Anda di halaman 1dari 10

Hacking and security

BECOME BEST ETHICALL HACKER? RHEL+NETWORKING+ADVANCE SECURITY WHAT IS PENETRATION TESTTIN? It is a method of evaluating the security of on information system or network by attack from a malicious source.j What is hacking? Hacki is the process to bypass security mechanism of information system or network.hacking is step by creative thinking and using different tool ata a one time. NOTE :- WHEN WE THINK OF HACKER IT COMES TO MIND THAT THE PERSON WOULD BE CRIMINAL .BUT ACTUALLY THEY SHOULD NOT BE LOOKED IN THIS WAY.OPERATING SYSTEM UNIX AND LINUX ARE ACTUALLY DEVELOPED BY HACKERS.HACKERS ARE ACTUALLY GOOD AND EXTREMELY INTELLIGENT PEOPLE .WHO BY USING THERE KNOWLEDGE. SO HACKERS ARE COMPTER EXPERT WHI SPEND AMOUNT OF TIME TRYING TO SECURITY OF NETWORKS,WEB SERVER AND EMAIL SERVERS, TOP HACKERS IN THE WORLD

KEVIN MITNICK

JANATHAN JAMES ADRIAN LAMO DAVID SMITH LINUX TORVALDS JOHN PERRY
Friends so many advance software and application was developed day by day but still even why hacker can do hacking? Vulnerability + exploit= hacking WHAT IS VULNERABILITY AND EXPLOIT? EVERY HUMAN BEING HAS SOME WEAKNESS POINT LIKE ALCOHOL,LOVE,CIGARATE ETC THIS IS VULNERABILITY AND IF ANY PEOPLE KILL THIS WITH THE HELP OF THEIR WEAKNESS {LOVE} THIS ACTION IS CALLED AS EXPLOIT. SAME AS COMPUTER TODAYS COMPUTER SOFTWARE IS VERRY COMPLEX.COMPRISED OF THOUSOUNDS OF LINES CODE.SINCE SOFTWARE IS WRITTEN BY HUMANS .IT IS HARDLY SURPRISING THAT THEY CONTAIN PROGRAMMING MISTAKES KNOWN AS VULNERABILITY . AND THIS LOOPHOOLES ARE USED BY HACKERS TO BREAK INTO SYSTEMS THEY ARE ALSO MALICIOUS PROGRAMMER SOFTWARE CALLED AS EXPLOIT. What hacker can do?

Hacker can enter any government or private system to get alll the information without there knowledge . hacker can break any government employ email id or email password. hacker can hack credit card ,bank account and social engineering paypale site. hacker can call anyone and show any no. with untracable. hacker can enter any computer with the help of remote software.

how to hacker hide there physicall location why any security expert can not trace him when he try to hack system with the help of internet. every device connectted to the internet is assigned number known as internet protocal (ip) address .ip address consist of four no. separatted by periods something like 127.0.0.1 these no. are usually assign to internet service provider (isp).an ip addresss can offen to be used to identify the region or country from which a computer is connectted to the internet and ip address sometimes be used to show the users general location.
so hacker hide own ip address so this is not easy to findout general location from any computer forensic investigator or governement cyber security expert. Why Companies and government Need Ethical Hacking and Better Cyber Security?

One of the most important reasons for ethical hacking is for security purposes. How can a company know just how safe their in house network is against truly damaging hacking? A company can hire a cyber security experts that will hack into the network and find the insecure areas so that the company can take the necessary steps to make sure they become more secure. Checking for security leaks covers two distinct areas. These are threats from actual hacking into employee or customer files and leaks that allow in viruses that can shut down an entire network in just minutes. Both of these leaks can cost a company a great deal of money, so this is a very important service. Typically the individuals performing these tasks are knowledgeable in cyber security and trained as ethical hackers.
Types of hacker Black hat hacker Good technical skills Involved in malicious or illegall activites White hat hacker Used knowledge and skill only defensive purpose Gray hat hacker Individual who work both side ethicall and malicious.

MALICIOUS HACKER PROCEDURE


Information gathering

(website name with ip address,owner email id,admin information,o.s)

Scanning (network scanning,port scanning,vulnerability scanning)

Gaining access ((os ,application,software)

Maintanning access (upgrading,downloading,programs or data)

Covering tracks

What does ethicall hacker do?

AS ETHICALL HACKER Fallow same technique and methodologies as a malicious hacker the found vulnerability of security flaws are either reportted or fixed.this is also called penetration testing.
Skill of ethicall hacker In depth knowledge about security target platforms Knowledge about networking and software Computer security

networking:-

one com. Can communicate to antother comuter for the purpoise of sharring data. Port :-port is mediam for communiocation between 2 computers. Every service on a host is identify by unique no. called as port. Ftp 21 telnet 23 ssh 22 http 80 smtp 25 pop3 110 imap 143 https 443 imaps 993 pop3s 995 note:tcp and udp are two protocol that make up the tcp/ip protocol which is used universily to communicate on the internet..

mac:mac is 48 bit hexadecimal no. which is unique indentifier asssigned to (nic) by the manafacture for indetification it is combination of CID or PID called as physicall address or harware address. Note:-statics vs dynamic static or dynamic ip address is not type of ip address they are method of assigned ip address toi machine. Ex:-linux.org static ip address is 192.168.196.48 a dynammic ip address ids different way assigned ip addresss .a dynamic ip address is always assigned by dhcp server (isp)

class of ip address
IP addresses are divided into five IP classes:

IP address class A IP address class B IP address class C IP address class D IP address class E

All IP addresses are placed in a particular class based on the decimal values of their first octets. In the first octet, an IP address can start with a decimal value between 1 and 255. IP class A addresses have first octets with a decimal number from 1 to 127. Example: 27.x.y.z 102.x.y.z IP class B addresses have first octets with a decimal number from 128 to 191.Example: 128.x.y.z 151.x.y.z IP class C addresses have first octets with a decimal number from 192 to 223.Example: 192.x.y.z 223.x.y.z IP class D addresses have decimal values from 224 to 239 in the first octet, and the 4 leftmost bits are

1110.Example: 224.x.y.z 239.x.y.z The last IP address class of addresses is IP class E. IP class E addresses range from 240 to 255 in the first octet, and the 4 leftmost bits are 1111. Example: 240.x.y.z 255.x.y.z The system of IP class addresses has been set up to help ensure assignment of unique IP addresses. DHCP discover, DHCP offer, DHCP request, and DHCP acknowledgment are are four steps in getting an IP address from a DHCP server.

NOITE 127.0.0.1 it is looback ip address (default ip address) 255 is broadcast ip address.(security way)\ netbios name:-a name identified ip address netbios name are identifier particulor web site domain name..(www.google.com) difference between intranet and internet the internet is global system interconnection computer network that used the standard internet protocol suite (tcp/ip) to surfing billion of users worldwide. The intranet is private computer network that used internet protocol technologies to security share any part of organisation information or network operating system withing organisation...

DHCP :-dynamic host configuration protocol is network protocol that enables a server to automatically assign ip address to computer. Arp :-address resolutoion protocol arp protocol depend network layer 3 is used resolve ip address to mac address.. ICMP:-internet control message protocol is one of the core protocols of the internet it is used by o.s of network computers to send error messages..

FTP:-file standard protocol is standard network protocol used to copy a file from one host to another over tcp/ip based network ftp built client structure architecture.. TELNET:- telnet is network protocol that used to connect client to server for remote monitorring.. telnet is not secure as compare to ssh service.. SMTP:-simple mail transfer protocol is internet standard protocol to used sending email.. pop :-post office protocol that used received application on the internet.. http:-hypertext transper protocol is networking protocol .http is foundation of data communication for the world wide web.. virus:-virus is harmfull program that can be damage your computer.. firewall:-windows and linux computer can attacks in many ways and dont depend on antivirus ,so firewall know what kind of communicate allowed or not.. two types of firewall 1.hardware firewall 2.software firtewall

some inportant practicals view all tcp/ip connection using netstat commnad cmd-netstat (to show all active connection) cmd-netstat -e (to show computer received or sent packets) cmd-netstat -r (to show all nic card mac address or routting tables)

netstat -s (to show all ip sent,error,received,etc) netstat -a (to show all tcp/udp port address)

ARP address resolution protocol to find out ip to mac address...(ie resolving)

show domain name to ip addres using nslookup command c:>nslookup www.google.com 256.23.198.12 show ur own computer ip address. C:>Netstst -n define :port scanning a port scanner is piece of software design to search a network host for open port .hackers identify the service on a host with the view of information.

Anda mungkin juga menyukai