ETHICAL HACKERS IN DEMAND

WHAT IS HACKING?

What’s the image that comes to your

mind when you hear about “hacker” or
“hacking”?
BEFORE WE START….
WHAT IS HACKING?

Commonly defined in the media as:

“Illegal intrusion into a computer

system without the permission of the
computer owner/user”
MISCONCEPTSIONS

 Most people associate hacking with

breaking the law.
 Assume that everyone who engages in
hacking activities is a criminal
WHAT IS HACKING?

Then what is hacking in its real sense?

HACKER DEFINED

HACKER (Originally, someone who

makes furniture with an Ax.
HACKER

Someone involved in computer

security/insecurity
An enthusiastic home computer hobbyist
 A programmer(ing) culture
that originated in US
academia in the 1960’s -
nowadays closely related
with open source / free
software.
 HACKING

It is more about following the law than

breaking it.
 “the essence of hacking is finding
unintended or overlooked uses for the laws
and properties of a given situation and then
applying them in new and inventive ways to
solve a problem—whatever it may be”
HACKING

Know the difference between a cracker

and a hacker.
HACKING

 Started off – MIT – Late 1950’s

 Tech Model Rail Road club of MIT
 Donated old telephone equipment
 They re-worked & re-created a complex
system that allowed multiple operators to
control different parts of the track by
dialing into the appropriate sections.
HACKING
HACKING

They called this new and inventive use of

telephone equipment hacking
 Later they moved to programming.
 Started writing programs that solved
problems well.
HACKING

 slowly evolved as an informal subculture

that remained intensely focused on
learning and mastering their art.
 They believed that information should be
free and anything that stood in the way of
that freedom should be circumvented
CAN HACKING BE ETHICAL?

 The noun 'hacker' refers to a person who

enjoys learning the details of computer
systems and stretch their capabilities.
CAN HACKING BE ETHICAL?

The verb 'hacking' describes the rapid

development of new programs or the
reverse engineering of already existing
software to make the code better, and
efficient.
CAN HACKING BE ETHICAL?

The term 'cracker' refers to a person who

uses his hacking skills for offensive
purposes.
CAN HACKING BE ETHICAL?

The term 'ethical hacker' refers to

security professionals who apply their
hacking skills for defensive purposes.
 CAN HACKING BE ETHICAL?

 Threat,

 Vulnerability

 Attack

 Exploit

 Target of Evaluation
THREAT

Any potential danger to information or

systems
or

Someone uncovering a vulnerability and

exploiting it
VULNERABILITY

Weakness in a mechanism that can

threaten the confidentiality, integrity, or
availability of an asset.

Lack of countermeasure
ATTACK

 Attack - An assault on system security

that derives from an intelligent threat. An
attack is any action that attempts to or
violates security.
EXPLOIT

Exploit - A defined way to breach the

security of an IT system through
vulnerability.
TARGET OF EVALUATION

Target of Evaluation - An IT system,

product, or component that is
identified/subjected as requiring security
evaluation
VULNERABILITY (EH)

A security weakness in a Target of

Evaluation (e.g. due to failures in analysis,
design, implementation, or operation).
ATTACK TYPES

Attacks can also be categorized as:

Inside attacks,

Outside attacks.
INSIDE ATTACK

 Attack initiated by an entity inside the

security perimeter (an 'insider'), i.e., an
entity that is authorized to access system
resources but uses them in a way not
approved by those the authority
concerned.
OUTSIDE ATTACK

Initiated from outside the perimeter, by an

unauthorized or illegitimate user of the
system (an 'outsider').
SKILL SET REQUIRED
STEPS IN HACKING

 Reconnaissance

 Scanning

 Gaining access

 Maintaining access

 Covering tracks
RECONNAISSSANCE

 This is the phase where the attacker

gathers information about a target using
active or passive means.
SCANNING

In this phase, the attacker begins to probe

the target for vulnerabilities that can be
exploited.
GAINING ACCESS

If vulnerability is detected, the attacker

can exploit it to gain access into the
system.
MAINTAINING ACCESS

Once the attacker gains access, he

usually maintains his access to fulfill the
purpose of his entry.
COVERING TRACKS

 Most attackers attempt to cover their

tracks so that they cannot be detected or
penalized under criminal law.
HACKER CLASSES

Black hats

White Hats

Gray Hats
BLACK HATS

 Individuals with extraordinary computing

skills, resorting to malicious or destructive
activities. Also known as 'Crackers.'
WHITE HATS

Individuals professing hacker skills and

using them for defensive purposes. Also
known as 'Security Analysts'.
GRAY HATS

Individuals who work both offensively and

defensively at various times.
 HACKTIVISM

 Refers to 'hacking with / for a cause'.

