2. What is Hacking?
• act of finding the possible entry points that
exist in a computer system or a computer
network and finally entering into them.
• usually done to gain unauthorized access to
a computer system or a computer network,
either to harm the systems or to steal
sensitive information available on the
computer.
3. • A computer expert who does the act of
hacking is called a “Hacker".
• Hackers are those who seek knowledge,
to understand how systems operate, how
they are designed, and then attempt to
play with these systems.
4. Ethical Hacking
• Hacking is usually legal as long as it is
being done to find weaknesses and help
identify potential threats in a computer or
network system for testing purpose. This
sort of hacking is what we call Ethical
Hacking.
5. • An ethical hacker attempts to bypass
system security and search for any
weak points that could be exploited by
malicious hackers.
8. Reconnaissance
• Reconnaissance is a set of
processes and techniques
used to covertly discover
and collect information
about a target system.
• refers to preparatory phase
where an attacker learns
about all of the possible
attack vectors that can be
used in their plan.
9. Scanning and Enumeration
• Scanning is the process
where the attacker begins
to actively probe a target
machine or network for
vulnerabilities that can be
exploited.
• Enumeration is the ability
of the hacker to convince
some servers to give them
information that is vital to
them to make an attack.
10. Gaining Access
• In this process, the
vulnerability is located
and you attempt to exploit
it in order to enter
into the system.
• This is the actual hacking
phase in which the
hacker gains access to
the system.
11. Maintaining Access
• After gaining access,
the hacker installs some
backdoors in order to
enter into the system
when he needs access
in this owned system in
future.
12. Clearing Tracks
• “Everybody knows a
good hacker but
nobody knows a great
hacker.”
• This process is
actually an unethical
activity. It has to do
with the deletion of
logs of all the activities
that take place during
the hacking process.
13. Reporting
• Reporting is the last step
of finishing the ethical
hacking process. Here the
Ethical Hacker compiles a
report with his findings
and the job that was done
such as the tools used,
the success rate,
vulnerabilities found, and
the exploit processes .
14. Ethical Hacking Tools
• Nmap (Network Mapper)
• Metasploit
• Burp Suite
• Angry IP Scanner
• Cain and Abel
15. Advantages:
• Helps in closing the open holes in the
system network
• Provides security to banking and financial
establishments
• Prevents website defacements
16. Disadvantages:
• All depends upon the trustworthiness of
the ethical hacker.
• Hiring professionals is expensive.
You might want to explain or define different types of hacking (e.g Black-hat hacking, White-hat Hacking, Gray-Hat hacking, etc)
Ethical hacking involves finding weaknesses in a computer or network system for testing purpose and finally getting them fixed.
Ethical hacking is an example of white-hat hacking. Explain why.
This information is then used by the organization to improve the system security, in an effort to minimize or eliminate any potential attacks.
You might want to identify the skills an ethical hacker should have.
The word ethical in this context means working with high professional morals and principles. Whether you’re performing ethical hacking tests against your own systems or for someone who has hired you, everything you do as an ethical hacker must be aboveboard and must support the company’s goals. No hidden agendas allowed!
Treat the information you gather with the utmost respect. All information you obtain during your testing — from web application flaws to clear text e-mail passwords to personally identifiable information and beyond — must be kept private.
One of the biggest mistakes people make when trying to hack their own systems is inadvertently crashing the systems they’re trying to keep running. Poor planning is the main cause of this mistake. These testers often misunderstand the use and power of the security tools and techniques at their disposal.
Nmap - It is an open source tool that is used widely for network discovery and security auditing. Nmap was originally designed to scan large networks, but it can work equally well for single hosts. Network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Metasploit - one of the most powerful exploit tools. With Metasploit, you can perform the following operations: Conduct basic penetration tests on small networks, Run spot checks on the exploitability of vulnerabilities, Discover the network or import scan data and Browse exploit modules and run individual exploits on hosts.
Burp Suite - a popular platform that is widely used for performing security testing of web applications. It has various tools that work in collaboration to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Angry IP Scanner - a lightweight, cross-platform IP address and port scanner. It can scan IP addresses in any range. It can be freely copied and used anywhere. In order to increase the scanning speed, it uses multithreaded approach, wherein a separate scanning thread is created for each scanned IP address.
Cain and Abel - Cain & Abel is a password recovery tool for Microsoft Operating Systems. It helps in easy recovery of various kinds of passwords by employing any of the following methods: sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysisattacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Cain & Abel is a useful tool for security consultants, professional penetration testers and everyone else who plans to use it for ethical reasons.