its contains all the topics which are related to the ethical hacking
its also be cover the penetration testing and describe the difference between ethical hacker and non ethical hackers
its contains all the topics which are related to the ethical hacking
its also be cover the penetration testing and describe the difference between ethical hacker and non ethical hackers
Know about the 2019 latest Top 10 types of Cyber Security threats against enterprises. Malware phishing schemes attacks on industrial systems. Every IT person should know the top 10 cyber threat.
Liquor detection through Automatic Motor locking system pptPankaj Singh
The main purpose behind this project is “Drunken driving detection”. Now-a-days, many accidents are happening because of the alcohol consumption of the driver. Thus drunk driving is a major reason of accidents in almost all countries all over the world
ETHICAL HACKING AND SOCIAL ENGINEERING
Topics Covered: Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling, Enterprise Information Security Architecture, Vulnerability, Assessment and Penetration Testing, Types of Social Engineering, Insider Attack, Preventing Insider Threats, Social Engineering Targets and Defence Strategies
Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling
Enterprise Information Security Architecture, Vulnerability
Assessment and Penetration Testing
Types of Social Engineering, Insider Attack, Preventing Insider
Threats, Social Engineering Targets and Defence Strategies
Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.
cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. Its part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
Know about the 2019 latest Top 10 types of Cyber Security threats against enterprises. Malware phishing schemes attacks on industrial systems. Every IT person should know the top 10 cyber threat.
Liquor detection through Automatic Motor locking system pptPankaj Singh
The main purpose behind this project is “Drunken driving detection”. Now-a-days, many accidents are happening because of the alcohol consumption of the driver. Thus drunk driving is a major reason of accidents in almost all countries all over the world
ETHICAL HACKING AND SOCIAL ENGINEERING
Topics Covered: Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling, Enterprise Information Security Architecture, Vulnerability, Assessment and Penetration Testing, Types of Social Engineering, Insider Attack, Preventing Insider Threats, Social Engineering Targets and Defence Strategies
Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling
Enterprise Information Security Architecture, Vulnerability
Assessment and Penetration Testing
Types of Social Engineering, Insider Attack, Preventing Insider
Threats, Social Engineering Targets and Defence Strategies
Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.
cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. Its part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
Ethical Hacking A high-level information security study on protecting a comp...Quinnipiac University
As organizations in recent years continue to increase their investment into the advancements of technology to upsurge productivity and efficiently, more and more companies begin to realize that protecting of this technology is just as significant (Information Security), if not; even more important in order to protect their reputation and integrity as a company.
This paper provides a comprehensive high-level view of ethical hacking, such as what it is, what it entails, and why companies hack into their own technology. Additionally, counter measures including penetration testing and real-world examples will be examined to give the reader a better understanding of ethical hacking and why it’s such an essential element of Information Security in the Information Systems/Technology field.
Graphical password authentication using pccp with sound signatureeSAT Journals
Abstract
Persuasive Cued-Click Point is an advanced method of cued click point of graphical password technique which includes usability and security evaluations. It also useful for reduces hotspot problem and hence it helps the user in selecting password of higher security. This paper includes the persuasion to influence user choice in click based graphical passwords, so that users select more desultory and more difficult to guess the passwords. In this paper includes sound signature for recover the password if user forgot password or click point ,then playing the sound signature which is selected at registration time then it set new password and access the account. This paper include dead zone new concept to avoiding Shoulder surfing attack in graphical password authentication.
Keywords: Graphical Password, Authentication, Password Images, and PCCP etc…
What Is Ethical Hacking and How Does It Work?Careervira
The most significant ethical hacking subjects will be covered in this learn guide, and you will discover everything there is to know about ethical hacking. Our tutorial covers both fundamental and advanced ethical hacking ideas. Both beginners and experts can benefit from our tutorial on ethical hacking.
