1CHAPTER 1: INTRODUCTION TO ETHICAL HACKING[ETHICAL HACKING]A Seminar ReportSubmitted toM.J.P Rohilkhand University, BareillyIn Partial Fulfillment ofBachelor in Computer ApplicationBCA III Year V SemesterSubmitted By:Mohammad AffanDepartment of Computer ApplicationsIFTM, Lodhiput Rajput, Delhi Road, Moradabad
2CHAPTER 1: INTRODUCTION TO ETHICAL HACKINGCERTIFICATEThis is to certify that the Seminar Report entitle “ETHICAL HACKING” has beensubmitted by “Mr. Mohammad Affan” in partial in fulfillment for the requirement of thedegree of Bachelor in Computer Applications BCA III Year, V semester for the academicSession 2012-13.This seminar work is carried out under the supervision and guidance of “Mr. DeepakSharma”, Asst. Professor, MCA department, I.F.T.M, Moradabad and he/ she has beenundergone the indispensable work as prescribed by M.J.P Rohilkhand University, BareillyMr. Deepak Sharma Mr. Rahul MishraAsst. Professor, Head of departmentDepartment Of Computer Applications Department Of Computer ApplicationsI.F.T.M, Moradabad I.F.T.M, MoradabadDate:
3CHAPTER 1: INTRODUCTION TO ETHICAL HACKINGABSTRACTThe internet has considerably enhanced various business critical operations of companies indifferent industry sectors across the globe. However, as more and more organizations becomepartially or completely dependent on the internet, computer security and the serious threat ofcomputer criminals comes to the foreground. The explosive growth of the Internet has broughtmany good things: electronic commerce, easy access to vast stores of reference material,collaborative computing, e-mail, and new avenues for advertising and information distribution,to name a few.As with most technological advances, there is also a dark side: criminal hackers. Governments,companies, and private citizens around the world are anxious to be a part of this revolution, butthey are afraid that some hacker will break into their Web server and replace their logo withpornography, read their e-mail, steal their credit card number from an on-line shopping site, orimplant software that will secretly transmit their organization’s secrets to the open Internet.With these concerns and others, the ethical hacker can help.Unfortunately, most organizations across the globe continue to remain oblivious of the threatposed by computer criminals, corporate espionage and cyber terrorism. Ethical Hackingattempts to pro-actively increase security protection by identifying and patching known securityvulnerabilities on systems owned by other parties.
4CHAPTER 1: INTRODUCTION TO ETHICAL HACKINGTABLE OF CONTENTSCHAPTER 1: INTRODUCTION TO ETHICAL HACKING 51.1 INTRODUCTION 51.2 ETHICAL HACKING TERMINOLOGY 61.3 HACKER 71.3.1 TYPES OF HACKERS 71.3.2 ETHICAL HACKERS VERSUS CRACKER 81.4 THE JOB ROLE OF AN ETHICAL HACKER 91.4.1 WHAT DO ETHICAL HACKERS DO? 91.4.2 AN ETHICAL HACKER’S SKILL SET 9CHAPTER 2: ETHICAL HACKING METHODOLOGY 112.1 THE PHASES OF ETHICAL HACKING 112.1.1 PHASE 1- RECONNAISSANCE 122.1.2 PHASE 2- SCANNING 152.1.3 PHASE 3- GAINING ACCESS 162.1.4 PHASE 4- MAINTAINING ACCESS 172.1.5 PHASE 5- CLEARING TRACKS 192.2 UNDERSTANDING TESTING TYPES 192.3 TOOLS USED IN ETHICAL HACK 20CHAPTER 3: CONCLUSION 213.1 HOW TO BE ETHICAL 213.1.1 PERFORMING A PENETRATION TEST 223.2 ETHICAL HACKING REPORT 22REFERENCES 24
5CHAPTER 1: INTRODUCTION TO ETHICAL HACKINGCHAPTER 1: INTRODUCTION TO ETHICAL HACKING1.1 INTRODUCTIONThe Internet is still growing and e-commerce is on its advance. More and more computers getconnected to the Internet, wireless devices and networks are booming and sooner or later, nearlyevery electronic device may have its own IP address. The complexity of networks is increasing,the software on devices gets more complicated and user friendly .Therefore, Security is a hot topic and quite some effort is spend in securing services, systems andnetworks. On the internet, there is a silent war going on between the good and the bad guysbetween the ones who are trying hard to keep information secured and the ones who are trying toget prohibited access to this information. Securing an information technology environment doesnot just consist of a bunch of actions which can be taken and then everything can be forgottenthere is no fire and forget solution - security is a never ending process.OBJECTIVE COVERED IN THIS CHAPTER: INTRODUCTION ETHICAL HACKING TERMINOLOGY THE JOB ROLE OF AN ETHICAL HACKER TYPES OF ETHICAL HACKERS ETHICAL HACKERS VERSUS CRACKER WHAT DO ETHICAL HACKERS DO? AN ETHICAL HACKER’S SKILL SET
