ETHICAL HACKING MODULE 1
Introduction to Ethical Hacking : Defining hacker, Ethical Hacking, Understanding the Need
to Hack Your Own Systems, Understanding the Dangers Your Systems Face, Nontechnical
attacks Networkinfrastructure attacks, Operating system attacks, Application and other
specialized attacks, Obeying the Ethical hacking Commandments, Working ethically
Respecting privacy Not crashing your systems, The Ethical hacking Process: Formulating
your plan, Selecting tools Executing the plan, Evaluating results.
» Hackers (or external attackers) try to compromise computers, sensitive information, and
even entire networks for ill-gotten gains — usually from the outside — as unauthorized users.
» Malicious users (external or internal attackers) try to compromise computers and sensitive
information from the outside (i.e. customers or business partners) or the inside as authorized
and trusted users.
» Ethical hackers (or good guys) hack systems to discover vulnerabilities to protect against
unauthorized access, abuse, and misuse. Information security researchers, consultants, and
internal staff fall into this category.
INTRODUCTION TO ETHICAL HACKING
To crack passwords or to steal data? No, it is much more than that. Ethical hacking is
to scan vulnerabilities and to find potential threats on a computer or networks. An ethical
hacker finds the weak points or loopholes in a computer, web applications or network and
reports them to the organization.
HACKER
A hacker is a person who breaks into a computer system. The reasons for hacking can be
many: installing malware, stealing or destroying data, disrupting service, and more. Hacking
can also be done for ethical reasons, such as trying to find software vulnerabilities so they can
be fixed.
Hackers breach defences to gain unauthorized access into computers, phones, tablets, IoT
devices, networks, or entire computing systems. Hackers also take advantage of weaknesses
in network security to gain access. The weaknesses can be technical or social in nature.
Technical weaknesses: Hackers can exploit software vulnerabilities or weak security
practices to gain unauthorized access or inject malware, for example.
Social weaknesses: Hackers can also use social engineering to convince those with
privileged access to targeted systems to click on malicious links, open infected files, or
reveal personal information, thereby gaining access to otherwise hardened infrastructures.
These are various types of hackers :
(1) White Hat Hackers (Cyber-Security Hacker)
(2) Black Hat Hackers (Cracker)
(3)Gray Hat Hackers (Both)
1. White Hat Hackers:
Here, we look for bugs and ethically report it to the organization. We are authorized as
a user to test for bugs in a website or network and report it to them. White hat hackers
generally get all the needed information about the application or network to test for,
1
� ETHICAL HACKING MODULE 1
from the organization itself. They use their skills to test it before the website goes live
or attacked by malicious hackers.
2. Black Hat Hackers:
Here, the organization doesn’t allow the user to test it. They unethically enter inside the
website and steal data from the admin panel or manipulate the data. They only focus on
themselves and the advantages they will get from the personal data for personal
financial gain. They can cause major damage to the company by altering the functions
which lead to the loss of the company at a much higher extent. This can even lead you
to extreme consequences.
3. Grey Hat Hackers:
They sometimes access to the data and violates the law. But never have the same
intention as Black hat hackers, they often operate for the common good. The main
difference is that they exploit vulnerability publicly whereas white hat hackers do it
privately for the company.
Importance of ethical hacking
Hacking is important for several purposes. Consider the below points:
o In the existing industry, there are many jobs for ethical hacking. In the organization,
to test the security systems, ethical hacking is really useful. Ethical hacking ensures
that all the systems are secure and not vulnerable to black hat hackers. These days,
there are a lot of hacking attacks. That's why the demand for ethical hackers is huge.
o We hear that attackers are hacked the big companies and big systems. Sometimes
ago, a hacker hacked the Uber website. Due to this, the important information of
around 50 million users was exposed. Many big companies like Google, Yahoo,
Instagram, Facebook, Uber, they hire hackers. The hackers try to hack their systems.
