INTRODUCTION:
What is Hacking? Hacking of computerized electronic machines and networks is considered as the biggest national threat by the security services and the intelligence agencies of many countries. Hacking was once considered as a harmless activity to improve an existing computerized machine by identifying its strength and weakness. But now hacking is more or less of a crime than any other. In some countries hacking is considered on the same level as terrorism. It is condemned large by the world governments.
Types of Hacking
1. White Hat Hacking ( Ethical Hacking)
2. Black Hat Hacking ( Crackers)
Ethical hacking: An Ethical hacking is a process of building , fortifying, securing a computerized machine and networks by knowing its strength and weakness . To do that, the ethical hacker must get into the mindset of whoever is trying to break into their system. They will thoroughly check their system for weaknesses, and figure out how they can be exploited. Then, they seek to eliminate those weaknesses.
This article is aimed at the ethical hacking, not a destructive hacking (also known in some circles as crackers). The purpose of this article is to provide you with a basic understanding of how to start testing your system to make it as safe and impenetrable as possible.
Black Hat Hacking: This is the process of intruding into a computerized machine or networks with the intention of gaining access into a network with intent of modifying, stealing or destroying the data.
The Ethical Hacker Mindset
Since this article will promote ethical hacking, you should become familiar with the white hat hacker’s code and mindset. These involve some very basic rules of thumb that will help you along the way. They will also help you not to lose your way as you learn more technical hacking skills.
Three Rules of thumb in Ethical Hacking
1. The first Rule of thumb is to work ethically; You shouldn’t have any hidden agendas, even when you have been given the thumbs up to hack into someone else’s computer. Remember that you were hired to test for vulnerabilities in your employer’s system. Needless to say, trust is a big tenet of ethical hackers.
2. The Second Rule of Thumb is; don’t crash the system. It doesn’t matter if you’re hacking into your own computer or if you’re trying to break into someone else’s computer system or network. Your goal is to find the loopholes but not to cause havoc. The system you hack should still be able to function as it should during and after you do your testing.
3. The last Rule of Thumb is to respect the other person’s privacy. Even though you have the power to poke into someone else’s private data, you’re not supposed to interfere with their privacy. At the end of the day, you should be reporting any possible attacks on any form of private data.
Ethical Hacking Basic Techniques and Tools
Some of the most basic hacking techniques and tools. These basic tools can be incorporated into other hacking techniques. Some of the tools and techniques that will be mentioned in this article aren’t that technical. In fact, these may be the easiest of the many things you can learn in your white hat hacking career.
Social Engineering
Social engineering is a non-technical hack. It doesn’t mean that you have to go to Facebook or any other social media site just to gather someone else’s information. It simply means taking advantage of the most commonly used resource available to computer users and companies as well people. In the case of companies it’s their employees.
By nature, people are trusting. It’s natural to trust someone else, especially if you know the other person. This is one loophole that hackers try to take advantage of in any organization. All they need is a few details from one person, and then to use those details to gain more information from another employee and so on.
For instance they can pose as some kind of computer repair guy or a tech support representative and contact a customer of a certain company. They may talk the person into downloading some free software. The software was free but it wasn’t what the hacker described it to be. The customer who trusted the service of said company downloads the files. The software that the customer downloaded then takes remote action without the customer’s knowledge. Thus the hacker is able to gain valuable information.
They may claim to be this or that from a particular company to subscribers of a service. And at times they do not always ask a subscriber or customer to download something “free.” They may even bluntly ask for the customer/subscriber’s username and password. Since people are trusting, naturally, they divulge that information.
Phishing sites on the other hand do the same job. These websites are designed to gather login information. Some phishing sites even have some similar visual patterns or designs as the original site. Customers on Amazon may be tricked into signing into a phishing site that looks so much like Amazon. They login thinking the site is related to Amazon. The site then gathers the usernames and passwords of customers. Now, imagine if they could make people enter their credit card information, their PayPal logins, and other important bits of information.
Social engineering is one of the toughest hacks out there because you have to make yourself look official and legit to a complete stranger. However, once successful, it is also one of the hardest type of hack to counteract.
Social Engineering Basic Steps
1. The first step is to gather information about the company or people. Hackers can do the research themselves. They can use information filed with the SEC, finance organizations, and pretty much any other bit of useful information – there’s a lot out there. The bigger the organization/company the more information there is you can find. Some hackers even pay someone else to look up all the information they need online.
Some hackers even check out the company’s trash – yes they dumpster dive. Not a fond prospect but it turns up some very interesting documents at times. Some employees unwittingly throw away documents such as meeting notes, printed emails, organizational charts, network diagrams, a list of usernames/passwords, lists of internal phone numbers, and even their employee’s handbook.
2. The next step is that they build trust. Hackers contact employees or customers using the information they have gained. They act as someone within the company. They often behave as a nice person – a person willing to help or in need of help. How believable they are depends on the amount of knowledge they have gathered. They don’t always need to do face to face encounters or speak to their target in person. They can chat, send voice mail, or even send an email that looks official.
