Saturday 8 July 2023

BASIC KEYWORDS USING IN ETHICAL HACKING


 

Keywords


Attack : Action with malicious intension.


Authentication: It is process of identifying the person or system with username or password


Backdoor: It is trapdoor used to gain unauthorised access to computer and network


Buffer :Temporarily data storage while data is placed to one place to another


Cipher : It is process to cover the data into code or encrypt algorithm technique


Cryptography : It is science and art of protecting the privacy of the information by encrypting into a secret code


Decryption :  Process of converting cipher text to plain  text.


Encryption : Process of converting plain text to cipher text.


Exploit : To take advantage of weakness of the system.



Hash value : It is result of applying cryptographic hash function to data.


Malware : It is used to damage computer system and network and steal the data form  the infected system.


Threat :  It  is a possible danger that might exploit a vulnerability to violate security protocols.


Computer security: To protect the computer system and the data which is stored in the system.


Cyber security : It is a process of protecting data system and networks against cyber attack.


Information security : It is a process to protect information system from threats through security control to reach CIA.


Cyber forensic : Extracting data as a proof for crime. Recovering process of deleted file.


Vulnerability :  The potential to harm or loss.


Exposure : Risk property  exit.


Resistance : Action taken to prevent.


Resilience : Ability to recover root state.


Confidentiality : Limits access to information access.


Integrity : Assurance that the information is accurate.


Availability: Definite and reliable access by authorized people.


Cryptanalysis : Studying cryptographic weakness of the cryptographic algorithm and decipher the cipher text without knowing secret key.


Accounting : It manages user consumed resources during acces. It includes amount of data user used and sent login session time .


Bug : It is also called as an error.


Loophole: Programming gap through which exploit can be access.


Key : It is used to decode encoding things.

1.)        Pubic key : it is used to encrypt the data.

Protocol : Set of rules or guidelines for communication in the internet .

1.)        Protocol suit : Also called as TCP/IP suit

 

Hash function : Used to convert plain text into cipher text.

 

 

 

 

Thursday 6 July 2023

Top 25 Ethical Hacking Terms For Learners



1.)  White Hat or Grey Hat or Black Hat

These are the most often used terms in the hacking and pen-testing communities. A person who engages in hacking or penetration testing is a white-hat hacker or penetration tester.



white-hat hacker is a penetration tester or ethical hacker who performs hacking for good such as protecting the client’s information from bad actors. White hat hackers always get legal permissions from server administrators to perform tests on the server or website.

Black hat hacker is the most popular term among the three. Most people refer to hacking as black hat hackers; hence think hacking is only performed to compromise a system or network.

Black hat hackers always look for loopholes in the system and get into the system once they discover a loophole. After gaining access to the system, black hat hackers extract as much data as possible and sell the data to make money.

Grey Hat hackers fall somewhere in between. They sometimes break ethical hacking standards to hack a system, but their intentions are not malicious.



2.) DoS Attack

DoS stands for a denial-of-service attack. When we request information from a server, we send an HTTP/HTTPS request, and the server replies to that request with the requested information. In a Denial of Service attack, we create a bot and make it send requests like humans. The server will handle and reply to those requests as it would reply to any request made by humans.



3.) DDoS Attack

DDoS stands for a distributed denial-of-service attack. DDoS is the same thing as DoS but implemented a little differently to make it work. In DoS, the server will have no trouble replying to bots requests because servers can simultaneously handle many requests.

In DDoS, an attacker sends requests from a lot of compromised devices simultaneously. When the number of requests reaches a point that the server can’t handle any more requests, it begins to drop new requests; hence the server goes down for the legitimate users. For example, an Apache web server can handle 10,000 requests at a time. If 10,000 connections are open, the apache server will drop any new connection.



4.) Brute Force

Brute Force attacks are one of the most common types of attacks on the web. We’ll also learn to brute-force and the possible protections we can implement to mitigate brute-forcing.

