Introduction to Ethical Hacking.

Let’s starts with the scenario.

Scenario
Mr. X went to a cyber cafe as his home internet was not working. He checked the mail, did
online shopping and much more stuff and closed all the active sessions in a proper manner by
logging out. After some time he got a message “Your a/c no. xxxxxxxx9900 is credited by Rs.
30,000.00”.

So what went wrong?

Carelessness and lack of security knowledge. The system in cyber café on which Mr. X was
sitting was connected to a hardware keylogger a device used to capture each and every activity
of the user and also the key pressed on the keyboard.

What can happen over the Internet?

Internet is a network of networks and has expanded itself a lot. Internet is now an integral part
of the business and personal life too.

Internet is a large repository of useful information. With the passage of time the internet has
made its reachability to more than half of the world, everyone is connected with internet 24*7
either by computers, laptops, mobiles or other means of handheld devices.

No matters where you are at which corner of the world you can send/receive messages, emails
within a second with just one click of the mouse, you can buy/sell the products from any
country within a second.

Over the internet we can read the news, listen to songs, see movies, do internet banking, we
can promote over the business and so. As internet is good it is bad too, now with the
advancement in technology, it’s the time to keep our information (digital assets) secure from
intruders (hackers).

Introduction to Hacking/Ethical Hacking?

The first authentic hack came in existence in the 1960s, and the same time the term Hacking &
Hacker was originated.

The “Hacking” was started as the way to explore new things, technologies, in order to use them
in a better way or for good, with the change in time the term “Hacking”, has taken the different
meaning, nowadays hacking means finding the flaws, Vulnerabilities in a computer or
computer-related resources and to exploit them with bad intention either for harming the
computer or computer networks to steal the sensitive information thus causing the reputation
loss or financial loss to the organizations or to an individuals. The person or a group/groups
who do hacking are known to be a hacker. Hacker/Hackers are experts having a good
knowledge of computer/computer technologies and other network and security devices, having
knowledge of different computer languages for creating automated scripts thus making their
task easier. Some do hacking either for fun, some for money.

Ethical Hacking has been a part of computing for the past few decades and is a very broad
discipline covering a wide range of topics. The term “Ethical Hacking”, finding the flaws or
vulnerability in the operating systems, or systems connected to a network so that it can be fixed
on time. The Ethical Hackers are the experts having good knowledge of computer, network,
network, and security devices and use same skill sets as the malicious hackers do, but the main
difference between the two is that ethical hackers follow ethics in work cultures and works
under the control.

Types Of Hackers.
1. White Hat Hacker
The Hacking is legal as long as it is done to find the weaknesses in a computer or a
network with the security perspective in mind that’s too with the permission of the
network or computer system owner, Ethical Hacker does follow ethics in work
culture, this sort of hacker is called as “Ethical Hackers, Penetration Tester” or
“Ethical Hacking, Penetration Testing” and falls under white Hat Hacker category.
The demand for Ethical Hacker, Penetration Tester has increased a lot for a past few
decades and companies are hiring them for testing their networks for finding out the
vulnerabilities thus securing the network from any attack.
2. Black Hat Hacker
They are experts having a good knowledge of computer/computer technologies and
other network and security devices, having knowledge of different computer
languages for creating automated scripts thus making their task easier. They doing
hacking for illegally either for fun or their own profit. They are free to do what they
want to do, they do not follow ethics in work culture. They are also called “Cracker”.
3. Script Kiddies
A Nonskilled person who gains access to the computer or a network by using the
tools or scripts already made by others freely available on the internet.
4. Phreaker
Hackers who identify and exploits a weakness in telephones or mobiles instead of
computer systems.
5. Hacktivist
The hackers who utilize the technologies to display a social, religious or political
message, they involve website defacement attack.
What is Cybercrime?
Cybercrime is a crime that makes the use of computer/computers/network/networks or other
technology to perform illegal activities such as spreading of computer viruses, Spam, fraud,
gaining unauthorized access to a system. The cybercrime is committed using the internet as a
medium.

The online chatting applications, mobile phones, social networking sites can also be used for
committing a crime.

Type’s of Cybercrime
The following are the common types of cybercrimes.

1. Sharing Copyrighted Files/Information.

2. Bulk Spam Mail.
3. Phishing.
4. ATM Fraud (ATM Skimming).
5. Denial Of Service Attack.
6. Virus attack.
7. Attacking a web site (SQL Injection,Cross-site scripting attack).
8. Ransomware Attack.

Security Threats to Computer Systems or a Networks?

