"A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem. While "hacker" can refer to any skilled computer programmer, the term has become associated in popular culture with a "security hacker", someone who, with their technical knowledge, uses bugs or exploits to break into computer systems. "
PLEASE READ THE TERMS WRITTEN AT THE END OF THE BLOG BEFORE PROCEEDING FURTHER
OK. YOU KNOW WHO A HACKER IS AND WHAT HE DOES. BUT HOW DOES A HACKER BREAK INTO SUCH SECURE SYSTEMS?
THERE'S A BIG PROCESS INVOLVED, AND WE'LL TRY TO COVER EVERYTHING IN THIS BLOG.
STEP 0:
SIGN UP ON THEHACKERFORUM.COM
STEP 1:
UNDERSTANDING THE BASIC TERMINOLOGIES
TYPES OF HACKERS
WHITE HAT HACKERS - THESE ARE THE GOOD GUYS. THEY HACK SYSTEMS TO TEST THEIR SECURITY AND ARE HIRED BY COMPANIES TO WORK FOR THEM. THEY ARE COMMONLY REFERRED TO AS ETHICAL HACKERS
BLACK HAT HACKERS - THESE ARE THE BAD GUYS. THEY HACK FOR FUN AND PROFIT AND HAVE A MALICIOUS INTENT. THEY ARE HIGHLY SKILLED AND QUITE DANGEROUS
GREY HAT HACKERS -THEY FALL SOMEWHERE IN THE MIDDLE. YOU GET ME.
SCRIPT KIDDIES - THESE ARE THE WANNABE HACKERS WHO THINK THEY CAN HACK NASA WHEN THEY LEARN HTML. THEY USE BLINDLY FOLLOW SCRIPTS WITHOUT UNDERSTANDING THEM, WHICH MAY BE DANGEROUS SOMETIMES.
HACKTIVISTS -THESE ARE THE HACKERS THAT HACK FOR POITICAL OR SOCIAL CAUSES.
GROUPS SUCH AS ANONYMOUS FALL INTO THIS CATEGORY
SUICIDE HACKERS - THEY KNOW THEY'LL GET CAUGHT, BUT THEY FIND THE REWARDS TOO GREAT AND THUS THEY TAKE THE RISK.
CYBER TERRORISTS - THE NAME IS ENOUGH EXPLAINED
NATION STATES - ULTRA FUNDED, ULTRA MOTIVATED, THESE STATE BACKED HACKERS CAN DO ANYTHING. CHANCES ARE, YOU ALREADY HAVE A BACKDOOR IN YOUR PHONE TATS BEEN PANTED BY THEM.
STEP 2:
SOME BASIC TERMINOLOGIES YOU SHOULD KNOW
STEP 3:
NETWORK BASICS AND SYSTEM FUNDAMENTALS
HERE'S A LINK TO A LINUX FUNDAMENTALS THAT YOU SHOULD REFER TO https://www.linuxtrainingacademy.com/linux-commands-cheat-sheet/
STEP 4:
GETTING STARTED
I WOULD NOT RECOMMEND YOU TO USE WINDOWS FOR HACKING. INSTEAD, YOU SHOULD USE AN OS LIKE KALI LINUX OR PARROT OS.
HERE'S A GUIDE ON HOW TO INSTALL KALI LINUX ON VIRTUAL BOX https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox
HERE'S A GUIDE ON HOW TO INSTALL PARROT OS ON VIRTUAL BOX
IN THIS TUTORIAL, I'LL BE ASSUMING THAT YOU'RE USING KALI LNUX
STEP 5:
PHASES OF HACKING
FOOTPRINTING
SCANNING
ENUMERATION
SYSTEM HACKING
POST EXPLOITATION
FOOTPRINTING
AS THE NAME IMPLIES, FOOTPRINTING IS THE PROCESS IN WHICH YOU GATHER IMPORTANT DATA SUCH AS IP ADDRESSES EMPLOYEE DETAILS ETC.
GOALS OF FOOTPRINTING
IP ADDRESS GATHERING
OPEN YOUR TERMINAL AND TYPE PING EXAMPLE.COM
YOU SHOULD SEE THE SITE IP
EMPLOYEE DETAILS THROUGH PEOPLE SEARCHING SITES LIKE ANWHO.COM OR LINKEDIN.COM
OFFICE LOCATIONS
EMAIL IDs
OS INFORMATION
REVERSE DNS LOOKUPS THROUGH WHOIS
WHOIS INFORMATION HEAD OVER TO WHOIS.NET AND ENTER THE URL OR IP ADDRESS
ALTERNATIVELY, YOU CAN USE MYIP.MS TO DO THE SAME
USING TRACERT (WINDOWS) OR TRACEROUTE (LINUX)
OPEN YOUR TERMINAL AND TYPE traceroute example.com
SCANNING
ONCE YOU HAVE THE IP ADDRESS(EASY STUFF), WE NEED TO SCAN THE IP FOR OPEN PORTS AND SERVICES RUNNING.
THERE ARE SEVERAL TOOLS, BUT THE MOST WIDELY USED IS NMAP, OR ZENMAP(GUI VERSION). HOWEVER, I RECOMMEND YOU TO USE NZAP, AN AUTOMATED SCANNING TOOL THAT I'VE CREATED TO MAKE SCANNING EASIER FOR BEGINNERS.
HERE'S A LINK TO MY NZAP TOOL https://github.com/SUMEETRM/NZAP
ON KALI LINUX OR PARROT OS, NMAP AND ZENMAP COME PRE-INSTALLED
HERE'S A GOOD DOCUMENT EXPLAINING SCANNING CONCEPTS AND SCRIPTS USING NMAP.
http://wix.to/28DeAwI
NOTE: IF YOU WANNA MASTER SCANNING, YOU SHOULD READ THE NMAP COOKBOOK.
