Learn the Basics of Hacking | Truth and Motivation

Hacking has become a common day to day term in our life. Its like couple of years ago when world get introduced to first hacking, but it was 1878. A small group of teenage boys did a merely prank in Bell telephone company. The term Computer Hacking came in late 1960s.

Now some of us get scared of hacking, some enjoy, some wanna get hacked just for fun (!), few want to learn its know hows. But rest of the few who actually masters the techniques of hacking gets the superhuman abilities in today's cyber era. And why not?  Think about anything like book a ticket or taxi or hotel, send money, post a mail, contact anyone, even hiring a hit-man or marriages are done online now a days!

The person who knows databases, servers, networking like their palm of the hand can do anything by brute forcing into targeted server/database and crack them. This is a bit different from Hacking, called Cracking. People often get misunderstood Hacking with Cracking.

Hacking is nothing but identifying the possible weaknesses in computer systems and/or networks to exploit its weaknesses by brute forcing and gaining access. This can be done ethically. Big companies paid such hackers to identify the weaknesses in their security systems and fix them, they are called White Hat Hacker or Ethical Hacker. Ethical hacking has become a respected profession and people are making millions ethically. Think about Ankit Fadia (www.ankitfadia.in), Edward Snowden
( www.edwardsnowden.com ). Their contributions in cyber security are unforgettable.

But this becomes a crime when a person hack in others network to harm the business/individual,  snatch money from them etc. Etc. This is called cracking. Or we can call them the Black hat Hackers. They can be dangerous, threat to a individual/business​/company even for a whole country.

Now comes to the 3rd category: Grey hat hackers, that lies between the White hat and Black hats. They definitely know the basics of hacking but lacks the creative mind. They typically uses white and black hat hackers ready made tools, rootkits, methods.They can be security analyst, common people like us or a Hacktivist. they sometimes violate the cyber laws by unauthorized entry in other servers but don't have the malicious intention like black hats.


Another interesting part I must tell, The Hacktivists! They hack into popular websites, social medias to establish some messages or good agendas. They use the power of hacking to do some good at
least.
Anonymous is a popular hacktivist group.

Methods/Types of hacking

Keylogger Attacks:  Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, so that the user using the keyboard is unaware that their actions are being recorded. These log files might even contain your personal email IDs and passwords. Data can then be retrieved by the person operating the logging program. A keylogger can be either software or hardware. You can download a keylogger software HERE .  Keylogger is one of the main reasons why online banking sites give you an option to use their virtual keyboards.

A keylogger can also be a portable device which is typically plugged into the USB port behind the CPU where keyboard is plugged.

Denial of Service (DoS/DDoS) Attacks:  It is the technique to take down a website or server by flooding that site or server with a lot of fake traffic. As a result, the server is unable to process all the requests in the real-time and finally crashes down. This popular technique, the attacker floods the targeted machine with tons of requests to overwhelm the resources, which, in turn, restrict the actual requests from being fulfilled.

Generally to perform this type of attack, black hats often deploy botnets/zombie-computers. which have got the only work to flood your system with request packets. With each passing year, as the malware and types of hackers keep getting advanced, the size of DDoS attacks keeps getting increasing.

Social engineering (e.g. phishing): a wide spread type of attack by gaining trust of the user and collecting their backgrounds and sensitive informations.  Staing away from tempting email offers exiting prize win offers(phishing) can be a great way to avoid being a victim of such attacks. Oh! And keep your antivirus updated, don’t accept flash drives from suspicious people.

ClickJacking Attacks: It is a malicious technique of fooling an internet user into clicking something else while they think they’re clicking the right thing. This leads to reveal confidential information or taking control of their devices. It is a browser security issue across a variety of browsers and platforms. There are other attacks which falls into same category like, Likejacking, Cursorjacking etc.

Simply stay away form suspicious looking websites, pornsites, apps to avoid getting clickjacked.

Think before you Click.

Injection(Web based)Attacks(e.g. SQL injection):Injection Attacking occurs when there are flaws in your SQL Database, SQL libraries, or even the operating system itself. Employees open seemingly credible files with hidden commands, or injections, unknowingly.

