SUMMARY

 Chap01: Introduction to “ethical hacking ”

 Chap02: Gathering Target Information: Reconnaissance, Footprinting, and Social

Engineering

 Chap03: Gathering Network and Host Information: Scanning and Enumeration

 Chap04: System Pentesting: Password Cracking, Escalating Privileges, and Hiding Files

 Chap05: Trojans, Backdoors, Viruses, and Worms

 Chap06: Gathering Data from Networks: Sniffers

 Chap07: Web Pentesting: Google, Web Servers, Web Application Vulnerabilities,

 Chap08: Attacking web Applications: SQL Injection

 Chap09: Pentesting Linux Systems

 Chap10: Pentesting Mobile Platforms (Android)

Chap Introduction to “ethical hacking ”

1 OBJECTIVES COVERED IN T H I S C H AP

01 Understand
Pentesting
06 What is
hacktivism?

terminology

02 Define the job role

of an ethical hacker
07 List different types
of hacker classes

03 Understand the different

phases involved in
08 Define the skills required
to become an ethical
hacker
Pentesting

04 Identify different types

of Pentesting
09 Understand
Pentesting
terminology
technologies

05 List the five stages

of Pentesting
10 Describe the ways
of conducting
Pentesting
Chap
Chap

11
 In reality, a good hacker, or
 Most people think hackers security professional acting
have extraordinary skill as an ethical hacker, just has
and knowledge that allow to understand how a
them to hack into computer system works and
computer systems and find know what tools to employ in
valuable information. order to find a security
weakness

This course will teach you the same techniques and software tools that
many hackers use to gather valuable data and attack computer systems

 Hackers use specialized computer software tools to gain access to

information. By learning the same skills and employing the software
tools used by hackers, you will be able to defend your computer
networks and systems against malicious attacks

 Pentesting for profit = penetration testing, conducted by a security

professional to identify security risks and vulnerabilities in systems and
networks.
Chap
Chap
Defining Pentesting

11 Act in a professional use their Pentesting skills

manner to differentiate and toolsets for
themselves from defensive and protective
malicious hackers purposes

Any computer
Gaining the trust of the professional can learn
client and taking all the skills of Pentesting.
precautions to do no harm
to their systems
Chap
Chap
Defining Pentesting

11 01 - Good guys, Ethical hackers ,Defensive purposes,

Professionals with knowledge of Pentesting
and the hacker toolset ,
Locate weaknesses
Implement countermeasures.
[Permission from the data owner.]

02 - Bad guys, Malicious hackers or crackers, Illegal

purposes.
Violate the system integrity of remote systems,
Gain unauthorized access
Destroy vital data, deny legitimate users service

03
- Work offensively or defensively.
Interested in Pentesting tools and technologies and are not
malicious black hats.
self-proclaimed ethical hackers,
Interested in hacker tools mostly from a curiosity
standpoint
Chap
Chap
What Do Ethical Hackers Do?

11  Ethical hackers are motivated by different reasons, but their purpose is usually the
same as that of crackers: they’re trying to determine what an intruder can see on
a targeted network or system, and what the hacker can do with that information.
This process of testing the security of a system or network is known as a
penetration test, or pen test.

CONFIDENTIALITY

AUTHENTICITY

INTEGRITY

AVAILABILITY
Chap
Chap
Ethical Hacker’s Skill Set

11 Ethical hackers who stay a step ahead of malicious hackers must be computer
systems experts who are very knowledgeable about :

Computer programming: Networking: In-depth knowledge about

C, TCP/IP, Security Operating systems
C++,C#,Java,Python,… Administration,….

Web programming: database skills: • Patience

PHP,JS,CMS,XML,…. Oracle, Mysql, SQL, … • Persistence
• immense
perseverance
Chap
Chap
Terminology

11 01
Threat
Situation that could lead to a
potential breach of security.
Ethical hackers look for and
04 Attack
An attack occurs
when a system is
prioritize threats when compromised based
performing a security analysis. on a vulnerability.
Many attacks are
perpetuated via an
0 0 exploit.

02 Vulnerability
logic design, or 1 2
implementation
error that can lead
to an unexpected
0 0 05 Risk
The probability of a
threat exploiting a
instructions to the
system. Exploit
6 3 vulnerability.

code is written to
target a 0 0
vulnerability and
cause a fault in the 5 4 ToE
system in order to
retrieve
data
valuable
06 Target(of Evaluation)
A system, program, or
network that is the
Exploit A piece of software leading to subject of a security
unauthorized access, privilege escalation, or analysis or attack

03 denial of service on a computer system.

