Ethical Hacking

1.INTRODUCTION

Ethical hacking ,also known as penetration testing or white-hat hacking,involves the same
tools, tricks, and techniques that hackers use, but with one major difference that Ethical
hacking is legal. Ethical hacking is performed with the target’s permission. The intent of
ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be
better secured. It’s part of an overall information risk management program that allows
for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims
about the security of their products are legitimate.

1.1Penetration testing

A penetration test, occasionally pentest, is a method of evaluating the security of a

computer system or network by simulating an attack from a malicious source, known as
black hat hacker, or cracker. The process involves an active analysis of the system for any
potential vulnerabilities that could result from poor or improper system configuration,
both known and unknown hardware or software flaws, or operational weaknesses in
process or technical countermeasures. This analysis is carried out from the position of a
potential attacker and can involve active exploitation of security vulnerabilities. Any
security issues that are found will be presented to the system owner, together with an
assessment of their impact, and often with a proposal for mitigation or a technical
solution. The intent of a penetration test is to determine the feasibility of an attack and the
amount of business impact of a successful exploit, if discovered. It is a component of a
full security audit. For example, the Payment Card Industry Data Security Standard (PCI
DSS), and security and auditing standard, requires both annual and ongoing penetration
testing (after system changes). Penetration tests can be conducted in several ways. The
most common difference is the amount of knowledge of the implementation details of the
system being tested that are available to the testers. Black box testing assumes no prior
knowledge of the infrastructure to be tested. The testers must first determine the location
and extent of the systems before commencing their analysis. At the other end of the
spectrum, white box testing provides the testers with complete knowledge of the
infrastructure to be tested, often including network diagrams, source code, and IP
addressing information. There are also several variations in between, often known as
greybox tests. Penetration tests can also be described as "full disclosure" (white box),
Department of Information Science, Bangalore 1
Ethical Hacking
"partial disclosure" (grey box), or "blind" (black box) tests based on the amount of
information provided to the testing party.

1.2 Security

Security is the condition of being protected against danger or loss. In the general sense,
security is a concept similar to safety. In the case of networks the security is also called
the information security. Information security means protecting information and
information systems from unauthorized access, use, isclosure, disruption, modification, or
destruction. Usually the security is described in terms of CIA triads. The CIA are the
basic principles of security in which “C” denotes the Confidentiality , “I” represents
Integrity and the letter “A” represents the Availability.

Confidentiality

Confidentiality is the property of preventing disclosure of information to unauthorized

individuals or systems. This implies that the particular data should be seen only by the
authorized personals. Those persons who is a passive person should not see those data.
For example in the case of a credit card transaction, the authorized person should see the
credit card numbers and he should see that data. Nobody others should see that number
because they may use it for some other activities. Thus the confidentiality is very
important. Confidentiality is necessary for maintaining the privacy of the people whose
personal information a system holds.

Integrity

Integrity means that data cannot be modified without authorization. This means that the
data seen by the authorized persons should be correct or the data should maintain the
property of integrity. With out that integrity the data is of no use. Integrity is violated
when a computer virus infects a computer, when an employee is able to modify his own
salary in a payroll database, when an unauthorized user vandalizes a web site, when
someone is able to cast a very large number of votes in an online poll, and so on. In such
cases the data is modified and then we can say that there is a breach in the security.

Department of Information Science, Bangalore 2

Ethical Hacking
Availability

For any information system to serve its purpose, the information must be available when
it is needed. Consider the case in which the data should have integrity and confidentiality.
For achieving both these goals easily we can make those data off line. But then the data is
not available for the user or it is not available. Hence the data is of no use even if it have
all the other characteristics. This means that the computing systems used to store and
process the information, the security controls used to protect it, and the communication
channels used to access it must be functioning correctly. All these factors are considered
to be important since data lacking any of the above characteristics is useless. Therefore
security is described as the CIA trio. Lacking any one of the CIA means there is a security
breach.

1.3 Need for Security

Computer security is required because most organizations can be damaged by hostile

software or intruders. Moreover security is directly related to business. This is because if
a company losses a series of credit card numbers of it`s customers then many customers
would be hesitant to go back to the same company and that particular company will lose
many customer and hence the business. There may be several forms of damage which are
obviously interrelated which are produced by the intruders. These include:
● lose of confidential data
● damage or destruction of data
● damage or destruction of computer system
● loss of reputation of a company
There may be many more in the list due to security breaches. This means that
security is absolutely necessary.

