Basics of

Ethical Hacking

Asst Prof. Ms Vaishnavi V Rajmane

 Content
 Introduction
 EthicalHacking
 Hackers
 Types of Hackers
 Hacking Process
 Why do We need Ethical Hacking
 Required Skills of an Ethical Hacker
Basics of Computer Networking

• LAN( Local Area Network)

• MAN(Metropolitan area network)

• WAN(wide-area network)
 Content…
 What do hackers do after Hacking?
 Advantages
 Disadvantages
 Future Enhancements
 Conclusion
 Introduction
 Ethical hacking also known as penetration testing or
white-hat hacking, involves the same tools, tricks, and
techniques that hackers use, but with one major difference that
Ethical hacking is legal.
 Ethical hacking, is legally breaking into computers and

devices to test an organization's defenses.

 Hackers
 A person who enjoys learning details of a
programming language or system
 A person who enjoys actually doing the
programming rather than just theorizing about it
 A person capable of appreciating someone else's
hacking
 A person who picks up programming quickly
 A person who is an expert at a particular programming
language or system
 Ethical Hacking
 Independent computer security Professionals breaking into the
computer systems.

 Neither damage the target systems nor steal information.

 Evaluate target systems security and report back to owners

about the vulnerabilities found.
Types of Hackers
 Black Hat Hacker: Black hat hackers are criminals who break into
computer networks with malicious intent.
 White Hat Hacker: White hat hackers – sometimes also called
“ethical hackers” or “good hackers” – are the antithesis of black hats.
They exploit computer systems or networks to identify their security flaws
so they can make recommendations for improvement.
 Grey Hat Hacker: A grey hat (greyhat or gray hat) is a
computer hacker or computer security expert who may sometimes violate
laws or typical ethical standards, but usually does not have the malicious
intent typical of a black hat hacker.
Black-Hat Hacker
 A black hat hackers or crackers are individuals with
extraordinary computing skills, resorting to malicious or
destructive activities.

 That is black hat hackers use their knowledge and skill for
their own personal gains probably by hurting others.
White-Hat Hacker
 White hat hackers are those individuals professing
hacker skills and using them for defensive purposes.

 This means that the white hat hackers use their

knowledge and skill for the good of others and for the
common good.
Grey-Hat Hackers
 These are individuals who work both offensively and
defensively at various times.
 We cannot predict their behavior.
 Sometimes they use their skills for the common good while in
some other times he uses them for their personal gains.
Hacking Process
 Foot Printing
 Scanning
 Gaining Access
 Maintaining Access
Foot Printing
 Whois lookup: WHOIS lookup tool to check domain name
availability or to discover the contact information of a domain owner
 NS lookup: nslookup is a network administration command-line
tool for querying the Domain Name System to obtain the mapping
between domain name and IP address
 IP lookup: Lookup details about an IP address including
location, ISP, hostname, type, proxy, blacklist status and more.
Trace, Track and Locate an IP address
Scanning
 Port Scanning
 Network Scanning
 Finger Printing
 Fire Walking
Gaining Access
 Password Attacks
 Social Engineering
 Viruses
Maintaining Access
 Os BackDoors: The simplest backdoor attack definition is using any
malware/virus/technology to gain unauthorized access to the application/system/network.

 Trojans: A Trojan Horse Virus is a type of malware that downloads onto a computer
disguised as a legitimate program.

 Clears Tracks: The final phase of every successful hacking attack is clearing the
tracks. It is very important, after gaining access and misusing the network, that the attacker
cover the tracks to avoid being traced and caught.
Why Do We Need Ethical Hacking
Protection from possible External Attacks

Social
Engineering

Automated
Organizational Attacks
Attacks

Restricted
Data

Accidental
Breaches in
Security Denial of
Viruses, Trojan Service (DoS)
Horses,
and Worms
Required Skills of an Ethical Hacker
 Microsoft: skills in operation, configuration and management.

 Linux: knowledge of Linux/Unix; security setting,

configuration, and services.

 Firewalls: configurations, and operation of intrusion detection

systems.
Required Skills of an Ethical Hacker….
 Routers: knowledge of routers, routing protocols, and access
control lists

 Mainframes: A mainframe is the central data repository, or

hub , in a corporation's data processing center, linked to users
through less powerful devices such as workstations or
terminals.

 Network Protocols: TCP/IP; how they function and can be

manipulated.

 Project Management: leading, planning, organizing, and

controlling a penetration testing team.
What do hackers do after hacking?...
 Patch Security hole
 The other hackers can’t intrude
 Clear logs and hide themselves
 Install rootkit ( backdoor )
 The hacker who hacked the system can use the
system later
 It contains trojan virus, and so on
 Install irc( Internet Relay Chat) related program
 identd, irc, bitchx, eggdrop, bnc
What do hackers do after hacking?
 Install scanner program
 mscan, sscan, nmap

 Install exploit program

 Install denial of service program

 Use all of installed programs silently

 Tool Selection
• Some of the most famous hacking tools in the market are Nmap (Network Mapper),
Nessus, Nikto, Kismet, NetStumbler, Acunetix, Netsparker, and Intruder, Nmap,
Metasploit, Aircrack-Ng, etc.

• To crack passwords, you need a cracking tool such as LC4, John the Ripper, or
pwdump.

• For an in-depth analysis of a Web application, a Web-application assessment tool

(such as Whisker or WebInspect) is more appropriate than a network analyzer
(such as Ethereal).
 General Hacking Methods

A typical attacker works in the following manner:

 Identify the target system.

 Gathering Information on the target system.