After hacking the system, they tell all the places where they found the weakness so
that the company can fix it. Many companies also perform bug bounty programs. In
this program, all the hackers around the world try to hack the website or web of that
company. If the hacker finds any bug, the company will pay them a reward for the
bug.
o Ethical hacking is used to secure important data from enemies. It works as a
safeguard of your computer from blackmail by the people who want to exploit the
vulnerability. Using ethical hacking, a company or organization can find out security
vulnerability and risks.
o Governments use State-sponsored hacking to prevent intelligence information about
influence politics, an enemy state, etc. Ethical hacking can ensure the safety of the
nation by preventing cyber-terrorism and terrorist attacks.
o Hackers can think from an attacker's perspective and find the potential entry point
and fix them before any attacks.
2
� ETHICAL HACKING MODULE 1
o Ethical hacking helps us learn new skills used in many roles like software developer,
risk management, quality assurance tester, and network defender.
o In a company, the trained ethical hackers are the main strength. To ensure the
functions of software aptly, ethical hackers can apply quick security tests under
extreme and standard conditions.
o Ethical hackers develop many tools and methods and quality assurance tester to
eliminate all the system's vulnerabilities.
o In an organization, ethical hacking can identify the weakness of your software
security. Using the hacker's perspective, you can look at your security and fix any
anomalies before making a problem in the company's success.
Understanding the Need to Hack Your Own Systems
To catch a thief, you must think like a thief. That adage is the basis of vulnerability and
penetration testing. Knowing your enemy is critical. The law of averages works against
security. With the increased number of hackers and their expanding knowledge, and the
growing number of system vulnerabilities and other unknowns, all computer systems and
applications will eventually be hacked or compromised in some way. Protecting your systems
from the bad guys —not just addressing general security best practices — is critical. When
you know hacker tricks, you find out how vulnerable your systems really are.
Hacking preys on weak security practices and undisclosed vulnerabilities. longstanding,
known vulnerabilities are also being targeted. Firewalls, encryption, and other fancy (and
expensive) security technologies often create a false feeling of safety. Vulnerability and
penetration testing is a proven method for greatly hardening your systems from attack. If you
don’t identify weaknesses, it’s only a matter of time before the vulnerabilities are exploited
As hackers expand their knowledge, so should you. You must think like them and work like
them to protect your systems from them. As an ethical hacker, you must know the activities
that unethical hackers carry out, as well as how to stop their efforts. Knowing what to look
for and how to use that information helps you thwart hackers’ efforts
You don’t have to protect your systems from everything. You can’t. The only protection
against everything is unplugging your computer systems and locking them away so no one
can touch them — not even you. But doing so is not the best approach to security, and it’s
certainly not good for business! What’s important is protecting your systems from known
vulnerabilities and common attacks — the 20 percent of the issues that create 80 percent of
the risks, which happen to be some of the most overlooked weaknesses in most organizations
3
� ETHICAL HACKING MODULE 1
Anticipating all the possible vulnerabilities you’ll have in your systems and business
processes is impossible. You certainly can’t plan for all types of attacks — especially the
unknown ones. But the more combinations you try and the more often you test whole systems
instead of individual units, the better your chances are of discovering vulnerabilities that
affect your information systems in their entirety.
Your overall goals for security testing are to:
» Prioritize your systems so that you can focus your efforts on what matters.
» Test your systems in a nondestructive fashion.
» Enumerate vulnerabilities and, if necessary, prove to management that business risks exist.
» Apply results to address the vulnerabilities and better secure your systems
Understanding the Dangers Your Systems Face
Nontechnical attacks
Exploits that involve manipulating people — end users and even you — are the greatest
vulnerability in any computer or network infrastructure. Humans are trusting by nature,
which can lead to social-engineering exploits. Social engineering is exploiting the trusting
nature of human beings to gain information (often via email phishing — for malicious
purposes.
Other common, effective attacks against information systems are physical. Hackers break
into buildings, computer rooms, or other areas that contain critical information or property to
steal computers, servers, and other valuable equipment. Physical attacks can also include
dumpster diving — rummaging through trash cans and bins for intellectual property,
passwords, network diagrams, and other information
Network infrastructure attacks
Attacks on network infrastructures can be easy to accomplish because many networks can be
reached from anywhere in the world via the Internet. Examples of network infrastructure
attacks include the following:
» Connecting to a network through an unsecured wireless access point attached behind a
firewall.
4
� ETHICAL HACKING MODULE 1
» Exploiting weaknesses in network protocols, such as File Transfer Protocol (FTP) and
Secure Sockets Layer (SSL).