Comprises of hackers with a social or

political agenda
Aims at sending across a message through
their hacking activity and gaining visibility
for their cause and themselves.
HACKTIVISM

Common targets include government

agencies, MNCs, or any other entity
perceived as 'bad' or 'wrong' by these
groups / individuals.
It remains a fact however, that gaining
unauthorized access is a crime, no matter
what the intent.
WHAT DO ETHICAL HACKERS
DO?
"If you know the enemy and know yourself,
you need not fear the result of a hundred
battles."
- Sun Tzu, Art of War
 WHAT DO ETHICAL HACKERS
DO?
Ethical hackers tries to answer:
 What can the intruder see on the target
system? (Reconnaissance and Scanning
phase of hacking)
 What can an intruder do with that
information? (Gaining Access and
Maintaining Access phases)
WHAT DO ETHICAL HACKERS
DO?
Does anyone at the target notice the
intruders attempts or success?
(Reconnaissance and Covering Tracks
phases)
 WHAT DO ETHICAL HACKERS
DO?
 If hired by any organization, an ethical
hacker asks the organization what it is
trying to protect, against whom and what
resources it is willing to expend in order to
gain protection.
SKILL PROFILE-ETHICAL
HACKER
 Computer expert adept at technical
domains.
 In-depth knowledge about target
platforms (such as windows, Unix, Linux).
SKILL PROFILE-ETHICAL
HACKER
 Exemplary knowledge in networking and
related hardware / software.
 Knowledgeable about security areas and
related issues - though not necessarily a
security professional.
HOW DO THEY GO ABOUT IT?

 Any security evaluation involves three

components:
 Preparation
 Conduct
 Conclusion
 PREPARATION

In this phase, a formal contract is signed

that contains a non-disclosure clause as
well as a legal clause to protect the ethical
hacker against any prosecution that he
may attract during the conduct phase. The
contract also outlines infrastructure
perimeter, evaluation activities, time
schedules and resources available to him.
CONDUCT

In this phase, the evaluation technical

report is prepared based on testing
potential vulnerabilities.
CONCLUSION

 In this phase, the evaluation technical

report is prepared based on testing
potential vulnerabilities.
MODES OF ETHICAL HACKING

Remote network
Remote dial-up network

Local network
Stolen equipment
Social engineering
Physical entry
REMOTE NETWORK

 This mode attempts to simulate an

intruder launch an attack over the Internet.
REMOTE DIAL-UP NETWORK

 This mode attempts to simulate an

intruder launching an attack against the
client's modem pools.
LOCAL NETWORK

 This mode simulates an employee with

legal access gaining unauthorized access
over the local network.
STOLEN EQUIPMENT

This mode simulates theft of a critical

information resource such as a laptop
owned by a strategist, (taken by the client
unaware of its owner and given to the
ethical hacker).
SOCIAL ENGINEERING

This aspect attempts to check the

integrity of the organizations employees.
PHYSICAL ENTRY

 This mode attempts to physically

compromise the organization's ICT
infrastructure
SECURITY TESTING
There are many different forms of security
testing.

Examples include:
 Vulnerability scanning,
 Ethical Hacking, and
 Penetration Testing.
SECURITY TESTING
 Security testing can be conducted using
one of three approaches:
 Black-box
 White-box
 Gray-box
BLACK-BOX
 With no prior knowledge of the
infrastructure to be tested
WHITE-BOX
 With a complete knowledge of the
network infrastructure
GREY-BOX
 Internal Testing is also known as Gray-
box testing
 This examines the extent of access by
insiders within the network.
ELEMENTS OF PEN TESTING
 Three Elements for a Penetration Testing
are:
 People
 Process
 Technology
 Elements should be properly balanced
to get the maximum quality output.
TECHNOLOGY
Pen Testing Tools and Technology
Info Gathering Tools
Network Scanning Tools
Technology implemented at the testing
site.
OS Implemented
Database used
PEN TESTING TEAM

 Consists of generally three teams

 Red Team – Attackers / pen testers

 Blue Team – Defenders

 White Team – Intermediate Team
 RULES OF ENGAGEMENT

Definition: “ROE are detailed guidelines

established before the start of an
information security test that give the test
team authority to conduct the technical and
nontechnical activities defined in the ROE
without additional permission.”
RULES OF ENGAGEMENT

 It is the basis on which the PT is

performed.
 It will serve as a contract between the
customer and the testing agent.
ROE - TEMPLATE

