Showing posts with label BEGINNER HACKING. Show all posts
Showing posts with label BEGINNER HACKING. Show all posts
Ethical
Hacking is testing the resources for a good cause and for the betterment of
technology. Technically Ethical Hacking
means penetration testing which is focused on Securing and Protecting IT
Systems
Working of an
ethical hacker
Obeying
the Ethical Hacking Commandments:
Every
Ethical Hacker must follow few basic principles. If he do not follow, bad
things can happen. Most of the time these
principles get ignored or forgotten when planning or executing ethical hacking
tests. The results are even very
dangerous.
Working
ethically:
The word ethical can be defined as working
with high professional morals and principles. Whether you’re
performing
ethical hacking tests against your own systems or for someone who has hired
you, everything you do as an
ethical Hacker must be approved and must support the company’s goals. No hidden
agendas are allowed! Trustworthiness
is the ultimate objective. The misuse of information is absolutely not allowed.
That’s what the bad
guys do.
Respecting
privacy:
Treat the information you gather with complete
respect. All information you obtain during your testing — from
Web
application log files to clear-text passwords — must be kept private.
Not
crashing your systems:
One of the biggest mistakes is when people try
to hack their own systems; they come up with crashing their
systems.
The main reason for this is poor planning. These testers have not read the
documentation or
misunderstand
the usage and power of the security tools and techniques.
You can easily create miserable conditions on
your systems when testing. Running too many tests too quickly on a system
causes many system lockups. Many security assessment tools can control how many
tests are performed on a system at the same time. These tools are especially
handy if you need to run the tests on production systems during regular business hours.
Executing
the plan:
In Ethical hacking, Time and patience are
important. Be careful when you’re performing your ethical hacking tests. A
Hacker in your network or an employee looking over your shoulder may watch
what’s going on. This person could
use this information against you. It’s not practical to make sure that no
Hackers are on your systems before you
start. Just make sure you keep everything as quiet and private as possible.
This is especially critical when transmitting
and storing your test results. You’re now on a reconnaissance mission.
Find as
much information as possible about your organization and systems, which is what
malicious Hackers do.
Start
with a broad view of mind and narrow your focus. Search the Internet for your
organization’s name, your computer
and network system names, and your IP addresses. Google is a great place to
start for this.
Don’t take ethical hacking too far, though. It
makes little sense to harden your systems from unlikely attacks. For instance,
if you don’t have a internal Web server running, you may not have to worry too
much about. However,
don’t forget about insider threats from malicious employees or your friends or colleagues!
1) Reconnaissance
2) Scanning
3) Gaining Access
4) Maintaining Access
5) Clearing Tracks
6) Performing Reconnaissance
7) Scanning and Enumeration
8) Gaining access
9) Maintaining access and
Placing Backdoors
10) Covering tracks or Clearing
Logs
Phase I: Reconnaissance
Reconnaissance can be described as the pre-attack phase
and is a systematic attempt to locate, gather, identify,
and record information about the target. The Hacker seeks
to find out as much information as possible about the
target.
Phase II: Scanning and
Enumeration
Scanning and enumeration is considered the second
pre-attack phase. This phase involves taking the information
discovered during reconnaissance and
using it to examine the network. Scanning involves steps such as intelligent
system port scanning which is used to determine open ports
and vulnerable services. In this stage the attacker
can use different automated tools to discover system
vulnerabilities.
Phase III: Gaining Access
This is the phase where the real hacking takes place.
Vulnerabilities discovered during the reconnaissance and
scanning phase are now exploited to gain access. The
method of connection the Hacker uses for an exploit can be
a local area network, local access to a PC, the Internet,
or offline. Gaining access is known in the Hacker world as
owning the system. During a real security breach it would
be this stage where the Hacker can utilize simple
techniques to cause irreparable damage to the target
system.
Phase IV: Maintaining Access
and Placing Backdoors
Once a Hacker has gained access, they want to keep that
access for future exploitation and attacks. Sometimes,
Hackers harden the system from other Hackers or security
personnel by securing their exclusive access with
Backdoors, Root kits, and Trojans.
The attacker can use automated scripts and automated tools
for hiding attack evidence and also to create
backdoors for further attack.
Phase V: Clearing Tracks
In this phase, once Hackers have been able to gain and
maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned
system, to remove evidence of hacking, or to avoid legal action. At present, many successful security breaches are
made but never detected. This includes cases where firewalls and vigilant log checking were in place.
White Hat – These are considered the good guys. White hat hackers don’t use
their skills for illegal purposes. They usually become Computer Security
experts and help protect people from the Black Hats.
Black Hat – These are considered the bad guys. Black hat hackers usually use their skills maliciously for personal gain. They are the people that hack banks, steal credit cards, and deface websites.
These two terms came from the old
western movies where the good guys wore white hats and the bad guys wore black
hats.
Grey Hat Hacker - A Grey Hat Hacker is a Computer guy who sometimes acts legally, sometimes in good will, and sometimes not.They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commitcrimes during the course of their technological exploits.
They are hybrid between White Hat and
Black Hat Hackers.
Script kiddies – These are the wannabe hackers. They are looked down upon in the hacker community because they are the people that make hackers look bad. Script kiddies usually have no hacking skills and use the tools developed by other hackers without any knowledge of what’s happening behind the scenes.
Intermediate hackers – These people usually know about computers, networks, and have enough programming knowledge to understand relatively what a script might do, but like the script kiddies they use pre-developed well-known exploits (- a piece of code that takes advantage of a bug or vulnerability in a piece of software that allows you to take control of a computer system) to carry out attacks
Elite Hackers – These are the skilled hackers. They are the ones that write the many hacker tools and exploits out there. They can break into systems and hide their tracks or make it look like someone else did it. You should strive to eventually reach this level.
Coders-The Real Hackers are the Coders, the ones who revise the methods and create tools that are available in the
market. Coders can find security holes and weaknesses in
software to create their own exploits. These Hackers can use those exploits to develop fully patched and secure
systems. Coders are the
programmers who have the ability to find the unique vulnerability in existing
software and to create working exploit codes. These are the individuals
with a deep understanding of the OSI Layer Model and TCP/IP Stacks.
Admins-
Admins are the computer guys who use the tools and exploits prepared by the
coders. They do not develop their own
techniques, however they uses the tricks which are already prepared by the coders.
They are generally System Administration, or Computer Network Controller.
Most of the Hackers and security person in this digital world come under this category. Admins have
experience with several operating systems, and know how to exploit several existing
vulnerabilities. A majority of Security Consultants fall in this group and
work as a part of Security Team.
A hacker is someone who likes to tinker with electronics or computer systems. Hackers like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they weren’t intended to do.
The Art of exploring various security breaches is termed as Hacking.
Computer Hackers have been around for so many years. Since the Internet became widely used in the World, We have started to hear more and more about hacking. Only a few Hackers, such as Kevin Mitnick, are well known.
They do it for Personal gain, Fame, Profit and even Revenge. They Modify, Delete and Steal critical information,often making other people's life miserable.
Most people associate Hacking with breaking law, therefore calling all those guys who engage in hacking activities to be criminals. We agree that there are people out there who use hacking techniques to break the law, but hacking is not really about that. In fact, hacking is more about following the law and performing the steps within the limits.
1. Hacker :- You Will be surprise to know that Hacker is a good person, as Hacker is someone who is able to manipulate the inner working of Computers,Information and Technology.
But because of media, name of Hacker is Spoiled
2. Cracker :-In security Community, a cracker is someone who breaks encryption and copy protection Schemes. They are mailicious programmers.
Similarity of both is that both are very smart people who have in depth-understanding of computer systems and can accurately analyse a difficulty to solve problem.
But because of media, name of Hacker is Spoiled
2. Cracker :-In security Community, a cracker is someone who breaks encryption and copy protection Schemes. They are mailicious programmers.
Similarity of both is that both are very smart people who have in depth-understanding of computer systems and can accurately analyse a difficulty to solve problem.
