Professional Documents
Culture Documents
1. List down and then briefly elaborate the phases of an ethical hacking process.
The phases of an ethical hacking process are listed and briefly explained below:
Phase 1: Footprinting
Footprinting is the process of gathering information about a target system or
network in order to identify its vulnerabilities and potential points of attack. The
goal of footprinting is to gather as much information about a target organization
as possible, such as its network architecture, hardware and software
configurations, operating systems, applications, users, and security measures.
Phase 2: Scanning
The scanning phase focuses on active engagement of the target with the
intention of obtaining more information. Scanning the network will ultimately
locate active hosts that can then be target in a later phase.
Phase 3: Enumeration
It is the systematic probing of a target with the goal of obtaining user lists, routing
tables and protocols from the system. This process moves us from outside to
inside network to gather system data.
Phase 4: System Hacking
It is a process which cannot be complete single pass. This process becomes
much more complex. It involves a methodical approach that includes cracking
passwords, privilege escalations, executing and hiding applications, etc.
The types of data and information that can be gathered through the process of
footprinting include:
Network topology and architecture: Footprinting can help to identify the layout
and structure of the target network, including its IP addresses, subnets, and
domains.
Operating systems and software: Footprinting can reveal the types of
operating systems and software running on the target network, as well as their
versions and patch levels.
Services and ports: Footprinting can identify the services and ports that are
open and available on the target network, providing potential entry points for
attackers.
User accounts and passwords: Footprinting can reveal the names of user
accounts on the target network, as well as the strength of passwords and other
authentication mechanisms.
Social engineering targets: Footprinting can identify potential targets for social
engineering attacks, such as key personnel, employees with elevated privileges,
and third-party vendors.
Security measures: Footprinting can help to identify the security measures in
place on the target network, such as firewalls, intrusion detection and prevention
systems, and access controls.
Publicly available information: Footprinting can also gather information about
the target organization that is available through public sources, such as social
media, news articles, and public records. This information can be used to build a
profile of the target and identify potential vulnerabilities or weak points in their
security posture.
4. List down some important information related to computer networks which can be
gathered, via reconnaissance.
Information related to computer networks which can be gathered via footprinting, or
reconnaissance are below:
IP address and domain names: Reconnaissance can be used to identify IP
address and domain names associated with a network or website.
Network Topology: Reconnaissance can help identify the structure and layout
of a network, including the number and location of nodes.
Network Services: Network services such as FTP, HTTP, and SSH can be
identified through reconnaissance.
Network Security Measures: It can help identify the security measure in place
on network such as firewalls, intrusion detection systems, and antivirus software
which can plan their attacks more effectively.
Network Configuration: Reconnaissance can identify network configurations,
including IP addresses, subnet masks, DNS servers, and other details. This
information can be used to identify potential targets for further attacks.
5. List down some important information related to operating systems which can be
gathered, via reconnaissance.
The information related to operating systems that can be gathered via reconnaissance
are listed below:
7. List down the differences between active information gathering and passive
information gathering process.
The differences between active information gathering and passive information gathering
process are given below:
8. Write down some threats which can be possibly introduced into an enterprise’s
network system through the process of footprinting.
The threats introduced into enterprise’s network system through the process of
footprinting are:
9. List down the type of information that can be gathered when we carry out
reconnaissance using the following types of dataset:
a. Search Engines
Using search engine, we can find a lot of information, some of it completely
unexpected or something a defender never considers, such as technology platforms,
employee details, login pages, intranet portals, and so on. A search can easily
provide even more details such as names of security personnel, brand and type of
firewall, and antivirus protection.
b. Public and Restricted Website
Websites that are intended not to be public but to be restricted to a few can provide
you with valuable information. Because restricted websites such as
technet.microsoft.com and developer.apple.com are not intended for public
consumption, they are kept in a subdomain that is either not publicized or that has a
login page.
c. Location and geography
With this type of dataset, we can get information regarding the physical location of
offices and personnel. Knowing a company’s physical location can aid in dumpster
diving, social engineering and other efforts.
d. Social Networking
Social networking has proven not only extremely prolific but also incredibly useful as
an information-gathering tool. You can learn not only what an individual is doing but
also all the relationships, both personal and professional, that they have. Data such
as project data, vacation information, working relationships and location information
can be collected through social networking.
e. Financial Services
Popular financial services such as Yahoo! Finance, Google Finance, and CNBC
provide information that may not be available via other means. This data includes
company officers, profiles, shares, competitor analysis, and many other pieces of
data. This data contributes in attacks such as phishing.
f. Job Portals
A valuable method of gathering information about a target is through job sites and
job postings. It is a statement of desired skills. It is not uncommon to find information
such as infrastructure data, operating system information, and other useful facts.
g. Computer Networks
This dataset includes information regarding computer networks. The information we
can get through this dataset are:
Domain names
Internal domain name information
IP address of available system
VPN information
Authentication mechanism and systems
IDS/IPS and firewalls
TCP/UDP services that are running.
