[Ethical Hacking Tutorial – Part 1] Introduction to Ethical Hacking
Most people think hackers have extraordinary skill and knowledge that allow them to hack into computer systems and find valuable information.
The term hacker conjures up images of a young computer whiz who types a few commands at a computer screen—and poof! The computer spits out passwords, account numbers, or other confidential data.
In reality, a good hacker, or security professional acting as an ethical hacker, just has to understand how a computer system works and know what tools to employ in order to find a security weakness.
This article will teach you the same techniques and software tools that many hackers use to gather valuable data and attack computer systems. The realm of hackers and how they operate is unknown to most computer and security professionals.
Hackers use specialized computer software tools to gain access to information. By learning the same skills and employing the software tools used by hackers, you will be able to defend your computer networks and systems against malicious attacks.
The goal of this article is to introduce you to the world of the hacker and to define the terminology used in discussing computer security. To be able to defend against malicious hackers, security professionals must first understand how to employ ethical hacking techniques. This will detail the tools and techniques used by hackers so that you can use those tools to identify potential risks in your systems. This will guide you through the hacking process as a good guy.
Most ethical hackers are in the business of hacking for profit, an activity known as penetration testing, or pen testing for short. Pen testing is usually conducted by a security professional to identify security risks and vulnerabilities in systems and networks. The purpose of identifying risks and vulnerabilities is so that a countermeasure can be put in place and the risk mitigated to some degree. Ethical hackers are in the business of hacking and as such need to conduct themselves in a professional manner.
Additionally, state, country, or international laws must be understood and carefully considered prior to using hacking software and techniques. Staying within the law is a must for the ethical hacker. An ethical hacker is acting as a security professional when performing pen tests and must always act in a professional manner.
Essential Terminology
Hack Value | Often adduced as the reason or motivation for expending effort toward a seemingly useless goal, the point being that the accomplished goal is a hack. |
Target Of Evaluation (TOE) | The product or system that is the subject of the evaluation. |
Attack | An attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. |
Exploit | An exploit ( meaning "using something to one's own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack. |
A Zero Day | A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network. |
Security | In information technology (IT), Security is the defense of digital information and IT assets against internal and external, malicious and accidental threats. This defense includes detection, prevention and response to threats through the use of security policies, software tools and IT services. |
Threat | A threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm. A threat can be either "intentional" (i.e. hacking: an individual cracker or a criminal organization) or "accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event. |
Vulnerability | A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. |
Daisy Chaining | Hackers who get away with database theft usually complete their task, then backtrack to cover their tracks by destroying logs etc. It is like a thief who steals some valuable thing and destroys all the signs of his tracks. |
Element of Information Security
Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.
It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).
Confidentiality | It is the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes |
Integrity | Data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner. |
Availability | It refers to the ability of a user to access information or resources in a specified location and in the correct format. |
Authenticity | Authenticity is assurance that a message, transaction, or other exchange of information is from the source it claims to be from. Authenticity involves proof of identity. |
Non-repudiation | Non-repudiation is the ability to prove that an operation or event has taken place, so that this cannot be repudiated later. For e-mails, for example, non-repudiation is used to guarantee that the recipient cannot deny receiving the message, and that the sender cannot deny sending it. |
The Security, Functionality and Usability Triangle
The level of security in any system can be defined by the strength of three components:
- Functionality
- Security
- Usability
Why is it represented as a triangle?
If you start in the middle and move to the point toward Security, you're moving further away from Functionality and Usability. Move the point toward Usability, and you're moving away from Security and Functionality. Simply put, as security increases, the system's functionality and ease of use decrease.
The more secure something is, the less usable and functional it becomes. We can not secure the system as a whole because as described in figure there is always a relationship between two. If we focus on any one aspect then the other two decreases.