1.4 Hacking

A hacker is a person who is interested in a particular subject and have an immense

knowledge on that subject. In the world of computers a hacker is a person intensely
interested in the arcane and recondite workings of any computer operating system. Most
often, hackers are programmers with advance knowledge of operating systems and
programming languages. Eric Raymond, compiler of “The New Hacker's Dictionary”,
Department of Information Science, Bangalore 3
Ethical Hacking
defines a hacker as a clever programmer. A "good hack" is a clever solution to a
programming problem and "hacking" is the act of doing it. Raymond lists five possible
characteristics that qualify one as a hacker, which we paraphrase here:
●A person who enjoys learning details of a programming language or system
●A person who enjoys actually doing the programming rather than just
theorizing about it
●A person capable of appreciating someone else's hacking
●A person who picks up programming quickly
A person who is an expert at a particular programming language or system

1.5 Types of Hackers

Hackers can be broadly classified on the basis of why they are hacking system
or why the are indulging hacking. There are mainly three types of hacker on this basis

Black-Hat Hacker
A black hat hackers are individuals with extraordinary computing skills, resorting to
malicious or destructive activities. That is black hat hackers use their knowledge and skill
for their own personal gains probably by hurting others.
These black hat hackers are also known as crackers

White-Hat Hacker
White hat hackers are those individuals professing hacker skills and using them for
defensive purposes. This means that the white hat hackers use their knowledge and skill
for the good of others and for the common good. These white hat hackers are also called
as security analysts.

Grey-Hat Hackers
These are individuals who work both offensively and defensively at various times. We
cannot predict their behavior. Sometimes they use their skills for the common good while
in some other times he uses them for their personal gains.

1.6 Can Hacking Be Done Ethically?

Due to some reasons hacking is always meant in the bad sense and hacking
means black hat hacking. But the question is can hacking be done ethically? The
Department of Information Science, Bangalore 4
Ethical Hacking
answer is yes because to catch a thief, think like a thief. That’s the basis for ethical
hacking. Suppose a person or hacker try to hack in to a system and if he finds a
vulnerability. Also suppose that he reports to the company that there is vulnerability.
Then the company could make patches for that vulnerability and hence they could protect
themselves from some future attacks from some black hat hacker who tries to use the
same vulnerability. So unless somebody try to find a vulnerability, it remains hidden and
on someday somebody might find these vulnerability and exploit them for their own
personal interests. So this can be done using ethical hacking.

1.7 Ethical Hacking

Ethical hacking is also known as penetration testing, intrusion testing or red teaming.
With the growth of the Internet, computer security has become a major concern for
businesses and governments. They want to be able to take advantage of the Internet for
electronic commerce, advertising, information distribution and access, and other pursuits,
but they are worried about the possibility of being “hacked.” At the same time, the
potential customers of these services are worried about maintaining control of personal
information that varies from credit card numbers to social security numbers and home
addresses. In their search for a way to approach the problem, organizations came to
realize that one of the best ways to evaluate the intruder threat to their interests would be
to have independent computer security professionals attempt to break into their computer
systems. This scheme is called Ethical Hacking. This similar to having independent
auditors come into an organization to verify its bookkeeping records. This method of
evaluating the security of a system has been in use from the early days of computers. In
one early ethical hack, the United States Air Force conducted a “security evaluation” of
the Multics operating systems for “potential use as a two-level (secret/top secret) system”.
With that they found out that the particular software is better than the conventional
systems. But it also brought out some of its vulnerabilities.Successful ethical hackers
possess a variety of skills. First and foremost, they must be completely trustworthy. While
testing the security of a client's systems, the ethical hacker may discover information
about the client that should remain secret. In many cases, this information, if publicized,
could lead to real intruders breaking Into the systems, possibly leading to financial losses.
During an evaluation, the ethical hacker often holds the “keys to the company,” and
therefore must be trusted to exercise tight control over any information about a target that
could be misused. The sensitivity of the information gathered during an evaluation
Department of Information Science, Bangalore 5
Ethical Hacking
requires that strong measures be taken to ensure the security of the systems being
employed by the ethical hackers themselves: limited-access labs with physical security
protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to
hold paper documentation from clients, strong cryptography to protect electronic results,
and isolated networks for testing.Ethical hackers also should possess very strong
programming and computer networking skills and have been in the computer and
networking business for several years. Another quality needed for ethical hacker is to
have more drive and patience than most people since a typical evaluation may require
several days of tedious work that is difficult to automate. Some portions of the
evaluations must be done outside of normal working hours to avoid interfering with
production at “live” targets or to simulate the timing of a real attack. When they
encounter a system with which they are unfamiliar, ethical hackers will spend the time to
learn about the system and try to find its weaknesses. Finally, keeping up with the ever-
changing world of computer and network security requires continuous education and
review.

