Sunday, October 11, 2020

PHASES OF HACKING

COLLEGE HACKER

Credit- College Hacker

  1. Reconnaissance : This is the first phase where the Hacker tries to collect information about the target. It may include Identifying the Target, finding out the target’s IP Address Range, Network, DNS records, etc.Let’s assume that an attacker is about to hack a websites’ contacts.He may do so by : using a search engine like maltego, researching the target say a website (checking links, jobs, job titles, email, news, etc.), or a tool like HTTPTrack to download the entire website for later enumeration, the hacker is able to determine the following:  Staff names, positions, and email addresses.
  1. Scanning:  This phase includes usage of tools like dialers, port scanners, network mappers, sweepers, and vulnerability scanners to scan data. Hackers are now probably seeking any information that can help them perpetrate attack such as computer names, IP addresses, and user accounts.Now that the hacker has some basic information, the hacker now moves to the next phase and begins to test the network for other avenues of attacks. The hacker decides to use a couple methods for this end to help map the network (i.e. Kali Linux, Maltego and find an email to contact to see what email server is being used).  The hacker looks for an automated email if possible or based on the information gathered he may decide to email HR with an inquiry about a job posting.
  1. Gaining Access: In this phase, hacker designs the blueprint of the network of the target with the help of data collected during Phase 1 and Phase 2. The hacker has finished enumerating and scanning the network and now decide that they have a some options to gain access to the network.
    For example, say hacker chooses Phishing Attack The hacker decides to play it safe and use a simple phishing attack to gain access.  The hacker decides to infiltrate from the IT department.  They see that there have been some recent hires and they are likely not up to speed on the procedures yet.  A phishing email will be sent using the CTO’s actual email address using a program and sent out to the techs.  The email contains a phishing website that will collect their login and passwords.  Using any number of options (phone app, website email spoofing, Zmail, etc) the hacker sends a email asking the users to login to a new Google portal with their credentials.  They already have the Social Engineering Toolkit running and have sent an email with the server address to the users masking it with a bitly or tinyurl.
    Other options include creating a reverse TCP/IP shell in a PDF using Metasploit ( may be caught by spam filter).  Looking at the event calendar they can set up a Evil Twin router and try to Man in the Middle attack users to gain access.  An variant of Denial of Service attack, stack based buffer overflows, and session hijacking may also prove to be great.
  1. Maintaining Access: Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Once the hacker owns the system, they can use it as a base to launch additional attacks.
    In this case, the owned system is sometimes referred to as a zombie system.Now that the hacker has multiple e-mail accounts, the hacker begins to test the accounts on the domain.  The hacker from this point creates a new administrator account for themselves based on the naming structure and try and blend in.  As a precaution, the hacker begins to look for and identify accounts that have not been used for a long time.  The hacker assumes that these accounts are likely either forgotten or not used so they change the password and elevate privileges to an administrator as a secondary account in order to maintain access to the network.  The hacker may also send out emails to other users with an exploited file such as a PDF with a reverse shell in order to extend their possible access.  No overt exploitation or attacks will occur at this time.  If there is no evidence of detection, a waiting game is played letting the victim think that nothing was disturbed.  With access to an IT account the hacker begins to make copies of all emails, appointments, contacts, instant messages, and files to be sorted through and used later.
  1. Clearing Tracks : Prior to the attack, the attacker would change their MAC address and run the attacking machine through at least one VPN to help cover their identity.  They will not deliver a direct attack or any scanning technique that would be deemed “noisy”.
    Once access is gained and privileges have been escalated, the hacker seek to cover their tracks.  This includes clearing out Sent emails, clearing server logs, temp files, etc.  The hacker will also look for indications of the email provider alerting the user or possible unauthorized logins under their account.



------------------------------- Important Links :- ------------------------------- 1. Instagram :- https://www.instagram.com/hacker_college 2. Twitter :- https://www.twitter.com/hacker_college 3. Blogs :- https://college-hacker.blogspot.com/ 4. Tumblr :- https://www.tumblr.com/blog/collegeha... 5. Pinterest :- https://in.pinterest.com/collegehacker/
___________________________________________________ SUBSCRIBE - SHARE - LIKE - COMMENT . ___________________________________________________ Subscribe And Press the Bell Icon For More Update.
___________________________________________________

Labels:

posted by College Hacker @ October 11, 2020   0 Comments

Wednesday, May 6, 2020

ADVANTAGES & DISADVANTAGES OF HACKING



Advantages of Hacking:-

  • To perform penetration testing to strengthen computer and network security.
  • To put adequate preventative measures in place to prevent security breaches.
  • To have a computer system that prevents malicious hackers from gaining access.
  • To recover lost information, especially in case you lost your password.

