3. TYPES OF HACKERS
White hat hacker
Black hat hacker
Gray hat hacker
Ghost hacker
Script kiddies
4. What is “Ethical Hacking” ?
Penetration Testing
Security Testing
5. Steps involved in Ethical Hacking :
Signing of Contract
Footprinting OR Reconnaisance
Enumeration & Fingerprinting (Scanning)
Identification of vulnerabilities
Attack – Exploit the vulnerabilities
Reporting
6. Signing of contract
• A contract between the tester i.e.
ethical hacker and organization i.e.
client
• specifies certain conditions and
terms of test being conducted
• signed by both the parties.
7. Footprinting OR Reconnaissance
Collecting as much information about the
target.
Tools used –
nslookup, traceroute, whois etc.
8. Enumeration & Fingerprinting (scanning)
• Determining the target.
• Identification of services and open ports.
• Enumerating operating system.
Tools used-
Nmap, SNMP scanner, netcat, telnet etc.
9. Identification of vulnerabilities
• Insecure configuration
• Weak passwords
• Unpatched vulnerabilities in services, operating
system and application
• Possible vulnerabilities in services, operating
system and applications
• Insecure programming
• Weak Access control
• Tools and Techniques used-
Vulnerability scanners like Nessus, Listening to
traffic, Password crackers, Default passwords, Brute
force, Social engineering, SQL injection,
vulnerability information website e.g.
http://cve.mitre.org,
http://www.securityfocus.com
10. Attack – Exploit the vulnerabilities
• Obtain information(trophies) from the target system
• Gaining normal access
• Escalating privileges
• Obtain access to other connected systems
• Operating system attacks
• Tools used-
Nessus, Metasploit, Framework,