Ethical Hacking Tutorial

System Hacking Methodology (Detailed Guide)

What is System Hacking?

System hacking is the process of hacking a system, such as computers, laptops, and relevant software to steal data and confidential information. 

System Hacking Methodology

In system hacking, the attackers find and exploit the vulnerabilities in the systems for illegal benefits and unauthorized data access. For this, they find the information about the system, network, as well as relevant parts of computer science. 

Since the internet-connected systems are somehow vulnerable, the hackers use techniques like email spamming, social engineering, trojans, worms, phishing, port vulnerabilities, etc. for launching system hacking attacks.

Searching for Exploits

For hacking a system, there is a need to find particular exploits in the OS, software, apps, or relevant systems. 

The exploits can be found using various techniques and tools, such as Exploit-DB and  Metasploit. Some vulnerability scanning tools like OpenVAS, Nexpose, and Nessus are also used. 

Metasploit Modules

Metasploit module is a software used to find the exploits and vulnerabilities in the target system or network. Modules can be used as exploit modules, auxiliary modules, or post-exploitation modules. 

For the configuration of an exploit, the hackers need to search for the module with the use of search operators in the tool. The search operators help in creating the right query by applying several types of filters like module name, path, platform, CVE ID, application, and more. Based on these filters, it will show the list of results. 


Exploit-DB (Exploit Database or EDB) is one of the most preferred projects that shows category-wise exploits. These categories include platform, type, language, port, and more. These help in searching the exploit for specific circumstances. 

After finding the exploits that are likely to work on the target system, the hackers use these on Kali for carrying out attacks. 

Open a browser in Kali like Iceweasel and go to On the website, go to the Search option and click on it to search the exploits database. From here, you can find the exploits in a system. 

Gathering Passwords

In networking, nothing is a more serious security threat than the use of weak passwords. Hackers can use techniques to discover common passwords. Moreover, they can read the passwords shared in messages if the system or network is not secure. 

Techniques and tools like WinSniffer and Ettercap help hackers to gather passwords and attack the target system. 

Password Cracking

Password cracking means using methods and tools to crack the password of software, application, system, or network. Hackers can carry out brute-force attacks, use dictionary attacks, phishing, malware, etc., to crack the passwords. 

For instance, if a password is saved in the form of text, the hackers can use it to attack the database and get desired data and information. 

John the Ripper

It is free software for cracking passwords. John The Ripper is the preference of numerous ethical hackers for penetration testing because it supports fifteen platforms.

The commercial version- John the Ripper Pro, is also available for easier installation, targeting more systems, and better performance.

Rainbow Tables

In systems, the passwords are usually stored in the form of hash functions that can’t be decrypted. So, when someone uses the password, it is compared with the hash value to authenticate whether it is correct. The database used for cracking the hash functions and finding authentication is called a rainbow table.

Cracking Sytstem Passwords

System Hacking - Cracking Sytstem Passwords

Client-Side Vulnerabilities

Client-side vulnerabilities are those that happen at the end of the user, like a web browser. Since the server sides have the right security measures and practices in place to avoid attacks nowadays, hackers also look at the client-side vulnerabilities.

Post Exploitation

Post-exploitation means the actions taken by a hacker once he has compromised a system or network. These actions can be to access sensitive data, change user account passwords, or do other malicious things.

Privilege Escalation

When a hacker finds the bugs, flaws, or other errors in a system or application and accesses the resources that are not supposed to be available to them, it is called privilege escalation. 

The privilege escalation is of two types:

  1. Horizontal: accessing data or functionalities of users

  2. Vertical: accessing data or privileges of admins or critical users

How to Escalate Privileges in Linux and Windows?

In this video, We are explaining about How to Escalate Privileges in Linux and Windows? Please do watch the complete video for in-depth information.


The process of moving from one place to another in a compromised system or network is known as pivoting. For example, if an attacker has hacked a system in the network, he will try to gain access to other systems in the network.


Persistence, also called maintaining access, is when the attackers look to maintain access in a compromised system or network for a long time. 

They want to carry out additional attacks, access more confidential data, until they get what they want to get. 

In many instances, they leave some additional vulnerabilities or points of entry to exploit the network in the future whenever required. Unless the victim fixes the vulnerabilities, the attacker can use it for several sorts of ill purposes.

Covering Tracks

Covering tracks is the process of clearing all the evidence that may allow the victim to reach the attacker. 

A smart hacker does this by clearing the cache and cookies, deleting sent emails, closing the open ports, changing or deleting the logs and registry files, uninstalling the apps used by him, and deleting files/folders. 

What is System Hacking and How Does it Work?

In this video, We are explaining What is System Hacking and How Does it Work? Please do watch the complete video for in-depth information.

How to Clear Logs from Windows & Linux Machines in Seconds?

In this video, We are explaining about How to Clear Logs from Windows & Linux Machines in Seconds. Please do watch the complete video for in-depth information.

Did you find this article helpful?