You are on page 1of 17



Hacking refers to an array of activities which are done to intrude someone else personal information so as to use it for unwanted purpose. Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured network.



1. 2. 3. 4. 5.

Preparation Footprinting Enumeration & Fingerprinting Identification of Vulnerabilities Attack Exploit the Vulnerabilites

Identification of Targets company websites, mail servers, extranets, etc. Signing of Contract

Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing

Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Forums Databases whois, ripe, arin, apnic Tools PING, whois, Traceroute, DIG, nslookup, sam spade

Specific targets determined Identification of Services / open ports Operating System Enumeration

Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans TCP Connect, TCP SYN, TCP FIN, etc.

Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner


Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control

Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS

Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security

There are mainly three types of hackers White hat Black hat Gray hat

These are good hackers . Have genuine license to hack. Have registered police records Evolves themselves in good works Generally owned by companies for security designing Have high pay scales.


dangerous persons. Always have motive to earn huge profit. Highly paid persons. Evolves themselves mostly in criminal activities.

Also known as red hats. Perform both tasks fair as well as unfair. Generally these are admins. Have little high pay than white hats. Generally not so dangerous, but sometimes could be.

Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network. An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, All data sent or received by a system will be addressed from or to the system. An attackers first step is to find out the IP Address of the target system.

Linux Windows

XP, vista, Windows 7

Honeypot Virtual


PC or VMware

By using the above process we can do the hacking process. But in real world if we use hacking process illegally, then it is a crime so we should not encourage hacking of any systems.