ethical hacking
TRANSCRIPT
![Page 1: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/1.jpg)
CAUTION HACKER AT WORK
Ethical Hacking
![Page 2: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/2.jpg)
Hacking
• Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works.
• Hacking is the act of gaining access without legal authorization to a computer or computer network or network resources.
![Page 3: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/3.jpg)
Hacking means making something work regardless of the circumstances
![Page 4: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/4.jpg)
Hacking is not very complex
![Page 5: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/5.jpg)
Ethical Hacking
• Ethical hacking is the use of hacking knowledge to attempt to enter a network to find its loopholes and back doors.
• It is often referred to as ‘legalized hacking’ and yes it is indeed legal and can even reap a lot of profits for highly skilled individuals.
![Page 6: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/6.jpg)
Hacker• Hackers are actually computer enthusiasts who
know a lot about computers and computer networks and use this knowledge with a criminal intent.
• He is a person who uses his hacking skills and tool sets for destructive or offensive purposes such as disseminating viruses or performing DoS attacks to compromise or bring down systems and networks.
• Hackers are sometimes paid to damage corporate reputations or steal or reveal credit-card information
![Page 7: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/7.jpg)
Types of Hackers
• White hat – Good guys Don’t use their skills for illegal purposes Computer security experts
• Black hat – Bad guys Use their skills for illegal purposes Criminals
![Page 8: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/8.jpg)
Types of Hackers
• Script kiddies – Wannabe hackers No technical skills Have no clue about what’s happening in
• Elite hackers – Usually professionals Develop new attacks/tools
![Page 9: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/9.jpg)
Why perform an ethical hack?Why perform an ethical hack?
To determine flaws and vulnerabilities To provide a quantitative metric for evaluating
systems and networks To measure against pre-established baselines To determine risk to the organization To design mitigating controls
To determine flaws and vulnerabilities To provide a quantitative metric for evaluating
systems and networks To measure against pre-established baselines To determine risk to the organization To design mitigating controls
![Page 10: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/10.jpg)
Skills Required Becoming an Ethical Hacker
Criminal mindset
Thorough knowledge about Computer
programming, Networking and operating
systems. highly targeted platforms (such
as Windows, Unix, and Linux), etc.
Patience, persistence, and immense
perseverance
![Page 11: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/11.jpg)
Levels in Ethical HackingLevels in Ethical Hacking
![Page 12: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/12.jpg)
Ethical Hacking StepsEthical Hacking Steps
![Page 13: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/13.jpg)
Gathering information of target informationInternet Domain name, network
blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes
Intranet Protocols (IP,NETBIOS), internal domain names, etc
Remote access Phone numbers, remote control, telnet, authentication
Extranet Connection origination, destination, type, access control
FootprintingFootprinting
![Page 14: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/14.jpg)
1414
After obtaining a list of network and IP addresses scanning starts: ping sweeps (active machines): user pinger in Windows and
nmap in Linux/UNIX. This is an example of pinger.
TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged.
In Windows NT use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools.
ScanningScanning
![Page 15: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/15.jpg)
Types of ScanningTypes of Scanning
Scanning Type Purpose
Port scanning Determines open ports and services
Network scanning IP addresses
Vulnerability scanning
Presence of known weaknesses
![Page 16: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/16.jpg)
Scanning ToolsScanning Tools
■ Nmap
■ Nessus
■ SNMP Scanner
■ THC-Scan
■ Netscan
■ IPSecScan
![Page 17: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/17.jpg)
Enumeration
• After scanning process and is the process of gathering and compiling usernames, machine names, network resources, shares, and services.
• It also refers to actively querying or connecting to a target system to acquire this information.
![Page 18: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/18.jpg)
Attack• SQL injection• SQL injection is a code injection technique that
exploits a security vulnerability occurring in the database layer of an application.
• The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
![Page 19: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/19.jpg)
SQL injection
• During a SQL injection attack, malicious code is inserted into a web form field or the website’s code to make a system execute a command shell or other arbitrary commands.
• Just as a legitimate user enters queries and additions to the SQL database via a web form, the hacker can insert commands to the SQL server through the same web form field.
![Page 20: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/20.jpg)
Wireless Hacking Techniques
• Cracking encryption and authentication mechanism
• Eavesdropping or sniffing
• Denial of Service
• AP masquerading or spoofing
• MAC spoofing
![Page 21: Ethical hacking](https://reader033.vdocuments.net/reader033/viewer/2022052619/556207e7d8b42acd4e8b5915/html5/thumbnails/21.jpg)
Wi-Fi network security
• Use Strong Encryption Protocol
• Don’t Announce Yourself-Disable SSID
• Change Default Administrator Passwords and Usernames
• Limit Access To Your Access Point
• Do Not Auto-Connect to Open Wi-Fi Networks
• Assign Static IP Addresses to Devices
• Enable Firewalls On Each Computer and the Router
• Position the Router or Access Point Safe