Ethical Hacking For Beginners: The Ultimate Guide [2019]

hacking for beginners

Hi there…

So you want to learn Hacking? Hmm… That sounds interesting.

You might probably be searching all over the Internet for the term: Hacking for Beginners and I guess, you couldn’t find any resource where you can start from the beginning.

There are little to no resources available on the Internet for the beginners to start learning Hacking, and that too for free (of course there are many paid resources available).

In this post of Hacking for Beginners, I am going to tell you the basic things and terminology that you need to know to start Hacking.

So without any further chit-chat let’s start.

Hacking For Beginners The Ultimate Guide

As you know, Hacking is an act of breaking into someone’s computer for personal or business gains. Hacking is termed as an evil thing to do, but that’s not the case.

The real difference lies in the intention of the hacker. Based on the intention the Hacker can be classified into three categories that are listed below.

Black Hat Hackers

Yup, these are the Hackers which are termed as so-called “HACKERS.” These are the Hackers on which media seems to focus.

black hat hacker

Black Hats finds the flaw or weakness in a system without taking any prior permission from the owner. They then use that weakness to hack the system.

They often hack to steal individual’s data like bank account details, credit card info or social security numbers.

Sometimes they target large organizations and businesses and leaks their database (tabled content having a list of usernames, passwords, and email addresses, etc.) information online.

Black Hats are highly skilled people who have a great skill set. They have good knowledge of various programming languages and an in-depth understanding of computer networking.

black hat hacking

Involving in Black Hat activity is illegal, and I strongly recommend not using your knowledge for engaging in bad activities.

White Hat Hackers

Okay, not all the Hackers are evil-minded. There are also good Hackers, which you can say are the backbone of the Internet. They immensely contribute to the development of a better and safer cyber world.

white hat hacker ethical hacker

These Hackers often holds a certification in Hacking. And are meant to hack ethically and hence are also called Certified Ethical Hackers.

Companies hire Ethical Hackers and pay them a handsome amount of money for finding flaws in their website, software or a system.

Companies give Ethical Hackers written permission to perform the hack.

“A written permission”

After all, this is what matters and separates White Hats from Black Hats.

White Hats are also very skilled as the Black Hats. But instead of using their knowledge for bad purpose or for their own sake, they use it for a good cause.

Grey Hat Hackers

As you may have already guessed, these are the Hackers who lie in between Black Hats and White Hats.grey hat hacker Grey Hats tries to compromise a system without taking any prior permission from the owner. But when they find any flaw or weakness they report it to the owner of the system.

Grey Hats are curious people who try to challenge themselves and enjoy testing their knowledge.

You can say Grey Hats tries to do the ethical thing using an unethical method. Does that sound silly? Whatever.

Grey Hats are often offered money by the owner for finding the weakness in the system.

But don’t take that for granted, there is a possibility that the owner can legally sue you for hacking into his system and you may probably find yourself in very serious trouble. This hacking for beginners guide is strictly meant to be used in an ethical way.

You better be on the safe side.

Now you know the three most common types of Hacker, let’s move on some technical stuff.

Let’s learn some of the basic terminology used in the Hacking world.

Don’t worry it isn’t going to be complicated. I will try to explain the terms in simple language.



Vulnerability refers to a flaw or weakness in the system through which a Hacker/Attacker can get unauthorized access to the system.

Let me explain it through an example.

Suppose you have an outdated web browser which allows remote execution of a random code or script. Then you can say that your web browser has the vulnerability that it allows remote code execution without even noticing you.

Let’s take a real-world example.

what is a vulnerability in hacking

Suppose, the door lock of a person’s house has a flaw/weakness in its design. The flaw is that it allows multiple keys to open it, which was not intended by the vendor.

The person’s house can then be said vulnerable to attack (theft etc.). The weak point or the vulnerability is in the door that it has a design flaw.

I hope you got the point.

Exploit and Exploit Kits


Exploit is software designed specifically to take advantage of the vulnerability.

So let us take the example of your outdated web browser, which has the vulnerability of remote code execution.

Now as soon as the attacker knows that your browser is vulnerable, he will try to develop software or write some scripts through which he can take advantage of the vulnerability.

The software developed by the attacker will then is known as an Exploit.

On the other hand, the Exploit kits are tools that check a system or software for possible vulnerabilities that the Hackers can then try to exploit.

As the name suggests, Exploit Kits are a collection Exploits that is malicious code which is designed to take advantage of the vulnerability.

