INTRODUCTION
The explosive growth of the Internet has brought many good things: electronic
commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and
new avenues for advertising and information distribution, to name a few. As with most
technological advances, there is also a dark side: criminal hackers. Governments, companies,
and private citizens around the world are anxious to be a part of this revolution, but they are
afraid that some hacker will break into their Web server and replace their logo with pornography,
read their e-mail, steal their credit card number from an on-line shopping site, or implant
software that will secretly transmit their organization's secrets to the open Internet. With these
concerns and others, the ethical hacker can help.
Ethical hacking ,also known as penetration testing or white-hat hacking, involves the
same tools, tricks, and techniques that hackers use, but with one major difference that Ethical
hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical
hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured.
It’s part of an overall information risk management program that allows for ongoing security
improvements. Ethical hacking can also ensure that vendors’ claims about the security of their
products are legitimate.
1.1 Security
Security is the condition of being protected against danger or loss. In the general sense,
security is a concept similar to safety. In the case of networks the security is also called the
information security. Information security means protecting information and information systems
from unauthorized access, use, disclosure, disruption, modification, or destruction. Usually the
security is described in terms of CIA triads. The CIA are the basic principles of security in which
“C” denotes the Confidentiality , “I” represents Integrity and the letter “A” represents the
Availability.
● Confidentiality
Confidentiality is the property of preventing disclosure of information to unauthorized
individuals or systems. This implies that the particular data should be seen only by the authorized
personals. Those persons who is a passive person should not see those data. For example in the
case of a credit card transaction, the authorized person should see the credit card numbers and he
should see that data. Nobody others should see that number because they may use it for some
other activities. Thus the confidentiality is very important. Confidentiality is necessary for
maintaining the privacy of the people whose personal information a system holds.
● Integrity
Integrity means that data cannot be modified without authorization. This means that the
data seen by the authorized persons should be correct or the data should maintain the property of
integrity. With out that integrity the data is of no use. Integrity is violated when a computer virus
infects a computer, when an employee is able to modify his own salary in a payroll database,
when an unauthorized user vandalizes a web site, when someone is able to cast a very large
number of votes in an online poll, and so on. In such cases the data is modified and then we can
say that there is a breach in the security.
● Availability
For any information system to serve its purpose, the information must be available when
it is needed. Consider the case in which the data should have integrity and confidentiality. For
achieving both these goals easily we can make those data off line. But then the data is not
available for the user or it is not available. Hence the data is of no use even if it have all the other
characteristics. This means that the computing systems used to store and process the information,
the security controls used to protect it, and the communication channels used to access it must be
functioning correctly. All these factors are considered to be important since data lacking any of
the above characteristics is useless. Therefore security is described as the CIA trio. Lacking any
one of the CIA means there is a security breach.
1.3 Hackers
administrators would have to restart it or make repairs. Other times, when these intruders were
again denied access once their activities were discovered, they would react with purposefully
destructive actions. When the number of these destructive computer intrusions became
noticeable, due to the visibility of the system or the extent of the damage inflicted, it became
“news” and the news media picked up on the story. Instead of using the more accurate term of
“computer criminal,” the media began using the term “hacker” to describe individuals who break
into computers for fun, revenge, or profit. Since calling someone a “hacker” was originally
meant as a compliment, computer security professionals prefer to use the term “cracker” or
“intruder” for those hackers who turn to the dark side of hacking.
Types of Hackers:
Hackers can be broadly classified on the basis of why they are hacking system or why the
are indulging hacking. There are mainly three types of hacker on this basis
● Black-Hat Hacker
A black hat hackers or crackers are individuals with extraordinary computing skills,
resorting to malicious or destructive activities. That is black hat hackers use their knowledge and
skill for their own personal gains probably by hurting others.
● White-Hat Hacker
White hat hackers are those individuals professing hackerskills and using them for
defensive purposes. This means that the white hat hackers use their knowledge and skill for the
good of others and for the common good.
● Grey-Hat Hackers
These are individuals who work both offensively and defensively at various times. We
cannot predict their behaviour. Sometimes they use their skills for the common good while in
some other times he uses them for their personal gains.
Due to some reasons hacking is always meant in the bad sense and hacking means black hat
hacking. But the question is can hacking be done ethically? The answer is yes because to catch a
thief, think like a thief. That’s the basis for ethical hacking. Suppose a person or hacker try to
hack in to a system and if he finds a vulnerability. Also suppose that he reports to the company
that there is a vulnerability. Then the company could make patches for that vulnerability and
hence they could protect themselves from some future attacks from some black hat hacker who
tries to use the same vulnerability. So unless some body try to find a vulnerability, it remains
hidden and on someday somebody might find these vulnerability and exploit them for their own
personal interests. So this can be done using ethical hacking.
