Ethical hacking includes authorized attempts to gain unauthorized access to computer systems, applications, or data. Ethical hacking requires replicating the strategies and behaviors of malicious attackers. This practice helps identify security vulnerabilities, So they can be fixed before malicious attackers can exploit them.
Basics:
Necessary Terms:
| Name of Term | Description of term |
|---|---|
| Hack Values | The interests of hackers are based on their worth. |
| Vulnerability | A weak point in a machine that may be exploited. |
| Exploit | Take advantage of the identified vulnerability or loophole. |
| Payload | Payload is used for the transmission of the data with the Internet Protocol from the sender to the receiver. |
| Zero-day attack | Exploit previously unknown unpatched vulnerabilities. |
| Daisy-chaining | A specific attack is performed by a hacker to gain access to a single system and use it to gain access to other systems on the same network. |
| Doxing | Tracking an individual’s personally identifiable information (PII) for malicious purposes. |
| Bot | Software is used to perform automated tasks. |
Elements of Information Security:
| Name of Term | Description of term |
|---|---|
| Confidentiality | Make sure that information is only accessible to authorized people. |
| Integrity | Ensure accuracy of information. |
| Availability | Ensures availability of resources when requested by authorized users. |
| Authenticity | Make sure the quality is not broken. |
| Non-repudiation | Ensure delivery and receipt reports by sender and receiver respectively. |
Phases of Ethical Hacking:
| Name of Term | Description of term |
|---|---|
| Reconnaissance | This is the first stage in which hackers try to gather information about their targets. |
| Scanning & Enumeration | During this stage, data is scanned using tools such as dialers, port scanners, network mappers, sweepers, and vulnerability scanners. |
| Gaining Access | In this phase, using the data collected in Phases 1 and 2, hackers design a blueprint for the target’s network. |
| Maintaining Access | Once hackers gain access, they want to retain that access for future exploits and attacks. Once hackers own a system, they can use it as a base to launch further attacks. |
| Covering Tracks | Before attacking, the attacker changes its MAC address and runs the attacking computer through at least one VPN to disguise its identity. |
Types of Cyber Threats:
| Name of Term | Description of term |
|---|---|
| Network threats | Attackers can penetrate the channel and steal information being exchanged on the network. |
| Host threats | Get access to information from your system. |
| Application threats | Exploit gateways that are not protected by the application itself. |
Types of Cyber Attacks:
| Name of Term | Description of term |
|---|---|
| OS-Based Cyber Attacks | Attacks the victim’s primary operating system. |
| App Level Cyber Attacks | Application-originated attacks are usually caused by a lack of security testing by developers. |
| Shrink Wrap | Exploit unpatched libraries and frameworks in your application. |
| Misconfiguration | Hacking systems with poorly configured security. |
Legal Laws and Cyber Acts:
| Name of Term | Description of term |
|---|---|
| RFC 1918 | For Private IP Standard |
| RFC 3227 | For Data collection and storage |
| ISO 27002 | For Information Security Guidelines |
| CAN-SPAM | For Email Marketing |
| SPY-Act | For License Enforcement |
| DMCA | For Intellectual Property |
| SOX | For Corporate Finance Processes |
| GLBA | For Personal Finance Data |
| FERPA | For Education Records |
| FISMA | For Government Networks Security Standards |
| CVSS | For Common Vulnerability Scoring System |
| CVE | For Common Vulnerabilities and Exposure |
Reconnaissance:
Footprinting information:
| Name of Term | Description of term |
|---|---|
| Network information | Scan domains, subdomains, IP addresses, Whois and DNS entries, VPN firewalls, and more with it. |
| System information | Web server, operating system, server location, user, username, password, passcode. |
| Organization information | Employee information, organizational background, phone number, and location. |
Footprinting Tools:
| Name of Term | Description of term |
|---|---|
| Maltego | Maltego is software used for open-source intelligence and forensics. |
| Recon-ng | Recon-ng is a web reconnaissance tool written in Python. |
| FOCA | FOCA is a tool primarily used to find metadata and hidden information in scanned documents. These documents can be found on the website. |
| Recon-dog | ReconDog is a free, open-source tool available on GitHub that is used for information gathering. |
| Dmitry | Dmitry or Deepmagic Information Gathering Tool is a command line utility included with Kali Linux. |
Google Hacking (Dorks):
| Name of Term | Description of term |
|---|---|
| site: | Used to gather database only from specified domains |
| inurl | Used to gather database only from pages with a query in URL |
| intitle | Used to gather database only from pages with the query in the title. |
| cache | Used to gather database from a cached version of the queried page |
| link | Used to gather database from pages containing the requested URL. Discontinued. |
| filetype | Used to gather database Only results for specified file types |
Scanning Networks:
Involves collecting additional information about the victim’s host, port, and network services. It aims to identify vulnerabilities and then plan attacks.