» Flooding a network with too many requests, creating denial of service (DoS) for legitimate
requests.
» Installing a network analyzer on a network segment and capturing every packet that travels
across it, revealing confidential information in clear text
Operating system attacks
OS attacks make up a large portion of attacks simply because every computer has an
operating system. they are susceptible to many well-known exploits, including vulnerabilities
that remain unpatched years later
Here are some examples of attacks on operating systems:
» Exploiting missing patches
» Attacking built-in authentication systems
» Breaking file system security
» Cracking passwords and weak encryption implementation
Application and other specialized attacks
the following are examples of application attacks and related exploits that are often present
on business networks
» Web applications are everywhere. Thanks to what’s called shadow IT, in which people in
various areas of the business run and manage their own technology, web applications are in
every corner of the internal network and out in the cloud. Unfortunately, many IT and
security professionals are unaware of the presence of shadow IT and the risks it creates.
» Mobile apps face increasing attacks, given their popularity in business settings. There are
also rogue apps discovered on the app stores that can create challenges in your environment.
5
� ETHICAL HACKING MODULE 1
» Unsecured files containing sensitive information are scattered across workstation and server
shares as well as out into the cloud in places like OneDrive and Google Drive. Database
systems also contain numerous vulnerabilities that malicious users can exploit
Obeying the ethical hacking Commandments:
1. Thou shall set thy goals
An еthісаl hасkеr ѕhоuld ѕеt simple gоаlѕ, ѕuсh аѕ fіndіng unаuthоrіsеd wіrеlеѕѕ
access роіntѕ or оbtаіnіng іnfоrmаtіоn frоm a wіrеd network ѕуѕtеm. In any case, the
gоаlѕ ѕhоuld be аrtісulаtе аnd wеll соmmunісаtеd.
2. Thоu ѕhаlt plan thу wоrk, lеѕt thou gо оff соurѕе
Ethical hасkеrѕ are bound by constraints. Consequently, it іѕ іmроrtаnt tо dеvеlор
a ѕtrаtеgу рlаn whісh ѕhоuld іnсludе identifying thе networks tо tеѕt, specifying thе
tеѕtіng interval, ѕресіfуіng thе tеѕtіng рrосеѕѕ, аnd obtaining аррrоvаl оf thе plan.
3. Thоu ѕhаlt оbtаіn реrmіѕѕіоn
Written permission іѕ required and ѕhоuld ѕtаtе that аn еthісаl hасkеr іѕ аuthоrіsеd
tо реrfоrm a test ассоrdіng tо thе plan. It ѕhоuld аlѕо say that the organisation wіll
provide legal and оrgаnіsаtіоnаl ѕuрроrt in саѕе criminally charges or lаwѕuіtѕ arise.
Thіѕ is соndіtіоnаl оn ѕtауіng wіthіn the bоundѕ оf thе approved рlаn.
4. Thou ѕhаlt work еthісаllу
An еthісаl hacker is bound to соnfіdеntіаlіtу аnd nоn-dіѕсlоѕurе оf information they
mау unсоvеr. Ethісаl hackers must аlѕо be соmрlіаnt wіth thеіr оrgаnіsаtіоn'ѕ
governance and local lаwѕ. An еthісаl hack muѕt nоt bе performed whеn the company
роlісу оr thе lаw fоr thаt matter, еxрlісіtlу fоrbіdѕ it.
5. Thоu shalt kеер records
Patience and thоrоughnеѕѕ аrе attributes оf a gооd еthісаl hасkеr. A hаllmаrk of
еthісаl hасkеr рrоfеѕѕіоnаlіѕm іѕ kееріng аdеԛuаtе rесоrdѕ tо ѕuрроrt fіndіngѕ. Thе
dаtе аnd dеtаіlѕ regarding each test, whether оr nоt thеу wеrе ѕuссеѕѕful, ѕhоuld be
logged and rесоrdеd аnd a duрlісаtе copy of the lоg bооk should bе kерt.
