The Languages that Hackers Use
Introduction: Oh no!
You may have encountered an experience where you have been hacked or someone you know hacked at some point in your life. It is not a light subject as getting hacked can have devastating consequences. Whether losing access to all your social media accounts or having your bank accounts get infiltrated, it is a scary experience. But how do we get hacked? After years of protecting your privacy and personal information, you find yourself falling into the demise of an anonymous being. You may wonder, what makes them capable of doing something so complicated and evil? Well, that is the power of programming.
The Appeal of Programming
Programming is often seen as a tool to instruct a computer or piece of technology to do specific tasks. When used correctly, they are helpful, effective, and efficient. But when misused, they can become deadly weapons that can cause harm and disrupt even the flow of everyone’s lives. As we know, according to Trent Fowler, there are currently around 700 programming languages to exist today (excluding computer languages that aren’t used for programming). And trust me, that is a lot of languages. But one question that comes to mind is how hackers decide which languages to use when hacking?
Three languages are most notable Python, JavaScript, and SQL (Structured Query Language).
The Origins Hacking:
In terms of hacking, it has been used for many years. It all started in the 1960s when the term “hacker” came to be. While the time can be dated back to around 1200 B.C., Catherine Hiley, a writer for cybernews, discusses how it became heavily used due to its definition. According to her, it is described as “cutting roughly and violently, often without aiming exactly.” This relates to the “hacking” we know of today because of its use. When it comes down to hacking (typically in a non-ethical manner), people do all they can to “cut” through a system using code. With that code, we see how those people use it through means that are meant to cause harm. They do not aim necessarily since they do it through a system that is not through their own hands.
Hacking Firsts:
To give a quick idea of how hacking came to be, we can look at the firsts of hacking. One of the first hackers was John Draper. He was known to make free phone calls through a Captain Crunch whistle. He was able to do this through a method called “phreaking.” This method was typically used by telecommunication hackers where it involves hacking a cellular device. One of the first internet hackers in history created the infamous Morris Worm. It was known to be a non-destructive malware but was known to crash computers from all over. One of the biggest hacks in history was the 2013 attack on Yahoo. When the attack first came about, over three billion accounts were affected. While it took a while for Yahoo to admit its faults, it showed how dangerous and challenging.
Python: The Language of Simplicity
Python is one of the most common programming languages that every programmer knows of. But if it’s such a common language, why do hackers use it to do what they do? If we were to look further into the world of Python, it is known to be a high-level program that is simple and easy to learn. The practicality of Python allows hackers to quickly execute the tasks they need without confusion. With Python, for those entering the hacking world, it is to catch on for them to get the job done. As of 2020, Python was considered one of the finest programming languages used for hacking. Why that is, is because of the language’s capabilities.
Python’s Practical Skills in Hacking
A writer from Developer On Rent, who goes by Yusuf, lists more details about why Python can be practical for hacking. He lists some of the few things: its simple structure, object orientation, and web applications. This is useful for hackers because they aim to infiltrate a system as quickly and discretely as possible. Now, hacking takes skill, considering that you know what tasks you need to perform while having the capability to execute those tasks. With the simplicity of Python, there is no need to write endless amounts of code for multiple tasks. Instead, you can get the job done with a few lines.
Python’s Practical Skills in Hacking: Continued
Some other things to note are how by being an object-orientated language, it is helpful for hackers to stay organized while on the job. Especially with working at such a fast pace, it would be easy to find if you were to refer to your code for a specific variable or execution code. Hackers can run code to create actual websites like those we use today by applying Python to web applications. So, if a hacker wants to make a web application to gain user information quickly, it would be simple, mainly because they can. Another thing to note is that Python has a very supportive community capable of many open-source developers, which many hackers have access to, referring to if ever in a stump.
Example of Python Hacking: Brute Force Zip File Passwords
When coming across a zip file with a password, hackers may use Python in the following way to unlock it according to Python Code:
1. Open a new Python file
import zip file
from tqdm import tqdm
2. Specify the target zip file and wordlist path
# the password list path you want to use must be available in the current directory
wordlist = “rockyou.txt”
# the zip file you want to crack its password
zip_file = “secret.zip”
3. Read the zip file, its wordlist, and total passwords to evaluate
# initialize the Zip File object
zip_file = zip file.ZipFile(zip_file)
# count the number of words in this wordlist
num_words = len(list(open(wordlist, “rb”)))
# print the total number of passwords
print(“Total passwords to test:”, num_words)
4. Use the brute-forcing process to find passwords in the wordlist
with open(wordlist, “rb”) as wordlist:
for word in tqdm(wordlist, total=num_words, unit=”word”):
try:
zip_file.extractall(pwd=word.strip())
except:
continue
else:
print(“[+] Password found:”, word.decode().strip())
exit(0)
print(“[!] Password not found, try other wordlist.”)
