What is Hacking? (100+ Best Hacks)
When you hear the word hacking, you immediately think of accessing another person’s computer, stealing all the files that you need, or making sure that you have total control of the device even when you are away.
You think of hijacking it and making it do all things that the user would not probably want to happen in the first place. This blog explains What is Hacking with 100+ New Hacks used in 2019.
However, hacking as a tradition is far from this thought. In the beginning, hacking is thought of as the practice of making computers function better than what manufacturers intended them to be. Hackers are technologically skilled people who like discovering new processes and techniques to make things more efficient.
Malicious hackers, on the other hand, turn this noble goal into something damaging. Instead of improving how things work, they explore how to exploit vulnerabilities and learn how to attack and hijack computers, and steal or destroy personal files.
Here is a definition of the word hacking that people would agree with: it is the practice of exploring how programmable systems work and how to stretch their uses, compared to normal users who would prefer to only make use of the minimum necessary for their consumption.
What makes a hacker then? A hacker desires to know how computers work and want to make full usage of the information he acquires in order to know how to stretch the technology that is in front of him.
At the same time, all hackers believe that all knowledge about computers is good, and should be shared with other people who have the same goal as them.
Types of Hackers
Hacking goals have drastically changed due to the numerous innovations and technological issues that are available nowadays. There are also hackers who make it a point to differentiate their methods, goals, and hacking skill level from another hacker. These are the hackers that you are most likely to encounter:
1. Malicious Hackers
Also called criminal hackers, they use their skills to infiltrate computer systems in order to extract information without permission or through illegal means, create malwares and viruses, or destroy computer networks for personal profit or pleasure.
2. Gray Hat Hackers
These are hackers who may attempt to infiltrate a computer system, with or without permission, but they do this not to cause damage. They aim to discover vulnerabilities in order to bring these to the owner’s attention.
However, no matter how noble the idea is, they may still aim to compromise a computer system without getting authorization, which is considered an illegal activity.
3. White Hat Hackers
These hackers are also known as ethical hackers and they function as experts in thwarting any attack that may compromise computer systems and security protocols. They also exploit possibilities in optimizing security and other processes in order to make computers more secure and efficient.
White hat hackers are often hired by organizations to test their computer networks and connectivity in order to discover breaches and vulnerabilities.
White hat hackers also make it a point to report back to the computer’s authorized user all the activities and data that they collect to ensure transparency and enable him to update his device’s defenses.
Most ethical hackers claim that learning how to set up defenses and identify attacks is becoming increasingly relevant to society today, especially since attack tools are also becoming more accessible to aspiring malicious hackers.
For this reason, the demand for ethical hackers is growing within offices as more people learn that they need to prepare for more sophisticated attacks.
This blog will teach you how to fight malicious attacks by learning how hacking tools and techniques work. After all, ethical hackers need to think like the enemy in order to prevent them from infiltrating the systems that they are trying to protect.
At the same time, you will learn how to make sure that you know how to set up a secure computer network and prevent your own devices from being attacked by malicious hackers.
How to be a Hacker
If you want to learn how to hack, you need to have the following skills:
1. Computer Skills
This means that you need to have skills that go beyond Microsoft Office and basic web surfing. You have to be able to manipulate your computer’s functions using the command prompt, set up your networking system, or edit the registry in order to allow or block specific processes.
2. Linux Skills
Hackers consider Linux as the operating system for hacking tools. This open-source operating system also allows users to perform tasks that purchased operating systems like Windows and Mac would not allow.
3. Networking Skills
Since most of the attacks that you will learn to launch and protect yourself from will be networking attacks, you need to familiarize yourself with how computer networking works. Make sure that you know the different networking terms and how to change networking settings on your computer.
4. Security Concepts and Current Technologies
Hackers are knowledgeable when it comes to networking and computer security protocols. In order to launch a successful attack or thwart one, a hacker must know what kind of attacks can actually bypass security systems that are available.
5. Wireless Technologies
Since most devices nowadays rely on wireless connectivity, it is important to know how these devices work and how to bypass security. For this reason, you need to learn how encryption algorithms work, as well as how connection protocols work.
6. Web Applications
The Internet serves as a fertile ground for malicious hackers to launch attacks against Internet users. Whether you want to hack a computer or protect yourself from any attack, you need to learn how attacks using web applications and websites work.
The way attacks are coded is vital in setting up a defense against malicious hackers. Ethical hackers know that most of the malwares that they are trying to prevent are actually rehashes of the older ones and are designed to bypass newer defense protocols.
Malicious hackers, on the other hand, learn how to write scripts in order to discover new attacks that will possibly bypass security protocols that tend to get more sophisticated every day.
8. Digital forensics
Learning when a computer is infiltrated takes more than just running an antivirus kit and waiting for it to say that there is something wrong. All hackers, criminal and ethical alike, know that it is impossible for a single tool to actually know all the possibilities of possible hijacking or phishing.
For this reason, any hacker should learn to think ahead and cover their tracks, especially when they need to defend their devices from an attack or prevent people from learning what their activities are.
Hacking Skills: Learn Programming
Skills in hacking are just as important as attitude. A toolkit of basic hacking skills can pave the way to becoming a real hacker. Skills required to continually evolve as technology advances.
Hacking skills that were effective in the last century are different from the skills of hackers in recent years. However, the right foundation can help one in successfully evolving with the changes of time.
Learning programming skills
Software evolves as the needs and technological breakthroughs change to match the changing needs of the world. But whatever changes may occur, one thing is at the core: programming skills.
Anyone who wants to learn how to hack must first learn how to program. If not, then one cannot be able to keep up with rapid software development. Programming skills are at the core of all hacking skills.
A person who has no experience or any basic knowledge on programming may start learning Python. This is a widely used programming language that’s easy to understand. Beginners will find Python kind, with its well-documented and very clean design.
Python is a great first programming language to learn. However, it’s not to be taken lightly. Despite it being easy to learn, it is a very powerful language. It is very flexible and can be very effective for large projects.
Java is another good programming language to start learning programming skills. However, some hackers do not recommend this as a starting point for learning how to program. As a hacker, one must know exactly what each section does. Learning Java won’t provide this vital lesson.
Some explain that learning Java as a first programming language is like learning how to be a plumber by taking a trip to the hardware store. A hacker must know and understand what the components of the language actually do in order to find solutions and find ways to work with or around them.
Learning the C programming language is learning on an advanced level. This is the core language for many other software programs and applications such as Unix. C++ is another advanced language that, when learned, can be a very helpful skill to use. C program is a very efficient language and does not require too much from a computer’s resources.
However, it requires doing a lot of things and most of it at low-level resource management activities and manually. Low-level code management is bug-prone, especially when beginners work on it. It is also very complex, which may be too much for a beginner at software programming.
Debugging will also take up too much time and may not even yield high success rates, even for those who are already quite familiar with the language. With today’s technology, it is more efficient to work with programming languages that uses less time and require less from the machine’s resources but should also use up less of the user’s or programmer’s time.
Tip to learning programming skills:
There are so many programming languages that do lots of things. The best tip in choosing which one to use to start learning is determining what it can ultimately do.
For instance, a program that can handle critical processes may not be easy to learn. But when one becomes highly proficient in using such a program, it can be a valuable skill.
It also takes dedication and determination to learn a programming language. Also, do not stop learning just one programming language. Continuous learning is the key to be able to understand and keep up with the developments in the technological world.
Other programming languages that are of great use to hackers include LISP and Perl. These are more advanced and complex than Python but is very helpful. These languages are widely used in systems administration and inactive web pages. This means learning to read Perl is enough.
There is no necessity to actually learn how to write and use it. One of the reasons is that Perl is widely used because takes up less of the programmer’s time. Knowledge and understanding of Perl will open up a huge selection of places to hack on the web.
There is a whole new other reason for learning LISP. This would provide a profoundly enlightening experience and will greatly improve one’s programming skills.
Even though LISP won’t be used as frequently as the other programming languages, understanding it can help make hacking so much easier and more effective because of its many applications.
