HACKING TUTS

Can Hacking Be Ethical?

  













The noun 'hacker' refers to a person who enjoys learning the details of computer systems and stretch their capabilities.
    
The verb 'hacking' describes the rapid development of new programs or the reverse engineering of already existing software to make the code better, and efficient.
    
The term 'cracker' refers to a person who uses his hacking skills for offensive purposes.
    
The term 'Ethical hacker' refers to security professionals who apply their hacking skills for defensive purposes.


So these are some terms which u should know.Now u have to decide weather u want to be a ethical hacker or a cracker.


for more hackers communities .click here


Essential Terminology
    
Threat - An action or event that might prejudice security. A threat is a potential violation of security.
    
Vulnerability - Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.
    
Target of Evaluation - An IT system, product, or component that is identified/subjected as requiring security evaluation.
   
 Attack - An assault on system security that derives from an intelligent threat. An attack is any action that attempts to or violates security.
   
 Exploit - A defined way to breach the security of an IT system through vulnerability.



Malicious hacker strategies:

"THE ONE WHO CAN HACK IT ONLY RESTORE IT"


HACKING phase 1.- Information Gathering                                                                                                      






Information gathering is initial process as far as hacking a investingating is concerned.It is the process of profiling any organisatiom,system,server ar an individual using methodological procedure.
Information gathering is used by attacker as well as investigator to get more information about target.

Attackers point of view:


Attacker will first gather initial information like domain name,ip address,network ip range,operating system,services,control pannel information,vulnerable services etc before attacking into system.
Footprinting is required to ensure that isolated information repositories that are critical to the attack are not overlooked or left undiscovered. footprintingmerely comprosis on aspect of the entire information gathering process,but is considered one of the most inportant stages of a mature hack.
Attacker will take 90% of time in information gathering & only 10% of time while attacking & ganing an acess to the  system.

Investigator's point of view:


Investigator will gather initial information like traces of criminal on an internet,about his name ,occupation,adress,contact, about his/her company/organisation before taking any legel action .
This will help investigator to profile the criminal & his/her activities properly during interrogation.

Following are the various methodologies for informatin gathering.:

1.Information gathering using search engine:


" one leaves footprint /information everywhere while surfing internet "this is the basic principle for investigators as well as hackers .the only difference is the way they use this information


Attacker will gather information about system information,operating system,vulnerable application running on themand later on exploit it.
Investigator will gather information in he got an access to system & where he left his /her footprint behind the same &later on traced it.


search engine are the most powerful tool to search about any individual,organisation & system.


following are the list of top 10 search engines:


*Google search:World's most powerful search engine
       http://www.google.com/




 *Yahoo search: http://www.search.yahoo.com/


*AOL search:http://www.search.aol.in/

*Ask search:http://www.ask.com/
*Altavista search:http://www.altavista.com/



*Fast search:http://www.alltheweb.com/




*Gigablast:http://www.gigablast.com/



*Snap search:http://www.snap.com/



2.Information gathering using relational search engine:

This type of search engines gets results from different search engine &make relation or connections between those results.
* kartoo  http://www.kartoo.com/




*Maltego  http://www.maltego.com/



*Yahoo people search:http://people.yahoo.com/


*Intelius search: http://www.intelius.com/



*Whois look up :http://www.whois.net/




HACKING phase2.-Scaning

Many times ago we scanned the different ports making telnet manually,today people use more sophiscated programmes with massive methods to scan IP ranges searching o lot of ports.


Scaning is the process of finding out open /close ports,vernabilities in remote system,server&networks,scaning will reveal IP addresses ,operating systems,service runing on remote computer.
There are three types of scaning.
  1.Port Scaning
  2.Network Scaning
  3.Vulnerable Scaning



Hacking Phase 3  Gaining Access


The hacker exploits the system


Gaining Access refers to the true attack phase. The hacker exploits the system.




The exploit can occur over a LAN, locally, Internet, offline, as a deception or theft. Examples include stack-based buffer overflows, denial of service, session hijacking, password filtering etc.




Influencing factors include architecture and configuration of target system, skill level of the perpetrator and initial level of access obtained.




Business Risk - 'Highest' - The hacker can gain access at operating system level, application level or network level.





Hacking Phase 4 - Maintaining Access

Maintaining Access refers to the phase when the hacker tries to retain his 'ownership' of the system.




The hacker has exploited a vulnerability and can tamper and compromise the system.




Sometimes, hackers harden the system from other hackers as well (to own the system) by securing their exclusive access with Backdoors, RootKits, Trojans and Trojan horse Backdoors.




Hackers can upload, download or manipulate data / applications / configurations on the 'owned' system.




Hacking Phase 5 - Covering Tracks

Covering Tracks refers to the activities undertaken by the hacker to extend his misuse of the system without being detected.




Reasons include need for prolonged stay, continued use of resources, removing evidence of hacking, avoiding legal action etc.




Examples include Steganography, tunneling, altering log files etc.




Hackers can remain undetected for long periods or use this phase to start a fresh reconnaissance to a related target system.





 
© Copyright 2010-2011 Learn How To Hack! Learn Ethical Hacking & Download Free Hacking Softwares All Rights Reserved.
Template Design by Free Hacking | Published by Daily News | Powered by Free Hacking.