You are on page 1of 29



Ethical hacking, also known as penetration testing or

white-hat hacking, involves the same tools, tricks, and
techniques that hackers use, but with one major
difference that Ethical hacking is legal. Ethical hacking is
performed with the target’s permission. The intent of
ethical hacking is to discover vulnerabilities from a
hacker’s viewpoint so systems can be better secured. It’s
part of an overall information risk management program
that allows for ongoing security improvements. Ethical
hacking can also ensure that vendors’ claims about the
security of their products are legitimate.

1.1 Security
Security is the condition of being protected against
danger or loss. In the general sense, security is a concept
similar to safety. In the case of networks the security is
also called the information security. Information security
means protecting information and information systems
from unauthorized access, use, disclosure,
disruption, modification, or destruction. Usually the
security is described in terms of CIA triads. The CIA are
the basic principles of security in which “C” denotes the
Confidentiality , “I” represents Integrity and the letter “A”
represents the Availability.

● Confidentiality
Confidentiality is the property of preventing disclosure of
information to unauthorized individuals or systems. This
implies that the particular data should be seen only by
the authorized personals. Those persons who is a passive
person should
not see those data. For example in the case of a credit
card transaction, the authorized person should see the
credit card numbers and he should see that data. Nobody
others should see that number because they may use it
for some other activities. Thus the confidentiality is very
important. Confidentiality is

necessary for maintaining the privacy of the people
whose personal information a system holds.
● Integrity
Integrity means that data cannot be modified without
authorization. This means that the data seen by the
authorized persons should be correct or the data should
maintain the property of integrity. Without that integrity
the data is of no use.
Integrity is violated when a computer virus infects a
computer, when an employee is able to modify his own
salary in a payroll database, when an unauthorized user
vandalizes a web site, when someone is able to cast a
very large number of votes in an
online poll, and so on. In such cases the data is modified
and then we can say that there is a breach in the

● Availability
For any information system to serve its purpose, the
information must be available when it is needed.
Consider the case in which the data should have integrity
and confidentiality. For achieving both these goals easily
we can make those data off line. But then the data is not
available for the user or it is not available. Hence
the data is of no use even if it have all the other
characteristics. This means that the computing systems
used to store and process the information, the security
controls used to protect it, and the communication
channels used to access it must be
functioning correctly. All these factors are considered to
be important since data lacking any of the above
characteristics is useless. Therefore security is described
as the CIA trio.
Lacking any one of the CIA means there is a security
1.2 Need for Security
Computer security is required because most
organizations can be damaged by hostile software or
intruders. Moreover security is directly related to
business. This is because if a company losses a series of
credit card numbers of its customers then many

customers would be hesitant to go back to the same
company and that particular company will lose many
customer and hence the business. There may be several
forms of damage which are obviously interrelated which
are produced by the intruders. These include:

● Loss of confidential data

● Damage or destruction of data
● Damage or destruction of computer system
● Loss of reputation of a company
There may be many more in the list due to security
breaches. This means that security is absolutely

1.3 Hacking
A hacker is a person who is interested in a particular
subject and has an immense knowledge on that subject.
In the world of computers a hacker is a person intensely
interested in the arcane and recondite workings of any
computer operating system. Most often, hackers are
programmers with advance knowledge of operating
systems and programming languages. Eric Raymond,
compiler of “The New Hacker's Dictionary”, defines a
hacker as a clever programmer. A "good hack" is a clever
solution to a programming problem and "hacking" is the
act of doing it. Raymond lists five possible characteristics
that qualify one as a hacker, which we paraphrase here:

● A person who enjoys learning details of a programming

language or system
● A person who enjoys actually doing the programming
rather than just dealing with it theoretically
● A person capable of appreciating someone else's
hacking capabilities
● A person who picks up programming quickly
● A person who is an expert in a particular programming
language or system

1.4 Types of Hackers

Hackers can be broadly classified on the basis of why
they are hacking the system or why they are indulging in
hacking. There are mainly three types of hacker on this

● Black-Hat Hacker
Black hat hackers are individuals with extraordinary
skills, resorting to malicious or destructive activities. That
is black hat hackers use their knowledge and skill for their
own personal gains probably by hurting others. These
black hat hackers are also known as crackers

● White-Hat Hacker
White hat hackers are those individuals professing hacker
skills and using them for defensive purposes. This means
that the white hat hackers use their knowledge and skill
for the good of others and for the common good. These
white hat hackers are also called as security analysts.

