Introduction to Hacking

Gaining access to a system that you are not supposed to have access is considered as hacking.
For example: login into an email account that is not supposed to have access, gaining access
to a remote computer that you are not supposed to have access, reading information that you
are not supposed to able to read is considered as hacking.

In 1960, the first known event of hacking had taken place at MIT and at the same time, the
term Hacker was organized.

Hacking is exploiting security controls either in a technical, physical or a human-based

element. ~ Kevin Mitnick

The person who is consistently engaging in hacking activities, and has accepted hacking as a
lifestyle and philosophy of their choice, is called a hacker. Computer hacking is the most
popular form of hacking nowadays, especially in the field of computer security.

Purpose behind Hacking: When somebody tries to access other's computer systems with the
aim of destroying or altering important information or data, such an activity is defined as
hacking and the person is called a hacker. It is believed that hacking activities are not backed
by solid logical reasons. On the contrary, hackers try to experiment with the computer
brilliance by trying of affect other system with viruses. Hacking is done mostly for sheer
pleasure by which a hacker wants to prove his skills. But if at all one searches for reasons
behind it, it can be logically concluded Hacking is carried out with the objective of tracing
vital information and affecting computer systems with viruses.

Ethical hacking

Ethical hacking is also known as White hat Hacking or Penetration Testing. Ethical
hacking involves an authorized attempt to gain unauthorized access to a computer system or
data. Ethical hacking is used to improve the security of the systems and networks by fixing
the vulnerability found while testing.

Ethical hackers improve the security posture of an organization. Ethical hackers use the same
tools, tricks, and techniques that malicious hackers used, but with the permission of the
authorized person. The purpose of ethical hacking is to improve the security and to defend the
systems from attacks by malicious users.

Types of Hacking

We can define hacking into different categories, based on what is being hacked. These are as
follows:

1. Network Hacking
2. Website Hacking
3. Computer Hacking
 4. Password Hacking
5. Email Hacking

1. Network Hacking: Network hacking means gathering information about a network

with the intent to harm the network system and hamper its operations using the
various tools like Telnet, NS lookup, Ping, Tracert, etc.
2. Website hacking: Website hacking means taking unauthorized access over a web
server, database and make a change in the information.
3. Computer hacking: Computer hacking means unauthorized access to the Computer
and steals the information from PC like Computer ID and password by applying
hacking methods.
4. Password hacking: Password hacking is the process of recovering secret passwords
from data that has been already stored in the computer system.
5. Email hacking: Email hacking means unauthorized access on an Email account and
using it without the owner's permission.

Hacker

Hacker is a term used by some to mean "a clever programmer" and by others, especially those
in popular media, to mean "someone who tries to break into computer systems.

Cracking

Cracking is the act of breaking into a computer system, often on a network. A cracker can be
doing this for profit, maliciously, for some altruistic purpose or cause, or because the
challenge is there. Some breaking-and-entering has been done ostensibly to point out
weaknesses in a site's security system.

Contrary to widespread myth, cracking does not usually involve some mysterious leap of
hackerly brilliance, but rather persistence and the dogged repetition of a handful of fairly
well-known tricks that exploit common weaknesses in the security of target systems.
Accordingly, most crackers are only mediocre hackers. These two terms should not be
confused with each other’s. Hackers generally deplore cracking.
Cracker

A cracker is someone who breaks into someone else's computer system, often on a network;
bypasses passwords or licenses in computer programs; or in other ways intentionally breaches
computer security.

Advantages of Hacking

There are various advantages of hacking:

1. It is used to recover the lost of information, especially when you lost your password.
2. It is used to perform penetration testing to increase the security of the computer and
network.
3. It is used to test how good security is on your network.

Disadvantages of Hacking

There are various disadvantages of hacking:

1. It can harm the privacy of someone.

2. Hacking is illegal.
3. Criminal can use hacking to their advantage.
4. Hampering system operations.

Important Terminologies
Asset

An asset is any data, device, or other component of the environment that supports
informationrelated activities that should be protected from anyone besides the people that are
allowed to view or manipulate the data/information.

Vulnerability

Vulnerability is defined as a flaw or a weakness inside the asset that could be used to gain
unauthorized access to it. The successful compromise of a vulnerability may result in data
manipulation, privilege elevation, etc.

Threat

A threat represents a possible danger to the computer system. It represents something that an
organization doesn’t want to happen. A successful exploitation of vulnerability is a threat. A
threat may be a malicious hacker who is trying to gain unauthorized access to an asset.
Exploit

An exploit is something that takes advantage of vulnerability in an asset to cause unintended

or unanticipated behaviour in a target system, which would allow an attacker to gain access to
data or information.

