Hacking FAQ’s

What is Hacking?

Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. Hacking is the art of exploiting the flaws/loopholes in a software/module. Since the word “hack” has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills.

What is a hacker?
A hacker is someone who likes to tinker with electronics or computer systems. Hackers like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they weren’t intended to do. There are two types of hackers:
White Hat – These are considered the good guys. White hat hackers don’t use their skills for illegal purposes. They usually become Computer Security experts and help protect people from the Black Hats.
Black Hat – These are considered the bad guys. Black hat hackers usually use their skills maliciously for personal gain. They are the people that hack banks, steal credit cards, and deface websites.

Now if you’re thinking, “Oh boy! Being a black hat sounds awesome!”, Then I have a question for you. Does it sound cool to live in a cell the size of your bathroom and be someone’s butt buddy for many years? That’s what I thought.

Who is a Cracker?
Black Hat Hackers, who may also be known as Crackers, are Hackers, who specialise in unauthorized penetration of information systems. They may use computers to attack systems for profit, for fun, or for political motivations, as part of a social cause. Such penetration often involves modification and/or destruction of data, and is done without authorization. They also may distribute computer viruses, Internet Worms, and deliver spam through the use of bot nets.

Script kiddies – These are the wannabe hackers. They are looked down upon in the hacker community because they are the people that make hackers look bad. Script kiddies usually have no hacking skills and use the tools developed by other hackers without any knowledge of what’s happening behind the scenes.

Intermediate hackers – These people usually know about computers, networks, and have enough programming knowledge to understand relatively what a script might do, but like the script kiddies they use pre-developed well-known exploits (- a piece of code that takes advantage of a bug or vulnerability in a piece of software that allows you to take control of a computer system) to carry out attacks

Elite Hackers – These are the skilled hackers. They are the ones that write the many hacker tools and exploits out there. They can break into systems and hide their tracks or make it look like someone else did it. You should strive to eventually reach this level.

What skills do I need to become a Hacker?
There is no magic to Hacking, but like anything else that is worthwhile it takes dedication, a willingness to learn. It is most important to have a good knowledge of topics such as Operating system and it’s working, Computer networks, Computer security and of course Programming. It’s not possible to become a hacker overnight. It’s the skill developed over a long time.

What is the best way to learn Hacking?
The best way to learn Hacking is to start learning about the basics of hacking right from now. There are many books about Hacking that are available today. But before you start learning about the details you must have a basic skills of Programming and knowledge of Computer network security. Internet is the best source to learn about hacking.

How do I secure my computer from being Hacked?
Having a basic knowledge of computer security and related topics such as Virus, Trojans,spywarephishing etc. is more than enough to secure your computer. Install a good antivirus and a firewall.

Part 1: General Web Hacking FAQ
Question: What is a shell when it comes to web hacking?
Answer: Well, basically a shell is a type of .php file needed to be uploaded on a hacked website or a host in order to make it work.
The way is works is not that complex if you wonder. With a shell uploaded to your hacked website or host, you can alter almost anything using it.
While you're using a shell, you will be able to:
  • Delete Website Directories and upload your deface page
  • Can be used to DDoS another website (depends on what type of shell you're using
  • Having a shell with many functions, you can also crack MD5 Hash, modify another php file, mass mail someone, email bomb an email!
An example of a shell I use is: http://sourceforge.net/projects/ani-shell/

Question: What does defacing mean and what's a deface page
Answer:Defacing, in most certain cases, means that you wanna upload a specific file of yours,mostly a message to prove the administrator that you hacked the website.
If you think about it, it's relatively similar to a deface page.
A deface page, while hacking a website, is simply a message to convey to the owner of the website that you've owned their security.
Most people do this for fun, fame, or other stuff that can satisfy your hacking skills.
If you're a beginner in web hacking, defacing a site will be considered as a big success for you just like me :)

Question:A common difference between a shelled website and a defaced website?
Answer:Simply answering, a shelled website can be used as hosting for illegal operations, can be used for DDoSing and other functions a shell can perform
while a defaced website is simply a type of message, mostly threatening and fun which conveys the owner of the website that their security is low and that you owned them

Question:My IP was logged while I was hacking, what should I do now?!
Answer:Well, first of all, don't ever freak the hell out or piss on your pants! Calm down a bit and get your head straight.
Now to the point, if your IP has ever been logged, their is a huge chance that you won't get caught. However don't be too happy about it.
Try WHOISing the website and see if this website is an important source to the owner. If it is, you might wanna leave the website forever. What I mean is that, you can just leave the site alone so that the owner won't get too suspicious of what's happening.
Now for the most important part, next time use as VPN that never saves logs of your activity on the internet.
Examples of VPN:
1. nVPN (paid)
2. ProXPN (free)
You can also use proxy to keep yourself anonymous.
An advice from me and all other web hackers out there, no matter what you hack whether it's a bullshit website or a strict government website, always stay behind a VPN or Proxy and stay anonymous!

