Open in app

Sign in

Write

Sign in

So You Want To Be An *Ethical* Hacker? Here’s What You Should Know! (Interactive Exercises Included)

Rksmissionpossible
8 min readMay 23, 2020

--

Cyber Security — also known as Information Security — is more important in this day and age than ever before. With hackers getting better and better every day, and companies and security specialists (aka the good guys who protect us on the internet) struggling to keep up, the days of easy privacy are long behind us. After all, according to Cybersecurity Ventures, cybercrime damages will cost the world $6 trillion every year by 2021! And based on a recent study by the Maryland University, there’s a cyber attack every 39 seconds (Source: https://eng.umd.edu/news/story/study-hackers-attack-every-39-seconds). And that’s not even the end of it.

Without a doubt, there is an obvious need for something to be done if we want to keep ourselves safe in the online world and keep our digital identity and possessions secure.

But wait! All is not lost. What we call “hackers” are actually a subset — albeit a nefarious subset — of hackers, and there are those on the front lines on our sides, fighting to keep us safe from data breaches. These heroes are known as white hackers, or ethical hackers. They learn to hack for humanity — to fight the bad guys at what they do so everyone else can go about their digital lives.

If you’re reading this, chances are you want to be an ethical hacker. Or are just curious about what it looks like.

Well, in this article, we’ll cover various basic concepts in hacking, and how to perform it. The interactive exercises are computer hacks ANYONE can do.

What we’ll cover:

Linux — Play a wargame called Bandit

Programming — SQL injection

Web — Inspect element and client-side vulnerability

Cryptography — Encryption and Decryption — Practice breaking ciphers and codes

Forensics — Steganography — Prank your friends by hiding secret messages in images

FAQs answered in this video:

How to use the inspect element to hack; How Linux and SSH used by hackers; What is Cryptology; What is Steganography; What is SQL injection?

Here’s my Youtube Video version of this article, if you prefer a more visual learning format! If you liked the content, please watch the other videos in my channel — More to come ;)

So let’s get started! This article is divided into 5 sections, covering the topics referenced above. Each section includes websites for you to test out and practice what you’ve learned, and they will be linked at the end of this article.

Let’s begin at the beginning

Just to make things clear, let’s make sure we know what cybersecurity is. If we take it one word one at a time, we can see that it’s made up of “cyber” and “security.” You can think of the word “cyber” as dealing with computers. “Security” here is used in the everyday sense, meaning keeping our (digital) possessions safe. Put together, cybersecurity aims to keep your information secure so only you and only people you allow can access it.

As I mentioned in the beginning, there are many hats a hacker can have, so to speak.

Here are the three kinds:

Black hat: The traditional image of a hacker, these people hack for malicious purposes. They exploit the inherent vulnerabilities of the internet for personal gain or to make a statement.

White hat: The good guys, and what we’ll learn to become! They examine and fix vulnerabilities before black hats can get to it.

Grey hat: Like all things in life, there is in hacking a grey area, an in-between. They hack without permission, but their intentions are not necessarily malicious. Think of them as a cross of white and black hat.

There are other distinctions within hackers, such as script kiddies (amateur hackers, often a derogatory term to refer to those who are unskilled and use available resources to hack, often without a true understanding of its repercussions)and green hat (beginners who are pursuing this field out of curiosity and are looking to improve) but these are subcategories and not a type per se.

What you’ll need

Ethical hacking requires minimal equipment when you’re starting. If you’re reading this, then great! You already have the technical equipment to start your journey — an electronic device (such as a phone, tablet, or computer) and internet access, and off we go.

As for soft skills, you’ve already shown interest in learning about this field, which means that you’re probably going to have the motivation to learn. Which is incredibly important! If there is one thing that ethical hackers need, it’s the drive to learn.

But here are some other crucial qualities, and I recommend working on them if they’re not your strong suits:

  1. An attentive eye
  2. Unwavering curiosity
  3. An analytical mind
  4. A tenacity to keep going
  5. Loads of patience

As promised, you can practice these skills in a fun, engaging way in one of two formats: you can choose the “kid” route or the “adult” path — it’s entirely up to you!

All about Cryptography and Steganography

Moving right along: Here’s the laydown on two most important concepts in cybersecurity.

Cryptography is the practice of ensuring secure communication by sending messages in ciphers (message where one letter is substituted for another, based on an algorithm, hence changing it up) and codes (message where each word is replaced with another to hold the same meaning, there is a codebook to document the translations). Encryption scrambles a message, and decryption unscrambles it. For instance, a document you want to send to your best friend over the internet will work like this:

Before encryption, when the doc is still “readable,” it will be called plaintext. After encryption, when the doc is all scrambled, it will be called ciphertext. The key is the rule that transforms plaintext into ciphertext.

