Thursday, December 26, 2024
Google search engine
HomeData Modelling & AIEthical Hacking Cheatsheet

Ethical Hacking Cheatsheet

Ethical hacking includes authorized attempts to gain unauthorized access to computer systems, applications, or data. Ethical hacking requires replicating the strategies and behaviors of malicious attackers. This practice helps identify security vulnerabilities, So they can be fixed before malicious attackers can exploit them. 

Basics:

Necessary Terms:

Name of Term Description of term
Hack Values The interests of hackers are based on their worth.
Vulnerability A weak point in a machine that may be exploited.
Exploit Take advantage of the identified vulnerability or loophole.
Payload Payload is used for the transmission of the data with the Internet Protocol from the sender to the receiver.
Zero-day attack Exploit previously unknown unpatched vulnerabilities.
Daisy-chaining A specific attack is performed by a hacker to gain access to a single system and use it to gain access to other systems on the same network.
Doxing Tracking an individual’s personally identifiable information (PII) for malicious purposes.
Bot Software is used to perform automated tasks.

Elements of Information Security:

Name of Term Description of term
Confidentiality Make sure that information is only accessible to authorized people.
Integrity Ensure accuracy of information.
Availability Ensures availability of resources when requested by authorized users.
Authenticity Make sure the quality is not broken.
Non-repudiation Ensure delivery and receipt reports by sender and receiver respectively.

Phases of Ethical Hacking:

Name of Term Description of term
Reconnaissance This is the first stage in which hackers try to gather information about their targets.
Scanning & Enumeration  During this stage, data is scanned using tools such as dialers, port scanners, network mappers, sweepers, and vulnerability scanners.
Gaining Access  In this phase, using the data collected in Phases 1 and 2, hackers design a blueprint for the target’s network.
Maintaining Access  Once hackers gain access, they want to retain that access for future exploits and attacks. Once hackers own a system, they can use it as a base to launch further attacks.
Covering Tracks  Before attacking, the attacker changes its MAC address and runs the attacking computer through at least one VPN to disguise its identity.

Types of Cyber Threats:

Name of Term Description of term
Network threats Attackers can penetrate the channel and steal information being exchanged on the network.
Host threats Get access to information from your system.
Application threats Exploit gateways that are not protected by the application itself.

Types of Cyber Attacks:

Name of Term Description of term
OS-Based Cyber Attacks Attacks the victim’s primary operating system.
App Level Cyber Attacks Application-originated attacks are usually caused by a lack of security testing by developers.
Shrink Wrap Exploit unpatched libraries and frameworks in your application.
Misconfiguration Hacking systems with poorly configured security.

Legal Laws and Cyber Acts:

Name of Term Description of term
RFC 1918 For Private IP Standard 
RFC 3227 For Data collection and storage 
ISO 27002 For Information Security Guidelines
CAN-SPAM For Email Marketing
SPY-Act For License Enforcement 
DMCA For Intellectual Property 
SOX For Corporate Finance Processes
GLBA For Personal Finance Data 
FERPA For Education Records 
FISMA For Government Networks Security Standards
CVSS For Common Vulnerability Scoring System 
CVE For Common Vulnerabilities and Exposure 

Reconnaissance:

Footprinting information:

Name of Term Description of term
Network information Scan domains, subdomains, IP addresses, Whois and DNS entries, VPN firewalls, and more with it.
System information Web server, operating system, server location, user, username, password, passcode.
Organization information Employee information, organizational background, phone number, and location.

Footprinting Tools:

Name of Term Description of term
Maltego Maltego is software used for open-source intelligence and forensics.
Recon-ng Recon-ng is a web reconnaissance tool written in Python. 
FOCA FOCA is a tool primarily used to find metadata and hidden information in scanned documents. These documents can be found on the website.
Recon-dog ReconDog is a free, open-source tool available on GitHub that is used for information gathering.
Dmitry Dmitry or Deepmagic Information Gathering Tool is a command line utility included with Kali Linux.

Google Hacking (Dorks):

Name of Term Description of term
site: Used to gather database only from  specified domains
inurl Used to gather database only from pages with a query in  URL
intitle Used to gather database only from pages with the query in the title.
cache Used to gather database from a cached version of the queried page
link Used to gather database from pages containing the requested URL. Discontinued.
filetype Used to gather database Only results for specified file types

Scanning Networks:

Involves collecting additional information about the victim’s host, port, and network services. It aims to identify vulnerabilities and then plan attacks.

