How to become a hacker or What is a hacker

Knowing what a hacker is is obviously the first step to becoming one. If you ask any regular person
what a hacker is, they will most likely just tell you "Someone that messes up computers and gives you viruses”. They also think that it is just like in the movies, where a hacker just pushes a couple buttons on a keyboard and they instantly break into any system in the world that they want. If you think about it, that is ridiculous, but the media is making look like something it's not. Hacking, in it's essence, just means: Modifying something to benefit the user. Yep, that's it. A lot of people will tell you that hacking is only done in cyberspace, but electronics in general are a hub of hacking. A lot of people think hacking is all bad, but that is not the case.




There are 3 main types of hackers:



These are the bad guys; the ones that you hear about on the news. They hack for personal gain, and destroy other people's computers and networks for fun. This makes up a large portion of the hacking community, because when people hear about hackers on the TV, they think it's cool and so they try it. There are many other motives that may be the cause of a black hat, such as greed or revenge.



Gray Hat hackers are the people who fall in-between white hats and black hats. They usually won't go out of their way to be bad, but may do something illegal every now and then. Another difference between gray hats and white hats is that white hat hackers get permission to pentest on a company or website and then they tell the owners about the
vulnerabilities, while gray hat hackers will do it without permission, and possibly even release the exploit to the public.



The good guys! White hats dedicate their time to securing the Internet and making it a safe place for everyone. They are rivals with the black hats, and try to patch up the exploits that they make. Good white hats have years of experience in computer security, and can fix almost any computer problem.


THE LIST OF HACKING METHOD

● Remote Administration Tools (RATs)
● Keyloggers
● Encryption
● Decryption
● Proxies
● Socks
● Virtual Private Networks (VPNs)
● Virtual Private Servers (VPSs)
● Windows
● Linux
● Unix
● FreeBSD
● All of the programming languages (C++, Java, C#, VB.NET, etc)
● Exploitation
● Structured Query Language Injection (SQLi)
● Cross Site Scripting (XSS)
● Remote File Inclusion (RFI)
● Local File Inclusion (LFI)
● Cracking
● Website Design
● Computer Security
● Network Administration
● Social Engineering (SEing)





Html is a very basic web-based programming language. HTML stands for HyperText Markup Language, and is the basic building block for most websites. It is a great starting point for
beginners, as it helps gain an understanding of both the Internet, and programming. The HTML code for a website can be viewed by right clicking anywhere on the page, and clicking “View Page source”

Pros:

● Will help you further you career as a web designer
● Helps you gain an understanding of the Internet
● Helps you to understand how websites are made

Cons:

● Can be more boring than going and hacking into someones computer
● If you never make a website, then you might not have as much use for knowing HTML




RAT is an acronym which stands for Remote Administration Tool. Wikipedia defines a RAT as:

A Remote Administration Tool (a RAT) is used to remotely connect and manage a single or
multiple computers with a variety of software tools, such as:

● Screen/camera capture or image control
● File management (download/upload/execute/etc.)
● Shell control (from command prompt)
● Computer control (power off/on/log off if remote feature is supported)
● Registry management (query/add/delete/modify)
● Other software product-specific functions

Its primary function is for one computer operator to gain access to remote PCs. One computer will run the "client" software application, while the other computer(s) operate as the "host(s)". RATs themselves are illegal, because they are used mostly for malicious purposes, but there
are actual legal RATs. The thing that makes some RATs legal is permission. Legal Remote Administration Tools, such as TeamViewer, require the other computer to accept the incoming connection. In addition, legal RATs don’t have any malicious features built into them.

Pros:
● Can give you access to sensitive data, such as bank account info
● Will give temporary satisfaction
● Bragging rights if you have infected enough people

Cons:

● Can get in serious trouble if you are caught



Cryptography is not so much a method of hacking, but it will definitely help you along the way. Cryptography is basically the act of encrypting/decrypting something (ex. a file) so that wandering eyes can’t see it. To explain encryption and decryption a little bit more, refer to this
picture:


A good tool to use to encrypt your computer is http://www.truecrypt.org/

Main Features:

Creates a virtual encrypted disk within a file and mounts it as a real disk.
Encrypts an entire partition or storage device such as USB flash drive or hard drive.
Encrypts a partition or drive where Windows is installed (pre-boot authentication).
Encryption is automatic, real-time (on-the-fly) and transparent.
Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
Encryption can be hardware-accelerated on modern processors.
Provides plausible deniability, in case an adversary forces you to reveal the password:

Hidden volume (steganography) and hidden operating system.
More information about the features of TrueCrypt may be found in the documentation.
Direct quote from the Truecrypt website.


To understand the different kinds of encryption methods, I recommend you take the time to read:

http://en.wikipedia.org/wiki/Encryption
http://www.rainbowskill.com/computers/th...rocess.php




Website hacking is, obviously, the art of hacking websites. This can be done in numerous ways:

● SQL Injection
● XSS
● RFI
● LFI




(Structured Query Language Injection)
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.



Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.


Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:

● Code execution on the web server
● Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).
● Denial of Service (DoS)
● Data Theft/Manipulation



Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. A typical example of a PHP script vulnerable to LFI is as follows:

<?php
$file = $_GET['file'];
if(isset($file))
{
include("pages/$file");
}
else
{
include("index.php");
}
?>


Possible helpful links


http://thehackerlounge.blogspot.com/2009...mysql.html

http://ferruh.mavituna.com/sql-injection...sheet-oku/

http://www.w3schools.com/sql/default.asp

http://www.steve.org.uk/Security/XSS/Tutorial/

http://r00tsecurity.org/forums/topic/104...erability/

http://penetrationengineer.blogspot.com/...usion.html

http://www.youtube.com/watch?v=3PtZcYFsmGY

http://elitehackerz.net/hacking-tutorial...orial.html

http://hakipedia.com/index.php/Category:...on_Hacking

https://www.owasp.org/index.php/Attacks

As a web site dev, it is also important to know how to defend your site against these kind of
attacks. For help on securing your site, refer to these links:

http://web.appstorm.net/roundups/self-pu...r-website/

http://www.onlinesecurityauthority.com/t...m-hackers/





Another programming start. Batch has been the starting point of a large amount of hackers. Batch refers to the Windows command line (So do this if you are using the Windows operating system). If you see things online that say “CMD hacks” “Batch viruses” or “Notepad Hacks” then you are seeing people talk about batch. Basically, it is used by opening a blank text document, and entering the script you want, and saving it as a .bat file rather than a .txt. Windows implemented this so that macros could be run on the system that would drastically reduce the time it takes to complete a task, but many new hackers took advantage of this, and use it in malicious ways.

Great sources for batch:

http://www.youtube.com/

http://www.ericphelps.com/batch/

http://www.google.com/