Question:What is a hash and what can I do with it?
Answer:To get to the point, a hash is basically an encryption. To be specific, a special encryption which requires hash cracking knowledge in order to reveal the plain text
Unlike other encryption, a hash can't be decrypted. In other words, to successfully crack a hash, you either might need to use a hash cracking website or an external hash cracking program with an enormous word list.
An example of a website for cracking hashes:

Program for cracking:

Now there are different types of hashes out there and you can determine what kind of hash it is by studying the number of characters and the types of characters in the code.
To know most of the types of hashes, visit this thread (Credits to Haxor!:) )

Other types of encryption can be decrypted using "http://www.crypo.com"

Question:What is rooting a.k.a rooting rooting a server?
Answer:Rooting a server in simple words means that you're having a complete remote access to a server (computer).
Rooting works on the basis of exploits. Most websites are running through Linux servers. Now what will you gain when you root a server?
Easier said than done, you will gain remote control of the websites associated and run by that server.
It's like hacking more than 1 website at a time.
Rooting can be done with Linux and Windows and is really a hard method of web hacking when you're a newb to it.
You can search millions of tutorials out there about rooting, but you might wanna start from the basics first

Question: Is there any tool that can help me ease my web hacking activity while I hack websites?
Answer:First of all, never use tools that will do the job for you i.e hack everything for you! You don't wanna get your ass stuck while you watch a program hack websites for you and you don't learn anything
Now, there are many useful tools out there that can help you speed up your activity when you start hacking websites. These tools are mostly add-on installed in a browser called Firefox (which is really a good famous browser for hacking)
You can use some of the following:
1. HackBar add-on for Firefox:
  • Has a built in automatic column-number posting when you use UNION SELECT in SQL injection
  • Tools you need when you XSS
  • Built-in Text to Hex and Hext to Text
  • A big space for customizing your queries
2. Cookies Manager:
  • A very efficient tool for adding/deleting/modifying cookies
  • Organized layout and a friendly GUI
3. Live HTTP Headers:
  • Manage all the activities your browser performs i.e record the activities your browser is performing live
  • A very useful tool for uploading Shells on a hacked site (Used for renaming your shell.php.jpg to shell.php
  • Replay the activity on your browser while you alter your cookies to make changes
4. Tamper Data:
  • Mostly used in LFI (Local File Inclusion)
  • Instantly records the connections being made in your browser from the websites opened

Question: I'm very new to Web Hacking, I'm confused, where can I start?
Answer: You can start from the very basics to the advanced, but never be in a hurry when you're just starting.
Here's what you can study first:
1. HTML coding
2. PHP
3. Javascript
4. Cookies
Don't work hard on mastering all of them though, just learn the basics and try to get the hang of it.
Once you've got an idea about those four, methods of web hacking are what you're searching for now.
Many methods can be learned and used and some of them are listed below from the easiest to an intermediate level.
1. SQL injection
2. XSS

I recommend you to start from the basics of SQL injection. Then you can progress to further advanced methods of web hacking (More about those methods below)

Question: What are the types of web hacking methods?
Answer: Some of the types are explained below

1. SQL injection: Queries entered in order to extract information from the database of the website
  • Error Based SQL injection
  • Union Based SQL injection
  • Time Based SQL injection
  • Blind SQL injection
  • String Based SQL injection
There's also something called WAF Bypassing where you bypass the firewalls installed on the website. This can lead to combinations of SQL injection if you think about it. Examples are like
  • String Based WAF bypassing SQL injection
  • String-Error Based WAF Bypassing SQL injection
  • WAF Bypassing Double Query SQL injection

2. XSS (Cross Site Scripting): Execute scripts to perform functions required to hack a website
  • Persistent - Can be used for cookie stealing
  • Non-Persistent- Can be used as an HTML injection, commonly used for website vulnerabity proofs

3. LFI (Local File Inclusion): Directory exploits used to upload files into the website(example: shells)
  • /proc/self
  • Log Poisoning
  • Malicious Image Upload

This is all what I can cover for now. But I'll be making tutorials on web hacking soon

Question: What should we do before we start to attempt web hacking?
Answer: You might need to do the following when you start hacking websites.

1. Proxy/ VPN (Virtual Private Network)
Always stay behind a proxy or a VPN no matter how useless or precious the site you're attempting to hacking could be.
Proxies can be obtained from here

And a VPN you can use is:
ProXPN: http://www.proxpn.com

Note: When using a VPN, always use one that doesn't store logs and it's really a serious matter.
Hack from another Wireless network if possible

2. Expose prevention
Never attempt to share your web hacking activity anywhere or anyone unless you trust that person so that you both can discuss and learn together.
Some stranger might report you or blackmail you and that would really suck

Question: What should I do after I'm done with hacking the website?
Answer: You don't wanna get caught or reported or trace. Here are some tips.

1. Logs in the admin panel's website
After you're done with everything i.e defacing/shelling, make sure to erase the logs created in the panel. Their is a possibility your IP could be stored in one of their directories

2. Erase your tracks
Make sure to delete everything done on your browser i.e cookies, logs, logins etc
You can do this using CCleaner

3. Pride of success
Don't be too proud sharing what you have just done, some people are really not trust-worthy and could open up a report anytime.
Be happy of what you've done and share to ones you have trust on.

Moreover, stay stealthy at anytime

Twitter Delicious Facebook Digg Stumbleupon Favorites More