Earhical hacking :- Terminologies

Terminologies

Following is a list of important terms used in the field of hacking.

• Adware − Adware is software designed to force pre-chosen ads to display on your system.
• Attack − An attack is an action that is done on a system to get its access and extract sensitive data.
• Back door − A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections.
• Bot − A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it. For example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects at a higher rate.
• Botnet − A botnet, also known as zombie army, is a group of computers controlled without their owners’ knowledge. Botnets are used to send spam or make denial of service attacks.
• Brute force attack − A brute force attack is an automated and the simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords, over and over again, until it gets in.
• Buffer Overflow − Buffer Overflow is a flaw that occurs when more data is written to a block of memory, or buffer, than the buffer is allocated to hold.
• Clone phishing − Clone phishing is the modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.
• Cracker − A cracker is one who modifies the software to access the features which are considered undesirable by the person cracking the software, especially copy protection features.
• Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.
• DDoS − Distributed denial of service attack.
• Exploit Kit − An exploit kit is software system designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it and exploiting discovered vulnerabilities to upload and execute malicious code on the client.
• Exploit − Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to compromise the security of a computer or network system.
• Firewall − A firewall is a filter designed to keep unwanted intruders outside a computer system or network while allowing safe communication between systems and users on the inside of the firewall.
• Keystroke logging − Keystroke logging is the process of tracking the keys which are pressed on a computer (and which touchscreen points are used). It is simply the map of a computer/human interface. It is used by gray and black hat hackers to record login IDs and passwords. Keyloggers are usually secreted onto a device using a Trojan delivered by a phishing email.
• Logic bomb − A virus secreted into a system that triggers a malicious action when certain conditions are met. The most common version is the time bomb.
• Malware − Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
• Master Program − A master program is the program a black hat hacker uses to remotely transmit commands to infected zombie drones, normally to carry out Denial of Service attacks or spam attacks.
• Phishing − Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking emails, in an attempt to gather personal and financial information from recipients.
• Phreaker − Phreakers are considered the original computer hackers and they are those who break into the telephone network illegally, typically to make free longdistance phone calls or to tap phone lines.
• Rootkit − Rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
• Shrink Wrap code − A Shrink Wrap code attack is an act of exploiting holes in unpatched or poorly configured software.
• Social engineering − Social engineering implies deceiving someone with the purpose of acquiring sensitive and personal information, like credit card details or user names and passwords.
• Spam − A Spam is simply an unsolicited email, also known as junk email, sent to a large number of recipients without their consent.
• Spoofing − Spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
• Spyware − Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.
• SQL Injection − SQL injection is an SQL code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
• Threat − A threat is a possible danger that can exploit an existing bug or vulnerability to compromise the security of a computer or network system.
• Trojan − A Trojan, or Trojan Horse, is a malicious program disguised to look like a valid program, making it difficult to distinguish from programs that are supposed to be there designed with an intention to destroy files, alter information, steal passwords or other information.
• Virus − A virus is a malicious program or a piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.
• Vulnerability − A vulnerability is a weakness which allows a hacker to compromise the security of a computer or network system.
• Worms − A worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself.
• Cross-site Scripting − Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.
• Zombie Drone − A Zombie Drone is defined as a hi-jacked computer that is being used anonymously as a soldier or 'drone' for malicious activity, for example, distributing unwanted spam e-mails.

Read More

Types of hacker's

Hacker Types

Overview

Hackers can be classified into different categories such as white hat, black hat, and grey hat, based on their intent of hacking a system. These different terms come from old Spaghetti Westerns, where the bad guy wears a black cowboy hat and the good guy wears a white hat.

White Hat Hackers

White Hat hackers are also known as Ethical Hackers. They never intent to harm a system, rather they try to find out weaknesses in a computer or a network system as a part of penetration testing and vulnerability assessments.

Ethical hacking is not illegal and it is one of the demanding jobs available in the IT industry. There are numerous companies that hire ethical hackers for penetration testing and vulnerability assessments.

Black Hat Hackers

Black Hat hackers, also known as crackers, are those who hack in order to gain unauthorized access to a system and harm its operations or steal sensitive information.

Black Hat hacking is always illegal because of its bad intent which includes stealing corporate data, violating privacy, damaging the system, blocking network communication, etc.

Grey Hat Hackers

Grey hat hackers are a blend of both black hat and white hat hackers. They act without malicious intent but for their fun, they exploit a security weakness in a computer system or network without the owner’s permission or knowledge.

Their intent is to bring the weakness to the attention of the owners and getting appreciation or a little bounty from the owners.

Miscellaneous Hackers

Apart from the above well-known classes of hackers, we have the following categories of hackers based on what they hack and how they do it −

Red Hat Hackers

Red hat hackers are again a blend of both black hat and white hat hackers. They are usually on the level of hacking government agencies, top-secret information hubs, and generally anything that falls under the category of sensitive information.

