Ethical Hacking Techniques
SATYAM KUMAR
University Institute of Computing, Master of Computer Applications (MCA)
Chandigarh University, Mohali, Punjab, INDIA
UID: 21MCA3178, MCA-4A
Abstract— Hacking is an activity in which, a person exploits security is a serious issue that has to be talked about. This is
the weakness in a system for self-profit or gratification. because of the increasing popularity and use of computers,
Ethical hacking is an identical activity which aims to find and access to them was limited to authorized or concerned
rectify the weakness in a system. In the growing era of personnel. But when some users were refused to access the
internet computer security is of utmost concern for the
organizations and government. These organizations are using computer, they would take it personally, and would
Internet in their wide variety of applications such as challenge the access controls. They would steal passwords
electronic commerce, marketing and database access. But at and other information by intruding into the system so as to
the same time, data and network security is a serious issue take control of the entire system. They would do such
that has to be talked about. This paper attempts to discuss the things just to satisfy their ego of not been given the control
overview of hacking and how ethical hacking disturbs the to access the system, or just for fun, or formoney.
security. Also the Ethical Hackers and Malicious Hackers are
different from each other and playing their important roles in
The system administrator would then have to resume and
security. This paper studied the different types of hacking
with its phases. The hacking can also be categorized majorly make repairs to the system. On the other hand, when these
in three categories such as white hat, black hat and grey hat intruders were denied access, they would purposefully take
hacking. This paper also presents a comparison of the hacking destructive actions to harm the organization. When these
categories with different methods of penetration testing. destructive computer intrusions increased in number, they
became noticeable, picked up by the media and became
Keywords— Ethical Hacking, Hackers. “news”. The media instead of calling these intruders as
“computer criminal,” began to call them as “hackers” and
[Link] described them as individuals who intrudes into some
The course starts with proper planning, scoping and recon, others’ computers, may be for fun or revenge, or money.
and then dives deep into scanning, target exploitation, Initially, “hacker” was meant as a compliment, as this
password attacks, and wireless and web apps with detailed person was well verse with computer programming and
hands-on exercises andpractical tips for doing the job safely knowledge, therefore computer security professionals gave
and effectively. You will finish up with an intensive, hands a new term “cracker” or “intruder” for those hackers who
on Capture the Flag exercise in which you'll conduct a used their skills for dark side of hacking.
penetration test against a sample target organization, They conducted a “security evaluation” of the Multics
demonstrating the knowledge you mastered in this course. operating systems fora two-level (secret/top secret) system.
Ethical hacking does perfectly fit into the security life cycle Their evaluation found that while Multics was significantly
(see Fig 1). Ethical hacking is a way of doing a security better than other conventional systems, it also had loopholes
assessment – a current situation (from atechnical point of in hardware, software and procedural security. .The hackers
view) can be checked. Like all other assessments (or performed various penetration tests[4] such as information
audits),an ethical hack is a random sample and passing an gathering, to identify any threat that might damage its
ethical hack doesn’t mean there are no security issues. An integrity.
ethical hack’s results is a detailed report of the findings as Ethical hackers have clear intensions to break computer
well as a testimony that a hacker with a certain amount of security to save the organization from intrusion attacks.
time and skills is or isn’t able to successfully attack a They never reveal the facts and information about the
system or get access to certain information. With the organization. But at any moment of time, if there intensions
growth of internet, computer security is of utmost concern get sidetracked; they would be the one who would harm the
for the organizations and government. These organizations most. This method of recognizing any intrusions into the
are using Internet in their wide variety of applications such network and systems was also used by United States Air
as electronic commerce, marketing and database access. But Force. They conducted a “security evaluation” of the
at the same time, data and network would attempt to Multics operating systems fora two-level (secret/top secret)
break into their systems and would identify, if there are any system. Their evaluation found that while Multics was
intrusion threats. These professionals, termed as “Red significantly better than other conventional systems, it also
teams” or “ethical hackers”, follow same steps and tools as had loopholes in hardware, software and procedural
that of malicious hackers,but the difference is of there security. .The hackers performed various penetration
intensions. tests[4] such as information-gathering, to identify any threat
�that might damage its integrity. malicious one. This is because an ethical hacker would have
to identify and understand the changes done in the network
[Link] HACKING by the malicious hacker.
