Hackers are often portrayed as "bad guys" who gain unauthorized access to computer systems and networks. In fact, a hacker is just a technical expert with extensive knowledge of computer systems and networks, not a "villain" who creates network viruses and spreads them on the network. While some hackers do use their skills for illegal and immoral purposes, others do it for the challenge. White hat hackers use their skills to solve problems and enhance system security. These hackers use their skills to catch criminals and fix holes in security systems. If you're ready to understand and learn the art, this article will help you get started with what hacking requires.
1. Learn the skills a hacker needs
1. Understand what hacking is. Broadly speaking, hacking refers to techniques used to compromise or gain access to digital systems. This could be a computer, phone or tablet, or the entire web. Hacking involves a variety of specialized skills. Some are highly technical.
2. Know the ethics of hacking. Despite the many ways in which popular culture portrays hackers, hacking is neither good nor bad. Hackers are simply people who are technically savvy and enjoy solving problems and overcoming limitations. If you are a person with normal views and like to challenge computer technology, then you can try to learn.
WARNING: Accessing a computer that does not belong to you is illegal. If you choose to use your hacking skills for such purposes, be aware that there are other hackers who put their skills to good use (they are known as white hat hackers). Some of them hunt down bad hackers (black hat hackers) for fun. If they catch you, you're not far from eating pickles.
3. Know how to use the Internet and HTML. If you want to hack, you need to know how to use the internet. Not just how to use a web browser, but also how to use advanced search engine techniques. You also need to know how to use HTML to create Internet content. Learning HTML will also teach you some good mental habits that will help you learn to program.
4. Learn how to program. Learning a programming language can take time, so you need to be patient. Focus on learning to think like a programmer rather than learning individual languages. Focus on similar concepts in all programming languages.
C and C++ are the build languages for Linux and Windows. It (along with assembly language) teaches hackers something very important: how memory works.
Python and Ruby are high-level, powerful scripting languages that can be used to automate a variety of tasks.
PHP is worth learning because most web applications use PHP. Perl is also a reasonable choice in this area.
Bash script is required. That's how to easily operate a Unix/Linux system. We can write scripts using Bash, which will do most of the work for us.
Assembly language is a must. It's the basic language understood by processors, and it comes in several variants. If you don't know assembly, you can't really use programs to perform tasks.
5. Get an open source Unix-based system and learn to use it. There are many Unix-based operating systems, including Linux. The vast majority of web servers on the Internet are Unix-based. So if you want to hack the internet, you need to learn Unix. Also, open source systems like Linux allow you to read and modify the source code.
There are many different distributions of Unix and Linux. The most popular Linux distribution is Ubuntu. So you can install Linux as the main operating system and also create Linux virtual machines. In addition, you can also use Windows and Ubuntu dual system.
2. Hacking
1. Secure your machine first. To hack, you must need a system to practice great hacking skills. However, make sure you have permission to attack the target. You can attack your own network, or your computer. It is also possible to set up your own victim using a virtual machine. Attacking someone else's network system without permission, regardless of whether the content is illegal or not, is an unforgivable mistake.
Boot2root is specially designed for hacked systems. You can download these systems online and install them using virtual machine software. We can practice hacking these systems.
2. Know your goals. The process of gathering information about a target is called enumeration. The goal is to establish an active connection with the target and find vulnerabilities that can be used to further exploit the system. There are various tools and techniques to aid in the enumeration process. Enumeration can be performed on various Internet protocols, including NetBIOS, SNMP, NTP, LDAP, SMTP, DNS, and Windows and Linux systems. Here is some information you will collect:
- username and groupname
- CPU name
- Network Sharing and Services
- IP tables and routing tables
- Service Settings and Audit Configuration
- Apps and Banners
- SNMP and DNS details
3. Test target. Can you access remote systems? While you can use the ping utility (included with most operating systems) to see if a target is alive, you can't always trust the results -- it relies on the ICMP protocol, which can be easily turned off by a paranoid sysadmin. Additionally you can use the tool Check Email to see which email server it uses.
4. Run a port scan. We can use a network scanner to run a port scan. This will show us the ports that are open on the operating system and even tell you what type of firewall or router they are using so you can develop an intrusion plan.
5. Find paths or open ports in the system. Common ports such as FTP (21) and HTTP (80) are usually well protected and may only be vulnerable to as yet undiscovered attacks. Try other TCP and UDP ports that might be forgotten, such as Telnet, various UDP ports left open for LAN gaming.
