Deeper dive to Methods of Hacking

admin — Sun, 26 Apr 2015 08:31:30 +0000

In the previous article, we have discussed about the basics of ethical hacking. In the current one,
we will dive little deeper into different methods used for the purpose of hacking. Recalling once
again, I should state that hackers are the persons who have deeper knowledge of programming
languages, operating system, and networking concepts. Not only knowledge of above mentioned
topics, they have keen interest in exploring different kind of things into learning anything to a
much deeper level.
There are various methods that are used for the purpose of hacking. Some of them are:
1.   Digital Footprinting: Digital footprints, also called digital shadow are the track of all
the data that user leaves when he was online. Digital footprints can be Passive or Active.
a.   Passive footprints are created when data are collected without letting user know.
When you come online then you might have noticed on different webpages that
they are showing ads of your choice. In fact they come to know about your choice
based on your browsing history, search history and cookies. Advertisers read data
from your browser and show you the relevant ad. None of the advertiser asks you
for the permission for showing their ad, it clearly means they do all these things
without letting you get noticed.
b.   Active Footprints are created when user willingly release their data by sharing
their details on social sites or any other webpage.
2.   Social Engineering: It’s a non-technical method used by hackers to intrude into
someone’s account. It relies heavily on the human interaction to break the normal
security procedure. It includes the process of guessing, and hence is performed on
someone about whom you know well. If you know anyone closely then you can guess
answer of security questions and recover his account.
3.   Denial of Service: In DoS attack, some of the specific service is made unavailable from
target user. These attacks can have three types of targets:
a.   Network connection that provides access to the service
b. Operating system that hosts the service
c.   Application program that provides the service
4.   Keyloggers: Keyloggers are the programs / device that keeps log of each keystroke in a
file. A keylogger can be software based or hardware based.
a.   Software Based Keylogger: It is the software program that needs to be installed
on victim’s system. Attacker use to configure his email address on the victim
machine so as all these log files are sent to his email address. Not only the textual
log, but screenshot of the victim machine is also sent at particular time interval
that is being configured in the setting of keylogger.

5.   SQL Injection: It’s a code injection technique that inserts some malicious SQL statement
into the entry field and executes them. In simple words, we can say SQL injection as
running my SQL statement on the target site. This technique is applied on the web-apps
and web-pages. It can reveal all data from the database of the website to the attacker,
even your username and password.
6.   XSS (Cross Site Scripting): XSS vulnerabilities can also found in the web applications.
Hackers use this to intrude some script to the webpage, and security risk varies
significantly depending on the nature of script. Various threats may be:
a.   Cookie stealing: Cookie stores user data in the browser. Stealing cookie will
definitely led to data theft.
b. Session hijacking
c.   DoS attack
7.   Spoofing: Spoofing is the process of falsifying data and gaining benefits of the same.
Various techniques that are covered under spoofing are:
a.   Email spoofing: It includes sending mail from anonymous email.
b. Call spoofing: It includes making fake phone calls. One can use this trick to call
you with your own number too.
c.   IP address spoofing: It involves changing the IP address of your computer.
d. GPS spoofing: It attempts to deceive a GPS receiver so as to deliver wrong
location.
e.   DNS spoofing: It’s a trick where data is intruded to the DNS resolver’s cache that
cause the name server to return an incorrect IP address which further leads to
divert all traffic to the attacker’s computer or any other computer.

8.   Steganography: It’s the process of masking a file into other. File may be text, image,
audio or video. They are treated as normal file by the victims, but hackers unmask them
to reveal hidden data from it. Main advantage of the steganography is to transfer secret
messages. Again, steganography can be of different type:
a.   Text steganography: Hiding messages inside the texts, it is not to be confused
with cryptography.
b. Email steganography: Similar to the text steganography, it is also used to deliver
short messages. Original message is masked and a fake message is displayed
which can later be unmasked.
c.   Audio / Video steganography: Hiding data in the audio and video files
d. Image steganography: Hiding data behind the image files
9.   Man in the Middle: When we open any webpage then the corresponding request is made
to the server, in the form of packet. MITM attack is used to capture these packets while it
travels through the network. Once the hacker intrudes into the packet, he can easily
extract data from it.
10. Trojans and bombs: These are the malicious programs that when executed performs
some action depending on the type of Trojan, which led to system harm and data theft. To
access victim’s system remotely, hackers may use trojans as backdoor, and after gaining
access hacker can perform any action including:
a.   Formatting hard disk
b.   Crashing computer
c.   Corrupting data
d.   Data theft
e.   Keylogging
f.   e-Money theft
g.   Controlling system remotely
h.   And many others…

Kamal Nayan

Hello world!

admin — Sat, 25 Apr 2015 18:35:24 +0000

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

B'Cognizance | Business Magazine » Uncategorized

Deeper dive to Methods of Hacking

Hello world!