2. Also Called – Attack & Penetration Testing, White-hat hacking….
Ethical Hacking
How much do Ethical Hackers get Paid?
In the United States, an ethical hacker can make upwards of $120,000
per annum.
3. Source: CERT-India
January - 2005 June 01, 2004 to Dec.31, 2004
Domains No of Defacements
.com 922
.gov.in 24
.org 53
.net 39
.biz 12
.co.in 48
.ac.in 13
.info 3
.nic.in 2
.edu 2
other 13
Total 1131
Defacement Statistics for Indian Websites
7. Identification of Targets – company
websites, mail servers, extranets, etc.
Signing of Contract
• Agreement on protection against any
legal issues
• Time window for Attacks
• Total time for the testing
• Prior Knowledge of the systems
• Key people who are made aware of the
testing
8. Collecting as much information about the
target
DNS Servers
IP Ranges
Administrative Contacts
Information Sources
Search engines
Forums
Databases – whois, ripe, etc...
Tools – PING, whois,Traceroute, etc...
9.
10.
11.
12. Specific targets determined
Identification of Services / open ports
Operating System Enumeration
Methods
Banner grabbing
Responses to various protocol like TCP
Port / Service Scans – TCP Connect,TCP
SYN, etc...
Tools
Telnet, Angry IP Scanner, Nmap…
13. Insecure Configuration
Weak passwords
Possible Vulnerabilities in Services,
Operating Systems
Insecure programming
Weak Access Control
14. Obtain as much information (trophies) from
the Target Asset
Gaining Normal Access
Obtaining access to other connected
systems
Application Specific Attacks
Gaining access to application Databases
SQL Injection
Spamming
21. Working Ethically
• Trustworthiness
• No misuse for personal gain
Hacking is not a crime when it is done under set of
rules…
That’s why frnz its termed as ETHICAL HACKING!!!