Before You Hack
1
Learn a programming language. You shouldn’t limit yourself to any particular language, but there are a few guidelines.C is the language the Unix was built with. It (along with assembly language) teaches something that’s very important in hacking: how memory works.Python or Ruby are high-level, powerful scripting languages that can be used to automate various tasks.Perl is a reasonable choice in this field as well, while PHP is worth learning because the majority of web applications use PHP.Bash scripting is a must. That is how to easily manipulate Unix/Linux systems—writing scripts, which will do most of the job for you.Assembly language is a must-know. It is the basic language that your processor understands, and there are multiple variations of it. At the end of the day, all programs are eventually interpreted as assembly. You can’t truly exploit a program if you don’t know assembly.
2
Know your target. The process of gathering information about your target is known asenumeration. The more you know in advance, the fewer surprises you’ll have.Hacking
1
Use a *nix terminal for commands.Cygwinwill help emulate a *nix for Windows users.Nmapin particular usesWinPCapto run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to a lack of raw sockets. You should also consider using Linux or BSD, which are both more flexible, more reliable, and more secure. Most Linux distributions come with many useful tools pre-installed.
2
Secure your machine first. Make sure you’ve fully understood all common techniques to protect yourself. Start with the basics — have you found a server hosting a site about illegal or possibly bad activity? Attempt to hack it in any way you can. Don’t change the site, just make it yours.
3
Test the target. Can you reach the remote system? While you can use thepingutility (which is included in most operating systems) to see if the target is active, you can not always trust the results — it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators.
4
Determine the operating system (OS). Run a scan of the ports, and try pOf, or nmap to run a port scan. This will show you the ports that are open on the machine, the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action. You can activate OS detection in nmap by using the -O switch.
5
Find a path or open port in the system. Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered.Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming.An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be bruteforced.
6
Crack the password or authentication process. There are several methods for cracking a password, including brute force. Using brute force on a password is an effort to try every possible password contained within a pre-defined dictionary of brute force softwareUsers are often discouraged from using weak passwords, so brute force may take a lot of time. However, there have been major improvenments in brute-force techniques.Most hashing algorithms are weak, and you can significally improve the cracking speed by exploiting these weaknesses (like you can cut the MD5 algorithm in 1/4, which will give huge speed boost).Newer techniques use the graphics card as another processor — and it’s thousands of times faster.You may try using Rainbow Tables for the fastest password cracking. Notice that password cracking is a good technique only if you already have the hash of password.Trying every possible password while logging to remote machine is not a good idea, as it’s easily detected by intrusion detection systems, pollutes system logs, and may take years to complete.It’s often much easier to find another way into a system than cracking the password.
7
Getsuper-userprivileges. Try to get root privileges if targeting a *nix machine, or administrator privileges if taking on Windows systems.Most information that will be of vital interest is protected and you need a certain level of authentication to get it. To see all the files on a computer you need super-user privileges – a user account that is given the same privileges as the "root" user in Linux and BSD operating systems.For routers this is the "admin" account by default (unless it has been changed); for Windows, this is the Administrator account.Gaining access to a connection doesn’t mean you can access everything. Only a super user, the administrator account, or the root account can do this.天才就是这样,终身努力,便是天才。