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
Since 1980 cyberattacks have been evolving with the rising numbers of internet users and the constant evolving of security systems, and since then security systems experts have been trying to fight these kinds of attacks. This paper has both ethical and scientific goals, ethically, to raise awareness on cyberattacks and provide people with the knowledge that allows them to use the world wide web with fewer worries knowing how to protect their information and their devices with what they can. Scientifically, this paper includes a deep understanding of types of hackers, attacks, and various ways to stay safe online. This research investigates how ethical hackers adapt to the current and upcoming cyber threats. The different approaches for some famous hacking types along with their results are shown. Python and Ruby are used for coding, which we run on Kali Linux operating system.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
2. DEPARTMENT OF INFORMATION
TECHNOLOGY
CERTIFICATE
This is to certify that Mr./Ms. KHUSHBOO AGGARWAL, Roll No.
has successfully completed Colloquium seminar on
ETHICAL HACKING upto satisfaction level and submitted the same
during the academic year 2014-2015 towards the Course requirement , under
the Department of Information Technology , ABES Engineering College
,Ghaziabad.
Colloquium Coordinator HOD (IT Department)
3. ACKNOWLEDGEMENT
The completion of any task is the reward to not only persons actively involved in
Accomplishing it,butt also to the people involved in inspiring, guiding and helping
Those people. I take the opportunity here to thank all those who have helped us in
preparing this report. Yet, this report wouldn’t have been possible without the
unrelenting care and support of many people.
The very fact that I was able to complete this report is a clear proof of the patience
and efforts of our Colloquium Guide Mr.Sanjeev Kapoor who helped us
through the duration of the colloquium. Also I would like to thank our HOD Sir
Prof. A.K. Soni for his guidance. Completing this Colloquium report in such a
short time especially with so little initial knowledge, was a task impossible enough
for us but the help we received from our faculty is very much appreciable.
Hence I am really very much indebted to everyone who helpedme in completionof
this Colloquium Report.
KHUSHBOO AGGARWAL
4. INDEX
Abstract-------------------------------------------------------------------- 1
Introduction:-------------------------------------------------------------- 2
Security-------------------------------------------------------------- 2
Need for Security-------------------------------------------------- 2
History Highlights------------------------------------------------------- 3
Hacking-------------------------------------------------------------------- 4
Types of Hackers:-------------------------------------------------------- 4-5
Black-Hat Hacker-------------------------------------------------- 4
White-Hat Hacker-------------------------------------------------- 4
Grey-Hat Hacker--------------------------------------------------- 5
Ethical Hacking---------------------------------------------------------- 6
Hackers Language------------------------------------------------------- 7
Hackers Language Translation--------------------------------------- 8
What do an Ethical Hacker do ? ------------------------------------ 8
Required skills of an Ethical Hacker------------------------------- 9
Ethical Hacking Commandments----------------------------------- 9-10
Working ethically------------------------------------------------- 9
Respecting privacy------------------------------------------------ 10
Not crashing your systems-------------------------------------- 10
Some Famous Hackers------------------------------------------------- 10
Indian Ethical Hackers------------------------------------------------- 11
5. Methodology of Hacking :------------------------------------------- 11-15
Reconnaissance-------------------------------------------------- 12
Scanning & Enumeration-------------------------------------- 12
Gaining access---------------------------------------------------- 13
Maintaining access---------------------------------------------- 14
Clearing tracks--------------------------------------------------- 15
How we can see a save password of facebook ?----------- 16-17
Ethical hacking tools: ----------------------------------------------- 17-22
Samspade-------------------------------------------------------- 18
Email Tracker and Visual Route--------------------------- 19-21
Some other important tools---------------------------------- 22
Advantages and disadvantages------------------------------------ 22
Future enhancements-------------------------------------------------- 23
Conclusion--------------------------------------------------------------- 24
References---------------------------------------------------------------- 25
6. ABSTRACT
Today more and more softwares are developing and people are getting more and
more options in their present softwares. But many are not aware that they are
being hacked without their knowledge. One reaction to this state of affairs is a
behavior termed“Ethical Hacking" which attempts to pro-actively increase security
protection by identifying and patching known security vulnerabilities on systems
owned by other parties.
