2. What is Hacking ?
Process to bypass the security mechanisms.
Unauthorized use of computer and network.
Hacking is the practice of modifying the features of a
system, in order to accomplish a goal outside of the
creator's original purpose.
Hacking is the process of exploiting vulnerabilities to
gain unauthorized access to systems or resources.
3. Who are hackers ?
Hacker is a term used by some to mean "a clever
programmer" and by others, especially those in
popular media, to mean "someone who tries to break
into computer systems."
4. Types of Hackers
5. Understanding the need to hack
your own system
Basis for Ethical Hacking.
To catch a thief, think like a thief
6. Overall goals of an ethical hacker
Hack your systems in a nondestructive fashion.
Enumerate vulnerabilities and , if necessary, prove
to management that vulnerabilities exit and can be
Apply result to remove the vulnerabilities and
better secure your systems.
7. Vulnerability Assessment
A vulnerability assessment is the process of defining,
identifying, classifying and prioritizing vulnerabilities
in computer systems, applications and network
infrastructures and providing the organization doing
the assessment with the necessary knowledge,
awareness and risk background to understand the
threats to its environment and react appropriately.
8. Vulnerability Assessment Tools
9. What is Penetration Testing
A penetration test, also known as a pen test, is a
simulated cyber attack against your network,
infrastructure, devices, computer system or any other
environment to check for exploitable vulnerabilities.
10. Types of Penetration Tests
Black Box Penetration Testing
White Box Penetration Testing
Grey Box Penetration Testing
11. Black Box Penetration Testing
In black box penetration testing, tester has no idea
about the systems that he is going to test. He is
interested to gather information about the target
network or system. For example, in this testing, a
tester only knows what should be the expected
outcome and he does not know how the outcomes
arrives. He does not examine any programming codes.
12. White Box Penetration Testing
This is a comprehensive testing, as tester has been
provided with whole range of information about the
systems and/or network such as Schema, Source code,
OS details, IP address, etc. It is normally considered as
a simulation of an attack by an internal source. It is
also known as structural, glass box, clear box, and open
White box penetration testing examines the code
coverage and does data flow testing, path testing, loop
13. Grey Box Penetration Testing
In this type of testing, a tester usually provides partial
or limited information about the internal details of the
program of a system. It can be considered as an attack
by an external hacker who had gained illegitimate
access to an organization's network infrastructure
24. Starting with Metasploit !!!
The Metasploit project is an open-source, computer
security project which provides information about
security vulnerabilities and aids in penetration testing
and IDS signature development.
Metasploit is an framework which is used for the
hacking of different kinds of applications, operating
systems, web applications etc.
25. What is metasploit ?
Metasploit contain various exploits, payloads, modules
Metasploit Framework is especially used by many of
the hackers to generate payloads and attack the
As Metasploit is an open source where any one can use
it. This framework supports different operating
systems like windows, linux ,mac os x etc.
26. Metasploit terms
Exploit used to take advantage of a security flaw
within a system, network, or application.
Payload is code that our victim computer to
execute by the Metasploit framework.
Module a small piece of code that can be added to
the Metasploit framework to execute an attack.
Shell-code a small piece of code used as a payload.
27. What is a vulnerability?
A vulnerability is a security hole in a piece of software,
hardware or operating system that provides a potential
angle to attack the system.
A vulnerability can be as simple as weak passwords or
as complex as buffer overflows or SQL injection
28. What is an exploit?
To take advantage of a vulnerability, you often need an
exploit, a small and highly specialized computer
program whose only reason of being is to take
advantage of a specific vulnerability and to provide
access to a computer system.
Exploits often deliver a payload to the target system to
grant the attacker access to the system.
29. What is a payload?
A payload is the piece of software that lets you control
a computer system after it’s been exploited.
The payload is typically attached to and delivered by
Metasploit most popular payload is called Meterpreter,
which enables you to do all sorts of funky stuff on the
target system. For example, you can upload and
download files from the system, take screenshots, and
collect password hashes etc.
30. What is msfconsole ?
MSFconsole is an all-in-one interface to most of the
features in Metasploit.
MSFconsole can be used to launch attacks, creating
listeners, and much, much more.
32. Meterpreter commands
Getuid -> show uid
Ps -> show active process
Migrate -> command used when hacker want to
migrate his process to any administrative privileges
Hashdump -> to dump password hash.
Screenshot -> to take screenshot of victim.
Shell -> to enter into the victim shell.
download C:<file name>
upload C:<file name>