Table of Contents
Chapter 1: Basics of hacking
Hacking is nothing but unauthorized intrusion within a network or computer which is executed by attackers known as hackers. The attackers try to attack those systems which are vulnerable to threats. They keep their prying eyes open all the time, searching around for vulnerabilities. They can act as an individual or even work in a group. Not only might that but the hackers also function as a part of an organization that works with the motive of disrupting the functionalities of other organizations. Most of the time they try to alter the system of an organization and target the security infrastructure for breaching of information and gaining access. However, hackers not only work as attackers but also use their skills for finding out the weak spots along with the various vulnerabilities within a system. This is also carried
out for finding and mending the weaknesses for preventing all forms of
malicious attacks from entering the system.
Different Types of Hackers
There are various types of hackers in the world of hacking that perform different types of functions. The types of hackers help in defining the relationship between the systems and hackers which are trying to attack. The
The most common types of hackers are:
- Black Hat Hackers: The term black hat had its origin from the old Western movies in which the villains used to wear black hats.
The black hat hackers act as individuals who try to have unauthorized access into the system of an organization or network for the purpose of exploiting the security infrastructure for various malicious reasons. The hackers of this type do not come with any sort of authority or permission for compromising the targets. They attempt to do damage by compromising the infrastructure of the security systems, shutting down the systems, or also by altering the primary functions of a website or network. The primary intention of the black hat hackers is to gain all-over access or steal the
information regarding finances, access various passwords or gain insights into other forms of personal data.
- White Hat Hackers: The white hat hackers are the second type of hackers but they act like the good guys. The white hat hackers work with various organizations for the purpose of strengthening the security of any system. The white hat hackers come with all sorts of permissions for engaging the targets and also compromise the same within the provided boundary of rules. The white hat hackers are also known as ethical hackers. Ethical hackers specialize in this field with various forms of ethical tools and techniques meant for hacking. They use special methodologies for
securing up the information system of an organization. Contrary to
the black hat hackers, the ethical hackers exploit the security
system of a network and then check out for the backdoors after
being legally permitted to perform so. Ethical hackers always
point out all forms of vulnerabilities that they dig out from the
systems of the organizations to make sure that the gaps are mended
for preventing exploitation by malicious attackers.
- Grey Hat Hackers: The grey hat hackers gain access to the
security systems of the organizations and networks in the same
way just like black hat hackers do. But the grey hat hackers
perform such actions without any form of malicious intent and disclose the vulnerabilities along with the loopholes to the
agencies of law enforcement or various intelligence agencies. The
grey hat hackers generally surf the internet and hack the computer
systems for notifying the owners or the administrator of the
network or system which contains various vulnerabilities which
need to be mended immediately. The grey hat hackers might also
extort the hacked systems by offering to inform about the defects
for some fees too.
Common Tools of Hacking
For accomplishing the act of hacking, the hackers implement various types of techniques. Let’s have a look at some of them.
Rootkit acts like a program or a huge set of software that allows the attackers to gain complete access or control of a system or network which directly connects or interacts with the system of the internet. The rootkit was first introduced as a system of the backdoor process for fixing various issues in regards to software. However, today this software is widely being used by hackers for disrupting the functionality and control of a system from its actual owner or administrators. There are various ways in which rootkits can be installed in the system of the victim. The most common way of installing a rootkit is by implementing phishing attacks along with social engineering. Once the rootkits have been installed in the system of the victim, the attacker gains access to the system secretly and controls the overall functioning with which they can easily steal confidential data and information and can also shut down a system completely.
This is a very special type of tool which has been designed for recording and logging each and every key pressed on the victim system. The keyloggers record the stroke of the keys by staying attached to the Application Programming Interface or API. It tracks the keystrokes when anything is being typed by using the keyboard in a system. The files which are recorded are then saved which contains various forms of information such as details regarding website visits, usernames, the record of opened applications, screenshots, bank details, and many more. The keyloggers are also capable of capturing personal messages, credit card details, passwords, mobile numbers, and various other details which are generally typed in a system. The keyloggers generally arrive as malware which allows the cybercriminals to breach all forms of sensitive data. Vulnerability scanner: A vulnerability scanner is used for the purpose of classifying and then detecting various forms of weaknesses in a system, network, communication system, computers, etc. This is one of the most common forms of tool which is being used by ethical hackers for finding out the potential vulnerabilities and loopholes and then fixing them up on an urgent basis. However, a vulnerability scanner can also be used by the black hat hackers for checking the vulnerabilities and weak spots within a system and then finding out the proper tool for exploiting the same.
Techniques of Hacking
There are various techniques that are being used by hackers for exploiting a system.
SQL or structured query language has been designed for the purpose of exploiting various forms of data in the database of the victim. This form of attack falls under the cyber attack which targets the databases via the statements of SQL for tricking the systems. This form of attack is generally carried out by the use of a website interface that attempts in issuing the commands of SQL through a database for hacking the passwords, usernames, and other related information related to the database., All those websites along with web applications that are coded poorly are very much prone to SQL injection attacks. This is because the applications which are based on the web contains various user input fields like login pages, search pages, request forms related to support and products, comments section and many others which are very much susceptible to the attacks and can be very easily hacked by simple manipulation of the codes.
DDoS or Distributed Denial of Service:
It is a form of a hacking attack in which the normal traffic of a server is distorted from entering the server and floods the traffic of the network. This ultimately results in denial of service as it serves just like a traffic jam which clogs the roads and also prevents the regular form of traffic from reaching the destination. All the devices of today such as IoT devices, computers, mobile phones, etc. which connect with the network are very much prone to the attacks of DDoS.
Each and every form of device which are used by people today come with a network interface controller or NIC. It helps the users to connect with the network such as with the internet directly. The NIC of each device is accompanied by a MAC address which is assigned after various processes of hard coding. The MAC spoofing attack is a very deadly form of attack in which the hackers hide themselves and their system behind a customized and false MAC address. This reduces the risks on the part of the hackers from getting caught. So, you might give access to a new system thinking of it to be absolutely legitimate but it might happen that a hacker will hide behind a false MAC the address which you cannot even realize.
By using this technique, the hackers can easily hack internet connection via Wi-Fi and can also gain access to all those devices which are connected to each other via LAN. The technique of MAC spoofing also leads to several forms of other serious crimes in which the hackers steal the identity of someone else and carries on with some serious form of data breaching in which someone will be held as guilty without even knowing about the actual hacker. However, there is various OS in the market today such as MAC and Windows which can easily connect with the LAN without using the MAC address.