Ethical Hacking
Ethical Hacking
ABSTRACT
i
Institute, along with
fellow graduate
student Norman Joseph
Woodland,
teamed together to
develop a solution.
Bar coding was first
used commercially
in 1966, but to make
the system
acceptable to the
industry as a whole
there would have to
be some sort of
industry standard. By
1970, Logic on
ii
Inc. had developed the
Universal Grocery
Products Identification
Code (UGPIC).
The first company to
produce barcode
equipment for retail
trade using (using
UGPIC) was the
American company
Monarch Marking
(1970), and for
industrial use, the
British company
iii
Plessey
Telecommunications
(1970)
In 1948, a local food
chain store owner
approached Drexel
Institute of Technology
in Philadelphia
asking about research
into a method of
automatically reading
product
information during
checkout. Bernard
Silver, a graduate
student at Drexel
iv
Institute, along with
fellow graduate
student Norman Joseph
Woodland,
teamed together to
develop a solution.
Bar coding was first
used commercially
in 1966, but to make
the system
acceptable to the
industry as a whole
there would have to
be some sort of
industry standard. By
1970, Logic on
v
Inc. had developed the
Universal Grocery
Products Identification
Code (UGPIC).
The first company to
produce barcode
equipment for retail
trade using (using
UGPIC) was the
American company
Monarch Marking
(1970), and for
industrial use, the
British company
vi
Plessey
Telecommunications
(1970)
In 1948, a local food
chain store owner
approached Drexel
Institute of Technology
in Philadelphia
asking about research
into a method of
automatically reading
product
information during
checkout. Bernard
Silver, a graduate
student at Drexel
vii
Institute, along with
fellow graduate
student Norman Joseph
Woodland,
teamed together to
develop a solution.
Bar coding was first
used commercially
in 1966, but to make
the system
acceptable to the
industry as a whole
there would have to
be some sort of
industry standard. By
1970, Logic on
viii
Inc. had developed the
Universal Grocery
Products Identification
Code (UGPIC).
The first company to
produce barcode
equipment for retail
trade using (using
UGPIC) was the
American company
Monarch Marking
(1970), and for
industrial use, the
British company
ix
Plessey
Telecommunications
(1970).
The internet has considerably enhanced various business critical operations of
company's indifferent industry sectors across the globe. However, as more and more
organizations become partially or completely dependent on the internet, computer
security and the serious threat of computer criminals comes to the foreground. The
explosive growth of the Internet has brought many good things: electronic commerce,
easy access to vast stores of reference material, collaborative computing, e-mail, and
new avenues for advertising and information distribution, to name a few. As with most
technological advances, there is also a dark side: criminal hackers. Governments,
companies, and private citizens around the world are anxious to be a part of this
revolution, but they are afraid that some hacker will break into their Web server and
replace their logo with pornography, read their e-mail, steal their credit card number
from an on- line shopping site, or implant software that will secretly transmit their
organization's secrets to the open Internet. With these concerns and others, the ethical
hacker can help. Ethical hacking, also known as "white hat" hacking, is the practice of
using hacking techniques and tools to identify vulnerabilities and weaknesses in
computer systems and networks, with the goal of improving their security. Unlike
"black hat" hackers who use these skills for malicious purposes, ethical hackers work
with the permission of system owners to identify and fix security issues before they
can be exploited by attackers. Ethical hacking involves a range of techniques,
including vulnerability scanning, penetration testing, social engineering, and phishing
attacks, and requires a deep understanding of computer systems and network
architecture. While ethical hacking can be a powerful tool for improving
cybersecurity, it is important that it is conducted in a responsible and ethical manner,
with proper authorization, informed consent, and adherence to legal and ethical
standards. Ethical hacking is a practice of identifying vulnerabilities in computer
systems and networks with the intention of preventing unauthorized access or data
theft. It involves using various techniques and tools to simulate attacks on a system to
find security flaws that could be exploited by malicious hackers. Ethical hackers are
trained professionals who follow a strict code of conduct and work with the
permission and cooperation of the system owners to test and improve their security
measures. The goal of ethical hacking is to identify and fix vulnerabilities before they
can be exploited by malicious actors, thus improving the overall security of the
x
system. Ethical hacking is an important aspect of cybersecurity and is becoming
increasingly necessary in today's digital landscape.