● Grey-Hat Hackers
These are individuals who work both offensively and
defensively at various times. We cannot predict their
behaviour. Sometimes they use their skills for the
common good while in some other times he uses them
for their personal gains.

1.5 Can Hacking Be Done Ethically?

Due to some reasons hacking is always meant in the bad

sense and hacking means black hat hacking. But the
question is can

hacking be done ethically? The answer is yes because to
catch a thief, think like a thief. That’s the basis for ethical
hacking. Suppose a person or hacker try to hack in to a
system and if he finds a vulnerability. Also suppose that
he reports to the company that there is a vulnerability.
Then the company could make patches for that
vulnerability and hence they could protect themselves
from some future attacks from some black hat hacker
who tries to use the same vulnerability. So unless some
body try to find vulnerability, it remains hidden and on
someday somebody might find these vulnerability and
exploit them for
their own personal interests. So this can be done using
ethical hacking.

1.6 Ethical Hacking

Ethical hacking is also known as penetration testing,

intrusion testing or red teaming. With the growth of the
Internet, computer security has become a major concern
for businesses and governments. They want to be able to
take advantage of
the Internet for electronic commerce, advertising,
information distribution and access, and other pursuits,
but they are worried about the possibility of being
“hacked.” At the same time, the potential customers of
these services are worried about maintaining control of
personal information that varies from credit card
numbers to social security numbers and home addresses.
In their search for a way to approach the problem,
organizations came to realize that one of the best ways to
evaluate the intruder threat to their interests would be to
have independent computer security professionals
attempt to break into their computer systems. This
scheme is called Ethical Hacking. This similar to having
independent auditors come into an organization to verify
its bookkeeping records. This method of evaluating the
security of a system has been in use from the early days
of computers. In
one early ethical hack, the United States Air Force
conducted a “security evaluation” of the Multics
operating systems for
“potential use as a two-level (secret/top secret) system”.
With that they found out that the particular software is
better than the conventional systems. But it also brought
out some of its vulnerabilities. Successful ethical hackers
possess a variety of skills. First and foremost, they must
be completely trustworthy. While testing the security of a
client's systems, the ethical hacker may discover
information about the client that should remain secret. In
many cases, this information, if publicized, could lead to
real intruders breaking into the systems, possibly leading
to financial losses. During an evaluation, the ethical
hacker often holds the “keys to the company,” and
therefore must be trusted to
exercise tight control over any information about a target
that could be misused. The sensitivity of the information
gathered during an evaluation requires that strong
measures be taken to ensure the security of the systems
being employed by the ethical
hackers themselves: limited-access labs with physical
security protection and full ceiling-to-floor walls, multiple
secure Internet connections, a safe to hold paper
documentation from clients, strong cryptography to
protect electronic results, and
isolated networks for testing. Ethical hackers also should
possess very strong programming and computer
networking skills and have been in the computer and
networking business for several
years. Another quality needed for ethical hacker is to
have more drive and patience than most people since a
typical evaluation may require several days of tedious
work that is difficult to automate. Some portions of the
evaluations must be done outside of normal working
hours to avoid interfering with production at “live” targets
or to simulate the timing of a real attack. When they
encounter a system with which they are unfamiliar,
ethical hackers will spend the time to learn about the
system and try to

7 find its weaknesses. Finally, keeping up with the ever-

changing world of computer and network security
requires continuous education and review.

1.7 What does an Ethical Hacker do?

An ethical hacker is a person doing ethical hacking that is

he is a security personal who tries to penetrate in to a
network to find if there is some vulnerability in the
system. An ethical hacker will always have the permission
to enter into the target
An ethical hacker will first think with a mindset of a
hacker who tries to get in to the system. He will first find
out what an intruder can see or what others can see.
Finding these an ethical hacker will try to get into the
system with those information
in whatever method he can. If he succeeds in penetrating
into the system then he will report to the company with a
detailed report about the particular vulnerability
exploiting which he got in to the system. He may also
sometimes make patches for that particular vulnerability
or he may suggest some methods to prevent the

Ethical hacking is a process in which an authenticated

person, who is a computer and network expert, attacks a
security system on behalf of its owners a security system
on behalf of its owners, seeking vulnerabilities that a
malicious hacker could exploit. In order to test the system
an ethical hacker will use the same principles as the
usual hacker uses, but reports those vulnerabilities
instead of using them for their own advantage.