1.8 What do an Ethical Hacker do?

An ethical hacker is a person doing ethical hacking that is he is a security personal who
tries to penetrate in to a network to find if there is some vulnerability in the system. An
ethical hacker will always have the permission to enter into the target network. An ethical
hacker will first think with a mindset of a hacker who tries to get in to the system. He will
first find out what an intruder can see or what others can see.Finding these an ethical
hacker will try to get into the system with those information in whatever method he can.
If he succeeds in penetrating into the system then he will report to the company with a
detailed report about the particular vulnerability exploiting which he got in to the system.
He may also sometimes make patches for that particular vulnerability or he may suggest
some methods to prevent the vulnerability.

Department of Information Science, Bangalore 6

Ethical Hacking
2.ETHICAL HACKING

Ethical hacking is a process in which an authenticated person, who is a computer and

network expert, attacks a security system on behalf of its owners a security system on
behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. In
order to test the system an ethical hacker will use the same principles as the usual hacker
uses, but reports those vulnerabilities instead of using them for their own advantage.

2.1Modes of Ethical hacking

Insider attack
This ethical hack simulates the types of attacks and activities that could be carried out by
an authorized individual with a legitimate connection to the organization's network.

Outsider attack

This ethical hack seeks to simulate the types of attacks that could be launched across the
Internet. It could target HTTP, SMTP, SQL, or any other available service.

Stolen equipment attack

This simulation is closely related to a physical attack, as it targets the organizations

equipment. It could seek to target the CEO laptop or the organization's backup tapes. No
matter what the target, the goal is the sameextract critical information, usernames, and
passwords.

Physical entry

This simulation seeks to test the organization's physical controls. Systems such as doors,
gates, locks, guards, CCTV, and alarms are tested to see if they can be bypassed.

Social engineering attack

This simulation does not target technical systems or physical access. Social engineering
attacks target the organization's employees and seek to manipulate them to gain
privileged information. Proper controls, policies, and procedures can go a long way in
defeating this form of attack.

Department of Information Science, Bangalore 7

Ethical Hacking

2.2 Analogy with Building Robbing

The methodology of a hacker is similar to the one used for usual thefts. Lets consider the
case of a bank robbery. The first step will be to find information about the total
transaction of the bank, the total amount of money that may be kept in the bank, who is
the manager, if the security personals have a gun with them etc. This is similar to the
reconnaissance phase of hacking.The next step will be to find the ways through which we
can enter the building, how many doors are present in the building, if there is a lock at
each door etc. This is similar to the second stage the scanning in which we will check
which all hosts are present, which all services are running etc.The third step will be to
enter the building which is similar to gaining access.For entering in to a building we need
some keys. Like that in case of network we need some ids and passwords. Once we
entered the building our next aim will be to make an easier way inside when I come next
time which is analogous to the next step maintaining access. In the hacking case we use
Trojans,back door worms etc like placing a hidden door inside the building. Then the
final step in which we will try to hide the fact that I entered the building which is
analogous to the clearing of tracks in the case of hacking

2.3 Methodology of Hacking

As described above there are mainly five steps in hacking like reconnaissance, scanning,
and gaining access, maintaining access and clearing tracks. But it is not the end of the
process. The actual hacking will be a circular one. Once the hacker completed the five
steps then the hacker will start reconnaissance in that stage and the preceding stages to get
in to the next level. The various stages in the hacking methodology are
● Reconnaissance

● Scanning & Enumeration

● Gaining access
● Maintaining access
● Clearing tracks

2.4 Reconnaissance
The literal meaning of the word reconnaissance means a preliminary survey to gain
information. This is also known as foot-printing. This is the first stage in the methodology