6. Thоu ѕhаlt rеѕресt thе рrіvасу оf оthеrѕ
An еthісаl hасkеr must nоt abuse thеіr аuthоrіtу. Ethical hackers must snoop
into confidential corporate rесоrdѕ оr рrіvаtе lіvеѕ. Thе іnfоrmаtіоn thаt іѕ unсоvеrеd
ѕhоuld be treated wіth the same care оnе would gіvе tо their оwn реrѕоnаl
іnfоrmаtіоn.
7. Thоu ѕhаlt dо nо hаrm
6
� ETHICAL HACKING MODULE 1
Thе асtіоnѕ оf аn ethical hacker mау have unplanned repercussions. It is еаѕу tо
gеt саught uр іn the wоrk and саuѕе a dеnіаl оf service оr trаmрlе оn ѕоmеоnе еlѕе'ѕ
rights. It іѕ іmроrtаnt tо ѕtісk to thе оrіgіnаl рlаn.
8. Thоu shalt uѕе a scientific рrосеѕѕ
Thе wоrk оf an еthісаl hасkеr should аdорt аn еmріrісаl mеthоd. An еmріrісаl
method wіll help ѕеt ԛuаntіfіаblе goals, dеvеlор соnѕіѕtеnt аnd rереаtаblе tests, and
рrоvіdе tests thаt are vаlіd іn the future.
9. Thоu shalt nоt соvеt thу nеіghbоur'ѕ tools
Ethical hасkеrѕ will аlwауѕ discover nеw tооlѕ tо help thеm gеt thеіr jоb done. Tools
аrе abundant оn thе Intеrnеt аnd mоrе аrе соmіng out аll thе tіmе. Thе temptation tо
grab thеm аll іѕ fierce. Although іt іѕ possible to use all оf the tооlѕ that аrе available,
it is rесоmmеndеd thаt an еthісаl hасkеr сhооѕе оnе and ѕtісk wіth іt.
10. Thоu ѕhаlt report all thу fіndіngѕ
Ethical hackers should рlаn tо report аnу high-risk vulnerabilities discovered
durіng tеѕtіng аѕ ѕооn as thеу are fоund. Rероrtѕ are оnе wау fоr the оrgаnіzаtіоn tо
determine thе соmрlеtеnеѕѕ аnd thоrоughnеѕѕ оf the wоrk оf аn еthісаl hасkеr аnd
рrоvіdеѕ a means fоr peers tо rеvіеw mеthоdоlоgіеѕ, fіndіngѕ, аnаlуѕіѕ, and
соnсluѕіоnѕ.
Following the Security Assessment Principles:
Security professionals must carry out the same attacks against computer systems, physical controls,
and people that malicious hackers do. (I introduce those attacks in the preceding section.) A security
professional’s intent, however, is to highlight any associated weaknesses. Parts 2 through 5 of this
book cover how you might proceed with these attacks in detail, along with specific countermeasures
you can implement against attacks on your business. To ensure that security testing is performed
adequately and professionally, every security professional needs to follow a few basic tenets. The
following sections introduce the important principles.
Working ethically
The word ethical in this context means working with high professional morals and values. Whether
you’re performing security tests against your own systems or for someone who has hired you,
everything you do must be aboveboard in support of CHAPTER 1 Introduction to Vulnerability and
Penetration Testing 17 the company’s goals, with no hidden agenda — just professionalism. Being
ethical also means reporting all your findings, whether or not they may create political backlash.
7
� ETHICAL HACKING MODULE 1
Trustworthiness is the ultimate tenet. It’s also the best way to get (and keep) people on your side in
support of your security program. Misusing information and power is forbidden; that’s what the bad
guys do, so let them pay a fine or go to prison because of their poor choices
Respecting privacy
Treat the information you gather with respect. All information you obtain during your testing — from
web application flaws to clear text email passwords to personally identifiable information (PII) and
beyond — must be kept private. Nothing good can come of snooping into confidential corporate
information or employees’ private lives
Not crashing your systems
One of the biggest mistakes that people make when trying to test their own systems is inadvertently
crashing the systems they’re trying to keep running. Crashing systems doesn’t happen as often as it
used to, given the resiliency of today’s systems, but poor planning and timing can have negative
consequences. Although you’re not likely to do so, you can create DoS conditions on your systems
when testing. Running too many tests too quickly can cause system lockups, data corruption,
reboots, and similar problems, especially when you’re testing older servers and web applications.
