Well, hello there! Zokomon here. Hope you’re having a great day. Today we will discuss Black Hat Hacking Explained: Techniques, Risks, and How It’s Done.
As discussed in my last blog (DeepSeek Chinese Propaganda tool), I shared how I started my bug bounty career. But I also mentioned that before bug bounty hunting, I learned only Black Hat hacking—things like DDoS attacks and WiFi hacking. Let’s just say those activities are more likely to earn you a ticket to the nearest police station than a paycheck! 😄
How It All Started
Back in my school days, I was fascinated by movies with hacking scenes and shows like Mr. Robot. Watching those, I decided on my dream career: Hacking.
But when I turned to Google for guidance, all I found were certification programs requiring money—money that I as a student, simply didn’t have. 😢
So, what did I do? I turned to the internet, the free school of the digital world. All you need is the right mindset and a targeted search approach.
Dissecting Topics for Learning
If you’re starting out, here’s a tip: instead of searching broad terms like “How to do Black Hat hacking,” break it down into smaller topics. For example:
i)“How to hack WiFi”
ii)“What is a phishing attack?”This approach makes it easier to learn specific techniques without getting overwhelmed. You can learn more about it in advance here.
How I Learned Black Hat Hacking
I started by setting up a safe environment for practice using Kali Linux installed on VirtualBox. It’s as simple as installing a game from the Play Store. Seriously, it’s that easy! 😊
Once my setup was ready, I explored and practiced techniques like:
1) WiFi Hacking
I practiced on platforms like TryHackMe and, importantly, only on my own WiFi networks (because hacking someone else’s WiFi without permission is illegal).
While learning, I discovered key terms like WPS, WPA, WPA2, handshakes, and tools like Aircrack-ng.
Quick Tip:
WPA2 WiFi networks can’t be hacked directly. You need to:
i) Capture the handshake by deauthenticating connected users.
ii) Wait for them to reconnect, capturing the handshake again.
iii)Decrypt the handshake, which contains the password hash.If the password is strong, decrypting the hash becomes nearly impossible. In such cases, techniques like Evil Twin (creating a rogue access point) or phishing can trick users into revealing their password. You can learn about it in advance here.
2) Phishing
Phishing is one of the most common and effective techniques in Black Hat hacking. It involves creating fake but convincing replicas of legitimate websites to trick users into entering their credentials.
Here’s a Beginner’s Guide to Phishing:
i) Understand phishing basics: Learn to create replicas of login pages that look identical to real ones.
ii)Manipulate URLs: You won’t get a legit URL like https://example.com. Instead, use something like https://exampleisame.com and disguise it as much as possible.
iii)Tools to start with: Try tools like GoPhish or LocPhish to understand the process.This is intermediate-level stuff. To go deeper, you’ll need to build on these basics with additional research and practice. You can learn about it in advance here.
3) Ethical Hacker GPT
Here’s something new I’ve started recently that’s a game-changer for learning ethical hacking: using AI tools like ChatGPT.
How to Use GPT for Ethical Hacking:
i) Create an account on OpenAI.
ii) Explore GPTs by clicking the left-hand menu and searching for terms like “Ethical Hacker GPT”.
iii) Start asking questions like:
“I am testing an Apache server for vulnerabilities. How does CVE-2024-40898 work, and what are the prerequisites for testing it? Can you generate a Python script for testing this CVE?”
Always phrase your questions responsibly. If the AI thinks you’re trying to do something malicious, it won’t provide useful information. You can access the tool once you have created an account on OpenAi(Chat GPT) link for the tool.
A Word of Caution
Remember: With great power comes great responsibility. Use these skills in a safe lab environment and always respect others’ property and privacy. Never test anything without explicit permission, and always understand the potential impact of your actions.
Conclusion
That’s a glimpse into how I learned Black Hat hacking. While this is part of my past, I’ve since transitioned to ethical hacking and bug bounty hunting. In my next blog, I’ll share more tools, techniques, and tips to help you build your skills responsibly.
Stay tuned, keep learning, and always use your skills for good! 😊
