Hacking,ethical hacking and its brief

 

Hacking

In computer networking, hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. The term “hacking” historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the Internet and other networks.

Origins of Hacking

M.I.T. engineers in the 1950s and 1960s first popularized the term and concept of hacking. Starting at the model train club and later in the mainframe computer rooms, the so-called “hacks” perpetrated by these hackers were intended to be harmless technical experiments and fun learning activities.

Later, outside of M.I.T., others began applying the term to less honorable pursuits. Before the Internet became popular, for example, several hackers in the U.S. experimented with methods to modify telephones for making free long-distance calls over the phone network illegally.

As computer networking and the Internet exploded in popularity, data networks became by far the most common target of hackers and hacking.

Hacking vs. Cracking

Malicious attacks on computer networks are officially known as cracking, while hacking truly applies only to activities having good intentions. Most non-technical people fail to make this distinction, however. Outside of academia, its extremely common to see the term “hack” misused and be applied to cracks as well.

Common Methods for Hacking Computer Terminals(Servers):
This comprises of either taking control over terminal(or Server) or render it useless or to crash it.. following methods are used from a long time and are still used..
1. Denial of Service – 
DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic(which can be e-mail or Transmission Control Protocol, TCP, packets).
2. Distributed DoSs –
Distributed DoSs (DDoSs) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.
3. Sniffing – 
Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.
4. Spoofing – 
Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping
5. SQL injection –
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It uses normal SQL commands to get into database with elivated privellages..
6. Viruses and Worms –
Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.
7. Back Doors – 
Hackers can gain access to a network by exploiting back doors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in the network.
So, not interested in these stuffs.. huh??? wait there is more for you.. So, how about the one related to hacking the passwords of email and doing some more exciting stuffs.. The various methods employed for this are:
8. Trojan Horses –
Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the software can take the full control over the system and you can remotely control the whole system.. great..!!! They are also reffered as RATs(Remote Administration tools).
9. Keyloggers –
Consider the situation, everything you type in the system is mailed to the hacker..!! Wouldn’t it be easy to track your password from that.. Keyloggers perform similar functionallities.. So next time you type anything.. Beware..!!
10. BruteForcing – 
The longest and most tiring job.. don’t even consider this if you don’t know the SET of password for your victim..
11. Secret Question – 
According to a survey done by security companies, it is found that rather than helping the legitimate users the security questions are more useful to the hackers.. So if you know the victim well try this..
12. Social Engineering – 
Ya this was one of the oldest trick to hack.. Try to convince your user that you are a legitimate person from the system and needs your password for the continuation of the service or some maintainence.. This won’t work now since most of the users are now aware about the Scam.. But this Social Engginering concept is must for you to have to convince victim for many reasons..!!!
13. Phishing – 
This is another type of keylogging, here you have to bring the user to a webpage created by you resembling the legitimate one and get him to enter his password, to get the same in your mail box..!! Use social engginering..
14. Fake Messengers – 
So its a form of phishing in the application format.. getting user, to enter the login info in the software and check your maill..!!!
15. Cookie Stealer – 
Here the cookie saved by the sites are taken and decoded and if you get lucky.. You have the password..!!!
 
Hmmm.. not satisfied with single account at a time..?? so there are ways to hack lots of accounts together.. I know few but there exists many..!! listed are the ones i know and will teach you in coming posts…
16. DNS Poisoning or PHARMING – 
So, phisihing is a tough job.. isn’t it..?? convincing someone to enter their password at your page..?? what if you don’t have to convince..?? what if they are directed automatically to your site without having a clue..?? Nice huh..?? Pharming does the same for you.. More about it in my next post..
17. Whaling – 
This method gets you the password of the accounts which are used by the hackers to recive the passwords.. So you just have to hack one ID, which is simplest method( Easy then hacking any other account, will tell you how in coming posts..) and you will have loads of passwords and so loads of accounts at your mercy..!!!