Brute Force attacks are performed to guess users’ credentials. When a hacker conducts a brute-force attack on a website, he sends random usernames and passwords to the webserver to log in. If your password is simple, the hacker might crack it in seconds. With permutation and combination, a hacker can also send thousands of combinations of letters, numbers, and symbols in a second.

Attackers can improve brute force attacks by doing a little bit of social engineering.


5.) Vulnerability

We will use this term throughout our series, “Hacking with Kali Linux.” In cybersecurity, a vulnerability is a loophole in a system, whether a website or an entire network. It’s said that every software has vulnerabilities, and it’s a matter of time that a hacker finds out the vulnerability and exploits it. Hackers can exploit a vulnerability to upload and run malicious code on the server and even gain complete access. The amount of damage a vulnerability can do depends on its severity.

Software developers keep reviewing their code to find new vulnerabilities and release a patch to fix them as soon as possible. Once a patch is released, all users must install the patch/update to secure their system from the specific vulnerability.


6.) Zero-Day Vulnerability

These days the term Zero-Day vulnerability is in the news. A Zero-Day vulnerability is a vulnerability that exists in a system, hackers know about it, and the developers have not released any patch yet to fix it.



7.) Exploit

In cybersecurity, making use of a vulnerability is called exploiting a vulnerability. Exploiting a vulnerability can include multiple steps, from social engineering to delivering a payload to the server.


8.) Payload

Payload is referred to the malicious program that the attacker will send to the server. The payload can perform various tests on the server and execute a wide range of actions to accomplish the purpose of its master.



9.) RAT

RAT stands for Remote Access Trojan is malware that the attacker lures the victim to run on their computer. Once executed, RAT allows complete access of the device to the hacker.

Often RATs are used to make zombie computers conduct DDoS attacks. A RAT program runs in the background and mostly does not even show up in the process monitoring tools.


10.) Phishing

Once very popular, phishing is another type of attack where a hacker creates a duplicate site of any popular site to gain users’ credentials. For example, an attacker can send you a link that opens a page that looks like a Gmail login page. Although it looks like a Gmail page, it will send your credentials to the hacker who hosted this page if you type your credentials on this page.

To make sure you are not on any phishing site, always confirm the padlock (HTTPS and SSL certificates) and the URL in the browser’s URL bar.



11.) Spoofing

Spoofing is a known attack where a hacker sends data to the user or a computer that looks legit. There are two cases where spoofing is commonly used, email and IP spoofing.

A hacker may send you an email that looks like coming from your bank. Every link in this email will take the user to a phishing site that the hacker set up.

Another common use is IP spoofing. Let’s say a server or network allows access to its users coming from certain allowed IP addresses. A hacker can send a request and make it look like coming from one of the whitelisted IP addresses to gain access to the server.


12.) Spamming

Spamming is very common on the internet. Actually, it’s so common that almost every one of us witnesses it almost every day. Spamming aims to launch malicious campaigns and make users fall into the trap set by the bad actors.

Hackers send emails to millions of people every day. Each email is written in a way that makes the receiver click on the link instantly. The link in the email may take the user to a phishing site or download malware or spyware on the users’ system.

The email provider filters most spam emails to the user’s spam box. But as the hackers are advancing, I have seen some obvious spam emails landing in my inbox.


13.) SQL injection

SQL injections are the SQL queries sent to the server hosting the PHP application. PHP developers have to sanitize the users’ input before passing it to the database. If a developer forgets to sanitize the users’ input, the attackers can send specific SQL queries to the server to download the entire database, modify a column value, or even delete the entire database.


14.) FUD

FUD is a piece of code (virus or malware) that’s Fully UnDetectedable from anti-viruses.


15.) RootKit

A rootkit is a program designed to provide remote access to the controller secretly. Rootkit runs secretly on the system and is very difficult to detect. Once a hacker installs a rootkit on the victim’s computer, they can run any command on the victim’s computer.