Department of Information Science, Bangalore 8

Ethical Hacking
of hacking. As given in the analogy, this is the stage in which the hacker collects
information about the company which the personal is going to hack. This is one of the
pre-attacking phases. Reconnaissance refers to the preparatory phase where an attacker
learns about all of the possible attack vectors that can be used in their plan. In this pre-
attack phase we will gather as much as information as possible which are publicly
available. The information includes the domain names, locations contact information etc.
The basic objective of this phase is to make a methodological mapping of the targets
security schema which results in a unique organization profile with respect to network
and system involved. As we are dealing with the Internet we can find much information
here which we may not intend to put it publicly. We have many tools for such purposes.
These include tools like samspade,email tracker, visual route etc. The interesting thing to
note is that we can even use the simple googling as a foot printing tool.

2.4.1 Google
Google is one of the most famous search engines used in the Internet. Using some kind of
specialized keywords for searching we can find much such information that is put in
publicly. For example if we use some keywords like “for internal use only” followed by
the targets domain name we may get many such useful information. Sometimes even if
the company actually removed from its site, it sometimes get preserved in the Google`s
caches. Sometimes even the job advertisement in Internet can also be used in footprinting.
For example if some company is looking for professional who are good in oracle
database, this can be telling to the world that they are using the oracle database in their
company. This can be helpful for the hacker since he can look for the vulnerabilities of
that particular object. One of the main advantages of Google is its advanced search
option. The advanced search have many options like searching for particular domain,
documents published after a particular period of time, files of particular format, particular
languages etc.

2.4.2 Samspade

Samspade is a simple tool which provides us information about a particular host. This
tool is very much helpful in finding the addresses, phone numbers etc

Department of Information Science, Bangalore 9

Ethical Hacking

Fig 2.1 Samspade GUI

The above fig 2.1 represents the GUI of the samspade tool. In the text field in the top left
corner of the window we just need to put the address of the particular host.Then we can
find out various information available. The information given may be phone numbers,
contact names, IP addresses, email ids, address range etc. We may think that what is the
benefit of getting the phone numbers, email ids, addresses etc. But one of the best ways to
get information about a company is to just pick up the phone and ask the details. Thus we
can much information in just one click.

2.4.3 Email Tracker and Visual Route

We often used to receive many spam messages in our mail box. We don`t know where it
comes from. Email tracker is a software which helps us to find from which server does
the mail actually came from. Evey message we receive will have a header associated with
it. The email tracker use this header information for find the location.

Department of Information Science, Bangalore 10

Ethical Hacking

Fig 2.2 Email tracker GUI

The above fig 2.2 shows the GUI of the email tracker software. One of the options in the
email tracker is to import the mail header. In this software we just need to import the
mails header to it. Then the software finds from which area that mail comes from. That is
we will get information like from which region does the message come from like Asia
pacific, Europe etc. To be more specific we can use another tool visual route to pinpoint
the actual location of the server. The option of connecting to visual route is available in
the email tracker. Visual route is a tool which displays the location a particular server
with the help of IP addresses. When we connect this with the email tracker we can find
the server which actually sends the mail. We can use this for finding the location of
servers of targets also visually in a map.

Department of Information Science, Bangalore 11

Ethical Hacking

Fig 2.4 Visual route GUI

The above fig 2.4 depicts the GUI of the visual route tool. The visual route GUI have a
world map drawn to it. The software will locate the position of the server
in that world map. It will also depict the path though which the message came to our
system. This software will actually provide us with information about the routers through
which the message or the path traced by the mail from the source to the destination.We
may wonder what is the use of finding the place from which the message came. Suppose
you got the email id of an employee of our target company and we mailed to him telling
that u are his greatest friend. Some times he may reply you saying that he don`t know
you. Then you use the email tracker and the visual route to find that he is not working
from the office. Then you can understand that there are home users in the company. We
should understand the fact that the home users are not
protected like the employees working from office. This can be helpful for the hacker to
get in to the system.

