1. How to Hack: 12 Steps - wikiHow
1 of 6
http://www.wikihow.com/Hack
How to Hack
Before You Hack
Hacking
Primarily, hacking was used in the "good old days" for learning information
about systems and IT in general. In recent years, thanks to a few villian actors,
hacking has taken on dark connotations. Conversely, many corporations
employ hackers to test the strengths and weaknesses of their own systems.
These hackers know when to stop, and the positive trust they build earns them
a large salary.
If you're ready to dive in and learn the art, we'll share a few tips to help you get
started!
CCNA Training Kolkata
www.netcommsindia.com
Best CISCO Lab / Certified Trainer CCNA , CCNP Training now in Kolkata
Method 1 of 2: Before You Hack
1
Learn a programming language. You shouldn't limit yourself to any particular
language, but there are a few guidelines.
C is the language the Unix was built with. It (along with assembly language)
teaches something that's very important in hacking: how memory works.
Python or Ruby are high-level, powerful scripting languages that can be used to
automate various tasks.
Perl is a reasonable choice in this field as well, while PHP is worth learning
because the majority of web applications use PHP.
Bash scripting is a must. That is how to easily manipulate Unix/Linux systems
—writing scripts, which will do most of the job for you.
Assembly language is a must-know. It is the basic language that your processor
understands, and there are multiple variations of it. At the end of the day, all
programs are eventually interpreted as assembly. You can't truly exploit a
program if you don't know assembly.
Join Hardware& Networking
www.AptechNpower.com
Learn Linux, CCNA, SQL, Win Server Be Remote Infrastructure Manager
2
Know your target. The process of gathering information about your target is
known as enumeration. The more you know in advance, the fewer surprises you'll
have.
Method 2 of 2: Hacking
Use a *nix terminal for commands. Cygwin will help emulate a *nix for Windows users.
11/8/2013 4:56 PM
2. How to Hack: 12 Steps - wikiHow
2 of 6
http://www.wikihow.com/Hack
1
Nmap in particular uses WinPCap to run on Windows and does not require
Cygwin. However, Nmap works poorly on Windows systems due to a lack of raw
sockets. You should also consider using Linux or BSD, which are both more flexible,
more reliable, and more secure. Most Linux distributions come with many useful tools
pre-installed.
2
Secure your machine first. Make sure you've fully understood all common
techniques to protect yourself. Start with the basics — have you found a server
hosting a site about illegal or possibly bad activity? Attempt to hack it in any way you
can. Don't change the site, just make it yours.
3
Test the target. Can you reach the remote system? While you can use the ping
utility (which is included in most operating systems) to see if the target is active,
you can not always trust the results — it relies on the ICMP protocol, which can be easily
shut off by paranoid system administrators.
4
Determine the operating system (OS). Run a scan of the ports, and try pOf, or
nmap to run a port scan. This will show you the ports that are open on the
machine, the OS, and can even tell you what type of firewall or router they are using so
you can plan a course of action. You can activate OS detection in nmap by using the -O
switch.
5
Find a path or open port in the system. Common ports such as FTP (21) and
HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to
be discovered.
Try other TCP and UDP ports that may have been forgotten, such as Telnet and
various UDP ports left open for LAN gaming.
An open port 22 is usually evidence of an SSH (secure shell) service running on
the target, which can sometimes be bruteforced.
6
Crack the password or authentication process. There are several methods for
cracking a password, including brute force. Using brute force on a password is an
effort to try every possible password contained within a pre-defined dictionary of brute
force software
Users are often discouraged from using weak passwords, so brute force may
take a lot of time. However, there have been major improvenments in
brute-force techniques.
Most hashing algorithms are weak, and you can significally improve the
cracking speed by exploiting these weaknesses (like you can cut the MD5
algorithm in 1/4, which will give huge speed boost).
Newer techniques use the graphics card as another processor — and it's
thousands of times faster.
You may try using Rainbow Tables for the fastest password cracking. Notice that
password cracking is a good technique only if you already have the hash of
password.
Trying every possible password while logging to remote machine is not a good
idea, as it's easily detected by intrusion detection systems, pollutes system logs,
and may take years to complete.
11/8/2013 4:56 PM
3. How to Hack: 12 Steps - wikiHow
3 of 6
http://www.wikihow.com/Hack
It's often much easier to find another way into a system than cracking the
password.
7
Get super-user privileges. Try to get root privileges if targeting a *nix machine, or
administrator privileges if taking on Windows systems.
Most information that will be of vital interest is protected and you need a certain
level of authentication to get it. To see all the files on a computer you need
super-user privileges - a user account that is given the same privileges as the
"root" user in Linux and BSD operating systems.
For routers this is the "admin" account by default (unless it has been changed);
for Windows, this is the Administrator account.
Gaining access to a connection doesn't mean you can access everything. Only
a super user, the administrator account, or the root account can do this.
8
Use various tricks. Often, to gain super-user status you have to use tactics such
as creating a buffer overflow, which causes the memory to dump and that allows
you to inject a code or perform a task at a higher level than you're normally authorized.
In unix-like systems this will happen if the bugged software has setuid bit set, so
the program will be executed as a different user (super-user for example).
Only by writing or finding an insecure program that you can execute on their
machine will allow you to do this.
9
Create a backdoor. Once you have gained full control over a machine, it's a good
idea to make sure you can come back again. This can be done by backdooring an
important system service, such as the SSH server. However, your backdoor may be
removed during the next system upgrade. A really experienced hacker would backdoor
the compiler itself, so every compiled software would be a potential way to come back.
10
Cover your tracks. Don't let the administrator know that the system is
compromised. Don't change the website (if any), and don't create more files
than you really need. Do not create any additional users. Act as quickly as possible. If
you patched a server like SSHD, make sure it has your secret password hard-coded. If
someone tries to log-in with this password, the server should let them in, but shouldn't
contain any crucial information.
Learn Ethical Hacking
www.Koenig-India.com
Certified Ethical Hacker Courses by Koenig Solution Limited
Download Password Manager
How to Convert to Islam
11/8/2013 4:56 PM
4. How to Hack: 12 Steps - wikiHow
4 of 6
http://www.wikihow.com/Hack
Tips
Remember, hacking is not about breaking into computers, getting a
well paid job, selling exploits on the black market, nor helping anyone
compromise secure machines. You're not here to help the admin do his
job. You're here to become the best.
Read books discussing TCP/IP networking.
Hackers are those who built the internet, made Linux, and work on
open source software. It's advisable to look into hacking as it's quite
respected, and requires a lot of professional knowledge to do anything
serious in real environments.
There is a major difference between a hacker and a cracker. A cracker
is motivated by malicious (namely: money) reasons, while hackers
attempt to retrieve information and gain knowledge through exploration
- ("bypassing security"), at any cost and in any way which may not
always be legal.
Unless you're an expert or a professional hacker, using these tactics on
a popular corporate or government computer is asking for trouble.
Keep in mind there are people a bit more knowledgeable than you who
protect these systems for a living. Once found, they sometimes monitor
intruders to let them incriminate themselves first before legal action is
taken. This means you might think you have free access after hacking
into a system, when in fact, you're being watched, and may be stopped
at any moment.
Although it's great that there are many legal, safe training grounds
available for anyone, the sad truth is that you won't become even
mediocre if you don't perform potentially illegal actions. You can't
become anyone if you won't find real problems on real systems, with
the real risk of getting caught. Keep that in mind.
Keep in mind, if your target is not doing their best to keep you out, you
won't ever become good. Of course, don't get cocky, don't think about
yourself as the best of the best. Make this your goal: you must become
better and better. Every day that you didn't learn something new is a
wasted day. You are all that counts. Become best, at any cost. There
are no half-ways, you must give fully of yourself. As Yoda would say,
"Do or do not. There is no try."
Animation Film Making
www.maacindia.com
Learn latest techniques of Digital Animation Film Making with MAAC
Warnings
Don't delete entire logfiles, instead, just remove only the incriminating
entries from the file. The other question is, is there a backup logfile?
What if they just look for differences and find the exact things you
erased? Always think about your actions. The best thing is to delete
random lines of log, including yours.
11/8/2013 4:56 PM
5. How to Hack: 12 Steps - wikiHow
5 of 6
http://www.wikihow.com/Hack
Although you may have heard the opposite, don't help anyone patch
their programs or systems. This is considered extremely lame and
leads to being banned from most hacking communities. And if you
would release a private exploit someone found, he may become your
enemy — and he's probably better than you are .
Be extremely careful if you think you have found a very easy crack or a
crude mistake in security management. A security professional
protecting that system may be trying to trick you or setting up a
honeypot.
Misusing this information may be a local and/or federal criminal act
(crime). This article is intended to be informational and should only be
used for ethical - and not illegal - purposes.
Never do anything just for fun. Remember it's not a game to hack into a
network, but a power to change the world. Don't waste that on childish
actions.
Hacking into someone else's system may be illegal, so don't do it
unless you are sure you have permission from the owner of the system
you are trying to hack or you are sure it's worth it and you won't get
caught.
If you aren't confident with your skills, avoid from breaking into
corporate, government, or military networks. Even if they have weak
security, they could have a lot of money to trace and bust you. If you do
find a hole in such network, it's best to hand it to more experienced
hacker that you trust who can put these systems to good use.
Things You'll Need
A (fast operating) PC or laptop with a connection to the Internet.
A Proxy (optional)
An IP scanner
Petaflops Help
11/8/2013 4:56 PM
6. How to Hack: 12 Steps - wikiHow
6 of 6
http://www.wikihow.com/Hack
Related wikiHows
How to
How to
Hack Lights on
Keyboard
How to
Record Computer
Sounds with
Goldwave
Hack Windows
With a Limited
Account
How to
Pretend to Hack a
Website
How to
Minimise Security
Risks from
Hackers and
Crackers
How to
Unblock
Command Prompt
Anywhere
How to
Hack Into Any
Live Webcam
Sources and Citations
OW2 Consortium
Cygwin
Nmap
WinPCap
Article Info
Categories: Featured Articles | Hacks
Recent edits by: Amy K. Jones, Burnthillslol, Steve
Featured
Article
In other languages:
Português: Como Hackear, Español: Cómo hackear, Italiano: Come
Hackerare, Français: Comment hacker un système informatique, Русский: стать
хакером, Deutsch: Einen Computer "hacken", 中文: 成为黑客
IP Tools
whatismyipaddress.com
IP Lookup, visual traceroute, geographic location, and more
Thanks to all authors for creating a page that has been read 1,701,815 times.
11/8/2013 4:56 PM