How to Think Like a Hacker
A hacker’s main objective is to compromise the targeted computer, network, or application. The hacker starts off with little information and ends up with a detailed map into the system. There are five steps which hackers follow to hack into a system:
Reconnaissance
The target of this investigation stage is to gather info about domain names, IP address ranges, business partners, phone numbers, type of software and operating systems in use and existing network defence mechanisms.
First, hackers must identify the domain names of the target such as xxxx.com. Then they gather as much information as possible through public channels. One good source is through newsgroups. Information Technology (IT) staff often divulge too much information about their configurations and applications when approached for assistance. Job announcements also provide vital information about the company’s computer systems, operating systems and applications. If the job advertises for an information-security position, the type of network defense of the target can easily be identified.
The hacker can then visit the Internet Archive’Web site (archive.org) to check for information about the target that may go back for years. The Securities and Exchange Commision’s website (www.sec.gov) can reveal information about impending company merges – this means that the IT defenses for both companies will be significantly lowered to merge resources and ensure a smooth transition. When the enemy’s defences are down, it’s time to attack.
Hackers can also use social engineering to gather facts. The human element is oftentimes the weakest link in the system. For example, if you have the trust of an employee who is authorised to access the network, you can pretend to have an urgent problem that appeals to the natural helpfulness of the person.
Scanning and Enumeration
Next, hackers will scan servers and resources on the target network using the software from any “Warez” websites for free. Once a hacker gets detailed info about the target operating systems or application via scanning, it only takes a little talent and substantial patience to identify weaknesses in the system. A visit to any hacking tool website will give the beginner hacker a push in the right direction. Sometimes a computer system will even offer information about password length or bypass the need for a password if the hacker asks the computer a suitably formatted question. Once past the firewall, internal security is usually slack.
Gaining Access
After scanning for the relevant information, the hacker now has free access to the system or network. They will have a free run of the place with complete administrative access and can change any information or play havoc to the system. A tip: an easy way to do this is a call to the company help desk and impersonate the manager to get a password reset if an email sent to the manager earlier triggers an automatic ‘I’m on leave’ message.
Perfect
If the hacker still has difficulty getting administrative access into the system, a Trojan disguised as a service pack or system update can be sent to company staff. This can be sent from the System Administrator’s email account (obtained from a newsgroup message in the reconnaissance phase) –The Trojan appears harmless but will install a key-logger program in the background when run by employees. When the employees key in their user-IDs and passwords throughout the day, the program will automatically forward these to the hacker.
Maintaining Access
Once the hacker has access to critical computer systems, the password file or the Security Account Manager (SAM) is easily obtainable. This contains the user-IDs and passwords for all the system users. From here, they can hack into other systems. Hackers also install backdoor programs on all compromised systems so that they will continue to have access even when the passwords are changed. Furthermore, this will be totally overlooked by even experienced IT staff as normal network traffic. The perfect crime!
Related Articles
- Hacker Evolution (with Reinsertion Expansion Pack) Free Activation Code and Download by GAOTD
- Review Gmail Account Recent Login or Access Activity History and Remote Logout Intruder or Hacker
- Hacker Sentenced to Jail for Stealing VoIP Services
- Hacker Unlocks iPhone 3G with Hacked SIM Card Adapter with YouTube Video Proof
- Windows Genuine Advantage Validation Tool v1.7.69.2 for Vista SP1 and XP Cracked by Hacker
- Protect Firefox Password Manager Saved Passwords for Sites
- Apple iPhone Root Password and Mobile User Password
- Download Efficient Password Manager to Manage All Passwords Securely
- Test the Strength of a Password
- Create a Secure and Strong Password using Password Chart
Entries (RSS)
October 21st, 2009 17:10
This article should have been named “How To Think Like A Cracker”!!!!!!!!
October 21st, 2009 17:05
Hmmm… Hackers are the good guys, crackers are the evil ones described above. Why confuse the two?????
@_@
September 16th, 2009 03:05
Look, you don’t know who or what hackers are, that what you just described is google yahoo and other companies that steal your’e private information, hackers don’t do that, hackers are the good guys that are badly represented by the media…
August 23rd, 2009 02:00
i wanna to hack orkut account plz help me out
May 19th, 2009 17:49
Wicked very helpful. you guys seem to know what your talking about so this should be a dodle for you, how can i hack my daughters copmuter so that i can turn her off when i want her off the computer, or find out her password so i can parental controls to turn it off at a set time. she wont let me be admin so i think a hack is probably the way to go. cheers Tim
May 8th, 2009 23:18
Interesting article and a very informative read. however it was better if you would have included the softwares hackers use for each phase of attack like wireshark for scanning and Turokjans or various binders for making trojans.
Thanks and keep the good work up.
XERO
January 30th, 2009 04:38
Do not search internet for: “how to hack” stuff, download tools and think that will make you a wizard. As said, place your fingers on your box and have an interaction with it. Understand your computer. What is it? How does it work?
Trying to understand internet and applications without knowing your own computer fully is like trying to know other people fully without even knowing your self. That is not possible.
When you know your self fully, you know everyone else – When you know your own computer fully, you know the whole game. That is the Zen way. ;]
- n0body – out
January 30th, 2009 03:39
I forgot to say to humanity:
Stop dreaming so much – THINK and DO!
Computers don’t dream. That’s why they don’t fuck things up like we do. Think and do = understand and act. What can be corrected correct, what can not is not wise whining about. Past does not exist and future is not here yet. Bothering about things which are not HERE and NOW and can be changed is not wise, but is a BUG within your way of thinking. Correct the BUG today, and think like your box does – it is here to teach you… that is the hackers way. ;]
- n0body -
January 30th, 2009 02:59
Hacker, cracker, white hat, black hat… it’s all the same = bullshit defined by neophytes who take IT educations at UNI’s. Educating one self at UNI is like going to school to learn to have sex. It’s waste of time. Sit down, place your fingertips on the keyboard and play. Before you know you will BE the game.
Pace out. – n0body -
January 29th, 2009 09:47
To be honest, This guy does not even know the definition or the difference bewtween the words ‘Hacker’ and ‘Cracker’. Little kids seriously you wont be able to take control of Bebo with a piece of software you download off the net. I think i have said enough.
FairDoos
January 14th, 2009 13:35
Stanford is wonderful, but as you know, place isn
January 7th, 2009 10:32
Biggest Bullshit I ever read.If you gonna write a column do your research. Time to “warez” my way free! Free The web!
December 29th, 2008 17:03
This post, sir, is bullshit.
Those using random tools of random “warez sites” to find glitches (protip packetstormsecurity.org and milw0rm.com do NOT provide ANY warez) are called “script kiddies” and have neither to do anything with hackers nor crackers.
Next off you mix up even these two terms.
U failed. Gb2gaia
December 23rd, 2008 10:41
UHMM….
you do know that the blue image above is a screenshot from the steam game
DEFCON right???
its a rather boring RTS simulating global thermonuclear combat.
December 16th, 2008 19:41
how can i hack into bebo?
November 18th, 2007 03:39
Interesting. However, i think there are many ways how to defense ours systems including personal data… I will not write about thi at this moment, but think about
May 29th, 2007 19:58
explaining uplink – nothin else … lol
May 22nd, 2007 08:27
Ohh lol… then i guess i must be a hacker which i think not..lol