Chapter 1.

Introduction
Aim
To elaborate the meaning and nature of Ethical
Hacking and various concepts involved in it.

2
Instructional Objectives
Objectives of this chapter are:
• Explain the concept of Ethical Hacking, with its scope
• List the skills required for an Ethical hacker
• Explain Penetration testing and its types
• Describe the various steps for Ethical hacking
• Outline the steps involved in footprinting
• Explain the process of Scanning

3
Learning Outcomes
At the end of this chapter, you are expected to:
• Define Ethical hacking
• Describe the scope of Ethical hacking in Information Security
scenario
• Apply the most appropriate type of Penetration testing to a system, in
order to gather information
• Outline the steps to develop a footprint for an Organization s network
and systems

4
Ethical hacking and its scope

5
Introduction to hacking

6
Some hacking incidents

Morris Internet
Worm- a program Yahoo, Amazon,
written by Robert ZDNet and
Tappan Morris in Microsoft
1988, caused a Corporation came
Denial of Service under attacks
attack on Internet
Discovery of
blue box by
John Drapers
Hacking of
Mainframe
computers by
few students of
MIT
Ethical Hacking Concept

“It is the process of gaining authorized access in to an Information System of an Organization or

individual, in order to identify and evaluate the possible threats to it .

- Help the organization or individuals to improve their security system

8
Who are ethical hacker?
Information Security
Professional

Is an

Skills Required by an
ethical hacker

9
 CIA Triad
• Non-disclosure of information to either
unauthorised persons or processes

• Ensuring safety and accuracy • Uninterrupted and timely

of data access of data to valid users

10
Terms used in Ethical hacking
TERMS MEANING

Threat Activity or occurrence that is capable of causing potential damage

to the information system or networks

Vulnerability Weak point or a loophole which turns out to be an entry point for a
threat to enter and exploit the system

Risk Probability of a possible threat becoming successful

Attack The very result of a threat which has materialized

Exploit Using the vulnerability of a system or a network so that it may be

attacked

11
 Quiz / Assessment
1) A person who steals information via communication system like credit card information, attacks
PBXs, or is able to make calls free of cost, is called as a
a) Hacker b) Ethical hacker c) Whacker d) Phreaker

2) A person who steals information via communication system like credit card information, attacks
PBXs, or is able to make calls free of cost, is called as a
a) Threat b) A Virus attack c)Cyber terrorism d)Hacktivism

3) What is the definition of Steganography

a) Attacking computer systems with an intention to weaker the economic or military strength of a nation
b) The practice of concealing messages or information within other non-secret text or data
c) Operating in a double blind environment to ethically hack into an organization
d) Study of technology and tools required to be an expert ethical hacker

12
 Quiz / Assessment
4) A computer system or a Software that will go through a security evaluation is called as a

a) Target b) Security threat c) Risk d)Target of evaluation

5) If confidentiality and Integrity constitute two factors in a CIA triad, _____________is the third factor.

a) Accessibility b) Authentication c) Availability d)Authorization

6) The ter used for the prote tio of a i di idual s i for atio that is ide tifia le is ____________

a) Identification b) Privacy c) Authentication d) Evaluation

13
Security Testing
Security testing may be defined as “a process that is used to determine that the security
features of a system are implemented as par design”.

Hands-on • User performs this test to check the intended

functional
testing outcomes of the product.

Penetration • Method of identifying vulnerabilities present in a

testing
computer or a network.

Security Testing
consists of
Verification • Process of evaluating a product in the development
stage, against specified requirements.

14
Penetration Testing and its classifications
Penetration Testing

No Knowledge Full Knowledge Partial Knowledge

testing or Black Box testing or White Box testing or Grey box
testing testing testing

- Professional is - It incorporates
- Professional has features of the
aware of the
no knowledge of the both white and
configurations of the
internal structure of black box testing,
system or the
the system or the Also known as
network he is
network hybrid testing.
hacking
Steps of Malicious Hacking
• Also known as
footprinting.
It’s a process
of gathering
data or
• This is the Maintaining
preliminary Scanning
inspection of
actual attack access • Rootkits is an
phase; so, the example of
an area of
• Collect more risk level is • If the intentions that.
interest over a
detailed considered of the hacker
short period of
information highest will not be Covering tracks,
time.
based on satisfied by clearing tracks
Reconnaissance previous Gaining access acquiring access and installing
phase. then back doors
• Known as maintaining that
enumeration. access is also
important.
Steps of Footprinting
 7 Steps of Footprinting
Its is a method used by the attacker to collect all the information about the
orga izatio , ithout ei g oti ed Name
and
Authenticati
version on Programs
of OS and Access
To identify Finding Control list
active operating Network
Information machines systems mapping
gathering

Internet Domain
names and IP
addresses

Finding Fingerpr
Netw active inting
ork ports Web Server
range and VPN points
deter access version
mina points
tion
Types of Footprinting
Internet footprinting • Gather information from Internet

Organizational or Private • Colle t data fro a orga izatio ’s We -based calendars

footprinting email accounts

Pseudonymous • publishing information under a false name

footprinting

Google hacking • Uses advanced operators in Google

Network footprinting • Active footprinting and Passive footprinting

DNS footprinting • DNS server is targeted to retrieve IP addresses

Website and E-mail • Phone numbers, e-mails and names are gathered from a
footprinting o pa y’s we site after irror i agi g
 Quiz/Assessment
7) In what is called as the actual attack phase, the hacker can gain access to the system at four levels. OS level,
Application level, Network level and __________________.
Physical layer Denial of Service Transport layer Penetration layer