6CHAPTER 1: INTRODUCTION TO ETHICAL HACKING“Ethical hacking describes the process of attacking and penetrating computer systems and networks todiscover and point out potential security weaknesses for a client which is responsible for the attackedinformation technology environment1.”1.2 ETHICAL HACKING TERMINOLOGYBeing able to understand and define terminology is an important part of a CEH’s responsibility.This terminology is how security professionals acting as ethical hackers communicate. In thissection, we’ll discuss a number of terms used in ethical hacking as:Threat An environment or situation that could lead to a potential breach of security. Ethicalhackers look for and prioritize threats when performing a security analysis. Malicious hackersand their use of software and hacking techniques are themselves threats to an organization’sinformation security.Exploit A piece of software or technology that takes advantage of a bug, glitch, or vulnerability,leading to unauthorized access, privilege escalation, or denial of service on a computer system.Malicious hackers are looking for exploits in computer systems to open the door to an initialattack. Most exploits are small strings of computer code that, when executed on a system, exposevulnerability. Experienced hackers create their own exploits, but it is not necessary to have anyprogramming skills to be an ethical hacker as many hacking software programs have ready-madeexploits that can be launched against a computer system or network. An exploit is a defined wayto breach the security of an IT system through vulnerability.Vulnerability The existence of a software flaw, logic design, or implementation error that canlead to an unexpected and undesirable event executing bad or damaging instructions to thesystem. Exploit code is written to target vulnerability and cause a fault in the system in order toretrieve valuable data.Target of Evaluation (TOE) A system, program, or network that is the subject of a securityanalysis or attack. Ethical hackers are usually concerned with high-value TOEs, systems thatcontain sensitive information such as account numbers, passwords, Social Security numbers, or1Ethical Hacking – GIAC[www.giac.org/paper/gsec/2468/ethical-hacking/104292]
7CHAPTER 1: INTRODUCTION TO ETHICAL HACKINGother confidential data. It is the goal of the ethical hacker to test hacking tools against the high-value TOEs to determine the vulnerabilities and patch them to protect against exploits andexposure of sensitive data.Attack An attack occurs when a system is compromised based on vulnerability. Many attacks areperpetuated via an exploit. Ethical hackers use tools to find systems that may be vulnerable to anexploit because of the operating system, network configuration, or applications installed on thesystems, and to prevent an attack.There are two primary methods of delivering exploits to computer systems:Remote The exploit is sent over a network and exploits security vulnerabilities without any prioraccess to the vulnerable system. Hacking attacks against corporate computer systems or networksinitiated from the outside world are considered remote. Most people think of this type of attackwhen they hear the term hacker, but in reality most attacks are in the next category.Local The exploit is delivered directly to the computer system or network, which requires prioraccess to the vulnerable system to increase privileges. Information security policies should becreated in such a way that only those who need access to information should be allowed accessand they should have the lowest level of access to perform their job function. These concepts arecommonly referred as “need to know” and “least privilege” and, when used properly, wouldprevent local exploits. Most hacking attempts occur from within an organization and areperpetuated by employees, contractors, or others in a trusted position. In order for an insider tolaunch an attack, they must have higher privileges than necessary based on the concept of “needto know.” This can be accomplished by privilege escalation or weak security safeguards.1.3 HACKERIn the computer security context, a hacker is someone who seeks and exploits weaknesses in acomputer or computer network. Hackers may be motivated by a multitude of reasons, such asprofit, protest, or challenge.21.3.1 TYPES OF HACKERSHackers can be divided into three groups:White Hats2Hacker (computer security)[ http://en.wikipedia.org/wiki/Hacker_(computer_security)]
