Ethical Hacking Techniques
Ethical Hacking Techniques
https://doi.org/10.22214/ijraset.2022.45047
International Journal for Research in Applied Science & Engineering Technology (IJRASET)
ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 7.538
Volume 10 Issue VI June 2022- Available at www.ijraset.com
Abstract: The term ‘Hacker’ was defined to describe experts who utilize their skills to re-develop mainframe systems, increasing
their capability and allowing them to multi-task. Nowadays, the term commonly describes skilled programmers who gain
unauthorized access into computer systems by exploiting weaknesses or by using bugs, motivated either by malice or mischief.
For example, a hacker can produce algorithms to crack passwords, penetrate networks, or even disrupt network services.
The number one cause of malicious/unethical hacking entails stealing precious records or monetary advantage. However, now
no longer all hacking is dreadful. This brings us to another type of hacking: Ethical hacking
Keywords: Ethical Hacking, hacker, authorized, system, hacking, secure, passwords, Access, vulnerabilities
I. INTRODUCTION
Ethical Hacking is a licensed practice of bypassing system security to identify potential data breaches and threats in a network. The
company that owns the system or network allows Cyber Security Engineers to perform such exercises in order to test the system’s
defenses. Thus, unlike malicious hacking, this process is planned, accepted, and especially, legal.
Ethical Hackers intention to analyze the device or community for vulnerable factors that malicious hackers can take advantage of or
damage. They bear in mind and accumulate the records to parent out approaches to reinforce the safety of the
system/device/network/applications. By doing so, they could enhance the safety footprint in order that it may higher resist assaults,
attacks or divert them.
Ethical hackers are hired by the organizations to look into the vulnerabilities of their systems and networks and develop solutions to
prevent data breaches. Consider it a high-tech permutation of the old saying “It takes a thief to trap a thief.”
©IJRASET: All Rights are Reserved | SJ Impact Factor 7.538 | ISRA Journal Impact Factor 7.894 | 5078
International Journal for Research in Applied Science & Engineering Technology (IJRASET)
ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 7.538
Volume 10 Issue VI June 2022- Available at www.ijraset.com
G. Script Kiddie
A script kiddie is a non-professional who breaks into computer systems by using pre-packaged automated tools written by others,
usually with little understanding of the underlying concept, subsequently the term Kiddie is used to describe them.
H. Neophyte
A neophyte, "n00b", or "newbie" or "Green Hat Hacker" is a person who’s new to hacking or phreaking and has nearly no
knowledge, information or experience of the workings of technology and hacking.
I. Hacktivist
A hacktivist is a hacker who makes use of technology to announce a social, ideological, religious, or political message. In general,
maximum hacktivism involves website defacement or denial of-service attacks.
©IJRASET: All Rights are Reserved | SJ Impact Factor 7.538 | ISRA Journal Impact Factor 7.894 | 5079
International Journal for Research in Applied Science & Engineering Technology (IJRASET)
ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 7.538
Volume 10 Issue VI June 2022- Available at www.ijraset.com
Nmap analyses raw IP packets to detect which hosts are available on the network.–
What hosts are there on the network,
What services those hosts are offering,
What operating systems they are running on,
What type of firewalls are in use, and other such essentials.
Nmap is compatible with various computer operating systems which includes Windows, Mac OS X, and Linux.
B. Metasploit
Metasploit is one of the most powerful exploit tools. It is a product of Rapid7 and most of its resources can be found at:
www.metasploit.com. It is available in two editions: commercial and free. It can be used with either a command prompt or a web
interface.
C. Burp Suit
Burp Suite is a famous platform which is extensively used for performing security testing of web applications. It offers a number of
tools that work together to support the whole testing process, from primary mapping and monitoring of an application's attack
surface through identifying and exploiting security vulnerabilities.
It is very easy to use and provides the administrators full control to combine advanced manual techniques with automation for
efficient testing. It can be easily configured and it also contains features to assist even the maximum experienced testers with their
work.
D. Angry IP Scanner
Angry IP scanner is a cross-platform, lightweight IP address and port scanner. It can scan any IP address range. It is free to copy
and use anywhere. It employs in order to boost scanning speed multithreaded approach, wherein a different scanning thread is
created for each scanned IP address.
