III CSE-CS II SEM VA&PT
UNIT III
Introduction to Ethical Hacking Terminology-Five stages of hacking-Vulnerability Research-
Legal implication of hacking Impact of hacking. Foot printing & Social engineering.
Introduction to Ethical Hacking Terminology:
Ethical hacking, also known as penetration testing or white-hat hacking, involves legally
breaking into computers and devices to test an organization's defenses. Ethical hackers use
their skills to identify vulnerabilities and help organizations secure their systems. Below are
some fundamental terminologies associated with ethical hacking:
1. Hacker Types
White-Hat Hacker: Ethical hackers who use their skills to improve security.
Black-Hat Hacker: Malicious hackers who exploit systems for personal gain.
Gray-Hat Hacker: Hackers who fall between ethical and malicious hacking, often
identifying vulnerabilities without permission.
2. Cybersecurity Terms
Penetration Testing: Simulated cyberattacks to test security.
Vulnerability: A weakness in a system that can be exploited.
Exploit: A method used to take advantage of a vulnerability.
Zero-Day Attack: An attack on a vulnerability before a fix is available.
Backdoor: A secret entry point into a system bypassing security measures.
3. Attack Techniques
Phishing: Deceptive emails or messages designed to steal information.
Social Engineering: Manipulating people into revealing confidential data.
Denial of Service (DoS) Attack: Overloading a system to disrupt services.
Brute Force Attack: Trying multiple password combinations to gain access.
SQL Injection: Injecting malicious SQL code to manipulate databases.
4. Security Measures
Firewall: A security system that monitors and controls network traffic.
Encryption: Encoding data to prevent unauthorized access.
Multi-Factor Authentication (MFA): Requiring multiple verification steps to log in.
Intrusion Detection System (IDS): Monitors networks for suspicious activity.
Virtual Private Network (VPN): Secures internet connections by encrypting traffic.
5. Ethical Hacking Process
Reconnaissance: Gathering information about the target system.
Scanning: Identifying open ports and vulnerabilities.
Gaining Access: Exploiting vulnerabilities to enter the system.
Maintaining Access: Ensuring continued access (for ethical purposes).
1
III CSE-CS II SEM VA&PT
Covering Tracks: (Ethical hackers report findings instead of hiding them).
Discovering vulnerabilities from an attacker’s POV so that weak points can be fixed.
Implementing a secure network that prevents security breaches.
Types of Ethical Hacking?
Web Application Hacking System Hacking
Web Server Hacking Hacking Wireless Network
Social Engineering
Types of Hacking/Hackers:
Hackers are of different types and are named based on their intent of the hacking system.
Broadly, there are two main types in hacking/hacker – White-Hat hacker and Black-Hat
hacker. The names are derived from old Spaghetti Westerns, where the good guy wears a
white hat and the bad guy wears a black hat.
2
III CSE-CS II SEM VA&PT
White Hat Hacker
Ethical hackers or white hat hackers do not intend to harm the system or organization but
they do so, officially, to penetrate and locate the vulnerabilities, providing solutions to fix
them and ensure safety.
Black Hat Hacker
Contrary to an ethical hacker, black hat hackers or non-ethical hackers perform hacking to fulfill their
selfish intentions to collect monetary benefits.
Gray Hat Hacker
Grey hat hackers are the combination of white and black hat hackers. They hack without any
malicious intention for fun. They perform the hacking without any approval from the targeted
organization.
3
III CSE-CS II SEM VA&PT
Phases of Ethical Hacking:
Ethical hacking is a process of detecting vulnerabilities in an application, system, or organization’s
infrastructure that an attacker can use to exploit an individual or organization. They use this process to
prevent cyberattacks and security breaches by lawfully hacking into the systems and looking for weak
points. An ethical hacker follows the steps and thought process of a malicious attacker to gain
authorized access and test the organization’s strategies and network.