JavaScript: The Language of The Web
JavaScript is a programming language to be cautious of. While it has its uses, JavaScript can be dangerous if misused. However, the language is typically good, especially since that hacker will use it. But what is the language? According to Ebubekir Buber, a writer from itnect.io, JavaScript is known as the language of the Web. The reason for that is that it specializes in web designing and web development. This is relevant to hackers because they use it to execute tasks as soon as the files load or wait for a specific moment to occur. Like any other code, hackers use this language to execute at any moment. One of the benefits is that it does not require one to compile code into a different form because it takes effect whenever a change is made.
Behind the “Truth”
When examining this language, something to keep in mind is that it is not Java, although it has it in its name. What makes JavaScript so appealing to hackers is that the code can resonate within a web page. Specifically, for hackers who wish to gain access to user information from specific websites, applications can be added to those websites. As users know, they often find themselves wary of suspicious websites that can be replicas of the original website. However, there would be hopelessness to look for only that, as hackers can easily find ways to hide their traps on your favorite websites. That way, hackers can be sneaky and attack users blindly without needing to “truly” be a replica when they can be a part of the real thing.
The Skills of JavaScript
But what information can hackers gain if they were to use JavaScript? Well, Joel Lee, an expert in Computer Science, claims that there are three things that the language uses to invade your privacy and security. One thing that JavaScript can do is figure out what type of web application. JavaScript allows you to see it all, whether it be your search history full of questions on Python or the list of items you need from the grocery store. While you may think it is not bad, hackers can learn more about who you are from what you look up to, like how we coincidentally get ads of a specific chocolate brand after purchasing it. However, it is much worse than some ads you may get here and there. By recording the information, you type (even without clicking the submission button), hackers can find trivial things such as your favorite clothing brand to essential things like the area you live in.
The Skills of JavaScript: Continued
The other two that Lee mentions are the ability to track your browsing habits and inject malicious code. Like seeing your search history, hackers can store information specific to you by looking at your browsing habits. Do you ever encounter those “browser cookies”? Those are some of the few that claim to give users a better experience, but they really track your activity, even outside the web application you were initially using. With malicious code, hackers can snoop and steal sensitive information when browsing specific sites containing data they are looking for, such as financial information.
Example of JavaScript Hacking: Assigning Dynamic Property Names
When using this code, this is an example of how JavaScript categorizes variables/objects to a specific property when coding, given the example by Klaus from dev:
const dynamic = ‘flavor’;
var item = {
name: ‘Coke’,
[dynamic]: ‘Cherry’
}
console.log(item);
// { name: “Coke”, flavors: “Cherry” }
SQL (Structured Query Language): The Language of Database Manipulation
SQL or Structured Query Language is a programming language used for databases. Using such a language is powerful because it can manipulate and obtain information from said data. When used correctly, programmers use it to design and manage the databases they are working on. The program also allows access to records and data when given the command. However, there are often costs when it comes to SQL. The specialization in databases gives hackers an effortless way to infiltrate them without other languages, making the task more difficult. As a CBR Staff Writer once wrote, SQL attacks are known to be an old trick, but it hasn’t stopped hackers from using it to their advantage to invade the systems of many companies.
Why SQL?
What makes hackers so drawn to the language if they can get the job done with another? Data is often an essential part of systems that should be protected at all costs. Whether sensitive information or numerical values, data varies but is endless. If a hacker were to gain the ability to use SQL, it would allow them to infiltrate any database to their own accord. One of the most notable kinds of attacks a hacker can use with SQL is SQL injection. According to GreyCampus, it is an attack where hackers use unvalidated user input to enter arbitrary data and commands that lead to unwanted results. This type of attack can be compelling and lead to many people losing countless amounts of data and corrupting the systems it supports.
The Trends of the Hacking World:
The hacking world today is something else. As the world is ever-changing, hacking comes along with it. If we were to look at this world right now, we would see that according to Mark London, some of the notable trends as of 2021 that he list are ransomware attacks and insider attacks/threats. Considering the pandemic we are facing right now, more online attacks are becoming more popular, and make hackers in the making are beginning their crimes. With the chance to practice back at home, there is no need to exist in the comfort of their own homes. Other recommendations are made today to educate people and employers about the importance of cyber security. With the constant use of technology, we need to protect it more.
Conclusion: A Hacker’s Tool
No matter the language, hackers all have reasons why they prefer one type of programming language over another. Despite their preference, we can see how some languages are used to them depending on the acts they wish to commit and how convenient it would be for them if they were to use them. We see that Python allows hackers to work efficiently to keep them organized, allowing them to refer to the code whenever needed. But when it comes to task-orientated commands, we see that SQL is used for data breaches and JavaScript for web applications.
Conclusion: A Hacker’s Tool (Continued)
Although hacking may not be the most ethical thing to do, nor is it highly looked upon, the languages they use demonstrate how “useful” coding languages can be. But they help establish the abilities of a hacker who can comprehend several types of languages for specific situations. In the world that we live in today, coding is now a double-edged sword that is used for good and bad intentions. However, one thing to keep in mind is that programming and the many languages have changed our lives immensely.
