UNIT -1

Introduction to Ethical Hacking

Definition: The practice of using hacking techniques for defensive purposes, with
authorized permission, to identify vulnerabilities and weaknesses in computer
systems.

Ethical hacking is a complex and challenging field that requires a combination of

technical skills, problem-solving abilities, and ethical judgment. Ethical hackers
must be able to think critically, analyze complex systems, and identify potential
vulnerabilities. They must also adhere to a strict code of ethics and obtain written
authorization from the system owner before conducting any hacking activities.

In summary, ethical hacking is a specialized field that involves using hacking

techniques for defensive purposes. It is a proactive approach to security that aims
to prevent unauthorized access and protect sensitive information. Ethical hackers
play a crucial role in safeguarding computer systems and networks by identifying
and addressing vulnerabilities. They must possess a combination of technical skills,
problem-solving abilities, and ethical judgment.

Goals:

o Identify and report security vulnerabilities.

o Prevent unauthorized access to systems.
o Protect sensitive information.
o Improve overall system security.

Ethical hacking is a proactive approach to security that aims to prevent

unauthorized access and protect sensitive information. Ethical hackers use their
skills to identify and address vulnerabilities in systems before they can be exploited
by malicious actors. This can help to prevent data breaches, financial losses, and
other negative consequences of cyberattacks.

Ethical hacking can also be used to provide valuable insights into the latest attack
techniques and trends. This information can be used to develop new security
measures and improve existing ones. Ethical hackers can also help to raise
awareness about the importance of cybersecurity and educate organizations and
individuals about how to protect themselves from cyberattacks.

Ethical Considerations:

o Always obtain written authorization from the system owner.

o Respect privacy and confidentiality.
o Avoid causing damage or disruption.
 o Report vulnerabilities responsibly.

Ethical hackers must adhere to a strict code of ethics. They must obtain written
authorization from the system owner before conducting any hacking activities. This
is essential to ensure that they have the legal right to access and test the system.
Ethical hackers must also respect privacy and confidentiality. They should only
access and collect information that is necessary for their investigation. They must
avoid causing damage or disruption to systems.

Ethical hackers should take care to minimize the impact of their activities on the
system and its users. Finally, ethical hackers must report vulnerabilities responsibly
to the system owner. They should provide detailed information about the
vulnerability and how it can be exploited. They should also offer recommendations
for remediation.

Hacking Laws

Understanding the legal implications of hacking activities is crucial for ethical

hackers. Laws vary by jurisdiction, but common themes include:

● Legal Framework: Understanding the legal implications of hacking activities

is crucial. Laws vary by jurisdiction, but common themes include:

Computer Fraud and Abuse Act (CFAA): Prohibits unauthorized access

to computers and networks. This law can be used to prosecute
individuals who gain unauthorized access to systems, regardless of their
intent.
Digital Millennium Copyright Act (DMCA): Protects copyrighted material.
This law can be used to prosecute individuals who circumvent copyright
protection measures.
Electronic Communications Privacy Act (ECPA): Protects electronic
communications. This law can be used to prosecute individuals who
intercept or monitor electronic communications without authorization.

Ethical hackers must operate within the bounds of the law. They must ensure that
they have the necessary authorization to conduct their activities and that they are
not violating any laws. Failure to comply with the law can result in serious legal
consequences.

In addition to these federal laws, there may also be state and local laws that apply
to hacking activities. It is important for ethical hackers to be aware of the laws in
their jurisdiction and to ensure that they are complying with all applicable laws.

Footprinting and Reconnaissance

Footprinting and reconnaissance are essential steps in the ethical hacking process.
They involve gathering information about a target system or network to identify
potential vulnerabilities and weaknesses. This information can be used to plan and
execute attacks, or to protect systems from potential threats.

● Footprinting: Gathering information about a target system or network from

publicly available sources.
● Reconnaissance: Actively probing a target system or network to gather
information.

Techniques:

There are two main types of footprinting and reconnaissance: passive and active.

Passive Footprinting: Using search engines, social media, and other public sources.
Passive footprinting involves gathering information about a target system or
network from publicly available sources. This can include information about the
organization's website, social media profiles, employees, and other publicly
available information. For example, an ethical hacker might use a search engine to
find the organization's website and social media profiles. They might then analyze
this information to identify potential vulnerabilities, such as weak passwords or
outdated software

Active Footprinting: Using tools like ping scans, traceroute, and WHOIS to gather
network information. Active footprinting involves actively probing a target system or
network to gather information. This can include using tools like ping scans,
traceroute, and WHOIS to identify potential vulnerabilities and weaknesses. For
example, an ethical hacker might use a ping scan to identify the target system's IP
address. They might then use traceroute to map the network topology. This
information can be used to identify potential vulnerabilities, such as open ports or
misconfigured services.

