ETHICAL HACKING

Introduction
Ethical hacking involves an authorized attempt to gain
unauthorized access to a computer system, application, or data.
Carrying out an ethical hack involves duplicating strategies and
actions of malicious attackers. This practice helps to identify
security vulnerabilities which can then be resolved before a
malicious attacker has the opportunity to exploit them.
Key Concepts of Ethical Hacking
The three main concepts of Ethical Hacking
Scanning
Scanning identifies the target network, its devices, and their
current configurations. This information can be used to identify
vulnerabilities and determine what type of ethical hacking
attack will work best on those devices.
Enumeration
Enumeration is gathering information about the target
network, such as usernames and passwords, which can be used
in later stages of an attack.
Exploitation
Exploitation involves taking advantage of a device's
vulnerability to gain access to sensitive data or control over
that device.
HACKING
Gaining access to a system that you are not supposed to have
access is considered as hacking. For example: login into an
email account that is not supposed to have access, gaining
access to a remote computer that you are not supposed to
have access, reading information that you are not supposed to
able to read is considered as hacking. There are a large number
of ways to hack a system.
Types of Hacking
 Network Hacking
 Website Hacking
 Computer Hacking
 Password Hacking
 Email Hacking

Network Hacking
Network hacking means gathering information about a network
with the intent to harm the network system and hamper its
operations using the various tools like Telnet, NS lookup, Ping,
Tracert, etc.
Website hacking
Website hacking means taking unauthorized access over a web
server, database and make a change in the information.

Computer hacking
Computer hacking means unauthorized access to the Computer
and steals the information from PC like Computer ID and
password by applying hacking methods.
Password hacking
Password hacking is the process of recovering secret passwords
from data that has been already stored in the computer
system.
Email hacking
Email hacking means unauthorized access on an Email account
and using it without the owner's permission.
Basic of Network
A network is a group of two or more devices that are connected
to each other to share the data or share the resource. A
network contains a number of different computer system that
is connected by a physical or wireless connection like server or
router. This router has direct access to the internet. The device
can only connect to the internet through the router or access

PHASES OF HACKING
There are mainly 5 phases in hacking. Not necessarily a
hacker has to follow these 5 steps in a sequential manner. It’s a
stepwise process and when followed yields a better result.

1. Reconnaissance:
This is the first step of Hacking. It is also called as Foot
printing and information gathering Phase. This is the
preparatory phase where we collect as much information as
possible about the target. We usually collect information about
three groups,
 Network
 Host
 People involved
There are two types of Foot printing
Active :Directly interacting with the target to gather
information about the target. EG: Using Nmap tool to scan the
target
Passive: Trying to collect the information about the target
without directly accessing the target. This involves collecting
information from social media, public websites etc.
2. Scanning:
Three types of scanning are involved:
Port scanning: This phase involves scanning the target for the
information like open ports, Live systems, various services
running on the host.
Vulnerability Scanning: Checking the target for weaknesses or
vulnerabilities which can be exploited. Usually done with help
of automated tools
Network Mapping: Finding the topology of network, routers,
firewalls servers if any, and host information and drawing a
network diagram with the available information. This map may
serve as a valuable piece of information throughout the hacking
process.
3. Gaining Access:
This phase is where an attacker breaks into the
system/network using various tools or methods. After entering
into a system, he has to increase his privilege to administrator
level so he can install an application he needs or modify data or
hide data.
4. Maintaining Access:
Hacker may just hack the system to show it was vulnerable
or he can be so mischievous that he wants to maintain or
persist the connection in the background without the
knowledge of the user. This can be done using Trojans, Rootkits
or other malicious files. The aim is to maintain the access to the
target until he finishes the tasks he planned to accomplish in
that target.
5. Clearing Track:
No thief wants to get caught. An intelligent hacker always
clears all evidence so that in the later point of time, no one will
find any traces leading to him. To achieve this, the hacker
focuses on modifying/corrupting/deleting the values of Logs,
altering registry values, uninstalling all applications used, and
deleting all folders created. In the event of a compromised site,
it becomes crucial to promptly address and fix the hacked site
to minimize potential damage and prevent further
unauthorized access.
VULNERABILITY SCANNING
Vulnerability scanning is a proactive identification of
Vulnerabilities on the target network. Using some
automatic scanning tools and some manual support,
vulnerabilities, and threats can be identified. To provide
vulnerability scanning, the computer should have an
internet connection.

The ports and network can be scanned by the following

tools:
Nmap: It is used to extract information like operating
system, packet filters or firewall type, live host on network,
version of the operating system.
Angry IP scanner: It is used to scan for systems
availability within the given range of input.
Hping2/Hping3: They are network scanning tools and
command-line packet crafting. TCP/IP protocols use them.
Super scan: Macfee, which is a TCP port scanner, develops
this powerful tool. A super scan is used for pinging.
Zen Map: Zen Map is a very powerful GUI tool. It is used
to detect the port scanning, ping sweep, OS type, version
of OS, etc.
Net scan Tool: It contains different types of tools. It is
used to perform the web rippers, flooding, mass emailers,
port scan. This tool is available as a trial version, but it is
also has a paid version.

DNS SPOOFING
Domain Name Server (DNS) spoofing, or DNS cache
poisoning, is an attack involving manipulating DNS
records to redirect users toward a fraudulent, malicious
website that may resemble the user’s intended
destination.