Hacking 1 : Introduction to hacking (Types of hacker, Hacker skill, Good hacker, Important terminologies)

Hacking had never been an easy work. Never! But still a lot of computer freaks want to be a hacker. Being a hacker is easy. What is tough is being a good hacker. Here in this article I’m putting down some information that you should know to be a good hacker. Having good skills in computers is an obvious thing that is required to be a hacker, so am considering it latter with practical concept.

What is Hacking?

There are many definitions for “hacker.” Ask this question from a technical people and you’ll get a new answer every time because “more mouths will have more talks” and this is the reason behind the different definitions of hackers which in my opinion is quite justified for everyone has a right to think differently.

In the early 1990s, the word “hacker” was used to describe a great programmer, someone who was able to build complex logics. Unfortunately, over time the word gained negative hype, and the media started referring to a hacker as someone who discovers new ways of hacking into a system, be it a computer system or a programmable logic controller, someone who is capable of hacking into banks, stealing credit card information, etc. This is the picture that is created by the media and this is untrue because everything has a positive and a negative aspect to it. What the media has been highlighting is only the negative aspect; the people that have been protecting organizations by responsibly disclosing vulnerabilities are not highlighted.

However, if you look at the media’s definition of a hacker in the 1990s, you would find a few common characteristics, such as creativity, the ability to solve complex problems, and new ways of compromising targets. Therefore, the term has been broken down into three types:

1. White hat hacker - This kind of hacker is often referred to as a security professional or security researcher. Such hackers are employed by an organization and are permitted to attack an organization to find vulnerabilities that an attacker might be able to exploit.

2. Black hat hacker - Also known as a cracker, this kind of hacker is referred to as a bad guy, who uses his or her knowledge for negative purposes. They are often referred to by the media as hackers.

3. Gray hat hacker - This kind of hacker is an intermediate between a white hat and a black hat hacker. For instance, a gray hat hacker would work as a security professional for an organization and responsibly disclose everything to them; however, he or she might leave a backdoor to access it later and might also sell the confidential information, obtained after the compromise of a company’s target server, to competitors.

Similarly, we have categories of hackers about whom you might hear oftentimes. Some of them are as follows:

Script kiddies - Also known as skid, this kind of hacker is someone who lacks knowledge on how an exploit works and relies upon using exploits that someone else created. A Script kiddies may be able to compromise a target but certainly cannot debug or modify an exploit in case it does not work.

Elite hacker - An elite hacker, also referred to as l33t or 1337, is someone who has deep knowledge on how an exploit works, he or she is able to create exploits, but also modify codes that someone else wrote. He or she is someone with elite skills of hacking.

Hacktivist - Hacktivist are defined as group of hackers that hack into computer systems for a cause or purpose (e.g. Anonymous). The purpose may be political gain, freedom of speech, human rights, or for any justice against any injustice.

Ethical hacker - An ethical hacker is as a person who is hired and permitted by an organization to attack its systems for the purpose of identifying vulnerabilities, which an attacker might take advantage of. The sole difference between the terms “hacking” and “ethical hacking” is the permission.

Motivated hacker - An motivated hacker is a technical or sometimes non technical person, who get motivated from movies hacker and want to be like that and starting to learn How to become a hacker, they want to do some curious to outside world with some aim, revenge or for name fame/fun, and today our earth have that type of hacker called Kevin Mitnick, Jonathan James, Gari mcKinnon, is the world's top hacker that have a aim or a motive to do some like impossible or a courage inside them to make it possible.

What makes a good hacker

Following is a set of skills that every hacker must have to be a part of good hacker.

1. Keep up to date

You have to got stay tuned with what’s new in the software market. Keep browsing for the latest software that can help you in hacking. After all, technology and science has made things easier so make use of them. Newer is the technology, faster is the work.

2. Be patient

Patience is a quality that every hacker should have in him. If you think hacking someone’s profile or something is a task of a day or two, I’m sorry to say that you are mistaken! Hacking requires patience and of course it keeps checking it too, for in some cases it may take about a week or two to hack a profile, in some task it takes a month.