The best way to be a great hacker is to learn all five programming languages. These are Python, C and/or C++, Java, Lisp, and Perl. These languages are the most important ones to be familiar with in the hacking world.
These are representative programming languages for the different approaches commonly used across several types of programs and applications. Each of these languages will provide valuable lessons and knowledge that can greatly improve hacking skills.
Learning Programming Languages
However, despite learning all these languages, it won’t be enough to achieve a high skill level in hacking. One should be able to approach a problem-solving method. Also, learning programming languages is pretty much the same as learning any other language —it needs time for lots of reading and writing.
Hacking Skills: Open-sources
Get a copy of open source Unixes or Linux. Install on a computer and start learning how to use it. There are a number of other operating systems available. However, most of them are closed-source systems.
These closed-sources can be very challenging to crack, mainly because one would have to deal with binary codes. Inability to read the code will make it almost impossible to modify and hack it. Hacker experts describe this as learning how to dance while wearing a full body cast.
For example, try working and hacking Microsoft OS, written fully in binary and uses closed-source systems. That would practically be almost impossible. Hacking Mac Os X will be easier compared to Microsoft. It partly open-source and will be easier to read.
However, it is also partly closed-source so expect to hit numerous walls. With this, avoid becoming too dependent on the proprietary code in Apple systems. It’s best to put more focus on the Unix part.
This way, learn valuable, more useful things that can help in developing hacking skills. Working with open-sources such as BSD-Unixes is a great training ground because these are easier to read, understand and modify.
Aside from it being an open-source system that’s easy to read and work with, Unix is the Internet’s operating system.
That means an entire universe of hackable places just waiting to be hacked. Anyone can learn the Internet without having to learn what Unix is all about. But for those wanting to do some hacking over the Internet, learning Unix is indispensable.
This makes today’s hacking culture strongly focused on Unix. The Internet and Unix have a very strong relationship that makes it a rich hunting ground for hackers who have learned to use Unix.
So, better start learning Unix systems like Linux today. Install them. There is no need to worry about having to install Linux in a Microsoft computer; there won’t be any problems running any of these operating systems. Learn, run, and tinker with these open-source systems.
It also helps in installing and using other useful programming tools like Python, Perl, C, and LISP. Linux and other similar systems will make it possible to learn and work with many hosted apps and programs, much more than what Microsoft operating systems ever could host.
To get Linux is very easy and convenient. Get online and access the Linux website. Look for the menu for downloads and in a few minutes, Linux is installed and ready for use.
Hacking Skills: Proper Writing
Learning how to use the World Wide Web is another fundamental skill every hacker should learn. This means learning its basic markup language- HTML. Just like when trying to communicate, hacking would also require good writing skills.
In this case, you should learn how to write properly with HTML. It will be difficult to understand and uninteresting to communicate with someone who can’t be understood; this is true even in the world of hacking.
Differences in Hacking Writing Styles
Differences in writing styles can make create misunderstanding and miscommunication. At a glance, it may not make much of a difference. But on closer inspection, it means a lot. For example: “They went”. “They went.”
There isn’t any difference there, or is there? Look closer. In the first phase, the period was placed after the double quote. In the second phase, the period was placed before the double quote.
In American English grammar, this is already a very prickly topic; it is even more so in programming. These extra and misplaced characters can be a real pain in the neck.
Creating the desired outcome or solving errors can be really tricky and time-consuming because each character would have to be scrutinized in each line.
This small yet vital issue can also make it difficult when communicating a small portion of codes or command lines. Remember that hacking is a culture a community where hackers from different parts of the world communicate and share information.
Ineffective communication skills would make this very difficult. Hence, there is a need for every hacker to be fluent in communicating, especially in using written language.
Take a look at this example:
Delete one line from a file by entering “dd”.
In standard usage, this would have to be written as:
Delete one line from a file by entering “dd.”
The first instruction would mean entering “dd”. However, if using the standard usage of placing the period before the double quote, then the receiver of the instructions would type “dd.” (dd-dot). In the programming language, placing a dot after a command would require the program to repeat that last command.
It’s just a simple placement of a character (period) but can produce different results. Typing (d-d) would delete only 1 line while (dd-dot) would delete 2 lines.
To reduce confusion, hackers have their own style of writing, which often goes beyond standard grammatical usage. The rules are usually based on rules of British English grammar and other languages like Catalan, Spanish, Italian, German and French, particularly when dealing with special characters and punctuations.
Hacker Unique Writing Styles
Remember that in hacking, it’s mainly communicating through written texts. However, these special characters are used in order to provide some emotion and emphasis to the words.
These are used in order to give a tone to the strings of texts, giving the recipient/reader a clearer idea as to what these texts mean (i.e., reducing ambiguity).
Hackers have different meanings to the use of single quotation marks and double quotes. Singe quotes are used to mark parts or texts. Double quotes are used for actual reports of texts or speech taken from elsewhere.
Unix hackers that use email have a tendency to use lowercase characters all throughout. They use lowercase for usernames, C routines, and command names. Even if the names or words occur at the beginning of a sentence, lowercase characters are still used.
The main reason behind all these “special” hacker writing styles is that hacking requires precision and not much focus on conformity to grammar rules. Traditional rules can create ambiguity, such as in the examples given above.
Also, hacker communication has more meanings and carries a certain emphasis based on how they are written. For instance, texts written in ALL CAPS are considered “loud”. This is one of the common understanding in the online world, including the hacker community that talking (writing) in ALL CAPS, is similar to shouting in real life.
Underscores are also commonly used in hacker writing, but for a different purpose. When underscores are used, it signifies that the words are to be read as underlined.
Putting slashes before and after a word is commonly interpreted as placing the word in italics. There are so many other special characters used in hacking communication. These will eventually be learned as the hacking activity progresses.
Creating a Status in the Hacker Culture
The hacker community runs not on money, age, education or economic status. It runs on reputation, regardless of whatever background a person has. In fact, there are no other considerations for getting into the hacking community. The community judges a person based on one’s ability to solve interesting, challenging problems and how interesting the solutions were.
Hence, one has to be highly skilled and very creative. Remember, hacking is not just about technical prowess, but of creativity as well. Technology and art rolled into one.
Also, one only becomes a hacker and a recognized member of the hacking community when other hackers mention that name on a consistent basis.
That means consistently showcasing one’s hacking skill and being active in hacking activities. What other hackers think of one’s hacking skills matter very much because that will have a major contribution to building one’s reputation.
Hacking is not about solitary work. It’s not a picture of an individual working for hours in a dark room, as the media popularly portrays hackers. It is about working mostly alone physically, but working with others through Internet communication and information sharing.
Also, reputation is garnered by gaining respect from fellow hackers, which means that in order to become a hacker, external validation is needed.
Before, it was taboo among hackers to be openly concerned about their reputation. The hacking community in the early days wanted members to be sharing one focus and one goal, and that is to make the growing technological/cyber world better and more accessible to everyone.
Individual pride was supposed to be set aside in order to work together to achieve this common goal. Reputation in those days was all about an individual’s skills and ideas, and how it can contribute to the community’s goal and overall reputation.
By the late 1990s, the hacking community has slowly come to admit that individual reputation—as well as ego—does play an important motivating factor in one’s becoming a part of the community.
Hackerdom or the hacking community is described by anthropologists as a “gift culture.” Status and reputation are achieved by giving away to others.
It is unlike the type of culture that dominates the rest of society, where reputation and status are gained through establishing dominion over other people, having something others want or need or being the “most” (i.e., most beautiful, richest, etc.).
In the hacking community, one’s reputation is established and reinforced by giving something away. It may in the form of giving away (sharing) information, ideas, creativity, time and results. A hacker becomes better known within the community if he is willing to give away his idea that can help others in their projects.
Advice and opinions are very valuable in this community, especially if the information is not readily available or easy to obtain. For instance, if one hacker needs a certain source code or software to hack or fix something, he may just turn to the rest of the community for help.
Looking for it from “legitimate” sources, i.e., from the rest of society, may prove to be challenging and time-consuming, and may often turn out fruitless. In the hacking community, a person who is willing to share what he has is better embraced.
In return, a hacker who received help from previous endeavors will return the favor by giving away results to others.