Security Challenges
1. Compliance to government laws and regulations
2. Direct impact of security breach on corporate asset base and goodwill
3. it is difficult to centralize security in a distributed computing environment
4. Evolution of technology focused on ease of use
5. Increase number of network-based applications
6. Increasing complexity of computer infrastructure administration and management
Top Security Challenges | List of Security Risks – 1 | List of Security Risks – 2 |
| 1. Increase in sophisticated Cyber criminals | 1. Trojans/ Info Stealing Keyloggers | 11. Vishing Attacks |
| 2. Data leakage, malicious insiders, and remote workers | 2. Fast Flux Botnets | 12. Identity Black Market |
| 3. Mobile security, adaptive authentication, and social media strategies | 3. Data Loss/ Breaches | 13. Cyber-extortion |
| 4. Cyber security workforce | 4. Internal Threats | 14. Transportable data (USB, Laptops, Backup Tapes) |
| 5. Exploited vulnerabilities, operationalizing security | 5. Organized Cyber Crime | 15. Zombie Networks |
| 6. Critical infrastructure protection | 6. Phishing/ Social Engineering | 16. Exploits in new technology |
| 7. Balancing sharing with privacy requirements | 7. New emerging Virus | 17. Outsourcing projects |
| 8. Identify access strategies and life-cycle | 8. Cyber Espionage | 18. Social Engineering |
| 9. Zero-Day Exploits | 19. Business Interruption | |
| 10. Web 2.0 Threats | 20. Virtualization and Cloud Computing |
Effect of Hacking
The common stance on hacking with the average person is that it is morally wrong. There have been several instances where hacking has proven to have caused problems.
Hacking can create a variety of damages to people, groups and systems of broad spectrum.
Negative Hacking Interactions:
Identity Theft | Some hackers can gain access to sensitive information which could be used to fuel identity theft. This identity theft can cause damages to credit ratings from consumer agencies, run-ins with the law because the person who stole the identity committed a crime, or other damages which may not be repairable at all. |
E-mail Access | Hackers have the ability to gain access to personal e-mail accounts. These can have a variety of information and other private files which most people would regard as important. This information could also hold sensitive data which could be used against someone or simply cause ruin for those who are involved in the breach of privacy. |
Website Security | Many websites have been victims of hackers. Usually the hackers would simply destroy data and leave the websites in an inoperable state which would leave website owners with the task of rebuilding their sites from scratch if they did not have a backup. This could also pose risks for companies who had their consumer's payment information hosted on their websites. Defacing the websites by leaving tags or "calling cards" stating the unknown group's signature was not uncommon in the early days of hacking websites. |
Hacking as a Political Statement
Some hackers are out to get the government and show the vulnerabilities that the government has in trusting their systems too much. This is extremely illegal in the United States and other countries. This has led to some vulnerability in security systems to being fixed and made the government computer systems even stronger.
Of course it is difficult to do this kind of hacking without a trace being left behind. Most if not all hackers who get into the government systems around the world are captured by the government and punished for unauthorized access to their systems.
Hacking through Worm Exploits
Worms are nasty pieces of malicious code which are designed to find vulnerabilities in computer systems and exploit them with automated processing. They can be used to destroy data, collect information or simply lie in wait until they are given commands to do something.
The worm code self replicates and tries to infect as many systems as possible. The big threat that these worms bring is the knowledge that a system is open. This can allow the automated response to install a back door into a system which can allow malicious hackers to gain access to computers as well as turning systems into "zombies" which could be used for various purposes including spamming and masking the actions of the original hacker.
Creators of catastrophic software such as the author of the first Internet worm, Robbert Tappan Morris Jr. did not mean to do bad at all. Before the Internet, there was ARPANET (Advanced Research Projects Agency Network), which was used by the United States government Department of Defense.
Morris created the Morris worm, which was meant to gauge the size of the Internet but had actually gained access to ARPANET by accessing vulnerabilities in Unix based systems which were in use at the time. There was an error in his coding of the worm which caused replication at exponential rates which gained access into NASA and the Air Force systems. It was not intended to harm the computers, but did show that they were vulnerable to attacks. He got off with only community service even though federal guidelines should have given him extensive consequences for his actions. He was hired by MIT and is currently a professor working in the Artificial Intelligence Laboratory.
Hacking as a Learning Tool
Hacking leads several people into the interest of creating newer, better software which can revolutionize the electronic world.
Although it is important to remember that hacking is a varied skill and those who have been hacking the longest will have more success because they know how computers work and how they have evolved over time.