Department of Information Science, Bangalore 12

Ethical Hacking

2.5 Scanning & Enumeration

Scanning is the second phase in the hacking methodology in which the hacker tries to
make a blue print of the target network. It is similar to a thief going through your
neighborhood and checking every door and window on each house to see which ones are
open and which ones are locked. The blue print includes the ip addresses of the target
network which are live, the services which are running on those system and so on.
Usually the services run on predetermined ports. For example the web server will be
making use of the port no 80. This implies that if the port 80 is open in a particular system
we can understand that the targets web server is running in that host. There are different
tools used for scanning war dialing and pingers were used earlier but now a days both
could be detected easily and hence are not in much use. Modern port scanning uses TCP
protocol to do scanning and they could even detect the operating systems running on the
particular hosts.

2.5.1 War Dialing

The war dialers is a hacking tool which is now illegal and easier to find out. War dialing
is the practice of dialing all the phone numbers in a range in order to find those that will
answer with a modem. Earlier the companies used to use dial in modems to which their
employees can dial in to the network. Just a phone number is enough in such cases. War
dialing software makes use of this vulnerability. A war dialer is a computer program used
to identify the phone numbers that can successfully make a connection with a computer
modem. The program automatically dials a defined range of phone numbers and logs and
enters in a database those numbers that successfully connect to the modem. Some
programs can also identify the particular operating system running in the computer and
may also conduct automated penetration testing. In such cases, the war dialer runs
through a predetermined list of common user names and passwords in an attempt to gain
access to the system.

2.5.2 Pingers

Pingers and yet another category of scanning tools which makes use of the

Department of Information Science, Bangalore 13

Ethical Hacking
Internet Control Message Protocol(ICMP) packets for scanning. The ICMP is actually
used to know if a particular system is alive or not. Pingers using this principle send ICMP
packets to all host in a given range if the acknowledgment comes back we can make out
that the system is live. Pingers are automated software which sends the ICMP packets to
different machines and checking their responses. But most of the firewalls today blocks
ICMP and hence they also cannot be used.

2.5.3 Port Scanning

A port scan is a method used by hackers to determine what ports are open or in
use on a system or network. By using various tools a hacker can send data to TCP or UDP
ports one at a time. Based on the response received the port scan utility can determine if
that port is in use. Using this information the hacker can then focus their attack on the
ports that are open and try to exploit any weaknesses to gain access. Port scanning
software, in its most basic state, simply sends out a request to connect to the target
computer on each port sequentially and makes a note of which ports responded or seem
open to more in-depth probing. Network security applications can be configured to alert
administrators if they detect connection requests across a broad range of ports from a
single host. To get around this the intruder can do the port scan in strobe or stealth mode.
Strobing limits the ports to a smaller target set rather than blanket scanning all 65536
ports. Stealth scanning uses techniques such as slowing the scan. By scanning the ports
over a much longer period of time you reduce the chance that the target will trigger an
alert.

2.5.4 Super Scan

SuperScan is a powerful TCP port scanner that includes a variety of additional

networking tools like ping, trace route, HTTP HEAD, WHOIS and more. It uses
multithreaded and asynchronous techniques resulting in extremely fast and versatile
scanning. You can perform ping scans and port scans using any IP range or specifies a
text file to extract addresses from. Other features include TCP SYN scanning, UDP
scanning, HTML reports, built-in port description database; Windows host enumeration,
banner grabbing and more.

Department of Information Science, Bangalore 14

Ethical Hacking

Fig 2.5 Superscan GUI

The fig 2.5 shows the GUI of the superscan. In this either we can search a particular host
or over a range of IP addresses. As an output the software will report the host addresses
which are running. There is another option port list setup which will display the set of
services which are running on different hosts.

2.5.5 Nmap
Nmap ("Network Mapper") is a free and open source utility for network exploration or
security auditing. Many systems and network administrators also find it useful for tasks
such as network inventory, managing service upgrade schedules, and monitoring host or
service uptime. The fig 2.5 shows the GUI of the Nmap.

Department of Information Science, Bangalore 15

Ethical Hacking

Fig 2.5 Nmap GUI

Nmap uses raw IP packets in novel ways to determine what hosts are available on the
network, what services those hosts are offering, what operating systems they are running,
what type of packet filters or firewalls are in use, and dozens of other characteristics. It
can even find the different versions. It was designed to rapidly scan large networks, but
works fine against single hosts. We also have the option of different types of scan like syn
scan, stealth scan, syn stealth scan etc and using this we can even time the scanning of
different ports. Using this software we just need to specify the different host address
ranges and the type of scan to be conducted. As an output we get the hosts which are live,
the services which are running etc. It can even detect the version of the operating system
making use of the fact that different operating systems react differently to the same
packets as they use their own protocol stacks.

