shield_lock
JinDaGe
Back to skills
extension
Category: Productivity & OfficeNo API key required

Hacking Fundamentals

This skill should be used when the user asks to "understand hacking basics", "learn about hacker types", "understand network protocols", "learn DNS concepts", "understand attack types", or "explore security tool categories". It provides foundational cybersecurity knowledge.

personAuthor: jakexiaohubgithub
open_in_newRepositorydownloadDownload package

Hacking Fundamentals

Purpose

Provide foundational knowledge of hacking concepts, network protocols, attack methodologies, and security tools. This skill covers essential theory for aspiring penetration testers and security professionals including network architecture, DNS operations, attack classifications, and tool categories.

Prerequisites

Required Knowledge

  • Basic computer literacy
  • Understanding of operating systems
  • Familiarity with command-line interfaces

Recommended Background

  • Networking concepts
  • TCP/IP fundamentals
  • Basic security awareness

Outputs and Deliverables

  1. Conceptual Understanding - Hacking terminology and classifications
  2. Network Knowledge - Protocol and architecture comprehension
  3. Attack Recognition - Active and passive attack identification
  4. Tool Familiarity - Security tool categories and applications

Core Workflow

Phase 1: Hacker Classifications

Understanding hacker types and motivations:

White Hat Hackers

  • Ethical hackers and security professionals
  • Perform authorized penetration testing
  • Work to improve organizational security
  • Also called: penetration testers, sneakers, red teams

Black Hat Hackers

  • Malicious actors seeking unauthorized access
  • Breach systems for profit or damage
  • Also known as crackers
  • Target selection: reconnaissance → information gathering → attack

Grey Hat Hackers

  • Operate between ethical and malicious
  • May act illegally with good intentions
  • Often disclose vulnerabilities publicly
  • Not motivated by personal gain

Other Categories

  • Blue Hat: External consultants testing systems pre-launch
  • Elite Hackers: Highly skilled, discover zero-days
  • Script Kiddies: Use pre-made tools without understanding
  • Hacktivists: Politically or socially motivated
  • Nation State: Government-sponsored cyber operatives

Phase 2: Network Fundamentals

Understanding network types and architecture:

Network Types | Type | Description | |------|-------------| | LAN | Local Area Network - computers in same building | | WAN | Wide Area Network - geographically distributed | | MAN | Metropolitan Area Network - city-wide coverage | | VPN | Virtual Private Network - encrypted tunnel | | Intranet | Private internal company network | | Extranet | Extended intranet for external partners |

Network Benefits for Attackers

  • Resource sharing creates attack surfaces
  • File sharing enables data exfiltration
  • Program sharing may expose vulnerabilities
  • Centralized services create single points of failure

Phase 3: Protocol Understanding

Key protocols for security assessment:

IP Addressing

# Private IP ranges (non-routable)
10.0.0.0 - 10.255.255.255        # Class A
172.16.0.0 - 172.31.255.255      # Class B
192.168.0.0 - 192.168.255.255    # Class C

# Find your IP
ipconfig /all                     # Windows
ip addr                           # Linux
curl ifconfig.me                  # Public IP

Common Protocols | Protocol | Port | Purpose | |----------|------|---------| | FTP | 20, 21 | File transfer | | SSH | 22 | Secure remote access | | Telnet | 23 | Unencrypted remote access | | SMTP | 25 | Email transmission | | DNS | 53 | Name resolution | | HTTP | 80 | Web traffic | | POP3 | 110 | Email retrieval | | IMAP | 143 | Email access | | HTTPS | 443 | Encrypted web traffic | | RDP | 3389 | Windows remote desktop |

SSH Capabilities

  • Secure encrypted remote login
  • Protection against IP spoofing
  • Port forwarding/tunneling
  • Replacement for rlogin, rsh, rcp
# SSH connection
ssh user@target.com

# SSH tunneling (port forwarding)
ssh -L 8080:localhost:80 user@target.com

# Dynamic port forwarding (SOCKS proxy)
ssh -D 9050 user@target.com

Phase 4: DNS Architecture

Understand Domain Name System operations:

