Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by fhjfcbtjsyzoaqprrr

Ethical Hacking

advertisement 
CONTENTS
1. Type of hackers
2. Ethical Hacking
3. Role of ethical hackers
4. Process of hacking
4.1 Virtualization
4.2 Footprinting
4.3 Scanning
4.4 System hacking
4.5 Steganography
4.6 Cryptography
4.7 Virus/Trojan
4.8 Social Engineering
4.9 Wifi Hacking
4.10Mobile Hacking
4.11SQL injection
1. Type Of Hackers
2. White Hat Hackers
3. Black Hat Hackers
4. Gray Hat Hackers
5. Script Kiddies
6. Hacktivists
7. State Sponsored Hackers
8. Spy Hackers
9. Suicide
10.
C.P Hackers
2. Ethical Hacking
Ethical hacking as the term denotes is used for ethical, legal or good
reasons. Ethical Hackers work similarly to any other black hat hacker
or cracker but their aim is to provide complete security to any system
to prevent other black hat hackers. They find out the loopholes in
any operating systems and apply complete security to it so that other
hackers would not able to attack the system. Black hat hackers are
actually the cyber criminals and ethical hackers are the cyber police.
Both had weapons with them but one is using it protect others and
other one is using it for damage others. Ethical Hackers do have
sound knowledge as what measures that a black hat hacker can take
to damage the systems, therefore they applied the security to the
system accordingly and thus make the system of any organization
completely safe and secure.
3. Role of Ethical Hackers
•There can lots of roles and responsibilities for an ethical hacker, but
to summarize their roles and responsibilities a White hat hacker can
do the following for an organization
•They can find out the vulnerabilities and loopholes in any IT system.
•Ethical Hackers can also suggest the list of steps that should be
taken to prevent the risk on a system and can also provide the
system complete security.
•They can recommend any organization about the detailed report
and analysis related to security of any IT system.
4. Process Of Hacking











VIRTUALIZATION
FOOTPRINTING
SCANNING
SYSTEM HACKING
STEGANOGRAPHY
CRYPTOGRAPHY
VIRUS / TROJAN
SOCIAL ENGINEERING
WiFi HACKING
MOBILE HACKING
SQL INJECTION
4.1 Virtualization
Why is virtualization useful
The techniques and features that Virtual Box provides are useful for
several scenarios:
•Running multiple operating systems simultaneously.
•Easier software installations.
•Testing and disaster recovery.
•Infrastructure consolidation.
Features overview
Here’s a brief outline of Virtual Box’s main features:
•Portability. Virtual Box runs on a large number of 32-bit and 64-bit
host operating systems.
•No hardware virtualization required.
•Guest Additions: shared folders, seamless windows, 3D
virtualization.
4.2 Footprinting
Footprinting is the first and most convenient way that hackers use to
gather information. about computer systems and the companies
they belong to. The purpose of footprinting to. learn as much as you
can about a system, it's remote access capabilities, its ports and.
services, and the aspects of its security.
Identify Vulnerabilities
It allows attacker to identify Vulnerabilities in the target system in
order to select appropriate exploits.
Objectives Of Footprinting
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Domain Name
Internal Domain Name
Network Blocks
IP Address Of The reachable System
Rough website / Private Website
TCP & UDP services Running
Access Control Mechanisms and ACL’s
Networking Protocols
VPN Points
IDSes Running Analog/Digital Telephone number
11.
12.
Authentication Mechanisms
System enumeration
Collect System Information
1.
2.
3.
4.
5.
6.
7.
8.
User and group names
System banners
Routing tables
SNMP information
System architecture
Remote system type
System names
Password
Collect Organization’s information
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Employee details
Organization’s Website
Company directory
Location details
Address and phone numbers
Comments in HTML Source Code
Security policies implemented
Web Server links relevant to the organization
Background of the organization
News articles
Press release
4.3 Scanning
Scanning is the second phase of hacking
By scanning we can find out:








