|


SUBMITTED BY:
SUBMITTED TO: RICHA CHADHA
Dr S.L.GUPTA ROLL NO 4
Prof USM(KUK) MBA GEN(PREV)
Mrs. REETA
  

K Since the 1980's, the Internet has

vastly grown in popularity and
computer security has become a major
concern for businesses and
governments

KIn a search for ways to reduce the fear and worry of being hacked,
organizations have come to the realization that an effective way to
evaluate security threats is to have independent security exerts
attempt to hack into their computer systems.

KWith the growth of computing and networking in the early 1990's,

computer and network vulnerability studies began to appear outside of
the military organization.
 Ñ | 

  

 Ethical hacking refers to the act of locating weaknesses and

vulnerabilities of computer and information systems by
duplicating the intent and actions of malicious hackers.
 Ethical hacking is also known as penetration testing,
testing, intrusion
testing,, or red teaming.
testing teaming.
 An ethical hacker is a security professional who applies their
hacking skills for defensive purposes on behalf of the owners of
information systems .
 Ñ|| |
Traditionally, a hacker is someone who
likes to tinker with software or
electronic systems. Hackers enjoy
exploring and learning how computer
systems operate. They love discovering
new ways to work electronically.

K An |
,

, also known as a
whitehat hacker,
hacker, or simply a whitehat
whitehat,,
is a security professional who applies
their hacking skills for defensive
purposes on behalf of the owners of
information systems.
| 
|
ÄLOW CHART OÄ ETHICAL HACKING PROCESS

PLANNING

RECONNAISSANCE

ENUMERATION

VULNERABILITY ANALYSIS

EXPLOITATION

ÄINAL ANALYSIS

DELIVERABLES

INTEGRATION
J | | 

 J

 !
 ! 
"
!

 #

 !
 $ 
"%&! 
 

 !

 '

 !
 (  $)!!

 *

 !
 %
"

 +

 !
 $,!

 -

 !
 !$ 
$."
!

 /

 !
 , 
)

 0

 !
  !! $!!

 1
 !
   . 
" 

( 2! !

 J

 !
 $ 
" ,

!
|34|
 |  
K Due to the controversy
surrounding the profession of
ethical hacking, the
International Council of E-
E-
Commerce Consultants (EC-
(EC-
Council) provides a
professional certification for
Certified Ethical Hackers
(CEH)
(CEH)

K In order to obtain
certification, an ethical
hacker must complete a
coursework consisting of 22
modules, which range from 30
minutes to 5 hours or more,
depending on the depth of
the information provided.
 5| |Ñ 
| 

K  .!"

K |
!! !

K 
( "

K 
.! ,
 )   
 6  !
 , "
 |
|4 ||4|
PASSWORD HACKING

NETWORK HACKING

E-MAIL HACKING

WIRELESS HACKING

DoS ATTACKS

INPUT VALIDATION

PRIVACY ATTACKS

IP SPOOÄING

CRYPTOGRAPHY

VIRUSES
 Ñ
Password cracking is the process of recovering secret passwords from
data that has been stored in or transmitted by a computer system. A
common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :

 HASHING
 GUESSING
 DEÄAULT PASSWORDS
 BRUTE ÄORCE
 PHISHING
 | Ñ

K Network Hacking is generally means gathering information about

domain by using tools like Telnet, NslookUp, Ping, Tracert,
Netstat, etc.

K It also includes OS Äingerprinting, Port Scaning and Port

Surfing using various tools.
 |7

All email communications on the internet are possible by two protocols:

J Simple Mail Transfer Protocol (SMTP port-
port-25)
# Post Office Protocol (POP port-
port-110)

E-Mail hacking consists of various techniques as discussed below.

J| 
87 Generally, the path taken by an email while
J| 
87
travelling from sender to receiver can be explained by following
diagram.
  
A denial of service (DoS) attack is an attack that clogs up so much
memory on the target system that it can not serve it's users, or it
causes the target system to crash, reboot, or otherwise deny services
to legitimate users.There are several different kinds of dos attacks
as discussed below:-
below:-

 PING OÄ DEATH

 TEARDROP ATTACK

 LAND ATTACK

 SMURÄ ATTACK
 =

Ñ
 !)$ 9 !
A potentially damaging computer programme capable of reproducing
itself causing great harm to files or other programs without permission
or knowledge of the user. "$!. !!87
!!87
The different types of viruses are as follows-
follows-

 BOOT SECTOR VIRUS

 ÄILE OR PROGRAM
 STEALTH VIRUSES
 POLYMORPHIC VIRUSES
 MACRO VIRUSES
 
  |
)$87 This tool developed by Äyodor is one of the
)$87
best unix and windows based port scanners. This
advanced port scanner has a number of useful
arguments that gives user a lot of control over the
process.

$! 87 A Windows-

 $! 87 Windows-only port scanner, pinger, and
resolver
SuperScan is a free Windows-
Windows-only closed-
closed-source
TCP/UDP port scanner by Äoundstone. It includes a
variety of additional networking tools such as ping,
traceroute, http head, and whois.
 | 

)$87 This tool developed by Äyodor is one of the
)$87
best unix and windows based active os fingerprinting
tool.

 8 7 A passive OS fingerprinting tool. P0f is able

87
to identify the operating system of a target host
simply by examining captured packets even when the
device in question is behind an overzealous packet
firewall.P0f can detect firewall presence, NAT use,
existence of load balancers, and more!
Ñ|
  ,(87 The top password recovery tool for
  ,(87
Windows. This Windows-
Windows-only password recovery tool handles
an enormous variety of tasks. It can recover passwords by
sniffing the network, cracking encrypted passwords using
Dictionary, Brute-
Brute-Äorce and Cryptanalysis attacks,
recording VoIP conversations, decoding scrambled
passwords, revealing password boxes, uncovering cached
passwords and analyzing routing protocols.

$$87 A powerful, flexible, and fast multi-

:

$$87 multi-
platform password hash cracker. John the Ripper is a fast
password cracker, currently available for many flavors of
Unix, DOS, Win32, BeOS, and OpenVMS. Its primary
purpose is to detect weak Unix passwords. It supports
several crypt(3) password hash types which are most
commonly found on various Unix flavors, as well as Kerberos
AÄS and Windows NT/2000/XP LM hashes. Several other
hash types are added with contributed patches.
|  
$ 87 The premier SSL/TLS encryption library. The
$ 87
OpenSSL Project is a collaborative effort to develop a robust,
commercial--grade, full-
commercial full-featured, and open source toolkit
implementing the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-
full-
strength general purpose cryptography library. The project is
managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL toolkit
and its related documentation.

87 An anonymous Internet communication system Tor is a

87
toolset for a wide range of organizations and people that want to
improve their safety and security on the Internet. Using Tor can
help you anonymize web browsing and publishing, instant
messaging, irc, ssh, and other applications that use the TCP
protocol. Tor also provides a platform on which software
developers can build new applications with built-
built-in anonymity,
safety, and privacy features.
|75|