An exploit is a defined way to breach the
security of an IT system through a
vulnerability.
Chap
Chap
Phases

11
05
04 Covering
Tracks
03 Maintaining
Access
02 Gaining
Access
01 Scanning
&
Reconnaissance
Enumeration
 Introduction t o “ Pentesting”
Chap
Chap
Phases

11  This is the first phase where the Hacker tries to

collect information about the target.

 It may include Identifying the Target, finding out the

target’s IP Address Range, Network, DNS records,
etc.
01 Let’s assume that an attacker is about to hack a websites’ contacts.
Reconnaissan He may do so by : using a search engine like maltego, researching
ce the target say a website (checking links, jobs, job titles, email,
news, etc.), or a tool like HTTPTrack to download the entire
website for later enumeration, the hacker is able to determine the
following: Staff names, positions, and email addresses.

Active Passive

• Directly interacting with the •Trying to collect the information

target to gather information about the target without directly
about the target. Eg Using Nmap accessing the target. This involves
tool to scan the target collecting information from social
media, public websites etc
 Introduction t o “ Pentesting”
Chap
Chap
Phases

11 1
Port scanning
This phase involves scanning the target for
the information like open ports, Live
systems, various services running on the
host
Vulnerability Scanning
02 1
Checking the target for weaknesses or
vulnerabilities which can be exploited.
Scanning
& Usually done with help of automated tools
Enumeration
Network Mapping
Finding the topology of network, routers,
1 firewalls servers if any, and host
information and drawing a network
diagram with the available information.
This map may serve as a valuable piece of
information throughout the haking process.
 Introduction t o “ Pentesting”
Chap
Chap
Phases

11  Hacker designs the blueprint of the network of the target with the
help of data collected during Phase 1 and Phase 2.

 The hacker has finished enumerating and scanning the network

and now decide that they have a some options to gain access to
the network.

03 The hacker decides to play it safe and use a simple phishing attack to gain
access. The hacker decides to infiltrate from the IT department. They see
Gaining that there have been some recent hires and they are likely not up to speed on
Access the procedures yet. A phishing email will be sent using the CTO’s actual
email address using a program and sent out to the techs. The email contains
a phishing website that will collect their login and passwords. Using any
number of options (phone app, website email spoofing, Zmail, etc) the
hacker sends a email asking the users to login to a new Google portal with
their credentials. They already have the Social Engineering Toolkit running
and have sent an email with the server address to the users masking it with a
bitly or tinyurl.

Creating a reverse TCP/IP shell in a PDF using Metasploit

Denial of Service attack, stack based buffer overflows, and session

hijacking may also prove to be great.
 Introduction t o “ Pentesting”
Chap
Chap
Phases

11  Hacker may just hack the system to show it was

vulnerable or he can be so mischievous that he wants to
maintain or persist the connection in the background
without the knowledge of the user. This can be done
using Trojans, Rootkits or other malicious files. The aim
is to maintain the access to the target until he finishes the
04 tasks he planned to accomplish in that target.

Maintaining
Access  Rootkits provide the greatest means when it
comes to maintaining access. Uniquely crafted
rootkits that have been developed and installed on
the infected host will provide the hacker with the
best opportunity to achieving their goal.
Statistically, rootkits have proven to be the most
successful malware tool to use when it comes to
Advanced Persistent Threats (APT) and
maintaining access to a system.
 Introduction t o “ Pentesting”
Chap
Chap
Phases

11  Prior to the attack, the attacker would change their MAC

address and run the attacking machine through at least
one VPN to help cover their identity. They will not
deliver a direct attack or any scanning technique that
would be deemed “noisy”.
05  Once access is gained and privileges have been
Covering escalated, the hacker seek to cover their tracks. This
Tracks includes clearing out Sent emails, clearing server logs,
temp files, etc. The hacker will also look for indications
of the email provider alerting the user or possible
unauthorized logins under their account.

Anti-forensics is a notion encompassing all methods and tools

which exist to delete, change or conceal digital evidence, with the
ultimate goal being the manipulation, destruction or erasure of
digital evidence.
elsave.exe utility is a simple tool for clearing the event log.
It’s command line based

Evidence Eliminator is a data-cleansing system for

Windows PCs. It prevents unwanted data from becoming
permanently hidden in the system
 Introduction t o “ Pentesting”
Chap
Chap
Types

11  Many methods and tools exist for locating vulnerabilities, running exploits, and
com-promising systems.
 Trojans, backdoors, and rootkits are all forms of malicious software, or malware.
Malware is installed on a hacked system after a vulnerability has been exploited.