ABSTRACT i
TABLE OF CONTENT ii
LIST OF FIGURES iii
1 INTRODUCTION 1
2 LITERATURE SURVEY 3
3 WORKING 5
4 TOOLS OF ETHICAL HACKING 8
TYPES OF ETHICAL HACKING
TESTING OF ETHICAL HACKING
TYPES OF ETHICAL HACKERS
TYPES OF EHICAL HACKERS
5 ADVANTAGES 14
DISADVANTAGES
APPLICATONS
6 CONCLUSION 19
REFERENCES
xi
LIST OF FIGURES
xii
CHAPTER 1
INTRODUCTION
Ethical Hacking can be defined as a legal access of an Internet geek or group in any
organization’s online property after their official permission. An Ethical Hacker can
help the people who are suffered by this Hackings. Ethical Hacking can be defined as
a legal access of an Internet geek or group in any organization’s online property after
their official permission. A good hacker, or security professional acting as an ethical
hacker, just has to understand how a computer system works and know what tools to
employ in order to find a security weakness. By learning the same skills and
employing the software tools used by hackers, you will be able to defend your
computer networks and systems against malicious attacks.
Ethical hacking and ethical hacker are terms used to describe hacking performed by a
company or individual to help identify potential threats on a computer or network. An
ethical hacker attempts to bypass system security and search for any weak points that
could be exploited by malicious hackers. This information is then used by the
organization to improve the system security, in an effort to minimize or eliminate any
potential attacks. The work that ethical hackers do for organizations has helped
improve system security and can be said to be quite effective and successful.
Individuals interested in becoming an ethical hacker can work towards a certification
to become a Certified Ethical Hacker, or CEH. This certification is provided by the
International Council of ECommerce Consultants (EC-Council). Ethical hackers they
should be completely trustworthy and strong programming and computer network
skills. They posses same skill, mindset, and tools of a hacker but the attacks are done
in a non-destructive manner.
Ethical hacking, also known as "white hat" hacking, is a practice of using the same
tools and techniques as malicious hackers to identify and fix vulnerabilities in
1
computer systems and networks. The goal of ethical hacking is to prevent
unauthorized access or data theft by finding and addressing security flaws before they
can be exploited by malicious actors.
Ethical hackers are trained professionals who follow a strict code of conduct and work
with the permission and cooperation of the system owners to test and improve their
security measures. They use a variety of techniques and tools, such as vulnerability
scanning, penetration testing, and social engineering, to simulate attacks on a system
and identify weaknesses that could be exploited by malicious hackers.
The rise of the internet and technology has brought about an increase in the number of
cyberattacks, making it necessary for individuals and organizations to take proactive
measures to secure their systems and networks. Ethical hacking plays a crucial role in
identifying and addressing security flaws, which could lead to data breaches, loss of
reputation, financial damage, and legal issues. By identifying these vulnerabilities and
weaknesses, ethical hackers provide valuable insights to organizations that help them
strengthen their security measures, thus reducing the likelihood of a successful cyber
attack.
Ethical hacking is a challenging and exciting career that requires extensive knowledge
of computer systems, networks, programming languages, and cybersecurity principles.
Ethical hackers are required to follow strict ethical guidelines and obtain permission
from the system owners before conducting any tests. They are also responsible for
maintaining confidentiality and integrity of the data obtained during the testing
process. ethical hacking is an essential practice that helps organizations and
individuals protect their digital assets and data from malicious hackers. It is a
challenging and exciting career that requires extensive knowledge and expertise in
cybersecurity principles, computer systems, and networks.
CHAPTER 2
2
LITERATURE SURVEY
Ethical hacking is a growing field of study that has gained much attention in recent
years due to the increasing number of cyberattacks and the need for organizations and
individuals to secure their digital assets. As such, there is a significant amount of
literature available on ethical hacking, covering a wide range of topics, including its
history, techniques, tools, and ethics.
The Basics of Hacking and Penetration Testing by Patrick Engebretson: This book
provides an introduction to the fundamentals of ethical hacking, including network
and web application penetration testing, social engineering, and reconnaissance
techniques.