FOR MORE INFORMATION ON NMAP, HEAD OVER TO NMAP.ORG
ENUMERATION
NOW THAT WE KNOW WHICH PORTS ARE RUNNING, WE NEED TO FIND MORE DETAILS SUCH AS PORT VERSIONS, SERVER INFORMATION ETC.
USING NETCRAFT
HEAD OVER TO https://toolbar.netcraft.com/site_report?url=THEHACKERFORUM.COM AND ENTER YOUR URL. YOU SHOULD BE ABLE TO SEE A RISK RATING AND SERVER INFORMATION
USING WAPPALYZER
IT IS A BROWSER EXTENSION THAT GIVES INFORMATION ON THE FRONT END AND BACK-END INFORMATION
DIRECTORY FUZZING
YOU CAN USE TOOLS SUCH AS DIRBUSTER FOR DIRECTORY FUZZING TO GAIN IMPORTANT INFORMATION
https://sourceforge.net/projects/dirbuster/
SUBDOMAIN INFO
HEAD OVER TO https://www.virustotal.com/gui/home/search AND ENTER THE URL
PORT AND OS DETAILS
NMAP -sV EXAMPLE.COM for port service and version detection
MAP -O EXAMPLE.COM for Operating System detection
YOU CAN ALSO USE SEVERAL AUTOMATED SCANNERS LIKE SPARTA, NIKTO, ACUNETIX, BURPSUITE ETC.
RICHARD BLOG
EDIT:SOMEONE JUST RECOMMENDED ME TO USE PS TOOLS SUITE FROM
SYSTEM HACKING:
NOW COMES THE FUN PART. WE'VE GOT ENOUGH INFORMATION TO ATTACK THE TARGET.
USING METASPLOIT:
ONE OF THE SEVERAL OPTIONS IS USING METASPLOIT
I'M UPLOADING A BLOG SOON
DATABASE HACKING
SQL INJECTION
BYASSING LOGIN FIELDS
USING EXPLOIT DB
BURPSUITE
BLOG COMING UP SOON. FOR NOW, HEAD OVER TO https://portswigger.net/burp/documentation
OK. SO I PRESUME WE'VE GOT INTO THE SYSTEM USING ONE OF THE ABOVE METHODS. NOW WHAT
POST EXPLOITATION
GOOD. NOW THAT WE'RE COVERED WITH THE PHASES OF HACKING, THE BLOG'S COME TO AN END.
NO IT HASN'T. THE PART THAT YOU'RE WAITING FOR IS HERE
WIFI HACKING
HERE'S A BLOG THAT I'VE WRITTEN https://www.thehackerforum.com/post/wifihacking
ANDROID HACKING
Next Week
WINDOWS HACKING
Next Week
SNIFFING
HERE'S AN AWESOME PDF THAT I REFERRED TO WHILE GETTING STARTED
DOS AND DDOS
THESE ARE THE MOST DANGEROUS FORMS OF CYBER ATTACKS. I WON'T TEACH YOU HOW TO PERFORM A DOS ATTACK HERE FOR A SPECIFIC REASON
HERE'S HOW A DOS ATTACK WORKS
YOU BOMBARD THE HOST WITH PACKETS UNTIL SERVER CAPACITY IS MAXED OUT
HERE'S WHAT HAPPENS AFTER YOU START BOMBARDING
YOU CAN DOWNLOAD LOIC FROM HERE https://sourceforge.net/projects/loic
MALWARE
Adware - A type of malware that displays advertisements on your computer and collects data about your browsing habits without your consent
Keylogger - Malicious software that tracks the keystrokes on a computer and transmits the data to another location so it can be used to detect usernames and passwords that are typed on a computer
Ransomware - Software that locks a computer and retains control until the user pay a certain amount of money
Rootkit - A type of software designed to open a backdoor into areas of operating system that are not supposed to be available and to mask its presence while doing so. It is used to deploy other types of malware.
Spyware – Software designed to steal user data such as website logins and passwords or proprietary information and trade secrets off machines it has infected
Trojan – Malicious software that seems legitimate but contains other software that attacks the system in some way after tricking a user into activating it.
Virus – A type of malware that attaches itself to an application and then spreads to other programs and computers on the same network through an infected host file, causing a variety of damage when the application is run.
Worm – Software that infects a computer and then replicates itself from system to system on its own without the help of a host file.
YOU CAN USE JPS VIRUS MAKER FOR TESTING( https://tradownload.uk/results/jps-virus-maker-3-0.html) , AND IF YOU HAVE ANY FILE THAT YOU THINK HAS MALWARE, UPLOAD IT TO virustotal.com AND CHECK.
PASSWORD CRACKING
I've already given quite a lot of info in the login bypassing section.
Here are some good tools
CAR HACKING
CRYPTOGRAPHY
DARK WEB
SOCIAL ENGINEERING
PLEASE NOTE:I AM NOT RESPONSIBLE FOR ANY OF YOUR ACTIONS. THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE IF YOUR PC GETS A VIRUS OR IS DAMAGED BECAUSE OF ANY OF THE FILES YOU DOWNLOAD THROUGH THE LINKS THAT ARE PROVIDED IN THIS BLOG.
COPYRIGHT RESERVED @2019 THEHACKERFORUM.COM
YOU MAY NOT COPY ANY PART OF THIS BLOG WITHOUT PERMISSION
PLEASE US YOUR KNOWLEDGE CAREFULLY.