|



Ô



 


 

 
 INTRODUCTION
Ethical hacking ,also known as penetration testing or
white-hat hacking, involves the same tools, tricks,
and techniques that hackers use, but with one major
difference that Ethical hacking is legal. Ethical
hacking performed with the target¶s permission. The
intent of ethical hacking is to discover vulnerabilities
from a hacker¶s viewpoint so systems can be better
secured. It¶s part of an overall information risk
management program that allows for ongoing
security improvements.
 —ECURITY
—ecurity is the condition of being protected against danger
or loss. In the general sense, security is a concept similar
to safety. In the case of networks the security is also
called the information security. Information security
means protecting information and information systems
from unauthorized access, use, disclosure, disruption,
modification, or destruction. Usually the security is
described in terms of CIA triads.
ÈCONFIDENTIALITY
ÈINTEGRITY
ÈAVAILABILITY
 CONFIDENTIALITY
Confidentiality is the property of preventin disclosure of
information to unauthorized individuals or systems.
This implies that the particular data should be seen only
by the authorized personals. Those persons who is a
passive person should not see those data.
For example in the case of a credit card
transaction, the authorized person should see the credit
card numbers and he should see that data. Nobody
others should see that number because they may use it
for some other activities. Thus the confidentiality is very
important. Confidentiality is necessary for maintaining
the privacy of the people whose personal information a
system holds.
 INTEGRITY
Integrity means that data cannot be modified without
authorization. This means that the data seen by the
authorized persons should be correct or the data should
maintain the property of integrity. With out that integrity the
data is of no use.
Integrity is violated when a computer virus infects a
computer, when an employee is able to modify his own
salary in a payroll database, when an unauthorized user
vandalizes a web site, when someone is able to cast a very
large number of votes in an online poll, and so on. In such
cases the data is modified and then we can say that there is
a breach in the security.
 AVAILABILITY
For any information system to serve its purpose, the
information must be available when it is needed.
Consider the case in which the data should have
integrity and confidentiality. For achieving both these
goals easily we can make those data off line. But then
the data is not available for the user or it is not
available. Hence the data is of no use even if it have all
the other characteristics. This means that the computing
systems used to store and process the information, the
security controls used to protect it, and the
communication channels used to access it must be
functioning correctly.
 NEED FOR —ECURITY
Computer security is required because most
organizations can be damaged by hostile software or
intruders. There may be several forms of damage
which are obviously interrelated which are produced
by the intruders. These include:
Ɣ lose of confidential data
Ɣ damage or destruction of data
Ɣ damage or destruction of computer system
Ɣ loss of reputation of a company
 HACKING
A hacker is a person who is interested in a particular
subject and have an immense knowledge on that subject.
In the world of computers a hacker is a person intensely
interested in the arcane and recondite workings of any
computer operating system. Most often, hackers are
programmers with advance knowledge of operating
systems and programming languages.
Eric Raymond, compiler of ³The New Hacker's
Dictionary´, defines a hacker as a clever programmer.
A "good hack" is a clever solution to a programming
problem and "hacking" is the act of doing it.
Raymond lists five possible characteristics that
qualify one as a hacker, which we paraphrase here:
Ɣ A person who enjoys learning details of a
programming language or system
Ɣ A person who enjoys actually doing the
programming rather than just theorizing about it
Ɣ A person capable of appreciating someone else's
hacking
Ɣ A person who picks up programming quickly
:A person who is an expert at a particular
programming language or system
 TYPE— OF HACKER—
Hackers can be broadly classified on the basis of why
they are hacking system or why the are indulging
hacking. There are mainly three types of hacker on this
basis
Èi





È





È 




Ɣ i






A black hat hackers are individuals with extraordinary

computing skills, resorting to malicious or destructive
activities. That is black hat hackers use their knowledge and
skill for their own personal gains probably by hurting
others. These black hat hackers are also known as crackers.

Ɣ 






White hat hackers are those individuals professing hacker

skills and using them for defensive purposes. This means
that the white hat hackers use their knowledge and skill for
the good of others and for the common good. These white
hat hackers are also called as security analysts.
Ɣ 




These are individuals who work both offensively
and defensively at various times. We cannot predict
their behaviour. —ometimes they use their skills for
the common good while in some other times he
uses them for their personal gains.




