. Crack the password or authentication process: There are several methods for cracking a password, including brute force. Using brute force on a password is an effort to try every possible password contained within a pre-defined dictionary of brute force software
  • Users are often discouraged from using weak passwords, so brute force may take a lot of time. However, there have been major improvements in brute-force techniques.
  • Most hashing algorithms are weak, and you can significantly improve the cracking speed by exploiting these weaknesses (like you can cut the MD5 algorithm in 1/4, which will give huge speed boost).
  • Newer techniques use the graphics card as another processor — and it's thousands of times faster.
  • You may try using Rainbow Tables for the fastest password cracking. Notice that password cracking is a good technique only if you already have the hash of password.
  • Trying every possible password while logging to remote machine is not a good idea, as it's easily detected by intrusion detection systems, pollutes system logs, and may take years to complete.
  • You can also get a rooted tablet, install a TCP scan, and get a signal upload it to the secure site. Then the IP address will open causing the password to appear on your proxy.
  • It's often much easier to find another way into a system than cracking the password.
 7. Use various tricks: Often, to gain super-user status you have to use tactics such as creating a buffer overflow, which causes the memory to dump and that allows you to inject a code or perform a task at a higher level than you're normally authorized.
  • In Unix-like systems this will happen if the bugged software has setuid bit set, so the program will be executed as a different user (super-user for example).
  • Only by writing or finding an insecure program that you can execute on their machine will allow you to do this.
 8. Use various tricks: Often, to gain super-user status you have to use tactics such as creating a buffer overflow, which causes the memory to dump and that allows you to inject a code or perform a task at a higher level than you're normally authorized.
  • In Unix-like systems this will happen if the bugged software has setuid bit set, so the program will be executed as a different user (super-user for example).
  • Only by writing or finding an insecure program that you can execute on their machine will allow you to do this.
 9. Create a backdoor: Once you have gained full control over a machine, it's a good idea to make sure you can come back again. This can be done by backdooring an important system service, such as the SSH server. However, your backdoor may be removed during the next system upgrade. A really experienced hacker would backdoor the compiler itself, so every compiled software would be a potential way to come back. 
10. Cover your tracks: Don't let the administrator know that the system is compromised. Don't change the website (if any), and don't create more files than you really need. Do not create any additional users. Act as quickly as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to login with this password, the server should let them in, but shouldn't contain any crucial information. 
So Here you go for Hacking. Thats all you need to know about it.
But before going I have to tell you something very very important and it is that dont try too misuse this information, or get misguided. First certify yourself as an Hacker. This blog was only for educational purpose only.
 If you still got any doubts let me know from your comments.

So see you next time till then,  
                                 
                                        "FOLLOW ETHICS AND KEEP HACKING"


Comments

Post a Comment

Popular posts from this blog

Bypassing Web Portal

By -
Hey all this is all yours Hacklovers back again with my new blog. In this blog I'm going to tell you about the ways you can Bypass the web portals 1 . Many times in schools or college they provide us with free WiFi so that we can freely relax ourselves. May times people use WiFi for opening Facebook, Flash games and many other things. But your network administrator frowns our fun time, and the sites you want to access are blocked. Luckily there are ways around to get pass through the restrictions and have a good time.   So here is the 1st method * Using A Portable browser    1. Portable web Browser : A portable web browser does not need to be installed to run, meaning that it wont leave any traces on the computer you use it on. By downloading a portable browser to a flash drive and configuring its proxy setting, you can have a browser that you can take with you anywhere to bypass any web restriction. Firefox is the easiest portable browser to use. Make sure that you downl
Read more

Things A Cyber Security Student Can Do For Securing Jobs.

By -
Image
    This post is regarding the students who are looking for jobs in Cyber Security field. I being a student have seen my cohorts struggling with getting up for the jobs or securing them. Here are some of the few pointers or tips which I have written down to getting up with the things on the way of securing your job.  Things a Cyber Security student can do: Understand your niche: Get to know your zone. Select your domain or area of interest to get into it and understand the role which is suitable for you.  Study about your role: You should always have a brief idea about the role you want to go for. What are the things you should study for the role you want to go for.        Like if you are going in for SOC Analyst:     You should have knowledge about the networking, technical skills.     Build up your LinkedIn Network: It is important for every student to improve their LinkedIn profile and have some great connections. These are the factors which help you out to stand out for your job
Read more

Start up for hacking

By -
Image
               Now a days many of us about the hacking, n many people who are interested in learning about hacking doesn't know about how to get started. So this blog can let u give some information about how u can start for hacking.             So before we start for hacking the one thing is that it is not necessary that you must be a good programmer. Their are some tools which can help you, while hacking. But you must have basic knowledge about computer networks, IP address, HTTP, FTP, DNS, SMTP, etc. You can also begin to learn about alternative operating systems(OS) like Linux. Basically I recommend to use Linux (backtrack OS). You can use Linux by installing VM Ware or Virtual Box. You will get all the exploitation tools in that. You can take the help of you tube for installation of vm ware and backtrack or any other os. for more details you can refer many books such as Hacking Secrets Exposed and many more. There are many many websites through which you can learn t
Read more