How To Hack

Anyone Can Hack, Here's How!

Step 1

Learn a Programming Language!

With the right gide, you can be fluent in just 3 Months!

It's as Easy as Reading a Book

Once you know a language, you are ready to learn how to correctly hack and not get caught.


· C is the language the Unix was built with. It (along with assembly language) teaches something that's very important in hacking: how memory works.

· Python or Ruby are high-level, powerful scripting languages that can be used to automate various tasks.

· Perl is a reasonable choice in this field as well, while PHP is worth learning because the majority of web applications use PHP.

· Bash scripting is a must. That is how to easily manipulate Unix/Linux systems—writing scripts, which will do most of the job for you.

· Assembly language is a must-know. It is the basic language that your processor understands, and there are multiple variations of it. At the end of the day, all programs are eventually interpreted as assembly. You can't truly exploit a program if you don't know assembly.

Know Your Target

The process of gathering information about your target is known as enumeration. The more you know in advance, the fewer surprises you'll have.

Use a *nix Terminal for Commands

Cygwin will help emulate a *nix for Windows users. Nmap in particular uses WinPCap to run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to a lack of raw sockets. You should also consider using Linux or BSD, which are both more flexible. Most Linux distributions come with many useful tools pre-installed.

Big image

Make Sure Your Computer is Secure

Make sure you've fully understood all common techniques to protect yourself. Start with the basics — have you found a server hosting a site about illegal or possibly bad activity? Attempt to hack it in any way you can. Don't change the site, just make it yours.

Test Your Target

Do some probing

Find out if you can reach the remote system.

You can use the ping to determine if the system is active, but you should not always trust the results.

Determine The Operating System (the OS)

Run a scan of the ports, and try pOf, or nmap to run a port scan. This will show you the ports that are open on the machine, the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action. You can activate OS detection in nmap by using the -O switch.

Find a Path or Open Port in the System

Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered.

Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming. An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be brute forced.

Big image

Crack The Password or Authentication Process

There are several ways to do this (See http://en.wikipedia.org/wiki/Hacker_%28computer_security%29#Techniques)


· Users are often discouraged from using weak passwords, so brute force may take a lot of time. However, there have been major improvements in brute-force techniques.

· Most hashing algorithms are weak, and you can significantly improve the cracking speed by exploiting these weaknesses (like you can cut the MD5 algorithm in 1/4, which will give huge speed boost).

· Newer techniques use the graphics card as another processor — and it's thousands of times faster.

· You may try using Rainbow Tables for the fastest password cracking. Notice that password cracking is a good technique only if you already have the hash of password.

· Trying every possible password while logging to remote machine is not a good idea, as it's easily detected by intrusion detection systems, pollutes system logs, and may take years to complete.

· You can also get a rooted tablet, install a TCP scan, and get a signal upload it to the secure site. Then the IP address will open causing the password to appear on your proxy.

· It's often much easier to find another way into a system than cracking the password


If possible, try and get access to an admin account. (Hint Hint schools, this isn't hard to do)

Create a "Backdoor"

Once you have gained full control over a machine, it's a good idea to make sure you can come back again. This can be done by backdooring an important system service, such as the SSH server. However, your backdoor may be removed during the next system upgrade. A really experienced hacker would backdoor the compiler itself, so every compiled software would be a potential way to come back.
Big image

Cover Your Tracks

Don't let the administrator know that the system is compromised. Don't change the website (if any), and don't create more files than you really need. Do not create any additional users. Act as quickly as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to log-in with this password, the server should let them in, but shouldn't contain any crucial information.

Big image

IMPORTANT

Not all Hacking is bad.

There are many hackers who would use this information for criminal use.

Please, DO NOT DO THIS.

The world can have a lot of good acheived through usefull hacking, but this can all go away by one user with a vengence.

Big image

ENJOY

For more information on the capabilities of hackers, check out the videos below: