To start with, I am not an ethical hacker as simply I am not qualified to be one . I am writing this post (part of series of blogs which I will be writing on this subject) just to share few things I know about hacking.
Firstly to comment on the popular belief that hackers are the BAD Boys, I would want to clarify that they are not the bad ones, they are in fact the good guys. They are the ones who believe in breaking the system for finding loop holes so that those holes can be secured properly. Crackers or Black Hats are the ones who believe in breaking the system for illegal purposes.
Before going into details few terms just to get familiar with
1. White Hat : Good guys. Customers hire them to validate security of existing systems. White hats use hacking skills only after customer’s consent.
2. Black Hats : Are considered bad guys. They seek to steal data. Create viruses to harm your data. Think of most of those bad things which have happened to your system because of intrusion of any sort, were basically because of these guys.
3. Gray Hats : These guys do hacking either for fun, exploring hacking tools etc or to demonstrate security loops holes in various systems. But then they dont do this on customer/victim’s consent and hence the acts are considered illegal. If they are lucky they sometimes get hired by the victim only to improve the security. Hacker hired by Microsoft
Type of attacks
Back Doors – These are more about existing weakness in the network. Configuration Errors, Admin tools not configured properly, unsecured dial ups etc
Viruses and Worms – They are like viral fever. They spread from one body to another. Can harm a lot to the individual system or in worst case whole network, if not taken care of properly.
Trojan Horses – They are no less dangerous than Viruses. If you download and click on infected file, the program can target the stored passwords, or run keylogger at background, provide remote access to your system etc.
Denial of services – DOS – Don’t confuse this with MS DOS. It’s simply about denying the host to provide/offer service by using all of the host resources.
Cracking – Breaking passwords. Password can be for a game but then password can also be about your bank details.
Sniffing – These attacks are based on TCP/IP packets interception.
Usually steps involved in a planned hacking drill (ethical hacking)
1. Gather all the information about the victim (and related systems).
2. Analyse the information gathered.
Now is the time to attack
3. Try to gain access to the victim systems and make sure access is continued and not a temporary one.
4. This is the hardest one – Wiping out trail of above mentioned steps. Security/Network Admins should in no way get suspicious or doubtful.
Black hats usually take over at 4th Step for illegal reasons.