Disadvantages of Hacking:-

  • Denial of service attacks.
  • Massive security breach.
  • Privacy violation.
  • Unauthorized system access on private information.
  • Hampering system operation.
  • Malicious attack on the system.


All information is only for the study purpose.  

                                                               College hacker



Twitter Link :-      

Instagram Link :- 

Labels:

posted by College Hacker @ May 06, 2020   1 Comments

PURPOSE OF HACKING

Why Hacking:-



1. Steal/Leak Information:-
I am sure you guessed this. One of the most common reasons for hackers to hack is to steal or leak information. This could be data and information about your customers, your internal employees or even private data specific to your business. These are cases where hackers typically go after big targets in order to get the most attention.
Some of the biggest examples are the Ashley Madison hack or the Starbucks app hack. In the Ashley Madison hack, hackers were able to break into the customer database and get access to all the information including many private pictures of popular celebrities. This incident was a big shakeup in the Internet world which also affected private lives of many people.
A lot of times, hackers also steal information in order to assume your personal identity and then use it for something else like transferring money, taking a loan, etc. Such incidents have increased after Internet banking and mobile banking have started to become more popular. With the growth of smartphones and mobile devices, the potential for monetary gain through hacking has also increased.
Many big businesses have fallen prey to this - Sony, Target, Yahoo, Equifax, eBay, HomeDepot, Adobe, to just name a few. Even though there has been a lot of media attention about all the above companies being hacked, most businesses still believe this won't happen to them. By not being proactive about security, you are only putting your data at risk.

2. Disrupt Services:-

Hackers just love to take something down. And then also leave a statement on the website - more on that later. But hackers have successfully taken down many services by creating bots that overwhelm a server with traffic, thus, leading to a crash. It is known as a DoS (Denial of Service) attack and can put a company’s website out of service for a while. These days, there's also DDoS or Distributed Denial of Service attacks which use multiple infected systems to take down a single major system leading to a denial of service.
There are other ways also, like infecting a large network with malicious software inserted onto one computer either through email or otherwise which leads to a chain reaction affecting the whole network.
Server disruption attacks usually have their own personal motive. Mainly, it is to render a service or website useless. Sometimes it can also be to make a point.

3. Make a Point:-


The hackers who fall into this category are very interesting. They don't care about money or data. They seem to feel that they have a higher purpose in life. They want to steal information or disrupt your network in order to make a point.
Again, going back to the Ashley Madison hack, the hackers had access to account details of 32 million users but before they made this public, the hackers left a message on the website to inform everyone on what they are done. They also mentioned what they thought about the website and why they thought a service like this was immoral. 

4. Money:-


This is what everyone usually fears about. We've seen many businesses reach out to us at the stage when they have already been hacked and a hacker is demanding money. Hackers not only hack businesses and ask for ransom but they also try hacking into regular user accounts and try to take advantage of things like online banking, online retail, etc. where financial transactions are involved.
Last year also saw the biggest ransomware attack called WannaCry where millions of computers around the world were hacked and users had to pay a ransom to get back access to their computers.

5. Driven by Purpose - Hacktivism, Idealism, Political Motives:-


Many hackers are also drive by a specific purpose. Sometimes, this comes out only when they get caught. Some of them aim to be idealists and take it upon themselves to expose injustice, some have political motives, some simple target the government, and so on. A major example is a hacktivist group called Anonymous who have been popular around the world for challenging and taking down many governments. These hackers can target religious groups, governments, movements, to promote a particular agenda.
Another example of a politically driven agenda was when France was having an election last year. In fact, at the beginning of May, we all got to know that Emmanuel Macron, President-elect for France, had his presidential campaign emails leaked following a hack. Giving the timing of the hack, many speculate that it was done with a purpose – to sway the votes  And so are the speculations about the US presidential elections when Donald Trump became President.