Ethical hackers use their knowledge to improve the vulnerabilities in systems, their hardware and software. The ethical hackers come from a wide variety of different backgrounds.
The best examples are from ex-malicious hackers who decide their purpose is to help prevent damages to companies by holes in their security.
These companies pay their ethical hackers handsomely as they are providing a service which could be extremely useful in preventing damages and loss.
They can be hired by single companies who need advanced protection while others could be hired by software designers who will reach millions of people around the world.
Summary:
- Damage to information and theft of information
- Attacker may also use these PCs as "spam Zombies" or "Spam Bots"
- Attackers use backdoors such as Trojan horses, rootkits, Viruses, and Worms to compromise systems
- Theft/ damage of client or customer/ business data, credit card details, and social security numbers, for identity fraud or theft
- Theft of email addresses for spamming, passwords for access to online banking, ISP, or Web services
Who is a Hacker?
A hacker is any skilled computer expert that uses their technical knowledge to overcome a problem.
While "hacker" can refer to any computer programmer, the term has become associated in popular culture with a "security hacker", someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.
Summary:
- Intelligent individuals with excellent computer skills, with the ability to create and explore into the computer's software and hardware
- Their intention can either be to gain knowledge or to poke around to do illegal things
- For some hackers, hacking is a hobby to see how many computers or networks they can compromise
- Some do hacking with malicious intent behind their escapades, like stealing business data, credit card information, social security numbers, email passwords,etc.
Hacker Classes/ Types of Hackers
First, a short myth:
A 15-year-old boy sits behind a glowing black monitor, typing furiously. The green text streams across his screen like a waterfall. His nervousness escalates dramatically as he sends rapid-fire commands to the strained computer. Suddenly, he lets out a triumphant laugh and proceeds to steal money.
Such is the stereotypical view of a hacker. Yet, there's so much more to this fine art than Hollywood or the media describes. Hackers are varied creatures and include these 7 types:
Script Kiddie | Script Kiddies normally don't care about hacking (if they did, they'd be Green Hats. See below). They copy code and use it for a virus or an SQLi or something else. Script Kiddies will never hack for themselves; they'll just download overused software (LOIC or Metasploit, for example) and watch a YouTube video on how to use it. A common Script Kiddie attack is DoSing or DDoSing (Denial of Service and Distributed Denial of Service), in which they flood an IP with so much information it collapses under the strain. This attack is frequently used by the "hacker" group Anonymous, which doesn't help anyone's reputation. |
White Hat | Also known as ethical hackers, White Hat hackers are the good guys of the hacker world. They'll help you remove a virus or Pen Test a company. Most White Hat hackers hold a college degree in IT security or computer science and must be certified to pursue a career in hacking. The most popular certification is the CEH (Certified Ethical Hacker) from the EC-Council. |
Black Hat | Also known as crackers, these are the men and women you hear about in the news. They find banks or other companies with weak security and steal money or credit card information. The surprising truth about their methods of attack is that they often use common hacking practices they learned early on. |
Gray Hat | Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don't steal money or information (although, sometimes they deface a website or two), yet they don't help people for good (but, they could if they wanted to). These hackers comprise most of the hacking world, even though Black Hat hackers garner most (if not all) of the media's attention. |
Green Hat | These are the hacker "n00bz," but unlike Script Kiddies, they care about hacking and strive to become full-blown hackers. They're often flamed by the hacker community for asking many basic questions. When their questions are answered, they'll listen with the intent and curiosity of a child listening to family stories. |
Red Hat | These are the vigilantes of the hacker world. They're like White Hats in that they halt Black Hats, but these folks are downright SCARY to those who have ever tried so much as Pen Test. Instead of reporting the malicious hacker, they shut him/her down by uploading viruses, DoSing and accessing his/her computer to destroy it from the inside out. They leverage multiple aggressive methods that might force a cracker to need a new computer. |
Blue Hat | If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue Hat hackers will seek vengeance on those who've them angry. Most Blue Hats are n00bz, but like the Script Kiddies, they have no desire to learn. |
Hacking Phases
Phase 1 – Reconnaissance | Reconnaissance is the act of gathering preliminary data or intelligence on your target. The data is gathered in order to better plan for your attack. Reconnaissance can be performed actively (meaning that you are directly touching the target) or passively (meaning that your recon is being performed through an intermediary). |
Phase 2 – Scanning | The phase of scanning requires the application of technical tools to gather further intelligence on your target, but in this case, the intel being sought is more commonly about the systems that they have in place. A good example would be the use of a vulnerability scanner on a target network. |
Phase 3 – Gaining Access | Phase 3 gaining access requires taking control of one or more network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets. |
Phase 4 – Maintaining Access | Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible. The attacker must remain stealthy in this phase, so as to not get caught while using the host environment. |
Phase 5 – Covering Tracks | The final phase of covering tracks simply means that the attacker must take the steps necessary to remove all semblance of detection. Any changes that were made, authorizations that were escalated etc. all must return to a state of non-recognition by the host network's administrators. |
Types of Attacks of a System
Without security measures and controls in place, your data might be subjected to an attack. Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself.
