Sunteți pe pagina 1din 20


Submitted to:Prof.Amruta mam Submitted by:Shruti sabnis(09) Gayathri Shankar(18) Nidhi bhatt (11)



A. B. What is ethical hacking? Who are Ethical hackers?


What are the goals of Ethical hacking? Kinds of testing Hacker classes Uses of ethical hacking Drawbacks of ethical hacking

VII. Example of ethical hacking

XI. Bibiliography



Organizations of all sizes go through great expense and pain to protect their IT systems from attack. They invest in network firewalls, intrusion detection systems, content filtering, endpoint anti-malware, vulnerability and patch management, and many other technologies. Unfortunately its not always easy to see how well all of those efforts are paying off when it comes actually keeping the infrastructure and data secure. Thats where ETHICAL HACKING, also known as Penetration testing, proves helpful

Unlike a vulnerability assessment(process to identify the security holes), which merely scans the network and applications for potential security related flaws, an ethical hacker will poke and prod the infrastructure, employees, and applications just as an adversarial attacker might. However, unlike an attacker, an ethical hacker does the infiltrating with the permission of the organization. And theyll employ all of the same tactics an attacker would (depending on the agreed scope of the test) from social engineering passwords from employees to using exploits that target vulnerabilities.


Ethical hacking can be defined as, methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems operating or controlled environments.

Independent computer security professionals breaking into the computer system.. Neither damage the target systems nor steal information. Evaluate target systems security and report back to owners about the vulnerabilities found.


Traditionally, a Hacker is someone who likes to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work electronically. Ethical hackers are network and computer experts who attack a security system to help the computer system's owners. Ethical hackers (or good guys) protect computers against illicit entry.

Benefit Of Keeping Ethical Hacker

Testing the efficiency of the existing security defenses Verify the effectiveness of employee security awareness training Help determine best areas to invest existing security budget Build security awareness among all technical staff and employees Measure success of existing security services providers Determine whether employees operating within regulatory mandates.

Ethical Hackers but not Criminal Hackers Completely trustworthy. Strong programming and computer networking skills. Learn about the system and trying to find its weaknesses. Techniques of Criminal hackers-Detection-Prevention. Published research papers or released security software. No Ex-hackers.

Modes of ethical hacking Insider attack Outsider attack Stolen equipment attack Physical entry Bypassed authentication attack (wireless access points) Social engineering attack

II. What Are The Goals Of Ethical Hacking?

Identify any and all networks they will test Detail the testing interval Detail the testing process Create their plan and then share it with stakeholders Get the plan approved


Local network. This test simulates an employee or other authorized person who has a legal connection to the organizations network. The primary defenses that must be defeated here are intranet rewalls, internal Web servers, server security measures, and e-mail systems. Stolen laptop computer. In this test, the laptop computer of a key employee, such as an upper-level manager or strategist, is taken by the client without warning and given to the ethical hackers. They examine the computer for passwords stored in dial-up software, corporate information assets, personnel information, and the like. Since many busy users will store their passwords on their machine, it is common for the ethical hackers to be able to use this laptop computer to dial into the corporate intranet with the owners full privileges. Social engineering. This test evaluates the target organizations staff as to whether it would leak information to someone. A typical example of this would be an intruder calling the organizations computer help line and asking for the external telephone numbers of the modem pool. Defending against this kind of attack is the hardest, because people and personalities are involved. Most people are basically helpful, so it seems harmless to tell someone who appears to be lost where the computer room is located, or to let someone into the building who forgot his or her badge. Theonly defense against this is to raise security awareness.

Physical entry. This test acts out a physical penetration of the

organizations building. Special arrangements must be made for this, since security guards or police could become involved if the ethical hackers fail to avoid detection. Once inside the building, it is important that the tester not be detected. One technique is for the tester to carry a document with the target companys logo on it. Such a document could be found by digging through trash cans before the ethical hack or by casually picking up a document from a trash can or desk once the tester is inside. A well defended system should allow an insider to access only the areas and resources that the system administrator has assigned to the insider. TOTAL OUTSIDER SEMI OUTSIDER VALID USERS


Black hats highly skilled, malicious, destructive crackers White hats skills used for defensive security analysts Gray hats offensively and defensively; will hack for different reasons, depends on situation. Hactivism hacking for social and political cause. Ethical hackers determine what hackers can gain access to, what they will do with the information, and can they be detected.