An open port 22 is usually evidence of an SSH (Secure Shell) service running on the target, which may sometimes be enforced.
6. Crack the password or authentication process. There are several ways to crack the code. They include some of the following:
Brute Force Attack: A brute force attack is simply an attempt to guess a user's password. This is useful for accessing easily guessable passwords (i.e. password123). Hackers often try to guess passwords using tools that quickly guess different words from a dictionary. To prevent brute force attacks, avoid using simple words as passwords. Make sure to use a combination of letters, numbers, and special characters.
Social Engineering: With this technique, the hacker will contact the user and trick them into providing their password. For example, they claim to be from the IT department and tell users that they need a password to solve a problem. After the Apple mobile phone is lost, hackers often use this method to pretend to be an official email to deceive the user's password to unlock the mobile phone. So in life, we need to identify this kind of password change email.
Phishing: In this technique, a hacker sends a user a fake email that appears to be from a person or company that the user trusts. The email may contain an attachment that installs spyware or a keylogger. It may also contain links to fake commercial websites (made by hackers) that look real. Users are then asked to enter their personal information, which can then be accessed by hackers. To avoid these scams, don't open emails you don't trust. Always check that the site is secure (include "HTTPS" in the URL). Go directly to the official website instead of clicking a link in an email.
ARP spoofing: In this technique, hackers use an app on a smartphone to create a fake Wi-Fi access point that anyone in a public place can log into. Hackers can give it a name that looks like it belongs to a local agency. People log on to it thinking they're logging on to public Wi-Fi. The app then logs all the data the sign-in person transmits over the internet. If they log into an account with a username and password over an unencrypted connection, the app stores that data and grants the hacker access. To avoid falling victim to this robbery, avoid using public Wi-Fi.
7. Obtain superuser privileges. Most important information is protected and we require a certain level of authentication to access it. To see all the files on the computer, we need superuser privileges -- a user account with the same privileges as the "root" user in Linux and BSD operating systems. For routers, this is the "Administrator" account by default (unless you have changed it); for Windows, this is the Administrator account. There are a few tricks we can use to gain superuser privileges:
Buffer overflow: If you know the memory layout of a system, you can enter things that the buffer cannot store. It is also possible to overwrite the code stored in memory with your code and take control of the system.
On Unix-like systems, this can happen if the bugged software sets the setUID bit to store file permissions. The program will be executed as a different user (such as superuser).
8. Create a backdoor. Once you have full control over a machine, it's best to make sure you can come back again. To create a backdoor, a piece of malware or code needs to be installed on an important system service such as an SSH server. This will allow you to bypass standard authentication systems. However, your backdoor may be removed in the next system upgrade.
An experienced hacker will backdoor the compiler itself, so every compiled software could be a way back.
9. Cover your tracks. Do not let administrators know that the system has been compromised. Do not make any changes to the site. Do not create more files than you need. Don't create any other users, just complete your purpose. If you patched a server like SSHD, make sure it has hardcoded passwords. If someone tries to log in with this password, the server should let them in, but it shouldn't contain any vital information.
at last
Statistics show that there is currently a gap of 1.4 million cyber security talents in China...
Whether you are a cyber security enthusiast or a practitioner with certain work experience,
whether you are a fresh graduate or a professional who wants to change jobs, you
all need this job. super super comprehensive information
almostBeats 90% of self-study materials on the market
And covers the entire network security learning category
to bookmark it!It will definitely help your study!
Friends, if you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
1. A full set of toolkits and source codes necessary for network security
2. Video Tutorial
Although there are a lot of learning resources on the Internet, they are basically incomplete. This is the online security video tutorial I recorded myself. I have supporting video explanations for every knowledge point on the road map.
3. Technical documents and e-books
The technical documents are also compiled by myself, including my experience and technical points of participating in the network protection operation, CTF and digging SRC vulnerabilities.
I have also collected more than 200 e-books on Internet security, basically I have popular and classic ones, and I can also share them.
4. NISP, CISP and other certificate preparation packages
5. Information security engineer exam preparation spree
6. Interview questions for network security companies
The interview questions about cyber security that have been sorted out in the past few years, if you are looking for a job in cyber security, they will definitely help you a lot.
Friends, if you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing