Ethical hacking

Introduction : Ethical hacking is to scan vulnerabilities and to find potential threats on a

computer or network. An ethical hacker finds the weak points or loopholes in a computer,
web application or network and reports them to the organization. So, let’s explore more
about Ethical Hacking step-by-step. These are various types of hackers:
(1) White Hat Hackers (Cyber-Security Hacker)
(2) Black Hat Hackers (Cracker)
(3) Gray Hat Hackers (Both)
Ethical hacking

1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Clearing Tracks
 Ethical hacking
Hacking is broadly defined as the act of breaking into a computer system. Hacking may
lead to criminal charges when a hacker accesses someone else's computer system without
consent.

For example, a hacker may use a phishing scam to install malware on a computer network.
They may also install computer programs, allowing them to commit identity theft or steal
confidential information.
❖ What damage can hackers do?

Cybersecurity hacking can cause real havoc. Whatever technique hackers use, once they
have gained access to your data or devices, they can:

❖ Steal your money and open credit card and bank accounts in your name
❖ Destroy your credit rating
❖ Request new account Personal Identification Numbers (PINs) or additional credit
cards
❖ Make purchases on your behalf
❖ Add themselves or an alias that they control as an authorized user so it’s easier to use
your credit
❖ Use and abuse your Social Security number
❖ Sell your information to others who will use it for malicious purposes
❖ Delete or damage important files on your computer
❖ Obtain sensitive personal information and share it, or threaten to share it, publicly
Domain Name System(DNS)

Domain Name System(DNS) is nothing but a program that converts or translates a website
name into an IP address and vice versa.
Example: A user enters www.redbull.org in a browser, now the DNS will intercept this
request and will fetch the corresponding IP address and connect the user to that fetched IP
address.
 Information Gathering Methodologies OSINT Framework

Open Source Intelligence (OSINT) is a crucial aspect of information gathering and

involves collecting data from publicly available sources. Various methodologies and
frameworks exist to streamline and organize the OSINT process. Here's an overview of
some commonly used OSINT frameworks and methodologies:
Information Gathering Methodologies OSINT Framework
OSINT Framework:

● The OSINT Framework is a collection of various tools and resources

categorized into different sections such as username search, domain search,
document search, etc.
● Website: OSINT Framework
Recon-NG:
● Recon-NG is an open-source reconnaissance framework that offers a web-based
interface for information gathering.
● It includes various modules for data discovery and analysis.
● Website: Recon-NG
Shodan:
● Shodan is a search engine for Internet-connected devices, providing information
about open ports, services, and vulnerabilities.
● It is valuable for discovering devices and systems connected to the internet.
● Website: Shodan
Google Dorking:
● Google Dorking involves using advanced search operators to find specific
information on Google.
● It can be used to discover sensitive data, exposed devices, or vulnerabilities.
● Example: site:example.com intitle:"index of"
DNS Enumeration is the process of extracting information about a domain or a network
by querying the Domain Name System (DNS). It is an essential phase in information
gathering and reconnaissance during security assessments or ethical hacking. DNS
enumeration helps identify and collect details such as hostnames, IP addresses, mail
servers, and other DNS-related information.

Here are some common techniques used in DNS Enumeration:

DNS Zone Transfers:

● A DNS zone transfer is the process of replicating DNS databases across multiple
servers. It can be exploited to retrieve a list of all DNS records for a domain.
● Tools like dig or nslookup can be used to attempt a zone transfer.
Social Engineering attacks involve manipulating individuals to disclose confidential
information, perform actions, or compromise security. These attacks exploit human
psychology rather than relying on technical vulnerabilities. There are various types of
social engineering attacks, each targeting different aspects of human behavior. Here are
some common social engineering attacks:

1. Mass phishing also known as bulk phishing or widespread phishing, is a type of

phishing attack where the attacker sends deceptive messages or emails to a large
number of individuals with the goal of tricking them into revealing sensitive
information, such as usernames, passwords, or financial details. The attackers
typically cast a wide net, hoping that a percentage of recipients will fall for the scam.
2. Spear phishing is a targeted form of phishing attack where cybercriminals customize
their deceptive tactics to focus on specific individuals or organizations. Unlike mass
phishing, which casts a wide net in the hope of catching a few victims, spear phishing is
highly personalized and often involves a thorough reconnaissance process to gather
information about the target. The goal is to trick the specific individual into revealing
sensitive information, such as login credentials or financial details, or to deploy malware
onto their system.
In addition to phishing and spear phishing, there are several other types of social network
attacks that malicious actors may employ to exploit individuals or organizations. Here are
a few examples:

Malicious URL Sharing:

● Definition: Attackers share links to malicious websites on social media
platforms. These websites may host phishing pages, malware downloads, or
other harmful content.
● Example: An attacker posts a seemingly innocent link on a social media
platform that leads to a phishing site designed to steal login credentials.
Fake Profiles and Impersonation:

● Definition: Creating fake profiles or impersonating real individuals on social

networks to deceive and manipulate others.
● Example: An attacker creates a fake profile using someone else's name and
picture, then uses this profile to befriend and manipulate individuals for
malicious purposes.