Scanning Types:
| Name of Term | Description of term |
|---|---|
| Port scanning | The process of Checking open ports and services. |
| Network scanning | The process of checking lists of IP Addresses |
| Vulnerability scanning | This is also called penetration testing |
Common Ports to Scan:
|
Port Number |
Protocol Type |
Network Type |
|---|---|---|
|
22 |
TCP |
|
|
23 |
TCP |
|
|
25 |
TCP |
|
|
53 |
TCP/UDP |
|
|
80 |
TCP |
|
|
123 |
TCP |
|
|
443 |
TCP/UDP |
|
|
500 |
TCP/UDP |
|
|
631 |
TCP/UDP |
|
|
3389 |
TCP/UDP |
|
|
9100 |
TCP/UDP |
Scanning Tools:
| Name of Tool | Description of Tool |
|---|---|
| Nmap | Nmap (“Network Mapper”) is a free and open-source utility for network exploration and security testing. |
| Hping | Hping is a command line-oriented TCP/IP packet compiler/parser. |
| Arping | Arping is a tool for polling hosts on a network. Unlike the ping command, which operates at the network layer. |
Enumeration:
Enumeration is a process in ethical hacking, which Interact with the system and interrogate it to obtain the necessary information. Involves the discovery and exploitation of vulnerabilities.
Enumeration Techniques:
| Name of Term | Description of term |
|---|---|
| Windows enumeration | It helps to get system information. |
| Windows user account enumeration | It is process to check the current user. |
| NetBIOS enumeration | Configure IP address (default gateway, subnet, DNS, domain controller). |
| SNMP enumeration | Process of collection of information about all network configurations. |
| LDAP enumeration | To access directory listings in Active Directory or from other directory services |
| NTP enumeration | Using the NTP enumeration, you can collect information such as a list of servers connected to the NTP server, IP addresses, system names, and operating systems |
| SMTP enumeration | SMTP enumeration allows us to identify valid users on the SMTP server. |
| Brute forcing Active Directory | In a brute force attack, an attacker gains access to your system just by repeatedly logging in with multiple passwords until they guess the right password. |
Sniffing:
Sniffing Involves retrieving packets of data over a network using a specific program or device.
Sniffing Types:
| Type of Scanning | Description |
|---|---|
| Passive sniffing | In passive sniffing, There is no packet sending is required. |
| Active sniffing | In active sniffing, We request a packet with source and destination addresses. |
Sniffing Tools:
| Name of tools for sniffing | Description |
|---|---|
| BetterCAP |
The BetterCAP tool is a very powerful, flexible, and portable best software tool created to perform various types of MITM attacks against networks and manipulate its HTTP, HTTPS, and TCP traffic in real-time, sniffing it for as well as credentials, and much more through it. |
| Ettercap |
Ettercap tool is a software comprehensively sharp tool suited for man-in-the-middle attacks for networks. It has features as well as sniffing of live connections, content filtering. |
| Wireshark |
Wireshark tool is a tool that is known as one of the most popular packet sniffers. It offers an unlimited number of features designed to implement and assist in the dissection and analysis of traffic for it. |
| Tcpdump |
tcpdump is a tool that provides the ability to intercept and ability to observing TC P/IP and other packets during transmission over the network. |
| WinDump |
A Windows port the popular to Linux as well as packet sniffers at tcpdump, which is a command-line tool that is perfect for displaying header information through it. Due to the success of tcpdump on Unix-like operating systems os, it was “ported over” to the windows platforms to it, This simply means it was cloned to allow for Windows packet capturing it. |
| Dsniff |
This tool is a pair of tools designed to perform sniffing packets with differentiating protocols with the intention of intercepting and revealing passwords as well the Dsniff tool is designed for the Unix and Linux platforms and does not have a full equivalent on the Windows platforms for support. |
Sniffing Attacks:
| Name of Term | Description of term |
|---|---|
| MAC flooding | Send multiple fake MAC addresses to the switch until the CAM table is full. This puts the switch open on failure, where it propagates incoming traffic to all ports on the network. |
| DHCP attacks | A type of denial-of-service attack that exhausts all available server addresses. |
| DNS poisoning | Manipulate the DNS table by replacing a legitimate IP address with a malicious one. |
| VLAN hopping | Attack a host on one VLAN to access traffic on other VLANs. |
| OSPF attacks | Form a trust relationship with adjacent routers. |
System Hacking:
System hacking is defined as a compromise between a computer system and software to gain access to a target computer and steal or misuse their sensitive information.
Types of system attacks:
| Name of Term | Description of term |
|---|---|
| LM Hashing | It is used to compromise the password hash |
| Sidejacking | It is a process of Stealing access to a website, often through cookie hijacking |
| Session Hijacking | It is the process of targeting and detecting client-server traffic and predict sequences |
Social Engineering:
Social engineering refers to pressuring people in a targeted organization to disclose sensitive or confidential information.