16.) VPN

VPN, which stands for Virtual Private Network, is a method of increasing anonymity on the Internet. We can route all our internet traffic through a VPN, so when a request reaches its final destination, the server only knows that the VPN initiated the request instead of the user.

The traffic sent through VPN is highly encrypted. VPNs are often used to access blocked websites.

VPN allows encrypted transfer of information, but it is not completely anonymous. Governments can know what VPN provider you’re using through ISP (Internet Service Provider); hence contact the VPN provider to share your internet activity with them. If the VPN provider denies sharing activity logs with the Government, the Governments and other agencies can approach the court citing various security reasons, and the court may order the VPN provider to share the activity log.

There are also VPN providers who do not log users’ activities. Such VPN providers are the best.


17.) Proxy

Similar to VPN, the proxy also allows its users to route internet traffic. We can route internet traffic through multiple proxies to make it more anonymous. Although using more proxies looks secure, but it’s not reliable. Proxies are often slow compared to VPN, and using more proxies means each proxy has to work for the request to reach its final destination.

Most free proxies available on the Internet either do not work or are extremely slow. We can also buy fast proxies but buying a proxy means leaving a trace for others to track.


18.) Tor or Onion Network

Tor is free and open-source. It is the best way to access the internet anonymously. Tor is also called the onion network because of its way of functioning.

Tor network route users’ traffic through different (3, exact) nodes (devices) on the network. Each time the request is bounced from one node to another, it is encrypted. When it reaches the destination server, the server returns the result to the last node, and the process is followed backward until the first node provides the result to the user.

Tor network is highly anonymous and faster than proxies. It is almost impossible to trace tor users’ activities. Hence Tor is the most anonymous way of accessing the Internet.


19.) VPS

VPS stands for Virtual Private Server. A VPS is a virtual computer within a physical computer. For example, you can create as many virtual computers as you want on a physical computer, and each VPS will have its own ports and software, etc.


20.) Terminal or Console

A terminal or console is a command-line interface to interact with a machine. We will be using a Linux terminal throughout our series.


22.) Reverse Shell

A reverse shell is a program when installed, opens a connection for the hacker to pass any command to the system. Hackers install a reverse shell on the system to control the target device without physically being around that device.


23.) Encryption

Encryption is the process of converting plain-text information into a form that’s not readable. The information is encrypted with a secret key, and the person who has the secret key can convert the unreadable form of information into readable or plain text.

If you encrypt your files with a key and forget the secret key, the files can never be decrypted hence become useless.

24.) Ransomware

Ransomware is modern-day malware. Instead of stealing users’ data, ransomware encrypts the victim’s data and sends the key to the hacker. The hacker provides the key to the victim only when the victim pays the demanded ransom.


25.) Keylogger

A keylogger is a program that records the keys hit by the user. Hackers install a keylogger to gain their victims’ usernames and passwords. A keylogger can send all key logs to the hacker with more relevant information, such as where the user typed those keys (page URL).

Beginners Guide :- "How To Become an Ethical Hacker"


Introduction!

First off, let’s just agree that saying ‘a Career in Cybersecurity is a bit like saying ‘a Career in Banking’, i.e. it’s an umbrella term that incorporates dozens of niches within the industry. In Cybersecurity we can, for example, talk about digital forensics as a career, or malware/ software detecting, auditing, pentesting, social engineering, and many other career tracks. Each of these sub-categories within cybersecurity deserves a separate blog post, but, for the purposes of this piece, let’s focus on some important generic requirements that everyone needs before embarking on a successful career in IT Security.

If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.

Let’s get this party started.

1. What is hacking?

Hacking is identifying weaknesses and vulnerabilities of some system and gaining access to it.

Hacker gets unauthorized access by targeting system while ethical hacker has official permission in a lawful and legitimate manner to assess the security posture of a target system(s).