3. Be a good observer

This quality will help you in making guesses. A good observer is one who observes things very carefully and keeps them in mind for you never know what is next and whenever it’s going to help you. So, whenever you visit someone’s ,let’s say, target or a social media profile like facebook, observe things carefully like what music, movies, pages on facebook, etc. does the person likes, etc..

4. An excellent guess-maker

After capturing details of a person from target or from social media profile, your main target to hack target's e mail address. There is the test which decides how good you are at making guesses. Well, I’m not saying that make guesses for the passwords, but you can try for answers of the security questions. And the details of that target's have the maximum probability to have answers hidden in them.

5. Never neglect small things

By small things I mean the things that you may have never thought of paying any attention to them, this is where you are mistaken. Well, even a small and un-necessary detail about the individual can prove to be of a great worth later on. This thing is interlinked to the quality of being a good observer and thus to the guess-making.

6. An effective convincer

You should have very good convincing skills so that you can make your target to log in on your phisher. Well, it’s a bit tough task to convince the person on the other end, but yes if you are a high class convincer, you are half way through.

Always remember – While you are hacking don’t think of any kinda guarantee that you’ll surely penetrate through someone’s account or else. Sometimes you have to taste defeat too. As they say, where there’s a will, there’s a way, so, try for an alternate method. Like, if your guessing method has failed many times, go for phishing method. If that too fails, try remote key logger. Well, there are many ways to hack something and one of them will surely work unless your target is very intelligent and has a good knowledge of computers too.

Try avoiding – Being over-confident is what you are not supposed to be. Don’t ever underestimate your target and take him/her as a fool. Always plan for the future and for your alternate hacking method that you’ll choose if the current one fails. One more thing you should avoid is publicizing yourself and your hacking skills and techniques. Mind it.

7. Technical Skill

These are the basics that every hacker should know before even trying to hack. Once you have a good grasp on everything in this section, you can move into the intermediary level.

Basic Computer Skills

It probably goes without saying that to become a hacker you need some basic computer skills. These skills go beyond the ability to create a Word document or cruise the Internet. You need to be able to use the command line in Windows, edit the registry, and set up your networking parameters.

Networking Skills

You need to understand the basics of networking, such as the following.

• DHCP
• NAT
  
• Subnetting
• IPv4
• IPv6
• Public v Private IP
• DNS
• Routers and switches
• VLANs
• OSI model
• MAC addressing
•  ARP

As we are often exploiting these technologies, the better you understand how they work, the more successful you will be.

Linux Skills

It is extremely critical to develop Linux skills to become a hacker. Nearly all the tools we use as a hacker are developed for Linux and Linux gives us capabilities that we don't have using Windows.

If you need to improve your Linux skills, or you're just getting started with Linux, check out latter on my CEH, Linux Admin or Kali Linux Series will guide you from beginner to Intermediate/Advanced

Virtualization

You need to become proficient in using one of the virtualization software packages such as VirtualBox or VMWare Workstation. Ideally, you need a safe environment to practice your hacks before you take them out in real world. A virtual environment provides you a safe environment to test and refine your hacks before going live with them.

Security Concepts & Technologies

A good hacker understands security concepts and technologies. The only way to overcome the roadblocks established by the security admin is to be familiar with them. The hacker must understand such things as PKI (public key infrastructure), SSL (secure sockets layer), IDS (intrusion detection system), firewalls, etc.

Wireless Technologies

In order to be able to hack wireless, you must first understand how it works. Things like the encryption algorithms (WEP, WPA, WPA2), the four-way handshake, and WPS. In addition, understanding such as things as the protocol for connection and authentication and the legal constraints on wireless technologies.

Scripting

Without scripting skills, the hacker will be relegated to using other hackers' tools. This limits your effectiveness. Every day a new tool is in existence loses effectiveness as security admin come up with defenses.

To develop your own unique tools, you will need to become proficient at least in one of the scripting languages including the BASH shell. These should include one of Perl, Python, or Ruby.

