What is Ethical Hacking?

What is ethical hacking and why it is important..?

What is Ethical Hacking?

It is a specified process used by ethical hackers to find vulnerabilities in the operational environments of information systems.

Why – Ethical Hacking is important?

To determine which vulnerabilities are visible on the Internet at any given time. Attack and Penetration Testing, White-hat hacking, and Red teaming are all terms for the same thing.

It is legal, yet ethical hackers have the same abilities, mindset, and tools as hackers, but their attacks are non-destructive.

Hacking

Process of breaking into systems for:

• Personal or Commercial Gains
• Malicious Intent – Severe damage to Information & Assets

What Hackers do?

• Unauthorized access to a computer system or a network/Firewall 
• He or she has broken the law and may be sentenced to prison.

Crackers

• To steal or destroy data and breaking into systems.

Ethical hacker

Performs most of the same activities as Hackers and Crackers do but with the owner’s permission

Script kiddies or packet monkeys

• Young inexperienced hackers
• Copy codes and strategies used by knowledgeable hackers
  

What You Cannot Do Legally

• It is against the law to get access to a computer without permission.
• Other illegal actions    

1. Installing worms or viruses 
2. Denial of Service attacks
3. Denying users access to network resources

•  It's illegal to keep other people's passwords.

What is Ethical in Ethical Hacking?

Conforming to accepted professional standards of conduct

• Black-hat – Bad guys
• White-hat - Good Guys

Ethical hackers have a wide range of abilities. They must, first and foremost, be fully trustworthy. Ethical hackers are usually well-versed in programming and computer networking.

Ethical Hacking – Process

• Preparation
• Footprinting
• Enumeration & Fingerprinting
• Identification of Vulnerabilities
• Attack – Exploit the Vulnerabilities

Preparation:

1. Identification of Targets – company websites, extranets, mail servers,
2. Signing of Contract 
   

• Agreement on legal protection in the event of a legal issue

• Contracts that explain the test's parameters and risks

• Denial of Service (DoS) tests, social engineering, and other details

• The time window for Attacks

• Prior Knowledge of the systems

• People who need to know about the testing
  

Footprinting: 

• Getting as much information on the target as possible
  

1. DNS Servers
2. IP Ranges
3. Administrative Contacts
4. Problems revealed by administrators

Information Sources

1. Search engines
2. Information Sources
3. Search engine
4. Forums
5. Databases – whois, ripe, arin, apnic
6. Tools – PING, Nslookup, Whois, Traceroute, Dig, Sam spade

Enumeration & Fingerprinting

1. Specific targets determined
2. Identification of Services / open ports
3. Operating System Enumeration

Methods and tools used:

1. Banner grabbing
2. Responses to various protocol commands (ICMP and TCP)
3. Port / Service Scans –  TCP SYN, TCP FIN,TCP Connect,etc
4. Nmap, FScan, Hping, Firewalk, Netcat, Tcpdump,Telnet,SSH,SNMP Scanner

Identification of Vulnerabilities:

• Insecure Configuration
• Weak passwords
• Vulnerabilities in services, operating systems, and apps that haven't been patched
• Possible Vulnerabilities in Services, Operating Systems
• SQL Injection and Traffic Listening are examples of insecure programming.
• Weak Access Control using the  SQL Injection, Application Logic

Methods to exploit Vulnerabilities: Exploited Conditions & Vulnerabilities that could be exploited

• Unpatched/Possible Vulnerabilities - Tools, Information on Vulnerabilities Websites
• Weak Passwords – Default Passwords, Social Engineering, Listening to Traffic, Brute force
• Insecure Coding – SQL Injection, Traffic Listening
• Vulnerable Access Control – Using the Application Logic, SQL Injection

Vulnerabilities exploit Tools:

• Vulnerability Scanners - SAINTNessus, ISS, SARA
• Listening to Traffic – Ethercap, tcpdump
• Password Crackers – Pwdump,John the ripper, LC4
• Intercepting Web Traffic –Whisker, Legion, Achilles

Websites to find Vulnerabilities:

• Common Vulnerabilities & Exposures – http://cve.mitre.org
• Bugtraq – www.securityfocus.com
• Free exploits from Hacker Websites

Attack – Exploit the vulnerabilities:

• Gather much information from the Target System
• Gaining Normal Access
• Escalation of privileges
• Obtaining access to other connected systems
• Denial of Service

What are different types of attack?