Types of Hacker

A hacker is basically someone who breaks into computer networks or standalone personal computer systems for the challenge of it or because they want to profit from their innate hacking capabilities. The hacker subculture that has developed among these new-age outlaws is often defined as the computer underground, although as of late it has evolved into a more open society of sorts. At any rate, here are the different types of hackers.

White Hat: A white hat hacker is someone who has non-malicious intent whenever he breaks into security systems and whatnot. In fact, a large number of white hat hackers are security experts themselves who want to push the boundaries of their own IT security ciphers and shields or even penetration testers specifically hired to test out how vulnerable or impenetrable (at the time) a present protective setup currently is. A white hat that does vulnerability assessments and penetration tests is also known as an ethical hacker.

Black Hat: A black hat hacker, also known as a cracker, is the type of hacker that has malicious intent whenever he goes about breaking into computer security systems with the use of technology such as a network, phone system, or computer and without authorization. His malevolent purposes can range from all sorts cybercrimes such as piracy, identity theft, credit card fraud, vandalism, and so forth. He may or may not utilize questionable tactics such as deploying worms and malicious sites to meet his ends.

Grey Hat: A grey hat hacker is someone who exhibits traits from both white hats and black hats. More to the point, this is the kind of hacker that isn\’t a penetration tester but will go ahead and surf the Internet for vulnerable systems he could exploit. Like a white hat, he\’ll inform the administrator of the website of the vulnerabilities he found after hacking through the site. Like a black hat and unlike a pen tester, he\’ll hack any site freely and without any prompting or authorization from owners whatsoever. He\’ll even offer to repair the vulnerable site he exposed in the first place for a small fee.

Elite Hacker: As with any society, better than average people are rewarded for their talent and treated as special. This social status among the hacker underground, the elite (or, according to the hacker language that eventually devolved into leetspeak, 31337) are the hackers among hackers in this subculture of sorts. They\’re the masters of deception that have a solid reputation among their peers as the cream of the hacker crop.

Script Kiddie: A script kiddie is basically an amateur or non-expert hacker wannabe who breaks into people’s computer systems not through his knowledge in IT security and the ins and outs of a given website, but through the prepackaged automated scripts (hence the name), tools, and software written by people who are real hackers, unlike him. He usually has little to know knowledge of the underlying concept behind how those scripts he has on hand works.

 

Ethical Hacking

An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit.

Ethical hacking and a ethical hacker are terms that describe hacking performed to help a company or individual identify potential threats on the computer or network. An ethical hacker attempts to hack their way past the system security, finding any weak points in the security that could be exploited by other hackers. The organization uses what the ethical hacker finds to improve the system security, in an effort to minimize, if not eliminate, any potential hacker attacks.

Ethical hacking is also known as penetration testingintrusion testing and red teaming. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the “good guy” wore a white hat and the “bad guy” wore a black hat.

Getting Started with ethical hacking

What you need to do to get started on the road to becoming an ethical hacker depends on where you are in the IT field. If you haven’t started your IT career yet, you might even consider military service. The military offers many IT opportunities, and you get paid to go to school, even if you enlist in a part-time branch such as the National Guard or Reserves. Military service also looks good to employers that require security clearances.

Start with the basics: Earn your A+ Certification and get a tech support position. After some experience and additional certification (Network+ or CCNA), move up to a network support or admin role, and then to network engineer after a few years. Next, put some time into earning security certifications (Security+, CISSP, or TICSA) and find an information security position. While you’re there, try to concentrate on penetration testing–and get some experience with the tools of the trade. Then work toward the Certified Ethical Hacker (CEH) certification offered by the International Council of Electronic Commerce Consultants (EC-Council for short). At that point, you can start marketing yourself as an ethical hacker.

Qualification for a CEH (a vendor-neutral certification) involves mastering penetration testing, footprinting and reconnaissance, and social engineering. The course of study covers creating Trojan horses, backdoors, viruses, and worms. It also covers denial of service (DoS) attacks, SQL injection, buffer overflow, session hijacking, and system hacking. You’ll discover how to hijack Web servers and Web applications. You’ll also find out how to scan and sniff networks, crack wireless encryption, and evade IDSs, firewalls, and honeypots.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s