Your networks and data are vulnerable to any of the following types of attacks if you do not have a security plan in place.
1. Eavesdropping
In general, the majority of network communications occur in an unsecured or "cleartext" format, which allows an attacker who has gained access to data paths in your network to "listen in" or interpret (read) the traffic.
When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping.
The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise.
Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network.
2. Data Modification
After an attacker has read your data, the next logical step is to alter it.
An attacker can modify the data in the packet without the knowledge of the sender or receiver. Even if you do not require confidentiality for all communications, you do not want any of your messages to be modified in transit.
For example, if you are exchanging purchase requisitions, you do not want the items, amounts, or billing information to be modified.
3. Identity Spoofing (IP Address Spoofing)
Most networks and operating systems use the IP address of a computer to identify a valid entity.
In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet.
After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data. The attacker can also conduct other types of attacks, as described in the following sections.
4. Password-Based Attacks
A common denominator of most operating system and network security plans is password-based access control. This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password.
Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user.
When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time.
After gaining access to your network with a valid account, an attacker can do any of the following:
- Obtain lists of valid user and computer names and network information.
- Modify server and network configurations, including access controls and routing tables.
- Modify, reroute, or delete your data.
5. Denial-of-Service Attack
Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users.
After gaining access to your network, the attacker can do any of the following:
- Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.
- Send invalid data to applications or network services, which causes abnormal termination or behavior of the applications or services.
- Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.
- Block traffic, which results in a loss of access to network resources by authorized users.
6. Man-in-the-Middle Attack
As the name indicates, a man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently.
For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data.
Man-in-the-middle attacks are like someone assuming your identity in order to read your message. The person on the other end might believe it is you because the attacker might be actively replying as you to keep the exchange going and gain more information. This attack is capable of the same damage as an application-layer attack, described later in this section.
7. Compromised-Key Attack
A key is a secret code or number necessary to interpret secured information. Although obtaining a key is a difficult and resource-intensive process for an attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised key.
An attacker uses the compromised key to gain access to a secured communication without the sender or receiver being aware of the attack.With the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.
8. Sniffer Attack
A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.
Using a sniffer, an attacker can do any of the following:
- Analyze your network and gain information to eventually cause your network to crash or to become corrupted.
- Read your communications.
9. Application-Layer Attack
An application-layer attack targets application servers by deliberately causing a fault in a server's operating system or applications. This results in the attacker gaining the ability to bypass normal access controls.
The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following:
- Read, add, delete, or modify your data or operating system.
- Introduce a virus program that uses your computers and software applications to copy viruses throughout your network.
- Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network.
- Abnormally terminate your data applications or operating systems.
- Disable other security controls to enable future attacks.
Why Ethical Hacking is Necessary?
EC Council explained Ethical Hacking as a bodyguard to the computer systems.
An ethical hacker is someone who follows ethical principles to protect information and systems from the unethical hackers.
Recently, many organizations have faced cyber-attacks leading to the growing need of having professional ethical hackers who can safeguard their networks.
