Hey, I start publishing my articles on this blog by Explaining a little bit about Ethical Hacking because I'll always discuss about tips and Tricks about Information Security and Vulnerabilities.
What is Ethical Hacking ?
Ethical hacking also known as penetration testing or white-hat hacking, is the use of programming skills to determine vulnerabilities in computer systems. While the non-ethical hacker or black hat exploits these vulnerabilities for mischief, personal gain or other reasons, the ethical hacker evaluates them, points them out, and may suggest changes to systems that make them less likely to be penetrated by black hats.
Here are 5 Main steps for performing ethical Hacking.
Foot-printing is the blueprinting of the security profile of an organization, undertaken in a methodological manner.
Foot-printing is a first step that a penetration tester used to evaluate the security of any IT infrastructure, foot-printing means to gather the maximum information about the computer system or a network and about the devices that are attached to this network. this may include :
Foot-printing is a first step that a penetration tester used to evaluate the security of any IT infrastructure, foot-printing means to gather the maximum information about the computer system or a network and about the devices that are attached to this network. this may include :
- Accessible hosts
- Open ports
- Location of routers
- OS details
- Details of services
Scanning and Enumeration
- Scanning(Port scanning) is one of the most common reconnaissance techniques used by Pentesters to discover the vulnerabilities in the services listening at given ports.Once the IP address of a target system have been identified through footprinting, Pentester can begin the process of port scanning: looking for holes in the system through which you /or a malicious intruder can gain access. A typical system has 2^16 -1=>65535 port numbers, each with its own TCP and UDP port that can be used to gain access if unprotected.
- Enumeration Basically Enumeration is the next process/steps after scanning and it is the process of gathering and compiling username, machine names, network resources, shares, and services and it also involves in active connections to systems and directed queries. The Main objective of enumeration is to identify user accounts or less protected system account resources for hacking.
System Hacking(Gaining Access) This step comes after scanning and then try to exploit all vulnerabilities found and get the access on the target system. This involves the use of some Operating System like BackTrack and and other specialized tools. Here is Tools that can perform the task.
Maintaining Access (Plant Root-kits and Back-doors) This is the most important stage of penetration testing in terms of establishing the potential damage to the target systems. Here the Pentester install root-kits and backdors on the target system. But What a hacker could and could not do would primarily depend on four influencing factors:
- Architecture
- Configuration of the target system
- Individual skill of the hacker
- Initial level of access obtained
Covering Tracks The final stage of penetration test or ethical hacking is to check whether the ethical hacker can erase or cover the mark that has been created in earlier stages of the test. This is done by clearing all system logs.
No comments:
Post a Comment