Department of Information Science, Bangalore 16

Ethical Hacking
2.5.6 Enumeration

Enumeration is the ability of a hacker to convince some servers to give them information
that is vital to them to make an attack. By doing this the hacker aims to find what
resources and shares can be found in the system, what valid user account and user groups
are there in the network, what applications will be there etc. Hackers may use this also to
find another host in the entire network. A common type of enumeration is by making use
of the null sessions. Many of the windows operating systems will allow null sessions
through which a hacker can log on. A null session is a connection which uses no user
name and password. That is a null session is created by keeping the user name and
password as null. Once the hacker is logged in then he start enumeration by issuing some
queries to find the list of users and groups either local or active including SID`s, list of
hosts, list of shares or processes etc. One of the tools used after logging in using null
sessions is NBTscan which allows the hacker to scan the network this helps the hacker to
get the user name, resource shares etc. Other tools used are NAT (NetBIOS Auditing
Tool),DumpSec etc.Another way of enumerating is the enumeration of the SNMP(Simple
Network Management Protocol). Using this protocol the managing entities send messages
to the managed entities. In enumerating this SNMP protocol the hacker sniffs the network
to get the various information. The SNMP versions till 3 send data as text files so it is
very easy to get data. While from SNMP version 3 there the data is encrypted and send.
But still we can enumerate those protocols and get information. Some of the tools used
for this are SNMPutil, IP Network Browser etc.

2.6 System Hacking

This is the actual hacking phase in which the hacker gains access to the
system. The hacker will make use of all the information he collected in the preattacking
phases. Usually the main hindrance to gaining access to a system is the passwords.
System hacking can be considered as many steps. First the hacker will try to get in to the
system. Once he get in to the system the next thing he want will be to increase his
privileges so that he can have more control over the system. As a normal user the hacker
may not be able to see the confidential details or cannot upload or run the different hack
tools for his own personal interest. Another way to crack in to a system is by the attacks
like man in the middle attack.

Department of Information Science, Bangalore 17

Ethical Hacking

2.6.1 Password Cracking

There are many methods for cracking the password and then get in to the system. The
simplest method is to guess the password. But this is a tedious work. But in order to make
this work easier there are many automated tools for password guessing like legion.
Legion actually has an inbuilt dictionary in it and the software will automatically. That is
the software itself generates the password using the dictionary and will check the
responses. Many types of password cracking strategies are used today by the hackers
which are described below.

Dictionary cracking

In this type of cracking there will be a list of various words like the persons children`s
name, birthday etc. The automated software will then make use of these words to make
different combinations of these words and they will automatically try it to the system.

Brute force cracking

This is another type of password cracking which does not have a list of precompiled
words. In this method the software will automatically choose all the combinations of
different letters, special characters, symbols etc and try them automatically. This process
is of course very tedious and time consuming.

Hybrid cracking
This is a combination of both dictionary and hybrid cracking technique. This means that it
will first check the combination of words in it inbuilt dictionary and if all of them fails it
will try brute force.

Social Engineering
The best and the most common method used to crack the password is social engineering.
In this technique the hacker will come in direct contact with the user through a phone call
or some way and directly ask for the password by doing some fraud.

Department of Information Science, Bangalore 18

Ethical Hacking
2.6.2 Loftcrack

This is software from @stake which is basically a password audit tool. This software uses
the various password cracking methodologies. Loftcrack helps the administrators to find
if their users are using an easy password or not. This is very high profile software which
uses dictionary cracking then brute force cracking. Some times it uses the precompiled
hashes called rainbow tables for cracking the passwords

Fig 2.6 Loftcrack GUI

The fig 2.6 given above shows the GUI of loftcrack. Usually in windows the passwords
are stored in the sam file in the config directory of system 32. This file operating system
protected that is we cannot access this file if the operating system is running. But with
this loftcrack we just need to run a wizard to get the details of the passwords stored in the

Department of Information Science, Bangalore 19

Ethical Hacking
sam file. As seen from the figure the software used the dictionary of 29156 words in this
case. It also got options to use the brute force and pre-compiled hashes.

