The word hacker does not necessarily have to have a negative connotation and not all hackers are cybercriminals. Generally, there are 3 types of hackers: black hats (those who do get involved in cybercrime), white hats (those who work on behalf of legitimate clients to defend them against cybercrime) and grey hats (a mixture of both).
Generally, regardless what path a hacker would chose, whether it is to attack cybersystems or to defend them, the skillset that he or she would need would be the same. Performing a cyberattack is all about finding and exploiting security vulnerabilities, while defending against cyberattacks involves actively finding and patching vulnerabilities before malicious black-hat attackers can find them.
If you are interested in becoming a hacker, this article will provide the list of the most basic technologies you can learn to get yourself started. We don’t endorse any illegal activities and any other malicious black-hat practices and we hope that you will use these skills to advance yourself in a career of a penetration tester or use them as an independent ethical hacker to participate in bug bounty programs.
Of course, how you chose to use these skills is entirely up to you. However, you are fully responsible for any negative outcome if you are to use them maliciously.
All of the techniques listed below are the most fundamental types of hacking. As cybercrime is not new, the expectation is that the majority of organisations with online presence are aware of these techniques and are capable of protecting themselves against them. However, you will be surprised how often these days you will still be able to find a business that is vulnerable to at least one of these types of exploitation.
Learn some basics of web development
Learn how to use traffic-sniffing tools
If you are remotely interested in cybersecurity, you have probably heard the advice about not entering any personal details on a web form that does not use encryption, especially if you are connected to a public Wi-Fi network. Traffic-sniffing software tools are the reason why. As the name suggests, these tools are capable of reading full content of requests and responses sent and received by computers (or other digital devices) connected to the network.
Most of these tools were not intended as instruments of malicious hacking. The intended purpose of these tools is to perform network debugging by system administrators on enterprise networks. However, the same functionality can be used to steal unencrypted personal data that travels through the network.
The most noteworthy examples of such tools are Wireshark and Fiddler. The information on how to use these tools is beyond the scope of this article, but you can find detailed instructions on their official websites.
If you are connected to a public Wi-Fi network, it is possible to use one of these tools to capture all unencrypted traffic that moves between any connected computers and the router. You will be able to see the full content of the communication, including its full HTTP headers. Knowledge of HTTP and HTML will help you to understand this information.
The most basic way of how to defend against somebody using this tool maliciously is to ensure that your online communication is encrypted by Secure Socket Layer (SSL). When SSL is used, the web address in your browser will start with “HTTPS”. If this is the case, your traffic will look like a large blob of completely random characters to anyone who is using one of the network sniffing tools.
URL, which stands for Unique Resource Identifier, is the official name of a web address that is entered into the address bar of your browser. Not only URL allows you to conveniently retrieve a web resource that you need without having to enter its IP address, but also, on badly-designed websites, it can be used to obtain some restricted information that never was intended for you.
Although this security vulnerability would indicate that the website owners have neglected some of the most basic security practices, this vulnerability is surprisingly common. For example, we have recently seen a web page which was used by a practicing solicitor firm as a web portal for their customers that was vulnerable to URL manipulation.
URL manipulation relies on two concepts: query string parameters and routing. Query string is a collection of key-value pairs in the URL separated by an ampersand (the & symbol) that follows a question-mark (?) character at the end of URL.
In the example below, “account=123456&issue=001” is the query string. The parts separated by an ampersand are individual variables. For each one of them, the text on the left of equality character is a key and the combination of characters (in this case, numbers) to the right of the equality symbol is a value.
Now, let’s assume that this website is used by a solicitor firm. The number that follows “account” would be a case number of an individual client. Therefore, if there are issues with how this website is designed or how this web address is distributed, changing the account number in the URL can potentially give you access to someone else’s personal information.
Routing is a different way of placing entity-identifying information into the URL. The example below shows how to place the same user-identifiable information into the core part of the URL.
The principles of URL manipulation are the same as they are with the query strings, but it is the core part of the URL that is manipulated.
