Understand what Ethical Hacking is, what are it's phases, and how it is different from Hacking.
Followed by screenshots of two common ethical hacking attacks.
2. INTRODUCTION
“Hacking involves a different way of looking at
problems that no one's thought of." -Walter O'Brien
Hacking generally refers to unauthorized intrusion
into a computer or a network. The person engaged
in hacking activities is known as a hacker. This
hacker may alter system or security features to
accomplish a goal that differs from the original
purpose of the system.
3. Hacker v/s Ethical Hacker
A white hat or ethical hacker is a computer security specialist who breaks into protected systems
and networks to test and asses their security. White hat hackers use their skills to improve
security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can
detect and exploit them. Although the methods used are similar to those employed by malicious
hackers, white hat hackers have permission to employ them against the organization that has
hired them.
6. Scanning
Reconnaissance refers to the
preparatory phase where an
attacker seeks to gain
information about a target
prior to launching an attack.
Could be the future point of
return, noted for ease of
entry for an attack when
more about the target is
known of a broad scale.
Reconnaissance range may
include the target
organization's clients,
employees, operations,
networks and systems.
8. Gaining Access
•After scanning, the hacker designs the blueprint of the network
of the target with the help of data collected during Scanning.
This is the phase where the real hacking takes place.
Vulnerabilities discovered during the reconnaissance and
scanning phase are now exploited to gain access. The method
of connection the hacker uses for an exploit can be a local area
network (LAN, either wired or wireless), local access to a PC,
the internet or offline.
•Examples include stack based buffer overflows, denial of
service (DoS), and session hijacking. Gaining access is known in
the hacker world as owning the system.
10. Elevating
Privileges
1. We have to check the
privileges that the logged
in user has and if any
other user is also logged
into the system.
2. We can steal the
credential of a logged in
user, a previous user, or
simply crack the
password.
11. Maintaining Access
•Once a hacker has gained access, they want
to keep that access for future exploitation
and attacks.
•They can maintain control over “their”
system for a long time by “hardening” the
system against other attackers, and
sometimes, in the process, do render some
degree of protection to the system from
other attacks. They can then use their
access to steal data, consume CPU cycles,
and trade sensitive information or even
resort to extortion.
12. • When the hacker owns the system, they can use it as a base to launch additional attacks. In this
case, the owned system is sometimes referred to as a zombie system.
•For instance, the attacker can implement a sniffer to capture all network traffic, including telnet
and ftp sessions with other systems.Attackers can use Trojan horses to transfer user names,
passwords, and even credit card information stored on the system.
14. Clearing
Tracks
•Erasing evidence of a compromise is a requirement for any attacker
who wants to remain obscure and evade trace back.
1. This usually starts with erasing the contaminated logins and any
possible error messages that may have been generated from the
attack process.
2. Attention is turned to affecting changes so that future logins are
not logged. By manipulating and tweaking the event logs, the
system administrator can be convinced that the output of her
system is correct and no intrusion or compromise actually took
place.
•The first thing a system administrator does to monitor unusual
activity is check the system log files, it is common for intruders to
use a utility to modify the system logs. In some extreme cases,
rootkits can disable logging altogether and discard all existing logs.
This happens if the intruders intend to use the system for a longer
period of time as a launch base for future intrusions. They remove
only those portions of logs that can reveal their presence.
16. Documenting
Every step of an attack, or the entire Ethical Hacking process, has
to be noted and labeled stepwise.
Every detail, difficulty and vulnerability has to be informed
about to the target(parent company).
This is the point where the Hacker has the option to suggest or
withhold any useful tips or ideas he might have, for or
irrespective of an incremental bonus.
18. Phishing
Phishing is the fraudulent
attempt to obtain sensitive
information such as usernames,
passwords and credit card details
by disguising oneself as a
trustworthy entity in an
electronic communication.
Typically carried out by email
spoofing or instant messaging, it
often directs users to enter
personal information at a fake
website which matches the look
and feel of the legitimate site.
Attempts to deal with phishing
incidents include legislation, user
training, public awareness, and
technical security measures.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28. Dictionary
A dictionary attack is a
method of breaking into a
password-protected
computer or server
by systematically entering
every word in a dictionary as
a password.
01
In contrast to a brute force
attack, where a large
proportion of the key space
is searched systematically, a
dictionary attack tries only
those possibilities which are
deemed most likely
to succeed.
02
Dictionary attacks work
because many computer
users and businesses insist
on using ordinary words as
passwords.
03