Steps of Social Engineering:
| Name of Term | Description of term |
|---|---|
| Research | The process of collecting information about the target company |
| Select target | The process of Choosing a target employee of a targeted company |
| Relationship | It is Gaining the trust of your target employees by building relationships |
| Exploit | The process of Extracting information from targeted employees |
| Identity theft | Identity theft occurs when someone steals your personal information to commit fraud. |
Web Hacking:
Web hacking generally refers to exploiting applications over the Hypertext Transfer Protocol (HTTP). This can be done by manipulating the application through a web graphical interface, by manipulating the Uniform Resource Identifier (URI), or by abusing HTTP elements.
Web Server Hacking :
A web server is a system for storing, processing, and serving websites. Web server hacks include:
| Name of Term | Description of term |
|---|---|
| Information gathering | In web servers hacking, Information gathering is Collecting robots.txt to view hidden directories/files |
| Footprinting | Footprinting in web server hacking is a listing of popular web apps |
| Mirroring | This makes it easy to find directory forms and other important records from mirrored copies without making several requests to the web server. |
| vulnerabilities analysis | A vulnerability assessment is a review focused on security-related issues that have a moderate or severe impact on the security of a product or system. |
Web Server Hacking Topen-sourceools:
| Names of Tools | Description of Tools |
|---|---|
| Wfetch |
Wfetch was originally part of the IIS 6.0 Resource Kit Tools. Can be used to troubleshoot HTTP redirects, HTTP status codes, etc. |
| THC Hydra |
This tool is widely used for hacking quick network logins. Attack the login page using both dictionary and brute force attacks. |
| HULK DoS |
HULK is a denial of service (DoS) tool used to attack web servers by generating a unique and disguised amount of traffic. |
| w3af |
w3af is a web application attack and audit framework. The purpose of this project is to create a framework that helps secure web applications by finding and exploiting all vulnerabilities in web applications. |
| Metasploit |
The Metasploit framework is a very powerful tool that both cyber criminals and ethical hackers can use to investigate systematic vulnerabilities in networks and servers. |
| Sqlmap |
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and database takeovers. |
Cryptography:
Encryption is the process of hiding sensitive information.
General Terms:
| Name of term | Description of term |
|---|---|
| Cipher | Encryption and decryption algorithm. |
| Clear text / plaintext | Unencrypted data |
| Cipher text | Encrypted data |
Encryption Algorithms:
| Name of term | Description of term |
|---|---|
| DES (Data Encryption Standard) | Block cipher, 56-bit key, 64-bit block size |
| 3DES (Triple Data Encryption Standard) | Block cipher, 168-bit key |
| AES | Iterated block cipher. |
| RC (Rivest Cipher) | Symmetric-key algorithm. |
| Blowfish | A fast symmetric block cipher, 64-bit block size, 32 to 448 bits key |
| Twofish | Symmetric-key block cipher |
| RSA (Rivest–Shamir–Adleman) | Achieving strong encryption through the use of two large prime numbers. |
| Diffie–Hellman | Used for generating a shared key between two entities over an insecure channel. |
| DSA (Digital Signature Algorithm) | Private key tells who signed the message. Public key verifies the digital signature |
Cloud Security:
Cloud providers implement restricted access and access policies with logs and the ability to request access and denial reasons.
Cloud Computing Attacks:
| Name of term | Description of term |
|---|---|
| Wrapping attack | Change the unique characters but keep the signature valid. |
| Side channel attacks | An attacker controls VMs on the same physical host (either by compromising one or placing one of their own). |
| Cloud Hopper attack | The goal is to compromise an employee’s or cloud service company’s account in order to obtain confidential information. |
| Cloudborne attack | Exploit specific BMC vulnerabilities |
| Man-In-The-Cloud (MITC) attack | It runs using a file sync service (such as Google Drive or Dropbox) as infrastructure. |
Malware and Other Attacks:
Malware is a malicious program designed to damage your system and give its creator access to your system.
Trojans:
The malware is contained in seemingly harmless programs. The types are:
| Name of term | Description of term |
|---|---|
| Remote access trojans (RATs) | Malware that contains a backdoor for administrative control of the target computer. |
| Backdoor Trojans | Uninterrupted access by an attacker by installing a backdoor on the targeted system. |
| Botnet Trojans | Install the boot program on the target system |
| Rootkit Trojans | Allow access to unauthorized areas of the software. |
| E-banking Trojans | It intercepts account information before encrypting it and sends it to the attacker. |
| Proxy-server Trojans | Allows an attacker to use the victim’s computer as a proxy to connect to the Internet. |
Viruses:
Here are some examples of computer viruses:
| Name of term | Description of term |
|---|---|
| Stealth virus | The virus takes aggressive steps to hide infection from antivirus. |
| Logic Bomb virus | It does not self-replicate, does not increase in population, and may be parasitic. |
| Polymorphic virus | Modifies payload to evade signature detection. |
| Metamorphic virus | A virus that can reprogram/rewrite itself. |
| Macro virus | Macro creation for MS Office products. |
| File infectors | The virus infects executable files. |
| Boot sector infectors | Malicious code that runs at system startup. |
| Multipartite viruses | Combine file infectors and boot record infectors. |
