Deeper dive to Methods of Hacking

In the previous article, we have discussed about the basics of ethical hacking. In the current one,
we will dive little deeper into different methods used for the purpose of hacking. Recalling once
again, I should state that hackers are the persons who have deeper knowledge of programming
languages, operating system, and networking concepts. Not only knowledge of above mentioned
topics, they have keen interest in exploring different kind of things into learning anything to a
much deeper level.
There are various methods that are used for the purpose of hacking. Some of them are:
1.   Digital Footprinting: Digital footprints, also called digital shadow are the track of all
the data that user leaves when he was online. Digital footprints can be Passive or Active.
a.   Passive footprints are created when data are collected without letting user know.
When you come online then you might have noticed on different webpages that
they are showing ads of your choice. In fact they come to know about your choice
based on your browsing history, search history and cookies. Advertisers read data
from your browser and show you the relevant ad. None of the advertiser asks you
for the permission for showing their ad, it clearly means they do all these things
without letting you get noticed.
b.   Active Footprints are created when user willingly release their data by  sharing
their details on social sites or any other webpage.
2.   Social  Engineering:  It’s  a  non-technical  method  used  by  hackers  to  intrude  into
someone’s  account.  It  relies  heavily  on  the  human  interaction  to  break  the  normal
security  procedure.  It  includes  the  process  of  guessing,  and  hence  is  performed  on
someone about whom  you know well. If  you know anyone closely then you can guess
answer of security questions and recover his account.
3.   Denial of Service: In DoS attack, some of the specific service is made unavailable from
target user. These attacks can have three types of targets:
a.   Network connection that provides access to the service
b.  Operating system that hosts the service
c.   Application program that provides the service
4.   Keyloggers: Keyloggers are the programs / device that keeps log of each keystroke in a
file. A keylogger can be software based or hardware based.
a.   Software Based Keylogger: It is the software program that needs to be installed
on  victim’s  system.  Attacker  use  to  configure  his  email  address  on  the  victim
machine so as all these log files are sent to his email address. Not only the textual
log, but screenshot of the victim machine is also sent at particular time interval
that is being configured in the setting of keylogger.


5.   SQL Injection: It’s a code injection technique that inserts some malicious SQL statement
into  the  entry  field  and  executes  them.  In  simple  words,  we  can  say  SQL  injection  as
running my SQL statement on the target site. This technique is applied on the web-apps
and  web-pages.  It  can  reveal  all  data  from  the  database  of  the  website  to  the  attacker,
even your username and password.
6.   XSS (Cross Site Scripting): XSS vulnerabilities can also found in the web applications.
Hackers  use  this  to  intrude  some  script  to  the  webpage,  and  security  risk  varies
significantly depending on the nature of script. Various threats may be:
a.   Cookie  stealing:  Cookie  stores  user  data  in  the  browser.  Stealing  cookie  will
definitely led to data theft.
b.  Session hijacking
c.   DoS attack
7.   Spoofing:  Spoofing  is  the  process  of  falsifying  data  and  gaining  benefits  of  the  same.
Various techniques that are covered under spoofing are:
a.   Email spoofing: It includes sending mail from anonymous email.
b.  Call spoofing: It includes making fake phone calls. One can use this trick to call
you with your own number too.
c.   IP address spoofing: It involves changing the IP address of your computer.
d.  GPS  spoofing:  It  attempts  to  deceive  a  GPS  receiver  so  as  to  deliver  wrong
e.   DNS spoofing: It’s a trick where data is intruded to the DNS resolver’s cache that
cause  the  name  server  to  return  an  incorrect  IP  address  which  further  leads  to
divert all traffic to the attacker’s computer or any other computer.

8.   Steganography:  It’s the process of masking  a file into other. File may be text, image,
audio or video. They are treated as normal file by the victims, but hackers unmask them
to reveal hidden data from it. Main advantage of the steganography is to transfer secret
messages. Again, steganography can be of different type:
a.   Text steganography: Hiding messages inside the texts, it is not to be confused
with cryptography.
b.  Email steganography: Similar to the text steganography, it is also used to deliver
short  messages.  Original  message  is  masked  and  a  fake  message  is  displayed
which can later be unmasked.
c.   Audio / Video steganography: Hiding data in the audio and video files
d.  Image steganography: Hiding data behind the image files
9.   Man in the Middle: When we open any webpage then the corresponding request is made
to the server, in the form of packet. MITM attack is used to capture these packets while it
travels  through  the  network.  Once  the  hacker  intrudes  into  the  packet,  he  can  easily
extract data from it.
10. Trojans  and  bombs:  These  are  the  malicious  programs  that  when  executed  performs
some action depending on the type of Trojan, which led to system harm and data theft. To
access victim’s system remotely, hackers may use trojans as backdoor, and after gaining
access hacker can perform any action including:
a.   Formatting hard disk
b.   Crashing computer
c.   Corrupting data
d.   Data theft
e.   Keylogging
f.   e-Money theft
g.   Controlling system remotely
h.   And many others…

Kamal Nayan