Terms that Hackers and Crackers Use : Beginner Hacking Guide


Keylogger – (keystroke logging) a keylogger is a software used for logging or tracking keystrokes struck on victim’s keyboard and saving them to a text file or sending them to an email address , it runs in the background in a stealth manner so the victim remain unaware that their actions are being monitored.

RAT – A RAT is short term of the word Remote Administration Tool. The RAT is used to remotely connect in one or more computers and remotely control those computers. It gives the attacker almost full control over the infected computer, infected computers are called zombies. Rats are of 2 type:
Legel – Victim knows that someone connected to him. for ex. Team Viewer
iIlegal – victim you are connected to, doesn’t know that somebody is connected to him.

SQL Injection – SQL injection is the act of injection your own, custom-crafted SQL commands into a web-script so that you can manipulate the database any way you want. Some example usages of SQL injection: Bypass login verification, add new admin account, lift passwords, lift credit-card details, etc.

DoS Attack ( Denial Of Service Attack) –  DoS attack is an attempt to make a computer resource unavailable to its intented users, one common method of attack involves saturating the target machine with external communication requests.
DDoS Attack (Distributed Denial of Service Attack) – is pretty much the same as a DoS- but the difference in results is massive; as its name suggests the DDoS attack is executed using a distributed computing method often referred to as a ‘botnet army’, the creation process of which involves infecting computers with a form of malware that gives the botnet owner access to the computer somewhat. This could be anything from simply using the computers connection to flood to total control of the computer. These attacks affect the victims computer -> server more than a regular DoS- because multiple connections are being used against ONE connection.

Bot – A bot is a program that is ran secretly in the background of a victim’s computer. The bot connects to an IRC channel usually where a Bot Herder(its creator) can use a number of commands to control these computers that are now it’s under control. A zombie computer(a pc under control of a bot herder) can be manipulated in a number of ways. Some functions of a bot include stealing victims passwords, keylogging, ddosing a server to cause it to crash, turning on the webcam and being able to watch the zombie computer’s users, visiting a website(to gain money + traffic for a bot herder), clicking ads, making ads appear randomly, destroying itself(the pc), and sending spam to email contacts.

Botnet : (Robot Network, Zombie Army) botnets are networks of infected computers controlled by the attacker used send spam and viruses.

Crypter – A crypter is used to make well known hacker’s viruses (such as keyloggers and botnets) undetectable by anti-virus software by changing the virus program signatures that anti virus programs have in their databases to make them easier to spread.

Binder – A binder is used to bind a virus(such as a keylogger,etc) to another program making it undetechtable and able to fool users into thinking its something else. for ex. If someone attach a virus with an exe file say photoshop.exe, then a victim will click on photoshop.exe and it will install photoshop as well as virus secretly.

FUD – Term for fully undetectable virus. (made by either coding your own virus or by crypting and binding an existing virus) Usehttp://novirusthanks.com (uncheck distribute sample) to check if your virus is undetectable.
Database – Used by most websites to store things such as User names, Passwords, Email, etc of an entire website or community.

XSS (Cross Site Scripting) – This vulnerability allows for an attacker’s input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into any site for which they have stole your cookies.

Cookie Stealing/Spoofing – Used to fool a victim into clicking a link that will steal their cookies to websites which you can then use to have their privileges to various parts of a website or forum.

BruteForcer Attack– Program used to crack encrypted data such as passwords by trying all possible combinations of characters , bruteforcing takes a long time and sometimes can’t crack the password.

Dictionary attack – is a method used to crack a password or a key that tries all the words in a dictionary , the difference between a dictionary attack and a bruteforce attack is that it uses a predefined list of words.

Hashes – How passwords are usually stored, this is a way of crypting a password so it is not plain text, harder passwords are very hard to crack but simple ones have often been cracked and can be found on online databases. Some common password hashes include MD5 and SHA.

Social Engineering – Tricking a victim into doing something you want them to do by disguising or enticing them into doing what you want. its a act of manipulating people into revealing information or tricking the victim to performing actions that are beneficial to the user.

Phishing – Creating a fake login page to a well known website (IE Facebook) and then fooling a victim into entering their information on the fake login page through social engineering.

Proxies – A proxy server is a server that acts as a go-between for requests from clients seeking resources from other servers. This means we will be able to mask our ip address from other sites. For the crackers we use a proxy list.
What does this for?: Some sites like rapidshare ban our ip addresses after multiple logins. By using proxies we are able to pretend to be other computers which will enable us to login multiple times without getting our ip address banned.

Trojan Horse – a Trojan is designed to allow a remote access by a hacker to a target computer (it’s composed from two parts the server and the client) the server is installed on the victims machine , and the client is used by the hacker to connect to the server.
Things that can be performed by a hacker on a target computer :
1-data theft
2-installation of a software
3-downloading or uploading files
4-keylogging
5-viewing screenshots And more

Backdoor – is a means of access to a computer that bypasses security mechanism, I other words a backdoor is a method of bypassing normal authentication or securing remote access, a backdoor can be a form of an installed program or a modification to an existing program.

Worm – a worm is a self-replicating virus that does not alter files, but resides in active memory and duplicate itself, sometimes a worm’s job is to take advantage of a backdoor created by an earlier attack.

Vulnerability – (security Hole) a vulnerability is a weakness in the system, it’s also classified as a security risk.

Exploit – an exploit is an attack on a computer system that takes advantage of a vulnerability, the term exploit refers to the act of successfully making an attack.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s