2.1 Analogy with Building Robbing

8 The methodology of a hacker is similar to the one used

for usual thefts. Lets consider the case of a bank robbery.
The first step will be to find information about the total
transaction of the bank, the total amount of money that
may be kept in the bank, who is the manager, if the
security personals have a gun with them etc. This is
similar to the reconnaissance phase of hacking.The next
step will be to find the ways through which we can enter
building, how many doors are present in the building, if
there is a lock at each door etc. This is similar to the
second stage the scanning in which we will check which
all hosts are present, which all services are running
etc.The third step will be to enter the building which is
similar to gaining access.For entering in to a building we
need some keys. Like that in case of network we need
some ids and passwords. Once we entered the building
our next aim will be to make an easier way inside when I
come next time which is analogous to the next step
maintaining access. In the hacking case we use
Trojans,back door worms etc like
placing a hidden door inside the building. Then the final
step in which we will try to hide the fact that I entered the
building which is analogous to the clearing of tracks in
the case of hacking

2.2 Methodology of Hacking

As described above there are mainly five steps in hacking

like reconnaissance, scanning, and gaining access,
maintaining access and clearing tracks. But it is not the
end of the process. The actual hacking will be a circular
one. Once the hacker completed
the five steps then the hacker will start reconnaissance in
that stage and the preceding stages to get in to the next
The various stages in the hacking methodology are
● Reconnaissance
● Scanning & Enumeration
● Gaining access
● Maintaining access
● clearing tracks

2.3 Reconnaissance
The literal meaning of the word reconnaissance means a
preliminary survey to gain information. This is also known
as foot-printing. This is the first stage in the methodology
of hacking. As given in the analogy, this is the stage in
which the hacker
collects information about the company which the
personal is going to hack. This is one of the pre-attacking
phases. Reconnaissance refers to the preparatory phase
an attacker learns about all of the possible attack vectors
that can be used in their plan. In this pre-attack phase we
will gather as much as information as possible which are
publicly available. The information includes the domain
names, locations,contact information etc. The basic
objective of this phase is to make a methodological
mapping of the targets security schema which results in a
unique organization profile with respect to network and
system involved. As we are dealing with the Internet we
can find much information here which we may not intend
to put it publicly. We have many tools for such purposes.
These include tools like samspade,email tracker, visual
route etc. The interesting thing to note is that we can
even use the simple googling as a footprinting tool.

2.3.1 Google
Google is one of the most famous search engines used in
the Internet. Using some kind of specialized keywords for
searching we can find many such information that is put
in publicly. For

example if we use some keywords like “for internal use
only” followed by the targets domain name we may get
many such useful information. Sometimes even if the
company actually removed from its site, it sometimes get
preserved in the Google`s caches. Sometimes even the
job advertisement in Internet can also be used in foot
printing. For example if some company is looking for
professional who are good in oracle database, this can be
telling to the world that they are using the oracle
database in their company. This can be helpful for the
hacker since he can look for the vulnerabilities of that
particular object.
One of the main advantages of Google is its advanced
search option. The advanced search have many options
like searching for particular domain, documents published
after a particular period of time, files of particular format,
particular languages etc.

2.3.2 Samspade
Samspade is a simple tool which provides us information
about a particular host. This tool is very much helpful in
finding the addresses, phone numbers etc. The
information given may be phone numbers, contact
names, IP addresses, email ids, address range etc. We
may think that what is the benefit of getting the phone
numbers, email ids, addresses etc. But one of the best
way to get information about a company is to just pick up
the phone and ask the details. Thus we can much
information in just one click.

2.3.3 Email Tracker and Visual Route

We often used to receive many spam messages in our
mail box. We don`t know where it comes from. Email
tracker is software which helps us to find from which
server the mail actually came from. Every message we
receive will have a header associated with it. We may use
email tracker software to fight against this problem.

11 One of the options in the email tracker is to import the

mail header. In this software we just need to import the
mails header to it. Then the software finds from which
area that mail comes from. That is we will get information
like from which region does the message come from like
Asia pacific, Europe etc. To be more specific we can use
another tool visual route to pinpoint the actual location of
the server. The option of connecting to visual route is
available in the email tracker. Visual route is a tool which
displays the location a particular server with the help of IP
addresses. When we connect this with the email tracker
we can find the server which actually send the mail .We
can use this for finding the location of servers of targets
also visually in a map.
12 The above fig 2.3 depicts the GUI of the visual route
tool. The visual route GUI has a world map drawn to it.
The software will locate the position of the server in that
world map. It will also depict the path though which the
message came to our system. This software will actually
provide us with information about the routers through
which the message or the path traced by the mail from
the source to the destination.
We may wonder what is the use of finding the place from
which the message came. Suppose you got the email id
of an employee of our target company and we mailed to
him telling that u are his greatest friend. Sometimes he
may reply you saying that he don`t know you. Then you
use the email tracker and the visual route to find that he
is not working from the office. Then you can understand
that there are home users in the company. We should
understand the fact that the home users are not
protected like the employees working from office. This
can be helpful for the hacker to get in to the system.

2.4 Scanning & Enumeration

Scanning is the second phase in the hacking methodology
in which the hacker tries to make a blue print of the
target network. It is similar to a thief going through your
neighborhood and checking every door and window on
each house to see which ones are open and which ones
are locked. The blue print includes the ip addresses of the
target network which are live, the services which are
running on that system and so on. Usually the services
run on predetermined ports. For example the web server
will be making use of the port no 80. This implies that if
the port 80 is open in a particular system we can
understand that the targets web server is running in that
host. There are different tools used for scanning war
dialing and pingers were used earlier but now a days both
could be detected easily and hence are not in much use.
Modern port scanning uses TCP protocol to do scanning
and they could even detect the operating systems
running on the particular hosts.

2.4.1 War Dialing
The war dialers are a hacking tool which is now illegal and
easier to find out. War dialing is the practice of dialing all
the phone numbers in a range in order to find those that
will answer with a modem. Earlier the companies used to
use dial in modems to which their employees can dial in
to the network. Just a phone number is enough in such
cases. War dialing software makes use of this
vulnerability. A war dialer is a computer program used to
identify the phone numbers that can successfully make a
connection with a computer modem. The program
automatically dials a defined range of phone numbers
and logs and enters in a database those numbers that
successfully connect to the modem. Some programs can
also identify the particular operating system running in
the computer and may also conduct automated
Penetration testing. In such cases, the war dialer runs
through a predetermined list of common user names and
passwords in an attempt to gain access to the system.

2.4.2 Pingers
Pingers and yet another category of scanning tools which
makes use of the Internet Control Message Protocol(ICMP)
packets for scanning. The ICMP is actually used to know if
a particular system is alive or not. Pingers using this
principle send
ICMP packets to all host in a given range if the
acknowledgment comes back we can make out that the
system is live. Pingers are automated software which
sends the ICMP packets to different machines and
checking their responses. But most of the
firewalls today blocks ICMP and hence they also cannot
be used.

2.4.3 Port Scanning

A port scan is a method used by hackers to determine
what ports are open or in use on a system or network. By
using various tools a hacker can send data to TCP or UDP
ports one at a time. Based on the response received the
port scan utility can

14 determine if that port is in use. Using this information

the hacker can then focus their attack on the ports that
are open and try to exploit any weaknesses to gain
access. Port scanning software, in its most basic state,
simply sends out a request to connect to the target
computer on each port sequentially and makes a note of
which ports responded or seem open to more in-depth
probing. Network security applications can be configured
to alert administrators if they detect connection requests
across a broad
range of ports from a single host. To get around this the
intruder can do the port scan in strobe or stealth mode.
Strobing limits the ports to a smaller target set rather
than blanket scanning all 65536 ports. Stealth scanning
uses techniques such as slowing
the scan. By scanning the ports over a much longer
period of time you reduce the chance that the target will
trigger an alert.
2.4.4 Super Scan
SuperScan is a powerful TCP port scanner, that includes a
variety of additional networking tools like ping,
traceroute, HTTP HEAD, WHOIS and more. It uses
multithreaded and asynchronous techniques resulting in
extremely fast and versatile scanning. You can perform
ping scans and port scans using any IP range or specifies
a text file to extract addresses from. Other features
include TCP SYN scanning, UDP scanning, HTML reports,
built-in port description database, Windows host
enumeration, banner grabbing and more. As an output
the software will report the host addresses which are
running. There is another option port list setup which will
display the set of services which are running on different

2.4.5 Nmap
Nmap ("Network Mapper") is a free and open source
utility for network exploration or security auditing. Many
systems and network administrators also find it useful for
tasks such as network inventory, managing service
upgrade schedules, and

15 monitoring host or service uptime. Nmap uses raw IP

packets in novel ways to determine what hosts are
available on the network, what services those hosts are
offering, what operating systems they are running, what
type of packet filters or firewalls are in use, and dozens of
other characteristics. It can even find the different
versions. It was designed to rapidly scan large networks,
but works fine against single hosts. We also have the
option of
different types of scan like syn scan, stealth scan, syn
stealth scan etc and using this we can even time the
scanning of different ports. Using this software we just
need to specify the different host address ranges and the
type of scan to be conducted. As an
output we get the hosts which are live, the services which
are running etc. It can even detect the version of the
operating system making use of the fact that different
operating systems react differently to the same packets
as they use their own protocol

2.4.6 Enumeration
Enumeration is the ability of a hacker to convince some
servers to give them information that is vital to them to
make an attack. By doing this the hacker aims to find
what resources and shares can be found in the system,
what valid user account and user groups are there in the
network, what applications will be there etc. Hackers may
use this also to find other hosts in the entire network. A
common type of enumeration is by making use of the null
sessions. Many of the windows operating systems will
allow null sessions through which a hacker can log on. A
null session is a connection which uses no user name and
password. That is
a null session is created by keeping the user name and
password as null. Once the hacker is logged in then he
start enumeration by issuing some queries to find the list
of users and groups either local or active including SID`s,
list of hosts, list of shares or
processes etc. One of the tools used after logging in using
null sessions is NBTscan which allows the hacker to scan
the network

16 this helps the hacker to get the user name, resource

shares etc. Other tools used are NAT(Netbios Auditing
DumpSec etc. Another way of enumerating is the
enumeration of the SNMP(Simple Network Management
Protocol). Using this protocol the managing entities send
messages to the managed entities. In enumerating this
SNMP protocol the hacker sniffs the
network to get the various information. The SNMP version
till three sends data as text files so it is very easy to get
data. While from SNMP version 3 there the data is
encrypted and send. But still we can enumerate those
protocols and get information.
Some of the tools used for this are SNMPutil, IP Network
Browser etc.

2.5 System Hacking

This is the actual hacking phase in which the hacker gains
access to the system. The hacker will make use of all the
information he collected in the pre-attacking phases.
Usually the main hindrance to gaining access to a system
is the passwords. System hacking can be considered as
many steps. First the hacker will try
to get in to the system. Once he get in to the system the
next thing he want will be to increase his privileges so
that he can have more control over the system. As a
normal user the hacker may not be able to see the
confidential details or cannot upload or run
the different hack tools for his own personal interest.
Another way to crack in to a system is by the attacks like
man in the middle attack.

2.5.1 Password Cracking

There are many methods for cracking the password and
then get in to the system. The simplest method is to
guess the password. But this is a tedious work. But in
order to make this work easier there are many automated
tools for password guessing like legion. Legion actually
has an inbuilt dictionary in it and the software will
automatically. That is the software itself generates

17 the password using the dictionary and will check the

responses. Many types of password cracking strategies
are used today by the hackers which are described

● Dictionary cracking
In this type of cracking there will be a list of various
words like the persons children`s name, birthday etc. The
automated software will then make use of these words to
make different combinations of these words and they will
automatically try it to the system.
● Brute force cracking
This is another type of password cracking which does not
have a list of precompiled words. In this method the
software will automatically choose all the combinations of
different letters, special characters, symbols etc and try
them automatically. This process is of course very tedious
and time consuming.
● Hybrid cracking
This is a combination of both dictionary and hybrid
cracking technique. This means that it will first check the
combination of words in it inbuilt dictionary and if all of
them fails it will try brute force.
● Social Engineering
The best and the most common method used to crack the
password is social engineering. In this technique the
hacker will come in direct contact with the user through a
phone call or some way and directly ask for the password
by doing some fraud

2.5.2 Loftcrack
This is software from @stake which is basically a
password audit tool. This software uses the various
password cracking methodologies. Loftcrack helps the
administrators to find if their users are using an easy
password or not. This is very high profile software which
uses dictionary cracking then brute force cracking.