 Introduction
 Purpose

 Scope
 Assumptions and Limitations
 Risks
 Document Structure
ROE - TEMPLATE

Logistics
Personnel

Test Schedule
Test Site
Test Equipment
ROE - TEMPLATE

Communication Strategy
General Communication

Incident Handling and Response

Target System / Network
ROE - TEMPLATE

Testing Execution
Nontechnical Test Components

Technical Test Components

Data Handling
Reporting
Signature Page
 DELIVERABLE
 Ethical Hacking Report
 Details the results of the hacking activity,
matching it against the work schedule
decided prior to the conduct phase.
Vulnerabilities are detailed and avoidance
measures suggested. Usually delivered in
hard copy format for security reasons.
 DELIVERABLE
Issues to consider - Nondisclosure clause
in the legal contract - availing the right
information to the right person), integrity of
the evaluation team, sensitivity of
information.
dmesg
dmesg - print or control the kernel ring
buffer

The dmesg command is used to write the

kernel messages in Linux and other Unix-
like operating systems to standard output
(which by default is the display screen).
FOOTPRINTING

76
FOOTPRINTING

Reconnaissance refers to the preparatory

phase where an attacker seeks to gather
as much information as possible about a
target of evaluation prior to launching an
attack.
FOOTPRINTING
Footprinting is the blueprinting of the
security profile of an organization,
undertaken in a methodological manner.

Footprinting is one of the three pre-attack

phases. The others are scanning and
enumeration.
FOOTPRINTING
Footprinting results in a unique
organization profile with respect to
networks (Internet / Intranet / Extranet /
Wireless) and systems involved.
INFORMATION GATHERING
METHODOLOGY
Unearth initial information
Locate the network range
Ascertain active machines
Discover open ports / access points
Detect operating systems
Uncover services on ports
Map the Network
UNEARTHING INITIAL INFO

Commonly includes:
Domain name lookup

Locations
Contacts (Telephone / mail)
UNEARTHING INITIAL INFO

Information Sources:
Open source

Whois
Nslookup
UNEARTHING INITIAL INFO

 Hacking Tool
 Sam Spade
UNEARTHING INITIAL INFO

 whois
UNEARTHING INITIAL INFO

Nslookup - Program to query Internet

domain name servers. Displays
information that can be used to diagnose
Domain Name System (DNS)
infrastructure.
Helps find additional IP addresses if
authoritative DNS is known from whois.
UNEARTHING INITIAL INFO

 MX record reveals the IP of the mail

server.
 Both Unix and Windows come with a
Nslookup client.
 Third party clients are also available -
E.g. Sam Spade
 LOCATE THE NETWORK RANGE
Commonly includes:
Finding the range of IP addresses
Discerning the subnet mask
Information Sources:
ARIN (American Registry of Internet Numbers)
Traceroute
Hacking Tool:
NeoTrace
Visual Route
LOCATE THE NETWORK RANGE
Hacking Tool:
NeoTrace
Visual Route
LOCATE THE NETWORK RANGE
LOCATE THE NETWORK RANGE
LOCATE THE NETWORK RANGE
WHATROUTE
SAMSPADE
SAMSPADE
 LOCATE THE NETWORK RANGE
Sam Spade: A Multifunction Information Toolkit
Gary C. Kessler

[Link]
[Link]
 ARIN
ARIN allows search on the whois database to
locate information on networks autonomous
system numbers (ASNs), network-related
handles and other related point of contact
(POC).

ARIN whois allows querying the IP address to

help find information on the strategy used for
subnet addressing.
ARIN WHOIS
 TRACEROUTE

Traceroute works by exploiting a feature of the

Internet Protocol called TTL, or Time To Live.
Traceroute reveals the path IP packets travel
between two systems by sending out
consecutive UDP packets with ever-increasing
TTLs .
TRACEROUTE

As each router processes a IP packet, it

decrements the TTL. When the TTL reaches
zero, it sends back a "TTL exceeded" message
(using ICMP) to the originator.
Routers with DNS entries reveal the name of
routers, network affiliation and geographic
location.
 EMAIL TRACKERPRO

[Link]
 EMAIL TRACKERPRO

 Tracking Email Origin - Manually

SCRIPTING

102
UNEARTHING INITIAL INFO

 Find the sub domains of [Link] from

the links available in [Link]
Find the IP address of all sub-domains
obtained from the above step.
Script the above step
UNEARTHING INITIAL INFO

 host [Link]
UNEARTHING INITIAL INFO
UNEARTHING INITIAL INFO
UNEARTHING INITIAL INFO
UNEARTHING INITIAL INFO
UNEARTHING INITIAL INFO

 In this exercise, you will be tasked with

writing a simple bash script which will
identify all live hosts (responding to a ping)
in the [Link]/24 lab network. The
script should take as little time to complete
as possible.
SCANNING

110
OBJECTIVES

 In this exercise, you will be tasked with

writing a simple bash script which will
identify all live hosts (responding to a ping)
in the [Link]/24 lab network. The
script should take as little time to complete
as possible.
thank you !

[Link]
CAN HACKING BE ETHICAL?

The term 'cracker' refers to a person who

uses his hacking skills for offensive
purposes.