TYPES OF HACKERS White hat hacker Black hat hacker Gray hat hacker Ghost hacker Script kiddies
What is “Ethical Hacking” ? Penetration Testing Security Testing
Steps involved in Ethical Hacking : Signing of Contract Footprinting OR Reconnaisance Enumeration & Fingerprinting (Scanning) Identification of vulnerabilities Attack – Exploit the vulnerabilities Reporting
Signing of contract • A contract between the tester i.e. ethical hacker and organization i.e. client • specifies certain conditions and terms of test being conducted • signed by both the parties.
Footprinting OR Reconnaissance Collecting as much information about the target. Tools used – nslookup, traceroute, whois etc.
Enumeration & Fingerprinting (scanning)• Determining the target.• Identification of services and open ports.• Enumerating operating system. Tools used- Nmap, SNMP scanner, netcat, telnet etc.
Identification of vulnerabilities• Insecure configuration• Weak passwords• Unpatched vulnerabilities in services, operating system and application• Possible vulnerabilities in services, operating system and applications• Insecure programming• Weak Access control• Tools and Techniques used- Vulnerability scanners like Nessus, Listening totraffic, Password crackers, Default passwords, Bruteforce, Social engineering, SQL injection,vulnerability information website e.g.http://cve.mitre.org,http://www.securityfocus.com
Attack – Exploit the vulnerabilities• Obtain information(trophies) from the target system• Gaining normal access• Escalating privileges• Obtain access to other connected systems• Operating system attacks• Tools used- Nessus, Metasploit, Framework,