Practical 2

Overview: ETHICAL HACKING

Ethical Hacking sometimes called as Penetration Testing is an act of intruding/penetrating
into system or networks to find out threats, vulnerabilities in those systems which a malicious
attacker may find and exploit which causing loss of data, financial loss or other major
damages.
The purpose of ethical hacking is to improve the security of the network or systems by fixing
the vulnerabilities found during testing. Ethical hackers may use the same methods and tools
used by the malicious hackers but with the permission of the authorized person for the
purpose of improving the security and defending the systems from attacks by malicious users.
Ethical hackers are expected to report all the vulnerabilities and weakness found during the
process to the management.

PHASE OF ETHICAL HACKING

1. Footprinting and Reconnaissance

2. Scanning
3. Enumeration
4. System Hacking(Gaining access)
5. Escalation of privileges(Maintaining access)
6. Covering tracks(Clear logs)

PHASE ONE: FOOTPRINTING AND RECONNAISSANSE

The first phase to Ethical hacking is footprinting. Footprinting is the collection of every
possible information regarding the target and target network. Footprinting phase allows the
attacker to gather information regarding internal and external security architecture; he has to
face a target.
Footprinting could be both passive and active. Reviewing a company’s website is an
example of passive footprinting, whereas attempting to gain access to sensitive information
through social engineering is an example of active information gathering.
Objectives of footprinting
 To know the security posture
 Identify vulnerability
 Draw network map
 To reduce focus area

Footprinting Different Methods.

 Footprinting through Search Engines

This is a passive information gathering process where we gather information about the target
from social media, search engines, various websites etc. Information gathered includes name,
personal details, geographical location details, login pages, intranet portals etc. Even some
target specific information like Operating system details, IP details, Net block information,
technologies behind web application etc. Can be gathered by searching through search
engines. E.g. collecting information from Google, Bingo etc.

For example search information from Bing

Some other tools used to get full information about an organization are:
 www.netcraft.com
 www.shodan.io
 Footprinting through websites

Mirroring entire websites

Mirroring websites is the process to mirror the entire websites in local system.
Powerful tool for making mirrors of websites are HT Track, GNU wget and etc.

Using HTTrack

Step1: Download and Install HTTrack on your PC.

Step2: Open HTTrack software

Step3: Click next and then write project name

Step4: Add the sites you want to mirror and then click next
Step5: Click finish
Then, go to the local disc C drive, find your folder where mirroring websites exists

Output: Mirroring dit websites

 WHOIS Footprinting

WHOIS Lookup

Whois utility interrogates the Internet domain name administration system and returns
the domain ownership, address, location, phone numbers, and other details about a
specified domain name.
Practical 3

PHASE TWO: SCANNING NETWORKS

After footprinting phase, you may have enough information about the target. Now scanning
network phase requires some of this information to proceed further. Scanning network is a
method of getting information such as identification of hosts, ports information and services
by scanning network and ports.

Objectives of Scanning Network

 To discover live hosts/computer, IP address, and open ports of the victim.

 To discover services that are running on a host computer.
 To discover the Operating System and system architecture of the target.
 To discover and deal with vulnerabilities in Live hosts