An attacker or an ethical hacker follows the same five-step hacking process to breach the network or
system. The ethical hacking process begins with looking for various ways to hack into the system,
exploiting vulnerabilities, maintaining steady access to the system, and lastly, clearing one’s tracks.
The five phases of ethical hacking are:
1. Reconnaissance:(Information Gathering)
“Hackers gather information about the target, such as IP addresses, domain details, employee
emails, and technology stack.”
4
III CSE-CS II SEM VA&PT
Reconnaissance is the first step in ethical hacking. It’s often referred to as footprinting. Here,
a hacker tries collecting various kinds of data, such as employee information, IP addresses,
network topology, and domain names, using active and passive approaches. The purpose is to
create a diagram of the target’s digital and physical assets.
Active Reconnaissance: This method involves direct interaction with the target system,
which may warn the target about possible scans.
Passive Reconnaissance: This implies collecting data without direct contact with the target,
making it untraceable.
Popular Tools Used are:
Nmap
Whois
Maltego
Shodan, Google Dorking
Reconnaissance Techniques Commonly Used:
Google Dorking: Utilizing sophisticated search operators to find sensitive information online.
Whois Lookup: Collecting information on who owns the domain, IP addresses, etc.
Social Engineering: Mupulating people into revealing private information regarding targets; this can
be done through phishing messages, for instance.
DNS Enumeration: To create a topology of the target’s infrastructure by finding all DNS entries
linked with the domain name concerned.
Network Scanning: One can learn about active systems and running services using tools like Nmap.
2. Scanning: (Vulnerability Assessment)
“The attacker scans the target system for open ports, vulnerabilities, and weaknesses.”
At that point, the hacker goes to the scanning stage after having enough information. Scanning
recognizes open ports, active devices, and services in the targeted network. It also helps to identify
areas of vulnerability that can be targeted. Scanning is usually divided into three categories:
Port Scanning: Finding open ports or services with Nmap or Angry IP Scanner.
Vulnerability Scanning: Detecting known weaknesses in systems and applications using Nessus.
Network Mapping: Creating a blueprint of network topology with tools such as SolarWinds.
Popular Tools Used:
Nessus
OpenVAS
Angry IP Scanner
Nmap
Nikto
Commonly used techniques for Scanning
Port Scanning: Using tools like Nmap or Angry IP Scanner to find open ports or services.
Vulnerability Scanning: Using tools like Nessus to detect known weaknesses in systems and
applications.
Network Mapping: Generating a visual map that shows the network topology with applications like
SolarWinds.
Banner Grabbing: This involves collecting software version information from open services to help
determine any weaknesses.
Ping Sweeps: This entails sending ICMP requests to identify active hosts on a particular network.
5
III CSE-CS II SEM VA&PT
3. Gaining Access:(Exploitation)
“The hacker exploits vulnerabilities found in the previous phase to gain unauthorized access.”
During this crucial stage, the intruder utilizes the weaknesses identified during scanning for
unauthorized entry into the target system. This may involve leveraging applications, operating
systems, or network flaws. The objective is establishing access at different privilege levels, from user
accounts to administrative control. Exploitation Methods comprise buffer overflows, SQL injection,
and cross-site scripting (XSS).
Popular Tools Used:
Metasploit
SQLmap
Hydra
Social Engineering
Commonly used techniques for Gaining Access:
Password Cracking: Using brute force and dictionary attacks or to crack passwords, rainbow tables
are used.
Exploration of Vulnerabilities: Unauthorized access can be obtained by exploiting known
vulnerabilities such as SQL Injection or buffer overflows.
Privilege Escalation: Higher-level privileges are acquired within a system through exploitation or
misconfiguration.
Session Hijacking: Taking over a valid session between a user and a system gives entrance without
permission.
Man-in-the-Middle (MITM) Attacks: By intercepting communication between two parties, sensitive
data can be accessed, violating confidentiality principles.
4. Maintaining Access:(Persistence)
“After gaining access, hackers create backdoors, rootkits, or install malware to ensure
continued access.”