The threats are defined as a risk that can cause harm to Computer Systems or a Networks and
organization. In the cyber world, some of the Security Threats to Computer Systems or
Networks are:-

1. Malware.
2. Attacks.
3. Unauthorized access to a computer or related resources.

In order to protect against malware, an organization or individual can use antivirus and other
network and security devices (firewall, IDS/IPS), other solutions like- Encryption, Application
whitelisting, restricting the user's internet access, restricting the use of USB devices and can
also place 2FA solution.

Terms & Terminologies.

Following are some terms & terminologies using in the hacking domain.
1. Adware − is software designed to display ads on your system.
2. Attack − An attack is an action that is done against a system or a network in order to to
get its access and extract sensitive data.
3. Back door − A back door, or trap door, is a hidden entry to a computer or network
resources or software that makes the exploits the known vulnerability in order to bypass
 the security measures, such as logins and password protections with coming in the
notice to the actual owner.
4. Bot − A bot is a program that automates an action so that it can be done repeatedly at a
much higher rate for a more sustained period than a human operator could do it. For
example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects
at a higher rate.
5. Botnet − A botnet, also known as a zombie army, is a group of computers controlled
without their owners’ knowledge. Botnets are used to send spam or make denial of
service attacks.
6. Brute force attack − A brute force attack is a method to gain access to a system or
website. It tries a different combination of usernames and passwords, over and over
again, until it gets in.
7. Buffer Overflow − Buffer Overflow is a flaw that occurs when more data is written to a
block of memory, or buffer than the buffer is allocated to hold.
8. Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious attempt to
make a server or a network resource unavailable to users, usually by temporarily
interrupting or suspending the services of a host connected to the Internet.
9. DDoS − Distributed denial of service attack.
10. Exploit − is a piece of software or a sequence of commands that takes advantage of a
bug or vulnerability to compromise the security of a computer or network system.
11. Firewall − A firewall is a network security device, can either be a software or hardware
or both acts like a guard between the organizations internal network and external
network (Internet) and allows us to filter the communication what should be allowed to
go out and what should be allowed to come in to an internal network, it suspect each
and every packet.
12. Keylogger – Keylogger can either be a software or hardware used to capture each and
every keystroke which is pressed on a computer.
13. Malware – Malicious software is a term used to refer to a variety of forms of malicious
software, including viruses, worms, Trojan, ransomware, spyware, adware.
14. Phishing − is a fraud method via e-mail in which the email is crafted in such a way that it
looks legitimate emails as is send from the bank, college, school or other organizations,
which attempt to gather personal and financial information from recipients. Some time
passing mail force the recipient to click on to the link provided in the mail thus installing
the malicious code in the victim system creating backdoor.
15. Shrink Wrap code − A Shrink Wrap code attack is an act of exploiting holes in unpatched
or poorly configured software.
16. Social engineering − Social engineering implies deceiving someone with the purpose of
acquiring sensitive and personal information, like credit card details or user names and
passwords.
17. SQL Injection − is an SQL code injection technique, used to attack data-driven
applications, in which malicious SQL statements are inserted into an entry field for
execution (e.g. to dump the database contents to the attacker).
 18. Threat − The threats are defined as a risk that can cause harm to Computer Systems or a
Networks and organization A threat is a possible danger that can exploit an existing bug
or vulnerability to compromise the security of a computer or network system.
19. Virus − A virus is a malicious program or a piece of code which is capable of copying
itself and typically has a bad effect, such as corrupting the system or destroying data, it
needs human intervention for spreading.
20. Vulnerability − A vulnerability is a weakness which allows a hacker to compromise the
security of a computer or network system.
21. Worms − A worm is a self-replicating virus that does not alter files but resides in active
memory and duplicates itself and does not need human intervention for spreading.
22. Cross-site Scripting − Cross-site scripting (XSS) is a type of computer security
vulnerability typically found in web applications. XSS enables attackers to inject client-
side script into web pages viewed by other users.

Ethical Hacking Tool

Some of the tool used in Hacking/Ethical Hacking/Pen testing is as follows:-

1. Nmap (Network Mapper) is a free and open-source network scanner created by

Gordon Lyon. Nmap is used to discover hosts and services on a computer network by
sending packets and analyzing the responses. Nmap provides a number of features for
probing computer networks, including host discovery and service and operating system
detection. Nmap started as a Linux utility but was ported to other systems including
Windows, macOS,

2. Nmap is actually a Command Line Interface (CLI), but Zen map, a new official Graphical
User Interface (GUI).
Find more study stuff related to Nmap visit http://exweeto.com/Tools/Nmap.

3. Metasploit
Metasploit is one of the most powerful exploit tools. It’s a product of Rapid7 and most
of its resources can be found at www.metasploit.com. It comes in two versions
commercial and free edition. Metasploit can be used with the command prompt or with
Web UI.