In The Short Way :-


There could be various positive and negative intentions behind performing hacking activities. Here is a list of some probable reasons why people indulge in hacking activities −
  • System security testing
  • Steal important information
  • Show-off
  • Damaging the system
  • Just for fun
  • Hampering privacy
  • Money extortion
  • To break policy compliance.


All information is only for the study purpose.  

                                                                  College hacker




Twitter Link :-      

Instagram Link :- 


Labels:

posted by College Hacker @ May 06, 2020   1 Comments

VARIOUS HACKING


Types of Hacking:-

 Following are the main types :-
  • Website Hacking − Hacking a website means taking unauthorized control over a web server and its associated software such as databases and other interfaces.

  • Network Hacking − Hacking a network means gathering information about a network by using tools like Telnet, NS lookup, Ping, Tracert, Netstat, etc. with the intent to harm the network system and hamper its operation.

  • Email Hacking − It includes getting unauthorized access on an Email account and using it without taking the consent of its owner.

  • Ethical Hacking − Ethical hacking involves finding weaknesses in a computer or network system for testing purpose and finally getting them fixed.

  • Password Hacking − This is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system.

  • Computer Hacking − This is the process of stealing computer ID and password by applying hacking methods and getting unauthorized access to a computer system.

 In Another word:-

   One of the most frequent threats of hacking is those faced by the websites. It is very common to see a particular website or online account being hacked open intentionally using unauthorized access and its contents being changed or made public. The web sites of political or social organizations are the frequent targets by groups or individuals opposed to them. It is also not uncommon to see governmental or national information website being hacked. Some of the well-known methods in website hacking are:

· Phishing

This implies replicating the original website so that the unsuspecting user enters the information like account password, credit card details, which the hacker seizes and misuses. The banking websites are the frequent target for this.

· Virus

These are released by the hacker into the files of the website once they enter into it. The purpose is to corrupt the information or resources on the website.

· UI redress

In this method the hacker creates a fake user interface and when the user clicks with the intent of going to a certain website, they are directed to another site altogether.

· Cookie theft

Hackers accesses the website using malicious codes and steal cookies which contain confidential information, login passwords etc.

· DNS spoofing

This basically uses the cache data of a website or domain that the user might have forgotten about. It then directs the data to another malicious website.



All information is only for the study purpose.  

                                                                  College hacker



Twitter Link :-      

Instagram Link :- 

Labels:

posted by College Hacker @ May 06, 2020   1 Comments

Monday, May 4, 2020

History Of Hacking

History of hacking.


In its current usage, the term dates back to the 1970s. In 1980, an article in Psychology Today used the term “hacker” in its title: “The Hacker Papers,” which discussed the addictive nature of computer use.
Then there's the 1982 American science fiction film, Tron, in which the protagonist describes his intentions to break into a company's computer system as hacking into it. The plot of another movie released the next year, WarGames, centered on a teenager's computer intrusion into the North American Aerospace Defense Command (NORAD). It was a fiction that introduced the specter of hackers as a threat to national security.

 A gang of teenage hackers broke into computer systems throughout the United States and Canada.

Turns out, art was prologue to reality in that same year when a gang of teenage hackers broke into computer systems throughout the United States and Canada, including those of Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank. Soon afterward, a Newsweek article with a cover shot of one of the young hackers was the first to use the term “hacker” in the pejorative sense in the mainstream media.
Thereafter, Congress got into the act, passing a number of bills concerning computer crime. After that, throughout the rest of the 1980s, any number of hacker groups and publications formed in America and abroad, attracting hacking enthusiasts in pursuit of diverse missions—some benign, others not so much. There were spectacular attacks and break-ins into government and corporate computers, more anti-hacking legislation, and many noteworthy arrests and convictions. All the while, popular culture kept hacking and hackers in the public consciousness with a parade of movies, books, and magazines that are dedicated to the activity.

