Hacking for beginners step by step guide

You are here

Kali Linux training>Chapter 1

Do you want to Become a Hacker?
 I know you that’s why you are here
 That’s why I write this post for you to learn how to hack for beginners
 Ok in this post we will talk about some basic hacking, networking terms you should know.
 Let’s start without wasting time.

Hacking terms you must know

Phishing: basically, phishing is a way to hack online accounts (like Facebook, Gmail) by making fake login page similar to an original login page. When you open a phishing page it looks like an original page, for example, see this screenshot

Do yo think it is original but it is fake see the URL [Generally all online account login websites have SSL certificate mean https [ s mean secure].

The advance version of phishing:

Desktop Phishing


Desktop Phishing: This is the advanced type of phishing. It is same as above method, but in this approach, URL is not replaced for example if your computer is affected by this process and when you open facebook.com hacker fake page will open, but URL will not change. Here I try to explain it

All modern browser detect desktop phishing and you need physical access to create desktop phishing page. Search on google if you need more info but enough for beginners

Tabnapping: If you open many tabs on browsing the internet then your account can be easily hacked by this method. In this attack when the victim clicks on the link from another site, for example, You and me are friends on Facebook, and I send you to link on facebook by the message. When you open the link and 2–3 another tab, then your facebook tab page Url will be replaced by another page. You will think your account will be logout automatcially. You will again Login your account and I will get your password you will be redirected to facebook.com

Keylogger: this is software which records every word typed by the victim. The main purpose of keyloggers are for hacking online accounts like FB because it records keyword, so it will also record password and username. Here are two types of Keylogger

  1. Software keylogger: These are software which records every keystroke. You can download free keylogger from the internet or make own if you can good knowledge of programming.
  2. Hardware keylogger: Hardware keylogger are is hardware device which needs to connect to computer then it records our keystrokes. Nowadays Hardware keyloggers are attached to the keyboard for hacking credit cards etc. Here are some hardware keyloggers

Brute force attack: Another great way to hack passwords, In this hacker tells the system password minimum and maximum length + letter used in the password. Now system combine all these factors and start generating words and apply every word as the password. For Hacking Router brute force attack is used.

Wordlist attack: It is similar to above one but in these first hacker generates words and save these words to file using software like crunch. Another software apply every word as password. This attack used in hacking wpa\wpa2a. Aircrack can try 969 words/second as the password.

Ip address: Ip stands for internet protocol. It is the address of our device. To find your IP address type in google what is my IP.

There are two types of Ip address. I) Public IP II) private IP. We connected through the internet by Public IP address. It can be changed by Vpn or using the proxy.

Vpn: VPN stands for virtual private network. VPN basically change your IP address. If you are using a Vpn and doing anything, nobody can know until VPN company does not expose you [ free VPN can if you doing something serious Ilegal]. Here is the working of Vpn

Web Server: 90% of you know what is web server but I you don’t know! No problem. It is a computer where files of a website are available. For example, you read these text images are hosted on a machine known as the web server.

Dos attack: it stands for Denial of service. Mainly it is used for attacking websites. In this, fake traffic is sent to the web server. When data exceeds the limit of bandwidth, it crashes the server. Here is server down website screenshot

source http://sociable.co/

Easiest way to protect Dos attack is firewall which blocks this activity

source: gohacking.com

DDOS attack: it stands for Distributed Denial of service. In dos attack, there is only one machine but it DDOS there is multiple fake devices as shown in the screenshot. There is only one way to protect DDOS attack. Again firewall but here is working of the firewall is different Firewall can tolerate this attack like me I am using CloudFlare CDN for protecting DDOS attack.

SQL injection: DDOS attack crush the server but SQL injection helps you to hack websites. In this attack hacker attack site using coding. They run maliciously code to gain full access to a site. Enough for beginners.

Social engineering: It is not the hacking method. It is Hacking by the average person. Guessing password technique is know as social engineering. I am not expert in this, and it takes a lot of time. Different for the different person so very time-consuming.