A good ethical hacker should know the methodology chosen by the hacker like
reconnaissance, host or target scanning, gaining access, maintaining access and
clearing tracks.For ethical hacking we should know about the various tools and
methods that can be used by a black hat hacker apart from the methodology used
by him.
From the point of view of the user one should know at least some of these because
some hackers make use of those who are not aware of the various hacking
methods to hack into a system. Also when thinking from the point of view of the
developer, he also should be aware of these since he should be able to close holes
in his software even with the usage of the various tools. With the advent of new
tools the hackers may make new tactics. But at least the software will be resistant
to some of the tools.
1
7. INTRODUCTION
Ethical hacking also knownas penetration testing or white-hat 8hacking, involves
the same tools, tricks, and techniques that hackers use, but with one major
difference that Ethical hacking is legal. Ethical hacking is performed with the
target’s permission.The intent of ethical hacking is to discover vulnerabilities from
a hacker’s viewpoint so systems can be better secured. It’s part of an overall
information risk management program that allows for ongoing security
improvements. Ethical hacking can also ensure that vendors’ claims about the
security of their products are legitimate.
Security:
Security is the condition of being protected against danger or loss. In the
general sense, security is a concept similar to safety.In the case of networks the
security is also called the information security. Information security means
protecting information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction.
Need for Security:
Computer security is required because most organizations can be damaged by
hostile software or intruders. There may be several forms of damage which are
obviously interrelated which are produced by the intruders. These include:
● lose of confidential data
● Damage or destruction of data
● Damage or destruction of computer system
● Loss of reputation of a company
2
8. HISTORY HIGHLIGHTS:
The first hacker was appeared in 1960’s at the Massachusetts Institute Of
Technology(MIT)
During the 1970’s, a different kind of hacker appeared: Phone Phreaker or
Phone Hacker.
In the 1980’s, phreaks started to migrate to computers, and the first Bulletin
Board System (BBS) appeared
During the 1990’s, when the use of internet widespread around the world,
hackers multiplied
3
9. HACKING
Eric Raymond, compiler of “The New Hacker's Dictionary”, defines a hacker
as a clever programmer. A "good hack" is a clever solution to a programming
problem and "hacking" is the act of doingit.Raymond lists five possible
characteristics that qualify one as a hacker, which we paraphrase here:
● A person who enjoys learning details of a programming language or system
● A person who enjoys actually doing the programming rather than
just theorizing about it
● A person capable of appreciating someone else's hacking
● A person who picks up programming quickly
● A person who is an expert at a particular programming language or system
TYPES OF HACKERS:
Hackers can be broadly classified on the basis of why they are hacking system or
why the are indulging hacking.There are mainly three types of hacker on this basis
● Black-Hat Hacker
A black hat hackers or crackers are individuals with extraordinary computing
skills, resorting to malicious or destructive activities. That is black hat hackers
use their knowledge and skill for their own personal gains probably by hurting
others.
● White-Hat Hacker
White hat hackers are those individuals professing hacker skills and using them
for defensive purposes. This means that the white hat hackers use their knowledge
and skill for the good of others and for the common good.
4
10. ● Grey-Hat Hackers
These are individuals who work both offensively and defensively at various
times. We cannot predict their behaviour. Sometimes they use their skills for the
common good while in some other times he uses them for their personal gains.
Different kinds of system attacks
5
Viruses, Trojan Horses,
and Worms
Social
Engineering
Automated
Attacks
Accidental Breaches
in Security
Denial of
Service (DoS)
Organizational
Attacks
Restricte
d
Data
11. General hacking
ETHICAL HACKING
ETHICAL HACKING
Ethical hacking defined as “a methodology adopted by ethical hackers to
discover the vulnerabilities existing in information systems’ operating
environments.”
With the growth of the Internet, computer security has become a major
concern for businesses and governments.