Database Skills

If you want to be able to proficiently hack databases, you will need to understand databases and how they work. This includes the SQL language. I would also recommend the mastery of one of the major DBMS's such SQL Server, Oracle, or MySQL.

Web Applications

Web applications are probably the most fertile ground for hackers in recent years. The more you understand about how web applications work and the databases behind them, the more successful you will be. In addition, you will likely need to build your own website for phishing and other nefarious purposes.

Forensics

To become good hacker, you must not be caught! You can't become a pro hacker sitting in a prison cell for 5 years. The more you know about digital forensics, the better you can become at avoiding and evading detection.

Advanced TCP/IP

The beginner hacker must understand TCP/IP basics, but to rise to the intermediate level, you must understand in intimate details the TCP/IP protocol stack and fields. These include how each of the fields (flags, window, df, tos, seq, ack, etc.) in both the TCP and IP packet can be manipulated and used against the victim system to enable MitM attacks, among other things.

Cryptography

Although one doesn't need to be a cryptographer to be a good hacker, the more you understand the strengths and weaknesses of each cryptographic algorithm, the better the chances of defeating it. In addition, cryptography can used by the hacker to hide their activities and evade detection.

Reverse Engineering

Reverse engineering enables you to open a piece of malware and re-build it with additional features and capabilities. Just like in software engineering, no one builds a new application from scratch. Nearly every new exploit or malware uses components from other existing malware.

In addition, reverse engineering enables the hacker to take an existing exploit and change its signature so that it can fly past IDS and AV detection.

8. The Intangible Skills

Along with all these computer skills, the successful hacker must have some intangible skills. These include the following.

Think Creatively

There is ALWAYS a way to hack a system and many ways to accomplish it. A good hacker can think creatively of multiple approaches to the same hack.

Problem-Solving Skills

A hacker is always coming up against seemingly unsolvable problems. This requires that the hacker be accustomed to thinking analytically and solving problems. This often demands that the hacker diagnose accurately what is wrong and then break the problem down into separate components. This is one of those abilities that comes with many hours of practice.

Persistence

A hacker must be persistent. If you fail at first, try again. If that fails, come up with a new approach and try again. It is only with a persistence that you will be able to hack the most secured systems.

Important Terminologies

Let’s now briefly discuss some of the important terminologies that I will be

Asset

An asset is any data, device, or other component of the environment that supports information related activities that should be protected from anyone besides the people that are allowed to view or manipulate the data/information.

Vulnerability

Vulnerability is defined as a flaw or a weakness inside the asset that could be used to gain unauthorized access to it. The successful compromise of a vulnerability may result in data manipulation, privilege elevation, etc.

Threat

A threat represents a possible danger to the computer system. It represents something that an organization doesn’t want to happen. A successful exploitation of vulnerability is a threat. A threat may be a malicious hacker who is trying to gain unauthorized access to an asset. Following is well known threats latter we discuss about it in depth.

• Virus
• Trojans
  
• Worms
• Spyware
• Key loggers
• Adware
• Denial of Service Attacks
• Distributed Denial of Service Attacks
• Unauthorized access to computer systems resources such as data
• Phishing
• Other Computer Security Risks

Exploit

An exploit is something that takes advantage of vulnerability in an asset to cause unintended or unanticipated behavior in a target system, which would allow an attacker to gain access to data or information.

Risk

A risk is defined as the impact (damage) resulting from the successful compromise of an asset. For example, an organization running a vulnerable apache tomcat server poses a threat to an organization and the damage/loss that is caused to the asset is defined as a risk. Normally, a risk can be calculated by using the following equation:

Risk = Threat * vulnerabilities * impact

Here you can learn about risk assessment using penetration testing, what precaution and steps should be considered during a penetration testing phase.

Conclusion

In this article, we talked about basic terminologies that you should know as a ethical hacker and latter we will discuss in details. We discussed about actual meaning of hacking and where it from derived, The hacker and its types and what they can do. We then talked about what makes a good hacker and about its mandatory skills.