Ethical Hacking | As hacking involves creative thinking, vulnerability testing and security audit can't ensure that the network is secure. |
Defense in depth strategy | To achieve this, organizations need to implement a "defense in depth" strategy by penetration into their network to estimate vulnerability and expose them. |
Counter the Attack | Ethical hacking is necessary because it allows the countering of attacks from malicious hackers by anticipating methods they can use to break into a system. |
Scope and Limitations of Ethical Hacking
Scope | Limitations |
| Ethical hacking is a crucial component of risk assessment, auditing, couterfraud, best practices, and good governance. | However, unless the businesses first know what it is at that they are looking for and Why they are hiring an outside vendor to hack systems in the first place, chances are there would not be much to gain from experience. |
| It s used to identify risks and highlight the remedial actions and also reduces information and communications technology (ICT) costs by resolving those vulnerabilities. | An ethical hacker thus can only help the organization to better understand their security system, but it is up to the organization to place the right guard on the network. |
Who Do Ethical Hackers Do?
Ethical hackers try to answer the following questions:
- What can the intruder see on the target system? ( Reconnaissance and Scanning Phases )
- What can an intruder do with that information? ( Gaining access and Maintaining phases )
- Does anyone at the target notices the intruders' attempts? ( Reconnaissance and Covering tracks phases )
Ethical hackers are hired by organizations to attack their information system and networks in order to discover vulnerability and verify that security measure are functioning correctly.
Their duties may include testing systems and networks for vulnerabilities and attempting to access sensitive data by breaking security controls.
Skills of an Ethical Hacker
Platform Knowledge | Has in-depth knowledge of target platforms Such as Windows, Unix and Linux |
Network Knowledge | Has Exemplary knowledge of networking and related hardware and software |
Computer Expert | Should be a computer expert adept at technical domain |
Security Knowledge | Has knowledge and related issues |
Technical Knowledge | Has "High technical knowledge" to launch the sophisticated attacks |
Vulnerability Research
Vulnerability Research is the process by which security flaws in technology are identified. Vulnerability research can but does not always involve reverse engineering, code analysis, static analysis, etc.
Performing vulnerability research against technology pre-release enables technology vendors to provide their customers with higher quality products and higher levels of trust and security.
If you do not check the security of your technology then you can rest assured that malicious hackers will. Vulnerability research helps to identify and eliminate security flaws that might otherwise be exploited by malicious hackers.
Successful exploitation can lead to system compromise, data loss, data corruption, theft of intellectual property, theft of sensitive data, loss of service, and sometimes loss of life.
Vulnerability Research Websites:
- http://www.kb.cert.org
- https://nvd.nist.gov/
- https://secunia.com/
- http://ift.tt/KAck67
- http://ift.tt/1RCLOKS
- http://ift.tt/1f7SFap
- http://ift.tt/Y0pFEv
- http://ift.tt/1qHGp7p
Penetration Testing
There is a considerable amount of confusion in the industry regarding the differences between vulnerability scanning and penetration testing, as the two phrases are commonly interchanged. However, their meaning and implications are very different.
A vulnerability assessment simply identifies and reports noted vulnerabilities, whereas a penetration test (Pen Test) attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.
Penetration testing typically includes network penetration testing and application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.
Once the threats and vulnerabilities have been evaluated, the penetration testing should address the risks identified throughout the environment. The penetration testing should be appropriate for the complexity and size of an organization. All locations of sensitive data; all key applications that store, process or transmit such data; all key network connections; and all key access points should be included.
The penetration testing should attempt to exploit security vulnerabilities and weaknesses throughout the environment, attempting to penetrate both at the network level and key applications. The goal of penetration testing is to determine if unauthorized access to key systems and files can be achieved. If access is achieved, the vulnerability should be corrected and the penetration testing re-performed until the test is clean and no longer allows unauthorized access or other malicious activity.
Summary:
Ethical hacking enables organization to counter attacks from malicious hackers by anticipating certain attacks by which they can break the system.
An ethical hacker helps in evaluating the security of a computer system to networks by simulating an attack by malicious user.
Ethical hacking is a crucial component of risk assessment, auditing, counter-fraud, nest practices and good governance.
Ethical hackers can help organization to netter understand their security systems and identify the risks, highlight the remedial actions and also reduce ICT costs by resolving those vulnerability.
from The Hacker Solutions full article here