2. Hacking
• Hacking is an act of penetrating computer
systems to gain knowledge about the system
and how it works.
• Hacking is the act of gaining access without
legal authorization to a computer or computer
network or network resources.
5. Ethical Hacking
• Ethical hacking is the use of hacking
knowledge to attempt to enter a network to
find its loopholes and back doors.
• It is often referred to as ‘legalized hacking’
and yes it is indeed legal and can even reap a
lot of profits for highly skilled individuals.
6. Hacker
• Hackers are actually computer enthusiasts who know
a lot about computers and computer networks and
use this knowledge with a criminal intent.
• He is a person who uses his hacking skills and tool
sets for destructive or offensive purposes such as
disseminating viruses or performing DoS attacks to
compromise or bring down systems and networks.
• Hackers are sometimes paid to damage corporate
reputations or steal or reveal credit-card information
7. Types of Hackers
• White hat –
Good guys
Don’t use their skills for illegal purposes
Computer security experts
• Black hat –
Bad guys
Use their skills for illegal purposes
Criminals
8. Types of Hackers
• Script kiddies –
Wannabe hackers
No technical skills
Have no clue about what’s happening in
• Elite hackers –
Usually professionals
Develop new attacks/tools
9. Why perform an ethical hack?
To determine flaws and vulnerabilities
To provide a quantitative metric for evaluating
systems and networks
To measure against pre-established baselines
To determine risk to the organization
To design mitigating controls
10. Skills Required Becoming an Ethical Hacker
Criminal mindset
Thorough knowledge about Computer
programming, Networking and operating
systems. highly targeted platforms (such as
Windows, Unix, and Linux), etc.
Patience, persistence, and immense perseverance
13. Footprinting
Gathering information of target information
Internet Domain name, network
blocks, IP addresses open to
Net, TCP and UDP services
running, ACLs, IDSes
Intranet Protocols (IP,NETBIOS),
internal domain names, etc
Remote access Phone numbers, remote
control, telnet,
authentication
Extranet Connection origination,
destination, type, access
control
14. Scanning
After obtaining a list of network and IP addresses
scanning starts:
ping sweeps (active machines): user pinger in Windows and
nmap in Linux/UNIX. This is an example of pinger.
TCP port scanning (open ports in active machines): SYN
and connect scans work with most hosts. SYN is stealthier
and may not be logged.
In Windows NT use SuperScan and in Linux/UNIX use
nmap. See an example of SuperScan. BUT, hackers use
scripts with binary files, not graphical tools.
14
15. Types of Scanning
Scanning Type Purpose
Port scanning Determines open ports and
services
Network scanning IP addresses
Vulnerability scanning Presence of known
weaknesses
17. Enumeration
• After scanning process and is the process of
gathering and compiling usernames, machine
names, network resources, shares, and
services.
• It also refers to actively querying or
connecting to a target system to acquire this
information.
18. Attack
• SQL injection
• SQL injection is a code injection technique that
exploits a security vulnerability occurring in the
database layer of an application.
• The vulnerability is present when user input is either
incorrectly filtered for string literal escape characters
embedded in SQL statements or user input is not
strongly typed and thereby unexpectedly executed.
19. SQL injection
• During a SQL injection attack, malicious code is
inserted into a web form field or the website’s code to
make a system execute a command shell or other
arbitrary commands.
• Just as a legitimate user enters queries and additions
to the SQL database via a web form, the hacker can
insert commands to the SQL server through the same
web form field.
20. Wireless Hacking Techniques
• Cracking encryption and authentication
mechanism
• Eavesdropping or sniffing
• Denial of Service
• AP masquerading or spoofing
• MAC spoofing
21. Wi-Fi network security
• Use Strong Encryption Protocol
• Don’t Announce Yourself-Disable SSID
• Change Default Administrator Passwords and
Usernames
• Limit Access To Your Access Point
• Do Not Auto-Connect to Open Wi-Fi Networks
• Assign Static IP Addresses to Devices
• Enable Firewalls On Each Computer and the Router
• Position the Router or Access Point Safe