Blue Hat Hackers

A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch. They look for loopholes that can be exploited and try to close these gaps. Microsoft also uses the term BlueHat to represent a series of security briefing events.

Elite Hackers

This is a social status among hackers, which is used to describe the most skilled. Newly discovered exploits will circulate among these hackers.

Script Kiddie

A script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept, hence the term Kiddie.

Neophyte

A neophyte, "n00b", or "newbie" or "Green Hat Hacker" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.

Hacktivist

A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denialof-service attacks.

Read More

Top 10 famous hackers in world

Famous Hackers

The laws relating to computer hacking vary from region to region. Broadly speaking, it's typically illegal to access a private computer system unless you have the expresspermission of the individual or organization the system belongs to. Penalties are usually more severe if malicious damage is involved. Hacking into government systems, even without any malicious intent, often carries a particularly high penalty, as this can have national security implications.

( If you hack into someone's system without their permission then no matter where you live it's a crime. )

Illegal Hacking

Illegal hacking involves computer-related activity that breaks the law. Motivations include simple curiosity, where a person has no intention of damaging a system or causing problems, and is solely interested in obtaining information. If done without permission, this kind of hacking is stillillegal. Some incursions are motivated by prankishness and involve annoying but ultimately fairly benign conduct. More serious acts of cracking or black hat hacking include vandalizing websites, deleting information, stealing private information such as lists of client names and details, or placing malware on computer systems.

Here is a list of few Top hackers who got imprisonment due to hacking illegally. 

Jonathan James

Jonathan James was an American hacker, illfamous as the first juvenile sent to prison for cybercrime in United States. He committed suicide in 2008 of a self-inflicted gunshot wound.

In 1999, at the age of 16, he gained access to several computers by breaking the password of a server that belonged to NASA and stole the source code of the International Space Station among other sensitive information.

Ian Murphy

Ian Murphy, also known as Captain Zap, at one point of time was having high school students steal computer equipment for him. Ian selfproclaims to have been "the first hacker ever convicted of a crime".

Ian's career as a master hacker was fabricated in 1986 after he and his unemployed wife decided to form some type of business.

He has a long history of computer and Internet frauds. One of his favourite games is to forge Email headers and to send out third-party threat letters.

Kevin Mitnick

Kevin Mitnick is a computer security consultant and author, who infiltrates his clients’ companies to expose their security strengths, weaknesses, and potential loopholes.

He is the first hacker to have his face immortalized on an FBI "Most Wanted" poster. He was formerly the most wanted computer criminal in the history of United States.

From the 1970s up until his last arrest in 1995, he skilfully bypassed corporate security safeguards, and found his way into some of the most well-guarded systems such as Sun Microsystems, Digital Equipment Corporation, Motorola, Netcom, and Nokia.

Mark Abene

Mark Abene, known around the world by his pseudonym Phiber Optik, is an information security expert and entrepreneur. He was a high-profile hacker in the 1980s and early 1990s. He was one of the first hackers to openly debate and defend the positive merits of ethical hacking as a beneficial tool to industry.

His expertise spreads across penetration studies, on-site security assessments, secure code reviews, security policy review and generation, systems and network architecture, systems administration and network management, among many others. His clientele includes American Express, UBS, First USA, Ernst & Young, KPMG and others.

Johan Helsinguis

Johan Helsingius, better known as Julf, came into the limelight in the 1980s when he started operating the world's most popular anonymous remailer, called penet.fi.

Johan was also responsible for product development for the first Pan-European internet service provider, EunetInternational.

He is at present, a member of the board of TechnologiaIncognita, a hackerspace association in Amsterdam, and supports the communication companies worldwide with his cyber knowledge.

Linus Torvalds

Linus Torvalds is known as one of the best hackers of all time. He rose to fame by creating Linux, the very popular Unix-based operating system. Linux is open source and thousands of developers have contributed to its Kernel. However, Torvalds remains the ultimate authority on what new code is incorporated into the standard Linux kernel. As of 2006, approximately two percent of the Linux kernel was written by Torvalds himself.

He just aspires to be simple and have fun by making the world’s best operating system. Torvalds has received honorary doctorates from Stockholm University and University of Helsinki.

Robert Morris

Robert Morris, known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. The worm had the capability to slow down computers and make them no longer usable. As a result of this, he was sentenced to three years’ probation, 400 hours of community service and also had to pay a penalty amount of $10,500.

Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory.

Gary McKinnon

Gary McKinnon is a renowned systems administrator and hacker. He was famously accused of the “biggest military computer hack of all time”. He had successfully hacked the networks of Army, Air Force, Navy and NASA systems of the United States government.

In his statements to the media, he has often mentioned that his motivation was only to find evidence of UFOs, antigravity technology, and the suppression of “free energy” that could potentially be useful to the public.

Kevin Poulsen

Kevin Poulsen, also known as Dark Dante, became famous for his notoriety when he took over all the telephone lines of Los Angeles radio station KIIS-FM, guaranteeing that he would be the 102nd caller and win the prize of a Porsche 944 S2.