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

Sniffing:  A sniffer is one of the most important information gathering tools in a hacker's arsenal. The sniffer gives the hacker a complete picture (network topology, IP addresses) of the data sent and received by the computer or network it is monitoring. This data includes, but is not limited to, all email messages, passwords, user names, and documents. With this information, a hacker can form a complete picture of the data traveling on a network, as well as capture important tidbits of data that can help her gain complete control over a network.

A sniffer can program and/or device that monitors all information passing through a computer network. It sniffs the data passing through the network off the wire and determines where the data is going, where it's coming from, and what it is. In addition to these basic functions, sniffers might have extra features that enable them to filter a certain type of data, capture passwords, and more. Some sniffers (for example, the FBI's controversial mass-monitoring tool Carnivore) can even rebuild files sent across a network, such as an email or Web page.

Malware:  It is the most annoying thing a web user can get in his computer. On the other hand, One of the greatest weapons in the hacker’s arsenal. Viruses, Trojans (innocent-looking files and programs that deliver a malicious payload later on), worms (for continuous network infiltration), and ransomware can all deliver a handsome pay-day – if you allow them onto your system.

To avoid becoming infected, exercise caution with email messages and attachments. Disable pop-up windows in your browser, to eliminate the temptation to click on them. Restrict your downloads of software to approved app stores and reputable manufacturers. And keep your Shields (anti-malware and security software) regularly updated.

Rootkits: The ultimate Attack. A rootkit is a special type of malware (malicious software) which can be created with ruby python and pearl in Linux OS. Rootkits are special because you don't know what they're doing. In-spite of so many malware remover tools in the market, Rootkits are nearly undetectable and they're almost impossible to remove.

Cookie Theft: The cookies (little text files) stored in your system or browser cache when you visit various websites can hold a wealth of information about you, including personal and financial data, user credentials, and passwords.  Cookies may be stored as plain text, or with varying degrees of encryption (depending on the website). And the use of browser add-ons has made the decades-old practice of cookie theft a richer and easier prospect for hackers.

Once stolen, cookies may be read or decrypted to reveal your information, or used to impersonate you online, Cookie theft may also operate in conjunction with a fake WAP attack, or a hijacked session.

Avoiding public or unprotected private networks is your safest bet. Using a Virtual Private Network to encrypt and tunnel the connection on your phone or mobile device is also advised. And periodically clearing your browser and system caches will reduce the number of cookies you have available to steal.

Tools, hardwares, Softwares They are using :

• Kali Linux, Blackarch Linux OS (platforms for Penetration testing/attacks)
• Pen-drives Loaded with Kali Linux, Blackarch Linux Live OS.
• 

  
  

  Raspberry Pi Hacking Equipments (Raspberry Pi 3 RaspBee ZigBee module for Raspberry Pi – Command injection via custom firmware).
• Mobile Phone(android) Hacking tools.
• WiFi Pineapple and other 802.b/g/n Long-range USB wireless Adapters for Penetration testing/attacks.
• Alfa Network Board- A classic Wi-Fi board for injecting packets.
• Rubber Ducky This special pen drive is a device that works as a programmed keyboard in  the shape of a USB drive. When you plug it into a computer, it starts writing automatically to launch programs and tools which may either be available on the victim computer or loaded onto the drive’s on-board Micro SD, in order to extract information.If you watch the hit TV series Mr. Robot, you’ll likely remember that in the second season Rubber Ducky is a crucial ally for Angela, helping her gain access to an E Corp executive’s passwords
• Keyloggers

Rubber Ducky

Learn how to Avoid getting hacked

1. Avoid the use of free Wi-Fi hotspots.
2. Avoid automatic connections.
3. Ignore unexpected communications.
4. Don’t jailbreak your mobile devices.
5. Avoid using apps from untrusted sources.
6. Use tusted devices, always use a strong and complex password.
7. Choose the cloud backup wisely.
8. Make sure the website is secure while entering private informations.
9. Use Ad-Blocker in browsers.
10. Use a VPN while you can.

Prevention is better than Cure.

Hope you all got the necessary informations. Try to Digest them. Happy Surfing.