A person who does not live by this code is most likely to be shunned by the hacking community. Alone, a hacker can only do so much. Hacking is all about establishing a reputation based on how helpful and giving one is. This will establish a network, which is invaluable in this type of community.
How to get respect from other hackers
The hacking community is close-knit yet reaches far and wide. It embraces people from everywhere, without any prejudice. However, as previously discussed, one has to earn respect and establish a reputation within the community. There are only 5 types of things that anyone can do to gain respect from the hacking community. These are:
Writing open-source software
Helping with testing and debugging open-source software
Publishing useful results and information
Helping in keeping the hacker infrastructure working
Serving the hacking culture
Writing an open-source software
This is the most traditional yet most central and THE first thing to do to earn the respect of the hacking community. Write programs that the other hackers will consider useful or fun.
The program’s sources and source codes should be made available to the entire hacker community for use. This is called an open-source software, where the source code is accessible for anyone who wants or needs it.
In the past, open-sources were known as free software. However, the term “free” got some people confused on what it exactly meant. To avoid the confusion and make it clear to all, the term “open-source” is currently used.
Great impressions are often received by people who wrote large and highly capable programs that can make varied tasks and cater to a wide variety of needs.
These programs generally cost a lot and giving such programs away is a huge plus when it comes to making an impression. It is also one of the greatest methods of establishing a reputation in the community.
Writing open-source programs is at the core of this latest hacking community. However, the ability to work with closed-source is still a desirable skill that earns the respect of other hackers.
Testing and debugging open-source software
Aside from writing one, testing and debugging open-sources is also a way to earn the respect of the community. Hackers and open-source developers rely on each other to test their materials and help in improving the systems.
People who make notable contributions to fixing vulnerabilities and some issues on other’s work are highly appreciated in the hacking community.
While ego and external validation have a high standing in the hacking community, hackers everywhere do know how to recognize and appreciate talents and skills. They do appreciate input from other hackers, willing to set aside their egos in the quest for creating the perfect software program.
The different hacker generations were able to produce notable software and hardware, made huge ripples in the cyber world not because they were working alone. No software or hardware started out perfect, and the issues were not resolved by just one person.
The idea may have stemmed from an individual, but the final product was perfected because of the community’s collaborative effort. Each hacker has his own forte, which can prove valuable. Hence, a hacker who is able to contribute to the improvement of someone’ else’s work earns the respect of the community.
Debugging, in particular, can take too much precious time. It can seriously setback the timeline before a technology, hardware or software can be launched for the public to use. By having a community work together, this is when the adage “two heads are better than one” is fully appreciated.
In the hacking community, one of the best ways to quickly earn respect is to be a good beta tester. These are people with the knowledge and skill to clearly describe symptoms of a bug, issue or vulnerability.
Then, the problems are localized, such as determining which part of the source code creates the problem, etc. A good beta tester should be able to tolerate these bugs well in a quickie release and willing to apply simple diagnostic routines to the open-source software.
Good beta testers are priceless, not just within the hacking community but in the entire cyber world. These people are often highly sought-after even by non-hackers, in order to test new software and to debug programs.
Good beta testers make a huge difference in making a bug or software problem reduced to a mere salutary nuisance. Without them, a problem can quickly turn into a protracted and exhausting nightmare.
If you’re new to the hacking community, try looking for newly released software or programs that are undergoing development. From there, you can practice how to be a good beta-tester. Be available and offer insights and ideas. Remember that the hacking community is not as discriminating as the rest of society.
If an idea sounds plausible, they’ll readily accept it. They won’t waste time in digging up one’s background before they accept an idea or proposed solution. Remember also, it’s the skill that matters.
If the proposed solution sounds credible and plausible, then pout it forward. This is also when communication skills come very important. A person should be able to communicate his ideas well. And this includes being coherent and grammatically correct.
Helping with the testing and debugging process is also one of the quickest ways to gain recognition and acceptance, as well as build a reputation in the hacking community. This step also sets in motion a natural progression, from helping with testing programs to debugging to modifying.
A lot of things can be learned from this process. This will also set off good karma- help others and others will help you, too. Helping and sharing is what makes the hacking community thrive. These same principles will help a person thrive in this community as well.
Publishing Useful Information
Another good way to get noticed in the hacking community is to bring together useful information and make it available as document or web pages that anyone can use.
Make some sort of a “Frequently Asked Questions (FAQs)” list or a collection of interesting things about what concerns others such as information and technical support for open-source programs. Some maintainers of technical FAQs do get as much respect as the authors of open-source programs receive.
Keeping the hacking infrastructure working
This means taking part in the time-consuming, massive responsibility of working behind the scenes and keeping things running smoothly. There is so much to do within the hacker community and the world of the Internet for that matter. There is keeping things well categorized so that other hackers can look for specific items more efficiently in less time.
There is also the maintenance of software archive sites that are usually large. Newsgroups also need monitoring and moderating in order to keep things calm and relevant to everyone. Imagine having to log into a chatroom only to have to be forced to scroll through long lines of gibberish.
A moderator is needed in order to eliminate distractions and keep topics focused. Other technical standards such as developing RFCs are also part of maintaining the proper and smooth function of the infrastructure,
This might sound unglamorous but people who help with the infrastructure gain great respect from the hacking community. Everybody knows how much this job requires time, effort, and skill for the benefit of everyone. Performing this job also shows one’s dedication to getting jobs done.
Also, this is rich ground to search for opportunities to learn and demonstrate hacking skills. For instance, moderating newsgroups is getting first dibs on the latest open-source available, or what programs need testing and/or debugging.
Serving the hacking culture
Propagate and serve the hacking culture. There are so many ways to do this. One example is to write accurate primers on how a person can be a hacker. In order to do this, first be a hacker and perform any of the previous 4 activities. Sharing experiences to newbies and those who are interested in becoming a hacker is a very important role to play.
There are no leaders in the hacking community. There are spokespeople, “tribal elders,” and heroes. These are people who have valuable lessons and tips to share that can only come from seasoned hackers.
However, hackers wanting to be mentors or go-to persons for advice should be very careful not to sound too egoistic. Be modest when taking this role. Also, actively striving for this position may do more harm than good. Start by joining chat rooms and newsgroups.
Then be ready to provide answers to any of the queries or issues. This, of course, requires gaining a few experiences in order to provide valuable and useful tips and help to others.
Hacker and Nerd
Being a hacker does not necessarily make one a nerd. Also, hackers are not necessarily social outcasts who frequently resort to living life online. However, being both a hacker and a nerd can be a tremendous advantage.
And incidentally, most hackers are nerds and are sort of social outcasts. It is more related to the demands and rigors of hacker life other than a requirement. Writing open-source programs, testing and debugging all take time.
The more complex a program or bug is, the more time is required to fix or solve it. Hence, hackers do tend to spend more time facing a computer than being out there and socializing like the rest of the world.
Also, some serious hackers prefer to spend more time talking with people of the same interests than spend precious time on non-hacking activities.
This is one community that takes the label “geek” with pride. It’s one way of declaring their independence and non-compliance with societal standards and expectations.
Another is that most hackers tend to share the same interests, extending from hacking activities to science fiction and strategy games. It keeps their problem-solving and critical thinking skills sharpened.
Also, hacking does not mean forsaking socializing physically (i.e., in person) with others. If a person can be a good hacker while still maintaining friendships and activities outside of hacking, it’s totally fine.
Beginners would just expect that there might be times when they would be spending more time online with some hacking activities and may have to miss out on some of mainstream socializing.
Rules of Ethical Hacking
If you are interested in hacking computers in order to launch attacks and cause damage to other computers or steal data, then you may think that ethical hacking is not for you. However, it does not mean that this is an uninteresting activity.
While not as mysterious as malicious or gray-hat hacking, there is more value in ethical hacking. It is systematic, which makes it possible for a white hat hacker to actually know when his method works.
Ethical hacking makes it possible for a computer user to “read” moves of any attacker by learning all the tools that malicious hackers have, and then using the same tools to protect his computer or even launch a counter-attack.