Risk

A risk is defined as the impact (damage) resulting from the successful compromise of an
asset. For example, an organization running a vulnerable apache tomcat server poses a threat
to an organization and the damage/loss that is caused to the asset is defined as a risk.

Normally, a risk can be calculated by using the following equation:

Risk = Threat * vulnerabilities * impact

Hacking through Worm Exploits

Worms are nasty pieces of malicious code which are designed to find vulnerabilities in
computer systems and exploit them with automated processing. They can be used to destroy
data, collect information or simply lie in wait until they are given commands to do
something. The worm code self-replicates and tries to infect as many systems as possible.
The big threat that these worms bring is the knowledge that a system is open. This can allow
the automated response to install a back door into a system which can allow malicious
hackers to gain access to computers as well as turning systems into "zombies" which could be
used for various purposes including spamming and masking the actions of the original
hacker. Creators of catastrophic software such as the author of the first Internet worm,
Robbert Tappan Morris Jr. did not mean to do bad at all.

Hacking as a Learning Tool

Hacking leads several people into the interest of creating newer, better software which can
revolutionize the electronic world. Although it is important to remember that hacking is a
varied skill and those who have been hacking the longest will have more success because
they know how computers work and how they have evolved over time.

Ethical hackers use their knowledge to improve the vulnerabilities in systems, their hardware
and software. The ethical hackers come from a wide variety of different backgrounds. The
best examples are from ex-malicious hackers who decide their purpose is to help prevent
damages to companies by holes in their security.

These companies pay their ethical hackers handsomely as they are providing a service which
could be extremely useful in preventing damages and loss. They can be hired by single
companies who need advanced protection while others could be hired by software designers
who will reach millions of people around the world.
Possible Protection from Hackers

Protection from hackers is important no matter whether it is for personal use or for large
corporations. The following tools are the best defense against hackers:

Firewalls – The firewall is a software barrier which is designed to protect private resources
and prevents unauthorized network traffic. They are designed to block off ports of access on
the computer and require administrative clearance to access resources.

Routers – All modern routers include firewalls and protective features. You can password
protect wireless networks and create useful protection with them.

Updates – Software updates are crucial to ensure the safety and security of any application of
the software. It could be the operating system at home or the server software that processes
website information and more.

Classifications of Hacker
There are many more types of hackers in the world according to their motive and type of
work. The following list forwards one mote steps to better knowing hackers.

White hat hacker

The term "White hat hacker" refers to an ethical hacker, or a computer security expert, who
specializes in penetration testing and in other testing methodologies to ensure the security of
an organization's information systems. Ethical hacking is a term coined by IBM meant to
imply a broader category than just penetration testing. White-hat hackers are also called
penetration tester, sneakers, red teams, or tiger teams. Generally, White hat hackers or ethical
hackers are the good guy in the world of hackers.

Black hat hacker

A black hat hacker is an individual with extensive computer knowledge whose purpose is to
breach or bypass internet security. Black hat hackers are also known as crackers or dark-side
hackers. The general view is that, while hackers build things, crackers break things. They are
computer security hackers that break into computers and networks or also create computer
viruses. The term “black hat” comes from old westerns where the bad guys usually wore
black hats.

Black hat hackers break into secure networks to destroy data or make the network unusable
for those who are authorized to use the network.

They choose their targets using a two-pronged process known as the "pre-hacking stage".

Step 1: Targeting

Step 2: Research and Information Gathering

Step 3: Finishing the Attack

Grey hat hacker

A grey hat hacker is a combination of a black hat and a white hat hacker. It may relate to
whether they sometimes arguably act illegally, though in good will, or to show how they
disclose vulnerabilities. They usually do not hack for personal gain or have malicious
intentions, but may be prepared to technically commit crimes during the course of their
technological exploits in order to achieve better security.

Blue hat

A blue hat hacker is someone outside computer security consulting firms who is used to bug
test a system prior to its launch, looking for exploits so they can be closed. Microsoft also
uses the term BlueHat to represent a series of security briefing events.

Elite hacker

A social status among hackers, elite is used to describe the most skilled. Newly discovered
activities will circulate among these hackers.

Script kiddie

A script kiddie (or skiddie) is a non-expert who breaks into computer systems by using pre-
packaged automated tools written by others, usually with little understanding of the
underlying concept hence the term script (i.e. a prearranged plan or set of activities) kiddie
(i.e. kid, child an individual lacking knowledge and experience, immature).

Neophyte “newbie”

A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has
almost no knowledge or experience of the workings of technology, and hacking.

Hacktivist

A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious,

or political message. In general, most hacktivism involves website defacement or denial-of-
service attacks.

Nation state

It refers to Intelligence agencies and cyber warfare operatives of nation states.

Organized criminal gangs

Criminal activity carried on for profit.