An Exploit Kit checks a system for a possible vulnerability, and if found, it searches for the Exploit which can be used to take advantage of that vulnerability thus infecting the system.



The Exploit can be said as a way of getting into the system using the vulnerability. It kind of opens the door to the vulnerable system and allows the attacker to inject his malicious code or script into the system.

But the malicious code which is used by the attacker to perform the intended task is known as Payload.

Now that the vulnerability of your browser had been exploited by an Attacker, the payload, the very specific malicious code can be used for turning off the firewall or installing an application like Trojan horse or any other kind of malicious software into your system.



The vulnerabilities which had not been discovered yet, by the developers of a website, software, or a system are known as zero-day vulnerabilities.

So if a Hacker/Attacker got hold of a vulnerability of a system before the developer does, he can then exploit the vulnerability.

The attack then performed by the Attacker is said Zero-Day Attack.



Doxing is an act of collecting personally identifiable information (PII) of a person using publicly available resources.

The information can include the name of the person, date of birth, phone number, the city where he lives, etc..

Doxing is mainly done with the malicious intent.

Imagine if an Attacker gets sufficient information about you, he can then use it against you for things such as blackmailing or harassing.

So be careful, and double check what things you are sharing on the Internet.



Phishing is a kind of fraud, or in the Hacking world, it is more likely to be called a Social Engineering attack.

To give you a basic understanding of Social Engineering: it is like manipulating people or rather tricking people into giving their confidential information to you that they would not normally give.

In a Phishing attack, the Attacker tries to impersonate himself as a trusted authority and tries to lure information such as login credentials of a social account or getting bank account details, etc.

For example, if you ever came across an email, that states that you have won millions of dollar from Samsung, Apple or whatever, then you know what I am trying to say.

It is a Phishing attack which tries to lure a person to give his account details to someone whom he thinks is a trusted body, but in reality, it’s not.

facebook phishing page

Nowadays, phishing is the most common attack for stealing social account details of a person. The Attacker creates a phishing website, which is another fancy term for referring to a website which is the ditto copy of an original website.

For example, an Attacker will create a website which will look very similar to a facebook login page, but when you enter your information and hit enter, your username and password will be sent to the Attacker, and you will have no idea about it.



A computer or other Internet-enabled device running a malicious software which allows it to be controlled from a remote location is said to be a Bot.

And a group of computers or other Internet-enabled devices running a malicious software which allows them to be controlled from a remote location is said to be a Botnet.

A botnet is a collection of Bots.

DoS and DDoS


DoS, it stands for Denial of Service. It is the type of an attack which is used to send fake traffic to a website or a server in order to make it unresponsive or even crash it.

In Denial of Service attack, a single device is used to generate all the fake traffic to a website, when the traffic exceeds the bandwidth limit, the website or the server crashes.

But in DDoS, which stands for Distributed Denial of Service the fake traffic is generated from multiple source devices, and then the traffic is sent to the destination location.

A DDoS attack is way more powerful than a Dos attack and is very difficult to defend.



A Backdoor is malicious software installed on a system that allows unauthorized access to a system.

Suppose an Attacker breached your system and got unauthorized access to the system. The Attacker will then try to install malicious software with the help of which he can come and go whenever he wants.

Consider it as a password to a location or a door in your system, which only the Hacker/Attacker knows.

I hope you got the point.

Rundown: Hacking For Beginners The Ultimate Guide

So this was all about Hacking for Beginners. I hope you enjoyed reading it and learned something from it.

Learning to hack is not an overnight task. It’s an ever going process.

It takes patience, dedication, and a will to learn something new every day. You must have or develop an attitude to face challenges.

In the Hacking world, you need to be practically implementing the knowledge and techniques that you are learning.

Because whatever it is in theory, not always works the same practically. The things you will learn will work differently when you are implementing.

hacking for beginners

Hacking is all about having practical knowledge. The more you apply, the better you understand the concept and get in-depth hold. And, that’s how you will gain experience and will be able to level up yourself.

In the coming weeks, I will be posting various articles, focused on the topic “Hacking for Beginners.”

There will be a sequence of posts, which is going to be an ultimate series of hacking for beginners to get a headstart in the world of Hacking.

I will discuss with you the tools, techniques, and information focused on hacking for beginners. So be sure to subscribe to the email newsletter and get informed when a new article is out.

And if you have any query or have any suggestion for an article, feel free to mail me or comment below.