[Note: You can free download the complete Office 365 and Office 2019 com setup Guide.]
Commandments of Ethical Hacking
Ethical hacking entails that all hackers who would want to hack and improve systems through the legal way should do the following:
1.Create specific goals
An ethical hacker thinks like a malicious hacker, but only to a point. He needs to identify vulnerabilities but he also knows that he needs to stop hacking at a particular point when he no longer knows what to do anymore. This is essential to stop possible repercussions.
Note that hacking can possibly make him crash the system that he is trying to protect, and there may be a point when he cannot find a solution to the repercussion of his actions.
For that reason, he needs to be sure that he is aware of what may happen as a result of a penetration or attack test and know how he can fix it. If a possible attack will lead to damage that he cannot fix, he will need to let a more capable ethical hacker handle it.
2. Have a planned testing process.
Ethical hackers need to prevent any untoward incidences that are very likely to happen when testing attacks on computer systems and processes. He needs to identify all the tests that he would be doing, together with all the networks and computers that would be affected by them, and tell when the tests would be carried out.
That way, the hacker will have an assurance that he will not have any liability on any possible attacks on networks that may happen outside that timeframe. This will also prevent him from having to interfere with any activity that may be stopped or compromised because of a testing task.
Here is a related rule that you should abide with: do not crash your own system when you perform test hacks. There are numerous websites, like Hack This Site, that will allow you to test your hacking skills.
If you need to test physical vulnerabilities, then it would be a good idea to have spare hardware that you can perform tests on for practice.
3. Obtain authorization to test.
Even if he can get away with it or if it is for the good of the organization that he is serving, an ethical hacker must always ask for written authorization that says that he can perform a test during an agreed timeframe on specific networks.
That ensures the hacker that he will not be held accountable for any claim that security or privacy has been breached during a particular test.
On the other hand, authorization also allows computer users to prepare to be mindful when another hacker tests privacy settings and data encryption. This way, users can also find a way to first remove sensitive data on their devices before carrying out any tests, if they wish to do so.
4. Always work professionally.
Professional ethical hackers always make it a point to stick to the plan. They do not step out of the boundaries even when they can do one more test attack, nor do they share any information with a third party about the systems that they manage.
5. Keep records.
Ethical hackers make it a point to take note of all vulnerabilities, remedies, and testing timelines in order to ensure that all solutions that they propose are not random.
That means that if you want to be a hacker, you also need to keep a record of results and recommendations electronically and on paper and make sure that those documentations remain confidential.
6. Respect privacy.
If there is anything that will separate an ethical hacker from the rest of the hackers nowadays, it is their undying respect for privacy.
Ethical hackers are the only hackers who will never go beyond the line of professionalism just because they can. While it is easy to go beyond borders and know that you would probably never be caught, you know better and stick to your responsibility.
7. Respect the rights of others.
Hackers know that there is too much information that one can extract from any device, but ethical hackers know better. These are sensitive data that they must protect at all cost. For that reason, they refrain from performing any activity that may jeopardize the rights of any computer user.
Why Ethical Hacking is a Demand
Perhaps the question to ask is “Why you should learn how to hack”. The answer is simple: it is because thousands to millions of people out there are quickly learning how to, and you do not have any idea what kind of hacker they would be once they master this skill.
At the same time, you are aware that as people become more dependent on the internet and their electronic devices, the information that they store and send out become increasingly valuable. More often than not, the files that you store, download, or send to someone else can be a tool against you.
For that reason, many information technology security personnel made it a point to learn how to hack in order to discover all the preventive measures that they can implement in order to stop malicious hacking into the organizations that they protect.
However, all computers users also have the reason to know how they can protect themselves. Even if you do not have millions of dollars in your bank account, you are still likely to be a victim of cybercrime.
Identity Theft and Fraud Prevention claimed that there are around 15 million US residents whose identities were used in fraud each year.
This effectively granted malicious hackers $50 billion or more. The number is still growing by the second, as about 100 million Americans continue to place personal information at risk through the Internet, public and corporate databases, and personal devices, which can be targeted by malicious hackers or social engineers.
For that reason, more people are increasingly becoming interested in ethical hacking. More and more people want to learn how to identify attacks that they will most likely encounter and how they can use the most appropriate preventive measures.
Needless to say, it is important for every computer user to learn how they are being targeted and how they are going to fall prey into a trap launched by a malicious hacker.
In order to prevent yourself from being a victim of a cyber attack or any type of criminal hacking, you first need to see what other people, especially hackers, see when they look for potential targets. The next blog will teach you how to do that.
What Hackers See During a Sweep
When you already developed the mind of a criminal hacker within you, you will want to attack the following people:
1.Those who have files or identities of value
2.Those who have websites that generate enough traffic or host many sites
3.Those who are easy to hack
When you look at this line of thinking closely, you will realize that most everyone can be a potential target. Any person who has a credit card and makes noticeable purchases can be a good target.
It would definitely be a bonus to a hacker if he lands on an unsecured credit card information and more. When you think about it, there is a lot of possibly unsecured personal information that can turn into profit just lying around online!
If theft is not the goal of a hacker, you definitely would still not want anyone to send you any information that is not useful at all, like spam. Your activities online also reveal your preferences, thereby targeting you for unfair advertising.
Google, for example, allows all its third-party vendors to see what you are searching for, which prompts them into thinking that you are a valid lead for a product. While you may be interested in what they have to offer, you do not want advertisements to pop up in your screen all the time.
How Hackers Sweep
Now, let’s figure out what hackers see about you (or the organization that you are currently serving). The best way to do that is to launch a web search on Google to yield as many results as possible.
Doing a simple Google search will tell you all the blogs, social media accounts, and mentions about you in all websites where your information is not encrypted. You will also possibly see all contact numbers and addresses that you have had in a single search.
If you have a company, a simple web search will also tell you the following:
1.Names of your employees and their contact details
3.Most important dates about your companies
4.Names of your partners, plus details about mergers and your large purchases
5.Trademarks and patents
6. Presentations, web videos, webinars, and articles
What does that tell you? It means that whenever you go to a website or have an online subscription, you are leaving trails of your identity online for everyone to see. That means that whenever you use the Internet or send a file online, someone is tracking your behavior. That information is useful to any malicious hacker.
If a hacker detects that you are possibly worth hacking, then he may proceed to dig deeper into the Internet. He may choose to do so by doing the following techniques:
1. Using keywords
Keywords allow any user to search for any particular information that is potentially searchable online. If your phone number is not listed right away in the first 10 results you see on Google, then you may use a keyword to see if it is hidden in a less popular website or webpage.
2. Through advanced search options
Any user can search filters embedded in most browsers to search for all the websites that link back to your information or your website. This will reveal all third-party vendors that would possibly have your information, and also all your affiliations.
3. Through web switches
You can search for words or phrases that are connected to you or a file on your website. To do that, you can use the following lines in a Google search:
You can even use a Google search to find a particular type of file on your website. Here is a string that you can use to do that:
By using the above string, you can search for all the .swf files and download them. This file type can store sensitive information such as credit card information or addresses, which can be targeted for unauthorized download and decryption.
4. Through web crawling
Web crawling tools, such as the famous HTTrack Website Copier, can be used by any malicious hacker to mirror a particular website by downloading all files or fields that are accessible publicly. That provides hackers the opportunity to study a website and all its engagement by having an offline copy of the following:
a. Layout and configuration
b. Files and directories
c. Source code
d. Comment fields, which may display the email addresses and names of developers and IT personalities, as well as IP addressing schemes.
Now that the hacker is aware that a website or a particular person he is investigating online has a lot of files that can be useful to him, it makes sense for him to dig deeper into how he can possibly launch an attack. At this point, a hacker will attempt to scan your system and map out how your network is set up.
You can think about this activity as the planning stage of a thief. In order to break into a house successfully, he has to have a visual of your floor plan.
For that reason, he has to know the best way to enter through the property, enter the room where the valuables are, and then sneak out unnoticed. The same line of thinking goes for those who want to deface a property for a prank.
You may ask: why would a hacker think about sneaking out when the theft and vandalism are happening through computers anyway? The reason is that most hackers would not want to leave a trail that leads to where they physically are.