DNS footprinting: This involves using DNS records to gather information about a
target system or network. For example, an ethical hacker might use DNS records
to identify the target system's IP address, domain name, and mail servers.

Whois lookup: This involves using the Whois database to gather information about
a target system or network's domain name. For example, an ethical hacker might
use Whois to find out the name and contact information of the organization that
owns the domain name.

Social engineering: This involves using deception and manipulation to obtain

information from people. For example, an ethical hacker might pretend to be a
legitimate user in order to trick someone into giving them sensitive information.
Scanning

Scanning is a critical step in the ethical hacking process that involves identifying
open ports, services, and vulnerabilities on a target system. It allows ethical
hackers to gain a deeper understanding of a system's security posture and identify
potential weaknesses that could be exploited by malicious actors.

● Purpose: Identifying open ports, services, and vulnerabilities on a target

system.
● Tools: 1. Port Scanners: Nmap, Nessus, Zenmap
2.Vulnerability Scanners: Qualys, Nessus, OpenVAS

Types of Scanning

There are several types of scanning that ethical hackers can perform:

● Port Scanning: This involves scanning a target system's IP address to

identify open ports. Open ports can indicate that services are running on the
system, which could be vulnerable to attack.
● Service Scanning: This involves scanning a target system's open ports to
identify the services that are running on those ports. This information can be
used to identify potential vulnerabilities.
● Vulnerability Scanning: This involves scanning a target system for known
vulnerabilities. Vulnerability scanners use databases of known vulnerabilities
to identify potential weaknesses in a system.

System Hacking Cycle

The system hacking cycle is a framework that outlines the typical steps involved in
a hacking attack. It is often used by ethical hackers to understand and analyze the
techniques used by malicious actors. While the specific steps may vary depending
on the attacker's goals and the target system's configuration, the general cycle
typically includes the following phases:

1. Reconnaissance: Gathering information about the target system or network.

This includes passive and active footprinting techniques discussed earlier.
2. Scanning: Identifying open ports, services, and vulnerabilities on the target
system.
3. Enumeration: Gathering additional information about the target system, such
as user accounts, groups, and shares.
4. Gaining Access: Exploiting vulnerabilities to gain unauthorized access to the
target system. This can involve using exploits, password cracking, or social
engineering techniques.
5. Maintaining Access: Establishing a persistent presence on the target system,
such as installing a backdoor or rootkit.
 6. Privilege Escalation: Obtaining higher-level privileges on the target system.
This can involve exploiting vulnerabilities or using administrative credentials.
7. Covering Tracks: Removing evidence of the attack and avoiding detection.

● Phases:
o Planning: Gathering information and setting goals.
o Access: Gaining unauthorized access to the target system.
o Maintenance: Maintaining access and escalating privileges.
o Covering Tracks: Removing evidence of the attack.

● Ethical Hackers: Use this cycle to identify vulnerabilities and test security
measures.

Enumeration

Enumeration is the process of gathering additional information about a target

system after initial scanning. This information can be used to identify potential
vulnerabilities and weaknesses that can be exploited. Enumeration techniques
often involve using tools to query the target system for information, such as user
accounts, groups, shares, and services.

Purpose: Gathering information about a target system's users, groups, and shares.

Some common enumeration techniques include:

● User enumeration: Identifying user accounts on the target system. This can
be done using tools like Netcat, Nmap, or specialized enumeration tools.
● Group enumeration: Identifying groups on the target system. This can be
done using tools like Netcat, Nmap, or specialized enumeration tools.
● Share enumeration: Identifying shares on the target system. This can be
done using tools like Netcat, Nmap, or specialized enumeration tools.
● Service enumeration: Identifying services running on the target system. This
can be done using tools like Nmap or specialized enumeration tools.

● Techniques:
o NetBIOS Enumeration: Using tools like nbtscan.
o LDAP Enumeration: Using tools like ldapsearch.
o SMB Enumeration: Using tools like smbclient.

Cracking Passwords
Password cracking is the process of attempting to guess or brute force passwords
to gain unauthorized access to a system. Attackers often use password cracking
techniques to gain access to accounts with high-level privileges. Password
cracking can be a time-consuming process, especially for long and complex
passwords. However, attackers can use specialized tools and techniques to speed
up the process.

There are two main types of password cracking techniques:

● Dictionary attacks: This involves using a list of common passwords or

phrases to guess the password.
● Brute force attacks: This involves trying every possible combination of
characters to guess the password.

Types of Password Attacks

● Dictionary Attacks: Using a list of common words or phrases.