We have already mentioned the Love Bug as an example of this scenario. The creator of that worm virus also used social engineering to entice his targets to open the infected email. The email addresses of the targets came from email lists. When the target people saw the email they also saw that it came from one of their friends – so it was presumed safe to open. The virus program then gathered emails and other information from the target’s computer and sends copies of itself in the form of other emails to other contacts. Another fine example of social engineering is the Nigerian G boy. Targets receive an email from someone they think they know and they offer to transfer a certain amount of money to their target’s bank accounts. They ask for a little money to cover the transfer and the target’s bank account information. Anyone who fell for it found out that their bank accounts no longer had funds the following day.
Countermeasures to Social Engineering
The biggest countermeasure to social engineering is to inform the public. Keep your customers and employees aware of what official communication from the company looks like. People should become wary of anyone who asks for login information and other key bits of info.
Compromising Physical Security Flaws
Physical security is actually a vital part of information security. Hackers can eventually find access to one of your computers. They can’t get past your company’s firewall but they can install a hardware or software within your network inside your firewall by simply walking in the door and connecting a device into one of your employee’s computers.
Smaller companies that have few employees will have very little to worry about. These employees usually don’t allow a stranger to use their computers. Larger companies have a bigger problem – they have more employees, more computer hardware, and plenty of other access points that hackers can use.
Hackers may not always want to just install a piece of hardware and have a point of entry from the inside. They may just need to access a computer, steal some important documents, or grab anything that seems to contain some vital information. They will usually have an alibi when asked. They will try to enter a building through any door including outside smoking areas where employees go to, cafeteria doors, fire escapes, or any entry point that is available. They may even just tailgate employees reentering a building and all they need to say to get in is “thank you for keeping the door open.”
Passwords Hacking
Password cracking is the process of recovering passwords, which are transmitted and stored in the computer system. With this, you can gain access to a computer system by gaining the password of the user. The time required for cracking password depends entirely on the strength of the password used. Most of the methods used usually require the computer system for producing many passwords, which are then checked individually.
Hacking passwords is one of the hot activities for some hackers. However, note that it can be accomplished through social engineering and compromising physical vulnerabilities in the workplace. A simple way to hack someone else’s password is to look over their shoulder as they enter it on a computer. Password hacking is one of the most common ways for hackers to access information via the network or a computer.
Another tactic is called inference. You gather as much information about an employee as you can (birthdates, names of children, their favorite stuff, important dates, phone numbers, favorite shows, and other stuff). Then you use those when you try to guess the password. You won’t believe how many people just use the digits of their birthdates and other easy to remember numbers as passwords.
There are of course more high tech ways of guessing another person’s password. The tools of the trade in terms of password hacking include network analyzers, remote cracking utilities, and other forms of password cracking software. You may also have heard about application programs that use “brute force.” Brute force is a trial an error method of guessing the password. These programs try all possible combinations to try and guess the password. It may take quite a while before they can actually guess the password. This method is also called exhaustive key search.
Some hackers exploit physical flaws and try to gain access to another’s computer just to locate passwords. Windows operating systems usually store passwords in the same directory or location known as the SAM or security accounts manager, for instance c:\...\win32\config directory or some other similar location. Sometimes passwords are stored in a database file that is still active like ntds.dit for instance. Some users create emergency repair disks or emergency repair files in a USB thumbdrive. All that’s needed is access to the directory (e.g. c:\winnt\repair). Some passwords can also be found in the operating system’s registry. And at times employees also save their passwords in a text file, which makes it easier for hackers.
Another way to crack another person’s password especially if you have gained access to their computer is to install keyloggers. These are either pieces of software or hardware that log the keystrokes of unsuspecting users. Everything they type is recorded or logged. There are many keystroke logging software programs out there that can be bought or are given away for free. There are also hardware based keystroke-logging tools like a replacement keyboard or a keylogging tool that can be plugged into a USB port at the back of your target’s computer.
Other Methods of Cracking Password
There are many methods for cracking passwords. Brute force is one of them. It is a time taking process as it uses all possible combinations of letters and words until it succeeds. Methods like word list substitution, but on checking, dictionary attacks are performed before using brute force. This is done to reduce the number of attempts.
1. Packet Sniffer: Packet Sniffers are also called as protocol analyzers. They can be used for collecting passwords using packet capture and injection tasks. As we know, the data is sent in the form of packets. So if you can retrieve the packets sent or received, he can have access to the password or any other data which is transmitted. Packet sniffers intercept the network traffic.
2. Spoofing Attack (Phishing)
Spoofing is nothing but making a fake website or program which looks like the original. User gets fooled thinking that it is the original website or program. The main purpose of spoofing attack is to collect confidential information such as ID and passwords.
There are many types of spoofing. Some of them are
1. Referred spoofing: Some website only allows access from a given set of approved login pages. Here the HTTP request is checked. And only referred headers are allowed. This allows them to gain unauthorized access.