2.6.3 Privilege escalation

Privilege escalation is the process of raising the privileges once the hacker gets in to the
system. That is the hacker may get in as an ordinary user. And now he tries to increase his
privileges to that of an administrator who can do many things. There are many types of
tools available for this. There are some tools like getadmin attaches the user to some
kernel routine so that the services run by the user look like a system routine rather than
user initiated program. The privilege escalation process usually uses the vulnerabilities
present in the host operating system or the software. There are many tools like hk.exe,
metasploit etc. One such community of hackers is the metasploit.

2.6.4 Metasploit

Metasploit is actually a community which provides an online list of vulnerabilities. The

hacker can directly download the vulnerabilities and directly use in the target system for
privilege escalation and other exploits. Metasploit is a command line tool and is very
dangerous as the whole communities of black hat hackers are contributing their own
findings of different vulnerabilities of different products.

2.6.5 Man in the Middle Attack

In this type of system hacking we are not actually cracking the password instead we let all
the traffic between a host and a client to go through the hacker system so that he can
directly find out the passwords and other details. In the man in the middle attack what a
hacker does is he will tell to the user that he is the server and then tell the server that I am
the client. Now the client will send packets to the hacker thinking that he is the server and
then the hacker instead of replying forwards a copy of the actual request to the actual
server. The server will then reply to the hacker which will forward a copy of the reply to
the actual client. Now the client will think that he got the reply from the server and the
server will think that it replied to the actual client. But actually the hacker,the man in the
middle, also have a copy of the whole traffic from which he can directly get the needed
data or the password using which he can actually hack in.

Department of Information Science, Bangalore 20

Ethical Hacking
2.7 Maintaining Access

Now the hacker is inside the system by some means by password guessing or exploiting
some of its vulnerabilities. This means that he is now in a position to upload some files
and download some of them. The next aim will be to make an easier path to get in when
he comes the next time. This is analogous to making a small hidden door in the building
so that he can directly enter in to the building through the door easily. In the network
scenario the hacker will do it by uploading some software like Trojan horses, sniffers, key
stroke loggers etc.

2.7.1 Key Stroke Loggers

Key stroke loggers are actually tools which record every movement of the keys in the
keyboard. There are software and hardware keystroke loggers the directly records the
movement of keys directly. For maintaining access and privilege escalation the hacker
who is now inside the target network will upload the keystroke logging software in to the
system. The software keystroke loggers will stay as a middle man between the keyboard
driver and the CPU. That is all the keystroke details will directly come to the software so
that the tool keeps a copy of them in a log and forwarding them to the CPU.

2.7.2 Trojan Horses & Backdoors

A Trojan horse is a destructive program that masquerades as a benign application. Unlike

viruses, Trojan horses do not replicate themselves but they can be just as destructive. One
of the most insidious types of Trojan horse is a program that claims to rid your computer
of viruses but instead introduces viruses on to your computer. The term comes from a
Greek story of the Trojan war in which the Greeks fie a giant wooden horse to their foes,
the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside
their city walls, Greek soldiers sneak out of the horse`s hollow belly and open the city
gates, allowing their compatriots to pour in and capture Troy. Generally a Trojan is a
malware that runs programs that you are either unaware of or don`t want to have tuning
on your system. The hackers will place these Trojan software inside the network and will
go out. Then after sometimes when he come back the Trojan software either authenticate
the hacker as a valid user or opens some other ports for the hacker to get in. There are
many genre of Trojans like
Department of Information Science, Bangalore 21
Ethical Hacking
● Password sending/capturing
● FTP Trojans
● Keystroke captures Trojans
● Remote access Trojans
● Destructive Trojans
● Denial of Service Trojans
● Proxy Trojans
The Trojans can be introduced through chat clients, email attachments, physical access to
systems, file sharing, wrappers and through other P2P softwares.There are many
examples for Trojans like Tini, netcat, subseven, barkorffice etc. Tini is a very tiny Trojan
which just listens to the port 7777. so after introducing the tini the hacker can send his
commands to that port number. Netcat is another Trojan which have the ability to connect
to any local port and could start out bound or inbound TCP or UDP connections to or
from any ports. It can even return the command shell to the hacker through which the
hacker can access the system. Subseven and barkorffice are other Trojans which have a
client server architecture which means that the server part will reside in the target and the
hacker can directly access the server with the knowledge of the user.