*** The message you sent to your friend is a cipher, as it is all scrambled up once it is encrypted.

A model illustrating the concept

There are two basic kinds of encryption: Symmetric and Asymmetric. They both use key(s) but differ in their usage and the key owner’s role.

Cryptanalysis is trying to figure out the message without knowing the key.

Steganography is the practice of hiding a secret message/files/other media in an image, audio, video, or another message. This is a virtually undetectable method for it’s extremely hard to deduce its presence without having a tip-off, either from a person/organization or by a close reading (though even then, it is quite a laborious process and can be nothing but a futile effort). This is primarily used by black hat to communicate their plans clandestinely, and so a white hacker must be aware of such a technique for obvious reasons, even though they may not have a need to practice it themselves. Steganalysis is the reverse and is finding the message contained within an image with steganography.

What Steganography is like (Source: Wired)

Algorithms include blindhide (exactly what it sounds like, it’s blindly hiding info which is rather unintelligent as it makes it easier for steganalysis), filterfirst (a fancier version of blindhide that’s harder to crack) and hideseek (random distribution of the message across the image).

SQL Injection (and how knowing it helps you stay ahead of black hat)

SQL Injection is the injection of malicious code in SQL statements. This works because it exploits websites with vulnerable user input, and is notorious for impacting data servers. Big-name companies, such as Yahoo, Sony Pictures, LinkedIn, Target, and many more have been hacked because of an SQL Injection attack. Not only that, but it is considered one of the least-sophisticated hacking technique because of its simplicity but is one of the most exploited vulnerabilities out there! Knowing about this weakness ensures you won’t accidentally make your system vulnerable to hacking and is crucial when you’re pentesting, which is an authorized attack on a digital system to better understand its weaknesses. It’s helpful if you’re on the red team (offensive infosec white hat specialists whose job is to simulate the black hat) or on the blue team (defensive infosec white hat specialists whose job is to stop the red team) — either way, this is important to remember.

SSH + The mystery of why hackers love Linux, explained

Linux is a popular operating system for hackers — for both white (penetration testing, ethical hacking) and black hat (for SSH, which stands for Secure Shell Network. It’s a cryptographic network protocol — essentially a way of connecting to a remote system primarily for Linux-based systems and other operating systems as well). Black hat hackers exploit vulnerabilities in SSH to get:

  1. SSH keys (company credentials) → access to valuable data
  2. Financial info → Siphon money
  3. Administration access and install malware

Hackers love Linux because it’s open-source, it’s arguably one of the safest OS, and the resources/utilities it carries for hacking are excellent. It’s a great idea to get familiar with Linux because of how frequently it is used in the infosec community.

The Inspect Element: You’ll probably use it more than you realize, at least at first

Ah, the inspect element. This is one of the handy-dandy tools that will help you out quite a bit.

What it is: It can temporarily edit a webpage on your side (aka client-side)

How you open it: Open it with a right-click and it should be the bottommost option.

Where it can be used: Passwords are stored on the server-side for security, but sometimes due to poor programming they end up on the client-side and can be seen with the inspect tool! When you sign in to an account, you might be able to see “password-checks” for the website in plain sight, if you utilize the inspect tool. Hackers can take advantage and hack into your account! The good thing is that companies are getting better about this.

And that’s a wrap! Thanks for reading. I hope this was useful and helped you out :)

Author’s note: If you would like more in-depth information about any of the topics covered in this article, please let me know in the comments!

Psst….if you liked what you saw here, don’t forget to tell me what you’ll like to see next — and if you’ve read until here, here are some other videos you might enjoy:

Websites referenced in the video :

Test your “hacking qualities”:

Kids: https://www.cia.gov/kids-page/games/index.html#

Adults: https://www.businessnewsdaily.com/10823-best-hacking-games.html

Cryptology:

Check your knowledge/Learn more:

Khan Academy Https://www.khanacademy.org/computing/ap-computer-science-principles/the-internet/tls-secure-data-transport/a/encryption-decryption-and-code-cracking

How to practice it:

Kids:

https://www.cryptoclub.org/#vIntro

Adults: Search up cipher challenges, here is one from Simon Singh as an example: https://simonsingh.net/cryptography/cipher-challenge/

Steganography:

Check your knowledge/Learn more:

https://www.clear.rice.edu/elec301/Projects01/steganosaurus/background.html

How to practice it:

Use this website

https://futureboy.us/stegano/encinput.html

Steg encode (make the secret message) and Steg decode (discover it). The payload is the secret message you want to send. Send to your friends with a hint (or else it can take too long…) Have fun ;)

SQL injection: https://www.hacksplaining.com/exercises/sql-injection#/fourth-login-attempt

Linux: https://overthewire.org/wargames/bandit/bandit0.html

Interested in continuing further? Check out my personal favs:

HackerOne

HackThisSite

Cybersecurity
Hacking
Computer Science
Bug Bounty
Information Security

--

--

Rksmissionpossible

Written by Rksmissionpossible

7 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams