What is Ethical Hacking | step-by-step Guide

Ethical hacking

What is Ethical Hacking?

What is Ethical hacking? Basically, Ethical hacking is an art of finding vulnerabilities of a computer system, websites, servers, etc. It is also widely known as penetration testing. The purpose of Ethical hacking is to find vulnerabilities in a particular system and to fix it before the system gets hacked by other hackers.

Its main purpose is to maintain the quality of security into computer networks by finding and fixing vulnerabilities.



Ethical hackers use the same tools that are used by black hat hackers to hack a network. The difference between both hackers is, Ethical hacker takes the proper written permission of the owner of the system to perform hacking and fix the vulnerability whatever he/she finds out.

But black hats don't take any permission for hacking. Their purpose is to steal data. 

So by this Ethical hacking comes in legal hacking. And black hat hacking is illegal hacking.

How to become an Ethical Hacker?

Let me tell you there is not any degree in this world right now to become an ethical hacker. You can become an ethical hacker by following the steps below.

1) You must have knowledge about more than one operating system like Kali Linux, Windows, Mac OS, Unix.

2) You must know everything about Kali Linux. You must know how to operate each and every tool of Kali Linux. Make yourself a master in Learning Kali Linux tools.

3) You must have basic knowledge of networking, like how IP address assigned, what is static and dynamic IP, What are LAN and WAN.



4) Take knowledge about more than one programming language like c, c++, Java, Python, PHP, rust, etc. You don't need to learn these languages by heart just you need to do is take basic information about these languages. And master only 1 language that is Python.

5) The most recommended step is to join the best Ethical Hacking Training Institute. There you will get to know about whole ethical hacking they will teach you whole ethical hacking.

6) After completing the above steps you will be a professional ethical hacker. But don't forget to practice your hacking skills regularly.

You must practice your hacking skills regularly. So below are the best websites on those websites you can legally test your hacking skills. 

5 Best Websites To Test Your Hacking Skills Legally



By the way, there are many websites to test your hacking skills legally. But these 5 websites which I am going to show you are best, through which you can test your hacking skills. 

So if you are a hacker or learning hacking, or even you are a script kiddie. These platforms are for everyone to test hacking skills. 

If you keep spending your time on these websites. Your hacking skill will increase and one day you will become a great hacker.

If you wanted to be a good hacker you must practice your hacking skills daily. You have to increase your hacking skills day by day. So you must get to the hacking test website and these are the legal hacking websites.

These websites will help u very much to become a pro hacker. Even it will help you to clear your OSCP exam. I mean it can make u capable or it can make your level to OSCP level. So let's get started.



1)HackTheBox

This is one of the best websites in the world to test your hacking skills. I prefer you to use this site as long as you can. Because this website teaches a lot. If you will spend your time on this website I am sure you will learn something good.

I also have tried this website and I am still using this website approx more than a year. This website teaches me daily new things whenever I try my hacking skills on its machine. 

This website is 100% legal to test your hacking skills. First of all to use this website you need to hack an invite code and invite yourself for signup on this website. 


After this, you will have all the access to use this website. If you get a problem in invite code or you are not able to hack invite code there are many tutorials available on the internet. They will show you how to hack the invite code of hack the box.


2)HackThisSite

This is another amazing site. You will love to test it, Good for elite hackers. I prefer to use this after you complete Damn Vulnerable Web app and Owasp Juice shop because the task which available in this web are difficult to complete as compared to others.

 This site also provides different levels of hacking. The hackers who like penetration testing After getting deep into this will fall in love with this site.

Performing hacking on this site is legal and free. It comes with network, mobile, and server security penetration testing so it has a good variety of tasks.


3)OWASP Juice Shop

This is a web application you have to install this web application on your Kali Linux to perform hacking on it. 

The web application is written simply in JavaScript. This is a very good thing for hackers who want to improvise their skills in web penetration testing. 

It has some interesting challenges that you would love to perform on it. You can download this buggy app on Github. 

Level 1 is very easy in this you will love to do it after completing level 1 it will get a little difficult for script kiddies. By doing this you will come to know where developer do mistakes on their code so you can improvise it and you will get a lot of ideas to think curiously.




4)DVWA


DVWA next awesome buggy web app its full form is Damn Vulnerable Web Application, this web app is too much vulnerable that you will love to test it on your localhost. 

In this, you will get an option to put security on low medium and high. Low-security targets are very easy to hack, Medium is a little difficult it could put the problem in Script Kiddies, and the high security is unhackable I don't think so we can hack high security because I am never able to hack any high-security task on Damn vulnerable web application.

If you could able to hack a task with high security then you are a great hacker. It gets designed in PHP and MySQL. isn't it interesting because you will get more vulnerabilities on MySQL and PHP code and also developers will get a good understanding of code which could lead to protect attacks like SQL injection?


5)BWAPP

BWAPP is an extremely buggy web application we can't say it is the same as Damn Vulnerable web application because it has a large number of tasks to do. 