Which all servers are alive (AKA)
Specific IP address
Operating system
System architecture
Service running on each system Types of scanning
Port Scanning
Network Scanning
Vulnerability Scanning
Port scanner
Port scanner is an application designed to probe a server or host for
open ports. This is often used by administrators to verify security
policies of their networks and by attackers to identify services
running on a host and exploit vulnerabilities.
Network scanner
Network scanning is a procedure for identifying active hosts on a
network; Scanning procedures, such as ping sweeps and port scan s,
return information about which IP addresses map to live hosts that
are active on the Internet and what services they offer.
Vulnerability Scanning
The automated process of proactively identifying vulnerabilities of
computing systems in a network in order to determine if and where
a system can be exploited or threatened; Vulnerability scanning
typically refers to the scanning of systems that are connected to the
Internet.
4.4 System Hacking
Password Hacking:
TYPES OF PASSWORD HACKING
There are of four types of password attack
1.
2.
3.
4.
passive online attack
Active online attack
Offline attack
Non technical attack
PASSIVE ONLINE ATTACK
In passive online attacks an attacker don’t contact with authorizing
party for stealing password, in other words he attempts password
hacking but without communicating with victim or victim account.
Types of passive online attacks includes wire sniffing, Man in the
middle attack and reply attack.
ACTIVE ONLINE ATTACK
This type of attack can be directly termed as password guessing. An
attacker tries number of passwords one by one against victim to
crack his/her password.
OFFLINE ATTACK
Offline password attacks are performed from a location other than
the actual computer where the password reside or were used.
Offline attacks requires physical access to the computer which stores
password file, the attacker copies the password file and then tries to
break passwords in his own system. Offline attacks include,
dictionary attacks, hybrid attacks, brute force attack, precomputed
hash attacks, syllable attacks, rule based attacks and rainbow
attacks.
NON TECHNICAL ATTACK
This type of attacks does not require any technical knowledge hence
termed as non-technical attacks. This kind of attacks may include,
social engineering, shoulder surfing, keyboard sniffing and dumpster
diving.
4.5 STEGANOGRAPHY
The art and science of hiding information by embedding messages
within other, seemingly harmless messages. Steganography works by
replacing bits of useless or unused data in regular computer files
(such as graphics, sound, text, HTML, or even floppy disks ) with bits
of different, invisible information. This hidden information can be
plain text, cipher text, or even images. Steganography sometimes is
used when encryption is not permitted. Or, more commonly,
steganography is used to supplement encryption. An encrypted file
may still hide information using steganography, so even if the
encrypted file is deciphered, the hidden message is not seen.
TYPES OF STEGANOGRAPHY
1. Text Steganography
2. Image Audio Steganography
3. Video Steganography
4.6 Cryptography
Techniques used for deciphering a message without any knowledge
of enciphering details.
Plaintext : A message in its natural format readable by an attacker.
Ciphertext : Message altered to be unreadable by anyone except the
intended recipients.
Key : Sequence that controls the operation and behavior of the
cryptographic algorithm.
Encryption : The process of converting the plaintext to ciphertext is
encryption.
Decryption : The reveres process of restoring the plaintext from the
ciphertext is decryption.
4.7 Virus / Trojan
A Trojan horse or Trojan is a type of malware that is often disguised
as legitimate software. Trojans can be employed by cyber-thieves
and hackers trying to gain access to users' systems. Users are
typically tricked by some form of social engineering into loading and
executing Trojans on their systems.
4.8 Social Engineering
Phishing
Phishing is the attempt to obtain sensitive information such as
usernames, passwords, and credit card details (and sometimes,
indirectly, money), often for malicious reasons, by masquerading as a
trustworthy entity in an electronic communication.
Email Tracking & Bombing
Email tracking is a method for monitoring the email delivery to
intended recipient. Most tracking technologies use some form of
digitally time-stamped record to reveal the exact time and date that
an email was received or opened, as well the IP address of the
recipient.
4.9 WIFI Hacking
wireless hacking tools are of two types.
1. One of which can be used to sniff the network and
monitor what is happening in the network.
2. And other kinds of tools are used to hack WEP/WPA keys.
4.10 Mobile Hacking
Phone hacking is the practice of intercepting telephone calls or
voicemail messages, often by accessing the voicemail messages of a
mobile phone without the consent of the phone's owner.
Tools of Mobile Hacking
1. Droidjack hack
2. Spy Phone Hack
3. Hash Suite Droid
4.11 SQL Injection
SQL Injection (SQLi) refers to an injection attack wherein an attacker
can execute malicious SQL statements (also commonly referred to as
a malicious payload) that control a web application's database server
(also commonly referred to as a Relational Database Management
System – RDBMS).
Related documents
security plus
security plus
File
File
What is Ethical Hacking??
What is Ethical Hacking??
Presentation1 hacking
Presentation1 hacking
Malicious Attacks Quinn Male Susan Dou Hanzhang Hu
Malicious Attacks Quinn Male Susan Dou Hanzhang Hu
Unit 20 – The Ex Hacker – Model Answers
Unit 20 – The Ex Hacker – Model Answers
The lab
The lab
Download
advertisement