Hacking is a brainchild of curiosity. As a result of
curiosity, the hacker always wants to know more about III. TYPES OF HACKING/HACKERS
information, depending upon his taste. A hacker is a person The hacking can be classified in three different categories,
who enjoys learning the details of computer systems and according to the shades or colors of the “Hat”. The word
enhances his capabilities. He is a computer enthusiast and Hat has its origin from old western movies where the color
extremely proficient in programming languages, computer of Hero’s’ cap was “White” and the villains’ cap was
systems and networks. Popularly, hackers are referred to “Black”. It may also be said that the lighter the color, the
someone who penetrates into computer network security less is the intension to harm. White Hat Hackers are
systems. It is the hackers who built Internet and make www authorized and paid person by the companies, with good
to work. The operating system UNIX is a gift from hackers intends and moral standing. They are also known as “IT
too. Originally, the term hacking was defined as-“ A person Technicians”. Their job is to safeguard Internet, businesses,
who enjoys learning the details of computer systems and computer networks and systems from crackers. Some
how to stretch their capabilities-as opposed to most users of companies pay IT professionals to attempt to hack their own
computers, who prefer to learn only the minimum amount servers and computers to test their security. They do
necessary. One who programs enthusiastically or who hacking for the benefit of the company. They break security
enjoys programming rather than just theorizing about to test their own security system. The white Hat Hacker is
programming”. also called as an Ethical Hacker[6]. In contrast to White Hat
They does not break into systems without authorization Hackers, the intension of Black Hat Hackers is to harm the
rather they are the experts who safeguard the networks of an computer systems and network. They break the security and
organization. They attack the organizations’ systems to intrude into the network to harm and destroy data in order to
identify any loopholes, if any, in the security, all while make the network unusable. They deface the websites, steal
staying within the legal limits. Ethical hacking[5] is also the data, and breach the security. They crack the programs
known as “Penetration Hacking” or “Intrusion Testing” or and passwords to gain entry in the unauthorized network or
“Red Teaming”. Malicious hacking[2] is the unauthorized system. They do such things for their own personal interest
use of computer and network resources. Malicious hackers like money. They are also known as “Crackers” or
use software programs such as Trojans, malware and Malicious Hackers.
spyware, to gain entry into an organization’s network for
stealing vital information. It may result to identity theft, loss
of confidential data, loss of productivity, use of network
resources such as bandwidth abuse and mail flooding,
unauthorized transactions using credit or debit card
numbers, selling of user’s personal details such as phone
numbers, addresses, account numbers etc. In general public
view, they are the “Criminals of the Cyber World”, who has
a malicious desire to destroy and harm someone others’
network and data. Malicious Hackers are also known as
“Crackers”. Hackers, be the ethical or malicious, have in Other than white hats and black hats, another form of
depth knowledge of their skills but the only difference that hacking is a Grey Hat. As like in inheritance, some or all
makes them diverse is the intension. properties of the base class/classes are inherited by the
Ethical hackers are very patient. They only demand derived class, similarly a grey hat hacker inherits the
time and persistence to intrude into the system and find the properties of both Black Hat and White Hat. They are the
loopholes in the security. This vital trait of patience can also ones who have ethics. A Grey Hat Hacker gathers
be seen in malicious hacker as he too would keep the information and enters into a computer system to breech the
patience and would monitor the target system for weeks or security, for the purpose of notifying the administrator that
may be for months, and would wait for an opportunity to there are loopholes in the security and the system can be
attack the target. The difference is that an ethical hacker hacked. Then they themselves may offer the remedy. They
would keep patience to test the target against any security are well aware of what is right and what is wrong but
breech while the malicious hacker would keep patience so sometimes act in a negative direction. A Gray Hat may
as to gather information and find an opportunity that is breach the organizations’ computer security, and may
relevant to attack the target system. It may be observed that exploit and deface it. But usually they make changes in the
all techniques and skills employs to both ethical and existing programs that can be repaired. After sometime, it is
malicious hackers. It is only the intension of the hackers that themselves who inform the administrator about the
makes them diverse. An ethical hacker would always use company’s security loopholes. They hack or gain
these techniques and skills to find the weaknesses of the unauthorized entry in the network just for fun and not with
target system and how to deal against any malicious attacks, an intension to harm the Organizations’ network. While
whereas the malicious hacker would always try to use the hacking a system, irrespective of ethical hacking (white hat
techniques and skills to attack the target so as to harm and hacking) or malicious hacking (black hat hacking), the
destroy it for some personal interest like money. It may be hacker has to follow some steps to enter into a computer
said that the ethical hackers’ job is tough as compared to system, which can be discussed as follows.
