Hey friends, with this tutorial we assure to give you a complete overview of hacking and its subjects so we need you to be patient and read each and everything with an open mind. Hacking is a broad subject so it is not that it can be learnt or mastered in a single day/week/months or even years.
So first of all the most important questions that pop inside our mind(s) when we start Hacking.
1. Who is a hacker?
2. Are there more than 1 type of hackers?
3. How many types of methods are there?
4. How Can I stay anonymous?
5. I need my files to be completely safe.
6. Where shall I begin?
7. Do I need some money to start hacking?
8. What all Tools I need if I want to start hacking?
Okay So Lets take start by taking each question one by one.
Who is a Hacker?
In the computer security context, a hacker is someone who seeks and
exploits weaknesses in a computer system or computer network.
Are there more than 1 types of hackers?
Yes, Types of Hackers are:
Black hat
A "black hat" hacker is a hacker who "violates computer security for
little reason beyond maliciousness or for personal gain.” Black hat
hackers break into secure networks to destroy data or make the network
unusable for those who are authorized to use the network.
White hat
A white hat hacker breaks security for non-malicious reasons, perhaps to
test their own security system or while working for a security company
which makes security software. The term "white hat" in Internet slang
refers to an ethical hacker. This classification also includes
individuals who perform penetration tests and vulnerability assessments
within a contractual agreement.
Grey hat
A grey hat hacker is a combination of a black hat and a white hat
hacker. A grey hat hacker may surf the Internet and hack into a computer
system for the sole purpose of notifying the administrator that their
system has a security defect, for example. Then they may offer to
correct the defect for a fee.
Blue hat
A blue hat hacker is someone outside computer security consulting firms
who is used to bug test a system prior to its launch, looking for
exploits so they can be closed.
Elite hacker
A social status among hackers, elite is used to describe the most
skilled. Newly discovered exploits will circulate among these hackers.
Elite groups such as Masters of Deception conferred a kind of
credibility on their members.
Script kiddie
A script kiddie (also known as a skid or skiddie) is a non-expert who
breaks into computer systems by using pre-packaged automated tools
written by others, usually with little understanding of the underlying
concept.
Neophyte
A neophyte, "n00b", or "newbie" is someone who is new to hacking or
phreaking and has almost no knowledge or experience of the workings of
technology, and hacking. By simple following the instructions a noob can get access to a website and play with it. People who are lazy or disinterested to learn generally fall in this group.
Hacktivist
A hacktivist is a hacker who utilizes technology to announce a social,
ideological, religious, or political message. In general, most
hacktivism involves website defacement or denial-of-service attacks. "Anonymous" is one such hacktivist group who stages online protests against corrupt corporates or governments who exploit their people.
How many types of methods are there?
I am not going to explain all types of hacks here as the LIST NEVER DIES. I don’t think you can finish it.
DoS - Denial of Service
Denial of service relies on methods that exploit the weaknesses of
network technology. For example, one common form of DoS is Ping of
Death. Ping of Death attacks work by generating and sending certain
kinds of network messages that are technically unsupported but known to
cause problems for systems that receive them. Denial of service attacks
like Ping of Death may crash or "hang" computers. Other DoS attacks may
simply fill or "flood" a network with useless data traffic, rendering
systems incapable of acting on bona fide requests.
DDoS (Distributed Denial of Service)
A DDoS attack is one that pits many machines against a single victim. An
example is the attacks of February 2000 against some of the biggest
websites. Even though these websites have a theoretical bandwidth of a
gigabyte/second, distributing many agents throughout the Internet
flooding them with traffic can bring them down.
Types of Dos/DDoS Attacks
The length of this thread will INCREASE DRASTICALLY IF I MENTION THESE.
Visit:
https://en.wikipedia.org/wiki/Denial-of-..._of_attack
Bots
A ’bot’, short for robot, is a type of software application or script
that performs tasks on command like indexing a search engine, and they
are really good at performing repetitive tasks.Bad bots perform
malicious tasks allowing an attacker to take complete control over an
affected computer for the criminal to control remotely. Once infected,
these machines may also be referred to as ’zombies’.
Botnets
Taking over one computer is useful, but the real value to a criminal
comes from collecting huge numbers of computers and networking these (a
botnet) so they can all be controlled at once and perform large scale
malicious acts.
Keylogging
It secretly records the keystrokes of the password entered by the user.
It records the activity of the user smartly. The Keylogging software
hides itself from desktop, control panel, or system tray. The software
is hardly noticeable to the user.