DNS Hierarchy

Root (.)
├── .com (gTLD)
│   └── example.com
│       └── www.example.com
├── .org (gTLD)
├── .net (gTLD)
└── .uk (ccTLD - Country Code)

DNS Record Types | Record | Purpose | |--------|---------| | A | Maps hostname to IPv4 address | | AAAA | Maps hostname to IPv6 address | | PTR | Reverse lookup (IP to hostname) | | NS | Authoritative name servers | | MX | Mail exchange servers | | CNAME | Canonical name (alias) | | TXT | Text records (SPF, DKIM) | | SOA | Start of authority |

DNS Query Process

  1. Client queries local DNS resolver
  2. Resolver checks cache
  3. If not cached, query root servers
  4. Root refers to TLD servers (.com)
  5. TLD refers to authoritative nameserver
  6. Authoritative returns IP address
  7. Resolver caches and returns to client

DNS Enumeration Commands

# Basic DNS lookup
nslookup target.com
dig target.com

# Specific record types
dig target.com MX         # Mail servers
dig target.com NS         # Name servers
dig target.com TXT        # Text records
dig target.com AXFR       # Zone transfer attempt

# Reverse lookup
dig -x 192.168.1.1

# Use specific DNS server
dig @8.8.8.8 target.com

Phase 5: Proxy Servers

Understanding proxy types and uses:

Proxy Types | Type | Description | |------|-------------| | Anonymous | Hides client IP from server | | High Anonymity | Doesn't identify as proxy | | Transparent | Forwards requests without hiding identity | | Reverse | Protects backend servers |

Proxy for Security Testing

# Configure proxy in terminal
export http_proxy=http://proxy:port
export https_proxy=http://proxy:port

# Burp Suite default proxy
http://127.0.0.1:8080

# Tor SOCKS proxy
socks5://127.0.0.1:9050

Privacy Benefits

  • Mask source IP address
  • Bypass geographic restrictions
  • Encrypted tunnels for sensitive traffic
  • Chain proxies for enhanced anonymity

Phase 6: Active Attack Types

Attacks requiring direct interaction:

Masquerade Attack

  • Attacker impersonates legitimate user
  • Uses stolen credentials or session tokens
  • Exploits authentication weaknesses
  • Gains unauthorized privileges

Session Replay Attack

  • Captures valid session tokens
  • Replays authentication to gain access
  • Requires interception of session data
  • Mitigated by session timeouts and tokens

Message Modification Attack

  • Intercepts data in transit
  • Modifies packet headers or content
  • Redirects traffic to malicious destinations
  • Man-in-the-middle variations

Denial of Service (DoS)

  • Overwhelms target with traffic
  • Depletes system resources
  • Prevents legitimate access
  • Variations: SYN flood, UDP flood, HTTP flood

Distributed DoS (DDoS)

  • Multiple sources attack single target
  • Uses botnet/zombie networks
  • Harder to mitigate than single-source
  • Amplification attacks multiply traffic

Phase 7: Passive Attack Types

Attacks gathering information without detection:

Passive Reconnaissance

  • Monitors without interaction
  • Session capture and analysis
  • Network traffic sniffing
  • No direct engagement with target

Active Reconnaissance

  • Engages with target system
  • Port scanning
  • Service enumeration
  • Banner grabbing

Specific Techniques

  • War Driving: Detecting vulnerable WiFi networks
  • Dumpster Diving: Searching discarded materials
  • Shoulder Surfing: Observing user activity
  • Promiscuous Mode: Capturing all network traffic

Phase 8: Password Cracking Tools

Tools for password recovery and testing:

Online Attack Tools

# Hydra - network password cracker
hydra -l admin -P wordlist.txt ssh://target.com
hydra -L users.txt -P passwords.txt ftp://target.com

# Medusa - parallel password cracker
medusa -h target.com -u admin -P wordlist.txt -M ssh

# Ncrack - network authentication cracker
ncrack -p 22 --user admin -P wordlist.txt target.com

Offline Attack Tools

# John the Ripper
john --wordlist=rockyou.txt hashes.txt
john --show hashes.txt

# Hashcat - GPU-accelerated
hashcat -m 0 hashes.txt rockyou.txt      # MD5
hashcat -m 1000 hashes.txt rockyou.txt   # NTLM