Scanning Types:

Name of Term Description of term
Port scanning The process of Checking open ports and services.
Network scanning The process of checking lists of IP Addresses
Vulnerability scanning This is also called penetration testing

Common Ports to Scan:

Port Number 

 Protocol Type

 Network Type

22 

TCP 

SSH (Secure Shell) 

23 

TCP 

Telnet     

25 

TCP 

SMTP (Simple Mail Transfer Protocol) 

53 

TCP/UDP 

DNS (Domain Name System)

80 

TCP 

HTTP (Hypertext Transfer Protocol)

123 

TCP 

NTP (Network Time (Network)

443 

TCP/UDP 

HTTPS     

500 

TCP/UDP 

IKE/IPSec (Internet Key )

631 

TCP/UDP 

IPP (Internet Printing (Internet)

3389 

TCP/UDP 

RDP (Remote Desktop)

9100 

TCP/UDP

AppSocket/JetDirect 

Scanning Tools:

Name of Tool Description of Tool
Nmap Nmap (“Network Mapper”) is a free and open-source utility for network exploration and security testing.
Hping Hping is a command line-oriented TCP/IP packet compiler/parser.
Arping Arping is a tool for polling hosts on a network. Unlike the ping command, which operates at the network layer.

Enumeration:

Enumeration is a process in ethical hacking, which Interact with the system and interrogate it to obtain the necessary information. Involves the discovery and exploitation of vulnerabilities.

Enumeration Techniques:

Name of Term Description of term
Windows enumeration  It helps to get system information.
Windows user account enumeration It is process to check the current user.
NetBIOS enumeration  Configure IP address  (default gateway, subnet, DNS, domain controller).
SNMP enumeration  Process of collection of information about all network configurations.
LDAP enumeration  To access directory listings in Active Directory or from other directory services
NTP enumeration  Using the NTP enumeration, you can collect information such as a list of servers connected to the NTP server, IP addresses, system names, and operating systems 
SMTP enumeration  SMTP enumeration allows us to identify valid users on the SMTP server.
Brute forcing Active Directory  In a brute force attack, an attacker gains access to your system just by repeatedly logging in with multiple passwords until they guess the right password.

Sniffing:

Sniffing Involves retrieving packets of data over a network using a specific program or device.

Sniffing Types:

Type of Scanning Description
Passive sniffing In passive sniffing, There is no packet sending is required.
Active sniffing In active sniffing, We request a packet with source and destination addresses.

Sniffing Tools:

Name of tools for sniffing Description
BetterCAP

The BetterCAP tool is a very powerful, flexible, and portable best software tool created to perform various types of MITM attacks against networks and manipulate its HTTP, HTTPS, and TCP traffic in real-time, sniffing it for as well as credentials, and much more through it.

Ettercap

Ettercap tool is a software comprehensively sharp tool suited for man-in-the-middle attacks for networks. It has features as well as sniffing of live connections, content filtering.

Wireshark

Wireshark tool is a tool that is known as one of the most popular packet sniffers. It offers an unlimited number of features designed to implement and assist in the dissection and analysis of traffic for it.

Tcpdump

 tcpdump is a tool that provides the ability to intercept and ability to observing TC P/IP and other packets during transmission over the network.

WinDump

A Windows port the popular to Linux as well as packet sniffers at tcpdump, which is a command-line tool that is perfect for displaying header information through it. Due to the success of tcpdump on Unix-like operating systems os, it was “ported over” to the windows platforms to it, This simply means it was cloned to allow for Windows packet capturing it.

Dsniff

This tool is a pair of tools designed to perform sniffing packets with differentiating protocols with the intention of intercepting and revealing passwords as well the Dsniff tool is designed for the Unix and Linux platforms and does not have a full equivalent on the Windows platforms for support.

Sniffing Attacks:

Name of Term Description of term
MAC flooding Send multiple fake MAC addresses to the switch until the CAM table is full. This puts the switch open on failure, where it propagates incoming traffic to all ports on the network.
DHCP attacks A type of denial-of-service attack that exhausts all available server addresses.
DNS poisoning Manipulate the DNS table by replacing a legitimate IP address with a malicious one.
VLAN hopping Attack a host on one VLAN to access traffic on other VLANs.
OSPF attacks Form a trust relationship with adjacent routers.

System Hacking:

System hacking is defined as a compromise between a computer system and software to gain access to a target computer and steal or misuse their sensitive information.

Types of system attacks:

Name of Term Description of term
LM Hashing  It is  used to compromise the password hash
Sidejacking  It  is a process of  Stealing access to a website, often through cookie hijacking
Session Hijacking It is the process of targeting and detecting client-server traffic  and predict sequences

Social Engineering:

Social engineering refers to pressuring people in a targeted organization to disclose sensitive or confidential information.

Steps of Social Engineering:

Name of Term Description of term
Research The process of collecting information about the target company
Select target The process of Choosing a target employee of a targeted company
Relationship It is Gaining the trust of your target employees by building relationships
Exploit The process of Extracting information from  targeted employees
Identity theft  Identity theft occurs when someone steals your personal information to commit fraud.