The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim: This
book provides a step-by-step guide to conducting penetration testing, with an
emphasis on real-world scenarios and practical tips for ethical hackers.
Gray Hat Hacking: The Ethical Hacker's Handbook by Daniel Regalado, Shon Harris,
Allen Harper, Chris Eagle, Jonathan Ness, and Branko Spasojevic: This book covers a
wide range of topics related to ethical hacking, including reconnaissance, vulnerability
assessment, and exploitation techniques.
Web Application Hacker's Handbook by Dafydd Stuttard and Marcus Pinto: This
book is focused specifically on web application security and covers topics such as web
application architecture, common vulnerabilities, and testing techniques.
Metasploit: The Penetration Tester's Guide by David Kennedy, Jim O'Gorman, Devon
Kearns, and Mati Aharoni: This book provides an in-depth guide to using Metasploit,
a popular tool used by ethical hackers to conduct penetration testing.
3
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick,
which explores the social engineering techniques used by hackers to gain access to
sensitive information. This book is still widely read today and is considered a classic
in the field of ethical hacking.
Hacking: The Art of Exploitation by Jon Erickson, which provides an in-depth look at
the tools and techniques used by hackers to gain unauthorized access to computer
systems. This book is widely regarded as a must-read for anyone interested in the field
of ethical hacking.
CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker .This book is a
comprehensive guide that covers all the topics included in the Certified Ethical
Hacker (CEH) certification exam. It provides an overview of the different hacking
techniques and methodologies used by ethical hackers.
4
CHAPTER 3
WORKING OF ETHICAL HACKING
A white hat ethical hackers is the hacker who exploits for some great cause (such as
protecting some organization). The good people are basically ethical hackers. They
have legal permission to interfere with the program of others. The ethical hacker
search ports, websites & locate bugs that can be targeted by a cracker. Once the
weaknesses for any device are known, the attacks can be done easily. To be safe in this
internet world, user needs to learn how a hacker (cracker) can get into his network .
Ethical hacking is learning the conception of hacking & applying them to secure any
systems, organization for any great cause. Ther are five phase in ethical hacking they
are
• Reconnaissance
• Scanning & Enumeration
• Gaining Access
• Maintaining Access
• Clearing Tracks
5
Reconnaissance
It is the set of procedures & technique used to gather information’s about the target
systems secretly. In this, the ethical hacker seeks to gather as more information as
possible about the target systems, following the 7 steps mentioned below.
• Identification of active machines
• Preliminary information collection
• Identification of every ports services
• Network mapping
• Identification of open ports & access points
• OS fingerprinting
Gaining Access
Gaining access is the third phase of ethical hacking, which involves attempting to
exploit the vulnerabilities and weaknesses identified during the previous phases in
order to gain access to the target system or network. The goal of this phase is to
determine whether a malicious attacker could gain unauthorized access to the target
system or network .Once the observation is finished & every weakness are tested, the
hackers then attempts with the helps of some tools & techniques to gain access. This
essentially focuses on the retrieval of the password. Either bypass techniques (like
using konboot) or password cracking the techniques that can be used for this by
hacker.
Maintaining Access
Once the intruder has got access to the targeted systems, he can take advantage of both
the systems & its resources & use the systems as a catapult pad for testing & harming
other system, or can retain the low profile & continue to exploit the systems without
the genuine user knowing every acts. Those 2 acts will demolish the organization that
leads to a calamity. Rootkits gain entrance at the operating systems level, while the
Trojan horses gain entrance at the program levels. Attackers that can use the Trojan
horses to migrate on the system user passwords, names & credit card information’s.
6
Organizations that can use tools for honeypots or intrusion detection to detect the
intruders. Nonetheless, the hindmost is not commend unless the company has the
necessary security personnel to take advantage of the defence principle.