Rouge or unmonitored websites that are used for testing or other purposes
Access Control mechanisms.
10. In detail, elaborate what the process of Scanning refers to.
Scanning is the process of engaging and probing a target network with the intention of
revealing useful information. The gathered information is used for the later phases of the
penetration testing process.
Identify the target: The first step in scanning is to identify the target system or
network that you want to scan. This could be a single device, a range of IP
addresses, or an entire network.
Determine the scanning methodology: The next step is to determine the scanning
methodology that you will use. This could include port scanning, vulnerability
scanning, or service scanning.
Select the scanning tool: Once you have determined the scanning methodology,
you need to select the appropriate scanning tool. There are many scanning tools
available, both free and commercial, that can be used to perform scanning.
Configure the scanning tool: Once you have selected the scanning tool, you need
to configure it according to the scanning methodology that you have chosen. This
could include setting the scan type, port range, or vulnerability database.
Run the scan: After configuring the scanning tool, you can run the scan. This will
typically involve the scanning tool sending packets to the target system or
network and analyzing the responses to identify potential vulnerabilities or
weaknesses.
Analyze the results: Once the scan is complete, you need to analyze the results
to identify any potential vulnerabilities or weaknesses. This could include open
ports, outdated software, or other issues that could be exploited by attackers.
11. What are the three types of scans? List then down and then elaborate those
scanning techniques in detail.
The three categories of scan are Port Scan, Network Scan, Vulnerability Scan.
a. Port Scan
Sending carefully crafted messages or packets to a target.
These probes are typically associated with well-known port numbers
(<=1024).
We can learn about the services that a system offers to the network domain.
We can hence find out mail servers, domain controllers and web servers and
differentiate one from the other.
b. Network Scan
This is designed to locate the live (active) hosts on a network.
This scan can help identify the systems which may be attacked later.
This helps us identify devices which we may need to scan more closely.
Ping sweeps can be used for rapidly scanning an IP range.
Nmap or Angry IP scanner are generally used in this process.
c. Vulnerability Scan
Used to identify weaknesses or vulnerabilities on a target system.
This scan is typically done as a proactive measure.
Goal is to catch and identify vulnerabilities in a system before an attacker can
locate those same
vulnerabilities.
A typical vulnerability scan will discover hosts, access points, open ports and
services and generate reports.
1. Objectives
Penetration testing is a simulated attack on a system used to identify and exploit flaws in
the system's security measures. Its goal is to determine whether a system can be
breached and how far an attacker can penetrate.
2. Methodology
Penetration testing simulates a real-world attack by attempting to exploit flaws in a
system's defenses. This is accomplished by combining automated and manual testing
techniques, such as network and application-level attacks, social engineering, and
physical security testing.
In contrast, vulnerability scanning employs automated tools to search a system for
known flaws. This is typically a non-intrusive process that identifies vulnerabilities for
further investigation rather than exploiting them.
3. Scope
Penetration testing is typically limited to a single system, application, or network
segment. It is intended to provide a detailed analysis of the targeted system's security
posture.
Vulnerability scanning, on the other hand, can be done on a much larger scale, with
multiple systems, applications, and networks covered. It is frequently used as the first
step in a more comprehensive security assessment process.
4. Deliverables
In conclusion, while both penetration testing and vulnerability scanning are critical for
identifying security flaws, they differ in their objectives, methodology, scope, and
deliverables. Penetration testing is a more comprehensive and targeted method of
simulating a real-world attack, whereas vulnerability scanning is a more automated and
broad process of identifying known vulnerabilities for remediation.
13. How can Ping be used for the process to check for live systems in a computer
network domain? What makes it useful in a prolonged scanning phase when it
comes to ethical hacking?
Ping is a simple network utility that sends a small data packet to a network device and
waits for a response. The goal of this utility is to determine whether a device is reachable
on the network and to calculate response latency. Ping can be used to detect live
systems in a computer network domain as follows:
Determine the network's IP range: Before performing a Ping scan, you must first
determine the network's IP range. This can be accomplished by using network scanning
tools like Nmap or by inspecting the network configuration settings.
Ping scan: Once you've determined the IP range, use the Ping utility to send ICMP
(Internet Control Message Protocol) packets to each IP address in the range. If a device
responds to a Ping request and is alive, it will send an ICMP echo reply packet back to
the sender.
Analyze the results: Once the Ping scan is finished, you can examine the results to see
which IP addresses are still active on the network. This data can be used to pinpoint
potential targets for additional scanning and penetration testing.
14. What can the category of applications that can be used to modify the header
contents of the packets be called as? Provide two examples of such applications.
Packet crafting or packet injection tools are a class of applications that can be used to
modify the header contents of packets. Users can use these tools to change the
contents of network packets, such as the source and destination IP addresses, port
numbers, and protocol headers. Here are two tools for creating packets:
Scapy is an advanced packet manipulation tool that allows users to create, send, and
capture network packets. It supports many protocols, including TCP, UDP, ICMP, and
DNS, and allows users to change packet headers and payloads. Custom packets can be
created with Scapy for network testing, analysis, and penetration testing.
Hping is a command-line utility that allows users to send custom TCP/IP packets to
specific hosts. It can be used for a number of tasks such as firewall testing, network
mapping, and denial-of-service attacks. Hping supports a variety of packet types,
including SYN, ACK, FIN, and RST, and allows users to customize packet headers and
payloads.
15. List down the six types of TCP header flags and then provide short descriptions of
each.
The six types of TCP header flags are:
URG (Urgent Pointer): Specifies that the Urgent pointer field is valid and points to the
end of urgent data. Urgent data is data that should be given priority processing by the
receiving TCP.
PSH (Push): This specifies that the receiving TCP should push the data to the receiving
application as fast as feasible, without buffering it.
RST (Reset): This command is used to reset a connection in the event of an error or to
reject an invalid segment.
SYN (Synchronize): This command is used to link two TCP endpoints by synchronizing
their sequence numbers.
FIN (Finish): Signals that the transmitting TCP has completed its data transmission and
is ready to close the connection. The receiver will send an acknowledgment and then
terminate the connection.
Dictionary Attacks
This type of attack consists of a password-cracking application with a dictionary
file put into it. The dictionary file is a text file that contains a list of known terms
that extends all the way to the end of the dictionary. This list is used by the
application to test different words in an effort to recover the password.
Brute Force Attacks
In this form of attack, every potential character combination is tried until the
correct one is discovered.
Packet Sniffing
A sniffer, also known as a packet analyzer, is a tool (usually software) designed
to capture packets as they travel through a network. In general, sniffing attacks
are most effective when carried out on a network with a hub between the attacker
and the victim, or when the two parties are on the same segment of the collision
domain.
Man-in-the-middle:
With this form of assault, two parties are conversing when a third party enters the
conversation and attempts to manipulate or eavesdrop on the conversations.
Malware
Malware such as Trojans, spyware, and keyloggers can be extremely valuable
during an attack by allowing the attacker to collect all types of information,
including passwords.
23. Explain the importance of escalating privilege level during the process of system
hacking.
Escalating privilege levels is a critical phase in the system hacking process. It entails
getting access to a computer system or network at a higher level than is ordinarily
permitted for a certain user or account. Here are some of the reasons why raising
access levels is critical in system hacking:
Higher-level access also allows an attacker to execute more powerful commands and do
operations that would otherwise be confined to normal users. An attacker with
administrator capabilities, for example, can install software, edit system files, or establish
new user accounts.
Persist on the system: Escalating privileges can also assist an attacker in maintaining
long-term access to a system or network. An attacker can make it more difficult for
system administrators to detect and remove their presence by creating new user
accounts, installing backdoors or rootkits, or changing system data.
24. Why are backdoors relevant during the process of system hacking?
Backdoors are useful during the system hacking process because they allow attackers
to bypass standard authentication and acquire access to a system or network even if
their initial attack vector has been turned off or patched. Backdoors are important in
system hacking for the following reasons:
Bibliography
Anon., 2022. What is Enumeration in Ethical Hacking?. [Online]
Available at: https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/enumeration-ethical-
hacking/#:~:text=Enumeration%20is%20the%20process%20of,ports%2C%20usernames%2C%20and
%20passwords.
[Accessed 24 2 2023].