● Brute Force Attacks: Trying every possible combination of characters.
● Rainbow Table Attacks: Using pre-computed tables of encrypted
passwords.
● Offline Attacks: Conducted without direct access to the target system.
● Online Attacks: Conducted with direct access to the target system.
● Hybrid Attacks: Combining offline and online techniques.
● Rainbow table attacks: This involves using pre-computed tables of
encrypted passwords to quickly crack passwords.
● Salt attacks: This involves adding a random value (salt) to the password
before hashing it. This makes it more difficult to crack passwords using
rainbow tables.

Trojans and Backdoors

Trojans and backdoors are malicious programs that allow attackers to gain
unauthorized access to a system.

· Trojans: Trojan horse programs are disguised as legitimate programs or files.

When executed, they can install malicious code on the victim's system.

· Backdoors: Backdoors are hidden access points that allow attackers to bypass
normal security controls and gain unauthorized access to a system.

● Types of Trojans:
o Remote Access Trojans (RATs): Allow remote control of a system.
o Downloaders: Download and install other malware.
o Keyloggers: Record keystrokes.
o Rootkits: Hide malicious code within the operating system.
 o Screen capturers: These Trojans capture screenshots of the victim's
screen.

Viruses, Worms, and Rootkits

Viruses, worms, and rootkits are other types of malicious code that can infect and
damage computer systems.

● Viruses are self-replicating programs that attach themselves to other

programs or files. When the infected program or file is executed, the virus
also runs. Viruses can spread through various means, such as email
attachments, infected files shared on networks, or compromised websites.
They can cause a variety of damage, including deleting files, corrupting data,
and slowing down system performance.
● Worms are self-replicating programs that spread across networks without
requiring human intervention. Unlike viruses, worms do not need to attach
themselves to other programs or files. Worms can spread rapidly through
networks, exploiting vulnerabilities in network protocols or services. They can
cause significant disruption and damage, such as overwhelming network
bandwidth, crashing systems, and disrupting services.
● Rootkits are sets of tools that allow attackers to gain unauthorized access to
a system and hide their presence. Rootkits can be installed on a system
through various means, such as exploiting vulnerabilities or through social
engineering. Once installed, rootkits can give attackers complete control
over a system, allowing them to steal data, install malware, and monitor user
activity. Rootkits are particularly dangerous because they can be difficult to
detect and remove.

UNIT-2

Sniffers

Sniffers are network monitoring tools that capture and analyze network traffic.
They can be used for legitimate purposes, such as troubleshooting network
problems or monitoring network performance. However, they can also be used for
malicious purposes, such as eavesdropping on communications or stealing data.

Sniffing can be a powerful tool for network administrators and security

professionals. However, it is important to use sniffing responsibly. Sniffing can be a
violation of privacy and security, so it is important to obtain proper authorization
before sniffing a network. Ethical hackers must only use sniffing for legitimate
purposes and avoid causing unnecessary disruption to networks.

Types of Sniffing
· Passive Sniffing is a non-invasive method of capturing network traffic. Passive
sniffers do not interfere with the network in any way. They simply listen to the
traffic and record it. This makes them ideal for legitimate purposes, such as
troubleshooting network problems or monitoring network performance. Passive
sniffers can also be used to detect malicious activity on the network.

Passive sniffing is less intrusive and more difficult to detect, but it may not be able
to capture all of the traffic on the network.

· Active Sniffing is a more intrusive method of capturing network traffic. Active

sniffers send crafted packets to the network to elicit responses from other devices.
This can be used to gather information about the network topology, identify
vulnerabilities, and even hijack sessions. Active sniffers can be used for legitimate
purposes, such as network testing and security auditing. However, they can also
be used for malicious purposes, such as eavesdropping on communications or
stealing data.

Active sniffing is more intrusive and easier to detect, but it can capture all of the
traffic on the network.

There are a number of different tools that can be used for sniffing. Some of the
most popular tools include Wireshark, tcpdump, and Kismet. These tools can be
used to capture and analyze network traffic in real time, or to save traffic for later
analysis.

Ethical Considerations

Sniffing can be a violation of privacy and security. It is important to obtain proper

authorization before sniffing a network. Ethical hackers must only use sniffing for
legitimate purposes and avoid causing unnecessary disruption to networks.

Phishing:

Phishing is a type of social engineering attack that attempts to trick individuals into
revealing sensitive information, such as passwords or credit card numbers.
Phishing attacks are often carried out through email, but they can also be
conducted through other channels, such as instant messaging or social media.

Methods of Phishing

● Spear Phishing: This involves targeting specific individuals or organizations

with personalized phishing attacks.
● Whale Phishing: This involves targeting high-profile individuals, such as
CEOs or executives, with phishing attacks.
 ● Phishing Kits: These are pre-built phishing websites that can be easily
customized and deployed.

Types of Phishing Attacks

● Clickbait Phishing: This involves using sensational or provocative headlines

to lure victims into clicking on malicious links.
● Invoice Phishing: This involves sending fake invoices or bills to victims in an
attempt to trick them into revealing sensitive information.
● Clone Phishing: This involves creating fake websites that look identical to
legitimate websites.