Bots

Automated software tools, some freeware, available for the use of any type of hacker.
 IMPACTS OF ETHICAL HACKING IN SOCIETY
Hackers have a great impact on society. They are focusing on the youth. Ethical hacking is
not a bad thing but we should know what the ethical hackers are doing in society .There are
many areas in information technology where the ethical hackers made a great impact. Today
the entire world is in the hands of information technology and we can't even think about a life
without the internet. Now a day’s internet has become the connecting link for a mobile device
to the world. This made the hackers attack the world.

A. Impact on Education

Teaching hacking students is a hard process. Students are always interested in learning new
technologies. Whenever a teacher is teaching the students about the hacking he/she can
ensure that how the student will take the concept, it is possible that the student may intend to
hack other devices or do bad things with this. In the class, the 95% students may take lessons
in a good manner but the remaining 5% may have bad intentions. “A very big problem with
undergraduate students to teach this approach is that a teacher is effectively providing a
loaded gun to them”.

The major problem is that the students really don't know the importance and impacts of
hacking, but they will try to do hacking it can be for a good or bad purpose. Nowadays the
number of the students who are intended for the security courses are increasing. They want to
learn hacking easily and earn its benefits. They are attracted to new hacking technologies
where they can hack computers and other devices. We have to make them understand that
ethical hacking is bad if it does not contain any ethics. We can conduct workshops, seminars
and awareness programs to lead them to a good way.

B. Impact on Business

Nowadays we use a lot of IT applications in business. We live in a digital world and thus all
of the data is digitized. As a result the whole transactions are done today electronically. The
growth and availability of the internet made people do digital transactions. As a result the rate
of the customers who are using the e-commerce sites has increased. To an ethical hacker it is
very easy to buy products from these sites.

In one way he may hack the site and buy the products or he can hack a person’s account and
use it for the payments. Also there are some good and ethical programmers doing their job
neatly. But they can use their talent for bad intentions. They can attack business persons or
companies systems, tap the phone calls, create virus codes, etc. We can't predict the
intentions of an ethical hacker. As technology increases, ethical hackers will increase. We
can't stop them but we can advise them to work for good intentions.

C. Impact on Workplace and its Security

Today most of the companies store their data in the digital form. So the ethical hacker can
hack the data and can use it for his own purpose. The hacker can access the information of
the staff of the company. Sometimes the hacker may attack the company’s servers and access
the server data. For this purpose they use virus code.

To prevent the hacking we have to improve the security of the existing system; it can be
achieved by finding the information used by the hackers to hack the system and correct those
weak points to increase the security. The hacker may attack the company’s server data to gain
a large amount. But now the companies have several mechanisms to prevent ethical hackers.

D. Impact on Technology

In this modern world almost nothing is secure. Almost all information is available at our
finger point. Anybody can easily get the information related to any system. So ethical hackers
can easily get the IP addresses of any system and may attack it.

There are several tools for ethical hackers to do their work easily. The most used tool is the
Nmap, it helps an ethical hacker to find open ports of the different systems. Another one is
Acunetix, it is used to find vulnerabilities. These two tools are being used by an ethical
hacker without any prejudice. Hackers may use them for crimes where the ethical hackers
will use them to find the weaknesses and imperfections in the network security.

E. Impact on Confidential Information

Today confidential information in society is not at all safe in the existence of hackers. So
many ethical hackers are working in several institutions where financial transactions take
place. There for the hacker can access the important data about the account holders. He can
use the data to make transactions for his own purpose or steal the money of account holders.
The hackers mainly hack our accounts using fake emails and advertisements.

There is a great problem for an ethical hacker to track all the outlines. The hacking is
different from ethical hacking. But sometimes because of all access with ethical hackers, they
may also come into this circle. And sometimes for an ethical hacker it is very difficult to
prove that he is not the illegal hacker. For example, if an ethical hacker is hired to check the
vulnerabilities in a system of confidential information and a few days later some data is
leaked from that system then everybody will blame the ethical hacker and will make him a
black–hat hacker.

TYPES OF HACKING
 Local hacking

Local hacking is done from local area where we have physical access like through
printer etc. this type of hacking can be done through Trojan and viruses with the help
of hard disk and pen drive.

 Remote Hacking
Remote hacking is done remotely by taking advantage of the vulnerability of the
target system.
  Social Engineering
Social Engineering is the act of manipulating people into performing actions or
divulging confidential information. In most cases the attacker never comes face to
face.

THE HACKER FRAMEWORK

Ethical hackers must follow a strict scientific process in order to obtain useable and legal
results. The steps to be followed are:

1. Planning
2. Reconnaissance
3. Enumeration
4. Vulnerability Analysis
5. Exploitation
6. Final Analysis
7. Deliverables
8. Integration

1. Planning
Planning is essential for having a successful project. It provides an opportunity to give
critical thought to what needs to be done, allows for goals to be set, and allows for a
risk assessment to evaluate how a project should be carried out.