Sometimes it uses the precompiled hashes called rainbow
tables for cracking the passwords

2.5.3 Privilege escalation

Privilege escalation is the process of raising the privileges
once the hacker gets in to the system. That is the hacker
may get in as an ordinary user. And now he tries to
increase his privileges to that of an administrator who
can do many things. There are
many types of tools available for this. There are some
tools like getadmin attaches the user to some kernel
routine so that the services run by the user look like a
system routine rather than user initiated program. The
privilege escalation process usually uses the
vulnerabilities present in the host operating system or the
software. There are many tools like hk.exe, metasploit
etc. One such community of hackers is the

2.5.4 Metasploit
Metasploit is actually a community which provides an
online list of
vulnerabilities. The hacker can directly download the
vulnerabilities and directly use in the target system for
privilege escalation and other exploits. Metasploit is a
command line tool and is very dangerous as the whole
community of black hat
hackers are contributing their own findings of different
vulnerabilities of different products.

2.5.5 Man in the Middle Attack

In this type of system hacking we are not actually
cracking the password instead we let all the traffic
between a host and a client to go through the hacker
system so that he can directly find out the passwords and
other details. In the man in the middle attack what a
hacker does is he will tell to the user that he is the server
and then tell the server that I am the client. Now the
client will send packets to the hacker. Thinking that he is
the server and

19 then the hacker instead of replying forwards a copy

of the actual request to the actual server. The server will
then reply to the hacker which will forward a copy of the
reply to the actual client. Now the client will think that he
got the reply from the server and the server will think
that it replied to the actual client. But actually the hacker,
the man in the middle, also have a copy of the whole
traffic from which he can directly get the needed data or
the password using which he can actually hack in.
2.6 Maintaining Access
Now the hacker is inside the system by some means by
password guessing or exploiting some of its
vulnerabilities. This means that the is now in a position to
upload some files and download some of them. The next
aim will be to make an easier path to get in when he
comes the next time. This is analogous to making a small
hidden door in the building so that he can directly enter
in to the building through the door easily. In the network
scenario the hacker will do it by uploading some
softwares like Trojan horses,sniffers, key stroke loggers

2.6.1 Key Stroke Loggers

Key stroke loggers are actually tools which record every
movement of the keys in the keyboard. There are
software and hardware keystroke loggers the directly
records the movement of keys directly. For maintaining
access and privilege escalation the hacker who is now
inside the target network will upload the keystroke
logging softwares in to the system.The software
keystroke loggers will stay as a middle man between the
keyboard driver and the CPU. That is all the keystroke
details will directly come to the software so that the tool
keeps a copy of them in a log and forwarding them to the

2.6.2 Trojan Horses & Backdoors
A Trojan horse is a destructive program that
masquerades as a benign application. Unlike viruses,
Trojan horses do not replicate themselves but they can
be just as destructive. One of the most insidious types of
Trojan horse is a program that claims to rid your
computer of viruses but instead introduces viruses on to
computer. The term comes from a Greek story of the
Trojan war in which the Greeks fie a giant wooden horse
to their foes, the Trojans, ostensibly as a peace offering.
But after the Trojans drag the horse inside their city walls,
Greek soldiers sneak out of the
horse`s hollow belly and open the city gates, allowing
their compatriots to pour in and capture Troy. Generally a
Trojan is a malware that runs programs that you are
either unaware of or don`t want to have tuning on your
system. The hackers will place these Trojan softwares
inside the network and will go
out. Then after sometimes when he come back the Trojan
software either authenticate the hacker as a valid user or
opens some other ports for the hacker to get in. There
are many genere of Trojans like
● Password sending/capturing
● FTP Trojans
● Keystroke captures Trojans
● Remote access Trojans
● Destructive Trojans
● Denial of Service Trojans
● Proxy Trojans
The Trojans can be introduced through chat clients, email
attachments, physical access to systems, file sharing,
wrappers and through other P2P softwares.There are
many examples for trojans like Tini, netcat, subseven,
barkorffice etc. Tini is a very tiny Trojan which just listens
to the port 7777. so after introducing
the tini the hacker can send his commands to that port
number. Netcat is another .Trojan which have the ability
to connect to any
21 local port and could start out bound or inbound TCP or
UDP connections to or from any ports. It can even return
the command shell to the hacker through which the
hacker can access the system.Subseven and barkorffice
are other Trojans which have a client server architecture
which means that the server part will reside in the target
and the hacker can directly access the server with the
knowledge of the user.

