Ethical hacking includes authorized attempts to gain unauthorized access to computer systems, applications, or data. Ethical hacking requires replicating the strategies and behaviors of malicious attackers. This practice helps identify security vulnerabilities, So they can be fixed before malicious attackers can exploit them.
Basics:
Necessary Terms:
Name of Term
Description of term
Hack Values
The interests of hackers are based on their worth.
Once hackers gain access, they want to retain that access for future exploits and attacks. Once hackers own a system, they can use it as a base to launch further attacks.
Used to gather database Only results for specified file types
Scanning Networks:
Involves collecting additional information about the victim’s host, port, and network services. It aims to identify vulnerabilities and then plan attacks.
Hping is a command line-oriented TCP/IP packet compiler/parser.
Arping
Arping is a tool for polling hosts on a network. Unlike the ping command, which operates at the network layer.
Enumeration:
Enumeration is a process in ethical hacking, which Interact with the system and interrogate it to obtain the necessary information. Involves the discovery and exploitation of vulnerabilities.
Using the NTP enumeration, you can collect information such as a list of servers connected to the NTP server, IP addresses, system names, and operating systems
In a brute force attack, an attacker gains access to your system just by repeatedly logging in with multiple passwords until they guess the right password.
Sniffing:
Sniffing Involves retrieving packets of data over a network using a specific program or device.
The BetterCAP tool is a very powerful, flexible, and portable best software tool created to perform various types of MITM attacks against networks and manipulate its HTTP, HTTPS, and TCP traffic in real-time, sniffing it for as well as credentials, and much more through it.
Ettercap tool is a software comprehensively sharp tool suited for man-in-the-middle attacks for networks. It has features as well as sniffing of live connections, content filtering.
Wireshark tool is a tool that is known as one of the most popular packet sniffers. It offers an unlimited number of features designed to implement and assist in the dissection and analysis of traffic for it.
A Windows port the popular to Linux as well as packet sniffers at tcpdump, which is a command-line tool that is perfect for displaying header information through it. Due to the success of tcpdump on Unix-like operating systems os, it was “ported over” to the windows platforms to it, This simply means it was cloned to allow for Windows packet capturing it.
This tool isa pair of tools designed to perform sniffing packets with differentiating protocols with the intention of intercepting and revealing passwords as well the Dsniff tool is designed for the Unix and Linux platforms and does not have a full equivalent on the Windows platforms for support.
Send multiple fake MAC addresses to the switch until the CAM table is full. This puts the switch open on failure, where it propagates incoming traffic to all ports on the network.
System hacking is defined as a compromise between a computer system and software to gain access to a target computer and steal or misuse their sensitive information.
Types of system attacks:
Name of Term
Description of term
LM Hashing
It is used to compromise the password hash
Sidejacking
It is a process of Stealing access to a website, often through cookie hijacking
It is the process of targeting and detecting client-server traffic and predict sequences
Social Engineering:
Social engineering refers to pressuring people in a targeted organization to disclose sensitive or confidential information.
Steps of Social Engineering:
Name of Term
Description of term
Research
The process of collecting information about the target company
Select target
The process of Choosing a target employee of a targeted company
Relationship
It is Gaining the trust of your target employees by building relationships
Exploit
The process of Extracting information from targeted employees
Identity theft
Identity theft occurs when someone steals your personal information to commit fraud.
Web Hacking:
Web hacking generally refers to exploiting applications over the Hypertext Transfer Protocol (HTTP). This can be done by manipulating the application through a web graphical interface, by manipulating the Uniform Resource Identifier (URI), or by abusing HTTP elements.
Web Server Hacking :
A web server is a system for storing, processing, and serving websites. Web server hacks include:
A vulnerability assessment is a review focused on security-related issues that have a moderate or severe impact on the security of a product or system.
Web Server Hacking Topen-sourceools:
Names of Tools
Description of Tools
Wfetch
Wfetch was originally part of the IIS 6.0 Resource Kit Tools. Can be used to troubleshoot HTTP redirects, HTTP status codes, etc.
This tool is widely used for hacking quick network logins. Attack the login page using both dictionary and brute force attacks.
HULK DoS
HULK is a denial of service (DoS) tool used to attack web servers by generating a unique and disguised amount of traffic.
w3af
w3af is a web application attack and audit framework. The purpose of this project is to create a framework that helps secure web applications by finding and exploiting all vulnerabilities in web applications.
The Metasploit framework is a very powerful tool that both cyber criminals and ethical hackers can use to investigate systematic vulnerabilities in networks and servers.
Sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and database takeovers.
Cryptography:
Encryption is the process of hiding sensitive information.