Take note that as a rule of thumb, whenever you send data or download something from the web, you leave crumbs behind, which can reveal where the computer used for the illegal activity really is. For that reason, a malicious hacker would want to do what it takes to remain undetected in order to steal your data repeatedly.
However, as long as you can figure out where a hacker probes and what method he is using to look for your computer’s vulnerability, you can possibly trace him back. Here are some of the most popular ways to probe into a computer’s network system:
1. Use information that can be found on a Whois search
Yes, there is a website that actually reveals how a website is laid out, including its IP address and the bunch of hostnames that it uses. Whois allows all users to view running protocols, available shares, applications, and open ports when you do a search for a website. You can also find whom the website is registered to when you do a search there.
2. Use internal host scan
Internal hosts are invisible to most users, and server owners do want them to remain that way. Hackers often probe internal hosts to see whether they are within the scope of any protection. When they are unprotected, a malicious hacker can set up shop within your internal hosts and remain undetected!
Other Popular Way to See Who to Attack
A malicious hacker would also want to see who the neighbors are and how they can be attacked. There are many reasons why they would want to do that: first, they are more likely to obtain more valuable information about the people who are near them than blindly launching an attack on a person that they have not seen before.
Second, they can easily use their neighbor’s Wi-Fi connection to mask their activity and lure authorities that the attack is coming from something else. Third, once a Wi-Fi connection is breached, they will also have access to their neighbor’s networking system and proceed to attack their personal files for profit.
That means that the most dangerous hackers are the ones who are near you – not only do they see and hear a lot of clues about what your password could probably be, they have a lot of means to launch a social engineering attack (you would learn more about this later) and dupe you into giving them the answer to your security question on your social media account.
At the same time, you can also unknowingly give them a free pass on your Wi-Fi connection and clog your bandwidth with large downloads, or worse, use your location to attack another person!
Turn Down the Noise to Prevent Attacks
At this point, you may be thinking that the people who are most vulnerable to attacks are those who are generating too much information online. At a point, that is true. Hackers do not normally attack anyone who does not garner their attention. In order to prevent this from happening, make it a practice to minimize how attackers can possibly see you.
1. Turn off your SSID broadcast
Your SSID shows the name of your Wi-Fi, and also the clue that you are just close by. Turning it off will prevent any attacker close to your location from knowing that you are online. Doing so will also prevent hackers from noticing your Wi-Fi connection and attract them into attempting to hack it.
2. Use Virtual Privacy Networks (VPN)
VPNs are great for two reasons: they mask where your location is, which prevents any hacker from knowing where your activities are located and conceal your identity online; plus they also allow you to access websites that are locked according to locations.
3. Take down all your unused subscriptions
You do not need thirteen emails and multiple blogs that you barely have time to manage. These only serve as breeding grounds for spam and phishing scams. Take them down as soon as you can.
4. Ask websites to remove your personal information
If you see your contact number or address from any website, then you can contact the webmaster to remove them from public access for your privacy. That would prevent anyone from contacting you without authorization and prevent you from receiving spam or phishing emails.
By doing these things, you will make it hard for any malicious hacker to notice you and then think of launching an attack. But what can you do when a hacker already launched an attack against your computer system? At this point, you will have to go back to the basics and understand how a malicious hacker would get into your computer.
Understanding Basic Security Systems
All hardware, networking, and operating system manufacturers understand that all computer users need protection in order to set up a defense against unauthorized access.
Most of the time, this protection comes in a form of a password and encryption in order to give hackers a hard time decoding important files in any case they get past initial security.
However, skilled criminal hackers have different methods for decoding passphrases and encrypted files. Some can even devise methods in order to manipulate a computer user into simply giving out his password.
Because of this, you have to understand how protected your computer really is by understanding the different kinds of attacks that device users normally experience.
Network Infrastructure Attacks
These attacks are those that are launched by hackers by reaching a computer’s network via the Internet. These attacks are done through the following:
1.Attaching to a network via an unsecured wireless router
2.Targeting vulnerabilities in network protocols, such as TCP/IP and NetBIOS
3.Covert installation of any network analyzer to capture every packet sent from the targeted computer, and then decrypting the information into clear text.
Operating System Attacks
These attacks are probably most preferred by criminal hackers, simply because different operating systems are susceptible to different types of attacks. Most hackers prefer to attack operating systems like Windows and Linux because they are widely used and they already had plenty of time learning how to exploit their vulnerabilities.
Here are some of the most popular OS attacks:
1.Attacking the OS authentication system
2.Destroying the file system security
3.Cracking passwords and taking advantage of weak encryption policies
4.Attacking the computer’s built-in authentication policies
These attacks normally take advantage of email software, web applications, and file downloads. These systems are typically attacked:
HTTP and SMTP applications, since firewalls are often configured to allow full access of these services
Unsecured files that typically contain personal or sensitive information that is scattered through servers and database systems containing vulnerabilities
VoIP policies, since they are normally used by businesses
Mapping Out your Security System
Now that you know these attacks, you have an idea regarding which part of your system you should protect the most, and what malicious hackers would want to test in order to know whether they can penetrate your computer system or not. When attackers want to infiltrate a system, they would want to know the following:
1. Your privacy policies
Your privacy policies include the firewall that you are using, the type of authentication you require for your Wi-Fi connection, and other technical information about your network. These are the things that you definitely do not want other people, apart from the users of your computer system, to know.
Once other people learn how you let people connect into your network, there is a big chance that they will know what hacking method they should use in order to get into your network and exploit other vulnerabilities.
2. Your computer’s hosts
A simple Whois search will provide IP addresses and hostnames, and will possibly reveal all the open ports, running services, and applications. A hacker may also want to use the basic ping utility that they have in their OS, or third-party tools that will allow them to ping multiple addresses, such as the SuperScan or fping for UNIX.
3. Open Ports
It is possible to list network traffic through a network analyzer like Wireshark and OmniPeek. You can also scan all network ports available in a computer using SuperScan or Nmap. By doing so, you can uncover the following information about your network:
1.All protocols that you are using, such as the NetBIOS, IPX, and IP
2. All services running in each host, such as database applications, email services, and Web servers
3.Remote access services such as Remote Desktop, Secure Shell, VNC, or Windows Terminal Services
4.Your computers VPN services, such as SSL, IPSec, and PPTP
5.Information about required authentication for sharing across the network.
Specific ports unveil specific tasks that are running in a computer, and once you probe them, you will see which path is the easiest way for any malicious hacker to take in order to hack the information that is most important to him.
As a rule of thumb, you would want to start protecting the hosts that would give any hacker the easiest way to your most vital information or taking control over your entire system.
Secure System Checklist
If you want to make sure that you have a secure computer system that is impenetrable or difficult to penetrate, you need to make sure that your system is protected from the following elements:
1. Physical access or theft
A computer that has no physical security is an unsecured machine. Make sure that you have protocols when it comes to who should be allowed to access your computer physically. Also, make sure to store your computer securely in order to prevent theft.
2. Remote vulnerabilities
While most computers have antivirus programs that detect suspicious programs and then quarantine them, a computer needs to be protected from other computers that attack your system outside your local network.
With this said, you need to make sure that your ports are secure. You can protect your ports by having a secure firewall that will prevent unauthorized access from one computer to another.
It would also be a good measure to check for software installed in the computer and see which ones are capable of communicating with other users beyond the firewall.
3. Peripheral attacks
While these are uncommon nowadays, there are already reports wherein computers are being attacked by devices that are connected to open ports. These attacks happen because most of the peripheral devices that people own now have their own processing abilities and memory.
It is important to check all peripheral devices that are being inserted into USB hubs or are connected wirelessly to your computer for bugs or skimming devices.
That way, you can prevent any keylogging software or firmware that can root your computer. Smartphones should also be checked for vulnerabilities and possible malware to prevent unwanted file transfers.
4. Phishing attacks
Phishing attacks are often designed to look like you are communicating with authority from a website that you frequently visit or a brand that you normally buy. These attacks often attempt to make you reveal your personal information, such as your passwords or security codes.
