Ethical Hacking

440 views

Published on

Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need software to hack. There are many rules that he should learn to become an Ethical Hacker. These rules include knowledge of HTML, JavaScript, Computer Tricks, and Cracking & Breaking etc.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
440
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
74
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ethical Hacking

  1. 1. By –Yogesh Singh
  2. 2. Also Called – Attack & Penetration Testing, White-hat hacking…. Ethical Hacking How much do Ethical Hackers get Paid? In the United States, an ethical hacker can make upwards of $120,000 per annum.
  3. 3. Source: CERT-India January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
  4. 4. Source: CERT/CCTotal Number of Hacking Incidents Graph upto fiscal year 2003
  5. 5. Hackers Black Hats White Hats Gray Hats
  6. 6. 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attacking
  7. 7.  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract • Agreement on protection against any legal issues • Time window for Attacks • Total time for the testing • Prior Knowledge of the systems • Key people who are made aware of the testing
  8. 8. Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts Information Sources  Search engines  Forums  Databases – whois, ripe, etc...  Tools – PING, whois,Traceroute, etc...
  9. 9.  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol like TCP  Port / Service Scans – TCP Connect,TCP SYN, etc... Tools  Telnet, Angry IP Scanner, Nmap…
  10. 10.  Insecure Configuration  Weak passwords  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  11. 11.  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Obtaining access to other connected systems Application Specific Attacks  Gaining access to application Databases  SQL Injection  Spamming
  12. 12.  Methodology  Proof for Exploits - Trophies  Practical Security solutions
  13. 13. Course Material www.eccouncil.org ISBN 0-9729362-1-1
  14. 14. http://www.hackerhighschool.org/
  15. 15.  Working Ethically • Trustworthiness • No misuse for personal gain  Hacking is not a crime when it is done under set of rules…  That’s why frnz its termed as ETHICAL HACKING!!!

×