Ethical Hacking

SUBMITTED TO: Dr S.L.GUPTA Prof USM(KUK) Mrs. REETA

SUBMITTED BY: RICHA CHADHA ROLL NO 4 MBA GEN(PREV)

HISTORY OF HACKING 

Since the 1980's, the Internet has vastly grown in popularity and computer security has become a major concern for businesses and governments 

In a search for ways to reduce the fear and worry of being hacked, organizations have come to the realization that an effective way to evaluate security threats is to have independent security exerts attempt to hack into their computer systems. With the growth of computing and networking in the early 1990's, computer and network vulnerability studies began to appear outside of the military organization.

testing. Ethical hacking is also known as penetration testing. .WHAT IS ETHICAL HACKING? Definition    Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. An ethical hacker is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems . testing. intrusion testing. teaming. or red teaming.

is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. hacker. They love discovering new ways to work electronically. a hacker is someone who likes to tinker with software or electronic systems. or simply a whitehat. Hackers enjoy exploring and learning how computer systems operate. also known as a Hacker. whitehat.  An Ethical Hacker. whitehat hacker. .WHO ARE ETHICAL HACKERS? Traditionally.

ETHICAL HACKING PROCESS .

FLOW CHART OF ETHICAL HACKING PROCESS PLANNING RECONNAISSANCE ENUMERATION VULNERABILITY ANALYSIS EXPLOITATION FINAL ANALYSIS DELIVERABLES INTEGRATION .

10 COMMANDMENTS OF ETHICAL HACKING .

Thou shalt keep records 6. Thou shalt plan thy work. lest thou go off course 3. Thou shalt do no harm 8.Thou shalt report all thy findings          . Thou shalt work ethically 5. Thou shalt set thy goals 2. Thou shalt use a scientific process 9 Thou shalt not covet thy neighbour's tools 10. 1. Thou shalt obtain permission 4. Thou shalt respect the privacy of others 7.

REQUIRED SKILLS .

an ethical hacker must complete a coursework consisting of 22 modules. the International Council of EECommerce Consultants (EC(ECCouncil) provides a professional certification for Certified Ethical Hackers (CEH) (CEH) In order to obtain certification. which range from 30 minutes to 5 hours or more.  . depending on the depth of the information provided.CERTIFICATION  Due to the controversy surrounding the profession of ethical hacking.

PROBLEMS ASSOCIATED WITH ETHICAL HACKING  Controversy Ethical Issues Legal Liability Forcing Services and Information on Organizations and Society    .

TYPES OF HACKING AND THEIR COUNTER MEASURES .

PASSWORD HACKING NETWORK HACKING E-MAIL HACKING WIRELESS HACKING DoS ATTACKS INPUT VALIDATION PRIVACY ATTACKS IP SPOOFING CRYPTOGRAPHY VIRUSES .

Most passwords can be cracked by using following techniques :      HASHING GUESSING DEFAULT PASSWORDS BRUTE FORCE PHISHING .PASSWORD HACKING Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.

NslookUp. Netstat. Ping. etc. Tracert. It also includes OS Fingerprinting.NETWORK HACKING  Network Hacking is generally means gathering information about domain by using tools like Telnet.  . Port Scaning and Port Surfing using various tools.

E-MAIL HACKING All email communications on the internet are possible by two protocols: 1) Simple Mail Transfer Protocol (SMTP port-25) port2) Post Office Protocol (POP port-110) portE-Mail hacking consists of various techniques as discussed below.Generally. 1) EMail Tracing :. . the path taken by an email while :travelling from sender to receiver can be explained by following diagram.

.

reboot. or it causes the target system to crash.DoS ATTACKS A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's users.There are several different kinds of dos attacks as discussed below:below: PING OF DEATH TEARDROP ATTACK LAND ATTACK SMURF ATTACK    . or otherwise deny services to legitimate users.

VIRUSES What is a Computer Virus ? A potentially damaging computer programme capable of reproducing itself causing great harm to files or other programs without permission or knowledge of the user. Types of viruses ::The different types of viruses are as followsfollows     BOOT SECTOR VIRUS FILE OR PROGRAM STEALTH VIRUSES POLYMORPHIC VIRUSES MACRO VIRUSES .

HACKING TOOLS .

http head.This tool developed by Fyodor is one of the :best unix and windows based port scanners.A Windows-only port scanner.PORT SCANNERS Nmap :. pinger.Windowsresolver SuperScan is a free Windows-only closed-source WindowsclosedTCP/UDP port scanner by Foundstone. . traceroute. Superscan :. and whois. It includes a variety of additional networking tools such as ping. and :. This advanced port scanner has a number of useful arguments that gives user a lot of control over the process.

existence of load balancers. NAT use.This tool developed by Fyodor is one of the :best unix and windows based active os fingerprinting tool.OS FINGERPRINTING TOOLS Nmap :. and more! .A passive OS fingerprinting tool. P0f is able :to identify the operating system of a target host simply by examining captured packets even when the device in question is behind an overzealous packet firewall.P0f can detect firewall presence. P0f :.

Win32. uncovering cached passwords and analyzing routing protocols.A powerful. Brute-Force and Cryptanalysis attacks. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors. and OpenVMS. Its primary purpose is to detect weak Unix passwords. revealing password boxes. as well as Kerberos AFS and Windows NT/2000/XP LM hashes. DOS. Bruterecording VoIP conversations. Several other hash types are added with contributed patches. This Windows-only password recovery tool handles Windowsan enormous variety of tasks. and fast multi:multiplatform password hash cracker. . cracking encrypted passwords using Dictionary. John the Ripper is a fast password cracker. flexible. currently available for many flavors of Unix. John the Ripper :. decoding scrambled passwords.The top password recovery tool for :Windows. BeOS.PASSWORD CRACKERS Cain and Abel :. It can recover passwords by sniffing the network.

and develop the OpenSSL toolkit and its related documentation. plan. Using Tor can help you anonymize web browsing and publishing. The :OpenSSL Project is a collaborative effort to develop a robust. Tor also provides a platform on which software developers can build new applications with built-in anonymity. and other applications that use the TCP protocol. and privacy features. and open source toolkit fullimplementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a fullfullstrength general purpose cryptography library. .ENCRYPTION TOOLS OpenSSL :. commercialcommercial-grade. Tor :. builtsafety.An anonymous Internet communication system Tor is a :toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. The project is managed by a worldwide community of volunteers that use the Internet to communicate. instant messaging.The premier SSL/TLS encryption library. ssh. full-featured. irc.

E-BOOKS FOR ETHICAL HACKING .

Sign up to vote on this title
UsefulNot useful