Clearing Tracks
For several purposes such as avoiding detection & further penalizing for intrusion, an
offender will destroy confirmation of his activities and existence. Eliminating
evidence that is often referred to the ' clearing tracks ' is the requirement for every
intruder who needs to remain anonymous and prevent detect back. Usually this steps
begins by delete the adulterate logins or all other possible errors messages generated
from the attack process on the victim system. For e.g., a buffer overflow attack
usually leaves a message that needs to be cleared in the systems logs. Next attention is
focused on making changes in order not to log in to potential logins. The 1st thing a
systems administrator does to trace the system's uncommon activity is to review all
the systems log file, it is necessary for trespasser to use the tool to change the system
logs so that the administrator cannot track them. Making the system look like it did
before they obtain access & set up backdoor for their own use is important for
attackers. Any files that have been modified must be swap back to their actual
feature’s so there is no doubt into the mind of administrators that the systems have
been trespasser.
7
CHAPTER 4
TOOLS USED IN ETHICHAL HACKING
Ethical hackers use a wide range of tools to perform their assessments and tests. These
tools assist in various stages of the hacking process, from information gathering to
vulnerability scanning and exploitation. Here are some commonly used tools in ethical
hacking.
Nmap
A powerful network scanning tool used for port scanning, host discovery, and service
identification. It helps identify open ports and available services on a target network.
Metasploit Framework
A popular penetration testing tool that provides a collection of exploits, payloads, and
auxiliary modules. It helps ethical hackers identify and exploit vulnerabilities in target
systems.
Burp Suite
A comprehensive web application testing tool used for intercepting and manipulating
HTTP traffic. It includes features such as a web proxy, scanner, intruder, and repeater.
Wireshark
A network protocol analyzer that captures and examines network packets. It allows
ethical hackers to analyze network traffic and detect any anomalies or vulnerabilities.
Nessus
A widely used vulnerability scanner that identifies security weaknesses in networks,
systems, and applications. It provides detailed reports on vulnerabilities and suggests
remediation measures.
John the Ripper
A password-cracking tool used to test the strength of passwords. It employs various
techniques, such as dictionary attacks and brute-force attacks, to crack passwords.
Sql map
A tool specifically designed for detecting and exploiting SQL injection vulnerabilities
in web applications. It automates the process of identifying and exploiting SQL
injection flaws.
Aircrack-ng
A set of tools used for wireless network auditing and penetration testing. It includes
tools for capturing packets, cracking WEP and WPA/WPA2 encryption keys, and
performing various wireless attacks.
8
Hydra
A network login cracker that supports various protocols, such as SSH, FTP, Telnet,
and more. It can perform brute-force and dictionary-based attacks to crack passwords.
Nikto
A web server vulnerability scanner that checks for common vulnerabilities and
misconfigurations in web servers and applications. It provides a detailed report of
potential security issues.
Ethical hacking encompasses various types or domains that focus on different aspects
of security assessments and testing. Here are some common types of ethical hacking
Network Hacking
Network hacking involves assessing the security of computer networks, including
wired and wireless networks. Ethical hackers attempt to identify vulnerabilities,
misconfigurations, and weak points in network infrastructure and devices.
Social Engineering
Social engineering involves manipulating individuals to gain unauthorized access to
information or systems. Ethical hackers use social engineering techniques, such as
phishing, pretexting, or impersonation, to exploit human vulnerabilities and test an
organization's security awareness and policies.
9
Physical Penetration Testing
Physical penetration testing assesses the physical security measures of an
organization. Ethical hackers attempt to gain unauthorized access to premises,
systems, or sensitive areas by bypassing physical barriers, manipulating security
controls, or exploiting human vulnerabilities.
10
Figure 4.1 Types of Ethical Hacking
External Testing
This type of ethical hacking involves testing the security of a system or network from
an external perspective, simulating an attack from the internet. This approach is useful
for identifying vulnerabilities that could be exploited by external attackers.
Internal Testing
This type of ethical hacking involves testing the security of a system or network from
an internal perspective, simulating an attack by an employee or other trusted insider.
11
This approach is useful for identifying vulnerabilities that could be exploited by
insiders with access to sensitive information.
Hybrid Testing
This type of ethical hacking involves combining multiple types of testing, such as
white box and black box testing, or external and internal testing, to provide a more
comprehensive assessment of the system or network.
Penetration Testers
Penetration testers, also known as pen testers, perform in-depth assessments to
identify vulnerabilities and exploit them to gain unauthorized access. They simulate
real-world attacks to evaluate the effectiveness of security measures and provide
actionable recommendations for improvement.