These attacks can be easily prevented by having a smart protocol when it comes to replying to emails or phone calls. It is a necessary rule for people to always inspect elements of an email or a phone call and become mindful of suspicious activities.
At the same time, it should always be a practice for everyone to only reveal sensitive information through secured and verifiable means.
At this point, it would be a good idea to start mapping out the most vulnerable areas of the computer system. It is also the best time to create testing standards to avoid mishaps and develop accurate documentation and action points whenever you do a hack test. Your standards should include the following:
1. Documentation of which tests are performed
2. Source IP addresses if performing test across the web, and how these tests are performed
3.Action plan when a vulnerability is discovered
4.Date and time when the tests are performed
5. How much information and what skills you need to acquire in advance before performing a test, including the ideal hacking tool to use
By having a standard on how to test for vulnerabilities and actually knowing what you need to do when you encounter a major security flaw in your system, you will be able to get rid of all the baseless assumptions about hacking.
When you have a standard to follow, you will realize that hacking involves real risks and that you should stop hacking when you become unsure of the outcome. You will also realize that you do not have all the right tools for the method of hacking or forensics that you need.
At the same time, you will also be able to acknowledge that systematic hacking, whether ethical or not, requires great timing. That means that attacks on your computer, most especially the successful ones, happen when a hacker lands on the best vulnerability to hacking and a computer user who does not know how to identify an attack.
Now that you have all the information that you need about how your network and your computer stores and sends information, you will want to start assessing for vulnerabilities.
In order to fully understand and embrace the hacking life, understand what the mindset of a hacker is. For one thing, hacking is not everything. The hacking community does not expect every hacker to be a nerd, to be social outcasts and to live fully and solely for hacking.
In fact, there are a few non-hacking activities that can help in improving one’s hacking skills. Some of these are:
What does being able to write well in English or native language have to do with hacking? It’s for better communication skills. Again, hackers mainly communicate with written texts through emails, through program codes, through newsrooms, or through chats.
One stereotype about hackers is poor communication skills. Common portrayals of hackers are people who can’t spell, have poor writing skills and poor grammar, and are unable to express themselves well. There are a few but the great hackers are those who are at least able, if not great, writers.
The ability to communicate through written texts is crucial in communicating with programmers, software developers, and other organizations that may be seeking their help or advice.
Also, it’s a great advantage in learning and appreciating puns and wordplay. It’s a great mental practice among hackers. It also is a form of entertainment, especially during stressful hacking activities. Also, it helps in sharpening their vocabularies and other language skills.
Other things that can help in hacking include:
Reading science fiction is common among hackers. It promotes imagination, fuels creativity, and helps in sharpening one’s critical thinking. Creativity is part of the core of hacking and one of the best ways to hone it is through science fiction.
Aside from reading, attending science fiction conventions can also help. It’s also one great way to meet proto-hackers and hackers in person, which also promotes better relations with the community.
Martial arts may seem completely unrelated to hacking, but practicing it can help in improving one’s hacking skills. Martial arts incorporate mental discipline that can help a person in focusing on hacking activities. This mental discipline also helps one in getting through long hours of tedious or challenging testing, debugging, or writing programs.
There are quite a number of serious hackers that train in martial arts. Popular martial arts among these hackers are Aikido, Kung Fu, Karate, Western fencing, and Jiujitsu.
Some also practice pistol shooting. Martial arts that can help improve hacking skills and performance include those that put more emphasis on precise control, relaxed awareness and mental discipline.
The best martial arts for hackers are those that do not require much physical toughness, athleticism or raw strength, which does not help much in actual hacking.
Studying meditation disciplines also help. It can help in retaining focus in midst of long, tedious hacking work or when program issues seem to be too overwhelming.
An example is Zen, which is also an actual favorite among hackers. This does not mean having to give any current religious beliefs in exchange for these meditation beliefs.
It’s just meant to aid in keeping a calm and focused mind because hacking can turn hectic, mind-numbing, and draining. Also, when choosing any meditation technique, choose one that does not require you to embrace some far-off, wacky, or totally nonsensical ideology.
These activities help in keeping the mind focused and strong despite performing some mentally draining activities. Also, it helps in improving the functioning of the right and left hemispheres of the brain. Hacking requires good functioning of both sides of the brain, which are for logical reasoning (right hemisphere) and for creativity (left hemisphere).
Also, hackers often find themselves having to use logical reasoning and then take steps beyond logic at a moment’s notice. Exercises or non-hacker activities like these can help with that quick transition whenever needed.
Also, learn how to “work hard, play hard”. It’s one of the hacker’s ideologies to work as hard as one plays and to play as hard as one works. Boundaries between what constitutes work and what is considered play seem blurred in the eyes of a true hacker. They treat their work as fun, like playing, but still serious enough to provide credible and outstanding results.
After the ink on the contract has dried, it’s time to gather information about your target. Intelligence gathering is a meticulous process through which you are locating information that may be useful when carrying out later phases of your test.
Because we live in the Information Age, the process will take some time to complete, but it’s time well spent because just about anything you want to know about anyone or any company can be found if you take the time to look, use the right tools, and ask the right questions.
Introduction to Intelligence Gathering
Information gathered about a target can help refine the steps that will come later. During this process, you should seek to use as many methods as is reasonable to observe and collect information about your target.
You should be paying special attention to anything that may have the potential to be exploited later (though it will take some experience to develop an eye for what is useful and what is not).
Eventually, you should be able to pick out items that have the potential to be helpful later in the pen testing process. Until you develop your “eye” and are able to detect the useful information carefully, examine what information you are uncovering and the details that are included.
From the client’s standpoint, there can be several negative results from the gathering of intelligence in regard to their infrastructure and business operations:
Business Loss If customers or vendors discover that their information or other data is not properly secured. it could easily erode their confidence and cause them to go elsewhere.
Information Leakage This includes information that either deliberately or accidentally is made public, such as project information, employee data, personal details, financial information, or any of a number of possibilities.
Privacy Loss This is a particularly bad situation where information that is supposed to be kept confidential is disclosed. The biggest threat with this is not just a loss of confidence, but the legal repercussions that can result.
Corporate Espionage Information that is uncovered through the footprinting process can also be uncovered by well-financed and curious competitors looking for details about what a company is doing.
Fortunately, or unfortunately, as the case may be, a wealth of resources is available for you to gain information about a target. This information is waiting for you to conduct your research on a target and put all the information you collect together to paint a picture of your victim, or in the case of pen testing, your target of assessment.
Categorizing the Types of Information
Generally, when investigating a client you are seeking to collect as much information as possible from a multitude of different sources. You can expect to find a lot of information about a target, including
Technical information such as operating system information, network information, applications present, IP address ranges, and even device information. Additionally, you can expect to be able to locate webcams, alarm systems, mobile devices, and much more.
Administrative information such as organizational structure, corporate policies, hiring procedures, employee details, phone directories, vendor information, and much more.
Physical details such as location data, facility data, people details, and social interactions with individuals, to name a few. Expect to be able to view location details of a facility through simple surveillance or by using resources such as Google Street View to gain an understanding of the layout of an area.
Within these categories there exists a tremendous amount of information to be unearthed. The question is how much of it is useful and how much could you be overlooking.
In fact, be prepared to experience something known as “information overload,” which is where you become overwhelmed by the amount of data being collected to the point where it cannot be processed effectively (if at all).
Remember that too much information can be a dangerous thing. It is easy to become so enamored by what is being revealed that you end up gathering information that may not even be useful. Learn from your intelligence gathering and from the experience you gain from later stages which information is most useful and which may be less so.
Categorizing the Gathering Methods
During the information-gathering phase, you should be able to formulate an attack strategy as well as gain an understanding of what information an organization releases. Information gathering typically falls into three categories.
Passive methods are those that do not interact with or engage the target. By not engaging the target, the hope is that they are given little or no indication of your impending attack.
Active Methods that fall into this category are making phone calls to the company, help desk, employees, or other personnel. Anything that requires you to actively engage the target would fit into this category.
Open Source Intelligence (OSINT) Gathering As far as intelligence gathering goes, open source or passive information gathering is the least aggressive.