RAT(s) - Remote Access Trojan or Remote Administration Tool
A remote access tool (a RAT) is a piece of software that allows a remote
"operator" to control a system as if he has physical access to that
system. While desktop sharing and remote administration have many legal
uses, "RAT" software is usually associated with criminal or malicious
activity. Malicious RAT software is typically installed without the
victim's knowledge, often as payload of a Trojan horse, and will try to
hide its operation from the victim and from security software.
The operator controls the RAT through a network connection. Such tools provide an operator the following capabilities:
• Screen/camera capture or image control
• File management (download/upload/execute/etc.)
• Shell control (from command prompt)
• Computer control (power off/on/log off if remote feature is supported)
• Registry management (query/add/delete/modify)
• Hardware Destroyer (overclocker)
• Other software product-specific functions
Its primary function is for one computer operator to gain access to
remote PCs. One computer will run the "client" software application,
while the other computer(s) operate as the "host(s)".
For more on RAT(s) Visit:
https://en.wikipedia.org/wiki/Remote_Adm...ation_Tool
Cross Site Scripting (XSS)
XSS flaws occur whenever an application takes user supplied data and
sends it to a web browser without first validating or encoding that
content. XSS allows attackers to execute script in the victim's browser
which can hijack user sessions, deface web sites, possibly introduce
worms, etc.
Injection Flaws
Injection flaws, particularly SQL injection, are common in web
applications. Injection occurs when user-supplied data is sent to an
interpreter as part of a command or query. The attacker's hostile data
tricks the interpreter into executing unintended commands or changing
data.
Malicious File Execution
Code vulnerable to remote file inclusion (RFI) allows attackers to
include hostile code and data, resulting in devastating attacks, such as
total server compromise. Malicious file execution attacks affect PHP,
XML and any framework which accepts file names or files from users.
Insecure Direct Object Reference
A direct object reference occurs when a developer exposes a reference
to an internal implementation object, such as a file, directory,
database record, or key, as a URL or form parameter. Attackers can
manipulate those references to access other objects without
authorization.
Cross Site Request Forgery (CSRF)
A CSRF attack forces a logged-on victim's browser to send a
pre-authenticated request to a vulnerable web application, which then
forces the victim's browser to perform a hostile action to the benefit
of the attacker. CSRF can be as powerful as the web application that it
attacks.
Information Leakage and Improper Error Handling
Applications can unintentionally leak information about their
configuration, internal workings, or violate privacy through a variety
of application problems. Attackers use this weakness to steal sensitive
data, or conduct more serious attacks.
Broken Authentication and Session Management
Account credentials and session tokens are often not properly
protected. Attackers compromise passwords, keys, or authentication
tokens to assume other users' identities.
Insecure Cryptographic Storage
Web applications rarely use cryptographic functions properly to protect
data and credentials. Attackers use weakly protected data to conduct
identity theft and other crimes, such as credit card fraud.
Insecure Communications
Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive communications.
Failure to Restrict URL Access
Frequently, an application only protects sensitive functionality by
preventing the display of links or URLs to unauthorized users. Attackers
can use this weakness to access and perform unauthorized operations by
accessing those URLs directly.
How Can I stay anonymous?
One of the most widely asked questions. Will come back to this later. You need to come back to techxotic for checking out the new articles and tutorials.
I need my files to be completely safe.
Okay, so like everyone else you want to be a cool dude that has to type a
password every time you want to open a specific set of files? Here is
something I have for you:
http://www.truecrypt.org/
- Freeware Software that encrypts files and even your OPERATING
SYSTEM(s). Most of you know it is so easy to gain access to a locked
computer by simple CMD scripts and software’s like ophcrack. TrueCrypt
allows you to encrypt files with multiple methods and you can set your
passwords upto 64 Characters. Use Special symbols, numbers, Capital
Letters. Your password is nearly impossible to brute force. No Tutorial
for this as the website has the perfect thing:
http://www.truecrypt.org/docs/ - Trust me you don’t need anything else.
Note: If you have been saving files on your normal hard drive and you
just started using TrueCrypt after hiding all your files. Run
http://www.fileshredder.org this program and Wipe all Free Space.
Where shall I begin?
One of the most frequently asked questions!
Hmm.. So start off with how to be anonymous (That is very important)
I’m going to explain that later in the coming whitepapers of techxotic. After this you can go
for Keylogging then Ratting, after this go for DDoSing. You can then go for SQLi and
XSS.