    Promotions Of Hacking :-

  • December 1947 – William Shockley invents the transistor and demonstrates its use for the first time. The first transistor consisted of a messy collection of wires, insulators and germanium. According to a recent poll on CNN’s website, the transistor is believed to be the most important discovery in the past 100 years.
  • 1964 – Thomas Kurtz and John Kemeny create BASIC, one of the most popular programming languages even nowadays.
  • 1965 -it’s estimated that approximately 20,000 computer systems are in use in the United States. Most of these are manufactured by International Business Machines (IBM).
  • 1968 – Intel is founded.
  • 1969 – AMD is founded.
  • 1969 – The Advanced Research Projects Agency (ARPA) create the ARPANET, the forerunner of the Internet. The first four nodes (networks) of ARPANET consisted of the University of California Los Angeles, University of California Santa Barbara, University of Utah and the Stanford Research Institute.
  • 1969 – Intel announces 1K (1024 bytes) RAM modules.
  • 1969 – Ken Thompson and Dennis Ritchies begin work on UNICS. Thompson writes the first version of UNICS in one month on a machine with 4KB of 18 bit words. UNICS is later renamed ‘UNIX’.
  • 1969 – MIT becomes home to the first computer hackers, who begin altering software and hardware to make it work better and/or faster.
  • 1969 – Linus Torvalds born in Helsinki.
  • 1970 – DEC introduces the PDP-11, one of the most popular computer designs ever. Some are still in use as today.
  • 1971 – John Draper, aka as ‘Cap’n Crunch’ hacks phone systems using a toy whistle from a cereal box.
  • 1971 – The first email program is released for the Arpanet. The author is Ray Tomlinson, who decides to use the ‘@’ character to separate the user name from the domain address.
  • 1972 – Ritchie and Kerningham rewrite UNIX in C, a programming language designed with portability in mind.
  • 1972 – NCSA develops the ‘telnet’ tool.
  • 1973 – Gordon Moore, Intel’s chairman postulates the famous ‘Moore Law’, which states the number of transistors in CPUs will double every 18 months, a law which will stay true for more than 20 years.
  • 1973 – FTP is introduced.
  • 1974 – Stephen Bourne develops the first major UNIX shell, the ‘bourne’ shell.
  • 1975 – Bill Gates and Paul Allen found Microsoft.
  • 1976 – A 21-year old Bill Gates writes ‘An Open Letter to Hobbyists’, a document in which he condemns open source and software piracy.
  • April 1st, 1976 – Apple Computers is founded.
  • 1977 – Billy Joy authors BSD, another UNIX-like operating system.
  • 1979 – Microsoft licenses the UNIX source code from AT&T and creates their own implementation, ‘Xenix’.
  • 1981 – The Domain Name System (DNS) is created.
  • 1981 – Microsoft acquires the intellectual property rights for DOS and renames it MS-DOS.
  • 1982 – Sun Microsystems is founded. Sun will become famous for its SPARC microprocessors, Solaris, the Network File System (NFS) and Java.
  • 1982 – Richard Stallman begins to develop a free version of UNIX which he calls ‘GNU’, a recursive definition meaning ‘GNU’s Not UNIX’.
  • 1982 – William Gibson invents the term ‘cyberspace’.
  • 1982 – SMTP, the ‘simple mail transfer protocol’ is published. SMTP is currently the most widespread method for exchanging messages on the Internet.
  • 1982 – Scott Fahlman invents the first emoticon, ‘:)’.
  • 1983 – The Internet is founded by splitting the Arpanet into separate military and civilian networks.
  • 1983 – FidoNet is developed by Tom Jennings. FidoNet will become the most widespread information exchange network in the world for the next 10 years, until the Internet takes over.
  • 1983 – Kevin Poulsen, aka ‘Dark Dante’ is arrested for breaking into the Arpanet.
  • 1984 – CISCO Systems is founded.
  • 1984 – Fred Cohen develops the first PC viruses and comes up with the now-standard term ‘computer virus’.
  • 1984 – Andrew Tannenbaum creates Minix, a free UNIX clone based on a modular microkernel architecture.
  • 1984 – Bill Landreth, aka ‘The Cracker’, is convicted of hacking computer systems and accessing NASA and Department of Defense computer data.
  • 1984 – Apple introduces Macintosh System 1.0.
  • 1985 – Richard Stallman founds the Free Software Foundation.
  • March 15, 1985 – ‘Symbolics.com’ is registered as the first Internet domain name.
  • November 1985 – Microsoft releases ‘Windows 1.0’, which sells for $100.