8CHAPTER 1: INTRODUCTION TO ETHICAL HACKINGWhite hats are the good guys, the ethical hackers who use their hacking skills for defensivepurposes. White-hat hackers are usually security professionals with knowledge of hacking andthe hacker tool set and who use this knowledge to locate weaknesses and implementcountermeasures. White-hat hackers are prime candidates for the exam. White hats are those whohack with permission from the data owner. It is critical to get permission prior to beginning anyhacking activity. This is what makes a security professional a white hat Versus a malicioushacker who cannot be trusted.Black HatsBlack hats are the bad guys: the malicious hackers or crackers who use their skills for illegal ormalicious purposes. They break into or otherwise violate the system integrity of remote systems,with malicious intent. Having gained unauthorized access, black-hat hackers destroy vital data,deny legitimate users service, and just cause problems for their targets. Black-hat hackers andcrackers can easily be differentiated from white-hat hackers because their actions are malicious.This is the traditional definition of a hacker and what most people consider a hacker to be.Gray HatsGray hats are hackers who may work offensively or defensively, depending on the situation. Thisis the dividing line between hacker and cracker. Gray-hat hackers may just be interested inhacking tools and technologies and are not malicious black hats. Gray hats are self-proclaimedethical hackers, who are interested in hacker tools mostly from a curiosity standpoint. They maywant to highlight security problems in a system or educate victims so they secure their systemsproperly.1.3.2 ETHICAL HACKERS VERSUS CRACKEREthical hackers are usually security professionals or network penetration testers who use theirhacking skills and toolsets for defensive and protective purposes. Ethical hackers who aresecurity professionals test their network and systems security for vulnerabilities using the sametools that a hacker might use to compromise the network. Any computer professional can learnthe skills of ethical hacking.
9CHAPTER 1: INTRODUCTION TO ETHICAL HACKINGThe term cracker describes a hacker who uses their hacking skills and toolset for destructive oroffensive purposes such as disseminating viruses or performing denial-of-service (DoS) attacksto compromise or bring down systems and networks. No longer just looking for fun, thesehackers are sometimes paid to damage corporate reputations or steal or reveal credit cardinformation, while slowing business processes and compromising the integrity of theorganization.1.4 THE JOB ROLE OF AN ETHICAL HACKEREthical hackers are employed to protect networks and computers from attacks from unethicalhackers who illegally penetrate computers to access private and sensitive information. Thoughthey possess technical skills to those of an unethical hacker, an ethical hacker utilizes these skillsfor protection.31.4.1 WHAT DO ETHICAL HACKERS DO?The purpose of ethical hacker is usually the same as that of crackers: they’re trying to determinewhat an intruder can see on a targeted network or system, and what the hacker can do with thatinformation. This process of testing the security of a system or network is known as a penetrationtest, or pen test.Many ethical hackers detect malicious hacker activity as part of the security team of anorganization tasked with defending against malicious hacking activity. When hired, an ethicalhacker asks the organization what is to be protected, from whom, and what resources thecompany is willing to expend in order to gain protection. A penetration test plan can then be builtaround the data that needs to be protected and potential risks.1.4.2 AN ETHICAL HACKER’S SKILL SETEthical hackers who stay a step ahead of malicious hackers must be computer systems expertswho are very knowledgeable about computer programming, networking, and operating systems.In-depth knowledge about highly targeted platforms (such as Windows, Unix, and Linux) is alsoa requirement. Patience, persistence, and immense perseverance are important qualities forethical hackers because of the length of time and level of concentration required for most attacksto pay off. Networking, web programming, and database skills are all useful in performing3Ethical Hacker Job Description[http://www.ehow.com/info_8780628_ethical-hacker-job-description.html]