� IV. HACKING PHASES Phase 5: Evidence Removal: In this phase, the hacker
Hacking Can Be Done By Following These Five Phases. removes and destroys all the evidences and traces of
Phase 1: Reconnaissance Can Be Active Or Passive: In hacking, such as log files or Intrusion Detection System
Passive Reconnaissance[4] The Information is gathered Alarms, so that he could not be caught and traced. This also
regarding the target without Knowledge of targeted saves him from entering into any trial or legality. Now, once
company (Or Individual). It could be done simply by the system is hacked by hacker, there are several testing
Searching Information Of The Target On Internet Or methods available called penetration testing to discover the
Bribing An Employee Of Targeted Company Who Would hackers and crackers.
Reveal And Provide Useful Information To The Hacker.
This Process Is Also Called As “Information Gathering”. In V. TESTING STRATAGIES
This Approach, Hacker Does Not Attack The System Or • External testing strategy. External testing refers to attacks
Network Of The Company To Gather Information. on the organization's network perimeter using procedures
Whereas In Active Reconnaissance, The Hacker Enters Into performed from outside the organization's systems, that is,
The Network To Discover Individual Hosts, Ip Addresses from the Internet or Extranet. This test may be performed
And Network Services. This Process Is Also Called As with non-or full disclosure of the environment in question.
“Rattling The Doorknobs”. In This Method, There Is A The test typically begins with publicly accessible
High Risk Of Being Caught As Compared To Passive information about the client, followed by network
Reconnaissance. enumeration, targeting the company's externally visible
Phase 2: Scanning: In Scanning Phase, The Information servers or devices, such as the domain name server (DNS),
Gathered In Phase 1 Is Used To Examine The Network. e-mail server, Web server or firewall.
Tools LikeDiallers, Port Scanners Etc. Are Being Used by •Internal testing strategy. Internal testing is performed from
the Hacker to Examine the Network So As To Gain Entry in within the organization's technology environment. This test
the Company’s System And Network. mimics an attack on the internal network by a disgruntled
Phase 3: Owning The System: This Is The Real And employee or an authorized visitor having standard access
Actual Hacking Phase. The Hacker Uses The Information privileges. The focus is to understand what could happen if
Discovered In Earlier Two Phases To Attack And Enter the network perimeter were successfully penetrated or what
Into The Local Area Network(Lan, Either Wired Or an authorized user could do to penetrate specific
Wireless), Local Pc Access, Internet Or Offline. This Phase information resources within the organization's network.
