Hacking is the process of accessing digital information without the owner’s permission. In most cases, hackers attack computers or networks to obtain confidential data. These people use the collected information to earn money (i.e. by blackmailing the victims or selling the data to interested parties). Some hackers also use their skills just to render their targets inoperable. Obviously, hacking is an illegal activity.
Just like other things in life, hacking tools and skills are inherently neutral. These things become good or evil depending on the person who uses them. You may choose to become a security professional after reading this book. Or you may want to become a “black-hat hacker” and wreak havoc in the digital world. It’s up to you. Keep in mind, however, that malicious hacking is punishable by law.
Malicious computer programs, also known as “malware”, are programs that are designed to harm computers or networks. Here are the main categories of malware:
• Adware -This kind of malware isn’t dangerous. It won’t crash your computer or steal your information. However, you will see countless advertisements while using your computer.
● Spyware – Spyware programs are created to monitor the victim’s activities. They record what you do on your computer and transmit the information to the hacker.
● Worm – A worm is a computer program that multiplies continuously and deletes data inside the target. If not stopped properly, worms can empty its target completely.
● Trojan – A Trojan is not dangerous per se. It is just a container that enters a target through rigged files (usually offered as “free downloads”). What makes Trojans dangerous is that they contain other forms of malware.
● Ransomware – This kind of malware prevents you from accessing your computer or network. You need to pay an amount set by the hacker if you want to use the infected machine.
Paying the “ransom” doesn’t mean that the malware will be removed. Thus, it is likely that your computer will get locked again.
● Backdoor – Backdoor programs create an opening in your computer’s defenses. Hackers use these openings to plant other malware or steal your information.
● Virus – Viruses are codes or programs that latch onto a legitimate program. A virus will run and replicate when the “host” program runs.
Important Note: This is just an overview of the malware types present today. You will learn more about malicious programs in later chapters.
A penetration test (also called “security testing”, “network testing”, or “pen testing”) is a process of hacking a target in order to find vulnerabilities. This is a form of “ethical hacking” where the hacker assists his “client” (e.g. a business) to improve the latter’s digital defenses. These days, businesses and other organizations are more than willing to pay just to protect themselves from malicious attacks.
What makes penetration testing different from malicious hacking is the permission from the target. Thus, pen testing is still illegal if you don’t have your target’s permission. You can have all the good intentions in the world and still get incarcerated for hacking a network. Here’s an important principle: always get a written permission from the target before conducting any hacking attack. It would be best if the permission will be signed by the owner, CEO, or IT manager of your target organization.
Most hackers are willing to share their tools with others. You can create a comprehensive hacking toolkit just by downloading ready-made tools from hacking websites. That means you can be a full-fledged hacker even without programming anything. This is great, especially to people who don’t have the time to learn programming languages. Unfortunately, relying on other’s programs and tools can limit your growth as a hacker.
If you want to become a successful hacker, you must learn one or two programming languages. This knowledge will help you create your own tools and improve the works of others. Once you know how to program, you will evolve from being a “novice” into a “skilled” hacker.
Important Note: This eBook will teach you how to use C (one of the most popular computer languages today) for hacking purposes.
Setting up a Laboratory
Hacking can be dangerous. If you aren’t careful, you might disable your targets permanently. This is the reason why beginners are advised to practice their skills in a “laboratory”. Basically, a hacking lab consists of various virtual machines. A single computer may hold multiple virtual machines (and various operating systems). Hacking labs allow hackers to polish their skills without endangering systems. If you mess up, you can just restart a virtual machine. There will be no permanent damages, regardless of how epic your failure is.
There are many virtual machine programs out there. The most popular ones are QEMU, VMware, and VirtualBox. These programs are available for free. QEMU is designed for Linux systems. VMware, meanwhile, is available for Linux and Windows computers. If you are working with different systems, however, VirtualBox is your best option. You can use this virtual machine on a Linux, Macintosh, or Windows computer.
After installing a virtual machine program, you need to install one or more operating systems on your machine. Modern systems have excellent defenses, so beginners must focus on old ones. Start with Windows XP and KALI Linux. Windows XP has a lot of well-known vulnerabilities. It can be an excellent target for your practice. KALI Linux, on the other hand, is a Linux-based system specially created for hacking. It has built-in vulnerabilities that you can attack. Hacking this OS with KALI is a walk in the park.