10CHAPTER 1: INTRODUCTION TO ETHICAL HACKINGethical hacking and vulnerability testing. Most ethical hackers are well rounded with wideknowledge on computers and networking. In some cases, an ethical hacker will act as part of a“tiger team” who has been hired to test network and computer systems and find vulnerabilities. Inthis case, each member of the team will have distinct specialties, and the ethical hacker may needmore specialized skills in one area of computer systems and networking. Most ethical hackers areknowledgeable about security areas and related issues but don’t necessarily have a strongcommand of the countermeasures that can prevent attacks.Knowledge of ethical hacking and penetration testing techniques including the following: Penetration Testing / Ethical Hacking tools and forms of attack and associated tools(Internet Security Scanner, System Security Scanner, SATAN) using war dialing andinternet scanning. Hacker exploit scripts/programs to test whether vendor/developer patches operate asintended and fix the identified vulnerability or identify the malicious code. Intrusion Detection Environments and forms of attack with the ability to perform analysisof the systems and application logs for Intrusion signs. Firewalls (Gauntlet, Cisco PIX, CheckPoint, Raptor). Network Traffic Monitoring Tools (Network General Sniffer, LANalyzer, NetXray). Network Protocols (TCP/IP, NetBIOS / Netbeui, IPX, OSI) and associated technologies(DNS, FTP, HTTP). Network Topologies (Token Passing, Ethernet). Operating Systems: UNIX, Argus, Solaris and Microsoft Operating Environments. Advanced knowledge of security and encryption mechanisms and strong experience withsystems implementation. Application Servers (Websphere, Weblogic). Web Servers (Netscape, Apache, Microsoft). Mail Servers (POP3). Security Authorization/Transaction, Network Security (VPN, SSL, Smart Cards,Biometrics). Cryptographic tools, methods, systems and protocols: HTTPS, IPsec, PGP, DES etc. Exceptional interpersonal communication and presentation skills are must.
11CHAPTER 2: ETHICAL HACKING METHODOLOGYCHAPTER 2: ETHICAL HACKING METHODOLOGY2.1 THE PHASES OF ETHICAL HACKINGThe process of ethical hacking can be broken down into five distinct phases. An ethical hackerfollows processes these steps to gain and maintain entry into a computer systemFigure 1.1 illustrates the five phases that hackers generally follow in hacking a computer system.OBJECTIVE COVERED IN THIS CHAPTER: THE PHASES OF ETHICAL HACKING Phase 1- Reconnaissance Phase 2- Scanning Phase 3- Gaining Access Phase 4- Maintaining Access Phase 5- Clearing Tracks UNDERSTANDING TESTING TYPES TOOLS USED IN ETHICAL HACK
12CHAPTER 2: ETHICAL HACKING METHODOLOGYFigure 2.1 : The phases of Ethical hacking.2.1.1 Phase 1- ReconnaissanceThe first and most important step in an attack involves finding out as much information aspossible about the TOE (Target of Evaluation). A passive information gathering approach istaken and will not raise any alarms. Patience and creativity are also necessary as this can be thelongest phase of the attack.In the world of ethical hacking, reconnaissance applies to the process of information gathering.Reconnaissance is a catch all term for watching the hacking target and gathering informationabout how, when, and where they do things.A. Understanding Competitive IntelligenceCompetitive intelligence means information gathering about competitors’ products,marketing, and technologies. Several tools exist for the purpose of competitiveintelligence gathering and can be used by hackers to gather information about a potentialtarget.
13CHAPTER 2: ETHICAL HACKING METHODOLOGY Using SpyFuGo to the www.spyfu.com website and enter the website address of the target inthe search field:Figure 2.2: Competitive intelligence using SpyFu Using KeywordSpyGo to the www.keywordspy.com website and enter the website address of thetarget in the search field:Figure 2.3: Competitive intelligence using KeywordSpyReview the report and determine valuable keywords, links, or other information.B. Information-Gathering MethodologyInformation gathering can be broken into seven logical steps. Footprinting is performedduring the first two steps of unearthing initial information and locating the network range.
14CHAPTER 2: ETHICAL HACKING METHODOLOGYFigure 2.4: Information-Gathering methodology FootprintingFootprinting is defined as the process of creating a blueprint or map of anorganization’s network and systems. Information gathering is also known asfootprinting an organization.Here are some of the pieces of information to be gathered about a target duringfootprinting: Domain name Network blocks Network services and applications System architecture Intrusion detection system Authentication mechanisms Specific IP addresses Access control mechanisms Phone numbers Contact addressesOnce this information is compiled, it can give a hacker better insight into theorganization, where valuable information is stored, and how it can be accessed.