12
points, and client devices to identify vulnerabilities and recommend security
enhancements.
Forensic Analysts
Forensic analysts assist in incident response and forensic investigations. They use
their skills to collect and analyze digital evidence, reconstruct security incidents, and
provide insights into the nature and scope of the incidents.
TYPES OF HACKERS
13
malicious. They often notify organizations about vulnerabilities and may request a
fee or recognition for their findings.
CHAPTER 5
ADVANTAGES
Enhanced Security: Ethical hacking helps organizations identify vulnerabilities,
weaknesses, and potential risks in their systems, networks, or applications. By
proactively identifying and addressing these vulnerabilities, organizations can
strengthen their security measures and protect themselves against malicious attacks.
Ethical hacking assists in improving overall security posture.
DISADVANTAGES
Cost and Resource Intensiveness: Conducting thorough and effective ethical hacking
assessments requires skilled professionals, tools, and resources. Organizations need to
15
allocate budget and resources for training ethical hackers, acquiring necessary tools,
and conducting regular assessments. The cost of maintaining an internal team or hiring
external experts for assessments can be significant.
Limited Scope and Timing: Ethical hacking assessments are snapshots in time and
have limitations in terms of scope and coverage. They may not capture all potential
vulnerabilities or risks, especially if the assessment is conducted on a limited subset of
systems or applications. Additionally, systems and technologies evolve over time, and
new vulnerabilities may arise after the assessment.
Ethical Dilemmas: Ethical hacking can present ethical dilemmas, particularly when it
comes to the boundaries of authorized activities. Determining the extent to which
ethical hackers can probe systems, access sensitive data, or use certain techniques can
be challenging. Striking the right balance between effective security testing and
respecting privacy and legal boundaries requires careful consideration.
Insider Threats: Organizations must consider the risk of insiders misusing their
knowledge gained from ethical hacking assessments. While ethical hackers are
expected to adhere to strict ethical standards, there is always a potential risk of insider
threats. Organizations should implement appropriate safeguards to prevent misuse or
unauthorized access to sensitive information.
Perception and Reputation: Despite the term "ethical" hacking, there may be
misconceptions or negative perceptions associated with hacking activities. Some
individuals or stakeholders may not fully understand the purpose and benefits of
ethical hacking and may question the intentions or methods used. Organizations
should communicate their ethical hacking initiatives effectively to address any
potential concerns.
APPLICATIONS
16
Ethical hacking is nothing but the one which performs the hacks as security tests for
their systems. Ethical hacking can be used in many applications in case of web
applications which are often beaten down. This generally includes Hypertext Transfer
Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are most
frequently attacked because most of the firewalls and other security are things has
complete access to these programs from the Internet. The main application of this is to
provide the security on wireless infrastructure which is the main purpose of present
business organization.
Network Scanning: Ethical hackers use real-time network scanning tools to identify
active hosts, open ports, and services running on the network. Tools like Nmap are
commonly used to perform port scanning, service enumeration, and vulnerability
detection. Real-time network scanning helps ethical hackers gather information about
the target network and identify potential entry points or weaknesses.
Exploitation: Once vulnerabilities are identified, ethical hackers may employ real-
time exploitation techniques to assess the impact and severity of those vulnerabilities.
By exploiting identified vulnerabilities, ethical hackers can demonstrate the potential
consequences of unpatched or misconfigured systems and provide actionable
recommendations for remediation.
17
real-time, analyzing input validation, session management, and authentication
mechanisms to identify security weaknesses.
18
CHAPTER 6
CONCLUSION
Technology has become an essential part of our daily lives, providing us with
numerous benefits and conveniences. However, it also brings significant risks and
challenges, particularly in terms of cybersecurity. Cyber attacks are on the rise, and
organizations and individuals alike must take steps to protect themselves against
these threats. Effective cybersecurity requires a multifaceted approach that includes
measures such as strong passwords, regular software updates, employee training,
access controls, and network segmentation. Ethical hacking can also play a valuable
role in identifying vulnerabilities and improving the overall security of a system.