 i   |



Due to some reasons hacking is always meant in the bad

sense and hacking means black hat hacking. That¶s the basis
for ethical hacking. —uppose a person or hacker try to hack in
to a system and if he finds a vulnerability. Also suppose that
he reports to the company that there is a vulnerability. Then
the company could make patches for that vulnerability and
hence they could protect themselves from some future
attacks from some black hat hacker who tries to use the same
vulnerability. —o unless some body try to find a vulnerability,
it remains hidden and on someday somebody might find
these vulnerability and exploit them for their own personal
interests. —o this can be done using ethical hacking.
 ETHICAL HACKING
Ethical hackers also should possess very strong
programming and computer networking skills and have
been in the computer and networking business for
several years. Another quality needed for ethical hacker
is to have more drive and patience than most people
since a typical evaluation may require several days of
tedious work that is difficult to automate. —ome
portions of the evaluations must be done outside of
normal working hours to avoid interfering with
production at ³live´ targets or to simulate the timing of
a real attack. When they encounter a system with which
they are unfamiliar, ethical hackers will spend the time
to learn about the system and try to find its weaknesses.



|






An ethical hacker is a person doing ethical hacking that

is he is a security personal who tries to penetrate in to a
network to find if there is some vulnerability in the
system. An ethical hacker will always have the
permission to enter into the target network. An ethical
hacker will first think with a mindset of a hacker who
tries to get in to the system. He will first find out what
an intruder can see or what others can see. Finding these
an ethical hacker will try to get into the system with
those information in whatever method he can. If he
succeeds in penetrating into the system then he will
report to the company with a detailed report about the
particular vulnerability exploiting which he got in to the
system.
 METHODOLOGY OF HACKING
The actual hacking will be a circular one. Once the
hacker completed the five steps then the hacker will
start reconnaissance in that stage and the preceding
stages to get in to the next level.
The various stages in the hacking methodology are
Ɣ Reconnaissance
Ɣ —canning & Enumeration
Ɣ Gaining access
Ɣ Maintaining access
Ɣ Clearing tracks
!




The literal meaning of the word reconnaissance

means a preliminary survey to gain information.
This is also known as foot-printing. This is the first
stage in the methodology of hacking. As given in
the analogy, this is the stage in which the hacker
collects information about the company which the
personal is going to hack. This is one of the pre-
attacking phases. Reconnaissance refers to the
preparatory phase where an attacker learns about
all of the possible attack vectors that can be used in
their plan.
The basic objective of this phase is to make a
methodological mapping of the targets security schema
which results in a unique organization profile with respect
to network and system involved. As we are dealing with the
Internet we can find many information here which we may
not intend to putit publicly.
We have many tools for such purposes
ÈGoogle
ȗamspade
ÈEmail Tracker and Visual Route
  

Google is one of the most famous search engines used

in the Internet. Using some kind of specialized
keywords for searching we can find many such
information that is put in publicly. For example if we
use some keywords like ³for internal use only´ followed
by the targets domain name we may get many such
useful information. —ome times even if the company
actually removed from its site, it sometimes get
preserved in the Google`s caches.
—




—amspade is a simple tool which provides us

information about a particular host. This tool is very
much helpful in finding the addresses, phone
numbers etc. The below figure represents the GUI of
the samspade tool. In the text field in the top left
corner of the window we just need to put the address
of the particular host. Then we can find out various
information available. The information given may be
phone numbers, contact names, IP addresses , email
ids, address range etc.
|






!

We often used to receive many spam messages in

our mail box. We don`t know where it comes from.
Email tracker is a software which helps us to find
from which server does the mail actually came
from. Evey message we receive will have a header
associated with it. The email tracker use this header
information for find the location.
The below figure shows the GUI of the
email tracker software. One of the options in the
email tracker is to import the mail header. In this
software we just need to import the mails header to
it. Then the software finds from which area does
that mail come from.


!
we can use another tool visual route to pinpoint the actual
location of the server. The option of connecting to visual
route is available in the email tracker. Visual route is a tool
which displays the location a particular server with the help
of IP addresses.
The below figure depicts the GUI of the visual route
tool. The visual route GUI have a world map drawn to it.
The software will locate the position of the server
in that world map.
 —

| 



—canning is the second phase in the hacking

methodology in which the hacker tries to make a blue
print of the target network. It is similar to a thief going
through your neighborhood and checking every door
and window on each house to see which ones are open
and which ones are locked. The blue print includes the
ip addresses of
the target network which are live, the services which
are running on those system and
so on. There are different tools used for scanning are
ÈWar Dialing
ÈPingers
ȗuper —can
ÈNmap

 




The war dialers is a hacking tool which is now illegal and

easier to find out. War dialing is the practice of dialing all the
phone numbers in a range in order to find those that will
answer with a modem. Earlier the companies used to use dial
in modems to which their employees can dial in to the
network. Just a phone number is enough in such cases. War
dialing software makes use of this vulnerability. A war dialer is
a computer program used to identify the phone numbers that
can successfully make a connection with a computer modem.
The program automatically dials a defined range of phone
numbers and logs and enters in a database those numbers that
successfully connect to the modem.
„


Pingers and yet another category of scanning tools which

makes use of the Internet Control Message Protocol(ICMP)
packets for scanning. The ICMP is actually used to know if a
particular system is alive or not. Pingers using this principle
send ICMP packets to all host in a given range if the
acknowledgment comes back we can make out that the
system is live. Pingers are automated software which sends
the ICMP packets to different machines and checking their
responses. But most of the firewalls today blocks ICMP and
hence they also cannot be used.
„ —



A port scan is a method used by hackers to determine what

ports are open or in use on a system or network. By using
various tools a hacker can send data to TCP or
UDP ports one at a time. Based on the response received
the port scan utility can determine if that port is in use.
Using this information the hacker can then focus their
attack on the ports that are open and try to exploit any
weaknesses to gain access. Port scanning software, in its
most basic state, simply sends out a request to connect to
the target computer on each port sequentially and makes a
note of which ports responded
or seem open to more in-depth probing.
— —

—uper—can is a powerful TCP port scanner, that includes a

variety of additional networking tools like ping, traceroute,
HTTP HEAD, WHOI— and more. It uses multithreaded and
asynchronous techniques resulting in extremely fast and
versatile scanning.
The below figure show the GUI of the superscan. In
this either we can search a particular host or over a range of
IP addresses. As an output the software will report the host
addresses which are running.



Nmap ("Network Mapper") is a free and open source

utility for network exploration or security auditing. Many
systems and network administrators also find it useful for
tasks such as network inventory, managing service
upgrade schedules, and monitoring host or service
uptime. The figure shows the GUI of the Nmap.
| 



Enumeration is the ability of a hacker to convince some

servers to give them information that is vital to them to
make an attack. By doing this the hacker aims to find
what resources and shares can be found in the system,
what valid user account and user groups are there in the
network, what applications will be there etc. Hackers
may use this also to find another hosts in the entire
network.
 — — |


—ystem hacking can be considered as many steps. First

the hacker will try to get in to the system. Once he get in
to the system the next thing he want will be to increase
his privileges so that he can have more control over the
system. As a normal user the hacker may not be able to
see the confidential details or cannot upload or run the
different hack tools for his own personal interest.
Another way to crack in to a system is by the attacks like
man in the middle attack.
ÈPassword Cracking
ÈLoftcrack
ÈPrivilege Escalation
ÈMetasploit
ÈMan in the Middle Attack
„





There are many methods for cracking the password and

then get in to the system. The simplest method is to
guess the password. But this is a tedious work. But
in order to make this work easier there are many
automated tools for password guessing like legion.
Legion actually have an inbuilt dictionary in it and the
software will automatically. That is the software it self
generates the password using the dictionary and will
check the responses.
Many types of password cracking strategies are
used today by the hackers which are described below.
Ɣ Dictionary cracking

In this type of cracking there will be a list of various words

like the persons children`s name, birthday etc. The
automated software will then make use of these words to
make different combinations of these words and they will
automatically try it to the system.

Ɣ Brute force cracking

This is another type of password cracking which does not

have a list of pre compiled words. In this method the
software will automatically choose all the combinations of
different letters, special characters, symbols etc and try them
automatically. This process is of course very tedious and
time consuming.
Ɣ Hybrid cracking

This is a combination of both dictionary and hybrid

cracking technique. This means that it will first check the
combination of words in it inbuilt dictionary and if all of
them fails it will try brute force.

Ɣ —ocial Engineering

The best and the most common method used to crack the
password is social engineering. In this technique the
hacker will come in direct contact with the user through a
phone call or some way and directly ask for the password
by doing some fraud.



This is a software from @stake which is basically a

password audit tool. This software uses the various
password cracking methodologies. Loftcrack helps the
administrators to find if their users are using an easy
password or not. This is very high profile software
which uses dictionary cracking then brute force
cracking. —ome times it uses the precompiled hashes
called rainbow tables for cracking the passwords.
Loftcrack GUI
„

 




Privilege escalation is the process of raising the privileges

once the hacker get in to the system. That is the hacker may
get in as an ordinary user. And now he tries to increase his
privileges to that of an administrator who can do many
things. There are many types of tools available for this.
There are some tools like getadmin attaches the
user to some kernel routine so that the services run by the
user look like a system routine rather than user initiated
program. The privilege escalation process usually uses the
vulnerabilities present in the host operating system or the
software. There are many tools like hk.exe, metasploit etc.
One such community of hackers is the metasploit.
 
 


Metasploit is actually a community which provides an

online list of vulnerabilities. The hacker can directly
download the vulnerabilities and directly use in the target
system for privilege escalation and other exploits.
Metasploit is a command line tool and is very dangerous as
the whole community of black hat hackers are contributing
their own findings of different vulnerabilities of different
products.