Websites that use routed entity identifiers are much more likely to be secure that the ones that use query strings for this purpose, as the server-side technologies that allow URL’s to be constructed in such a way, such as ASP.NET MVC, tend to be very modern, therefore they tend to heavily enforce best security practices.
The technique works as follows. Imagine that you have a web page that contains a search box. In HTML, it will look something similar to this:
<input value=”” />
For example, you may want to search for articles that contain the word “longbow”. This is how the HTML representation of the search box changes when you do:
<input value=”longbow” />
In a badly-designed web form where the developers weren’t aware of the dangers of cross-site scripting, you would be able to type a text that would modify the HTML of the web page. For example, you can do so by typing the following into the box:
This will change the HTML to the following when the page reloads after re-submission of the form:
This particular executable code will cause a pop-up with “cross-site scripting” message to appear on the page every time you click on the search box.
Of course, this particular example is harmless. However, a successful entry of the following code indicates that the website is vulnerable to cross-site scripting and it is possible to insert something much more malicious into it.
Variations of Structured Query Language (SQL) are used by a variety of popular database engines to retrieve and manipulate the data and to alter the structure of the database itself. Any web application that accepts data input is very likely to use a database with SQL in the back-end.
SQL is easy to learn, but difficult to master. The syntax is very close to written English; however, if you know the inner workings of database engines well, it is possible to construct very complex queries. The example below retrieves all records contained in a table called “users”
select * from users
SQL injection attack is similar to cross-site scripting, but instead of browser code, it involves inputting executable SQL into text boxes. For example, imagine a log-in form with two fields where one field accepts an input of the username and the second field accepts password.
Let’s assume that there is a user with the username of ABC and the password of 123. Once the form is submitted, the server-side code may use the following SQL to retrieve the right data:
select * from users where username = ‘ABC’ and password = ‘123’
As a user, you have no direct access to this SQL statement. However, if you only know the username and there is a SQL injection vulnerability, you may be able to retrieve user-specific data by entering the following into the username box:
ABC’ and 1 = 1 —
Double-dash is the standard syntax for in-code comments and anything after it will be ignored. Therefore, the following SQL syntax will be generated with the executable part highlighted in yellow:
select * from users where username = ‘ABC’ and 1 = 1 — and password = ”
As SQL can be used to alter the structure of the database, this is a type of attack that can cause a high degree of damage, especially if the database aren’t properly backed up. Because of this, it is rare to find a professional website that has this vulnerability. Nonetheless, every ethical hacker needs to know how to perform an SQL injection attack to be able to protect the assets against one.
Don’t neglect social engineering
All of the hacking methods described so far are technological. However, most of the successful breaches are made via psychological rather than technological exploitation. This exploitation is known as social engineering. As the name suggest, this is a method of deception to get people to perform a desired action on your behalf.
Those who are familiar with the term often associate it with bogus emails from banks asking for your personal details and fake solicitors telling you about a death of your rich relative who left a large sum of unclaimed inheritance. However, it can be much more sophisticated than that and doesn’t necessarily involve emails.
A notorious ethical hacker, Jamie Woodruff, for example, found out that a particular organisation expected a pizza delivery on a particular day of the week. Because of this, the security guards wouldn’t check the pass of the delivery driver.
Armed with this knowledge, he has successfully obtained a job at the pizza company, infiltrated the building and, once inside, was able to gain access to the main server room.
Where to go from here
The above techniques are only the basics that, we believe, every ethical hacker should become proficient in. Of course, hacking is much more vast than that. For example, Distributed Denial of Service (DDoS) is a well-known and popular type of cyberattack that is capable of taking websites down by flooding them with more requests than the servers can handle. DDoS, however, is something that is practically impossible to perform legally without owning a server farm.
Also, there many low-level hacking techniques that are not suitable for a novice. If you are, however, interested in such techniques and would be willing to put a lot of effort in to become a true hacker, Hacking: The Art of Exploitation by Jon Erickson is the book that we would recommend. Although it does talk about low-level programming of processor registers using C, which is a very complex subject, it does better job of making it understandable than most of similar books.
Have fun and remember that we will not accept any responsibility if you will decide to misuse any of the above techniques.