Applications Shrink-Wrap Code Misconfigurations

Operating
- Not tested for Many off-the-shelf Systems can also
Systems be misconfigured
vulnerabilities programs come with
- install operating or left at the lowest
when extra features the
systems with
developers are common user isn’t common security
the default settings to increase
writing the aware of, and these
settings, ease of use for the
code. features can be used to
- Use of user; this may
- CVE exploit the system. The
EOL/EOS result in
macros in Microsoft
Word, for example, can vulnerability and
allow a hacker to an attack
execute programs from
within the application.
 Introduction t o “ Pentesting”
Chap
Chap
Testing Types

11 Black-box testing involves performing a security evaluation

and testing with no prior knowledge of the network
infrastructure or system to be tested. Testing simulates an
attack by a malicious hacker outside the organization’s
security perimeter. Black-box testing can take the longest
amount of time and most effort as no information is given to
the testing team. Therefore, the information-gathering,
reconnaissance, and scanning phases will take a great deal of
time.

White-box testing involves performing a security evaluation

and testing with complete knowledge of the network
infrastructure such as a network administrator would have.
This testing is much faster than the other two methods as the
ethical hacker can jump right to the attack phase, thus
bypassing all the information-gathering, reconnaissance, and
scanning phases

Gray-box testing involves performing a security evaluation

and testing internally. Testing examines the extent of access
by insiders within the network. The purpose of this test is to
simulate the most common form of attack, those that are
initiated from within the network. The idea is to test or audit
the level of access given to employees or contractors and see
if those privileges can be escalated to a higher level.
 Introduction t o “ Pentesting”
Chap
Chap
Security, Functionality, and Ease of Use Triangle

11

 In an ideal world, security professionals would like to have the highest level of
security on all systems; however, sometimes this isn’t possible. Too many security
barriers make it difficult for users to use the system and impede the system’s
functionality.
 Introduction t o “ Pentesting”
Chap
Chap
Responsibilities of cyber security experts

11 Security Administrator
Installs and manages organization-wide
security systems. May also take on some of
the tasks of a security analyst in smaller
organizations.
Cryptanalyst
Breaks the code/cipher or to
Security Software determine the purpose of malicious
software.
Developer
Develops security software,
including tools for monitoring, Cryptographer
traffic analysis, intrusion Works as researcher to develop
detection, stronger encryption algorithms.
virus/spyware/malware
detection, anti-virus software,
and so on

Security
Engineer
CISO Investigates and
utilizes new
Computer Security Chief technologies and
Information processes to enhance
Incident Responder Security Officer
Mounts rapid response to security capabilities
security threats and attacks and implement
such as viruses and denial-of- improvements.
service attacks.

Penetration Tester
Exploits vulnerabilities to provide hard
evidence that they are vulnerabilities.
Security Analyst
Analyzes and assesses vulnerabilities in
the infrastructure (software, hardware,
networks), investigates available tools and
countermeasures to remedy
 Introduction t o “ Pentesting”
Chap
Chap
Performing a Penetration Test

11 Many ethical hackers acting in the role of security professionals use their skills to perform
security evaluations or penetration tests. These tests and evaluations have three phases,
generally ordered as follows:

Conduct Security
Preparation Conclusion
Evaluation

This phase involves a

formal agreement
between the ethical
hacker and the During this phase, the The findings are
organization. This tests are conducted, presented to the
agreement should after which the tester organization in this
include the full scope of prepares a formal report phase, along with any
the test, the types of of vulnerabilities and recommendations to
attacks (inside or other findings improve security
outside) to be used, and
the testing types: white,
black, or gray box
 Introduction t o “ Pentesting”
Chap
Chap

11 Chap 1 Review Questions

 Chap 1 Review Questions
Chap
Chap

11 1.Which of the following statements best describes a white-hat

hacker?
A. Security professional
B. Former black hat
C. Former gray hat
D. Malicious hacker
2. A security audit performed on the internal network of an
organization by the network administration is also known as:
A. Gray-box testing
B. Black-box testing
C. White-box testing
D. Active testing
E. Passive testing

3. What is the first phase of Pentesting?

A. Attack
B. Maintaining access
C. Gaining access
D. Reconnaissance
E. Scanning
 Chap 1 Review Questions
Chap
Chap

11 6. Which type of hacker represents the highest risk to your

network?
A. Disgruntled employees
B. black hat
C. gray hat
D. Malicious hacker
7. Pentesting for a cause is called
A. Active Pentesting
B. Hacktivism
C. Activism
D. Gray-box testing

8. Which of the following is a system, program, or network that is

the subject of a security analysis?
A. Owned system
B. Vulnerability
C. Exploited system
D. Target of evaluation

9. MAC address spoofing is which type of attack?

A. Encryption
B. Brute-force
C. Authentication
D. Social engineering
 Chap 1 Review Questions
Chap
Chap

11 10. Which items should be included in an Pentesting report?

(Choose all that apply.)

A. Testing type
B. Vulnerabilities discovered
C. Suggested countermeasures
D. Router configuration information