Basically, the process relies on obtaining information from those sources that are typically publicly available and out in the open. Potential sources include newspapers, websites, discussion groups, press releases, television, social networking, blogs, and innumerable other sources.
Examining a Company’s Web Presence
A good place to start gathering information about a target is their own website. Websites represent an organization’s way of informing the public about what they do, why they exist, and plenty of other pieces of information. Figure 5.1 shows a typical company web presence.
When examining a website, look for the following information that may be of use:
Email Addresses Keep an eye out not only for email addresses in general but any address that may go to a specific individual or to a specific department. The former type of address can be useful in targeting individuals for social engineering attacks such as phishing (to be discussed a little later) and the latter for gaining information about projects or department structure.
Physical Addresses Any physical address may give an idea of not only where individual offices are but also where certain functions may be done, such as shipping, order processing, or even a headquarters office.
Additionally, if you are going to be tasked with performing physical security assessments and penetrations, you may be able to use physical addresses together with mapping applications or Google Street View to view the premises from afar to plan an attack.
Careers Many companies post job information on their websites as part of normal operations to attract new employees. Although this practice of posting this information is not necessarily a bad idea, it could become a problem if handled wrong.
Companies that post things such as technical jobs may be tempted to post specific items such as “Active Directory experience” or “Windows Server 2012 experience” along with other details.
It may sound like a good idea to put these details, but a pentester can look at this information and quickly determine what technology a company has “in-house” as that’s the only reason they would be looking for people with said experience.
Product, Project, or Service Information Though not a big problem, if you are going to be performing a social engineering attack, learning the lingo and types of things the company does can help you convince a target employee that you are making legitimate requests for information.
Now you have a brief idea of what to look for from a website, but the problem is that gaining this information from a particularly large website can be very time-consuming. Luckily, there are ways to speed up this process dramatically or at least assist you in your mining for information.
Viewing a Website Offline
Examining a website is a great idea, but what if you could examine it offline on your own computer?
Things would be a lot easier because you could search the files for text strings, patterns, different file extensions, and even content that was thought hidden in some cases.
The applications that perform this function are commonly called website downloaders, sometimes also known as website crawling, and many are created just for this purpose. One of these utilities is known as BlackWidow for the Windows platform.
You point BlackWidow at a website by supplying the address, and when the process starts, the application will proceed to download what it can from the target.
An alternative to using BlackWidow is using Wget, which is available on both Linux/Unix as well as Microsoft Windows (though not without downloading the application first).
Wget is a utility common to both the Linux and Unix platforms and is a staple of the default installs of both. Until recently there was no Wget client for Windows, but that has been addressed and a simple Google search will locate a copy for you.
Download the whole website into a folder of the same name on your computer using this:
sudo wget -m http://<website name>
The –m option stands for the mirror, as in “mirror this website.”
Mirroring is another term for downloading a website.
If you want to download a site in its entirety, you can use the following: wget -r --level=1 -p http://<website name>
This command says, “Download all the pages (-r, recursive) on the website plus one level (—level=1) into and get all the components such as images that make up each page (-p).”
Now let’s look at another thing you need to consider when analyzing a website: subdomains. Subdomains are a division of the main website name. For example, a subdomain of Microsoft.com would be support.microsoft.com or beta.microsoft.com. In the real world, you would have to enter the full name or click a link to get to these subdomains.
So, why would a company do this as a standard practice? Well, they may do it just to organize their content a little better by giving different functions or departments their own subsite that they control. Or companies may also sub-domain sites like this to crudely “hide” content, figuring that obscurity through security is a good idea (it isn’t).
So, how can you easily find these subdomains? Well, a number of ways are at your disposal, but let’s look at one using a website known as Netcraft. Netcraft is a website you will be seeing again in a little bit, but for right now you will be using one of its features to find subdomains.
For this exercise, you will be using the www.netcraft.com website to view information about a target site.
1. Browse to the website www.netcraft.com.
2. In the What’s That Site Running box, enter www.microsoft.com.
3. Press Enter.
4. View the information in the results.
Pay special attention to the information regarding IP address, OS, and web server as each will be useful in targeting attacks later.
Finding Websites at Don’t Exist Anymore
What would you do if you wanted to take a look at a website that was no longer there? Or an older version of an existing website?
With a website known as Archive.org, you are able to use a feature known as the Wayback Machine. With the Wayback Machine, you can find archived copies of websites from which you can examine and possibly extract information from and put to use.
In my experience, I have found copies of old company directories, technical information, project and customer information, and much more.
In this exercise, you will use the Wayback Machine to view an archived version of a website.
1. Browse to www.archive.org.
2. In the box next to the Wayback Machine, enter in the name of the website to be viewed. For this exercise, enter www.microsoft.com.
3. Click Browse History.
4. In the results, you will see years across the top and calendar days underneath. Click a day to view the older versions.
You can adjust the date simply by clicking a year on top and then clicking the day of the year to view the website on that given day.
Gathering Information with Search Engines
One of the things that can help you tremendously in your dogged hunt for useful information is your favorite search engine. Search engines have proven themselves to be indispensable sources to locate and access information.
However, as useful as they are, most people only use a small fraction of the search engine’s power by simply typing in a term and clicking through the results. For us this is not enough, so you will go beyond that and dig in deeper.
Search engines such as Google and Bing as well as others can provide easy and ready access to a lot of information that would be difficult to locate otherwise. Sometimes a client may want to keep certain information secret, but with the right know-how you can find this information and make use of it.
Hacking with Google
We’ll specifically focus on Google hacking because it is arguably the most comprehensive and popular search engine. Google hacking is not anything new; in fact, the ability to do so has existed in the service for a long time. It’s just that many users are unaware of its presence or how to use it.
With Google hacking, it is possible to extract information in such a way as to retrieve items such as passwords, specific file types, sensitive folders, login portals, configuration information, and other data.
Here are the operators that make it possible:
cache is a keyword that will display the version of a web page that Google contains in its cache, instead of displaying the current version.
Usage: cache:<website name> link is used to list any web pages that contain links to the page or site specified in the query.
Usage: link:<website name> info presents information about the listed page.
Usage: info:<website name>
site will restrict the search to the location specified. Usage: <keyword> site:<website name>
allintitle will return pages with specified keywords in their title. Usage: allintitle:<keywords>
allinurl will only return results with the specific query in the URL. Usage: allinurl:<keywords>
If you find yourself stuck for ideas or want to look into more advanced queries, I suggest you take a look at the Google Hacking Database (GHDB) at www.hackersforcharity.com.
Getting Search Engine Alerts
Another feature of search engines that you may not be aware of, but should consider as part of your information searching, alerts.
Alerts are a feature present in many search engines that notify you when something that fits your search criteria has been posted. Consider using alerts as a way to keep an eye on a search while you are working on other aspects of your test.
In this exercise, you will go through the process of setting up and modifying a Google alert.
1. In your browser go to www.google.com/alerts.
2. Enter the search you would like to receive alerts on. As soon as you enter your search, a sample of the alert will appear. If the results are not acceptable, modify your search. You can use Google hacking to refine or target your search better if desired.
3. Enter a valid email address that Google will use to send you the results of the query. It is recommended that you set up a free account or special account to receive these alerts in order to make them easier to manage. You will have to confirm this search by clicking a link in the email Google sends to you.
Now your alert is complete.
Targeting Employees with People Searches
At this point, you could have easily collected a lot of information, but let’s focus on one of these pieces of information for a moment: people.
During your searching as well as during other investigations, you probably will uncover the names of individuals who work for the target. If you do, it is worth doing some investigation on these individuals to see what you can find out.
Yes, you can use Google to get information on someone, but there are also much more targeted resources specifically designed to research people, both fee-based and free services.
Many of the fee-based ones offer information that is simply compiled from other free sources, whereas others do offer some unique information. I have used both and have found little differences.
Here are a few options:
Each one of these search engines offers information about individuals, but do not be disheartened if you don’t find your target in one; just try a different one.