After this you have a whole new world open to you! You just have to
think what inspires you the most and go for it! There is programming,
networking, pentesting, exploits etc. You cannot learn hacking in a day,
month or even 5 years. To perfect each method you need at least 7-9
years, with over growing methods of hacking there are new exploits
almost everyday! Start helping people and gain experience.
Do I need some money to start hacking?
In the start NO. You have just read as much as you can. Run a few RAT(s)
and Keyloggers. After this once you are familiar with this you can help
people setup RATs and earn a dollar or maybe two. When you think you’ve
got enough buy a VPN/Crypter etc. Will come back to this after
sometime.
What all Tools I need if I want to start hacking?
The most important of all is a GREAT MIND. That is what does all the
hacking. You can learn SQL injection and deface your first website in
like 50 mins TOPS. But guys what is the use if you have to download
software’s for this? Someone asks you to hack and what you do is
download Havij and deface a website. That is what we call a complete
noob. Learn the manual method.
You can start with Keyloggers, RAT(s), and NMAP etc. Few Tools that are used are:
SQLmap
SQLmap is software that is a penetration testing tool that automates
the process and exploiting SQL injection flaws and taking over of
database servers.
THC-Hydra
THC-Hydra is essentially a brute forcing tool that has been tested on multiple operating systems.
NetCat
NetCat is basically used for network connections. Its list of features
includes port scanning, transferring files, and port listening, and it
can be used as a backdoor.
JohnTheRipper
JohnTheRipper essentially the same thing as THC-Hydra, a brute forcing tool that has been tested on multiple operating systems.
Hashcat Plus
HashCat Plus is my favorite piece of software which is used to crack
hashes; it is an md5crypt, phpass, mscash2 and WPA / WPA2 cracker. If
you have an Nvidia graphics card you will need to use cudaHashcat-plus,
if you have an AMD graphics card you will need to use oclHashcat-plus.
TheHarvester
TheHarvester is basically some software that is used for looking up all
the A records for a websites so you can find all of a websites sub
domains and basically all the juices.
Burp Suite
Burb Suite is software that will basically penetration tests a website for all its vulnerability.
Acunetix
Acunetix is software which penetration tests a website for SQLi, XXS and many more vulnerabilities.
Nmap
I personally use Nmap just for port scanning and network scanning; however, it can be used for much more.
Metasploit
Metasploit is yet another penetration testing tool.
Putty
Putty is an SSH and Telnet client; however it can be used for other protocols as well.
Last Word-
There's a hard way and there's an easier way. People who take it easy
end up being noobs who lack real information and depend on the programs
made by others. Whereas, people who take the harder route get the real
knowledge and are more skilled than the other ones. In this tutorial, we covered all the basic things a hacker should be aware about and should consistently practice his skills by checking the errors and bugs on a site and reporting it.
Hacking is like getting your things done without making noise or leaving any evidence for that you need to be anonymous. We will learn how to get anonymous in the coming tutorials of techxotic so stay tuned for more.
![[Image: tLyFUWo.jpg?1]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tt8uvg7LOTsHp1Q8BKJC6bPLmKweroRZNAAd7QkQY81ewp--VsiT2mKSXYdPZrLkNbMJgBzH41KZA7kavQXh4S4EU2=s0-d)
![[Image: MalwareBytes-PRO-1-User-Retail-Download.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s3i-aZ91qPmH-vtk-mykjG1XrJjo4mjwVr4ncZoTN81VT_9pDOigskX9fYl10Lvudc2sAOztqjIP7omxiWvVx5SPflW3Jd9TbEJR6k8dcCrf9uH2DyyNKINcDeVfEmfLHOCAVTigqLGLGoliYNsoQzliQSh2Cwra14gJ0L1DpBdJS1NviMxPjRGw=s0-d)
![[Image: boitef.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uzbnnMn2hM8aHKlSY1zYSCG4COvwlmvLMxga8YbBt4GL6ZUJfF-a0jUP9Mixm8_DLFhLHALepRXgIjL2u-FyrnpdMwYCDuCiBSJ-biDUmLWtTDrmOV=s0-d)
![[Image: 2bAPJoy.jpg?1]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vuRsnNrGDKveS-quzeCB3heLUgU0t6mmpQiImUlNADW6vI2dwUWGLaaOhNenoyesWna4GTkNY6JSb12atCtDFw1MUB=s0-d)