Poulsen also drew the ire of FBI, when he hacked into federal computers for wiretap information, for which he had to serve a sentence of five years. He has reinvented himself as a journalist and has carved a niche for himself in this field.

Read More

11 best hacking apps for Android phone -2018

Latest Android Hacking Apps 2018

Latest Android Hacking Apps 2018

#1 Hackode

Download Link – Hackode
Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

#2 Androrat

Download Link – Androrat
Remote Administration Tool for Android. Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

#3 APKInspector
– Download Android Hacking Apps

Download Link – APKInspector
APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code.

#4 DroidBox

Download DroidBox
DroidBox is developed to offer dynamic analysis of Android applications.

#5 Burp Suite

Download Burp Suite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

#6 ZanTi

Download Zanti
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

#7 Droid Sheep

Download Droid Sheep
DroidSheep can be easily used by anybody who has an Android device and only the provider of the web service can protect the users. So Anybody can test the security of his account by himself and can decide whether to keep on using the web service.

#8 dSploit

Download dSploit
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

#9 Arpspoof

Arpspoof is a tool for network auditing originally written by Dug Song as a part of his dsniff package. This app redirects traffic on the local network by forging ARP replies and sending them to either a specific target or all the hosts on the local network paths.

#10 Shark for Root

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump.

#11 Nmap for Android

Nmap (network mapper) is one the best among different network scanner (port finder) tool, Nmap mainly developed for Unix OS but now it is available on Windows and Android as well. Nmap for android is a Nmap apps for your phone! Once your scan finishes you can e-mail the results. This application is not a official apps but it looks good.

Read More

Why learning programingng is necessary for becoming great hacker

<H1>Why learning programingng is necessary for becoming great hacker </H1>

Programming is the fundamental hacking skill!

 

Mastering a programming language allows you to be self-dependent and gives you the knowledge of working of programs to exploit them easily. Even though exploit development is mainly done in the assembly language in debuggers, learning the functioning of a program could be very useful.

It’ll help you to write your own exploits in C/C++ and ditch the frameworks like Metasploit. Learning programming also gives you the power to create your own custom malware, making it difficult for an antivirus software to detect.

Most of the hacking tools are freely available and open source. So, if you’ve mastered the art of programming, using hacking tools and making them better is an easy task.

So, before you start with the basics of hacking, learn to code and create a solid foundation.Programming is the basic skill that a hacker should possess and master. If you don’t know any programming languages, start by learning a basic language like Python or Java. These powerful and well-documented languages could be learned easily.

Web Hacking 

Now if you are interested in webhacking subject, subject then I would recommend you to learn the following languages:

1. HTML – Start with Html if you don’t know it

2. Javascript – Next learn javascript, which will help you understanding the fundamentals of cross site scripting which will be explained later in this book.

3. SQL Databases – You should learn to work with databases, which will help you to understand the fundamentals of SQL Injection attacks which will be also explained later in this book when we come to the Web Application hacking chapter.

4. PHP – Learning PHP should be your one of your first priorities if you want to understand the mechanisms behind the web hacking attacks. I would recommend you to learn it as soon as possible.

Recommended Sources: 

 

5. W3schools – W3schools has wide variety of e-learning courses including languages like PHP, HTML, Javascripts etc, If you have zero knowledge of programming languages try starting with HTML and javascript.

Exploit Writing 

Exploit writing is a very difficult segment in hacking as it requires pure programming knowledge, which is why I will not recommend you to start with exploit writing, Exploits are/can be coded in almost any programming language e.g C/C++, Python, Perl etc, but more than 50% of the exploits you will find on the web will be coded in C/C++ languages because they were present before any one of other languages. Languages such as C and C++ are considered as programming languages where as languages such as ruby, perl and python are considered more as scripting languages.

I would recommend you to start with C languages and then to C++, C/C++ have lots of similarities, so if you could get a good grasp on any one of them you can learn the other one easily.

Ruby

Talking about scripting languages, I would recommend you to start with Ruby, Ruby is one of my most favorite programming language as it’s purely objected oriented which means that everything you work on is an object. Ruby is really useful when it comes to exploit writing, Ruby is used for coding meterpreter scripts and what could be more better that the Metasploit framework itself was coded in ruby language.

Python

Python is also a very useful programming language, it can also be used for exploit writing, If you go for python first then make sure that you learn Python socket programming as it will help you a lot in the exploit creation process.

PERL

Talking about PERL, it’s also used widely for exploit writing, you will find lots of exploits out there written in PERL, but the problem is that perl is really difficult compared to other languages such as ruby and python, so I would recommend you to learn it at the very end.

Reverse Engineering

Reverse engineering is an act of tampering softwares, applications to make them work out way, If you are interested in reverse engineering and software cracking stuffs then you would surely need to learn Assembly language.

Start Learning Programming Languages If You Want To Become Real / Good / Great /  – Hacker 

Thank You

Rate US Review US If You Like Our Work

 

Read More