Copyright 2015 by TSM Publishing - All rights reserved.
This document is geared towards providing exact and reliable information in regards to the topic and issue covered. The publication is sold with the idea that the publisher is not required to render accounting, officially permitted, or otherwise, qualified services. If advice is necessary, legal or professional, a practiced individual in the profession should be ordered.
- From a Declaration of Principles which was accepted and approved equally by a Committee of the American Bar Association and a Committee of Publishers and Associations.
In no way is it legal to reproduce, duplicate, or transmit any part of this document in either electronic means or in printed format. Recording of this publication is strictly prohibited and any storage of this document is not allowed unless with written permission from the publisher. All rights reserved.
The information provided herein is stated to be truthful and consistent, in that any liability, in terms of inattention or otherwise, by any usage or abuse of any policies, processes, or directions contained within is the solitary and utter responsibility of the recipient reader. Under no circumstances will any legal responsibility or blame be held against the publisher for any reparation, damages, or monetary loss due to the information herein, either directly or indirectly.
Respective authors own all copyrights not held by the publisher.
The information herein is offered for informational purposes solely, and is universal as so. The presentation of the information is without contract or any type of guarantee assurance.
The trademarks that are used are without any consent, and the publication of the trademark is without permission or backing by the trademark owner. All trademarks and brands within this book are for clarifying purposes only and are the owned by the owners themselves, not affiliated with this document.
Contents
Introduction
I want to thank you for downloading the book, Hacking: A 101 Hacking Guide . This book is for absolute beginners who want to learn about ethical hacking by starting with a solid foundation. Written in a down to earth style, this book contains the key terms and concepts you need coupled with links to online resources that let you build your skills outside the book.
Here is what you will be able to do the end of this book:
- Be able explain the difference between an ethical hacker and a non-ethical hacker, including goals and motivations
- Discuss why ethical and non-ethical hackers use the same tools
- Know the difference between an attack, a threat, and a vulnerability
- Have a solid understanding of the basic terminology you need to study hacking
- Understand the different methods used to crack passwords
- Be familiar with the different types of attacks
- Learn the types of tools used by hackers
- Understand how port scanning works
- Know the steps involved in penetration testing
- Learn why Unix is popular with hackers
- Get some tips on how to keep building your skills
Thank you again for downloading this book. I hope you enjoy it!
Chapter 1: What is Ethical Hacking?
An ethical hacker is one that builds, fortifies, secures, and strengthens. To do that, the ethical hacker must get into the mindset of whoever is trying to break into their system. They will thoroughly check their system for weaknesses, and figure out how they can be exploited. Then, they seek to eliminate those weaknesses.
This book is aimed at the ethical hacker , not a destructive hacker (also known in some circles as crackers). The purpose of this book is to provide you with a basic understanding of how to start testing your system to make it as safe and impenetrable as possible.
A white hat hacker is another word for an ethical hacker, and goes back to the image of the old western movies where the good guy would wear a white hat, and the bad guy would wear a black hat. You can guess what a black hat hacker is!
Black hat hackers have many different motivations: some enjoy causing chaos and disruption, others might attack out of revenge or out of sheer malice, still others merely do what they do to show the world that the can, and some may be hired by outside entities and see themselves are merely providing a service, and still others are trying to make a point. They see vulnerabilities as potential points of attack, like unsecured windows on a home, unlocked doors, or faulty alarm system s that they can use to their own advantage.
White hat hackers are motivated by a concern for security, whether it is for their own system, their compan y s system, or that of a client. When they see vulnerabilities, they investigate them just as thoroughl y and, better yet, even more thoroughl y as the black hat hackers. However, the goal is not to discover how to use them to their own advantage, but how to secure them.
White hat and black hat hackers will probably use the same tool s just like a locksmith and a professional thief may have the same tools in their bags. I t s not the tool that is evil, but how it is being used. A white hat hacker might use a password hacking tool to test how strong a compan y s authentication is, whereas a black hat hacker may use the exact same tool to gain entrance to a server to steal data.
Data shows that the job market for white hat hackers is good. Companies are quickly learning that it is better to invest in the skills of an ethical hacker before anything happens than deal with the financial damage, loss of trust, and loss of reputation. According to Statista.com , the average cost of cybercrime in the US for 2014 was 12.69 million per company .
Remember: white hat hackers never intrude where they do n t have permission, and never use what they learn about a system for anything but strengthening its defenses.
Online Resources:
How to Get a Job as an Ethical Hacker:
http://intelligent-defense.softwareadvice.com/how-to-get-an-ethical-hacker-job-0714/
Occupational Outlook Handbook for Information Security Specialists: http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
The Role of White Hat Hackers:
http://phys.org/news/2015-01-role-white-hat-hackers-cyber.html
Cost of Cybercrime in the US: http://www.statista.com/statistics/193444/financial-damage-caused-by-cyber-attacks-in-the-us/
Cost of Cybercrime in Selected Countries:
http://www.statista.com/statistics/293274/average-cyber-crime-costs-to-companies-in-selected-countries/
Chapter 2: Basic Terminology
When you begin a new subject, the first step is to become familiar with the terminology.
If your system has suffered an attack , it means that the security of your system has been violated. A threat is something that can affect your system, but has n t happened yet. A vulnerability is an error or weakness that has the potential to compromise your system. It is very important to understand the difference between an actual attack and a vulnerability or threat.
Bugs! No, not the creepy, crawly bugs you can kill with a quick stomp. In hacking, bugs refer to errors in a program. The ter m bu g came from the old days when computers had physical relays, and a particular mathematical subroutine was giving bad results. The software engineer (legend points to Admiral Grace Murray Hopper) started tracking down the error and found a moth caught in the relay, insulating it so that current could n t pass through.
In the movies, bad guys often break in through the backdoor. In hacking, backdoor refers to sneakily accessing someon e s system by bypassing the authentication (think of your locked front door) that is supposed to protect it.