Web Hacking:

Web hacking generally refers to exploiting applications over the Hypertext Transfer Protocol (HTTP). This can be done by manipulating the application through a web graphical interface, by manipulating the Uniform Resource Identifier (URI), or by abusing HTTP elements.

Web Server Hacking : 

A web server is a system for storing, processing, and serving websites. Web server hacks include:

Name of Term Description of term
Information gathering In web servers hacking, Information gathering is Collecting robots.txt to view hidden directories/files
Footprinting Footprinting in web server hacking is a  listing of popular web apps 
Mirroring This makes it easy to find directory forms and other important records from  mirrored copies without making several requests to the web server.
vulnerabilities analysis A vulnerability assessment is a review focused on security-related issues that have a moderate or severe impact on the security of a product or system.

Web Server Hacking Topen-sourceools:

Names of Tools Description of Tools
Wfetch

Wfetch was originally part of the IIS 6.0 Resource Kit Tools. Can be used to troubleshoot HTTP redirects, HTTP status codes, etc.

THC Hydra

This tool is widely used for hacking quick network logins. Attack the login page using both dictionary and brute force attacks.

HULK DoS

HULK is a denial of service (DoS) tool used to attack web servers by generating a unique and disguised amount of traffic.

w3af

w3af is a web application attack and audit framework. The purpose of this project is to create a framework that helps secure web applications by finding and exploiting all vulnerabilities in web applications.

Metasploit

The Metasploit framework is a very powerful tool that both cyber criminals and ethical hackers can use to investigate systematic vulnerabilities in networks and servers.

Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and database takeovers.

Cryptography:

Encryption is the process of hiding sensitive information.

General Terms:

Name of term Description of term
Cipher Encryption and decryption algorithm.
Clear text / plaintext Unencrypted data 
Cipher text Encrypted data 

Encryption Algorithms:

Name of term Description of term
DES (Data Encryption Standard) Block cipher, 56-bit key, 64-bit block size 
3DES (Triple Data Encryption Standard) Block cipher, 168-bit key 
AES Iterated block cipher. 
RC (Rivest Cipher) Symmetric-key algorithm. 
Blowfish A fast symmetric block cipher, 64-bit block size, 32 to 448 bits key
Twofish Symmetric-key block cipher
RSA (Rivest–Shamir–Adleman) Achieving strong encryption through the use of two large prime numbers. 
Diffie–Hellman Used for generating a shared key between two entities over an insecure channel. 
DSA (Digital Signature Algorithm) Private key tells who signed the message. Public key verifies the digital signature 

Cloud Security:

Cloud providers implement restricted access and access policies with logs and the ability to request access and denial reasons.

Cloud Computing Attacks:

Name of term Description of term
Wrapping attack Change the unique characters but keep the signature valid.
Side channel attacks An attacker controls VMs on the same physical host (either by compromising one or placing one of their own).
Cloud Hopper attack The goal is to compromise an employee’s or cloud service company’s account in order to obtain confidential information.
Cloudborne attack Exploit specific BMC vulnerabilities
Man-In-The-Cloud (MITC) attack It runs using a file sync service (such as Google Drive or Dropbox) as infrastructure.

Malware and Other Attacks:

Malware is a malicious program designed to damage your system and give its creator access to your system.

Trojans: 

The malware is contained in seemingly harmless programs. The types are:

Name of term Description of term
Remote access trojans (RATs) Malware that contains a backdoor for administrative control of the target computer.
Backdoor Trojans Uninterrupted access by an attacker by installing a backdoor on the targeted system.
Botnet Trojans Install the boot program on the target system
Rootkit Trojans Allow access to unauthorized areas of the software.
E-banking Trojans It intercepts account information before encrypting it and sends it to the attacker.
Proxy-server Trojans Allows an attacker to use the victim’s computer as a proxy to connect to the Internet.

Viruses: 

Here are some examples of computer viruses:

Name of term Description of term
Stealth virus The virus takes aggressive steps to hide infection from antivirus.
Logic Bomb virus It does not self-replicate, does not increase in population, and may be parasitic.
Polymorphic virus Modifies payload to evade signature detection.
Metamorphic virus A virus that can reprogram/rewrite itself.
Macro virus Macro creation for MS Office products.
File infectors The virus infects executable files.
Boot sector infectors Malicious code that runs at system startup.
Multipartite viruses Combine file infectors and boot record infectors.
Whether you’re preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, lazyroar Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we’ve already empowered, and we’re here to do the same for you. Don’t miss out – check it out now!

RELATED ARTICLES

Most Popular

Recent Comments