Is Also Called As “Owning The System”. The techniques employed are similar in both types of testing
Phase 4: Zombie System: Once the hacker has gained the although the results can vary greatly.
access in the system or network, he maintains that access •Blind testing strategy. A blind testing strategy aims at
for future attacks (or additional attacks), by making changes simulating the actions and procedures of a real hacker. Just
in the system in such a way that other hackers or security like a real hacking attempt, the testing team is provided
personals cannot then enter and access the attacked system. with only limited or no information concerning the
In such a situation, the owned system (mentioned in Phase organization, prior to conducting the test. The penetration
3) is then referred to as “Zombie System”. testing team uses publicly available information (such as
corporate Web site, domain name registry, Internet
discussion board, USENET and other places of information)
to gather information about the target and conduct its
penetration tests. Though blind testing can provide a lot of
information about the organization (so called inside
information) that may have been otherwise unknown, for
example, a blind penetration may uncover such issues as
additional Internet access points, directly connected
networks, publicly available confidential/proprietary
information, etc. But it is more time consuming and
expensive because of the effort required by the testing team
to research the target.
•Double blind testing strategy. A double-blind test is an
extension of the blind testing strategy. In this exercise, the
organization's IT and security staff are not notified or
informed beforehand and are "blind" to the planned testing
activities. Double-blind testing is an important component
of testing, as it can test the organization's security
monitoring and incident identification, escalation and
response procedures. As clear from the objective of this test,
only a few people within the organization are made aware of
the testing. Normally it's only the project manager who
carefully watches the whole exercise to ensure that the
testing procedures and the organization's incident response
procedures can be terminated when the objectives of the test
Fig. 2 Hacking Phases have been achieved.
�•Targeted testing strategy. Targeted testing or the lights
turned-on approach as it is often referred to, involves both
the organization's IT team and the penetration testing team
to carry out the test. There is a clear understanding of the
testing activities and information concerning the target and
the network design. A targeted testing approach may be
more efficient and cost-effective when the objective of the
test is focused more on the technical setting, or on the
design of the network, than on the organization's incident
response and other operational procedures. Unlike blind
testing, a targeted test can be executed in less time and
effort, the only difference being that it may not provide as
complete a picture of an organization's security
vulnerabilities[7] and response capabilities. While there are
several available methodologies for you to choose from, Fig. 4
each penetration tester must have their own methodology Testing Methods involved with types hacking
planned and ready for most effectiveness and to present to According to the table described above, the valid user is a
the client. hacker who has access to every piece of information and
Table 1 data of the organization, using any testing methods as
Comparative Study Of Penetration Testing W.R.T The compared to other two categories of total or outsider user.
Perspectives Semi outsiders have access to data by all methods accept the
physical entry method. The total outsider is involved less as
compared to the other two as they cannot access data using
some methods like remote dial-up network, Local network
and physical entry. This study reveals that a valid user is
boon for organization till his intensions are clear; otherwise
he is the one who can harm the most as he has the access to
every information and data. The semi outsider comes after
the valid user. And the total outsider user is of least concern.
Here are my top five strategies for network pen testing.
A. Test all the things
The chart is prepared based for the categories involved on
In many environments that I’ve worked in, the IT security
the data involved considering the presence as 1 and absence
group is primarily concerned with their most sensitive data
as 0. Also the chart for the testing method as penetration test
stores when it comes to penetration tests. This can create
involves for the category. The chart is shown in Fig.3 and
huge gaps in the vulnerability identification (and
Fig.4
remediation) process that could allow an attacker to easily
Fig. 3 Categories as Total Outsider, Semi-Outsider and
pivot to sensitive systems. Make sure you hit your sensitive
data stores, but pay close attention to the other hosts on
your domain that could be compromised and used to get to
sensitive data stores.
B. Networks, networks, networks
I see network layer protocol issues on almost every network
penetration test. From ARP spoofing (old) to NBNS and
LLMNR[7] spoofing (newer), network issues typically play
a huge role in a penetration test. Most of these issues put an
attacker in a man-in-the-middle position that’s perfect for
capturing credentials (unencrypted and hashes) and relaying
credentials. Additional network issues that should be tested
include VLAN hopping (tag spoofing) and DTP spoofing.
Valid user These issues can grant an attacker access to sensitive
VLANs and/or all of the traffic headed to and from those
VLANs.