2.7.3 Wrappers

In the maintaining access phase in the hacking we usually upload some software in to the
system so that for some needs. In order to keep the softwares and other data to be hidden
from the administrator and other usual user the hackers usually use wrapper software to
wrap their contents to some pictures, greeting cards etc so that they seem usual data to the
administrators. What the wrapper softwares actually does is they will place the malicious
data in to the white spaces in the harmless data.There are some tools like blindslide which
will insert and extract the data into just jpeg or bmp pictures. Actually what they does is
that they will insert the data into the white spaces that may be present in the files. The
most attractive thing is that most of the time they will not alter the size of the file.

2.7.4 Elitewrap
This is very notorious wrapper software. Elitewrap is a command line tool which wraps
one or more Trojans in to a normal file. After the processing the product will look like
one program while it will contain many softwares. The speciality of this is that we can
even make the Trojans,packed in to it, to get executed when the user open that file. For
Department of Information Science, Bangalore 22
Ethical Hacking
example consider the case in which the netcat Trojan is packed to a flash greeting card.
Now when the user opens the card, in the background, the netcat will start working and
will start listening to some ports which will be exploited by the hackers.

2.8 Clearing Tracks

Now we come to the final step in the hacking. There is a saying that “everybody knows a
good hacker but nobody knows a great hacker”. This means that a good hacker can
always clear tracks or any record that they may be present in the network to prove that he
was here. Whenever a hacker downloads some file or installs some software, its log will
be stored in the server logs. So in order to erase that hacker uses man tools. One such tool
is windows resource kit`s auditpol.exe. This is a command line tool with which the
intruder can easily disable auditing. There are some other tools like Eslave which directly
clears all the event logs which tell the administrator that some intruder has come in.
Another tool which eliminates any physical evidence is the evidence eliminator.
Sometimes apart from the server logs some other information may be stored temporarily.
The Evidence Eliminator deletes all such evidences.

2.8.1 Winzapper
This is another tool which is used for clearing the tracks. This tool will make a copy of
the log and allows the hackers to edit it. Using this tool the hacker just need to select
those logs to be deleted. Then after the server is rebooted the logs will be deleted.

Department of Information Science, Bangalore 23

Ethical Hacking

3. CONCLUSION
One of the main aims of the seminar is to make others understand that there are so many
tools through which a hacker can get in to a system. There are many reasons for
everybody should understand about these basics. Let’s check its various needs from
various perspectives.

Student
A student should understand that no software is made with zero vulnerability. So while
they are studying they should study the various possibilities and should study how to
prevent that because they are the professionals of tomorrow.

Professionals
Professionals should understand that business is directly related to security. So they
should make new software with vulnerabilities as less as possible. If they are not aware of
these then they won’t be cautious enough in security matters

Users
The software is meant for the use of its users. Even if the software menders make the
software with high security options without the help of users it can never be successful.
It’s like a highly secured building with all doors open carelessly by the insiders. So users
must also be aware of such possibilities of hacking so that they could be more cautious in
their activities. In the preceding sections we saw the methodology of hacking, why should
we aware of hacking and some tools which a hacker may use. Now we can see what can
we do against hacking or to protect ourselves from hacking. The first thing we should do
is to keep ourselves updated about those software we and using for official and reliable
sources.
● Educate the employees and the users against black hat hacking.

Department of Information Science, Bangalore 24

Ethical Hacking
● Use every possible security measures like Honey pots, Intrusion Detection Systems,
Firewalls etc.
● Every time make our password strong by making it harder and longer to be cracked.
● The final and foremost thing should be to try ETHICAL HACKING at regular intervals.

REFERENCES
1. “http://netsecurity.about.com”
2. “http://researchweb.watson.ibm.com”
3. “http://www.eccouncil.org”
4. “http://www.ethicalhacker.net”
5. “http://www.infosecinstitute.com”
6.” http://searchsecurity.techtarget.com”
7. “http://nmap.org”
8.”www.kaspersky.com”
9.”www.dogpile.com”

Department of Information Science, Bangalore 25