How To Hack
Anyone Can Hack, Here's How!
It's as Easy as Reading a Book
· C is the language the Unix was built with. It (along with assembly language) teaches something that's very important in hacking: how memory works.
· Python or Ruby are high-level, powerful scripting languages that can be used to automate various tasks.
· Perl is a reasonable choice in this field as well, while PHP is worth learning because the majority of web applications use PHP.
· Bash scripting is a must. That is how to easily manipulate Unix/Linux systems—writing scripts, which will do most of the job for you.
· Assembly language is a must-know. It is the basic language that your processor understands, and there are multiple variations of it. At the end of the day, all programs are eventually interpreted as assembly. You can't truly exploit a program if you don't know assembly.
Know Your Target
Use a *nix Terminal for Commands
Cygwin will help emulate a *nix for Windows users. Nmap in particular uses WinPCap to run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to a lack of raw sockets. You should also consider using Linux or BSD, which are both more flexible. Most Linux distributions come with many useful tools pre-installed.
Make Sure Your Computer is Secure
Test Your Target
Find out if you can reach the remote system.
You can use the ping to determine if the system is active, but you should not always trust the results.
Determine The Operating System (the OS)
Find a Path or Open Port in the System
Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered.
Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming. An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be brute forced.
Crack The Password or Authentication Process
There are several ways to do this (See http://en.wikipedia.org/wiki/Hacker_%28computer_security%29#Techniques)
· Users are often discouraged from using weak passwords, so brute force may take a lot of time. However, there have been major improvements in brute-force techniques.
· Most hashing algorithms are weak, and you can significantly improve the cracking speed by exploiting these weaknesses (like you can cut the MD5 algorithm in 1/4, which will give huge speed boost).
· Newer techniques use the graphics card as another processor — and it's thousands of times faster.
· You may try using Rainbow Tables for the fastest password cracking. Notice that password cracking is a good technique only if you already have the hash of password.
· Trying every possible password while logging to remote machine is not a good idea, as it's easily detected by intrusion detection systems, pollutes system logs, and may take years to complete.
· You can also get a rooted tablet, install a TCP scan, and get a signal upload it to the secure site. Then the IP address will open causing the password to appear on your proxy.
· It's often much easier to find another way into a system than cracking the password
If possible, try and get access to an admin account. (Hint Hint schools, this isn't hard to do)
Create a "Backdoor"
Cover Your Tracks
Don't let the administrator know that the system is compromised. Don't change the website (if any), and don't create more files than you really need. Do not create any additional users. Act as quickly as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to log-in with this password, the server should let them in, but shouldn't contain any crucial information.
There are many hackers who would use this information for criminal use.
Please, DO NOT DO THIS.
The world can have a lot of good acheived through usefull hacking, but this can all go away by one user with a vengence.
For more information on the capabilities of hackers, check out the videos below:
Image Links (In Order)