There are some types of hackers, a bit of “terminology”.
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — a person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — a person with no technical skills just used pre-made tools.
Hacktivist — a person who hacks for some idea and leaves some messages. For example strike against copyright.

Actually, the goal of ethical hacking is to reveal the system's weaknesses and vulnerabilities for a company to fix them. Ethical hacker documents everything he did.

2. Skills required to become an ethical hacker.

First of all to be a Pentester you need to be willing to continuously learn new things on the fly and or quickly at home. Secondly, you need to have a strong foundational understanding of at least one coding/scripting language as well as an understanding of Network and Web Security.

So here are some steps if you want to start from now…

  1. Learn To Code (Programming).
  2. Understand basic concepts of Operating System
  3. Fundamentals of Networking and Security
  4. Markup and as many technologies as you can!

3. What Platform To Code In:-

That depends on what platform you’ll be working on. For web applications, I suggest you learn HTML, PHP, JSP, and ASP. For mobile applications, try Java (Android), Swift (iOS), C# (Windows Phone). For desktop-based software try Java, C#, C++.

I would like to recommend Python as well because it's a general-purpose language and getting more popular nowadays due to its portability.

But what really is necessary for every programming language is to learn the fundamentals of programming, concepts like the data types, the variable manipulation throughout the program at the OS level to the use of subroutines aka functions, and so on. If you learn these, it’s pretty much the same for every programming language except for some syntax changes.

ProTips:-

  1. To be an expert at any programming language, understand the OS level operations of that language (varies in different compilers), or learn assembly language to be more generalized
  2. Don’t get your hopes high if you can’t achieve results in a short span of time. I prefer the “Miyagi” style of learning. So keep yourself motivated for what comes next.
  3. Never underestimate the power of network and system administrators. They can make you their *hypothetical* slave in a corporate infosec environment 😀

Resources To Get Started:

I would like to share some resources that I found best in learning from scratch.

There is a whole list of resources I have created for your help 😉(https://github.com/husnainfareed/Resources-for-learning-ethical-hacking/ )

Another advice…… Regularly follow http://h1.nobbd.de/ to b updated with HackerOne Public Bug reports You can learn a lot from them, Follow https://www.owasp.org/index.php/Cat…

Alternatively, You can Join Slack Community for Hackers

https://bugbounty-world.slack.com/

https://bugbountyforum.com/

Also You should Consider practicing Your Skills on

http://www.itsecgames.com/

http://www.dvwa.co.uk/

http://www.vulnerablewebapps.org/

http://hackyourselffirst.troyhunt.com/

https://github.com/s4n7h0/xvwa

http://zero.webappsecurity.com/

http://crackme.cenzic.com/kelev/view/home.php

http://demo.testfire.net

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

HackerOne Public Reports!

These Reports might help you guys to get some in-depth idea of BugBounty hunting...

HackerOne Public Reports.csv

Some of the points to be noted:

  • By a Self-Learner: Why? Because without it you won’t learn from things you experience, you won’t be able to solve your problems.
  • Educate yourself on daily basis: read articles, write-ups, videos, or slides to educate yourself
  • Know your target, before proceeding makes sure to know your target. Invest most of your time in identifying your target identifying the services the target uses.
  • Map the target: get a better view of the target’s infrastructure in order to get a better understanding of what to target.
  • Walk the path no one travels: Don’t be the common dude out there. Think out of the Box, think what the developer missed think what common guys are targeting, depending on that choose your path.
  • Be a ninja: You need to be fast and precise as a Ninja. Know, Map, Target your victim precisely and quickly. This only works if you are good at taking a different path and if you are unique.

BUG BOUNTY HUNTING (METHODOLOGY , TOOLS , TIPS & TRICKS , Blogs, Books)

If you want to know more about Recon and how to chase Bug Bounty read this article How To Do Your Reconnaissance Properly Before Chasing A Bug Bounty.