Ethical Hacking Course (step by step)
Ethical Hacking (Part 1)
Introduction :
Module I : Introduction to Ethical Hacking
~ Module II: Footprinting
~ Module III: Scanning
~ Module IV: Enumeration
~ Module V: System Hacking
Module VI: Trojans and Backdoors
~ Module VII: Sniffers
~ Module VIII: Denial of Service
~ Module IX: Social Engineering
~ Module X: Session Hijacking
Module XI: Hacking Web Servers
~ Module XII: Web Application Vulnerabilities
~ Module XIII: Web Based Password Cracking Techniques
~ Module XIV: SQL Injection
~ Module XV: Hacking Wireless Networks
Module XVI: Viruses
~ Module XVII: Novell Hacking
~ Module XVIII: Linux Hacking
~ Module XIX: Evading IDS, Firewalls and Honey pots
~ Module XX: Buffer Overflows
~ Module XXI: Cryptography
Module Objective :
Understanding the importance of security
~ Introducing ethical hacking and essential
terminology for the module
~ Understanding the different phases involved in
an exploit by a hacker
~ Overview of attacks and identification of exploit
categories
~ Comprehending ethical hacking
~ Legal implications of hacking
~ Hacking, law and punishment
Can Hacking Be Ethical?
The noun ‘hacker’ refers to a person who enjoys learning
the details of computer systems and stretch their
capabilities.
~ The verb ‘hacking’ describes the rapid development of
new programs or the reverse engineering of already
existing software to make the code better, and efficient.
~ The term ‘cracker’ refers to a person who uses his hacking
skills for offensive purposes.
~ The term ‘ethical hacker’ refers to security professionals
who apply their hacking skills for defensive purposes.
Essential Terminology :
Threat – An action or event that might prejudice security. A threat is a potential violation of security.
~ Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the
system.
~ Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation.
~ Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security.
~ Exploit – A defined way to breach the security of an IT system through vulnerability.
Elements of Security :
Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable
~ Any hacking event will affect any one or more of the essential security elements.
~ Security rests on confidentiality, authenticity, integrity, and availability
• Confidentiality is the concealment of information or resources.
• Authenticity is the identification and assurance of the origin of information.
• Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
• Availability refers to the ability to use the information or resource desired
What Does a Malicious Hacker Do?
Reconnaissance
• Active / passive
~Scanning
~Gaining access
• Operating system level / application level
• Network level
• Denial of service
~Maintaining access
• Uploading / altering / downloading programs or data
~Covering tracks
Phase 1 - Reconnaissance
Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack. It involves network scanning either external or internal without authorization
~ Business Risk – ‘Notable’ – Generally noted as a "rattling the door knobs" to see if someone is watching and responding. Could be future point of return when noted for ease of entry for an attack when more is known on a broad scale about the target.
Phase 1 - Reconnaissance (contd.)
Passive reconnaissance involves monitoring
network data for patterns and clues.
• Examples include sniffing, information gathering
etc.
~ Active reconnaissance involves probing the
network to detect
• accessible hosts
• open ports
• location of routers
• details of operating systems and services
Phase 2 - Scanning
Scanning refers to pre-attack phase when the hacker
scans the network with specific information gathered
during reconnaissance.
~ Business Risk – ‘High’ – Hackers have to get a single
point of entry to launch an attack and could be point of
exploit when vulnerability of the system is detected.
~ Scanning can include use of dialers, port scanners,
network mapping, sweeping, vulnerability scanners etc.
Phase 3 - Gaining Access
Gaining Access refers to the true attack phase. The
hacker exploits the system.
~ The exploit can occur over a LAN, locally, Internet,
offline, as a deception or theft. Examples include stackbased buffer overflows, denial of service, session
hijacking, password filtering etc.
~ Influencing factors include architecture and
configuration of target system, skill level of the
perpetrator and initial level of access obtained.
~ Business Risk – ‘Highest’ - The hacker can gain access
at operating system level, application level or network
level.
Phase 4 - Maintaining Access
Maintaining Access refers to the phase when the hacker
tries to retain his ‘ownership’ of the system.
~ The hacker has exploited a vulnerability and can tamper
and compromise the system.
~ Sometimes, hackers harden the system from other
hackers as well (to own the system) by securing their
exclusive access with Backdoors, RootKits, Trojans and
Trojan horse Backdoors.
~ Hackers can upload, download or manipulate data /
applications / configurations on the ‘owned’ system.
Phase 5 - Covering Tracks
Covering Tracks refers to the activities undertaken by
the hacker to extend his misuse of the system without
being detected.
~ Reasons include need for prolonged stay, continued use
of resources, removing evidence of hacking, avoiding
legal action etc.
~ Examples include Steganography, tunneling, altering
log files etc.
~ Hackers can remain undetected for long periods or use
this phase to start a fresh reconnaissance to a related
target system.
Hacker Classes
Black hats :
• Individuals with
extraordinary computing
skills, resorting to malicious
or destructive activities.
Also known as ‘Crackers.’
~White Hats :
• Individuals professing
hacker skills and using
them for defensive
purposes. Also known as
‘Security Analysts’.
~Gray Hats :
• Individuals who work both
offensively and defensively
at various times.
~Ethical Hacker Classes :
• Former Black Hats
– Reformed crackers
– First-hand experience
– Lesser credibility perceived
• White Hats
– Independent security
consultants (maybe groups
as well)
– Claims to be knowledgeable
about black hat activities
• Consulting Firms
– Part of ICT firms
– Good credentials
Hacktivism
~ Refers to ‘hacking with / for a cause’.
~ Comprises of hackers with a social or political agenda
~ Aims at sending across a message through their hacking
activity and gaining visibility for their cause and
themselves.
~ Common targets include government agencies, MNCs,
or any other entity perceived as ‘bad’ or ‘wrong’ by these
groups / individuals.
~ It remains a fact however, that gaining unauthorized
access is a crime, no matter what the intent.