Simple tips and tricks

Any one running a website related to Hacking gets this question asked daily “How to Hack?”Most of us are curious to learn hacking but dont know where to start,so I am writing this article for all those people who want to Learn Hacking and dont know where to start or want to Learn Hacking from Basics
While surfing on web I came across a Book “A Beginners Guide To Ethical Hacking”, The book is so simple that even a D-Grade Script kiddie can become a master Hacker

About The Book

There exists tons of  books on the market that teach you Hacking but unfortunately, it requires a set of pre-established skills and  knowledge  to understand  the  concepts explained in the book. Also these books are not meant the for beginners who doesn’t know anything about hacking. As a solution to this problem I have found a excellent book for beginners and  I recommend the following book for beginners



This book is designed for the  beginners who are willing to learn Hacking from the basics. This book does not demand any prior knowledge about Hacking. So if you are a newbie to the concept of hacking and want to master it from the basics, then this book is for you.

The information given in this book will put you into a hacker’s mindset and teach you all of the hacker’s secret.

Core To Top

This book will take you from the core to the top. It will tell you how to hack, and how to defend yourself from malicious hack attacks in simple steps. It’s a great source for the beginner who want to become a Hacker. This will install a Hacker’s Mindset on you.

Learn What It Takes to become a you master in it.

A Beginners Guide to Ethical Hacking is a complete path for newbie hackers who want are curious to Learn Ethical Hacking Techniques.The Information given in this book will make you a master hacker.


How will the information in the book affect me?

You will learn All Ethical hacking techniques and also you will learn to apply them in real world situation
You will start to think like hackers
Secure your computer from trojans,worms, Adwares etc
Amaze your friends with your newly learned tricks
You will be able to protect your self from future hack attacks

Certified Ethical tips

The Certified Ethical Hacker is a professional certification provided by the International Council of E-Commerce Consultants (EC-Council.)
An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the targeted system(s) or network(s) is not.
A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker.
The exam code for C|EH is 312-50. The certification is in Version 7.1 as of 14 June 2011.
The EC-Council offers another certification, known as Certified Network Defense Architect (C|NDA). This certification is designed for United States Government Agencies, and is available only to members of selected agencies. Other than the name, the content of the course is exactly the same. The exam code for C|NDA is 312-99.

Some logical tips and tricks

Hacking means finding out weaknesses in an established system and exploiting them. A computer hacker is a person who finds out weaknesses in the computer and exploits it. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.[1] The subculture that has evolved around hackers is often referred to as the computer underground but it is now an open community.[2] While other uses of the word hacker exist that are not related to computer security, they are rarely used in mainstream context. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker,[3] not making a difference between computer criminals (black hats) and computer security experts (white hats). Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers.

Attacks

A typical approach in an attack on Internet-connected system is:
Network enumeration: Discovering information about the intended target.
Vulnerability analysis: Identifying potential ways of attack.
Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.
In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.

Security exploits

A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website/domain hacking.

Vulnerability scanner

A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound, but can still be circumvented.)

Password cracking

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.

Packet sniffer

A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.

Spoofing attack (Phishing)

Main article: Spoofing attack

A spoofing attack involves one program, system, or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another program. The purpose of this is usually to fool programs, systems, or users into revealing confidential information, such as user names and passwords, to the attacker.

Rootkit

A rootkit is designed to conceal the compromise of a computer's security, and can represent any of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Rootkits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.

Social engineering

Main article: Social engineering (computer security)

When a Hacker, typically a black hat, is in the second stage of the targeting process, he or she will typically use some social engineering tactics to get enough information to access the network. A common practice for hackers who use this technique, is to contact the system administrator and play the role of a user who cannot get access to his or her system. Hackers who use this technique have to be quite savvy and choose the words they use carefully, in order to trick the system administrator into giving them information. In some cases only an employed help desk user will answer the phone and they are generally easy to trick. Another typical hacker approach is for the hacker to act like a very angry supervisor and when the his/her authority is questioned they will threaten the help desk user with their job. Social Engineering is so effective because users are the most vulnerable part of an organization. All the security devices and programs in the world won't keep an organization safe if an employee gives away a password. Black Hat Hackers take advantage of this fact. Social Engineering can also be broken down into four sub-groups. These are intimidation, helpfulness, technical, and name-dropping.

Intimidation As stated above, with the angry supervisor, the hacker attacks the person who answers the phone with threats to their job. Many people at this point will accept that the hacker is a supervisor and give them the needed information.

Helpfulness Opposite to intimidation, helpfulness is taking advantage of a person natural instinct to help someone with a problem. The hacker will not get angry instead act very distressed and concerned. The help desk is the most vulnerable to this type of Social Engineering, because they generally have the authority to change or reset passwords which is exactly what the hacker needs.

Name-Dropping Simply put the hacker uses the names of advanced users as "key words", and gets the person who answers the phone to believe that they are part of the company because of this. Some information, like web page ownership, can be obtained easily on the web. Other information such as president and vice president names might have to be obtained via dumpster diving.

Technical Using technology to get information is also a great way to get it. A hacker can send a fax or an email to a legitimate user in hopes to get a response containing vital information. Many times the hacker will act like he/she is involved with law enforcement and needs certain data for record keeping purposes or investigations.

Trojan horses

A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A trojan horse can be used to set up a back door in a computer system such that the intruder can gain access later. (The name refers to the horse from the Trojan War, with conceptually similar function of deceiving defenders into bringing an intruder inside.)

Viruses

A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Therefore, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.

While some are harmless or mere hoaxes most computer viruses are considered malicious.

Worms

Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. Unlike a virus, it does not need to attach itself to an existing program. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program.

Key loggers

A key logger is a tool designed to record ('log') every keystroke on an affected machine for later retrieval. Its purpose is usually to allow the user of this tool to gain access to confidential information typed on the affected machine, such as a user's password or other private data. Some key loggers uses virus-, trojan-, and rootkit-like methods to remain active and hidden. However, some key loggers are used in legitimate ways and sometimes to even enhance computer security. As an example, a business might have a key logger on a computer used at a point of sale and data collected by the key logger could be used for catching employee fraud.