2. Email address spoofing: This type of spoofing is commonly used by spammers to hide the content and mislead the user to malicious links or email spam.
Network Hacking
Network hacking is a practice that takes on many forms. One example is when people piggyback on another person’s internet connection so they can surf the web for free. The other side of the coin is worse now that you are inside a network you can scan the network and find some unsecured network device such as a computer or some other portable device that is connected to it. You can then try to access the information remotely.
One example of that is when you have logged into a WiFi network in a local cafĂ© you can open your Windows explorer and click on Network. If file sharing and network discovery is turned on in that particular network then you can look for a connected computer or device and try to access the files contained in it. In this chapter we’ll dive into the basics of network hacking.
War Dialing
The old school way of hacking into another person’s network is war dialing which should satisfy your craving. This hacking method takes advantage of vulnerabilities in another person’s telephone system. Yes, some people are still using dial up internet connections. Some network administrators even keep the old dial up connections as some sort of backup in case their main internet service goes down.
The tools of the trade in war dialing of course are war dialing software. Hackers can detect repeat dial tones. They can then enter a password at the dial tone and make calls anywhere for free. They can also access voice mail, especially for phone systems that use PBX switches.
Network Structure Vulnerabilities
Computer networks have vulnerabilities. Even low level vulnerabilities can be avenues for hacking exploits. The very tools you use to hack networks are also the same tools that can be used to detect any vulnerability in your network.
You need network scanners that can perform trace routes, DNS lookups, and other network queries. Some scanners can also do port scanning and ping sweeps. There are those that can also do SMTP relay testing. You will also need a scanner that can do operating system fingerprinting and host port probing. There are network scanners that can also test firewalls.
Port scanners can tell you what devices are on your network. They’re pretty easy to use and you can test any system with one. All of the commonly hacked ports make use of TCP protocols but some of them use UDP as well. The most common ports and the services associated with them include 23 (Telnet), 22 (SSH), 7 (Echo), 53 (DNS), 21 (FTP control), 80 (HTTP), 25 (SMTP), 443 (HTTPS), 19 (Chargen), 1433 (Microsoft SQL Server), and 20 (FTP data) among many others.
Cracking into a WiFi Networks
Wireless networks that are run in the home, office, cafes, and pretty much anywhere are also avenues for hacking.
Back in the day, WiFi networks were kept open. That means if you had any device that could connect to the internet via a wireless connection, then all you needed to do was to search the area for some free open networks. Back then, when you bought a wireless router, the default configuration was open, which meant anyone could get on and piggyback on your internet.
Of course that caused a lot of problems. The more devices that are connected to your wireless connection the slower the service goes. Back in the day the only thing keeping hackers off your connection was the range of the signal coming from your WiFi router.
The common tools of the trade back then included directional antennas and signal amplifiers. Some of the more expensive tools can fish out your WiFi signal from miles away.
Back in the day, the only security available to WiFi router owners was WEP (Wireless Encryption Protocol). It worked for a time but it was poorly designed. Anyone can monitor your router’s communication and eventually crack the WEP code.
Nowadays, users don’t set limits to their WiFi signals, which is a good thing since you won’t need to buy those crazy antennas. Most routers have a range of 1,500 feet nowadays (about 500 meters). The only different thing they’re doing today is that the newer routers use WPA
(WiFi Protected Access) and WPA2 (WiFi Protected Access 2) as their type of security protocols.
Theoretically, these new security protocols are much better than WEP – and they are. The old monitoring and WiFi cracking software tools will now take several days or even months to crack those codes. However, with the improvement in today’s wireless security protocols, come improvements in the way wireless networks are hacked.
Nowadays, if you want to hack into your neighbor’s wireless connection, you should monitor the wireless activity and catch the data (i.e. pocket capture) as their computer or any other authorized device is logging into the router or access point. Now, that may seem like a hard thing to come by given the fact that most people just keep their computers connected to their routers almost 24/7.
The good news is that there is a workaround this tough hurdle. All you need is to send out a deauth frame. What is that? Those are packets that you send to the access point (e.g. the wireless router) that de-authorizes other devices that are already connected to the network. Simply put, send those packets and all connected devices will be forced to login again. Since those devices will have to login again you have a chance to capture the login information.
Tools for Cracking Into a Wireless Network
1. Penetration testing software
2. Aircrack-ng there are other many more of this softwares out there
Password Reset Disk
A password reset disk contains a small wizard program that will guide users to creating a new password for the locked Windows user account. This disk (or the password reset file, which can also be stored in a USB thumb drive) should have been created when the operating system was newly installed. Most people just make the reset disk and forget about it. Now that they have forgotten their Windows password, it’s high time you help them remember where they put it. Once you have it, plug it into the computer and click “Reset Password.”
All you need to do after that is to follow the prompts. You’ll be asked where the password reset files are located, so select the proper drive where the file is located (i.e. the thumb drive). You will also be prompted to enter a new password. All you have to do after that is to follow the instructions that come up on the screen.