ABSTRACT

The internet has considerably enhanced various business critical operations of company’s
indifferent industry sectors across the globe. However, as more and more organizations become
partially or completely dependent on the internet, computer security and the serious threat of
computer criminals comes to the foreground. The explosive growth of the Internet has brought
many good things: electronic commerce, easy access to vast stores of reference material,
collaborative computing, e-mail, and new avenues for advertising and information distribution,
to name a few. As with most technological advances, there is also a dark side: criminal hackers.
Governments, companies, and private citizens around the world are anxious to be a part of this
revolution, but they are afraid that some hacker will break into their Web server and replace
their logo with pornography, read their e-mail, steal their credit card number from an on-line
shopping site, or implant software that will secretly transmit their organization’s secrets to the
open Internet. With these concerns and others, the ethical hacker can help. Unfortunately, most
organizations across the globe continue to remain oblivious of the threat. posed by computer
criminals, corporate espionage and cyber terrorism. Ethical Hacking attempts to pro-actively
increase security protection by identifying and patching known security vulnerabilities on
systems owned by other parties.

1|Page
 INTRODUCTION

The phrase “ethical hacking” was first used in 1995 by IBM Vice President John Patrick, but
the concept has been around for a lot longer. The first hacker was found way back in 1960s at
the most premier technological campus Massachusetts Institute of Technology (MIT).
Throughout the 1960s, hacking was a term used by engineering students that simply meant
finding different ways to optimize systems and machines to make them run more efficiently.
Hacking was a creative activity carried out by some of the brightest people in the world. The
“kevin David Mitnick” is a first American computer security consultant and author who hack
computer, best known for his high-profile 1995 arrest and later five years in prison for various
computer and communications related crimes. Organizations these days are using hacking as a
precautionary measure, to identify bugs and expose chinks in their computer systems, to best
protect their computer systems from cyber-attacks. The question arises: Is ethical hacking
legal? Using the process of hacking in a positive manner, with due permission of the companies
to find glitches in their systems, so that they could be fixed, is called Ethical
Hacking. Professionals that provide hacking services by legal approval in a legitimate manner
without any malicious intent are called Ethical Hackers.

Ethical Hacking is also known as penetration or pen testing and involves intruding practices
and processes to discover any threats or cyber security weaknesses that can be exploited by a
hacker. Ethical hackers find vulnerabilities in parts of computer systems like firewalls,
websites, network passwords and come up with solutions that not only detect security threats
and guard the reputation of a company but also help in inspiring customer confidence by
protecting the client’s data and information.

Ethical hacking also known as white hat hacking, involves the same tools, tricks, and
techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical
hacking needs higher-level skills in comparison to penetration testing. Penetration testing is
similar to ethical hacking but the hacker tests threats to security by using penetrating
tools. Ethical hacking is performed with the target’s permission. The intent of ethical hacking
is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. It’s
part of an overall information risk management program that allows for ongoing security
improvements. Ethical hacking can also ensure that vendors’ claims about the security of their
products are legitimate.

2|Page
Security:

Security is the condition of being protected against danger or loss. In the general sense, security
is a concept similar to safety. In the case of networks the security is also called the information
security. Information security means protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification, or destruction

Need for Security:

Computer security is required because most organizations can be damaged by hostile software
or intruders. There may be several forms of damage which are obviously interrelated which are
produced by the intruders.

These include:

● lose of confidential data

● Damage or destruction of data

● Damage or destruction of computer system

3|Page
 CHAPTER:1

ETHICAL HACKING TERMINOLOGY

Being able to understand and define terminology is an important part of a CEH’s responsibility.
This terminology is how security professionals acting as ethical hackers communicate.

Threat:

An environment or situation that could lead to a potential breach of security. Ethical Hackers
look for and prioritize threats when performing a security analysis. Malicious hackers and their
use of software and hacking techniques are themselves threats to an organization’s Information
security.

Exploit:

A piece of software or technology that takes advantage of a bug, glitch, or vulnerability,

Leading to unauthorized access, privilege escalation, or denial of service on a computer system.
Hackers are looking for exploits in computer systems to open the door to an initial Attack. Most
exploits are small strings of computer code that, when executed on a system, expose
Vulnerability. Experienced hackers create their own exploits, but it is not necessary to have
any Programming skills to be an ethical hacker as many hacking software programs have ready-
made Exploits that can be launched against a computer system or network. An exploit is a
defined way to breach the security of an IT system through vulnerability.

Vulnerability:

The existence of a software flaw, logic design, or implementation error that can Lead to an
unexpected and undesirable event executing bad or damaging instructions to the System.
Exploit code is written to target vulnerability and cause a fault in the system in order to retrieve
valuable data.

Target of Evaluation:

A system, program, or network that is the subject of a security Analysis or attack. Ethical
hackers are usually concerned with high-value TOEs, systems that Contain sensitive
information such as account numbers, passwords, Social Security numbers or other
confidential data. It is the goal of the ethical hacker to test hacking tools against the high value
TOEs to determine the vulnerabilities and patch them to protect against exploits and Exposure
of sensitive data.

4|Page
Attack:

An attack occurs when a system is compromised based on vulnerability. Many attacks are
perpetuated via an exploit. Ethical hackers use tools to find systems that may be vulnerable to
an Exploit because of the operating system, network configuration, or applications installed on
the Systems, and to prevent an attack.

There are two primary methods of delivering exploits to computer systems:

Remote:

The exploit is sent over a network and exploits security vulnerabilities without any prior
Access to the vulnerable system. Hacking attacks against corporate computer systems
or networks Initiated from the outside world are considered remote. Most people think
of this type of attack when they hear the term hacker, but in reality most attacks are in
the next category.

Local:

The exploit is delivered directly to the computer system or network, which requires
prior Access to the vulnerable system to increase privileges. Information security
policies should be created in such a way that only those who need access to information
should be allowed access and they should have the lowest level of access to perform
their job function. These concepts are commonly referred as “need to know” and “least
privilege” and, when used properly, would prevent local exploits. Most hacking
attempts occur from within an organization and are perpetuated by employees,
contractors, or others in a trusted position. In order for an insider to launch an attack;
they must have higher privileges than necessary based on the concept of “need to
know.” This can be accomplished by privilege escalation or weak security safeguards.

5|Page
1.1 HACKER

In the computer security context, a hacker is someone who seeks and exploits weaknesses in a
computer or computer network. Hackers may be motivated by a multitude of reasons, such as
profit, protest, or challenge.

1.1.1 TYPES OF HACKERS

Hackers can be divided into three groups:

White Hats:

White hats are the good guys, the ethical hackers who use their hacking skills for defensive
Purposes. White-hat hackers are usually security professionals with knowledge of hacking and
the hacker tool set and who use this knowledge to locate weaknesses and implement
Countermeasures. White-hat hackers are prime candidates for the exam. White hats are those
who hack with permission from the data owner. It is critical to get permission prior to beginning
any Hacking activity. This is what makes a security professional a white hat versus a malicious
Hacker who cannot be trusted.

Black Hats:

Black hats are the bad guys: the malicious hackers who use their skills for illegal or malicious
purposes. They break into or otherwise violate the system integrity of remote systems, with
malicious intent. Having gained unauthorized access, black-hat hackers destroy vital data, deny
legitimate users service, and just cause problems for their targets. Black-hat hackers and
Crackers can easily be differentiated from white-hat hackers because their actions are
malicious. This is the traditional definition of a hacker and what most people consider a hacker
to be.

Gray Hats:

Gray hats are hackers who may work offensively or defensively, depending on the situation.
This is the dividing line between hacker. Gray-hat hackers may just be interested in Hacking
tools and technologies and are not malicious black hats. Gray hats are self-proclaimed Ethical
hackers, who are interested in hacker tools mostly from a curiosity standpoint. They may want
to highlight security problems in a system or educate victims so they secure their systems
properly.

6|Page
 Fig1. Hackers Hats

1.2 THE JOB ROLE OF AN ETHICAL HACKER

Ethical hackers are employed to protect networks and computers from attacks from unethical
hackers who illegally penetrate computers to access private and sensitive information. Though
they possess technical skills to those of an unethical hacker, an ethical hacker utilizes these
skills for protection.

1.2.1 WHAT DO ETHICAL HACKERS DO?

Ethical hackers can help organizations in a number of ways, including the following:

Finding vulnerabilities:

Ethical hackers help companies determine which of their IT security measures are effective,
which need updating and which contain vulnerabilities that can be exploited. When ethical
hackers finish evaluating an organization's systems, they report back to company leaders about
those vulnerable areas, which may include a lack of sufficient password encryption, insecure
applications or exposed systems running unpatched software. Organizations can use the data
from these tests to make informed decisions about where and how to improve their security
posture to prevent cyber attacks.

7|Page
Demonstrating methods used by cybercriminals:

These demonstrations show executives the hacking techniques that malicious actors could use
to attack their systems and wreak havoc on their businesses. Companies that have in-depth
knowledge of the methods the attackers use to break into their systems are better able to prevent
those incursions.

Helping to prepare for a cyberattack:

Cyber attacks can cripple or destroy a business especially a smaller business but most
companies are still unprepared for cyber attacks. Ethical hackers understand how threat
actors operate, and they know how these bad actors will use new information and techniques
to attack systems. Security professionals who work with ethical hackers are better able to
prepare for future attacks because they can better react to the constantly changing nature of
online threats.

8|Page
1.2.2 DIFFERENCE BETWEEN ETHICAL HACKING AND CYBER SECURITY

Ethical hacking and cybersecurity are penetration testing devices and work towards the same
goal, but with different methods and objectives. Though both deal with strengthening a
computer network or system, there is a clear-cut difference between ethical hacking and
cybersecurity.

Going by ethical hacking definition- it is the process of testing computer systems and networks
against security breaches, to make sure that the system is fully secure and no hacker can bypass
it. Cybersecurity on the other hand deals with securing the systems by mitigating the security
risk involved using appropriate security controls. Cybersecurity is an umbrella term that has
ethical hacking as an important factor.

Cybersecurity deals with recognizing potential security issues, developing system protection,
report violations, assess security systems as a whole, perform regular audits around the
systems, and keep security updated by conducting regular system maintenance. Ethical
hacking deals with breaching security by hacking into the system, exploiting and exposing the
company’s weaknesses, and conducting penetration testing to enhance security.

So, both ethical hacking and cyber security work as two-pronged protection devices towards
strengthening an organization’s security and protecting it against cyber attacks.

1.2.3 ETHICAL HACKING TECHNIQUES

Ethical hackers generally use the same hacking skills that malicious actors use to attack
enterprises. They use a form of reverse-engineering to imagine scenarios that could
compromise business and operational data. The varied techniques and tools are part of an
overall vulnerability assessment the ethical hacker performs on a client's behalf.

Some of these hacking techniques include the following:

• scanning ports to find vulnerabilities with port scanning tools, such as Nmap, Nessus,
Wireshark and others, looking at a company's systems, identifying open ports, studying
the vulnerabilities of each port and recommending remedial action.
• scrutinizing patch installation processes to be sure that the updated software doesn't
introduce new vulnerabilities that can be exploited;
• performing network traffic analysis and sniffing by using appropriate tools;

9|Page
 • attempting to evade intrusion detection systems, intrusion prevention
systems, honeypots and firewalls; and
• testing methods to detect Structured Query Language injection to ensure malicious
hackers can't introduce security exploits that expose sensitive information contained in
SQL-based relational databases.

Ethical hackers also rely on social engineering techniques to manipulate end users and obtain
information about an organization's computing environment. Like black hat hackers, ethical
hackers rummage through postings on social media or GitHub, engage employees
in phishing attacks through email or texting, or roam through premises with a clipboard to
exploit vulnerabilities in physical security. However, there are social engineering techniques
that ethical hackers should not use, such as making physical threats to employees or other types
of attempts to extort access or information.

1.2.4 SKILLS REQUIRED FOR ETHICAL HACKING

1.Computer Networking Skills:

One of the most important skills to become an ethical hacker is networking skills. The computer
network is nothing but the interconnection of multiple devices, generally termed as Hosts
connected using multiple paths to send/receive data or media. Understanding networks like
DHCP, Supernetting, Subnetting, and more will provide ethical hackers to explore the various
interconnected computers in a network and the potential security threats that this might create,
as well as how to handle those threats.

2.Computer Skills:

Computer skills are knowledge and ability which allow one to use computers and related
technology. Typically, basic computer skills include data processing, managing computer files,
and creating presentations. Advanced computer skills include managing databases,
programming, and running calculations in spreadsheets. Some of the most essential computer
skills are MS Office, Spreadsheets, Email, Database Management, Social media, Web,
Enterprise systems, etc. An ethical hacker needs to be a computer systems expert.

10 | P a g e
3.Linux Skills:

Linux is a community of open-source Unix like operating systems that are based on the Linux
Kernel. It is a free and open-source operating system and the source code can be modified and
distributed to anyone commercially or noncommercially under the GNU General Public
License. The main reason to learn Linux for an ethical hacker is, in terms of security, Linux is
more secure than any other operating system. It does not mean that Linux is 100 percent secure
it has some malware for it but is less vulnerable than any other operating system. So, it does
not require any anti-virus software.

4. Programming Skills:

Another most important skill to become an ethical hacker is Programming Skills. So what does
the word programming in the computer world actually means? It means, So, to get better at
programming, one will be writing a lot of code! Before one write code, he/she must choose the
best programming language for his/her programming. Here is the list of programming
languages used by ethical hackers along with where to learn these programming language.

• Python: Python Programming Language

• SQL : SQL Tutorial
• C : C Programming Language
• JavaScript : JavaScript Tutorials
• PHP : PHP Tutorials
• C++ : C++ Programming Language
• Java : Java Programming Language
• Ruby : Ruby Programming Language
• Perl : Perl Programming Language

5. Basic Hardware Knowledge

Computer hardware comprises the physical parts of a computer, like the central processing unit
(CPU), monitor, mouse, keyboard, computer data storage, graphics card, sound card, speakers
and motherboard, etc. By contrast, the software is the set of instructions that can be stored and
run by hardware. For example, suppose one wants to hack a machine that is controlled by a

11 | P a g e
computer. First, he needs to know about the machine or how it works. Last, he has to get access
to the computer that controls the machine. Now, the machine will have a very good software
security system; however, hackers don’t care about hardware security, so he can play with the
hardware if he can access it. If one doesn’t know about hardware, then how will he/she know
how the motherboard works, how USBs to transfer data, or how CMOS or BIOS work together,
etc.

6. Reverse Engineering:

Reverse Engineering is a process of recovering the design, requirement specifications, and

functions of a product from an analysis of its code. It builds a program database and generates
information from this. The objective of reverse engineering is to expedite the maintenance
work by improving the understandability of a system and to produce the necessary documents
for a legacy system. In software security, reverse engineering is widely used to ensure that the
system lacks any major security flaws or vulnerabilities.

7. Cryptography Skills:

Cryptography is the study and application of techniques for reliable communication in presence
of third parties called adversaries. It deals with developing and analysing protocols that prevent
malicious third parties from retrieving information being shared between two entities thereby
following the various aspects of information security. Cryptography deals with converting a
normal text/message known as plain text to a non-readable form known as ciphertext during
the transmission to make it incomprehensible to hackers. An ethical hacker must assure that
communication between different people within the organization does not leak.

8. Database Skills:

DBMS is the crud of creating and managing all databases. Accessing a database where all the
information is stored can put the company in a tremendous threat, so ensuring that this software
is hack-proof is important. An ethical hacker must have a good understanding of this, along
with different database engines and data schemas to help the organization build a strong
DBMS.

12 | P a g e
9. Problem-solving Skills:

Problem-solving skills help one to determine the source of a problem and find an effective
solution. Apart from the technical skills pointed above, an ethical hacker also must be a critical
thinker and dynamic problem solver. They must be wanting to learn new ways and ensure all
security breaches are thoroughly checked. This requires tons of testing and an ingenious
penchant to device new ways of problem-solving.

13 | P a g e
 CHAPTER: 2

ETHICAL HACKING METHODOLOGY

2.1 Phases of Ethical Hacking

Fig2. Phases of ethical hacking

2.1.1 Phase 1: Reconnaissance

This phase is also called as Foot printing and information gathering Phase, and int this phase
hacker gathers information about a target before launching an attack. It is during this phase
that the hacker finds valuable information such as old passwords, names of important
employees.

What’s foot printing? It’s a method that used for collecting data from target system. These data
include important areas such as:

1. Finding out specific IP addresses

2. TCP and UDP services
3. Identifies vulnerabilities

14 | P a g e
Having such information is enough to start a successful attack.

There are two types of Foot printing:

1. Active: Directly interacting with the target to gather information about the target.
2. Passive: Trying to collect the information about the target without directly accessing
the target. To this purpose, hacker can use social media, public websites etc.

2.1.2 Phase 2: Scanning

In this phase, hackers are probably seeking any information that can help them perpetrate attack
such as computer names, IP addresses, and user accounts. In fact, hacker identifies a quick way
to gain access to the network and look for information. This phase includes usage of tools like
dialers, port scanners, network mappers, sweepers, and vulnerability scanners to scan data.

Basically, at this stage, four types of scans are used:

1. Pre-attack: Hacker scans the network for specific information based on the information
gathered during reconnaissance.
2. Port scanning/sniffing: This method includes the use of dialers, port scanners, and other
data-gathering equipment.
3. Vulnerability Scanning: Scanning the target for weaknesses/vulnerabilities.
4. Information extraction: In this step, hacker collects information about ports, live
machines and OS details, topology of network, routers, firewalls, and servers.

2.1.3 Phase 3: Gaining Access

At this point, the hacker has the information he needs. So first he designs the network map and
then he has to decide how to carry out the attack? There are many options, for example:

• Phishing attack
• Man in the middle attack
• Brute Force Attack
• Spoofing Attack
• Dos attack

15 | P a g e
 • Buffer overflow attack
• Session hijacking
• BEC Attack

Anyway, hacker after entering into a system, he has to increase his privilege to administrator
level so he can install an application he needs or modify data or hide data.

2.1.4 Phase 4: Maintaining Access

Once a hacker has gained access, they want to keep that access for future exploitation and
attacks. Also, the hacker secures access to the organization’s Rootkits and Trojans and uses it
to launch additional attacks on the network. An ethical hacker tries to maintain the access to
the target until he finishes the tasks he planned to accomplish in that target.

In this phase hacker has multiple e-mail accounts, he/she begins to test the accounts on the
domain. The hacker from this point creates a new administrator account for themselves based
on the naming structure and try and blend in. Hacker begins to look for and identify accounts
that have not been used for a long time. The hacker assumes that these accounts are likely
either forgotten or not used so they change the password and elevate privileges to an
administrator as a secondary account in order to maintain access to the network. The hacker
may also send out emails to other users with an exploited file such as a PDF with a reverse
shell in order to extend their possible access.

2.1.5 Phase 5: Clearing Tracks

An intelligent hacker always clears all evidence so that in the later point of time, no one will
find any traces leading to him/her. He/she does this by:

• Clearing the cache and cookies

• Modifying registry values
• Modifying/corrupting/deleting the values of Logs
• Clearing out Sent emails
• Closing all the open ports
• Uninstalling all applications that he/she be used

16 | P a g e
2.2 UNDERSTANDING TESTING TYPES

When performing a security test or penetration test, an ethical hacker utilizes one or more types
of testing on the system. Each type simulates an attacker with different levels of knowledge
about the target organization.

These types are as follows:

Black Box:

Black-box testing involves performing a security evaluation and testing with no prior
knowledge of the network infrastructure or system to be tested. Testing simulates an attack by
a malicious hacker outside the organization’s security perimeter. Black-box testing can take
the longest Page 18 amount of time and most effort as no information is given to the testing
team. Therefore, the information-gathering, reconnaissance, and scanning phases will take a
great deal of time. The advantage of this type of testing is that it most closely simulates a real
malicious attacker’s methods and results. The disadvantages are primarily the amount of time
and consequently additional cost incurred by the testing team.

White Box:

White-box testing involves performing a security evaluation and testing with complete
knowledge of the network infrastructure such as a network administrator would have. This
testing is much faster than the other two methods as the ethical hacker can jump right to the
attack phase, thus bypassing all the information-gathering, reconnaissance, and scanning
phases. Many security audits consist of white-box testing to avoid the additional time and
expense of black-box testing.

Gray Box:

Gray-box testing involves performing a security evaluation and testing internally. Testing
examines the extent of access by insiders within the network. The purpose of this test is to
simulate the most common form of attack, those that are initiated from within the network. The
idea is to test or audit the level of access given to employees or contractors and see if those
privileges can be escalated to a higher level.

17 | P a g e
2.3 ETHICAL HACKING TOOLS

1. Nmap (Network Mapper):

Used in port scanning, one of the phases in ethical hacking, is the finest hacking tool ever.
Primarily a command-line tool, it was then developed for operating systems based on Linux or
Unix, and the windows version of Nmap is now available. Nmap is basically a network security
mapper capable of discovering services and hosts on a network, thereby creating a network
map. This software offers several features that help in probing computer networks, host
discovery as well as detection of operating systems. Being script extensible it provides
advanced vulnerability detection and can also adapt to network conditions such as congestion
and latency while scanning.

2. Nessus:

The next ethical hacking tool on the list is Nessus. Nessus is the world’s most well-known
vulnerability scanner, which was designed by tenable network security. It is free and is
chiefly recommended for non-enterprise usage. This network-vulnerability scanner efficiently
finds critical bugs on any given system.
Nessus can detect the following vulnerabilities:

• Unpatched services and misconfiguration

• Weak passwords – default and common
• Various system vulnerabilities

3. Nikto:

Nikto is a web scanner that scans and tests several web servers for identifying software that is
outdated, dangerous CGIs or files, and other problems. It is capable of performing server-
specific as well as generic checks and prints by capturing the received cookies. It is a free,
open-source tool.

Here are some of the chief features of Nikto:

• Open-source tool
• Checks web servers and identifies over 6400 CGIs or files that are potentially dangerous
• Checks servers for outdated versions as well as version-specific problems
• Checks plug-inns and misconfigured files
• Identifies insecure programs and files

18 | P a g e
4. Kismet

This is the best ethical hacking tool used for testing wireless networks and hacking of wireless
LAN or wardriving. It passively identifies networks and collects packets and detects non-
beaconing and hidden networks with the help of data traffic. Kismet is basically a sniffer and
wireless-network detector that works with other wireless cards and supports raw-monitoring
mode.
Basic features of Kismet include the following:

• Runs on Linux OS, which may be Ubuntu, backtrack, or more

• Applicable to windows at times

5. NetStumbler:

This is also an ethical hacking tool that is used to prevent wardriving, which works on operating
systems based on windows. It is capable of detecting IEEE 902.11g, 802, and 802.11b
networks.

The NetStumbler ethical hacking tool has the following uses:

• Identifying AP (Access Point) network configuration

• Finding causes of interference
• Accessing the strength of signals received
• Detecting unauthorized access points

6. Burp Suit:

Burp Suite is a popular platform that is widely used for performing security testing of web
applications. It has various tools that work in collaboration to support the entire testing process,
from initial mapping and analysis of an application's attack surface, through to finding and
exploiting security vulnerabilities. Burp is easy to use and provides the administrators full
control to combine advanced manual techniques with automation for efficient testing. Burp can
be easily configured and it contains features to assist even the most experienced testers with
their work

19 | P a g e
7. QualysGuard:

QualysGuard is an integrated suite of tools that can be utilized to simplify security operations
and lower the cost of compliance. It delivers critical security intelligence on demand and
automates the full spectrum of auditing, compliance and protection for IT systems and web
applications. QualysGuard includes a set of tools that can monitor, detect, and protect your
global network.

8. Network Stumbler:

Network stumbler is a WiFi scanner and monitoring tool for Windows. It allows network
professionals to detect WLANs. It is widely used by networking enthusiasts and hackers
because it helps you find non-broadcasting wireless networks. Network Stumbler can be used
to verify if a network is well configured, its signal strength or coverage, and detect interference
between one or more wireless networks. It can also be used to non-authorized connections.

20 | P a g e
2.4 ADVANTAGES AND DISADVANTAGES:

Ethical hacking nowadays is the backbone of network security. Each day its relevance is
increasing, the major pros & cons of ethical hacking are given below:

Advantages

• “To catch a thief you have to think like a thief”

• Helps in closing the open holes in the system network

• Provides security to banking and financial establishments

• Prevents website defacements

• An evolving technique

Disadvantages

• All depends upon the trustworthiness of the ethical hacker

• Hiring professionals is expensive

2.5 FUTURE ENHANCEMENTS:

• As it an evolving branch the scope of enhancement in technology is immense. No ethical

hacker can ensure the system security by using the same technique repeatedly. He would have
to improve, develop and explore new avenues repeatedly.

• More enhanced software’s should be used for optimum protection. Tools used, need to be
updated regularly and more efficient ones need to be developed.

21 | P a g e
 CHAPTER:3

CONCLUSION

To conclude this topic, we must say that the word “hacker” carries weight. Hacking may be
defined as legal or illegal, ethical or unethical. As we all know that technology is growing so
fast and it will continue to do so. With the technological development there are many faces of
one technology. Human mind is very powerful tool and actually has no control.

Hackers detect flaws and vulnerabilities in a system or network and modify it according to their
requirements. There are three categories of hackers known as the white-hat, black-hat and the
grey-hat who are only differentiated by their intentions towards hacking. White hat hackers are
those hackers who are gaining access into the system or computer network with the consent of
the target to find out the vulnerabilities and security flaws in the present system. They are
actually helping the organization or individual by making them aware about such flaws. Where
the Black hat Hacker is a person who is exploiting the computer system or computer network
without the consent or permission from any authorized party. His main goal is to do any kind
of mishap to the system. Basically black hat hacker is a kind of person who uses his knowledge
of vulnerabilities to exploit any system. He is much more concerned with his private gain. Grey
hat work partially means sometimes they work for the organization or sometimes use their
knowledge for harm the organization. There is a need of creating awareness about ethical
hackers to avoid security breaching of products.

Ethical Hacking is a subpart of Cyber Security. Ethical Hacking is performed by ‘white-hat

hackers’ whose work of hacking the system is the same as that of ‘black-hat’ hackers, but the
intention is different. In the case of ethical hacking, the hacker hacks to protect the system.
Cyber Security experts, on the other hand, don’t have to hack into the system. Their job is to
protect the system by taking all possible protective measures. In the simplest of terms, Ethical
Hackers make use of offensive security measures, and Cyber Security experts use defensive
security measures. Let’s take an example here. Suppose, you have launched an application like
Uber, and your app is generating and storing a lot of customer data per day. These records can
be used by any malicious hacker for performing dubious acts, including generating huge
amounts of false requests, accessing users’ account details who pay online, and many more.
Here, the Cyber Security expert will try to defend the application by taking appropriate
protective measures, or moreover, he/she will just inform the owner about the attack.
Meanwhile, an Ethical Hacker will try to attack the application with permission and will inform

22 | P a g e
you about how he could hack the system, and then, he may also provide a solution for the issue.
Ethical Hacking is like you are intentionally trying to hack into a system just to test how the
system would respond to such malicious activities.

Five phases of hacking are required to complete target hacking successfully. The first step of
Hacking. It is also called as Foot printing and information gathering Phase. This is the
preparatory phase where we collect as much information as possible about the target. We
usually collect information about three groups, Network, Host, People involved. There are two
types of Foot printing Active and Passive. The next step is scanning and it has three types of
scanning are involved Port scanning, Vulnerability Scanning, Network Mapping. Third phase
is of gaining access this phase is where an attacker breaks into the system/network using
various tools or methods. After entering into a system, he has to increase his privilege to
administrator level so he can install an application he needs or modify data or hide data. Fourth
step where the hacker aim is to maintain the access to the target until he finishes the tasks he
planned to accomplish in that target. And, the final step is that No thief wants to get caught.
An intelligent hacker always clears all evidence so that in the later point of time, no one will
find any traces leading to him. This involves deleting the values of Logs, modifying registry
values and uninstalling all applications he used and deleting all folders he created.

Hackers are having very measurable impact on the society. They are attracting more and
younger generation. Though ethical hacking is not bad but it is also very important to know
that what exactly ethical hackers are doing for the interest of society. If we treat hacker is the
person who pushes technology beyond perceived norms, there are several fields in computing
where ethical hacking or ethical hackers made a measurable impact. Now a day’s internet has
become the gateway for any computer to connect to the entire world, which also makes it
vulnerable to attacks from the hackers across the world.

23 | P a g e
 BIBLIOGRAPHY

• GeeksforGeeks, last modified 11 Aug,2021, Phases of Ethical Hacking, accessed 10

Aug 2021, < https://www.geeksforgeeks.org/5-phases-hacking/>

• Itperfection, last modified 2021, fig2.Phases of Ethical Hacking, accessed 10 Aug

2021,
<https://www.itperfection.com/network-security/five-phases-of-ethical-hacking-
clearing-tracks-reconnaissance-scanning-hacker-security-cybersecurity/>

• Eccouncil, last modified 2021, Types Of Hacking, accessed 9 Aug 2021,

< https://www.eccouncil.org/ethical-hacking/>

• Searchsecurity.techtarget, last modified, Ethical Hacking Techniques, accessed 9 Aug

2021, < https://searchsecurity.techtarget.com/definition/ethical-hacker>

• Bteccsenotes.blogspot, last modified 2020, Ethical Hacking Terminology, accessed 8

Aug 2021,
< https://bteccsenotes.blogspot.com/2015/06/ethical-hacking-terminology.html>

• GeeksforGeeks, last modified 22 June, 2021, Skills Required For Ethical Hacker,
accessed 12 Aug 2021 < https://www.geeksforgeeks.org/skills-required-to-become-a-
ethical-hacker/>

• Info-savvy, last modified 2019, Type of Testing, accessed 12 Aug 2021,

< https://info-savvy.com/types-of-penetration-testing/>

• Tutorialspoint, last modified, Ethical Hacking Tools, accessed 13 Aug 2021,

< https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_tools.htm>

24 | P a g e