  • 1986 – The Computer Fraud and Abuse Act in US adopted.
  • 1986 – ‘Legion of Doom’ member Loyd Blankenship, aka ‘The Mentor’, is arrested and publishes the now famous ‘Hacker’s Manifesto’.
  • 1988 – The CD-ROM is invented.
  • 1988 – IRC is established.
  • November 1988 – Robert Morris launches an Internet worm which infects several thousand systems and clogs computers around the country due to a programming error. This worm is now knows as the Morris worm.
  • 1989 – the WWW is developed at CERN labs, in Switzerland.
  • 1990 – The Arpanet is dismantled.
  • 1990 – Kevin Poulsen hacks a phone system in LA making himself the winner of a Porsche 944 in a radio phone-in.
  • 1991 – PGP (Pretty Good Privacy), a powerful, free encryption tool is released by Philip Zimmerman. The software quickly becomes the most popular encryption package in the world.
  • 1991 – Rumours appear regarding the computer virus ‘Michaelangelo’, coded to launch its destructive payload on March 6th.
  • September 17, 1991 – Linus Torvalds releases the first version of Linux.
  • 1992 – The ‘Masters of Deception’ phone phreaking group is arrested due to evidence obtained via wiretaps.
  • 1993 – The Mosaic web browser is released.
  • 1993 – Microsoft releases Windows NT.
  • 1993 – First version of FreeBSD is released.
  • March 23, 1994 – 16-year-old Richard Pryce, aka ‘Datastream Cowboy’, is arrested and charged with unauthorized computer access.
  • 1994 – Vladimir Levin, a Russian mathematician, hacks into Citibank and steals $10 million.
  • 1995 – Dan Farmer and Wietse Venema release SATAN, an automated vulnerability scanner, which becomes a popular hacking tool.
  • 1995 – Chris Lamprecht, aka ‘Minor Threat’, is the first person to be ever banned from the Internet.
  • 1995 – Sun launches Java, a computer programming language designed to be portable across different platforms in compiled form.
  • August 1995 – Microsoft Internet Explorer (IE) released. IE will become the most exploited web browser in history and a favourite target for virus writers and hackers.
  • August 1995 – Windows 95 is launched.
  • 1996 – IBM releases OS/2 Warp version 4, a powerful multi-tasking operating system with a new user interface, as a counter to Microsoft’s recently released Windows 95. Despite being more reliable and stable, OS/2 will slowly lose ground and be discontinued a few years later.
  • 1996 – ICQ, the first IM, is released.
  • 1996 – Tim Lloyd plants a software time bomb at Omega Engineering, a company in New Jersey. The results of the attack are devastating: losses of USD $12 million and more than 80 employees lose their jobs. Lloyd is sentenced to 41 months in jail.
  • 1997 – DVD format specifications published.
  • 1998 -Two Chinese hackers, Hao Jinglong and Hao Jingwen (twin brothers), are sentenced to death by a court in China for breaking into a bank’s computer network and stealing 720’000 yuan ($87’000).
  • March 18, 1998 – Ehud Tenebaum, a prolific hacker aka ‘The Analyzer’, is arrested in Israel for hacking into many high profile computer networks in US.
  • 1998 – CIH virus released. CIH was the first virus to include a payload which wipes the FLASH BIOS memory, rendering computer systems unbootable and invalidating the myth that ‘viruses cannot damage hardware’.
  • March 26, 1999 – Melissa virus released.
  • 2000 – A Canadian teenage hacker known as ‘Mafiaboy’ conducts a DoS attack and renders Yahoo, eBay, Amazon.com, CNN and a few other web sites inaccessible. He is later sentenced to eight months in a youth detention center.
  • 2000 – Microsoft Corporation admits its computer network was breached and the code for several upcoming versions of Windows were stolen.
  • 2000 – FBI arrests two Russian hackers, Alexei V. Ivanov and Vasiliy Gorshkov. The arrests took place after a long and complex operation which involved bringing the hackers to the US for a ‘hacking skills demonstration’.
  • July 2001 – CodeRed worm released. It spreads quickly around the world, infecting a hundred thousand computers in a matter of hours.
  • 2001 – Microsoft releases Windows XP.
  • July 18th, 2002 – Bill Gates announces the ‘Trustworthy Computing’ initiative, a new direction in Microsoft’s software development strategy aimed at increasing security.
  • October 2002 – A massive attack against 13 root domain servers of the Internet is launched by unidentified hackers. The aim: to stop the domain name resolution service around the net.
