Getting Started In Hacking

What it is?

Many of you listened about hacking either in the newspaper through a kind of fraud attention article in your newspaper or see your heroes hacking the FBI network in movies  .but  what is hacking actually is  "a supernatural power given to your heroes by almighty gods ". No, not at all, hacking "hacking is the act of exploiting a vulnerability". Now, what's a vulnerability. it is a weakness that exists in your environment, in your machine, at your door locks, and even in your mind. The Person who plays with these vulnerabilities and makes computers and persons behave abnormally is called a Hacker. In this blog, we will be talking about types of hackers, ethical hacking, why we need it, and basic hacking methodologies.



Types of Hackers

There are many categories of hackers but hackers can broadly classified into three types based on their Intent.

1) White Hat 

These are the good guys who hack for good  by responsibly reporting the vulnerability  or hired by companies to test  their network

2) Black Hat 

These are the guys with evil intention mostly money-making, those who hack either for their fun or to damage the companies reputation.

3) Grey Hat

yes you  guessed it right, these can act as both white hat and black hat depending on the scenario

Ethical Hacking and Why we need it?

Many of you think it is illegal to hack and yes it is, but what if you do hacking by abiding by a contract with the organization legally, this practice is called Ethical Hacking and it is mainly carried by white hat hackers. Organizations are very keen on protecting their customer's personal information, any leak in personal information leads to a huge loss of company reputation and customers' trust, so testing the organization's network ethically makes the organization more strong against the actual attack.

Hacking Methodology

A job is half done if it is planned, it's not like you have seen a target and you have attacked. This is a 'noob' approach that may put you in trouble and make your attack unsuccessful. To cherish your goal you need to follow the proper hacking methodology discussed below

1) Reconnaissance

the most important and time taking process but with huge outcomes. it's a process of gathering all the information about the target like the information available on social media, company sites, offices, and other platforms .the information you have collected will play a. game-changer role in later stages of hacking. Believe me, if you are a good reckoner, then 70 %  of your job is done.

2) Scanning And Enumeration

once you collect basic information, it's time to dive deep and into companies network and creating the map of services and architecture on which the company is working. finding the versions of the software and hardware that the company is using. (tip: technologies that companies use can found on the requirement page of companies career website).

3) Exploitation 

The most fascinating and challenging step, it's time to find loopholes in the services and taking advantage of the loopholes. The information that you got in during the recon phase will help to crack the company network.

4) Post Exploitation  and Maintain Access

Hurray!!! you are in now what to do next, eat donuts (sorry bad joke I know ). You have to explore the network and  find ways to get higher privileges and maintain that privilege without anyone  knowing in the company that you are in so, you need be very silent in the network

5) Clearing Tracks

every time you do any action with a network/computer, you leave tracks behind, the network saves information regarding this commonly in logs. These logs can be used by the company to find any suspicious activity in the networks as well as to track you. Therefore clearing tracks is very important (tip: clearing logs in a computer  also creates a log, so do remember to clear that log also.)

What's next?

Now you know the basic methodologies, take a pen-paper, think about the target around you, write down how who will you perform above  5 steps on your target. Happy to listen to your insights in the comment section of the blog.

Resources  :

1)Ghost in the Wires by Kevin Mitnik (Book)
2)Hackers: Heroes of the Computer Revolution by Steven Levy(Book)
3)Hackers(1995) by Iain Softley (Movie)
4)The Great Hack(2019) by  Karim Amer (Movie)
5)Mr. Robot by Sam Esmail(web series)

Disclaimer:

The views, thoughts, and opinions expressed in the blog belong solely to the author and may conflict with others. Readers are advised to read at their own risk and expertise.

Author:

Ashish Chaubey

LinkedIn













Comments

Post a Comment

Popular posts from this blog

KaffeeSec - SoMeSINT THM Writeup

Image
Hello everyone in this blog we are going to look into the interesting Social Media Intelligence Room on Try Hack Me ( KaffeeSec-SoMeSINT ). This room will let you check your web archiving and social media investigation skills. Task 1 Overview  Before starting there are some Prerequisites. Critical Thinking. A love of going deep into rabbit-holes. (I surely love it but sometimes annoying) Basic understanding of Google.  Python 3.7+ The flag format for this room is ks{Flag}. Task 2 Story  There is a brief introduction about the agent and his work and task assigned to him in this room. read carefully the Information given and you can easily answer the question. 1) Who hired you? Ans: "Only one letter" name discussed in the story. 2)  Who are you investigating?  Ans: Someone whose name starts with "T". Task 3 Let's get started!!  Given in the story by talking to people the agent has founded the username of target, searching on social media I...
Read more

Configuring your browser with Burpsuite

Image
Hello Everyone in this blog we are going to learn how to configure your browser with burp suite. You can configure any browser with burp suite but my preferred browser is Firefox. So Once you have installed your Burpsuite, follow the steps given below. 1. Go to Proxy Tab -->Options-->Proxy Listeners. Check whether the proxy listener is running or not. then tick the running check box. 2. You can go with the same setting with port 8080 since this port is quite common. I personally prefer to go with a different port (8081), You can change the port by click on the edit button, change the port number and click ok. 3. Now open your Firefox browser, Open Menu-->Options-->Search Tab= "Proxy." 4. Click on Settings -->Configure Proxy Access to the Internet -->Manual Proxy Configuration. Add your respective setting of the Proxy listener here and tick the check box (Also use this proxy for FTP and HTTPS). Then click ok. 5. Now go to your URL bar and write http://burp if...
Read more