Also, be aware that the information you locate on an individual should always be cross-examined and compared with other sources to determine its accuracy. It’s not unheard of for information in consumer services to either be stale, missing, or incorrect. I have experienced this situation when looking up my own personal details to see what I could uncover.
Finally, when you are trying out the tools and websites listed here, be sure you have permission to look up another individual’s details. Though unlikely to occur, it is possible that in some locations getting too nosy about an individual could violate local laws.
Of course, people in an organization need to set up their offices and workspaces someplace, so how can you investigate this more?
Address information should be something that is discovered during the investigation process as it is common to find in websites. Additionally, knowing a company’s physical location can aid in dumpster diving efforts, social engineering, and other efforts yet to be discussed.
So what can you do if you have an address? Without driving there? As it turns out, many websites and technologies stand ready to help you out.
Google Earth This popular satellite imaging utility has been available for more than 12 years now, and over that time it has gotten better, with access to more information and increasing amounts of other data. Google Maps For the same reason as Google Earth, Google Maps can provide much information, including area information and similar data.
Google Street View This web application allows for the viewing of businesses, houses, and other locations from the perspective of a cat's eye view. Using this utility, many observers have seen details such as people, entrances, and even individuals working through the windows of a business.
Webcams These are very common, and they can provide information on locations or people. In fact, tools such as the popular Shodan search engine (www.shodan.io) have the ability to search specifically for webcams as well as other devices.
Using these tools together with Google hacking can allow you to compile a tremendous amount of information in a short time with minimal effort.
Do Some Social Networking
Social networking has become a not only extremely prolific but incredibly valuable tool for information gathering.
It’s normal for the users of these services to over-share information both accidentally and deliberately. For most, the desire to be on these services with their friends and family is more important than any potential information leakage that may result.
Because of the nature of these services and their tendency to skew toward openness and ease of sharing information, an attacker does not have to put in a tremendous amount of work to learn useful details about people and relationships. Expect to find all sorts of information on these services—so much so that you may not be able to process it all.
The information collected can be useful in a number of ways, including finding information that can be used to socially engineer individuals by using terms and names that are familiar to them to build a sense of trust.
Some of the more popular social networking services that are worth scouring for information about a target may be the ones you are already familiar with:
Facebook The largest social network on the planet boasts an extremely large user base with a large number of groups for sharing interests. Additionally, Facebook is used to log into or share comments on a multitude of websites, making its reach even further.
Twitter One of the other extremely popular social networking sites is Twitter. It has millions of users, many of whom post updates multiple times a day. Twitter offers little in the way of security, and those features it does have in this area are seldom used. The users of Twitter tend to post a lot of information with little or no thought to the value of what they are posting.
Google+ This one is Google’s answer to popular Facebook. While the service has yet to see the widespread popularity of Facebook, there is a good deal of information present on the site that can be searched and used.
LinkedIn The site is a social networking platform for job seekers, and as such it has an employment history, contact information, skills, and the names of those the person may work with or have worked with.
Instagram This is a service designed to share photos and video with others and even put the information on services like Facebook and Tumblr. People frequently take pictures and videos and post them on this service without regard to whether they should be posting them or if they pose a security risk by being in the public space.
Tumblr This is another service similar to Twitter that can also be used to share information that, in some cases, should be kept confidential.
YouTube While not viewed in the same way as something like Facebook and Instagram, spending time exploring the service can prove useful. It is not uncommon to poke around and find many a cell phone video posted on the site showing things best kept confidential.
So you know there are several social networks you can search for information, each with its own built-in search function, but can you do even more with this information? The answer is yes—not only can you read people’s information, but you can locate it based on geographic data.
In fact, one tool excels at not only finding information posted on social media networks but placing that information on a worldwide map showing when and where things have been posted.
Echosec is a website that allows you to focus on specific locations and extract information on social networking posts that have been submitted from that location. Even more amazing and powerful is the fact that you can use the tool to search by specific names on Twitter and Instagram, making it even easier to gain information.
To use this service, you only need a location and a little time.
To use Echosec to examine social media posts placed from a given location, perform the following steps:
1. Browse to https://app.echosec.net in your web browser.
2. Either enter an address in the location box or drag the map to a location and adjust the zoom to get your desired location in focus.
3. Click the Select Area button in the center bottom portion of the page. Draw a box around the target area.
4. Scroll down the page to view the results of your query.
Because of the way social media is used by some people, it is possible that pornographic images may sometimes appear in the search results for this service. Although it is not common, it has happened from time to time.
Looking via Financial Services
When you are targeting certain organizations, specifically those that may be publicly traded, there are additional resources available to gather intelligence. Services such as Yahoo, Google, CNBC, USA Today, and countless others provide information about a company that may not be readily available through other means.
This information is provided to make it easier for investors to gain information about a business and then make informed investment decisions. However, this same information may give a pentester or an attacker some hidden gems of information that could propel the test even further.
To search these sites for information, simply browse to your site of choice and either enter the stock symbol if known or enter the company name on the respective site.
OK, you may be asking yourself how you would even know when looking at these sites who a target’s competitors are. Well, just about every business and investing site out there that lists companies will also tell you who the competitors of the company are. Additionally, you can also use the same resource to find third-party vendors that a target is working with.
Why would you be interested in a company’s partners? Well, looking at a partner can tell you internal goings-on of your target if you start seeing orders for parts or services being placed by them to any vendor. In the security business, we call this inference or making an assumption based on indirect evidence.
When analyzing these resources, always be on the lookout for specific types of information that can prove insightful, such as the following:
When did the company begin? Look for information on the evolution of the company that may provide details of future directions.
How did the company evolve in order to give insight into their business strategy and philosophy as well as corporate culture?
Who are the leaders of the organization? This can allow for further background analysis of these individuals.
Locations of offices and distribution of personnel are sometimes available.
Investigating Job Boards
Job sites can be good sources of technical and organizational information. If you have browsed job postings, you have undoubtedly noticed the skills and experience sections of ads.
It is not uncommon to find information such as infrastructure data, operating system information, and other useful data.
Remember, companies that post jobs want to hire qualified people, and as such, they need to make sure that they are asking for the right skills—hence their inclusion in a job posting.
When analyzing job postings, keep an eye out for information such as the following: Job requirements and experience. Employer profile.
Hardware information. This is incredibly common to see in profiles; look for keywords such as Cisco, Microsoft, and others, which may include model or version numbers Software information.
An email is a tool every business relies on today. For a malicious party and a pen-tester, the information carried via email is staggering and is valuable to an attacker looking for information of all types. For a pentester or an attacker, plenty of tools exist to perform this function specifically.
One tool that is very useful for gathering information from email is PoliteMail. It creates and tracks email communications from within an email client. This utility can prove useful if you can obtain a list of emails from the target organization.
Once you have such a list, you can then send an email to the list that contains a malicious link. Once an email is opened, PoliteMail will inform you of the event for every individual.
One more utility worth mentioning is WhoReadMe. This application is designed to allow for tracking of emails, but it also provides information such as OS, browser type, and ActiveX controls installed on the victim’s system. This information would be extremely valuable in targeting an attack with much more accuracy later.
Extracting Technical Information
Fortunately, in today’s world, there are numerous ways to gather technical information about the systems in the organization that you are targeting.
Whois is an old, but very useful, utility. Originally developed for the Unix operating system, the utility has since been made part of Linux and is available as a free download for Windows.
Additionally, the utility is available for use on any number of websites that can be located with a simple web search.
Whois is designed to allow you to collect information about a domain name or web address. The results of the command will produce ownership information, IP information, DNS information, and other data that you can use.
1. Once you download the file, unzip it to a folder named whois on your desktop.
2. Hold the Shift key and right-click the whois folder; then select Open Command Window Here.
3. At the command prompt, type whois <domainname>. Here’s an example: Whois usatoday.com
4. Review the details of the results.
The results you will see will include several key details that can be of use. In particular, look for address information, phone numbers, names, and nameserver information. This information should all be noted for later use.
Increasing numbers of domain owners are making use of services that make all the information (except for nameserver information) anonymous. These services are bad for you as a pentester because using them prevents you from getting information, but for domain owners, they are a great idea and should be recommended.