In their search for a way to approach the problem, organizations came to
realize that one of the best ways to evaluate the intruder threat to their
interests would be to have independent computer security professionals
attempt to break into their computer systems.
6
12. HACKERS LANGUAGE :
1 -> i or l
3 -> e
4 -> a
7 -> t
9 -> g
0 -> o
$ -> s
| -> i or l
|| -> n
|/| -> m
s -> z
z -> s
f -> ph
ph -> f
x -> ck
ck -> x
7
13. HACKERS LANGUAGE TRANSLATION:
EXAMPLE:-
1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d
1n
I did not hack this page, it was like this when I hacked in
WHAT DO AN ETHICAL HACKER DO?
An ethical hacker is a person doing ethical hacking that is he is a security personal
who tries to penetrate in to a network to find if there is some vulnerability in the
system. An ethical hacker will always have the permission to enter into the target
network. An ethical hacker will first think with a mindset of a hacker who tries to
get in to the system.
He will first find out what an intruder can see or what others can see. Finding
these an ethical hacker will try to get into the system with that information in
whatever method he can. If he succeeds in penetrating into the system then he will
report to the company with a detailed report about the particular vulnerability
exploiting which he got in to the system. He may also sometimes make patches for
that particular vulnerability or he may suggest some methods to prevent the
vulnerability.
8
14. REQUIRED SKILLS OF AN ETHICAL HACKER:
• Microsoft: skills in operation, configuration and management.
• Linux: knowledge of Linux/Unix; security setting, configuration, and
services.
• Firewalls: configurations, and operation of intrusion detection systems.
• Routers: knowledge of routers, routing protocols, and access control lists
• Mainframes
• Network Protocols: TCP/IP; how they function and can be manipulated.
• Project Management: leading, planning, organizing, and controlling a
penetration testing team.
ETHICAL HACKING COMMANDMENTS:
Every ethical hacker must abide by a few basic commandments. If not, bad things
can happen. The commandments are as follows:
Working ethically:
The word ethical in this context can be defined as working with high
professional morals and principles. Everything you do as an ethical hacker
must be aboveboard and must support the company’s goals. No hidden agendas
are allowed! Trustworthiness is the ultimate tenet. The misuse of information is
absolutely forbidden.
9
15. Respecting privacy:
Treat the information gathered with the utmost respect. All information you
obtain during your testing — from Web-application log files to clear-text
passwords — must be kept private. If you sense that someone should know
there’s a problem, consider sharing that information with the appropriate
manager.
Not crashing your systems:
One of the biggest mistakes hackers try to hack their own systems is
inadvertently crashing their systems. The main reason for this is poor planning.
These testers have not read the documentation or misunderstand the usage and
power of the security tools and techniques.
SOME FAMOUS HACKERS :
i. Ian Murphy
ii. Kevin Mitnick
iii. Johan Helsinguis
iv. Linus Torvald
v. Mark Abene
vi. Robert Morris
10
16. INDIAN ETHICAL HACKERS :
i. Ankit Fadia
ii. Rishiraj Sharma
iii. Sunny Vaghela
iv. Pranav Mistry
v. Sai Satish
vi. Sangeet Chopra
vii. Rahul Tyagi
viii. Vivek Ramchandran
ix. Falgun Rathod
x. Ravindra Singh Rathore
METHODOLOGY OF HACKING:
As described above there are mainly five steps in hacking like reconnaissance,
scanning, gaining access, maintaining access and clearing tracks. But it is not the
end of the process. The actual hacking will be a circular one. Once the hacker
completed the five steps then the hacker will start reconnaissance in that stage and
the preceding stages to get in to the next level.The various stages in the hacking
methodology are -
● Reconnaissance
● Scanning & Enumeration
● Gaining access
● Maintaining access
● Clearing tracks
11
17. Reconnaissance:
The literal meaning of the word reconnaissance means a preliminary survey to
gain information. This is also known as foot-printing. This is the first stage in
the methodology of hacking. As given in the analogy, this is the stage in which the
hacker collects information about the company which the personal is going to
hack. This is one of the pre-attacking phases. Reconnaissance refers to the
preparatory phase where an attacker learns about all of the possible attack vectors
that can be used in their plan.