Process of Phishing

1. Research: Attackers research their targets to identify potential vulnerabilities

and weaknesses.
2. Crafting the Phishing Message: Attackers create a phishing message that is
designed to trick victims into clicking on malicious links or revealing sensitive
information. The message is often crafted to appear legitimate and urgent,
and may include social engineering techniques to manipulate the victim's
emotions.
3. Distribution: Attackers distribute the phishing message to their targets. This
can be done through email, social media, or other channels.
4. Victim Engagement: Victims who click on the malicious link or reveal
sensitive information are compromised. The malicious link may lead to a
phishing website that is designed to collect the victim's sensitive information.
5. Data Extraction: Attackers extract the victim's data and use it for malicious
purposes. This can include stealing the victim's identity, financial information,
or other sensitive data.

Denial of Service (DoS) Attacks

DoS attacks are attacks that aim to disrupt or deny service to legitimate users of a
network or system. These attacks can be carried out by flooding a target with
excessive traffic or by exploiting vulnerabilities in the target system.

Classification of DoS Attacks

● Volume-based attacks: These attacks flood the target with excessive traffic,
overwhelming its resources. This can be done by sending a large number of
packets to the target, or by using specialized tools that can generate a high
volume of traffic.
 For example, a simple flood attack involves sending a large number of SYN
packets to the target, which can exhaust its resources and prevent it from
responding to legitimate requests
● Resource-exhaustion attacks: These attacks consume the target's
resources, such as CPU or memory, making it unable to provide service. This
can be done by sending the target requests that require a lot of processing
power or memory, or by exploiting vulnerabilities in the target system that
allow an attacker to consume its resources.
For example, a ping flood attack involves sending a large number of ICMP
ping requests to the target, which can consume its CPU resources.
● Application-layer attacks: These attacks exploit vulnerabilities in specific
applications or protocols to disrupt service. This can be done by sending
crafted requests that exploit vulnerabilities in the target application, or by
sending requests that are designed to crash the application.
For example in a SQL injection attack , which involves injecting malicious
SQL code into a web application to gain unauthorized access to the
database.

Bots and Botnets

Bots are automated programs that can be used to perform tasks on a network.
They can be benign or malicious, depending on their intended purpose. For
example, search engine bots are used to index websites, while malicious bots can
be used to launch attacks or spread spam.

Botnets are networks of compromised computers that are controlled by an

attacker. Botnets can be used to launch DoS attacks, spam campaigns, and other
malicious activities. Botnets can be created by infecting computers with botnet
malware, which can be spread through various means, such as email attachments,
malicious websites, or exploits.
Once a computer is infected with botnet malware, it becomes part of the botnet.
Botnets can be difficult to detect and dismantle, as they can be spread across
multiple networks and countries.

Botnets Life Cycle

1. Infection: Attackers infect computers with botnet malware. This can be done
through various means, such as email attachments, malicious websites, or
exploits.
2. Command and Control: Attackers establish a command and control (C&C)
infrastructure to communicate with the infected computers. This can be
done through various means, such as IRC channels, peer-to-peer networks,
or specialized C&C servers.
3. Task Allocation: Attackers assign tasks to the infected computers, such as
launching DoS attacks or sending spam. This can be done through the C&C
infrastructure.
 4. Execution: The infected computers carry out the assigned tasks. This can
result in a variety of malicious activities, such as DoS attacks, spam
campaigns, and data theft.

System and Network Vulnerability

Vulnerabilities are weaknesses in systems or networks that can be exploited by

attackers. They can be caused by errors in software, hardware, or configuration.

Types of Vulnerabilities

● Software Vulnerabilities: These vulnerabilities are caused by errors in

software code. This can include bugs, design flaws, or security vulnerabilities.
● Hardware Vulnerabilities: These vulnerabilities are caused by defects in
hardware components. This can include physical defects, design flaws, or
manufacturing errors.
● Configuration Vulnerabilities: These vulnerabilities are caused by incorrect
or insecure configurations. This can include misconfigured settings, weak
passwords, or missing security patches.

Identifying and Mitigating Vulnerabilities

● Vulnerability Scanning: This involves using tools to scan systems and

networks for known vulnerabilities. This can be done using automated tools
or manual techniques.
● Patch Management: This involves applying security patches to systems and
software to address known vulnerabilities. This can be done through
automated patch management systems or manual processes.
● Configuration Management: This involves ensuring that systems and
networks are configured securely. This can be done through automated
configuration management tools or manual processes.
● User Education: This involves educating users about the risks of clicking on
malicious links or downloading attachments from unknown sources. This can
help to prevent users from falling victim to phishing attacks and other social
engineering attacks.