Don’t assume that a network or specific host can handle the beating that network tools and
vulnerability scanners can dish out.
You can even accidentally create an account or system lockout by using vulnerability scanners or by
socially engineering someone into changing a password without realizing the consequences of your
actions. Proceed with caution and common sense. Either way, be it you or someone else, these
weaknesses still exist, and it’s better that you discover them first
The Ethical Hacking process:
As with practically any IT or security project, you need to plan security testing. It’s been said that
action without planning is the root of every failure. Strategic and tactical issues in vulnerability and
penetration testing need to be determined and agreed on in advance. The following are the steps
involved in ethical hacking process:
Formulating your plan Getting approval for security testing is essential. Make sure that what
you’re doing is known and visible — at least to the decision-makers. Obtaining sponsorship of the
project is the first step. This is how your testing objectives are defined. Sponsorship could come from
your manager, an executive, your client, or even yourself if you’re the boss. You need someone to
back you up and sign off on your plan. Otherwise, your testing may be called off unexpectedly if
8
� ETHICAL HACKING MODULE 1
someone (including third parties such as cloud service and hosting providers) claims that you were
never authorized to perform the tests.
Worse, you could be fired or charged with criminal activity. The authorization can be as simple as an
internal memo or an email from your boss when you perform these tests on your own systems. If
you’re testing for a client, have a signed contract stating the client’s support and authorization. Get
written approval of this sponsorship as soon as possible to ensure that none of your time or
effort is wasted. This documentation is your “Get Out of Jail Free” card if anyone — such as your
Internet service provider (ISP), cloud service provider, or a related vendor —questions what you’re
doing or if the authorities come calling.. You need a detailed plan, but you don’t need volumes of
testing procedures that make the plan overly complex. A well-defined scope includes the following
information:
» Specific systems to be tested: When selecting systems to test, start with the most critical systems
and processes or the ones that you suspect are the most vulnerable. You could test server OS
passwords, test an Internet-facing web application, or attempt social engineering via email phishing
before drilling down into all your systems.
» Risks involved: Have a contingency plan for your security testing process in case something
goes awry. Suppose that you’re assessing your firewall or web application, and you take it down. This
situation can cause system unavailability, which can reduce system performance or employee
productivity. Worse, it might cause loss of data integrity, loss of data itself, and even bad publicity.
It’ll most certainly tick off a person or two and make you look bad. All of these can create business
risks
» Dates when the tests will be performed and overall timeline: Determining when the tests are to
be performed is something you must think long and hard about. Decide whether to perform tests
during normal business hours, or late at night or early in the morning so that production systems
aren’t affected. Involve others to make sure that they approve of your timing.
You may get pushback and suffer DoS-related consequences, but the best approach is an unlimited
attack, in which any type of test is possible at any time of day. The bad guys aren’t breaking into your
systems within a limited scope, so why should you? Some exceptions to this approach are performing
all-out DoS attacks, social engineering, and physical security tests.
» Whether you intend to be detected: One of your goals may be to perform the tests without being
detected. You might perform your tests on remote systems or on a remote office and don’t want the
9
� ETHICAL HACKING MODULE 1
users to be aware of what you’re doing. Otherwise, the users or IT staff may catch on to you and be on
their best behavior instead of their normal behavior.
» Whether to leave security controls enabled: An important, yet oftenoverlooked, issue is whether
to leave enabled security controls such as firewalls, intrusion prevention systems (IPSes), and web
application firewalls (WAFs) so that they block scans and exploit attempts. Leaving these controls
enabled provides a real-world picture of where things stand
» Knowledge of the systems before testing: You don’t need extensive knowledge of the systems
you’re testing — just basic understanding, which protects both you and the tested systems.
Understanding the systems you’re testing shouldn’t be difficult if you’re testing your own in-house
systems. If you’re testing a client’s systems, you may have to dig deeper. In fact, only one or two
clients have asked me for a fully blind assessment.
Most IT managers and others who are responsible for security are scared of blind assessments, which
can take more time, cost more, and be less effective. Base the type of test you perform on the
organization’s or client’s needs.
