Teach Me Hacking, Please!! XD

One of the common questions I see people ask on Tor (and elsewhere) is “How do I hack x? (insert name of social network or app here.)

Can I partially blame TV and movies for that question? The problem with the question, to begin with, is that there’s no one form of “hacking.” It certainly doesn’t involve typing really fast.

Remember this infamous scene?

I don’t consider myself an expert hacker, although I am constantly in the process of learning such things. I think better terms are things like “attack” or “exploit.”

For instance, on the wiki for Open Web Application Security Project (OWASP), they have a section called Category:Attack, which explains various types of techniques that attackers use to exploit vulnerabilities. If we were watching NCIS or CSI right now, they’d probably call it “hacking.”

Among the “attacks” that OWASP explains are Blind SQL InjectionDenial of Service (DOS)Cache Poisoning, and Man-in-the-middle attacks (MITM). To quote their article on MITM:

The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server, as shown in figure 1. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.

My point is that these attacks can be somewhat complex, and most involve knowledge of coding. So, if you want to learn to attack, learn to code! Yes, that takes time and effort. I’m still learning it myself, to be honest.

I mentioned on a much earlier article that I may have encountered a Cross-Site Scripting (XSS) attack on Tor, although it may have been misidentified. The extension NoScript, which the Tor Browser includes, blocked it at the time.

noscript_XSS

XSS is an attack wherein someone will inject malicious scripts into a seemingly trusted website. The browser that the end-user (you) is using will then execute the script, not knowing that it’s malicious.

This is one of the simpler types of attacks, as a matter of fact.

As to the earlier question, “How do I hack _____________?” (e.g. Instagram, Facebook, Snapchat), most of these are done via social engineering, which is a very common form of attack.

Apparently, there’s some kind of Self-XSS attack going around that’s targeting Facebook users, because if you access the JavaScript console, you’ll get this warning:

facebook_console

I haven’t fallen victim to this, but it’s possible that someone I know has. So let this be a warning – don’t copy-paste random code from someone you don’t know, especially if it tells you it’s for “hacking” someone’s account.

On the plus side, there’s your first hacking lesson! Not so difficult, eh?

Then again, if you do want to hack like a TV hacker, just go to GEEKTyper.com – Hacking Simulator.

You’re welcome.

tv_hacking

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.