Ethical hacking : Its methodologies and tools

ETHICAL HACKING
BY CHRISTIN CHACKO JOHN

WHO IS A HACKER ?
• A security hacker is someone who seeks to
breach defenses and exploit weaknesses in a
computer system or network
• A person who enjoys learning details of a
programming language or system
• A person who enjoys actually doing
the programming rather than just
theorizing about it
• A person capable of appreciating someone
else's hacking
• A person who picks up programming
quickly
• A person who is an expert at a particular
programming language or system

TYPES OF HACKERS
Black Hat Hacker Grey Hat Hacker White Hat Hacker

Black-Hat Hacker
• A black hat hackers or crackers are individuals with
extraordinary computing skills, resorting to malicious or
destructive activities.
• That is black hat hackers use their knowledge and skill for
their own personal gains probably by hurting others.

White-Hat Hacker
• White hat hackers are those individuals professing hacker
skills and using them for defensive purposes.
• This means that the white hat hackers use their knowledge and
skill for the good of others and for the common good.

Grey-Hat Hacker
• These are individuals who work both offensively and
defensively at various times.
• We cannot predict their behavior.
• Sometimes they use their skills for the common good while in
some other times he uses them for their personal gains.

WHAT IS ethical hacking
Ethical hacking also known as penetration testing,
involves the same tools, tricks, and techniques that
hackers, but with one major difference that Ethical
hacking is legal.
• Independent computer security Professionals
breaking into the computer systems.
• Neither damage the target systems nor steal
information.
• Evaluate target systems security and report
back to owners about the vulnerabilities found.

• Reconnaissance
• Scanning & Enumeration
• Gaining access
• Maintaining access
• Clearing tracks
Methodologies of hacking

RECONNAISSANCE
The literal meaning of the word reconnaissance means a
preliminary survey to gain information. This is also known
as foot-printing. This is the first stage in the methodology
of hacking

SCANNING & ENUMERATION
Scanning is the second phase in the hacking methodology in
which the hacker tries to make a blue print of the target network.
The blue print includes the IP addresses of the target network
which are live, the services which are running on those system
and so on.

GAINING ACCESS
This is the actual hacking phase in which the hacker gains
access to the system. The hacker will make use of all the
information he collected in the pre-attacking phases. Usually the
main hindrance to gaining access to a system is the passwords.

MAINTAINING ACCESS
Now the hacker is inside the system by some means by
password guessing or exploiting some of it’s vulnerabilities. This
means that he is now in a position to upload some files and
download some of them.
The next aim will be to make an easier path to get in when he
comes the next time.

CLEARING TRACKS
Now we come to the final step in the hacking. There is a saying
that “everybody knows a good hacker but nobody knows a great
hacker”. This means that a good hacker can always clear tracks
or any record that they may be present in the network to prove
that he was here.

TYPES OF ATTACKING MODES
• Brute force attack
• Social engineering/cyber fraud
• Denial-of-Service(DoS)
• Malware attacks
• SQL Injection
• Phishing attack
• MITM attack
• Cross Site Scripting (XSS)

BRUTE FORCE ATTACK
The brute force attack will use a
specially designed software to go
through hundreds of thousands of
different words, combinations of
words and numbers to try to crack
your password

SOCIAL ENGINEERING
Social engineering is the term
used for a broad range of
malicious activities
accomplished through human
interactions. It uses
psychological manipulation to
trick users into making security
mistakes or giving away
sensitive information.

DENIAL-OF-SERVICE(DOS)
A Denial-of-Service (DoS) attack
is an attack meant to shut down a
machine or network, making it
inaccessible to its intended users.
DoS attacks accomplish this by
flooding the target with traffic, or
sending it information that triggers
a crash.

Malware attack is a type of
cyberattack in which malware
or malicious software performs
activities on the victim's
computer system, usually
without his/her knowledge
MALWARE ATTACKS

SQL INJECTION
SQL injection, also known as
SQLI, is a common attack vector
that uses malicious SQL code for
backend database manipulation
to access information that was
not intended to be displayed.

PHISHING ATTACK
Phishing is a type of social
engineering attack often used to
steal user data, including login
credentials and credit card
numbers. It occurs when an
attacker, masquerading as a
trusted entity, dupes a victim into
opening an email, instant
message, or text message.

MITM ATTACK
A man in the middle (MITM)
attack is a general term for when
a perpetrator positions himself in
a conversation between a user
and an application—either to
eavesdrop or to impersonate one
of the parties, making it appear as
if a normal exchange of
information is underway.

CROSS SITE SCRIPTING (XSS)
Cross site scripting (XSS) is a
common attack vector that
injects malicious code into a
vulnerable web application. XSS
differs from other web attack
vectors (e.g., SQL injections), in
that it does not directly target the
application itself. Instead, the
users of the web application are
the ones at risk.

WHAT IS THE NEED FOR ETHICAL HACKING?
Viruses, Trojan Horses,
and Worms
Social
Engineering
Automated
Attacks
Accidental Breaches in
Security
Denial of
Service (DoS)
Organizational
Attacks
Restricted
Data
Protection from possible External Attacks

NEED FOR ETHICAL HACKING
• ’To catch a thief you have to
think like a thief”
• Helps in closing the open
holes in the system network
• Provides security to banking
and financial establishments
• Prevents website
defacements
• An evolving technique

Required Skills of an Ethical Hacker
• Microsoft: skills in operation, configuration
and management.
• Linux: knowledge of Linux/Unix; security
setting, configuration, and services.
• Firewalls: configurations, and operation of
intrusion detection systems.
• Routers: knowledge of routers, routing
protocols, and access control lists
• Mainframes
• Network Protocols: TCP/IP; how they
function and can be manipulated.
• Project Management: leading, planning,
organizing, and controlling a penetration
testing team.

Hashcat is the world's fastest and most advanced password
recovery utility, supporting five unique modes of attack for over
200 highly-optimized hashing algorithms.
Features of Hashcat.
• World's fastest password cracker
• World's first and only in-kernel rule engine
• Free
• Open-Source (MIT License)
• Multi-OS (Linux, Windows and macOS)

What is Hashing Algorithm?
A hashing algorithm is a cryptographic
hash function. It is a mathematical
algorithm that maps data of arbitrary
size to a hash of a fixed size. It’s
designed to be a one-way function,
infeasible to invert.

1. It should be fast to compute the hash value for any kind of
data
2. It should be impossible to regenerate a message from its
hash value (brute force attack as the only option)
3. It should avoid hash collisions; each message has its own
hash.
4. Every change to a message, even the smallest one, should
change the hash value. It should be completely different. It’s
called the avalanche effect

SOME OF THE
HASHING
ALGORITHM THAT
HASHCAT CAN
BREAK
• MD4
• MD5
• Half MD5
• SHA1
• SHA2-224
• SHA2-256

GOT ANY DOUBTS AND QUESTIONS ?

Ethical hacking : Its methodologies and tools

More Related Content

What's hot (20)

Similar to Ethical hacking : Its methodologies and tools (20)

Recently uploaded (20)

Ethical hacking : Its methodologies and tools

Editor's Notes