It simply pings each IP address to check if it’s alive, and then, it resolves its hostname, determines the MAC address, scans ports,
etc. The amount of gathered data or information about each host can be saved to TXT, XML, CSV, or IP-Port list files. With the
help of plugins, it can gather any information about scanned IPs.
E. Etter Cap
Ettercap stands for Ethernet Capture. It is a network security tool that detects Man-in-the-Middle attacks. It includes live connection
sniffing, on-the-fly content screening, and a slew of other intriguing gimmicks. It has built in features for network and host
evaluation. Many methods can be dissected both actively and passively.
F. WebInspect
WebInspect is a web application security assessment tool that aids in the identification of known and unknown vulnerabilities in the
Web application layer. It may also assist in ensuring that a Web server is correctly setup, as well as attempting common web attacks
such as parameter injection, cross-site scripting, directory traversal, and others.
©IJRASET: All Rights are Reserved | SJ Impact Factor 7.538 | ISRA Journal Impact Factor 7.894 | 5080
International Journal for Research in Applied Science & Engineering Technology (IJRASET)
ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 7.538
Volume 10 Issue VI June 2022- Available at www.ijraset.com
H. LC4
LC4 was known as L0phtCrack. It’s a password auditing and recovery application. It is used to test the strength of passwords and, in
certain cases, to recover lost passwords. Microsoft Windows passwords, by using dictionary, brute-force, and hybrid attacks. It
recovers Windows user account passwords to streamline migration of users to another authentication device or to access accounts
whose passwords are lost.
I. QualysGuard
QualysGuard is an integrated suite of technologies that may be used to simplify security operations and reduce compliance costs. It
automates the whole spectrum of audits, compliance, and protection for IT systems and web applications and delivers essential
security intelligence on demand. It comes with a set of tools for monitoring, detecting, and protecting your worldwide network
J. EtherPeek
EtherPeek is a fantastic tool for simplifying network investigation in a multiprotocol heterogeneous network environment.
EtherPeek is a lightweight tool (less than 2 MB) tool that may be installed in a matter of minutes.
EtherPeek dynamically sniffs network communication packets. It supports AppleTalk, IP, IP Address Resolution Protocol (ARP),
NetWare, TCP, UDP, NetBEUI, and NBT packets by default.
K. Network Stumbler
Network stumbler is a WiFi scanner and monitoring application for Windows. It permits network professionals to detect WLANs. It
is extensively used by networking enthusiasts and hackers since it assists in the discovery of non-broadcasting wireless networks.
It can be used to determine whether a network is properly configured, the signal strength or coverage of a network, and to detect
interference between one or more wireless networks. It can also be used to connect to non-authorized networks.
L. ToneLoc
ToneLoc stands for Tone Locator. It was a popular war dialling computer program written for MS-DOS in the early 90’s. "War
dialling" is a technique that involves using a modem to automatically scan a list of phone numbers, typically dialling every number
in a local area code. Malicious hackers utilise the generated lists to compromise computer security, such as guessing user passwords
or locating modems that could give an entry point into computer or other electronic systems. Security staff can use it to detect
unauthorised devices on a company's telephone network.
A. Reconnaissance
Reconnaissance is the stage in which an attacker obtains knowledge about a target through active or passive means. NMAP,
Maltego, and Google Dorks are some of the tools commonly utilized in this procedure.
B. Scanning
During this stage, the attacker actively probes a target system or network for weaknesses that can be exploited. Nessus, Nexpose,
and NMAP are the tools utilised in this approach.
C. Gaining Access
The vulnerability is discovered during this procedure, and you attempt to exploit it in order to get access to the machine. Metasploit
is the major tool utilized in this process.
D. Maintaining Access
It is the method through which a hacker gains access to a system. After getting access, the hacker instals several backdoors in order
to enter the system in the future if he requires access to this owned machine. In this approach, Metasploit is the ideal tool.
©IJRASET: All Rights are Reserved | SJ Impact Factor 7.538 | ISRA Journal Impact Factor 7.894 | 5081
International Journal for Research in Applied Science & Engineering Technology (IJRASET)
ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 7.538
Volume 10 Issue VI June 2022- Available at www.ijraset.com
E. Clearing Tracks
This procedure is, in fact, unethical. It is related to the deleting of logs of all activities that occur throughout the hacking process.
F. Reporting
The final step in the ethical hacking procedure is reporting. Here, the Ethical Hacker creates a report containing his findings and the
task that was completed, such as the tools used, the success rate, vulnerabilities discovered, and techniques employed.
