How To Hack Computer System and WebSite
http://globalfair.blogspot.com/2015/05/how-to-hack-computer-system-and-website.html
Basic Hacking Concepts Before You Start Hacking
Two Parts:Before You Start Hacking
Basic Hacking Techniques |
If you're ready to dive in and learn the art about hacking, we'll share a few tips to help you to getting a good started!
Before You Hack
You Should Learn any programming language before starting. You should not limit yourself to any specific languages, but below there are the few guidelines.
C is language the Unix was built with. C language along with assembly language teaches something that's very important in the hacking.
How memory works
Ruby or Python are the high-level and powerful scripting languages that can be used to automate the various system tasks.Other one is Perl, it is a reasonable choice in this field as well as other languages, while w work with PHP which is worth learning server side language because the majority of web applications using PHP.
The Bash scripting is a must for this act. That is show how to easily manipulate the languages like Linux and Unix systems writing scripts, that will do most of the job for you.
Assembly language is the must-know. It is basic language that is understandable for your processor, there are multiple variations of Assembly. At the end of the day all the programs are the eventually interpreted as assembly language. You can not truly exploit a program if you don't know the assembly.
Know your target.
The process of gathering the information about your target that is known as enumeration, more you know in advance, there is a fewer surprises you'll have.Start Hacking
Step 1
*nix terminal for commands. |
Use a *nix terminal that is used for commands. Cygwin will help emulate a *nix for the Windows users. A user called Nmap in particular uses WinPCap to run on the Windows and does not require the Cygwin. However the Nmap works poorly on Windows systems due to a lack of raw sockets in window. You should also using BSD or Linux, which both are the more flexible. Most of the Linux distributions come with many useful tools that is mostly pre-installed.
First thing you do is Secure your machine first. Make sure you have fully understood all common techniques to protect yourself such as dynamic proxy.
Starts with the basics — but make sure you have an authorization to attack your target or network : either attack your own network, and ask for written permission, or set up your own laboratory with the virtual machines. Attacking on a system, no matter its content, is illegal and WILL get you in big trouble.
Step 3: Test the target that is victim of your attack.
One Question for You Can you reach the remote system?
While you can use the ping utility which is pre-installed and included in most operating system to see if the target is active, then you can not always trust on the results — it relies on the ICMP protocol, which can be easily shut-off by system administrators.
Step 4: Determine the operating system (OS).
Hacker Run a scan of the ports of computer, and try pOf, or nmap used to run a port scan. This will shown you the ports that are the open on the machine/computer, the OS, can even tell you that what type of router or firewall they are using so you can plan your course of action. You can activate operating system(OS) detection in the nmap by using the -O switch.Step 5
Find the path or open the port in the system. the Common ports such as FTP-21 and HTTP-80 are often well protected by default, and the possibly is only weak to exploits yet to be discovered by scanning the port and by finding the path.
Try other UDP and TCP ports that may have been forgotten, and such as Telnet and various UDP ports left open for LAN gaming in the system.
An open port 22 is usually an evidence of an SSH (secure shell) services that is running on the targeted system, which can sometimes be brute forced.
Step 6
Crack the authentication process or password. There are the several methods for cracking the password, including brute force u used.
Using brute force on the password is an effort to try the every possible password which is contained within the pre-defined dictionary of the brute force software the Users are often discouraged from using the weak passwords, so if u use brute force it may take a lot of time. but there have been some major improvements in the brute force techniques that are the currently used.
Most hashing algorithms are the weak, and it is the chance that you can significantly improve the cracking speed by exploiting these system weaknesses (like you can cut off the MD5 algorithm in 1/4 or 25%, which will give huge system speed boost).
New techniques is use the graphics card as another processor and it's thousands of times faster.
You try to using Rainbow Tables for this fastest password cracking techniques. Notice that the password cracking is a good technique only if you are already have the hash of password.
You can also get an rooted tablet, install a TCP scan, and then get a signal upload it to the secured site. Then the IP address will open causing the password which is to appear on your proxy.
It's often much easier to find the another way into a system than cracking the password.
Step 7: Get super-user privileges.
Try to get root privileges if you are targeting a *nix machines, or administrator privileges if taking on the Windows systems.To see all the files on any computer you need super user privileges - a user account that will be given the same privileges as the "root" user in the Linux and in the BSD operating systems.
For the routers this is the "admin" account by default in the OS (unless it has been changed); for Windows, it is the Administrator account.
Step 9: Create a backdoor.
Next StepOnce you have gained full control over an machine, it's a good idea to make sure that you can now come back again.
This can be done by backdooring an important system services, such as SSH servers. However, your backdoor may be removed during the next system up-gradation. A really experienced hackers would backdoor the compiler itself handle, so in every compiled software would be a potential way to come back to default.
Step 10: Cover your tracks.
You Don't let the administrator know that the system is compromised. and Don't change the website , and third one is don't create more extra files than you really needed.
Except one or two Do not create any additional users. Act as quickly as possible, and If you patched a server like SSHD, then make sure it has your secret password hard-coded from it.
If someone tries to log-in with this password, then server should let them in or not, but shouldn't contain any crucial information.
Except one or two Do not create any additional users. Act as quickly as possible, and If you patched a server like SSHD, then make sure it has your secret password hard-coded from it.
If someone tries to log-in with this password, then server should let them in or not, but shouldn't contain any crucial information.