In popular media, hackers are often portrayed as villainous characters who illegally gain access to computer systems and networks. In truth, a hacker is simply someone who has a vast understanding of computer systems and networks. Some hackers (called black hats) do indeed use their skills for illegal and unethical purposes. Others do it for the challenge. White hat hackers use their skills to solve problems and strengthen security systems.These hackers use their skills to catch criminals and to fix vulnerabilities in security systems. Even if you have no intention of hacking, it's good to know how hackers operate to avoid becoming a target. If you're ready to dive in and learn the art, this wikiHow teaches you a few tips to help you get started.

Part 1
Part 1 of 2:

Learning the Skills Needed to Hack

  1. 1
    Understand what hacking is. Broadly speaking, hacking refers to a variety of techniques that are used to compromise or gain access to a digital system. This can be a computer, mobile phone or tablet, or an entire network. Hacking involves a variety of specialized skills. Some are very technical. Others are more psychological. There are lots of different types of hackers that are motivated by a variety of different reasons.[1]
  2. 2
    Understand the ethics of hacking. Despite the ways hackers are depicted in popular culture, hacking is neither good nor bad. It can be used for either. Hackers are simply people who are skilled in technology who like to solve problems and overcome limitations. You can use your skills as a hacker to find solutions to problems, or you can use your skills to create problems and engage in illegal activity.
    • Warning: Gaining access to computers that don't belong to you is highly illegal. If you choose to use your hacking skills for such purposes, be aware that there are other hackers out there who use their skills for good (they are called white hat hackers). Some of them get paid big bucks to go after bad hackers (black hat hackers). If they catch you, you will go to jail.
    Advertisement
  3. 3
    Learn how to use the internet and HTML. If you are going to hack, you'll need to know how to use the internet. Not just how to use a web browser, but also how to use advanced search engine techniques. You will also need to know how to create internet content using HTML. Learning HTML will also teach you some good mental habits that will help you with learning to program.[2]
  4. 4
    Learn how to program. Learning a programming language might take time, so you need to be patient. Focus on learning to think like a programmer instead of learning individual languages. Focus on similar concepts in all programming languages.
    • C and C++ are the languages that Linux and Windows were built with. It (along with assembly language) teaches something very important in hacking: how memory works.
    • Python and Ruby are high-level, powerful scripting languages that can be used to automate various tasks.
    • PHP is worth learning because the majority of web applications use PHP. Perl is a reasonable choice in this field as well.
    • Bash scripting is a must. That is how to easily manipulate Unix/Linux systems. You can use Bash to write scripts, which will do most of the job for you.
    • Assembly language is a must-know. It is the basic language that your processor understands, and there are multiple variations of it. You can't truly exploit a program if you don't know assembly.
  5. 5
    Get an open-sourced Unix-based system and learn to use it. There is a wide family of operating systems that are based on Unix, including Linux. The vast majority of web servers on the internet are Unix-based. So you'll need to learn Unix if you want to hack the internet.[3] Also, open-sourced systems like Linux allow you to read and modify the source code so you can tinker with them.
    • There are many different distributions of Unix and Linux. The most popular Linux distribution is Ubuntu. You can Install Linux as your primary operating system, or you can create a Linux virtual machine. You can also Dual Boot Windows and Ubuntu.
  6. Advertisement
Part 2
Part 2 of 2:

Hacking

  1. 1
    Secure your machine first. To hack, you must need a system to practice your great hacking skills. However, make sure you have the authorization to attack your target. You can either attack your network, ask for written permission, or set up your laboratory with virtual machines. Attacking a system without permission, no matter its content is illegal and will get you in trouble.
    • Boot2root are systems specifically designed to be hacked. You can download these systems online and install them using virtual machine software. You can practice hacking these systems.[4]
  2. 2
    Know your target. The process of gathering information about your target is known as enumeration. The goal is to establish an active connection with the target and find vulnerabilities that can be used to further exploit the system. There are a variety of tools and techniques that can help with the enumeration process. Enumeration can be performed on a variety of internet protocols including, NetBIOS, SNMP, NTP, LDAP, SMTP, DNS, and Windows and Linux systems. The following is some information you want to gather:[5]
    • Usernames and group names.
    • Hostnames.
    • Network shares and services
    • IP tables and routing tables.
    • Service settings and audit configurations.
    • Applications and banners.
    • SNMP and DNS details.
  3. 3
    Test the target. Can you reach the remote system? While you can use the ping utility (which is included in most operating systems) to see if the target is active, you cannot always trust the results — it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators. You can also use tools to check an email to see what email server it uses.
    • You can find hacking tools by searching hacker forums.[6]
  4. 4
    Run a scan of the ports. You can use a network scanner to run a port scan. This will show you the ports that are open on the machine, the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action.
  5. 5
    Find a path or open port in the system. Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered. Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming.
    • An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be brute-forced.
  6. 6
    Crack the password or authentication process. There are several methods for cracking a password. They include some of the following:
    • Brute Force: A brute force attack simply tries to guess the user's password. This is useful for gaining access to easily-guessed passwords (i.e. password123). Hackers often use tools that rapidly guess different words from a dictionary to try to guess a password. To protect against a brute force attack, avoid using simple words as your password. Make sure to use a combination of letters, numbers, and special characters.
    • Social Engineering: For this technique, a hacker will contact a user and trick them into giving out their password. For example, they make a claim they are from the IT department and tell the user they need their password to fix an issue. They may also go dumpster-diving to look for information or try to gain access to a secure room. That is why you should never give your password to anybody, no matter who they claim to be. Always shred any documents that contain personal information.
    • Phishing: In this technique, a hacker sends a fake email to a user that appears to be from a person or company the user trusts. The email may contain an attachment that installs spyware or a keylogger. It may also contain a link to a false business website (made by the hacker) that looks authentic. The user is then asked to input their personal information, which the hacker then gains access to. To avoid these scams, don't open emails you don't trust. Always check that a website is secure (includes "HTTPS" in the URL). Log in to business sites directly instead of clicking links in an email.
    • ARP Spoofing: In this technique, a hacker uses an app on his smartphone to create a fake Wi-Fi access point that anyone in a public location can sign into. Hackers can give it a name that looks like it belongs to the local establishment. People sign into it thinking they are signing into public Wi-Fi. The app then logs all data transmitted over the internet by the people signed into it. If they sign in to an account using a username and password over an unencrypted connection, the app will store that data and give the hacker access. To avoid becoming a victim of this heist, avoid using public Wi-Fi. If you must use public Wi-Fi, check with the owner of an establishment to make sure you are signing in to the correct internet access point. Check that your connection is encrypted by looking for a padlock in the URL. You can also use a VPN.
  7. 7
    Get super-user privileges. Most information that will be of vital interest is protected and you need a certain level of authentication to get it. To see all the files on a computer you need super-user privileges—a user account that is given the same privileges as the "root" user in Linux and BSD operating systems. For routers this is the "admin" account by default (unless it has been changed); for Windows, this is the Administrator account. There are a few tricks you can use to gain super-user privileges:
    • Buffer Overflow: If you know the memory layout of a system, you can feed it input the buffer cannot store. You can overwrite the code stored in the memory with your code and take control of the system. [7]
    • In Unix-like systems, this will happen if the bugged software has setUID bit set to store file permissions. The program will be executed as a different user (super-user for example).
  8. 8
    Create a backdoor. Once you have gained full control over a machine, it's a good idea to make sure you can come back again. To create a backdoor, you need to install a piece of malware on an important system service, such as the SSH server. This will allow you to bypass the standard authentication system. However, your backdoor may be removed during the next system upgrade.
    • An experienced hacker would backdoor the compiler itself, so every compiled software would be a potential way to come back.
  9. 9
    Cover your tracks. Don't let the administrator know that the system is compromised. Don't make any changes to the website. Don't create more files than you need. Do not create any additional users. Act as quickly as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to log in with this password, the server should let them in, but shouldn't contain any crucial information.
  10. Advertisement