2.6.3 Wrappers
In the maintaining access phase in the hacking we usually
upload some software in to the system so that for some
needs. In order to keep the softwares and other data to
be hidden from the administrator and other usual user
the hackers usually
use wrapper software to wrap their contents to some
pictures, greeting cards etc so that they seem usual data
to the administrators. What the wrapper softwares
actually does is they will place the malicious data in to
the white spaces in the harmless data. There are some
tools like blindslide which will insert and extract the data
into just jpeg or bmp pictures. Actually what they does is
that they will insert the data into the white spaces that
may be present in the files. The most attractive thing is
that most of the time they will not alter the size of the

2.6.4 Elitewrap
This is very notorious wrapper software. Elitewrap is a
command line tool which wraps one or more Trojans in to
a normal file. After the processing the product will look
like one program while it will contain many softwares.
The speciality of this
is that we can even make the Trojans,packed in to it, to
get executed when the user open that file. For example
consider the case in which the netcat Trojan is packed to
a flash greeting card.

22 Now when the user opens the card, in the

background, the netcat will start working and will start
listening to some ports which will be exploited by the

2.7 Clearing Tracks

Now we come to the final step in the hacking. There is a
saying that “everybody knows a good hacker but nobody
knows a great hacker”. This means that a good hacker
can always clear tracks or any record that they may be
present in the network to prove that he was here.
Whenever a hacker downloads some file or
installs some software,its log will be stored in the server
logs. So inorder to erase those the hacker uses man tools.
One such tool is windows resource kit`s auditpol.exe. This
is a command line tool with which the intruder can easily
disable auditing. There are some other tools like Eslave
which directly clears all the event logs which tell the
administrator that some intruder has come in. Another
tool which eliminates any physical evidence is the
evidence eliminator. Sometimes apart from the server
logs some other informations may be stored temporarily.
The Evidence Eliminator deletes all such evidences.

2.7.1 Winzapper
This is another tool which is used for clearing the tracks.
This tool will make a copy of the log and allows the
hackers to edit it. Using this tool the hacker just need to
select those logs to be deleted. Then after the server is
rebooted the logs will be deleted.

One of the main aim of the report is to make others
understand that there are so many tools through which a
hacker can get in to a system. There are many reasons
for everybody should understand about these basics. Lets
check its various needs from
various perspectives.
● Student

A student should understand that no software is made
with zero
vulnerabilities. So while they are studying they should
study the various possibilities and should study how to
prevent that because they are the professionals of
● Professionals
Professionals should understand that business is directly
related to security. So they should make new software
with vulnerabilities as less as possible. If they are not
aware of these then they won’t be cautious enough in
security matters.
● Users
The software is meant for the use of its users. Even if the
software menders make the software with high security
options without the help of users it can never be
successful. Its like a highly secured building with all doors
open carelessly by the insiders. So users must also be
aware of such possibilities of hacking so that they could
be more cautious in their activities. In the preceding
sections we saw the methodology of hacking, why should
we aware of hacking and some tools which a hacker may
use. Now we can see what we can do against hacking or
to protect ourselves from hacking.
● The first thing we should do is to keep ourselves
updated about those softwares we and using for official
and reliable sources.
● Educate the employees and the users against black hat
● Use every possible security measures like Honey pots,
Intrusion Detection Systems, Firewalls etc.
● Every time make our password strong by making it
harder and longer to be cracked.
● The final and foremost thing should be to try ETHICAL
HACKING at regular intervals.


1. “”
2. “”
3. “”
4. “”
5. “”
6. “”