 

 


In the man in the middle attack what a hacker does is

he will tell to the user that he is the server and then tell
the server that I am the client. Now the client will send
packets to the hacker thinking that he is the server and
then the hacker instead of replying forwards a copy of
the actual request to the actual server. The server will
then reply to the hacker which will forward a copy of
the reply to the actual client. Now the client will think
that he got the reply from the server and the server will
think that it replied to the actual client. But actually the
hacker, the man in the middle, also have a copy of the
whole traffic from which he can directly get the needed
data or the password using which he can actually hack
in.







Now the hacker is inside the system by some means by

password guessing or exploiting some of it`s
vulnerabilities. This is analogous to making a small
hidden door in the building so that he can directly enter in
to the building through the door easily. In the network
scenario the hacker will do it by uploading some
softwares like
È Key —troke Loggers
ÈTrojan Horses & Backdoors
È Wrappers
È Elitewrap
Key —troke Loggers

Key stroke loggers are actually tools which record every

movement of the keys in the keyboard. There are
software and hardware keystroke loggers the directly
records the movement of keys directly. For maintaining
access and privilege escalation the hacker who is now
inside the target network will upload the keystroke
logging softwares in to the system.
The software keystroke loggers will stay as a
middle man between the keyboard driver and the CPU.
That is all the keystroke details will directly come to the
software so that the tool keeps a copy of them in a log
and forwarding them to the CPU.
Trojan Horses & Backdoors

A Trojan horse is a destructive program that masquerades

as a benign application. Unlike viruses , Trojan horses do
not replicate themselves but they can be just as
destructive. One of the most insidious types of Trojan
horse is a program that claims to rid your computer of
viruses but instead introduces viruses on to your
computer. The term comes from a Greek story of the
Trojan war in which the Greeks fie a giant wooden horse
to their foes, the Trojans, ostensibly as a peace offering.
The hackers will place these Trojan softwares inside the
network and will go out. Then after sometimes when he
come back the Trojan software either authenticate the
hacker as a valid user or opens some other ports for the
hacker to get in. There are many genere of Trojans like
Ɣ password sending/capturing
Ɣ FTP Trojans
Ɣ Keystroke captures Trojans
Ɣ Remote access Trojans
Ɣ Destructive Trojans
Ɣ Denial of —ervice Trojans
Ɣ Proxy Trojans
Wrappers

In the maintaining access phase in the hacking we

usually upload some software in to the system so that for
some needs. In order to keep the softwares and
other data to be hidden from the administrator and other
usual user the hackers usually use wrapper software to
wrap their contents to some pictures, greeting cards etc
so that they seem usual data to the administrators. What
the wrapper softwares actually does is they will place the
malicious data in to the white spaces in the harmless
data.
Elitewrap

This is a very notorious wrapper software. Elitewrap is a

command line tool which wraps one or more Trojans in to
a normal file. After the processing the product will look
like one program while it will contain many softwares.
The speciality of this is that we can even make the
Trojans, packed in to it, to get executed when the user
open that file. For example consider the case in which the
netcat Trojan is packed to a flash greeting card. Now
when the user opens the card, in the background, the
netcat will start working and will start listening to some
ports which will be exploited by the hackers.
  

 


A good hacker can always clear tracks or any record that

they may be present in the network to prove that he was
here. When ever a hacker downloads some file or
installs some software, its log will be stored in the server
logs. —o inorder to erase those the hacker uses man tools.
One such tool is windows resource kit`s
auditpol.exe. This is a command line tool with which the
intruder can easily disable auditing. There are some other
tools like Eslave which directly clears all the event logs
which tell the administrator that some intruder has come in.
Another tool which eliminates any physical evidence is the
evidence eliminator. —ometimes apart from the server logs
some other informations may be stored temporarily. The
Evidence Eliminator deletes all such evidences.
 —

One of the main aim of the seminar is to make others

understand that there are so many tools through which a
hacker can get in to a system. Now we can see what can we
do against hacking or to protect ourselves from hacking.
Ɣ The first thing we should do is to keep ourselves updated
about those softwares we and using for official and reliable
sources.
Ɣ Educate the employees and the users against black hat
hacking.
Ɣ Use every possible security measures like Honey pots,
Intrusion Detection —ystems, Firewalls etc.
Ɣ Every time make our password strong by making it harder
and longer to be cracked.
Ɣ The final and foremost thing should be to try |



 regular intervals.
 !||!||—

ȳhttp://netsecurity.about.com´
ȳhttp://researchweb.watson.ibm.com´
ȳhttp://www.eccouncil.org´
ȳhttp://www.ethicalhacker.net´
ȳhttp://www.infosecinstitute.com´
ȳhttp://searchsecurity.techtarget.com´
``