Ethical hacking has a variety of uses on the primary and secondary levels. Primary and secondary uses are basically the questions that ethical hacking answers. These include:-

Do the technical measures put into place in the company adhere to legal requirements? Are any necessary patches up to date, and/or is the firewall correctly configured? Are all promises delivered by the external service provider? Have all necessary and possible security measures been put into place? Is home office access to the company's network adequately secure? Is protection against malicious code, such as denial-of-service tools, Trojans, and viruses, adequate? Are there any illegal installations or are all of the company's systems set up in conformance with the standards?



1. Fighting against terrorism and national security breaches.

2. Having a computer system that prevents malicious hackers from gaining access. 3. Having adequate preventative measures in place to prevent security breaches.


1. The ethical hacker using the knowledge they gain to do malicious hacking activities 2. Allowing the company's financial and banking details to be seen 3. The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on a computer system 4. Massive security breach





In the world of technology, breaking things, or at least attempting to do so, is also an integral part of getting them to work. Many contracts IBM inks with large clients require a security audit, involving an authorized visit to the firm by a team of hackers using agreedupon "rules of engagement." For what Lackey calls a "premium hack," an IBM team might take two weeks to do the job. In the last few years, the surge in use of wireless computer networks has been a particular focus for Lackey and some of his IBM colleagues. Traditional wired local area networks, of the kind probably used in your office, are essentially limited to the computers hooked up to the network. Local wireless networks revolve around access points computers can detect on their own. But since wireless network capabilities are now frequently built into computers, even machines sitting in offices may seek out access points. Lackey and his colleagues will often take access points -- which can be bought in stores -- and set up shop in the parking lot outside a client's headquarters to see how quickly they can penetrate a company's information system. Employees who telecommute or use a laptop computer at a public wireless access point -- in an airport, coffee shop or another location -- can also put valuable company information at risk. Given the existence of an access point, skilled hackers can monitor the flow of packets of information being sent over wireless networks, and, if a computer is not using encryption technology, potentially view the actual data being sent as well. "When you're on a wireless network," says Lackey, "you should just sort of assume that everyone around you, given the will and the technical ability, could look at your packets."


The Importance of Encryption Software Lackey suggests wireless network users can help prevent hackers from looking at their actual data by using layers of encryption and beefing up the security on their individual machines -- something many of them take for granted. Lackey and his IBM colleagues have stories of executives who are unaware their computers can seek wireless networks or of employees who do not even bother to change the default computer password assigned by the manufacturer. In fact, computer security extends beyond the machine itself. Some ethical hackers, if authorized, will also try distinctly low-tech methods of obtaining the same information -like "social engineering," the effort to see if they can obtain valuable data through contact with unwitting employees, and old-fashioned pilfering. "One time, we were auditing this place in Canada, and we literally took these monitors off this desk and walked out the building with them, just to see if anybody would try to stop us," recalls Lackey. "And they didn't." Still, Lackey suggests users of wireless networks should be reassured that wireless hacking can only take place within limited physical boundaries. "In one sense, [wireless] might be more secure, since the only people you're worried about are your neighbors, or people around you at the airport." That matters, because the phenomenon of hacking has changed over the years, from a local hobby to an international business. Nowadays, teenage computer whizzes are less the issue than illegal syndicates. "What we're finding is that it's less of the interested kid who's just sort of poking around anymore, and it's really more organized crime figures, who just want steady income, and they actually go out and hire unethical hackers to do things for them," Lackey says.


No Security Is Perfect The recent use of "phishing," for instance, in which thieves seek bank-account verification data by sending e-mails to unsuspecting victims, is a wired phenomenon. Similarly, the installation of spyware on computers is done remotely, over wired networks. Security consultants recommend consistent upgrades of anti-virus and anti-spyware programs, as well as education about scams, to reduce vulnerability to hacking -- although the threat cannot really be eliminated for good. Indeed, computer security experts do not promise to make any network, wired or wireless, absolutely impenetrable. "There is no 100 percent," asserts Lackey. Instead, the best approach for most computer users is to put up barriers that deter hackers and reduce their financial incentives. In the meantime, illicit hackers, ethical hackers and security researchers will keep battling to gain the upper hand in security. "In one sense it really is just an arms race," says Lackey. "A vulnerability is discovered, we fix it. Then something different comes out. That's just how it all works. Things break, we fix them. Everything gets a little bit better as time goes on."