15CHAPTER 2: ETHICAL HACKING METHODOLOGY Footprinting ToolsSome of the common tools used for footprinting and information gathering are asfollows: Domain name lookup Whois NSlookup Sam Spade Finding the Address Range of the NetworkEvery ethical hacker needs to understand how to find the network range andsubnet mask of the target system. IP addresses are used to locate, scan, andconnect to target systems. You can find IP addresses in Internet registries such asARIN or the Internet Assigned Numbers Authority (IANA).An ethical hacker may also need to find the geographic location of the targetsystem or network. This task can be accomplished by tracing the route a messagetakes as it’s sent to the destination IP address. You can use tools like traceroute,VisualRoute, and NeoTrace to identify the route to the target.2.1.2 Phase 2- ScanningScanning is the process of locating systems that are alive and responding on the network. Ethicalhackers use scanning to identify target systems’ IP addresses. Scanning is also used to determinewhether a system is on the network and available.Scanning tools are used to gather information about a system such as IP addresses, the operatingsystem, and services running on the target computer.Table 2.1 lists the three types of scanning.Scanning type PurposePort scanning Determines open ports and servicesNetwork scanning Identifies IP addresses on a given network orsubnetVulnerability scanning Discovers presence of known weaknesses ontarget systems
16CHAPTER 2: ETHICAL HACKING METHODOLOGYa) Port Scanning Port scanning is the process of identifying open and availableTCP/IP ports on a system. Port-scanning tools enable a hacker to learn about theservices available on a given system. Each service or application on a machine isassociated with a well-known port number.Port Numbers are divided into three ranges:Well-Known Ports: 0-1023Registered Ports: 1024-49151Dynamic Ports: 49152-65535b) Network Scanning Network scanning is a procedure for identifying activehosts on a network, either to attack them or as a network security assessment.Hosts are identified by their individual IP addresses. Network-scanning toolsattempt to identify all the live or responding hosts on the network and theircorresponding IP addresses.c) Vulnerability Scanning Vulnerability scanning is the process of proactivelyidentifying the vulnerabilities of computer systems on a network. Generally, avulnerability scanner first identifies the operating system and version number,including service packs that may be installed. Then, the scanner identifiesweaknesses or vulnerabilities in the operating system. During the later attackphase, a hacker can exploit those weaknesses in order to gain access to the system.2.1.3 Phase 3- Gaining AccessPhase 3 is when the real hacking takes place. Vulnerabilities exposed during the reconnaissanceand scanning phase are now exploited to gain access to the target system. The hacking attack canbe delivered to the target system via a local area network (LAN), either wired or wireless; localaccess to a PC; the Internet; or offline. Gaining access is known in the hacker world as owningthe system because once a system has been hacked, the hacker has control and can use thatsystem as they wish.
17CHAPTER 2: ETHICAL HACKING METHODOLOGYA. Cracking a PasswordManual password cracking involves attempting to log on with different passwords. Thehacker follows these steps: Find a valid user account (such as Administrator or Guest). Create a list of possible passwords. Rank the passwords from high to low probability. Key in each password. Try again until a successful password is found.Passwords are stored in the Security Accounts Manager (SAM) file on a Windows systemand in a password shadow file on a Linux system.B. Understanding Keyloggers and Other Spyware TechnologiesIf all other attempts to gather passwords fail, then a keystroke logger is the tool of choicefor hackers. Keystroke loggers (keyloggers) can be implemented either using hardware orsoftware. Hardware keyloggers are small hardware devices that connect the keyboard tothe PC and save every keystroke into a file or in the memory of the hardware device. Inorder to install a hardware keylogger, a hacker must have physical access to the system.Software keyloggers are pieces of stealth software that sit between the keyboard hardwareand the operating system so that they can record every keystroke. Software Keyloggerscan be deployed on a system by Trojans or viruses.2.1.4 Phase 4- Maintaining AccessOnce a hacker has gained access to a target system, they want to keep that access for futureexploitation and attacks. Sometimes, hackers harden the system from other hackers or securitypersonnel by securing their exclusive access with backdoors, root kits, and Trojans. Once thehacker owns the system, they can use it as a base to launch additional attacks. In this case, theowned system is sometimes referred to as a zombie system.Escalating PrivilegesOnce a hacker has gaining access to the system, the next step is to execute applications.Generally the hacker needs to have an account with administrator-level access in order toinstall programs, and that is why escalating privileges is so important. In the following
