Tools of a Hacker
While I like to believe that I know a pretty decent amount about hacking, enough to make a collaboration website to discuss computer security, I will not claim that I know everything. My work will more or less lean towards a Black Hat’s toolbox and skillset rather than be able to discuss what ALL hackers use. Simply put, I haven’t spent enough time in the White Hat world to know everything, but what I can lay out is this. Almost all tools that a White Hat Hacker uses for good, can in fact be used for evil, but this is not always true for the reverse, so not all tools that a Black Hat Hacker uses for evil can be turned good. This is another reason why Grey Hat Hackers can and do sometimes run into trouble, trying to use both Good and Evil tools to do GOOD things. Enough of that crap though, let’s dive into some Black Hat arsenal.
Viruses, Trojans, and Worms
Meet the three things that we’ve all heard about so much, especially when we think about hackers. Though the term is used for all three, Viruses are it’s own thing, as are Trojan Horses and Worms.
AÂ VirusÂ should be thought of like a normal biological virus. It’s an infection that can corrupt the user (computer) and crash it’s “immune” (firewall, Antivirus, important files) system. Viruses are built for just that, crashing, infecting, corruption. They don’t spread on their own, but must be executed by the person using the computer or some other computer on the user’s computer.The virus attacks the defenses of the computer and either tries to make it inoperable or force it to play out a set of instructions made by the Black Hat Hacker.
AÂ Trojan HorseÂ should be thought of like it’s historical counterpart in which it’s name derieved. Think back to the movie Troy, with Brad Pitt and Orlando Bloom, and think about that moment that the Greek gave the Trojans a Horse as a way to trick them into allowing this Horse into the base which housed Greek Warriors. The Trojans thought it was a gift, they thought it was harmless, they didn’t know what it housed. Now in the computer world, a Trojan Horse is the same thing, just not a horse. It’s a program that looks like something harmless, perhaps a game you like, a utility to fix your computer, something. When you execute this file, it runs subcode programmed into it to open up a backdoor and allow it’s hacker in to the computer unnoticed and gives it full and complete control over the whole system. Another name for a Trojan Horse is a Remote Admin Tool or R.A.T.
AÂ WormÂ is, how i like to call, a virus with in a way a mind of it’s own, at least in the aspect of spreading. A Worm will normally do everything a virus does, but a virus doesn’t really spread, it just waits until the user makes contact with another computer and the virus is activated there. A worm on the other hand is set to spread out to others. It will attack things such as your contact lists, connected USB drives, anything that it can to get itself moving someplace else. Then once there, it’ll wait until activated. So think of it as a sophisticated virus, it knows better ways to spread.
Password Crackers, Penn Testers, and Network Sniffers
While this group of topics isn’t as closely related as the Worms, Trojans, and Viruses, these tools can be used by all types of Hackers for security purposes.
Password CrackersÂ are basically programs that are set up to test the strength of a password. The most common and oldest way for this to happen is called Brute Forcing the password, where in essence the program will start with A and work its way to Z and even up to 0-9, then move to AA until 99, and so on and so on until it finds the password. A simple password of Upper and Lower case letters that’s only 8characters long would have around 53 Trillion possible combinations. Unfortunately while a slow OLD 1990s (10,000 passwords a second) computer would take around 170 years to crack this, Password Crackers now use their Graphics Cards at greater speeds (around 57million a second on my laptop) and can be as fast as 10days on my computer (GeForce 310M). So I’m not even close to as fast as some of you desktops, but 10days and I have a normal password people use without numbers added.
Penn TestersÂ isn’t really any one type of program that I’m talking about. A Penn Tester is a slew of programs that are designed to look for possible vulnerabilities for a hacker to penetrate into the security. These programs can be Port Scanners looking for open ports, SQL Injection testers looking for web forms that aren’t checked for malicious commands, or even just checks configurations to see if they meet the most secure and stable standard. Again there’s no 100% this is absolutely what a Penn Testing tool is, for its alot of different programs.
Network SniffersÂ or more simply Packet Sniffers which I have the most experience with are programs that just scan all communication in and out of a network. They can be used by hackers to see what information is going out, make sure everything is secure, and even find out if something is lurking around that is not suppose to like a Trojan calling it’s home base for commands. For the Black Hats, its now being seen to be used for a method I’ll go in detail about later called Session Hijacking which is really good for things like hacking accounts such as Facebook.
This is only a small list so far, but I’ll be working on it later to add on more. If you have any suggestions post them in an email to me.