2. ETHICAL HACKING
multiple secure Internet connections, a safe to hold paper documentation from clients, strong
cryptography to protect electronic results, and isolated networks for testing. Ethical hackers also
should possess very strong programming and computer networking skills and have been in the
computer and networking business for several years. Another quality needed for ethical hacker is
to have more drive and patience than most people since a typical evaluation may require several
days of tedious work that is difficult to automate. Some portions of the evaluations must be done
outside of normal working hours to avoid interfering with production at “live” targets or to
simulate the timing of a real attack. When they encounter a system with which they are
unfamiliar, ethical hackers will spend the time to learn about the system and try to find its
weaknesses. Finally, keeping up with the ever-changing world of computer and network security
requires continuous education and review.
2.5 .1 Reconnaissance:
The literal meaning of the word reconnaissance means a preliminary survey to gain
information. This is also known as foot-printing. This is the first stage in the methodology of
hacking. As given in the analogy, this is the stage in which the hacker collects information about
the company which the personal is going to hack. This is one of the pre-attacking phases.
Reconnaissance refers to the preparatory phase where an attacker learns about all of the possible
attack vectors that can be used in their plan.
In this pre-attack phase we will gather as much as information as possible which are publicly
available. The information includes the domain names, locations contact informations etc. The
basic objective of this phase is to make a methodological mapping of the targets security schema
which results in a unique organization profile with respect to network and system involved. As
we are dealing with the Internet we can find many information here which we may not intend to
put it publicly. We have many tools for such purposes. These include tools like samspade, email
tracker, visual route etc. The interesting thing to note is that we can even use the simple googling
as a footprinting tool.
Enumeration:
Enumeration is the ability of a hacker to convince some servers to give them information
that is vital to them to make an attack. By doing this the hacker aims to find what resources and
shares can be found in the system, what valid user account and user groups are there in the
network, what applications will be there etc. Hackers may use this also to find other hosts in the
entire network.
This is the actual hacking phase in which the hacker gains access to the system. The
hacker will make use of all the information he collected in the pre-attacking phases. Usually the
main hindrance to gaining access to a system is the passwords. System hacking can be
considered as many steps. First the hacker will try to get in to the system. Once he get in to the
system the next thing he want will be to increase his privileges so that he can have more control
over the system. As a normal user the hacker may not be able to see the confidential details or
cannot upload or run the different hack tools for his own personal interest. Another way to crack
in to a system is by the attacks like man in the middle attack.
Password Cracking:
There are many methods for cracking the password and then get in to the system. The
simplest method is to guess the password. But this is a tedious work. But in order to make this
work easier there are many automated tools for password guessing like legion. Legion actually
has an inbuilt dictionary in it and the software will automatically. That is the software it self
generates the password using the dictionary and will check the responses.
Techniques used in password cracking are:
1. Dictionary cracking
In this type of cracking there will be a list of various words like the persons children`s
name, birthday etc. The automated software will then make use of these words to make different
combinations of these words and they will automatically try it to the system.
2. Brute force cracking
This is another type of password cracking which does not have a list of pre compiled
words. In this method the software will automatically choose all the combinations of different
letters, special characters, symbols etc and try them automatically. This process is of course very
tedious and time consuming.
3. Hybrid cracking
This is a combination of both dictionary and hybrid cracking technique. This means that
it will first check the combination of words in it inbuilt dictionary and if all of them fails it will
try brute force.
● Social Engineering
The best and the most common method used to crack the password is social engineering.
In this technique the hacker will come in direct contact with the user through a phone call or
some way and directly ask for the password by doing some fraud.
Privilege escalation
Privilege escalation is the process of raising the privileges once the hacker gets in to the
system. That is the hacker may get in as an ordinary user. And now he tries to increase his
privileges to that of an administrator who can do many things. There are many types of tools
available for this. There are some tools like getadmin attaches the user to some kernel routine so
that the services run by the user look like a system routine rather than user initiated program. The
privilege escalation process usually uses the vulnerabilities present in the host operating system
or the software. There are many tools like hk.exe, metasploit etc. One such community of
hackers is the metasploit.
card, in the background, the netcat will start working and will start listening to some ports which
will be exploited by the hackers.
Auditpol
One such tool is windows resource kit’s auditpol.exe. This is a command line tool with
which the intruder can easily disable auditing. Another tool which eliminates any physical
evidence is the evidence eliminator. Sometimes apart from the server logs some other in
formations may be stored temporarily. The Evidence Eliminator deletes all such evidences.
Winzapper
This is another tool which is used for clearing the tracks. This tool will make a copy of
the log and allows the hackers to edit it. Using this tool the hacker just need to select those logs
to be deleted. Then after the server is rebooted the logs will be deleted.
3. Reporting
Assess your results to see what you uncovered, assuming that the vulnerabilities haven’t
been made obvious before now. This is where knowledge counts. Evaluating the results and
correlating the specific vulnerabilities discovered is a skill that gets better with experience.