 Finding a possible loophole in the target system.

 Exploiting this loophole using exploit code.

 Removing all traces from the log files and escaping without a trace.
The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is legislation that updated and unified data
privacy laws across the European Union (EU). GDPR was approved by the European
Parliament on April 14, 2016 and went into effect on May 25, 2018. GDPR replaces the EU
Data Protection Directive of 1995.

 Fair and Lawful Use, Transparency. The principle of this first clause is simple. ...
 Specific for Intended Purpose. ...
 Minimum Data Requirement. ...
 Need for Accuracy. ...
 Data Retention Time Limit. ...
 The right to be forgotten. ...
 Ensuring Data Security. ...
 Accountability.
Understanding the Need to Hack Your Own Systems

“To catch a thief you have to think like a thief "

 Hack your systems in a nondestructive fashion.

 Enumerate vulnerabilities and, if necessary, prove to upper management that vulnerabilities

exist.

 Apply results to remove vulnerabilities and better secure your systems.

Understanding the Dangers Your Systems Face
Nontechnical attacks:
 Exploits that involve manipulating people — end users and even

yourself — are the greatest vulnerability within any computer or

network infrastructure. Humans are trusting by nature, which can
lead to social-engineering exploits.
 Social engineering is defined as the exploitation of the trusting

nature of human beings to gain information for malicious purposes.

Network-infrastructure attacks:
 Connecting into a network through a rogue modem attached to

computer behind a firewall

 Flooding a network with too many requests, creating a denial of

service (DoS) for legitimate requests

 Operating-system attacks

 Hacking operating systems (OSs) is a preferred method of the bad

guys. OSs comprise a large portion of hacker attacks simply because
every computer has one and so many well-known exploits can be
used against them

 Exploiting specific protocol implementations

 Attacking built-in authentication systems
 Breaking file-system security
 Cracking passwords and encryption mechanisms
 Obeying the Ethical Hacking Commandments

 Working ethically: The word ethical in this context can be defined as working
with high professional morals and principles.

 Respecting privacy: Treat the information you gather with the utmost respect. All
information you obtain during your testing — from Web-application log files to
clear-text passwords — must be kept private

 Not crashing your systems: One of the biggest mistakes I’ve seen when people try
to hack their own systems is inadvertently crashing their systems. The main reason
for this is poor planning
 The Ethical Hacking Process

 Formulating your plan: Approval for ethical hacking is essential. Make what
you’re doing known and visible — at least to the decision makers. Obtaining
sponsorship of the project is the first step. This could be your manager, an
executive, a customer, or even yourself if you’re the boss. You need someone
to back you up and sign off on your plan. Otherwise, your testing may be
called off unexpectedly if someone claims they never authorized you to
perform the tests.

 Specific systems to be tested

 Risks that are involved
 When the tests are performed and your overall timeline
 How the tests are performed
 How much knowledge of the systems you have before you start testing
 What is done when a major vulnerability is discovered
 Malicious hackers
 Malicious hackers, sometimes called crackers, are individuals who
break into a system without authorization, usually for personal gain
or to do harm.

 Ethical Hacking :
Ethical hacking — also known as penetration testing or white-hat
hacking — involves the same tools, tricks, and techniques that hackers
use, but with one major difference: Ethical hacking is legal. Ethical
hacking is performed with the target’s permission.

 The intent of ethical hacking is to discover vulnerabilities from a

hacker’s viewpoint so systems can be better secured. It’s part of an
overall information risk management program that allows for
ongoing security improvements
 Cyber Security Act

 The objective of this policy is to safeguard both information and the infrastructure
in cyberspace.
 It seeks to establish the capabilities needed to prevent and respond effectively to
cyber threats, as well as to minimize vulnerabilities and mitigate the impact of
cyber Incidents.
 Information Technology (Guidelines for Intermediaries and Digital Media Ethics
Code) Rules, 2021
 66C- For cheating by personation by using computer source: Imprisonment up to
three years and fine up to Rs 100,000.
 66- Hacking a computer system with the intent or knowledge to cause wrongful
loss: Imprisonment up to three years, a fine up to Rs 200,000, or both.
 43- Damage to computer, computer system, etc: Compensation up to Rs 1 crore to
the affected person.
 Conclusion
 In the preceding sections we saw the methodology of hacking,
why should we aware of hacking and some tools which a
hacker may use.
 Now we can see what can we do against hacking or to protect
ourselves from hacking.
 The first thing we should do is to keep ourselves updated
about those software’s we and using for official and reliable
sources.
 Educate the employees and the users against black hat
hacking.
 Advantages
1. Enhanced security: Hacking can help identify vulnerabilities in a system or
network that can be fixed to prevent malicious attacks by cybercriminals.
2. Improving systems: Ethical hacking can help organizations identify weaknesses in
their system and fix them, leading to improved security.
3. Protecting privacy: Hacking can uncover security flaws that may compromise user
privacy, and fixing these flaws can help protect user data.

Disadvantages
4. Illegal activities: Hacking is often associated with illegal activities that can result in
legal consequences.
5. Data breaches: Hacking can result in data breaches, which can lead to the exposure
of sensitive information or financial loss.
6. Ethical concerns: Hacking raises ethical concerns, particularly in cases where it
involves intruding into someone's privacy.
 Future Enhancements
 As it an evolving branch the scope of enhancement in
technology is immense.

 No ethical hacker can ensure the system security by using the

same technique repeatedly.

 More enhanced software’s should be used for optimum

protection.
References
 www.google.com
 www.wikipedia.com
Thanks