Professional Documents
Culture Documents
Tutorial 11: Question 01. List Down and Then Briefly Elaborate The Phases of An Ethical Hacking
Tutorial 11: Question 01. List Down and Then Briefly Elaborate The Phases of An Ethical Hacking
Question 01. List down and then briefly elaborate the phases of an ethical hacking
process.
Answer:
Foot printing
Scanning
Enumeration
The systematic probing of a target with the goal of obtaining user lists,
routing tables and protocols from the system. This process moves us from
outside to the inside network to gather system data.
System Hacking
Things cannot be completed in a single step. This process involves a
methodical approach that includes cracking passwords, privilege
escalations, executing and hiding applications, etc.
Escalation of privilege
The goal of privilege escalation is to gain a level where fewer restrictions
exist on the account and you have greater access to the system. Horizontal
and Vertical Escalation are the two types of escalation.
Horizontal Privilege Escalation: An attacker attempts to take over the
rights and privileges of another user who has the same privileges as the
current account.
Vertical Privilege Escalation: The attacker gains access to an
account and then tries to elevate the privileges of the account. It is also
possible to carry out a vertical escalation by compromising an account and
then trying to gain access to a higher-privileged account.
Covering Tracks
Covering tracks is also known as clearing tracks in penetration
testing. This means that the attacker should erase all tracks leading the
investigators who can trace back at him. Using Reverse HTTP shells, ICMP
tunnels, clearing event log, erasing or shredding command history are some
of the methods to cover tracks.
Planting Backdoors
Backdoors are designed to compromise the system in such a way as to
allow later access to take place. Backdoors can come in many forms of Trojans
and Rootkits (RATs). Key loggers can be either hardware or software applications
(generally) which are used to gain information entered via the keyboard
Answer:
There are three types of foot printing and they are Active, Passive and Internet foot
printing. Active foot printing is the way of directly engaging with the target through
techniques such as social engineering. Passive foot printing is the process of gathering
information in least aggressive manner such as gathering information from newspapers,
websites, discussion groups, blogs, etc. Internet footprinting is process of gaining
information from the internet by using different tools and technologies on the web.
Question 03. What types of data and information can be gathered through the process
of footprinting?
Answer:
The main goal of footprinting is to gather information about the target. Footprinting
involves information gathering about Networks, Operating Systems and the target
organization. Many other aspects such as network services, system architecture,
organizational information can also be gathered with the help of footprinting.
Question 04. List down some important information related to computer networks which
can be gathered, via reconnaissance.
Answer:
Computer networks can reveal precious information about the victim because most
of the communication and information is shared with the help of network. Information that
can be gathered by footprinting are:
Answer:
Operating systems are one of the most important area to gather information about.
Some important information related to operating systems which can be gathered via
footprinting are as follows:
Question 06. List down some important information related to organization data which
can be gathered, via reconnaissance.
Answer:
Employee details.
Organization’s website.
Company directory.
Location details.
Address and phone numbers
Comments in HTML source code.
Security policies implemented.
Web server links relevant to organization.
Background of the organization.
News articles and press releases.
Question 07. List down the differences between active information gathering and passive
information gathering process.
Answer:
Active Passive
Gathering information by engaging Gathering information without
with the target. establishing contact between pen
tester and target.
It can be done by using techniques Sources like newspapers, websites,
like social engineering, nmap blogs can be used to gather
scan, etc. information.
It is more aggressive method, It is least aggressive method, hence
hence this process has a higher the defender might be unaware about
chance to attract the defender’s the footprinting.
attention.
Question 08. Write down some threats which can be possibly introduced into an
enterprise’s network system through the process of footprinting.
Answer:
Privacy Issues
IP addresses of available system can be at risk.
Internal domain name information can be leaked.
Network structure and Operating System information can be at risk.
Question 09. List down the type of information, that can be gathered when we carry out
Answer:
Search Engines
Search engines such as Google and Bing can easily provide a wealth of
information that the client may have wished to have kept hidden or may have just
plain forgotten about. Using a search engine, you can find a lot of information,
some of it completely unexpected or something a defender never considers, such
as technology platforms, employee details, login pages, intranet portals, and so
on. A search can easily provide even more details such as names of security
personnel, brand and type of firewall, and antivirus protection.
Public and Restricted Websites
Websites that are intended not to be public but to be restricted to a few can
provide you with valuable information. Because restricted websites such as
technet.microsoft.com and developer.apple.com are not intended for public
consumption, they are kept in a subdomain that is either not publicized or that has
a login page.
Location and Geography
Not to be overlooked or underestimated in value is any information
pertaining to the physical location of offices and personnel. You should seek this
information during the footprinting process because it can yield other key details
that you may find useful in later stages, including physical penetrations. Knowing
a company’s physical location can aid in dumpster diving, social engineering, and
other efforts.
Social Networking
One of the best sources for information is social networking. Social
networking has proven not only extremely prolific but also incredibly useful as an
information-gathering tool. Armed with personal data learned on social networking
sites, an attacker can use social engineering to build a sense of trust.