It provides us with a web interface that has a large number of tasks it has approx every vulnerability which comes under a web app. As Damn Vulnerable Web Application, has three levels of security low, medium, and high, Whereas low is very low security even Script Kiddies can hack it easily.

The medium level is a little bit tough it can put you in trouble to put your lot of thinking, and a tough level is extremely hard according in me it is impossible for most of the hackers to hack. 

If you complete full BWAPP then you know everything about web apps and their every vulnerability. Before using it you have to download and install it in your computer, before installing this make sure you have maria DB, Apache and PHP running on your Linux it also come for windows but Downloading in Linux is recommended. 

So, friends, these are 5 best sites on which you can practice. I know there are many more approx more than 50 websites. But According to me, these three are best than all. If you like this post comment below. 


If you facing any difficulty to setup owasp juice shop on your Kali. You can comment below. So in the next post, I could post how to set up the owasp juice shop.

So these were some of the good websites for hacking practice, and website for testing hacking skills, Do daily hacking practice on these websites.


How to get Certified Ethical Hacker Certificate?

You can get Certified Ethical Hacker Certificate by joining any best ethical hacking training institute. But according to me, that certificate will be valid only in your country and also you will get a job only in one country where you complete your hacking.

If you want worldwide valid certificate so you have to go for oscp. OSCP stands for offensive security certified professionals. To achieve this certificate you have to give a 24-hour exam for oscp. Yeah, you heard that right its an exam for 24 hours.

If you want to get more information about oscp you can check their website from this link https://www.offensive-security.com

After getting this certificate you are ready to fly, you can get a job in any country you want, I mean you will be eligible to do a job in any country.

Because most of the companies want an OSCP certificate to take you on the job. This is a very famous certificate provided by offensive security the creators of Kali Linux.


How to make money by Hacking legally?

So let me tell you guys. If you are a good hacker. You can earn tons of money by hacking legally. I am going to share with you some legitimate ways to earn money by hacking. 

1) Make your hacking blog 


You can make your hacking blog and update your blog regularly. Now you must be thinking how can you earn money by doing that? So you can earn a lot of money you just need to create a blog. And post your hacking articles regularly. 

After you created a blog advertise your blog with Google Adsense. After your blog gets approved by Google AdSense you can earn money on advertising your blog.

2) Working on a company

There is a shortage of good hackers in the world many bad hackers around. So nowadays IT companies are hiring many white hat hackers. To protect their data from black hat hackers.

Due to the shortage of white hat hackers, companies are providing much salary to hackers. So if you want to work as a hacker and earn money so you can apply to any IT company for a job.

3) Teaching Ethical Hacking


You can also open your hacking institute to teach hacking to other students. As you know there is very much demand for hackers nowadays. Many people want to learn ethical hacking.

And also there are very few institutes that provide a quality of hacking. So you can open your own institute and you can teach hacking them. By that, you can earn money with your hacking skills.



4) Open YouTube Channel 


If you want to earn by sitting at home the best way of earning is to make a video related to hacking.

Like how to hack an android device, how SQL injection works, what is buffer overflow and explain everything to your viewers in detail.  And monetize your YouTube Channel with ads. 

Create quality content that people like to watch by doing this you can earn lots of money.

5) Fiverr

You guys must know about Fiverr. If you don't know let me explain to you what Fiverr is. Basically, it is a website from which you can earn money by sitting at home.

So basically you need to do is go on fiverr.com  and make a freelancer account. After creating an account you can make your profile on Fiverr. 

Like I'm a certified ethical hacker. Contact me for testing your security, or for securing your website like this. 

After making a profile wait for some days people will contact you via email and they will give you work in what you are interested in. 

By doing that you can make many dollars. Check this site by clicking this link https://www.fiverr.com/ 

6) Upwork

This is the same site like Fiverr that offers you to make your free account. And to make money in whatever profession you have. I recommend you make an account on both websites so you will earn double.

That's my personal trick I am sharing with you because I work on both websites. As people will like your work they will give you a rating.

As your rating will increase you will get more work related to your profession. 

By that, you will be able to earn more. Check this site out https://www.upwork.com/ 

7) Bug bounty program


You can also earn a lot of money by joining a bug bounty program. Basically, many companies organize this program to test their software or website for bugs.

You need to do is that you have to find out bugs in their programs or on their websites. If you succeed in finding bugs they will award you with a lot of money. 

Many big companies come in bug bounty programs such as Facebook, Microsoft, Infosys, etc. 


All you need to do go to https://bugcrowd.com/ and signup for an account. And you are all set.

There are not only bug crowd available but you can sign up for others like hacker one, Starbucks, PHP, etc.

1 Comments

  1. Thanks for the nice blog. It was very useful to me. I m happy I found this blog. Ethical Hacking training

    ReplyDelete

Post a comment

Previous Post Next Post