4. Qualys Guard
Qualys Guard is an integrated suite of tools that can be utilized to simplify security
operations. Qualys Guard includes a set of tools that can monitor, detect, and protect
your global network.

5. Nessus
Nessus is a proprietary vulnerability scanner developed by Tenable.
 6. Cain & Abel & LC4
They are password recovery tool for Microsoft Operating Systems. It helps in easy
recovery of various kinds of passwords.
7. Kali Linux
Kali Linux is a is Linux based operating system which contains several hundred tools
which are geared towards various information security tasks, such as Penetration
Testing, Security research, Computer Forensics, and Reverse Engineering.
8. Burp Suite
Burp Suite is a useful platform for performing Security Testing of web applications. Its
various tools work seamlessly together to support the entire pen testing process.

Information Security and It’s Elements.

Information Security is a wide discipline, now a day’s organizations are spending a lot in
securing their network and information/data as losing information/data can cause them both
financial as well as a reputational loss too.

With the ever-increasing usage of the Internet, numerous activities take place on your
computer systems as well as over network and it can be for either good or bad. These activities
vary from identity theft, stealing private documents/files/data/Information. The fact is that
everything is online and opens us to these frauds and makes us victims.

The 3 most important elements of information security are: -

1. Confidentiality
Assure that the information is accessible by only those who are authorized to access
them.

The confidentiality breach can happen when there is improper data handling or hacking
attempt. In an organization having different departments (HR, IT, sales ) all have their
shared drives for sharing of data or information with other people belonging to their
department, they also have policies implemented so that the people from other
departments denied to have access to the shared drive of different departments this
helps in protecting confidentiality.

2. Integrity
The trustworthiness of data/information/files in term of preventing improper or unauthorized
changes. One of the most efficient ways to protect the confidentiality and integrity of
information is encryption. Applying encryption across a whole volume or drive provides robust
protection against data falling into the wrong hands. With the increasingly widespread
availability of full drive encryption, it is worthwhile for every company or organization to
evaluate the need and benefits of implementing this type of protection. Although full drive
encryption will not prevent a drive from being physically stolen, it will go a long way toward
preventing the thieves from accessing the information easily. Technologies such as SSL, IPsec,
 and others would just not be possible without encryption. Hashing is a form of one-way
encryption that is used to verify integrity. Passwords are commonly stored in a hashed
format so the password is not in clear text. When a password provided by the user
needs to be verified, it is hashed on the client side and then transmitted to the server,
where the stored hash and the transmitted hash are compared. If they match, the user
is authenticated; if not, the user is not authenticated. WPA and WPA2 offer strong
integrity.

Hashing is referred to as a cipher or algorithm or even a cryptosystem, but it can be

uniquely referred to as a nonreversible mechanism for verifying the integrity of data.
Remember that hashing doesn’t enforce confidentiality. Hashing is a one-way process
commonly used to validate the integrity of information. A hash function generates a
fixed-length value that is always the same length.

3. Availability
Assurance that the information/files/data, systems, resources responsible for storing,
processing and delivering information/files/data are available and accessible as an when
needed without fail. availability can be attained by having redundant systems and
reliable backup systems.

Types of Attack’s
Types of attacks on a system are: -

System Level Attacks.

Network Level Attacks.
Application Level Attacks.

1. DOS Attack.
2. SQL Injection attack.
3. Password Cracking/guessing.
4. Privilege escalation.
5. Phishing attack.
6. Session Hijacking.
7. Man, in the middle attack.
8. Cross-Site Scripting.
9. Website defacement.

Hacking Process or Phases.

There are 5 phases involved in the hacking process.
1. Footprinting/Reconnaissance.
2. Scanning.
3. Gaining Access.
 4. Maintaining Access.
5. Covering Track.

Vulnerability Assessment
Vulnerability assessment is an examination of the ability of a system or application, including
current security procedures and controls to withstand the attack.

Types of Vulnerability assessment Host-based Assessment.

Determining the vulnerability in a particular workstation or a server.
1. Internal Network Assessment.
Scanning the internal network in order to find the vulnerabilities.
2. External Assessment.
Assessing the network from outside as a hacker’s point of view in order to check the
security posture.
3. Application Assessment.
4. Wireless network Assessment.

Security Standards
Some security standards are: -
1. PCI-DSS (Payment Card Industry Data Security Standard) is an information security
standard for the organization mainly dealing with cardholder information.
2. ISO/IEC 27001 specified the requirements for implementing, maintaining and improving
the information security management system in the context of the organization.
3. HIPAA (Health Insurance Portability and accountability act).
4. FISMA (Federal Information Security Management act) & DMCA (Digital Millennium
Copyright Act).