Once inside, the intruder must maintain a presence on the target machine for further actions such as
gathering or monitoring sensitive data. Therefore, backdoors, rootkits, or Trojan horses can be
installed at this point to ensure continued access to the device even after it has been rebooted or
patched. Persistence Techniques: Employing malicious programs, establishing concealed user
accounts, or exploiting cron jobs.
Tools Used:
Netcat
Ngrok
Empire
C2 frameworks
Standard Methods of Maintaining Access:
Installing Backdoors: Creating permanent ways of accessing the system later, like backdoors or
rootkits.
Creating Hidden User Accounts: Adding unauthorized users with administrative privileges that are
hard to discover.
Tunneling: Employing strategies such as SSH tunneling for secure communication with an infected
machine.
Keystroke Logging: Capturing user’s keystroke entries to acquire confidential details such as
passwords or private information.
6
III CSE-CS II SEM VA&PT
Trojan Horses: Integrating applications that look real but permit unlawful entry.
5. Clearing Track:(Avoiding Detection)
“The attacker deletes logs, alters timestamps, and removes evidence to avoid being detected.”
The finale of ethical hacking revolves around ensuring the hacker remains under the radar. This
implies wiping logs, concealing files, and manipulating timestamps to eliminate evidence or proof of
any attack. The intention is to ensure that attackers can never be detected or traced via their attack
methodology.
Tools Used:
CCleaner
Stealth Rootkit
Timestomp
Log wiping
Encryption
Standard Methods For Covering Tracks:
Log Tampering: Deleting or modifying logs to erase evidence of hacking activities.
Steganography: Hiding malicious files or data within legitimate files to avoid detection.
File Timestamp Alteration: Changing the timestamps of modified files to mislead investigators.
Clearing Command Histories: Deleting or altering shell command histories to prevent detection.
Encryption: Encrypting communication and files to obscure activities makes forensic analysis more
difficult.
Vulnerability Research-:
“Vulnerability research in ethical hacking is the process of finding and analyzing potential
weaknesses in computer systems and software. The goal is to identify vulnerabilities that
could be exploited by attackers. ”
Vulnerability research is the process of identifying, analyzing, and understanding weaknesses
in information systems, software, or hardware that could be exploited by malicious actors.
This research is crucial for improving cyber security and protecting sensitive data. Here are
some key aspects of vulnerability research:
Identification: Researchers use various tools and techniques to discover vulnerabilities in
systems. This can include static analysis (examining code without executing it), dynamic
analysis (testing the system while it's running), and fuzz testing (inputting random data to
find unexpected behaviors).
Reviewing source code (static analysis)
Conducting penetration testing (dynamic analysis)
Using automated tools like fuzzers, debuggers, and vulnerability scanners
Analysis(Exploiting & Assessing Impact): Once a vulnerability is identified,
researchers analyze its potential impact and how it can be exploited. This involves
understanding the root cause of the vulnerability and the conditions under which it can be
triggered.
7
III CSE-CS II SEM VA&PT
Developing proof-of-concept exploits
Assessing the severity using CVSS (Common Vulnerability Scoring System)
Understanding potential attack vectors
Reporting & Mitigation:
Reporting: Researchers document their findings in detailed reports, which include
descriptions of the vulnerabilities, proof-of-concept exploits, and recommendations for
mitigation. These reports are often shared with the affected organizations or published in
security forums.
Mitigation: Based on the research findings, developers and security teams work to fix the
vulnerabilities by applying patches, updating software, or implementing additional security
measures.
Coordinating disclosure with vendors (e.g., via Bug Bounty programs or CVE reports)
Suggesting patches or mitigations
Working with security teams to fix the issue
Collaboration: Vulnerability researchers often collaborate with other security professionals,
developers, and organizations to share knowledge and improve overall cybersecurity. This
can include participating in bug bounty programs, attending security conferences, and
contributing to open-source projects.