Community Q&A

  • Question
    Can I hack using the command prompt?
    Community Answer
    Community Answer
    You can, but command prompt is not the best option. Consider Linux terminal instead as you could use and install tools that could help. Perhaps even consider running Linux as a bootable USB or virtual machine.
  • Question
    Why are you telling people how to do something that could be illegal? We have a bad enough hacking problem as it is.
    Community Answer
    Community Answer
    Not all hacking is illegal. The writer is trusting that the people with this information will not do anything illegal. Also, hacking isn't always a "problem." FBI hackers help the US gather new helpful information each day.
  • Question
    How many programming languages do I need to learn to be able to hack?
    Community Answer
    Community Answer
    Sure, you can code malware in Ruby, password cracker in Python, buffer overflows in C, but you need to understand the logic behind it. The logic is all yours and that is what is important. So, forget about learning coding, first learn how to think logically to exploit the gaps, insecurities and lazy errors.
Advertisement

Warnings

  • Hacking into someone else's system may be illegal, so don't do it unless you are sure you have permission from the owner of the system you are trying to hack and you are sure it's worth it. Otherwise, you will get caught.
    ⧼thumbs_response⧽
  • Never do anything just for fun. Remember it's not a game to hack into a network, but a power to change the world. Don't waste that on childish actions.
    ⧼thumbs_response⧽
  • Misusing this information may be a local and/or federal criminal act (crime). This article is intended to be informational and should only be used for ethical - and not illegal - purposes.
    ⧼thumbs_response⧽
  • Although you may have heard the opposite, don't help anyone patch their programs or systems. This is considered extremely lame and leads to being banned from most hacking communities. If you would release a private exploit someone found, this person may become your enemy. This person is probably better than you are.
    ⧼thumbs_response⧽
  • Don't delete entire logfiles. Instead, just remove only the incriminating entries from the file. The other question is, is there a backup log file? What if they just look for differences and find the exact things you erased? Always think about your actions. The best thing is to delete random lines of the log, including yours.
    ⧼thumbs_response⧽
  • If you aren't confident with your skills, avoid breaking into corporate, government, or military networks. Even if they have weak security, they could have a lot of money to trace and bust you. If you do find a hole in such a network, it's best to hand it to a more experienced hacker that you trust who can put these systems to good use.
    ⧼thumbs_response⧽
  • Be extremely careful if you think you have found a very easy crack or a crude mistake in security management. A security professional protecting that system may be trying to trick you or setting up a honeypot.
    ⧼thumbs_response⧽
Advertisement

Things You'll Need

  • (fast operating) PC or laptop with a connection to the Internet
  • Proxy (optional)
  • IP scanner

About This Article

Travis Boylls
Written by:
wikiHow Technology Writer
This article was co-authored by wikiHow staff writer, Travis Boylls. Travis Boylls is a Technology Writer and Editor for wikiHow. Travis has experience writing technology-related articles, providing software customer service, and in graphic design. He specializes in Windows, macOS, Android, iOS, and Linux platforms. He studied graphic design at Pikes Peak Community College. This article has been viewed 10,688,173 times.
How helpful is this?
Co-authors: 553
Updated: March 25, 2023
Views: 10,688,173
Article SummaryX

1. Gather information on the target.
2. Try to establish a test connection to the target.
3. Scan the ports to find an open pathway to the system.
4. Find an user password to get into the system.
5. Use Buffer Overlow or other techniques to try to gain "super-user" privileges.
7. Plant a back door in the system.
8. Cover your tracks.

Did this summary help you?
Advertisement