You’ll end up knowing your systems as well as anyone else. This makes the evaluation process
much simpler moving forward. Submit a formal report to upper management or to your
customer, outlining your results
Ethical hacking nowadays is the backbone of network security. Each day its relevance is
increasing,the major pros & cons of ethical hacking are given below:
Advantages
To catch a thief you have to think like a thief”
Helps in closing the open holes in the system network
Provides security to banking and financial establishments
Prevents website defacements
An evolving technique Disadvantages
All depends upon the trustworthiness of the ethical hacker
Hiring professionals is expensive.
Future enhancements:
More enhanced softwares should be used for optimum protection. Tools used, need to be
updated regularly and more efficient ones need to be developed
5.1 Samspade
Samspade is a simple tool which provides us information about a particular host. This
tool is very much helpful in finding the addresses, phone numbers etc. The fig 2.1 represents the
GUI of the samspade tool. In the text field in the top left corner of the window we just need to
put the address of the particular host. Then we can find out various information available. The
information given may be phone numbers, contact names, IP addresses , email ids, address range
etc. We may think that what is the benefit of getting the phone numbers, email ids, addresses etc.
But one of the best way to get information about a company is to just pick up the phone and ask
the details. Thus we can much information in just one click.
5.5 Pingers
Pingers and yet another category of scanning tools which makes use of the Internet
Control Message Protocol(ICMP) packets for scanning. The ICMP is actually used to know if a
particular system is alive or not. Pingers using this principle send ICMP packets to all host in a
given range if the acknowledgment comes back we can make out that the system is live. Pingers
are automated software which sends the ICMP packets to different machines and checking their
responses. But most of the firewalls today blocks ICMP and hence they also cannot be used.
stealth mode. Strobing limits the ports to a smaller target set rather than blanket scanning all
65536 ports. Stealth scanning uses techniques such as slowing the scan. By scanning the ports
over a much longer period of time you reduce the chance that the target will trigger an alert.
5.8. Nmap
Nmap ("Network Mapper") is a free and open source utility for network exploration or
security auditing. Many systems and network administrators also find it useful for tasks such as
network inventory, managing service upgrade schedules, and monitoring host or service uptime.
The fig 2.5 shows the GUI of the Nmap.
output we get the hosts which are live, the services which are running etc. It can even detect the
version of the operating system making use of the fact that different operating systems react
differently to the same packets as they use their own protocol stacks.
5.9 Loftcrack
This is a software from @stake which is basically a password audit tool. This software
uses the various password cracking methodologies. Loftcrack helps the administrators to find if
their users are using an easy password or not. This is very high profile software which uses
dictionary cracking then brute force cracking. Some times it uses the precompiled hashes called
rainbow tables for cracking the passwords.
5.10 Metasploit
Metasploit is actually a community which provides an online list of vulnerabilities. The
hacker can directly download the vulnerabilities and directly use in the target system for
privilege escalation and other exploits. Metasploit is a command line tool and is very dangerous
as the whole community of black hat hackers are contributing their own findings of different
vulnerabilities of different products.
CONCLUSION
One of the main aim of the seminar is to make others understand that there are so many
tools through which a hacker can get in to a system. There are many reasons for everybody
should understand about this basics. Lets check its various needs from various perspectives.
● Student
A student should understand that no software is made with zero vulnerabilities. So while
they are studying they should study the various possibilities and should study how to prevent that
because they are the professionals of tomorrow.
● Professionals
Professionals should understand that business is directly related to security. So they
should make new software with vulnerabilities as less as possible. If they are not aware of these
then they wont be cautious enough in security matters.
● Users
The software is meant for the use of its users. Even if the software menders make the
software with high security options with out the help of users it can never be successful. Its like a
highly secured building with all doors open carelessly by the insiders. So users must also be
aware of such possibilities of hacking so that they could be more cautious in their activities. In
the preceding sections we saw the methodology of hacking, why should we aware of hacking and
some tools which a hacker may use. Now we can see what can we do against hacking or to
protect ourselves from hacking.
● The first thing we should do is to keep ourselves updated about those softwares we and using
for official and reliable sources.
● Educate the employees and the users against black hat hacking.
● Use every possible security measures like Honey pots, Intrusion Detection Systems, Firewalls
etc.
● Every time make our password strong by making it harder and longer to be cracked.
● The final and foremost thing should be to try ETHICAL HACKING at regular intervals.
REFERENCES
1. http://netsecurity.about.com
2. http://researchweb.watson.ibm.com
3. http://www.eccouncil.org
4. http://www.ethicalhacker.net
5. http://www.infosecinstitute.com
6. http://searchsecurity.techtarget.com
7. http://www.blackhat.com
8. http://www.astalavista.com
9. http://www.cert.org
10. http://www.neohapsis.com
11. http://packetstormsecurity.org
12. http://www.securityfocus.com
13. http://www.securitydocs.com
14. http://www.foundstone.com