# Ophcrack - Windows password cracker
ophcrack -g -d tables -t tables -f hash.txt

WiFi Password Tools

# Aircrack-ng suite
airmon-ng start wlan0
airodump-ng wlan0mon
airodump-ng -c [channel] --bssid [BSSID] -w capture wlan0mon
aireplay-ng -0 10 -a [BSSID] wlan0mon
aircrack-ng -w wordlist.txt capture.cap

Phase 9: Network Scanning Tools

Tools for discovery and enumeration:

Nmap - Network Mapper

# Host discovery
nmap -sn 192.168.1.0/24

# Port scanning
nmap -sS target.com              # SYN scan
nmap -sV target.com              # Version detection
nmap -O target.com               # OS detection
nmap -A target.com               # Aggressive scan
nmap -p- target.com              # All ports

# Script scanning
nmap --script=vuln target.com
nmap --script=http-enum target.com

Traffic Analysis Tools

# Wireshark - GUI packet analyzer
wireshark

# tcpdump - CLI packet capture
tcpdump -i eth0 -w capture.pcap
tcpdump -r capture.pcap

# Ettercap - MITM tool
ettercap -T -M arp:remote /target1// /target2//

Web Scanning

# Nikto - web vulnerability scanner
nikto -h http://target.com

# Skipfish - web application scanner
skipfish -o output http://target.com

# W3af - web attack framework
w3af_console

Phase 10: Forensics and Debugging Tools

Tools for investigation and analysis:

Digital Forensics | Tool | Purpose | |------|---------| | Sleuth Kit | Disk image analysis | | Autopsy | GUI for Sleuth Kit | | Volatility | Memory forensics | | FTK Imager | Disk imaging | | Encase | Enterprise forensics |

File System Analysis

# Sleuth Kit commands
fls -r image.dd               # List files recursively
icat image.dd [inode]         # Extract file by inode
mmls image.dd                 # Partition layout

# Volatility memory analysis
volatility -f memory.dmp imageinfo
volatility -f memory.dmp --profile=Win7SP1x64 pslist
volatility -f memory.dmp --profile=Win7SP1x64 netscan

Packet Crafting

# Scapy - Python packet manipulation
from scapy.all import *
packet = IP(dst="target.com")/TCP(dport=80)
send(packet)

# Hping3 - packet crafting
hping3 -S target.com -p 80     # SYN packet
hping3 --flood target.com       # Flood mode

Quick Reference

Essential Ports

| Port | Service | Notes | |------|---------|-------| | 21 | FTP | File transfer | | 22 | SSH | Secure shell | | 23 | Telnet | Unencrypted | | 25 | SMTP | Email | | 53 | DNS | Name resolution | | 80 | HTTP | Web | | 443 | HTTPS | Secure web | | 445 | SMB | Windows shares | | 3389 | RDP | Remote desktop |

Attack Type Summary

| Attack | Type | Goal | |--------|------|------| | DoS/DDoS | Active | Deny availability | | Masquerade | Active | Impersonate user | | Session Replay | Active | Steal access | | War Driving | Passive | Find WiFi | | Sniffing | Passive | Capture traffic |

Tool Categories

| Category | Examples | |----------|----------| | Password | Hydra, John, Hashcat | | Scanning | Nmap, Nessus, Nikto | | Traffic | Wireshark, tcpdump | | Forensics | Sleuth Kit, Volatility | | Exploitation | Metasploit, Burp Suite |

Constraints and Limitations

Legal Considerations

  • Only test systems with authorization
  • Document all testing activities
  • Understand local cybercrime laws
  • Obtain written permission before testing

Ethical Guidelines

  • White hat mindset required
  • Report vulnerabilities responsibly
  • Protect discovered data
  • Never cause unnecessary harm

Troubleshooting

Network Issues

Cannot reach target:

  1. Verify network connectivity
  2. Check firewall rules
  3. Confirm target is online
  4. Try different ports/protocols

Tool Failures

Scans returning no results:

  1. Verify target address
  2. Check for IDS/IPS blocking
  3. Try slower scan rates
  4. Use different techniques