Scanning & Enumeration:
Scanning is the second phase in the hacking methodology in which the hacker tries
to make a blue print of the target network. It is similar to a thief going through
your neighborhood and checking every door and window on each house to see
which ones are open and which ones are locked. The blue print includes the ip-
addresses of the target network which are live, the services which are running on
those system and so on. Usually the services run on predetermined ports.There are
different tools used for scanning war dialing and pingers were used earlier but now
a days both could be detected easily and hence are not in much use. Modern port
scanning uses TCP protocol to do scanning and they could even detect the
operating systems running on the particular hosts.
12
18. Enumeration:
Enumeration is the ability of a hacker to convince some servers to give them
information that is vital to them to make an attack. By doing this the hacker aims
to find what resources and shares can be found in the system, what valid user
account and user groups are there in the network, what applications will be there
etc. Hackers may use this also to find other hosts in the entire network.
This is the actual hacking phase in which the hacker gains access to the
system.The hacker will make use of all the information he collected in the pre-
attacking phases. Usually the main hindrance to gaining access to a system is
the passwords. System hacking can be considered as many steps. First the hacker
will try to get in to the system. Once he get in to the system the next thing he want
will be to increase his privileges so that he can have more control over the system.
As a normal user the hacker may not be able to see the confidential details or
cannot upload or run the different hack tools for his own personal interest.
Another way to crack in to a system is by the attacks like man in the middle attack.
There are many methods for cracking the password and then get in to the
system. The simplest method is to guess the password. But this is a tedious work.
But in order to make this work easier there are many automated tools for
password guessing like legion. Legion actually has an inbuilt dictionary in it and
the software will automatically.That is the software itself generates the password
using the dictionary and will check the responses.
Techniques used in password cracking are:
Dictionary cracking
Brute force cracking
Hybrid cracking
Social engineering
13
19. Privilege escalation:
Privilege escalation is the process of raising the privileges once the hacker gets in
to the system. That is the hacker may get in as an ordinary user. And now he tries
to increase his privileges to that of an administrator who can do many things.
There are many types of tools available for this. There are some tools like
getadmin attaches the user to some kernel routine so that the services run by the
user look like a system routine rather than user initiated program. The privilege
escalation process usually uses the vulnerabilities present in the host operating
system or the software. There are many tools like hk.exe, metasploit etc. One
such community of hackers is the metasploit.
Maintaining Access:
Now the hacker is inside the system by some means by password guessing or
exploiting some of it’s vulnerabilities. This means that he is now in a position to
upload some files and download some of them. The next aim will be to make an
easier path to get in when he comes the next time. This is analogous to making a
small hidden door in the building so that he can directly enter in to the building
through the door easily. In the network scenario the hacker will do it by
uploading some softwares like Trojan horses, sniffers , key stroke loggers etc.
14
20. Clearing Tracks :
Now we come to the final step in the hacking. There is a sayingthat “everybody
knows a good hacker but nobody knows a great hacker”. This means that a good
hacker can always clear tracks or any record that they may be present in the
network to prove that he was here. Whenever a hacker downloads some file or
installs some software, its log will be stored in the server logs. So in order to
erase those the hacker uses man tools. One such tool is windows resource kit’s
auditpol.exe. This is a command line tool with which the intruder can easily
disable auditing. Another tool which eliminates any physical evidence is the
evidence eliminator.Sometimes apart from the server logs some other in
formations may be stored temporarily. The Evidence Eliminator deletes all such
evidences.
15
21. HOW WE CAN SEE A SAVE PASSWORD OF FACEBOOK?
Right click on password box…
Then click on inspect element….