There are a large number of external factors that need to be considered when planning
to carry out an ethical hack. These factors include existing security policies, culture,
laws and regulations, best practices and industry requirements. Each of these factors
play an integral role in decision making process when it comes to ethical hacking. The
planning phase of an ethical hack will have a profound influence on how the hack is
performed and the information shared and collected, and will directly influence the
deliverable and integration of the results into the security program.

The planning phase will describe many of the details of a controlled attack. It will
attempt to answer questions regarding how the attack will be carried out.

2. Reconnaissance
Reconnaissance is the search for freely available information to assist in an attack.
This can be as simple as a ping or browsing newsgroups on the internet in search of
disgruntled employees divulging secret information or as messy as digging through the
trash to find receipts or letters.

Reconnaissance can include social engineering, tapping phones and networks, or even
theft. The search for information is limited only by the extremes at which the organization
and ethical hacker are willing to go in order to recover the information they are searching
for.
 The reconnaissance phase introduces the relationship between the tasks that must be
completed and the methods that will need to be used in order to protect the organization's
assets

3. ENUMERATION
• Enumeration is also known as network or vulnerability discovery. It is the act of
obtaining information that is readily available from the target's system, applications and
networks. It is important to note that the enumeration phase is often the point where the
line between an ethical hack and a malicious attack can become blurred as it is often easy
to go outside of the boundaries outlined in the original attack plan.

• In order to construct a picture of an organization's environment, several tools and

techniques are available. These tools and techniques include port scanning and NMap.
Although it is rather simple to collect information, it is rather difficult to determine the
value of the information in the hands of a hacker.

• At first glance, enumeration is simple: take the collected data and evaluate it collectively
to establish a plan for more reconnaissance or building a matrix for the vulnerability
analysis phase. 

4. VULNERABILITY ANALYSIS
• In order to effectively analyse data, an ethical hacker must employ a logical and
pragmatic approach. In the vulnerability analysis phase, the collected information is
compared with known vulnerabilities in a practical process.
• Information is useful no matter what the source. Any little bit can help in discovering
options for exploitation and may possibly lead to discoveries that may not have been
found otherwise. Known vulnerabilities, incidents, service packs, updates, and even
available hacker tools help in identifying a point of attack. The Internet provides a vast
amount of information that can easily be associated with the architecture and strong and
weak points of a system.

5. EXPLOITATION
• A significant amount of time is spent planning and evaluated an ethical hack. Of course,
all this planning must eventually lead to some form of attack. The exploitation of a
system can be as easy as running a small tool or as intricate as a series of complex steps
that must be executed in a particular way in order to gain access.

The exploitation process is broken down into a set of subtasks which can be many steps
or a single step in performing the attack. As each step is performed, an evaluation takes
place to ensure that the expected outcome is being met. Any divergence from the attack
plan is classified into two determinations:

Expectations: Are the expectations of the exploitation being met or are the results
conflicting with the organization's assumptions?
 Technical: Is the system reacting in an unexpected manner, which is having a suitable
outcome?

6. FINAL ANALYSIS
• Although the exploitation phase has a number of checks and validations to ensure
success, a final analysis is required to categorize the vulnerabilities of the system in terms
of their level of exposure and to assist in the derivation of a mitigation plan. The final
analysis phase provides a link between the exploitation phase and the creation of a
deliverable.
• A comprehensive view of the entire attack must exist in order to construct a bigger
picture of the security posture of the environment and express the vulnerabilities in a clear
and useful manner. The final analysis is part interpretation and part empirical results.

7. DELIVERABLES
•Deliverables communicate the results of tests in numerous ways. Some deliverables are
short and concise, only providing a list of vulnerabilities and how to fix them, while
others are long and detailed, providing a list of vulnerabilities with detailed descriptions
regarding how they were found, how to exploit them, the implications of having such
vulnerability and how to remedy the situation.
•The deliverable phase is a way for an ethical hacker to convey the results of their tests.

8. INTEGRATION
• Finally, it essential that there is some means of using the test results for something
productive. Often, the deliverable is combined with existing materials, such as a risk
analysis, security policy, previous test results, and information associated with a security
program to enhance mitigation and develop remedies and patches for vulnerabilities.

• There are three distinguishing factors that should be considered during the integration of
any test results

• Mitigation: If vulnerability beyond acceptable risk was found, then it would need to be
fixed. Mitigation of vulnerability can include testing, piloting, implementing, and
validating changes to systems.

• Defense: Vulnerabilities need to be addressed in a strategic manner in order to minimize

future or undetected vulnerabilities. Defense planning is establishing a foundation of
security to grow on and ensure long-term success.

• Incident Management: The ability to detect, respond, and recover from an attack is
essential.