C. Key Logger
A key logger is a small piece of software program that, when downloaded into your computer, will record every keystroke. The key
logger will capture every keystroke on the keyboard, every username, id, password and credit card number, etc., exposing all of
your data and private information.
F. Fake W.A.P.
A hacker can make use of software to impersonate a wireless access point (W.A.P.), which can connect to the ‘official’ public place
W.A.P. which you are using. Once you get connected to the fake W.A.P., a hacker can gain and access your data. To idiot you, the
hacker will supply the fake W.A.P an apparent genuine name such as ‘T.F. Green Airport Free WiFi.’
G. Cookie Theft
The cookies in our web browsers such as Chrome, Morzilla,Safari, etc, save personal data like browser history, usernames, and
passwords for various websites we visit. Hackers will send I.P. (data) packets that pass through your computer, and they can do that
if the website you are browsing doesn’t have an SSL (Secure Socket Layer) certificate.
Websites that begin with HTTPS:// are secure, whereas sites that start with HTTP:// (no ‘S’) do not have SSL and are NOT
considered as secure.
©IJRASET: All Rights are Reserved | SJ Impact Factor 7.538 | ISRA Journal Impact Factor 7.894 | 5082
International Journal for Research in Applied Science & Engineering Technology (IJRASET)
ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 7.538
Volume 10 Issue VI June 2022- Available at www.ijraset.com
Figure 1
Figure 2
Figure 3
Both the above figure shows that people are having rough knowledge of hacking. But more awareness or knowledge should be
spread in order to how to deal with it.
©IJRASET: All Rights are Reserved | SJ Impact Factor 7.538 | ISRA Journal Impact Factor 7.894 | 5083
International Journal for Research in Applied Science & Engineering Technology (IJRASET)
ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 7.538
Volume 10 Issue VI June 2022- Available at www.ijraset.com
C. Use Virtualization
Not everyone needs to go this path, but expect to be inundated with spyware and viruses if you visit dubious websites. While
avoiding hazardous websites is the greatest strategy to avoid browser-derived incursions, virtualization allows you to operate your
browser in a virtual environment, such as Parallels or VMware Fusion, that bypasses your operating system to keep it safe.
F. Use Encryption
Even if hackers acquire access to your network and files, encryption can prevent them from accessing any of your data. You can
encrypt your Windows or macOS hard disc with BitLocker (Windows) or FileVault (Mac), encrypt any USB flash drive containing
critical information, and encrypt online traffic with a VPN. Only shop on encrypted websites; you can tell by the "https" in the
address bar, which is accompanied by a closed-padlock image.
IX. CONCLUSION
Ethical hacking is not a criminal activity and it ought to now no longer be taken into consideration as such. While harmful hacking
is a computer crime and a criminal activity, ethical hacking is never a crime. Ethical hacking conforms to industry regulations as
well as organizational IT policy.
Malicious hacking should be prevented while ethical hacking which promotes research, innovation, and technological breakthroughs
ought to be recommended and allowed.
REFERENCES
[1] Sukhai, N.B. (2004). Hacking and cybercrime. InfoSecCD Proceedings of the 1st annual conference on Information security curriculum development, ACM.
pp. 128-132.
[2] Machin, S. and Meghir, C. (2004). Crime and economic incentives. Journal of Human Resources, 39(4), pp.958-979.
[3] Caldwell T. (2011). Ethical hackers: Putting on the white hat. Network Security. pp.10-13. doi: 10.1016/s1353- 4858(11)70075-7
[4] https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm
[5] Conrad J. (2012). Seeking help: The important role of ethical hackers. Network Security. 2012(8), pp.5-8. doi:10.1016/s1353- 4858(12)
[6] https://en.kali.tools/?p=107
[7] Elsevier B.V (2002). In argentina, judge ruled that hacking is not a crime, Computer fraud & security, 2002(5), p.20.
[8] Farwell J.P., Rohozinski R. (2011). Stuxnet and the future of cyber war. Survival.
[9] Fehr C., Licalzi C., Oates T. (2016). Computer crimes. The American Criminal Law Review, 53(4)
[10] https://hack4net.github.io/Hacking-Tutorial/
©IJRASET: All Rights are Reserved | SJ Impact Factor 7.538 | ISRA Journal Impact Factor 7.894 | 5084