Terms You Must Know

Phishing: basically, phishing is a way to hack online accounts (like Facebook, Gmail) by making fake login page similar to the original login page. When you open a phishing page it looks like an original page, for example, see this screenshot








 

Do yo think it is original but it is fake see the URL [Generally all online account login websites have SSL certificate mean https [ s mean secure]

The advance version of Phishing:

 

Desktop Phishing This is the advanced type of phishing. It is same as above method, but in this approach, URL is not replaced your computer is affected by this process and when you open facebook.com hacker fake page will open, but URL will not change. Here I try to explain it

  

All modern browser detect desktop phishing and you need physical access to create desktop phishing page. Search on google if you need more info but enough for beginners.

Tabnapping: If you open many tabs on browsing the internet then your account can be easily hacked by this method. In this attack when the victim clicks on the link from another site, for example, You and me are friends on Facebook, and I send you to link on Facebook by the message.

When you open the link and 2-3 another tab, then your facebook tab page Url will be replaced by another page. You will think your account is logged out automatically. You will again Login your account and I will get your password you will be redirected to facebook.com
TO VIEW CONTENT PLEASE SELECT ON BLANK AREA

Brute force attack: Another great way to hack passwords, Hacker just guess password length and characters used for the password. After that software combination all these factors and create so many words and try to apply as every word as a password. It is a time-consuming method.

Wordlist attack: It is similar to above one but in these first hacker generates words and save these words to file using software like crunch. Another software applies every word as a password. This attack used in hacking wpa\wpa2a. Aircrack can try 969 words/second as the password.

Encryption: Generally it is used for encrypting the password in the database. In the database, it is stored in encrypted format. E.x.

Original message: This is a line

Encrypted format: gfEDdWzoKboa9gTFLeb2D476vTg

It protects your password if a hacker hack website database. if you are from India and then you know about paytm.

Paytm use 128-bit encryption mean if it will increase your password length which has 2 128 combinations for applying brute force attack.

  

VPN: VPN stands for virtual private network. VPN basically change your IP address. If you are using a Vpn and doing anything, nobody can know until VPN company does not expose you [ free VPN can if you doing something serious Ilegal]. Here is the working of Vpn 

 

 

Web Server: 90% of you know what is web server but I you don’t know! No problem. It is a computer where files of a website are available. For example, above image, text etc are stored on the computer it is known as the web server.

Dos attack: it stands for Denial of service. Mainly used to make website down or unavailable. Fake traffic is sent to the web server. When data exceeds the limit of bandwidth, server crushes. Here is server down website screenshot when the server is down.

SQL injection: DDOS attack crush the server but SQL injection helps you to hack websites. Hacker injects queries in the website database.

Social Engineering: It is not the hacking method. It is Hacking by the average person. Guessing password technique is known as social engineering. I am not expert in this, and it takes a lot of time. Different for the different person so very time-consuming.