18CHAPTER 2: ETHICAL HACKING METHODOLOGYsections, we’ll see what hackers can do with your system once they have administratorprivileges. Executing ApplicationsOnce a hacker has been able to access an account with administrator privileges,the next thing they do is execute applications on the target system. The purpose ofexecuting applications may be to install a backdoor on the system, install akeystroke logger to gather confidential information, copy files, or just causedamage to the system—essentially, anything the hacker wants to do on the system.Once the hacker is able to execute applications, the system is considered ownedand under the control of the hacker. Buffer OverflowsBuffer overflows are hacking attempts that exploit a flaw in an application’s code.Essentially, the buffer overflow attack sends too much information to a fieldvariable in an application, which can cause an application error. Most times, theapplication doesn’t know what action to perform next because it’s beenoverwritten with the overflow data. Therefore, it either executes the command inthe overflow data or displays a command prompt to allow the user to enter thenext command. The command prompt or shell is the key for a hacker and can beused to execute other applications. Understanding Root kitsA rootkit is a type of program often used to hide utilities on a compromisedsystem. Rootkits include so-called backdoors to help an attacker subsequentlyaccess the system more easily.Planting Rootkits on XP Machines The rootkit contains a kernel mode devicedriver called _root_.sys and a launcher program called DEPLOY.EXE. Aftergaining access to the target system, the attacker copies _root_.sys andDEPLOY.EXE onto the target system and executes DEPLOY.EXE. Doing soinstalls the rootkit device driver and starts it. The attacker later deletesDEPLOY.EXE from the target machine. The attacker can then stop and restart therootkit at will by using the commands net stop _root_ and net start _root_. Oncethe rootkit is started, the file _root_.sys no longer appears in directory listings; the
19CHAPTER 2: ETHICAL HACKING METHODOLOGYrootkit intercepts system calls for file listings and hides all files beginning with_root_ from display.2.1.5 Phase 5- Clearing TracksOnce hackers have been able to gain and maintain access, they cover their tracks to avoiddetection by security personnel, to continue to use the owned system, to remove evidence ofhacking, or to avoid legal action. Hackers try to remove all traces of the attack, such as log filesor intrusion detection system (IDS) alarms. Examples of activities during this phase of the attackinclude: Steganography Using a tunneling protocol Altering log files2.2 UNDERSTANDING TESTING TYPESWhen performing a security test or penetration test, an ethical hacker utilizes one or more typesof testing on the system. Each type simulates an attacker with different levels of knowledge aboutthe target organization. These types are as follows:Black Box Black-box testing involves performing a security evaluation and testing with no priorknowledge of the network infrastructure or system to be tested. Testing simulates an attack by amalicious hacker outside the organization’s security perimeter. Black-box testing can take thelongest amount of time and most effort as no information is given to the testing team. Therefore,the information-gathering, reconnaissance, and scanning phases will take a great deal of time.The advantage of this type of testing is that it most closely simulates a real malicious attacker’smethods and results. The disadvantages are primarily the amount of time and consequentlyadditional cost incurred by the testing team.White Box White-box testing involves performing a security evaluation and testing withcomplete knowledge of the network infrastructure such as a network administrator would have.This testing is much faster than the other two methods as the ethical hacker can jump right to theattack phase, thus bypassing all the information-gathering, reconnaissance, and scanning phases.Many security audits consist of white-box testing to avoid the additional time and expense ofblack-box testing.