  • 2003 – Microsoft releases Windows Server 2003.
  • April 29th, 2003 – New Scotland Yard arrest Lynn Htun at a London’s InfoSecurity Europe 2003 computer fair. Lynn Htun is believed to have gained unauthorized access to many major computer systems such as Symantec and SecurityFocus.
  • November 6th, 2003 – Microsoft announces a USD 5 million reward fund. The money will be given to those who help track down hackers targeting the software giant’s applications.
  • May 7th, 2004 – Sven Jaschan, the author of the Netsky and Sasser Internet worms, is arrested in northern Germany.
  • September 2004 – IBM presents a supercomputer which is the fastest machine in the world. Its sustained speed is 36 trillion operations per second.
  • 24 June 2005 – Robert Lyttle (one half of the ‘Synamic Duo’) was sentenced to four months in prison (followed by three years probation) and given a fine of $72,000 for hacking into US government computer systems and defacing web sites.
  • 17 August 2005 – former AOL software engineer Jason Smathers given a 15 month prison sentence for stealing 92 million screen names from an AOL database and selling them to a spammer. The spammers then used the e-mail addresses to send out 7 billion spam messages.
  • 24 August 2005 – Chinese hacker arrested in Japan for virtual ‘theft’ of online game goods.
  • 6 January 2006 – Sean Galvez indicted in Massachusetts on one count of larceny and 10 counts of unauthorized access to a computer and identity fraud for breaking into more than 40 eBay accounts and accumulating charges totaling $32,000.
  • 3 October 2006 – three men sentenced to eight years each in Russia for a spree of extortion attacks in 2003: the hackers stole up to $4 million from UK companies.
  • 23 August 2007 – UK man arrested for unauthorised use of a wireless connection in Chiswick, London.
  • 18 December 2007 – Hario Tandiwidjojo, a former computer consultant, pleads guilty in the US to unauthorized access to a protected computer, after breaking in to more than 60 business kiosks at hotels and stealing credit card information.
  • 11 June 2008 – Robert Matthew Bentley sentenced in the US to 41 months in prison, and ordered to pay $65,000 restitution, for breaking into corporate computer systems in Europe (including those of Rubbermaid) and using them as part of a botnet.
  • 11 July 2008 – Yang Litao receives two years in prison in China for hacking into a Red Cross web site and attempting to divert relief donations to a bank account under his control (following the Sichuan earthquake).
  • 5 November 2008 – Ivan Biltse, Angelina Kitaeva and Yuriy Rakushchynets (aka Yuriy Ryabinin) plead guilty in the US to conspiracy and access device fraud for their part in a scheme that used stolen Citibank card information to steal $2 million. The group, that included seven others charged earlier in the year, allegedly broke into a server that processes ATM transactions from 7-eleven cash machines.
  • 5 March 2009 – the gang behind the failed attempt to steal $229 million from the London office of the Sumitomo Bank in 2004 are sent to prison. Hackers were smuggled into the bank by an insider and used commercial keylogging software to capture login credentials and transfer money to overseas accounts. The two hackers, Jan van Osselaer and Gilles Poelvoorde, were given sentences of three and a half years and four years respectively. The insider, Kevin O’Donoghue, O’Donoghue was ordered to serve four years and four months in prison. Hugh Rodley and David Nash, who set up the international bank accounts, received sentences of eight years and three years respectively.
  • 28 August 2009 – Albert Gonzalez agrees to plead guilty to 19 counts of wire fraud, conspiracy, aggravated identity theft and money laundering related to the theft of more than 170 million credit and debit card accounts from TJX, Barnes & Noble, Office Max and others. Under the terms of the deal, Gonzalez will spend 15 to 25 years in prison and will forfeit more than $2.8 million.
  • 17 February 2010 – hacker replaces commercial video with porn on a Moscow billboard.
  • 24 February 2010 – hacker leaks data about the finances of Latvian banks and state-owned firms to Latvian TV.

All information is only for the study purpose.  

                                                                  College hacker





Twitter Link :-       https://www.twitter.com/hacker_college

Labels:

posted by College Hacker @ May 04, 2020   2 Comments