However, it is important to understand the limitations and potential drawbacks of
ethical hacking, such as the cost, the risk of false positives or negatives, legal issues,
and the potential for creating a false sense of security Ethical hacking is a practice that
involves authorized and controlled testing of systems, networks, and applications to
identify vulnerabilities and strengthen cybersecurity defences. It is a proactive
approach that helps organizations stay ahead of potential threats and protect sensitive
data and assets. The methodology of ethical hacking includes network scanning,
vulnerability assessments, exploitation, password cracking, web application testing,
social engineering, and wireless network penetration testing. These techniques help
ethical hackers gather information, identify vulnerabilities, and assess the impact and
severity of those vulnerabilities.Ethical hacking has numerous real-time applications
across various industries. It is used in security assessments, penetration testing,
vulnerability management, incident response preparedness, compliance adherence,
and continuous improvement of an organization's security posture. The advantages of
ethical hacking include proactive security, comprehensive security assessments,
compliance adherence, incident response preparedness, and continuous improvement.
By identifying vulnerabilities before malicious actors can exploit them, organizations
can take necessary measures to strengthen their security defences. However, ethical
hacking also comes with ethical considerations and potential disadvantages. It is
19
crucial to operate within legal and ethical boundaries, respecting privacy,
confidentiality, and consent. Privacy concerns, legal implications, and the need for
strict ethical guidelines should be taken into account. Real-world case studies
showcase the effectiveness of ethical hacking in identifying vulnerabilities and
enhancing cybersecurity. Organizations that have undergone ethical hacking
assessments have improved their security posture and minimized potential risks.
Ethical hacking is an essential practice for organizations to proactively address
cybersecurity risks. By embracing ethical hacking, organizations can identify
vulnerabilities, assess risks, and strengthen their overall security defenses in the ever-
evolving digital landscape.
REFERENCES
o Twincling Society Ethical Hacking Seminar. 2006. Retrieved March 27, 2009.
o Krutz, Ronald L. and Vines, Russell Dean. The CEH Prep Guid The
Comprehensive Guide to Certified Ethical Hacking. Published by John Wiley
and Sons, 2007.
o Palmer, Charles. Ethical Hacking. Published in IBM Systems Journal: End-to-
End Security, Volume 40, Issue 3, 2001.
o Tiller, James S. The ethical hack: a framework for business value penetration
testing. Published by CRC Press, 2005.
o Beaver, Kevin and McClure, Stuart. Hacking For Dummies. Published by For
Dummies, 2006.
o Certified Ethical Hacking Seminar. 2006. Retrieved March 27, 2009.
o Certified Ethical Hacking EC-Council. 2009. Retrieved March 27, 2009.
o Certified Ethical Hacking EC-Council. 2009. Retrieved March 27, 2009.
o Ethical Hacking Jobs. 2009. Retrieved March 27, 2009.
o D'Ottavi, Alberto. Interview: Father of the Firewall. 2003. Retrieved March 27,
2009.
o Livermore, Jeffery. What Are Faculty Attitudes Toward Teaching Ethical
Hacking and Penetration Testing?. Published in Proceedings of the 11th
Colloquium for Information Systems Security Education, 2007.
o CEH: Certified Ethical Hacker Study Guide by Kimberly Graves (2016)
o The Basics of Hacking and Penetration Testing: Ethical Hacking and
Penetration Testing Made Easy by Patrick Engebretson (2013)
o Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman
(2014)
o Ethical Hacking and Countermeasures: Threats and Defense Mechanisms by
EC-Council (2010)
20
o The Hacker Playbook 3: Practical Guide to Penetration Testing by Peter Kim
(2018)
o Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson (2008)
o Web Application Security, A Beginner's Guide by Bryan Sullivan and Vincent
Liu (2011)
o Metasploit: The Penetration Tester's Guide by David Kennedy, Jim O'Gorman,
Devon Kearns, and Mati Aharoni (2011)
o Information Security: Principles and Practices by Mark Merkow and Jim
Breithaupt (2014)
o Gray Hat Hacking: The Ethical Hacker's Handbook, 4th Edition by Daniel
Regalado, Shon Harris, Allen Harper, and Chris Eagle (2015)
21