16
22. Then code will open….
NOW type text in place of password…
So now you can see the saved password in text form….
ETHICAL HACKING TOOLS:
Ethical hackers utilize and have developed variety of tools to intrude into different
kinds of systems and to evaluate the security levels. The nature of these tools
differ widely. Here we describe some of the widely used tools in ethical hacking.
17
23. Samspade:
Samspade is a simple tool which provides us information about a
particular host.This tool is very much helpful in finding the
addresses, phone numbers etc.
The above fig 2.1 represents the GUI of the samspade tool. In the text field in
the top left corner of the window we just need to put the address of the
18
24. particular host. Then we can find out various information available. The
information given may be phone numbers, contact names, IP addresses, email
ids, address range etc. We may think that what is the benefit of getting the
phone numbers, email ids, addresses etc.
But one of the best ways to get information about a company is to just pick up
the phone and ask the details. Thus we can get much information in just one
click.
Email Tracker and Visual Route:
We often used to receive many spam messages in our mail box. We don’t know
where it comes from. Email tracker is a software which helps us to find from
which server does the mail actually came from. Every message we receive will
have a header associated with it. The email tracker uses this header information for
find the location.
19
25. The above fig 2.2 shows the GUI of the email tracker software. One of the
options in the email tracker is to import the mail header. In this software we
just need to import the mails header to it. Then the software finds from which
area that mail comes from. That is we will get information like from which
region does the message come from like Asia pacific, Europe etc.To be more
specific we can use another tool visual route to pinpoint the actual location of
the server. The option of connecting to visual route is available in the email
tracker. Visual route is a tool which displays the location a particular server
with the help of IP addresses. When we connect this with the email tracker we
can find the server which actually sends the mail. We can use this for finding
the location of servers of targets also visually in a map
20
26. The above fig 2.3 depicts the GUI of the visual route tool. The visual route
GUI have a world map drawn to it. The software will locate the position of the
server in that world map. It will also depict the path though which the message
came to our system.This software will actually provide us with information
about the routers through which the message or the path traced by the mail
from the source to the Destination.
21
27. Some other important tools used are:
War Dialing
Pingers
Super Scan
Nmap etc…
ADVANTAGE AND DISADVANTAGES
Ethical hacking nowadays is the backbone of network security. Each day its
relevance is increasing,the major pros & cons of ethical hacking are given below:
Advantages
“To catch a thief you have to think like a thief”
Helps in closing the open holes in the system network
Provides security to banking and financial establishments
Prevents website defacements
An evolving technique
Disadvantages
All depends upon the trustworthiness of the ethical hacker
Hiring professionals is expensive.
22
28. FUTURE ENHANCEMENTS:
As it an evolving branch the scope of enhancement in technology is
immense. No ethical hacker can ensure the system security by using
the same technique repeatedly. He would have to improve, develop
and explore new avenues repeatedly.
More enhanced softwares should be used for optimum protection.
Tools used, need to be updated regularly and more efficient ones
need to be developed
23
29. CONCLUSION
One of the main aims of the seminar is to make others understand that there are so
many tools through which a hacker can get in to a system. Let’s check its various
needs from various perspectives.
● Student
A student should understand that no software is made with zero
Vulnerabilities.So while they are studying they should study the various
possibilities and should study how to prevent that because they are the
professionals of tomorrow.
● Professionals
Professionals should understand that business is directly related to
Security. So they should make new software with vulnerabilities as less as
possible. If they are not aware of these then they won’t be cautious enough in
security matters.
In the preceding sections we saw the methodology of hacking, why should we
aware of hacking and some tools which a hacker may use. Now we can see what
we can do against hacking or to protect ourselves from hacking.
● The first thing we should do is to keep ourselves updated about
those softwares we and using for official and reliable sources.
● Educate the employees and the users against black hat hacking.
● Use every possible security measures like Honey pots,Intrusion Detection
Systems, Firewalls etc.
● every time make our password strong by making it harder and longer to be
cracked.
24