» Actions to take when a major vulnerability is discovered: Don’t stop after you find one or two
security holes; keep going to see what else you can discover. I’m not saying that you should keep
testing until the end of time or until you crash all your systems; ain’t nobody got time for that!
Instead, simply pursue the path you’re going down until you can’t hack it any longer .If you haven’t
found any vulnerabilities, you haven’t looked hard enough. Vulnerabilities are there. If you uncover
something big, you need to share that information with the key players (developers, database
administrators, IT managers, and so on) as soon as possible to plug the hole before it’s exploited.
» The specific deliverables: Deliverables include vulnerability scanner reports and your own distilled
report outlining important vulnerabilities to address, along with recommendations and
countermeasures to implement.
Selecting tools:
Automatic tools has changed the world of penetration testing/ethical hacking, IT security researcher
has been developed and currently developing different tools to make the test fast, reliable and easier
task. Without automatic tools, the hacking process is slow and time consuming
Make sure that you’re using tools like these for your tasks:
» To crack passwords, you need cracking tools such as Ophcrack and Proactive Password Auditor.
10
� ETHICAL HACKING MODULE 1
» For an in-depth analysis of a web application, a web vulnerability scanner (such as Netsparker or
Acunetix Web Vulnerability Scanner) is more appropriate than a network analyzer (such as Wireshark
or Omnipeek).
use the tools in the ways that they’re intended to be used. Here are ways to do that:
» Read the readme and/or online help files and FAQs (frequently asked questions).
» Study the user guides. » Use the tools in a lab or test environment.
» Watch tutorial videos on YouTube (if you can bear the poor production of most of them).
» Consider formal classroom training from the security-tool vendor or another third-party training
provider, if available.
Look for these characteristics in tools for security testing:
» Adequate documentation.
» Detailed reports on discovered vulnerabilities, including how they might be exploited and fixed.
» General industry acceptance.
» Availability of updates and responsiveness of technical support.
» High-level reports that can be presented to managers or nontechnical types (especially important in
today’s audit- and compliance-driven world).
SAMPLE SECURITY TESTING TOOLS
• Acunetix Web Vulnerability Scanner
• Cain & Abel
• CommView for WiFi
• Elcomsoft System Recovery
• Metasploit
• Nessus
• NetScanTools Pro
• Netsparker
• Nexpose
• Omnipeek
• SoftPerfect Network Scanner
Executing the plan
Good security testing takes persistence. Time and patience are important. Also, be careful when
you’re performing your tests. A criminal on your network or a seemingly benign employee looking
over your shoulder may watch what’s going on and use this information against you or your business.
Making sure that no hackers are on your systems before you start isn’t practical. Just be sure to keep
everything as quiet and private as possible, especially when you’re transmitting and storing test
11
� ETHICAL HACKING MODULE 1
results. If possible, encrypt any emails and files that contain sensitive test information or share them
via a cloud-based file sharing service.
You’re on a reconnaissance mission. Harness as much information as possible about your
organization and systems, much as malicious hackers do. Start with a broad view and narrow your
focus. Follow these steps:
1. Search the Internet for your organization’s name, its computer and network system names,
and its IP addresses. Google is a great place to start.
2. Narrow your scope, targeting the specific systems you’re testing. Whether you’re assessing
physical security structures or web applications, a casual assessment can turn up a lot of information
about your systems.
3. Further narrow your focus by performing scans and other detailed tests to uncover
vulnerabilities on your systems.
4. Perform the attacks and exploit any vulnerabilities you find (if that’s what you choose to do)
Evaluating results:
Assess your results to see what you’ve uncovered, assuming that the vulnerabilities haven’t been
made obvious before now. evaluate the results and correlating the specific vulnerabilities discovered.
You’ll end up knowing your systems much better than anyone else does, which will make the
evaluation process much simpler moving forward. Submit a formal report to management or to your
client, outlining your results and any recommendations you need to share. Keep these parties in the
loop to show that your efforts and their money are well spent.
Moving on:
When you finish your security tests, you (or your client) still need to implement your
recommendations to make sure that the systems are secure. Otherwise, all the time, money, and effort
spent on testing goes to waste. To make our system secure we need to update and test our system
frequently because New security vulnerabilities will appear continuously
12
