This is a little tutorial ive written for complete noobs who don’t know anything about hacking, or for those who need help understanding the terminology.
Bot - A bot is a program that is ran secretly in the background of a customer’s computer. The bot connects to an IRC channel usually where a Bot Herder(its creator) can use a number of commands to control these computers that are now it’s undercontrol. A zombie computer(a pc under control of a bot herder) can be manipulated in a number of ways. Some functions of a bot include stealing customers passwords, Password Recovery Tool, ddosing a server to cause it to crash, turning on the webcam and being able to watch the zombie computer’s users, visiting a website(to gain money + traffic for a bot herder), clicking ads, making ads appear randomly, destroying itself(the pc), and sending spam to email contacts.
serverNET - A bunch of bot’s connected to a server (usually IRC or web) that can be controlled and manipulated by its owner.
RAT (Remote Administration Tool) - Sort of like a serverNET in regards that you can gain acess to the customers computer and do stuff like look at their files, webcam, etc. Only this malware connects back to you, apposed to a server.
Crypter - A crypter is used to make well known hacker’s viruses (such as keyloggers and botnets) undetectable by anti-virus software by changing the virus program signatures that anti virus programs have in their databases to make them easier to spread.
Binder - A binder is used to bind a virus(such as a Password Recovery Tool,etc) to another program making it undetechtable and able to fool users into thinking its something else. (IE a customer will click an installPhotoshop.exe and it will install photoshop as well as your virus secretly.)
FUD - Term for fully undetectable virus. (made by either coding your own virus or by crypting and binding an existing virus) Usehttp://novirusthanks.com/ (uncheck distribute sample) to check if your virus is undetectable.
Database - Used by most websites to store things such as User names, Passwords, Email, etc of an entire website or community.
SQL Injection - A way of manipulating a website’s forms as a way of retrieving it’s databases. This can be used to find users and passwords as well as obtaining admin on a website in order to deface it.
XSS (Cross Site Scripting) - a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. (From Wikipedia)
Password Recovery Tool - A Password Recovery Tool is a program, usualy ran secretly in the background that records what users type, then the typed output is usually sent via email or uploaded by the Password Recovery Tool somewhere to the web in secret. These can be attached to other executables so you never even know you ran them in the first place, once you click it once it often is started at startup from their on.
Cookie Stealing/Spoofing - Used to fool a customer into clicking a link that will steal their cookies to websites which you can then use to have their privileges to various parts of a website or forum.
BruteForcer - Program used to crack passwords by trying every password/password list on various forms.
Hashes - How passwords are usually stored, this is a way of crypting a password so it is not plain text, harder passwords are very hard to crack but simple ones have often been cracked and can be found on online databases. Some common password hashes include MD5 and SHA.
Social Engineering - Tricking a customer into doing something you want them to do by disguising or enticing them into doing what you want.
Phishing - Creating a fake login page to a well known website (IE Facebook) and then fooling a customer into entering their information on the fake login page through social engineering
Bot - A bot is a program that is ran secretly in the background of a customer’s computer. The bot connects to an IRC channel usually where a Bot Herder(its creator) can use a number of commands to control these computers that are now it’s undercontrol. A zombie computer(a pc under control of a bot herder) can be manipulated in a number of ways. Some functions of a bot include stealing customers passwords, Password Recovery Tool, ddosing a server to cause it to crash, turning on the webcam and being able to watch the zombie computer’s users, visiting a website(to gain money + traffic for a bot herder), clicking ads, making ads appear randomly, destroying itself(the pc), and sending spam to email contacts.
serverNET - A bunch of bot’s connected to a server (usually IRC or web) that can be controlled and manipulated by its owner.
RAT (Remote Administration Tool) - Sort of like a serverNET in regards that you can gain acess to the customers computer and do stuff like look at their files, webcam, etc. Only this malware connects back to you, apposed to a server.
Crypter - A crypter is used to make well known hacker’s viruses (such as keyloggers and botnets) undetectable by anti-virus software by changing the virus program signatures that anti virus programs have in their databases to make them easier to spread.
Binder - A binder is used to bind a virus(such as a Password Recovery Tool,etc) to another program making it undetechtable and able to fool users into thinking its something else. (IE a customer will click an installPhotoshop.exe and it will install photoshop as well as your virus secretly.)
FUD - Term for fully undetectable virus. (made by either coding your own virus or by crypting and binding an existing virus) Usehttp://novirusthanks.com/ (uncheck distribute sample) to check if your virus is undetectable.
Database - Used by most websites to store things such as User names, Passwords, Email, etc of an entire website or community.
SQL Injection - A way of manipulating a website’s forms as a way of retrieving it’s databases. This can be used to find users and passwords as well as obtaining admin on a website in order to deface it.
XSS (Cross Site Scripting) - a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. (From Wikipedia)
Password Recovery Tool - A Password Recovery Tool is a program, usualy ran secretly in the background that records what users type, then the typed output is usually sent via email or uploaded by the Password Recovery Tool somewhere to the web in secret. These can be attached to other executables so you never even know you ran them in the first place, once you click it once it often is started at startup from their on.
Cookie Stealing/Spoofing - Used to fool a customer into clicking a link that will steal their cookies to websites which you can then use to have their privileges to various parts of a website or forum.
BruteForcer - Program used to crack passwords by trying every password/password list on various forms.
Hashes - How passwords are usually stored, this is a way of crypting a password so it is not plain text, harder passwords are very hard to crack but simple ones have often been cracked and can be found on online databases. Some common password hashes include MD5 and SHA.
Social Engineering - Tricking a customer into doing something you want them to do by disguising or enticing them into doing what you want.
Phishing - Creating a fake login page to a well known website (IE Facebook) and then fooling a customer into entering their information on the fake login page through social engineering
No comments:
Post a Comment