Important hacking Terms Kali Linux Flashcards
What is footprinting
getting as much info on a company or person before you attcak them
Say for example some one wants you to pentest there company get as much info as you can before you do any attacking
There is also something called google hacking it is when you look up company’s on google and get info on them for example look up Tesla pdf maybe they forgot to remove important PDFs and if they have a website check it and the page source and stuff out
There is also a website called shodan this is used to discover vulnerable devices on the internt so you could use taht and se if any of the devices that belong to the company are vulnerable to any know attacks
The harvester you can use this for gathering emails of a certain domain
You could basically ask the harvester to look up on google on the available emails that belong to that doman and it will look for emails all over the internet, so it then will respond with a list of emails for the company that you are attacking
What is scanning and enumeration
Scanning is when you scan a company’s network in order to see what version if software they are useing and more
Nmap is very good for scanning you can use it to scan a website or a range of up address if you wnat to and with it you can discover what ports are open on a wry Ian website or in a machine or more machines and you can also discover what OS it has to, the os they get is usally right but not always, it can also discover the version of software running on an open port, for example you have a http port open and you are running a website well nmap has the ability to discover what we server you are running on that port.
What is system hacking
This how you discover a way to enter a machine for example, back door usally give you full access to a pc without them knowing, backdoors usally have options such as being able to excite commands on the victims pc and then be able inv to acces web cam the microphone , being able to screenshot the screen and being able to upload and download files and change files and even download a key logger and keylogger gives you the keys someone is typeing on their keyboard, so basically backdoors are usally detectable because they are mostly and widely used by every ethical hacker there is and so then you learn how to code your on backdoor that is fully undetectable by any antivirus but any thing can be detected with a good secuirty engineer or it proffesinal
What is malware
malware that just keeps downloading and uploading files and files all over the place the pc will eventually crash so that’s malware
Most know terms for malware are worms, Trojans , viruses
What is sniffing
well sniffing is basically when you sniff someone else’s packets
For example you can hack a passport with sniffing
On a netwokr if you run a man in the middle attcak and sniff if someone logs into a website without https and http you just got their information that easy
Wireshark sniffs packets it’s a really good tool for this, it is used to just go over and see the packets that are going through your network
What is Social enegenering
A social enegenering attack is mainly an attcak on a person
For example why would you have the wifi at a restaurant if you can just ask what is the password for the wifi
What are the chances of someone opening an executable file that looks supececious not big chances but what if you change the icon of that file to be a picture or service they use and change the name of that file to be a service they use or something they might find interesting then there chances of opening it go really high and maybe you put jpg on the end if it’s a picture then they will probaly defintly open it
So maybe you send an email with a picture and they open it and there is a hidden backdoor on that picture well guess what you are in
What is denial of service
It is used to crash someone’s website or machine, so basically you just send a lot of packets to a website or machine and basicky it crashes and nobody else is then able to connect to it anymore
A ddos attack
A ddos attack is a botnet pretty much it when you have a bunch of computers send the packets and then it will most likely crash the machine or website, some websites are easier to crash and some are easier to crash
What is SQL and xss
With this you exploit the username input but basically any input,
So for example someone has an online shop and maybe someone didn’t filter out the request that you put in well enough so if you put a code for example it will so if you type in a code there it will be read as part of there website code, so you will be ring code on there website and you should not be able to do that,
Now theses attacks are only available because of por programming of their website they didn’t program it well enough, to filter out the user input
What is Wifi hacking
Wifi hacking there is many ways you can even make a wireless hotspot taht is exactly identical to there wifi to get a password when they type it in
You need cpu and gpu to crack the password but gpu is better for car king the password
There are many methods for attacking wifi with cpu and gpu
What is Mobile hacking
For example if you make an application that look like a real application and they install you will most likely be able to access’s all of there mobile messages, calls, pictures and etc, and doing all if taht without them knowing it so basically you could make aback door for an android device, the problem with this method is that they need to click on a certain part which can be suspicious but if they click on it they click on it, and also you can make it way less suspicious
Android is easier to hack than iPhone
What is Cryptography
This is a method of protecting your information
for exmpale you have a passport with hashes well they are hashes for a reason, so for exmpaple if someone is sniffing it can’t be used to steal the passport you can steal the password but if it is encrypted then you will need to decrypt it because it won’t be in plain text
It uses codeing and hashes so only those who are supposed to get the information are the only ones that get it