8) What is the full form of EC Council- a member supported organization which is known for Professional
certifications in the field of IT Security
a) International council of b) International c) International Council of d) None of the above
e-Commerce Consultants Congregation of Electronic Electronic Commerce
Commerce Consultants Consultants
9) Black box testing, White box testing and Grey box testing are the three types of Security testing. Among this,
Grey box testing is also called as
a) Penetration testing b) Hybrid testing c) Hybrid testing d) Pink testing
DNS Footprinting
DNS footprinting is used to retrieve all information about DNS servers and any corresponding records of the target
organization or computer system.
•It can ide tify target’s
•It also can identify DNS Infrastructure, IP
domain ant its servers
Tools used for DNS footprinting are: •Contacts for Technical as
addresses and IP of the
mail server.
• Nslokup well as Administrative
aspects of the target
•It is available in both
Windows and Linux
• DNSstuff system operating system

• ARIN Whois Nslookup

• Whois

ARIN DNSstuff

•Stands for American Registry •Another tool for

for Internet Numbers. identifying domain
•It manages Internet number name and server.
resources like IPv4 and IPv6. •Increase efficiency in
locating domains.
 DNS Footprinting using Nslookup

Target's IP
address with
Aliasing Info
Responding
server's
infrastructure nslookup domain name (For
e.g. nslookup
www.gmail.com

IP address
of mail
server
 DNS Footprinting using Whois
American RIPE Network
Registry for Coordination
Internet Numbers Centre (RIPE NCC)
(ARIN)

Whois searches to retrieve

DNS information is Asia-Pacific
available for all RIR Network
(Regional Internet Registries). African Network Information Centre
Information (APNIC)
Latin American Centre (AfriNIC)
and Caribbean
Internet Address
Registry
(LACNIC)
Whois Example
Domain owner

Address Details

Contact Information
 Locating the Network Range
It is the second phase 7 steps footprinting.

Network range can be located using:

• ARIN(American Registry for Internet Numbers) (www.arin.net)
• Traceroute and TTL
Using ARIIN:

 Type www.arin.net in the address bar of browser.

 Type the IP address (retrieved by the method of DNS fotprinting) for which network
range needs to be located

 Report with all network details will be generated.

Locating the Network Range using ARIN
Locating the Network Range using Traceroute
Traceroute
1. Identify active machines in the
network
2. Traces the path travelled by data
packets
To do that:
• Go to command prompt 
• Type tracert followed by domain name
or IP address
How Traceroute orks…
Outcome of Traceroute:

• Retrieve information like network topology,

• trusted routers and firewall positioning.

Intention of Hacker:
• Visualize network structure.
• Prepare a blueprint of network for hacking
• To know about the geographical location of
the router
Traceroute Visual Interface

http://www.visualroute.com/

https://www.pingplotter.com/
Scanning
Scanning
It is defined as the ‘investigation of an information system or network to identify any lapses in its
security, using tools and techniques’.

Identifying active Active and

• Traceroute machines Passive fingerprinting TCP /IP Stack
• ping fingerprinting

Goals of
• Port Scanning By examining
Scanning Telnet banners or
• Banner its File Transfer
Discovering services Protocol (FTP
grabbing
actively running on the Identifying the operating Servers), once a
• War dialling connection to
target, including TCP and system
• War walking these services is
UDP services
made
Scanning Tools

1) Hping
2) Nessus
3) NMAP
4) SNORT
5) TCPview
 Quiz / Assessment

10) Which are the utilities used for identifying active machines on a network?

a) ping and Traceroute b)Nslookup and Whois c)Net view and Nbtscan d)None of the above

11) Which of the below options best define Ping Sweeps?

Detecting live machines Identifying the operating Process where ping is Identifying specific
on the target network system executed on a batch of applications
devices
) A port can be found in either open, closed or -------- state

a) filtered b) active c) Inactive Null

 Quiz / Assessment

13) TCP/IP stack fingerprinting exploits the fact that the ---------- protocol is implemented
differently by OS and vendor

a) UDP b) POP3 c) SNMP d) TCP/IP

14) -------------- is a free security auditing tool for
a) HPing b) Legion c) Nessus d)NMap
Summary
 Ethical Hacking is study of tools and techniques required to add more protection to computer
systems and networks, from the threats hacking
 Confidentiality, Integrity and Availability form what is called CIA triad
 Black Box testing, White box testing and Grey box testing are the three types of Penetration testing
used be security professionals, with their own set of features
 Five stages on malicious hacking are Reconnaissance, Scanning, gaining access, maintaining access
and covering tracks

 EC- Council has defined seven steps in footprinting which is followed by every ethical hacker

 Precise use of tools is a very important requirement for ethical hacker to conduct his analysis and
presenting the facts
 e-References & External Resources

• introduction to ethical hacking, 1.
types of security testing, skills of
ethical hacker and job
responsibilities of an ethical 2.
hacker https://www.sans.org/reading-
room/whitepapers/hackers/shades-
3.
ethical-hacking-black-white-gray-1390
• www.telegraph.co.uk/technology/6670
127/Top-10-most-famous-hackers.html
The CEH Prep Guide, the comprehensive guide to
Certified Ethical Hacking by Ronald L. Krutz and
Russell Dean Vines
Official Certified Ethical Hacker Review Guide by
Kimberly Graves
Unofficial Guide to Ethical Hacking by Ankit
Fadia
 Activity
Brief description of activity

Description:
1. Assume that you are a part of an ethical hacking team
that recently conducted a white box testing for a firm
Online Activity and you have your results with you. Prepare a report to
(30in)
present your facts before the firm using one of the
templates available on the internet or a sample report.
Note: You may make necessary assumptions as applicable