C . Brute Force All the Seasons
If you’re testing internally, I can’t stress this enough. Do
routine audits (weekly, monthly, and/or quarterly) of weak
passwords. This can be as simple as doing a quick one
password check (Winter2014), to dumping and cracking
your domain hashes. If you’re going the dump and crack
method, make sure you are taking extra precautions to
protect those hashes during and after cracking. Any users
identified with a weak password should get a friendly
notification email, followed by a forced password reset, if
they don’t change it by the end of the day. If you want to
�incentivize users, inform users of the plan to audit this journal.
passwords and have some small prize for users that are on
the good list. REFERENCES
Interested in building your own cracking system for internal [1]. Agarwal, Ankit Kumar, Hacking : Research paper, online
password auditing? Come see Eric Gruber and me at our [Link] /hacking-a-research-paper/ (visited on
may 2012)
“GPU Cracking, On the Cheap” talk on Wednesday (9:45 [2]. Wilhelm, Douglas. "2". Professional Penetration [Link]
AM). Press. p. [Link] 978-1-59749-425-0
D. Automated Scanners – Trust, but Verify You can [3]. Moore, Robert (2006). Cybercrime: Investigating High-Technology
typically trust (most) automated scanners, but they can be Computer Crime (1st ed.). Cincinnati, Ohio: Anderson Publishing.
ISBN 978-1-59345-303-9
filled with false positives. Even worse, they may cause you [4]. EC-Council (n.d.). Ethical Hacking and Countermeasures, online
to miss critical (entry point) vulnerabilities that show up in [Link] ipdf/[Link] (visited on may
the lower severities. Take memcached for instance. The 2012)
Nessus plugin[4] shows up as a medium, however I’ve seen [5]. Ethical Hacking Basics Class part , online
[Link] [Link]?t=11925 (visited
memcached store database and local administrator on may 2012)
credentials in cached data. This has resulted in immediate [6]. Palmer, C.C.(2001,April 13). Ethical Hacking. IBM Systems Journal
local administrator access to systems. Do your best to fully Vol. 40 No.3 2001
vet out listening services, even if there’s no scan data [7]. About Effective Penetration Testing Methodology byByeong-Ho
KANG
indicating serious vulnerabilities. E. Check Your Web
Apps
We frequently use web applications as entry points during
internal penetration tests. For external testing, web apps are
an extremely common entry point. Even light testing on
internal apps can expose critical vulnerabilities, like
directory traversal and SQL injection. Making sure you test
your applications along with a network test will help cover
your bases.
CONCLUSION
Hacking[1] has both its benefits and risks. Hackers are very
diverse. They may bankrupt a company or may protect the
data, increasing the revenues for the company. The battle
between the ethical or white hat hackers and the malicious
or black hat hackers is a long war, which has no end. While
ethical hackers[5] help to understand the companies’ their
security needs, the malicious hackers intrudes illegally and
harm the network for their personal [Link] Ethical[5]
and creative hacking is significant in network security, in
order to ensure that the company’s information is well
protected and secure. At the same time it allows the
company to identify, and in turn, to take remedial measures
to rectify the loopholes that exists in the security system,
which may allow a malicious hacker to breach their security
system. They help organizations to understand the present
hidden problems in their servers and corporate network. The
study also reveals that the valid users are the ethical
hackers, till their intensions are clear otherwise they are a
great threat, as they have the access to every piece of
information of the organization, as compare to total and
semi outsiders.
What all depends is the intension of the hacker. It is almost
impossible to fill a gap between ethical and malicious
hacking[5] as human mind cannot be conquered, but security
measures can be tighten.
ACKNOWLEDGMENT
I would like to give special thanks to Dr. Deeksha
Baweja MAM, Assistant Professor in Computer
Applications UIC Department of Chandigarh University
who participated in paper preparation and provided valuable
suggestions in Successful completion of this paper.
Thanks for all my faculty members, students and other
authors who directly or indirectly supported me in writing