Financial Services
Popular financial services such as Yahoo! Finance, Google Finance, and
CNBC provide information that may not be available via other means. This data
includes company officers, profiles, shares, competitor analysis, and many other
pieces of data.
Job Portals
A valuable method of gathering information about a target is through job
sites and job postings. It is not uncommon to find information such as infrastructure
data, operating system information, and other useful facts. Job requirements and
experience, employer profile, hardware and software information can be revealed
by a vacancy announcement.
Computer Networks
The information about domain name, ownership information, IP information
can be gathered from a network. The ping command which uses ICMP protocol
can be used to determine if a host is reachable or not and also check the status of
host. The Tracert tool helps to follow the path of traffic from one point to another,
including points that are in the middle.
Question 10. In detail, elaborate what the process of Scanning refers to.
Answer:
Scanning is the process of engaging and probing a target network with the
intention of revealing useful information such as live hosts, ports and services. The
gathered information can be used for later phases of the pen testing process. Scanning
is the process of collecting more information using complex and aggressive footprinting
methods. There are three categories of scans; Port scan, Network scan and Vulnerability
scan but the main purpose of each scan is the same.
Question 11. What are the three types of scans? List them down and then elaborate
those scanning techniques in detail.
Answer:
The three types of scan are as Port, Network and Vulnerability scan. They are
described below:
Port Scan
It is the process of sending carefully crafted messages or packets to a
target. These probes are associated with well-known port numbers (<=1024). This
process can reveal mail servers, domain controllers and web servers of the target.
Network Scan
This process is designed to locate the active hosts on a network. This scan
can help identify the system which may be attacked later. Ping sweeps can be
used to scan an IP range rapidly.
Vulnerability Scan
This is used to identify weaknesses or vulnerabilities on a target system.
This scan is typically done as proactive measure. The main goal of this scan is to
catch and identify vulnerabilities in a system before and attacker can locate those
flaws. This scan can help to discover hosts, access points, open ports and services
and generate reports.
Question 12. Provide differences between penetration testing process and vulnerability
scanning.
Answer:
Question 13. How can Ping be used for the process to check for live systems in a
computer network domain? What makes it less useful in a prolonged scanning phase
when it comes to ethical hacking?
Answer:
Ping is less useful in a prolonged scanning phase when it comes to ethical hacking
because there are some drawbacks of ping. Some network administrator block ping at
the firewall so, pinging hosts from outside a network is useless. An intrusion detection
system and intrusion prevention system can be used to shut down ping scans and it can
even alert the network administrator. The ping command will tell if the host status is up
or live, in case the host is down the ping will hang for a moment before informing that the
scan cannot reach the targeted host.
Question 14. What are the category of applications that can be used to modify the header
contents of the packets be called as? Provide two examples of such applications.
Answer:
The category of applications that can be used to modify the header contents of
packets are called as packet crafters and this process is called as packet crafting. Hping3
and Yersinia are packet crafting tools.
Question 15. List down the six types of TCP header flags and then provide short
descriptions of each.
Answer:
Answer:
Question 17. How would the UDP ports respond to a port scan?
Answer:
If a UDP packet is sent to open port, there is no response but the closed port
respond with ICMP “Port Unreachable” message.
Question 18. What does the process of Enumeration refer to with respect to ethical
hacking and penetration testing?
Answer:
Question 19. List down the types of information which can be obtained via the process
of Enumeration.
Answer:
The type of information which can be obtained by the process of enumeration are:
Usernames
Hostnames
Network shares and services
IP tables and routing tables
SNMP and DNS details
Answer:
The process of system hacking involves using a methodical approach that includes
cracking passwords, escalating privileges, executing applications, hiding tracks,
concealing evidence and pushing into a more involved attack. We cannot complete
system hacking in a single pass. The process becomes much more complex.
Answer:
Password cracking is used to obtain the credentials of a given account with the
intention of using the account to gain unauthorized access to the system under the guise
of a legitimate user. Dictionary attacks, Brute force attacks, Packet sniffing, man in the
middle and malware are the concepts that include password cracking.
Answer:
Dictionary Attacks
An attack of this type takes the form of a password-cracking application that
has a dictionary file loaded into it. The dictionary file is a text file that contains a list
of known words up to and including the entire dictionary. The application uses this
list to test different words in an attempt to recover the password.
Question 23. Explain the importance of escalating privilege level during the process of
system hacking.
Answer:
The reality is that the account you’re compromising may end up being a lower-
privileged and less-defended one. The goal should be to gain a level where fewer
restrictions exist on the account and you have greater access to the system. The main
importance of escalating privilege is that it can give you a better position while performing
a penetration test. Vertical and Horizontal are the two types of Privilege escalation.
Question 24. Why are backdoors relevant during the process of system hacking?
Answer:
Backdoors are designed to compromise the system in such a way as to allow later
access to take place. Backdoors can come in many forms of Trojans and Rootkits (RATs).
Key loggers can be either hardware or software applications (generally) which are used
to gain information entered via the keyboard.