Network Infrastructure Attacks

• Connecting to the network through a modem 
• Weaknesses in TCP / IP, NetBIOS
• Flooding the network to cause DOS

Operating System Attacks

• Attacking Authentication Systems
• Exploiting Protocol Implementations
• Exploiting Insecure configuration
• Breaking File-System Security

Application-Specific Attacks

• Exploiting implementations of HTTP, SMTP protocols 
• Gaining access to application Databases
• SQL Injection
• Spamming

What is the purpose of the Penetration Test?

An attempt to gain legal access to a company's network in order to identify its weakest link.

What do Ethical Hackers do?

An ethical hacker evaluates the system’s security and seeks answers to these basic questions:

• On the victim systems, what can hackers see?
• What could an intruder do with that data?
• Is anyone at the target paying attention to the intruder's efforts or successes?
• What are you trying to protect?
• What are you trying to protect against?
• How much time, effort, and money are you willing to put forth in order to acquire proper security?

Required Skills of an Ethical Hacker

• Routers: Expertise in different type model routers, routing protocols, and access control lists
• Microsoft: operation, configuration, and management capabilities.
• Linux: Good understanding of the Linux/Unix operating system, as well as configuration, and services.
• Firewalls: Intrusion detection system setups and operation.
• Network Protocols: TCP/IP: how they work and how they can be exploited.
• Project Management: A thorough understanding of how to lead, plan, organize, and control a penetration testing team
  

1.  Insider attack
2.  Outsider attack
3.  Stolen equipment attack
4.  Physical entry
5.  Bypassed authentication attack (wireless access points)
6.  Social engineering attack
   

The terminology used in the attack:

• Reconnaissance – Information is gathered by the attacker, which may include social engineering.
• Scanning – Scanning identifies open ports (port scan) and probes for vulnerabilities.
• Gaining access – Attacker exploits vulnerabilities to get inner system; used for spoofing IP.
• Maintaining access – Creates backdoor through use of Trojans; once an attacker gains access make sure he/she can get back in.
• Covering tracks – Deletes files and documents hides files and erases log files. So that hackers cannot be identified or penalized.

Hacker classes

• Black hats – Black hats are "crackers" who are extremely talented, malevolent, and destructive.
• White hats – defensive security analysts' talents
• Gray hats – offensive and defensive hacking; will hack for various reasons depending on the situation
• Hacktivism – Hacking for a social or political cause is known as hacktivism. 

Ethical hackers assess what information attackers may access, what they will do with it, and whether they can be identified.

Must know to be an Ethical Hackers:

• Footprinting
• Scanning
• Enumeration
• System Hacking
• Trojans and Backdoors
• Viruses, and Worms
• Sniffers
• Denial of Service
• Social Engineering
• Session Hijacking
• Hacking Web Servers
• Web Application Vulnerabilities
• Web-Based Password Cracking Techniques
• SQL Injection
• Hacking Wireless Networks
• Viruses
• Novell Hacking
• Linux Hacking
• Evading IDS, Firewalls, and Honeypots
• Buffer Overflows,
• Cryptography
• Social Engineering
• Computer Forensics

Hacking Tools: Footprinting and Reconnaissance

Some fundamental Footprints and Reconnaissance tools should be known for ethical hacking:

•  Whois
•  Sam Spade
•  Nslookup
•  Traceroute
•  Ping and Ping Options

Hacking Tools:  Scanning and Enumeration

•  Nmap
•  NMapWin
•  SuperScan
•  IP Scanner
•  Hyena
•  Retina
•  LAN guard
  

Hacking Tools: System Hacking

•  Telnet
•  Snadboy
•  Password Cracking with LOphtcrack
•  Keylogger

Hacking Tools: Trojans and Backdoors

•  NetBus
•  Game Creates Backdoor for NetBus
•  SubSeven

Hacking Tools: Sniffers

•  Spoofing a MAC address Original Configuration
•  Spoofed Mac
•  Ethereal
•  Iris
•  Snort

Hacking Tools: Web-Based Password Cracking

•  Cain and Abel
•  Legion
•  Brutus

Hacking Tools: Covering Tracks

•  ImageHide
•  ClearLogs

Hacking Tools: Google Hacking and SQL Injection

• Google Hacking
• Google Cheat Sheet

SQL Injection: Let us know what this is?

•  Allows a remote attacker to run SQL operations on a database.
•  Relies on ill-formed database queries and a lack of input validation.

Hacker Challenge Websites:

• Hackr.org
• Hackthissite.org
• Hackits (hackits.de/challenge)
• Legion of Ethical Hacking
• Hacker Highschool
• johnny.ihackstuff.com
• HappyHacker.org
• Foundstone
• Insecure.org
• SANS Institute