Unsecured websites can let you access the data behind them. Including anything they store from usernames to credit card info.

Cracking a password to access someone’s account.

Tricking people into running a program you’ve given them.

Making a lookalike website so people sign in and they just steal the username password.

Those are a few examples.

Your brain the main tool for hacking.

Target 1 of a hack: Stupid People

This is your easiest hack. People are idiots. You walk into a parking lot, you drop 20 USB sticks with your autoloading key logger and wait. Guarantee at least 1 person plugs it into their work computer, 2-4 persons brings it home and plug it into their home PC.

Target 2 of hack: Garbage

You dumpster dive for documents. You are looking for email addresses, employee list, contact information, etc. Using this you can go back to target #1 by finding stupid people on the list and hit with emails which look official but get you to enter a password and now your account is compromised.

Target 3 of hack: Codebase

This is where you cannot do targets 1 and 2 and you must go in via a network. This can be tough if you don’t know what system you are trying to get into which is why #1 and #2 are very important to be able to do.

​

I ‘hacked’ my old works accounting system. It involved listening to the account manager typing in her password. I noticed two things, it was 9 characters and she only used the number pad to type it in. Brain starts chewing, what is 9 character long and only numeric. Phone is 7 or 10, so not a phone #. Pins are usually 4, so not a pin or double pin entry. …Is she stupid enough to be using her social security number for the password? Go to the file room, pull her investment file which contained her SS#, went to my PC, logged into the accounting system, use name, SS# and I am in. That’s a hack. Its not all PCs and typing like a moron as you see in movies, its deconstructing people and information.

In the movies hacking is when you type on a keyboard really fast, but in real life some of the most successful hackers are just people who figured out how to convince other people to give them their password. This is social engineering, and it ranges from complex and involved (building a fake website so someone will enter their real credentials) to mundane (searching through trash for discarded documents containing personal details) to “there’s no way that can actually work” (calling someone and asking for their password).

It is largely about finding a way into someone else’s software or system so that you can control something or steal data.

Think of a house. If you lock the door then no one can come in and take your stuff. But if you don’t lock your door, then theft is possible. So the hacker walks up and tries your door handle to see if he can walk in and take something.

A well-designed system will have the door locked and will keep your stuff secure.

The hacker might then try other things. What about the windows, are they locked? What about the gate into the back garden, is that locked?

Again, a well-designed system will have everything locked, but the hacker will try them all anyway just in case someone is running an out-of-date system (or in case someone doesn’t understand the important of securing everything).

If these all fail, then the attacker might try something else. What about lifting all the stones and plant pots in the front garden, in case someone hid a key under one of them? This would be the equivalent of trying a bunch of common passwords in case someone didn’t understand how to make a proper password.

If the system is still secure, then the hacker might try something more sophisticated. What if they pretend to be someone else? Maybe they come to your door dressed as a courier or a policeman. Do you open your door to them and let them in because they look the part? Or do you have a sufficiently well-designed system to catch their deceit?

And so on. “Hacking” is really just about trying to find a way into someone else’s system so that you gain control or can steal data. There are all sorts of methods ranging from simple to incredibly sophisticated.

As an example, SQL injection is a type of “hacking” where a website asks you to enter something, let’s say your name, and instead of your name you can add some code instead. When you submit the form it tries to save your name to the database, but because your name is some code it actually ends up running something else on the database. Let’s say your extra code adds you to an administrator group, now you have administrator access to the website.

Another example is a website that does validation on the client side and not server side, you can change the JavaScript code and enable/disable controls you might not have access to. Let’s say you’re on the website above signing up your account and there’s a checkbox for whether you’re an Administrator but it’s grayed out. You can just update the checkbox in your browser to not be grayed out and submit the form with it checked.

Both of these examples are mostly protected against on websites these days but there are thousands of other examples and every website needs to protect against every one of them. As a “hacker” you try each one to see if any are successful against your target. There are tools that can do this checking automatically, but a clever hacker will know what to try and how to try it. Companies have similar tools they use to check if they are secure.

Hacking is simply what people do to solve a problem with incomplete information. Similar to the scientific method, we all are faced with problems that do not have perfect solutions.

Computer hacking happens when someone does not have complete or accurate information about a device and must gain that information through other means.

The word hacker is NOT synonymous with criminal and is something that literally, if you have any agency, cannot be avoided.

A lot of it is tricking people into giving you their access. Or, tricking them into giving you your own access. Moving on to stealing someones access (like eavesdropping/shoulder surfing); or tricking a server into giving you access / doing something you want (obligatory xkcd [https://xkcd.com/327/](https://xkcd.com/327/)) by giving it input it in a way it isn’t expecting.

Or, finding where someone did something dumb and exploiting that (like setting a cookie isAdmin=0, and you just update it yourself to isAdmin=1, and the server trusts that).

What really gets me is the remote-code-execution tricks. Someone figures out that a webserver crashes sometimes. They further figure out that it is crashing because a certain input buffer isn’t handled properly, then figure out how to hide a program in that input and line it up just right so that when the webserver crashes it doesn’t actually crash but instead executes the code the snuck in the input. Thats like if I write a reddit comment abcabcabcabcabcabcSET ADMIN=1 WHERE USERNAME=TOGER and reddit crashes but actually makes me admin. Technically amazing.

“Hacking”, as it relates to computers, can mean one of two things:

1. Someone getting access to information to which they should not have access (i.e. someone accessing private information not meant for them).
2. Someone getting higher privileges inside a computer system than they should have (i.e. someone getting admin privileges when they’re not an admin).

The term hacking is objective to say the least. Everyone will have a different view of what is and is not a member of said family.

Phishing is a common trend we see now, though personally I don’t view it as hacking. It’s more in the realm on social engineering to steel credentials of some sort. If said credentials are used to access accounts, the victim in question was manipulated, not hacked.

**My personal definition of hacking boils down to an actor intentionally exploiting a vulnerability (bug) in some price of software, in order to escalate their power to an unintentional level.** This is vastly more narrow than other definitions. As such, skiddes and masterminds are both “hackers” in my eyes, but the dying woman who needs to offload her fortune IMO, is simply a manipulator.