20CHAPTER 2: ETHICAL HACKING METHODOLOGYGray Box Gray-box testing involves performing a security evaluation and testing internally.Testing examines the extent of access by insiders within the network. The purpose of this test isto simulate the most common form of attack, those that are initiated from within the network.The idea is to test or audit the level of access given to employees or contractors and see if thoseprivileges can be escalated to a higher level.2.3 TOOLS USED IN ETHICAL HACKThese are some tools used in different phases of ethical hacking as:Table 2.2 Tools for different phases of hacking.PHASES TOPIC TOOLSReconnaissanceNetwork Mapping Cheops-ng, tracerouteNetwork scanning tcpdump, nmap, strobe, rprobeSecurity and vulnerabilityscanningNessus, ISS, CybercopFirewall scanning FireWalkApplication scanning Whisker, Archilles, LegionWar dialing Phone Sweep, ThcScan, LoginHOS Fingerprinting nmap, quesoBanner enumeration Banner enumeration, enum, ruserWLAN NetStumbler, dsnortProbe and attackWeb Exploits Showcode, Unicode exploitsLocal Exploits sechole, pwddump, dumpacl,PamSlamRemote exploits PCAnywhere, nfs exploits, NetOp,sedminX.Buffer Overflow BFS, Slugger2Trojans NetBusBrute Force AccessDiver, GoldenEye, L0pthCrack, Jack the ripperSecurity scanner Nessus, ISSNetwork attack DoS Tools(trinno, TFN)ListeningSniffers Ethercap, tcpdump, juggemautApplication Xkey, WebSpyFirst AccessPassword Cracking L0pth Crack, Jack the ripperMail Bombing AvalancheHijacking Arp0c, ArpRedirect, EtherealStealth Rootkits Different root kits depending onOSTrojans Netbus, BackOrifice
21CHAPTER 3: CONCLUSIONCHAPTER 3: CONCLUSION3.1 HOW TO BE ETHICALEthical hacking is usually conducted in a structured and organized manner, usually as part of apenetration test or security audit. The ethical hacker must follow certain rules to ensure that allethical and moral obligations are met. An ethical hacker must do the following: Gain authorization from the client and have a signed contract giving the tester permissionto perform the test. Maintain and follow a nondisclosure agreement (NDA) with the client in the case ofconfidential information disclosed during the test. Maintain confidentiality when performing the test. Information gathered may containsensitive information. No information about the test or company confidential data shouldever be disclosed to a third party. Perform the test up to but not beyond the agreed-upon limits. For example, DoS attacksshould only be run as part of the test if they have previously been agreed upon with theclient. Loss of revenue, goodwill, and worse could befall an organization whose serversor applications are unavailable to customers as a result of the testing.OBJECTIVE COVERED IN THIS CHAPTER: HOW TO BE ETHICAL PERFORMING A PENETRATION TEST ETHICAL HACKING REPORT
22CHAPTER 3: CONCLUSION3.1.1 PERFORMING A PENETRATION TESTMany ethical hackers acting in the role of security professionals use their skills to performsecurity evaluations or penetration tests. These tests and evaluations have three phases, generallyordered as follows in Figure 5:Figure 3.1: Phases of penetration testingPreparation This phase involves a formal agreement between the ethical hacker and theorganization. This agreement should include the full scope of the test, the types of attacks (insideor outside) to be used, and the testing types: white, black, or gray box.Conduct Security Evaluation During this phase, the tests are conducted, after which the testerprepares a formal report of vulnerabilities and other findings.Conclusion The findings are presented to the organization in this phase, along with anyrecommendations to improve security.3.2 ETHICAL HACKING REPORTThe result of a network penetration test or security audit is an ethical hacking, or pen test report.Either name is acceptable, or they can be used interchangeably. This report details the results ofthe hacking activity, the types of tests performed, and the hacking methods used. The results arecompared against the expectations initially agreed upon with the customer. Any vulnerabilityidentified are detailed, and countermeasures are suggested. This document is usually delivered tothe organization in hard-copy format, for security reasons. The details of the ethical hackingreport must be kept confidential, because they highlight the organization’s security risks andConclusionConduct Security EvaluationPreparation
23vulnerabilities. If this document falls into the wrong hands, the results could be disastrous for theorganization. It would essentially give someone the roadmap to all the security weaknesses of anorganization.
24REFERENCESREFERENCES.Kimberly Graves. “CEH: Certified Ethical Hacker Study Guide”, John Wiley & Sons, Inc..C. C. Palmer. “Ethical hacking”, IBM SYSTEMS JOURNAL, VOL 40, NO 3, 2001..Steven DeFino, Larry Greenblatt. “CEH: Certified Ethical Hacker Review Guide version7.1”.Ethical Hacking – GIAC, URL: www.giac.org/paper/gsec/2468/ethical-hacking/104292.Hacker (computer security), URL http://en.wikipedia.org/wiki/Hacker_(computer_security).Ethical Hacker Job Description, URL http://www.ehow.com/info_8780628_ethical-hacker-job-description.html