Social Engineering through Direct Messages:

● Definition: Attackers use direct messages on social networks to engage in social

engineering tactics, such as requesting sensitive information or encouraging users
to click on malicious links.
● Example: An attacker poses as a friend in a direct message and asks the user to
Reducing your OSINT (Open Source Intelligence) footprint involves minimizing the
amount of publicly available information about you or your organization. This is a
preventive mechanism to enhance privacy and security, making it more challenging for
malicious actors to gather sensitive information. Here are some strategies to reduce your
OSINT footprint .
The OWASP (Open Web Application Security Project) Top 10 is a widely recognized
list of the most critical web application security risks. Here's a brief overview of attack and
defensive mechanisms related to Web Shells and Language Specific Vulnerabilities:

Web Shells:

Attack Mechanism:
Web shells are malicious scripts that attackers upload to a web server to gain remote access
and control over the server. They can be used to execute commands, upload/download files,
and perform various malicious activities.
Defensive Mechanism:

1. Input Validation and Sanitization:

● Validate and sanitize user input to prevent injection attacks that may lead to the
upload of web shells.
● Regularly audit and review uploaded files to detect any suspicious or unexpected
content.
2. File Upload Restrictions:
● Restrict file types and enforce proper file upload restrictions to prevent the
upload of potentially malicious files.
3. File System Permissions:

● Implement the principle of least privilege to limit the permissions of web server
processes and directories where uploads occur.

4. Web Application Firewalls (WAF):

● Use WAFs to detect and block known web shell patterns and behaviors.
Language Specific Vulnerabilities:

NodeJS, Python, J2EE, PHP, etc.

Template Injection:
Attack Mechanism:

Template injection occurs when an attacker injects malicious code into a template engine,
leading to the execution of unintended commands.
Defensive Mechanism:

Contextual Output Encoding:

● Use proper output encoding functions to prevent the interpretation of user input
as code.
Template Engine Security Features:
● Utilize template engines that have built-in security features to mitigate template
injection vulnerabilities.
Object Injection:

Attack Mechanism:

Object injection involves manipulating serialized objects to execute arbitrary code and
compromise the application.
Defensive Mechanism:

Input Validation:
● Validate and sanitize user input, especially if it is used in object deserialization
processes.
Use Safe Deserialization Libraries:
● Employ libraries that support safe deserialization practices, or implement proper
input validation before deserialization.
Evaluation Method Vulnerability (RCE):
Attack Mechanism:

An Evaluation Method Vulnerability leads to Remote Code Execution (RCE) by allowing

the execution of arbitrary code within the application.
Defensive Mechanism:

Code Review:
● Regularly review code to identify and fix potential vulnerabilities related to code
evaluation.
Least Privilege Principle:
● Restrict the permissions of components to the minimum necessary for their
functionality to minimize the impact of a successful RCE attack.
Other Vulnerabilities:
Defensive Mechanism:

Static Code Analysis:

● Use static code analysis tools to identify and fix security vulnerabilities in the
codebase.
Regular Security Audits:
● Conduct regular security audits and penetration testing to discover and address
vulnerabilities.
Countermeasures:

Security Awareness Training:

● Educate developers and administrators about secure coding practices and
potential vulnerabilities.
Patch and Update:
● Keep software, frameworks, and libraries up-to-date to benefit from security
patches.
Monitoring and Incident Response:
● Implement robust monitoring and incident response mechanisms to detect and
respond to security incidents promptly.
Web Application Firewall (WAF):

● Employ a WAF to filter and monitor HTTP traffic between a web application and
the Internet.
Network Segmentation:
● Implement network segmentation to isolate web application servers from critical
internal resources.
Web service hardening refers to the process of securing and strengthening web services
to protect them from various security threats and vulnerabilities. Web services are often
essential components in modern applications, enabling communication and data exchange
between different systems over the internet. Hardening these services is crucial to prevent
unauthorized access, data breaches, and other security incidents