1. How to Discover New Vulnerabilities
Examination of Source Code

IBM have teams testing their products for security flaws. In these circumstances, the analyst has access to the source code. The company chooses the program like:IBM AIX "swcons" Command Privilege Escalation Vulnerability IBM AIX Privilege Escalation and Remote Code Execution Vulnerabilities IBM AIX "cfgmgr" Privilege Escalation Vulnerability IBM AIX 'errpt' Local Buffer Overflow Vulnerability IBM AIX Multiple Utility Buffer Overflow and Insecure Permissions Vulnerabilities IBM AIX rm_mlcache_file Local Race Condition

Disassemblers and Decompilers

The greatest opportunity for hackers and crackers to find ways to break into computers is with software written by organizations using hazardous programming languages, organizations that do not train their programmers how to write secure code, and organizations that do not test their software for security flaws. Even companies that make efforts to produce secure software can end up shipping products that hide what appears to be an almost infinite number of break-in vulnerabilities.


For larger programs and for additional analysis of programs for which one has the source code or those that have been disassembled, professional teams may find

flaws by running the programs through a "debugger," which operates a program one STEP at a time and allows individuals to view what is in memory at each step

Often, individuals in the CU complain that social communications there can get rather rude and insulting, a reality known as flaming. Flaming is not a rarity, and ad hominem arguments and the circulation of ridiculous gossip are common there. To help protect their self-esteem, therefore, most participants use aliases or monikers to hide their real identities. However, despite this emotionally chaotic environment, which often breaks the usual rules for brainstorming and maintaining harmonious environments, those in the Computer Underground do tend to make many creative discoveries and to write many exploits. Also, although hackers in the CU claim that their social environment is relatively free from race and gender biases, many women there have admitted that they feel the environment can be especially unkind to them. This unkindness is probably due to hostility that goes far beyond saying impolite things.

3.. RECONNAISSANCE It is one thing to know that certain vulnerabilities exist, but knowing exactly under what conditions vulnerabilities may translate into an opportunity for someone to break into a computer system is nontrivial. Moreover, a properly configured and tweaked Intrusion Detection System (IDS) should notify the network administrator of any scanning being done on the system by outsiders, unless the attacker uses IDS evasion techniques, which require a somewhat more sophisticated approach on the attacker's part. Once alerted to a break-in attempt, most administrators can block the attacker and help authorities to track him or her down. A skillful computer criminal is unlikely to use any of the products just cited. Rather, a skilled attacker uses something more stealthy, such as the nmap port scanner. The port scanner (described at does not tell the

attacker nearly as much good information as a port scanner such as Nessus does. Regardless of the quality of information, what is important to a cracker is that when run in certain modes, a port scanner is less likely to be detected by an IDS. Some attackers will do some "social engineering" reconnaissance of their own by using techniques of the spy trade, such as pretending to be an employee of the target organization or by going through trash bins looking for documentation on the network. Yet others who break into computers do not do any reconnaissance. Instead, they will get an exploit and use it at random, hoping to find vulnerable computers. The logs of almost every IDS show that the overwhelming majority of attacks actually had no possibility of succeeding because the attackers must have done no reconnaissance. The individuals who carelessly attack blindly are known as "script kiddies." Their means of attack is to blindly run programs. Many know next to nothing about how to break into computers and not be detected.

4.. The Attack

After the cracker has detected vulnerabilities in the system he or she has decided to attack, the next step is to carry out the attack. In some cases, the exploit

itself is easy. What follows is an example of an exploit to break into a Windows 2000 Web server and deface its Website. This exploit will work on Windows 2000 Server or Windows Professional, but only if it has not been patched beyond Service Pack 2, and only if it is running IIS or a Personal Web Server that is not patched. Whether the attack on a computer has been carried out in a research lab, in a war game, or as a computer crime, the attacker typically wants to

know whether he, she, or it (in the case of a worm) succeeded. In most cases of attack, the verification analysis is obvious. In the case of worminduced cases of attack, those who unleash the worms often program them to report to an Internet Relay Chat channel or a Web server. More often, the creator of a worm either does not care which computers it broke into, or he or she uses a scanner to detect whether the worm has taken over a computer. Usually this is a Trojan "back door," named after the Trojan horse used by the Greeks to invade the ancient city of Troy. These back doors invite attackers to remotely to take over control of the victimized computer. Many computer break-ins are simply caused by crackers scanning computers for these back doors.


The ethical hackers generate their conclusion on the basis of the exercise carried on. They provide the company of how much safe and secured the companys assests are secured and the chances of being hacked by extranet or intranet. Collection of all discoveries made during evaluation. Specific advice on how to close the vulnerabilities. Testers techniques never revealed.

Delivered directly to an officer of the client organization in hardcopy form. Steps to be followed by clients in future.