www.studymafia.

org

Seminar report

On

Ethical Hacking
Submitted in partial fulfillment of the requirement for the award of
degree
Of MCA

SUBMITTED TO: SUBMITTED BY:

www.studymafia.org www.studymafia.org
 www.studymafia.org

Preface

I have made this report file on the topic Ethical Hacking; I have tried my best to elucidate
all the relevant detail to the topic to be included in the report. While in the beginning I have tried
to give a general view about this topic.
My efforts and wholehearted co-corporation of each and everyone has ended on a successful
note. I express my sincere gratitude to ................who assisting me throughout the preparation of

this topic. I thank him for providing me the reinforcement, confidence and most importantly the
track for the topic whenever I needed it.
 www.studymafia.org

INTRODUCTION
Ethical hacking also known as penetration testing or white-
hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major
difference that Ethical hacking is legal. Ethical hacking is performed with the target’s
permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint
so systems can be better secured. It’s part of an overall information risk management program
that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’
claims about the security of their products are legitimate.

Security:
Security is the condition of being protected against danger or loss. In the general
sense, security is a concept similar to safety. In the case of networks the security is also
called the information security. Information security means protecting information and
information systems from unauthorized access, use, disclosure, disruption, modification,
or destruction

Need for Security:

Computer security is required because most organizations can be damaged by
hostile software or intruders. There may be several forms of damage which are obviously
interrelated which are produced by the intruders. These include:

● lose of confidential data

● Damage or destruction of data
● Damage or destruction of computer system
● Loss of reputation of a company
 www.studymafia.org

Hacking
Eric Raymond, compiler of “The New Hacker's Dictionary”,
defines a hacker as a clever programmer. A "good hack" is a clever solution to a
programming problem and "hacking" is the act of doing it. Raymond lists five possible
characteristics that qualify one as a hacker, which we paraphrase here:
● A person who enjoys learning details of a programming language or system
● A person who enjoys actually doing the programming rather than just theorizing
about it
● A person capable of appreciating someone else's hacking
● A person who picks up programming quickly
● A person who is an expert at a particular programming language or system

Types of Hackers:
Hackers can be broadly classified on the basis of why they are hacking system or why the are
indulging hacking. There are mainly three types of hacker on this basis
● Black-Hat Hacker
A black hat hackers or crackers are individuals with extraordinary computing
skills, resorting to malicious or destructive activities. That is black hat hackers use their
knowledge and skill for their own personal gains probably by hurting others.
● White-Hat Hacker

White hat hackers are those individuals professing hacker skills and using them for
defensive purposes. This means that the white hat hackers use their knowledge and skill for the
good of others and for the common good.
● Grey-Hat Hackers
These are individuals who work both offensively and defensively at
various times. We cannot predict their behaviour. Sometimes they use their skills for the
common good while in some other times he uses them for their personal gains.
 www.studymafia.org

Social
Engineering

Automated
Organizational
Attacks

Restricte

Accidental Breaches
in Security
Denial of
Viruses, Trojan Horses, Service (DoS)
and Worms

Different kinds of system attacks

General hacking
 www.studymafia.org

ETHICAL HACKING

 Ethical hacking – defined as “a methodology adopted by ethical hackers to discover

the vulnerabilities existing in information systems’ operating environments.”

 With the growth of the Internet, computer security has become a major concern
for businesses and governments.

 In their search for a way to approach the problem, organizations came to realize
that one of the best ways to evaluate the intruder threat to their interests would be to
have independent computer security professionals attempt to break into their computer
systems.

What do an Ethical Hacker do?

An ethical hacker is a person doing ethical hacking that is he is a security personal
who tries to penetrate in to a network to find if there is some vulnerability in the system. An
ethical hacker will always have the permission to enter into the target network. An ethical hacker
will first think with a mindset of a hacker who tries to get in to the system.

He will first find out what an intruder can see or what others can
see. Finding these an ethical hacker will try to get into the system with that information in
whatever method he can. If he succeeds in penetrating into the system then he will report to
the company with a detailed report about the particular vulnerability exploiting which
he got in to the system. He may also sometimes make patches for that particular vulnerability
or he may suggest some methods to prevent the vulnerability.
 www.studymafia.org

Required Skills of an Ethical Hacker:

 Microsoft: skills in operation, configuration and management.
 Linux: knowledge of Linux/Unix; security setting, configuration, and services.
 Firewalls: configurations, and operation of intrusion detection systems.
 Routers: knowledge of routers, routing protocols, and access control lists
 Mainframes
 Network Protocols: TCP/IP; how they function and can be manipulated.
 Project Management: leading, planning, organizing, and controlling a penetration
testing team.
 www.studymafia.org

ETHICAL HACKING COMMANDMENTS:

Every ethical hacker must abide by a few basic commandments. If not, bad things can
happen. The commandments are as follows:

 Working ethically:
The word ethical in this context can be defined as working with high profes-sional
morals and principles. Everything you do as an ethical hacker must be aboveboard and must
support the company’s goals. No hidden agendas are allowed! Trustworthiness is the ultimate
tenet. The misuse of information is absolutely forbidden.

 Respecting privacy:
Treat the information gathered with the utmost respect. All information you obtain
during your testing — from Web-application log files to clear-text passwords — must be
kept private. If you sense that someone should know there’s a problem, consider sharing that
information with the appropriate manager.

 Not crashing your systems:

One of the biggest mistakes hackers try to hack their own sys- tems is
inadvertently crashing their systems. The main reason for this is poor planning. These testers
have not read the documentation or misunderstand the usage and power of the security tools
and techniques.
 www.studymafia.org

Methodology of Hacking:
As described above there are mainly five steps in hacking like reconnaissance,
scanning, gaining access, maintaining access and clearing tracks. But it is not the end of the
process. The actual hacking will be a circular one. Once the hacker completed the five steps then
the hacker will start reconnaissance in that stage and the preceding stages to get in to the next
level.The various stages in the hacking methodology are

● Reconnaissance
● Scanning & Enumeration
● Gaining access
● Maintaining access
● Clearing tracks

Reconnaissance:
The literal meaning of the word reconnaissance means a preliminary survey to gain
information. This is also known as foot-printing. This is the first stage in the methodology
of hacking. As given in the analogy, this is the stage in which the hacker collects information
about the company which the personal is going to hack. This is one of the pre-attacking phases.
Reconnaissance refers to the preparatory phase where an attacker learns about all of the possible
attack vectors that can be used in their plan.

Scanning & Enumeration:

Scanning is the second phase in the hacking methodology in which the hacker tries to make a
blue print of the target network. It is similar to a thief going through your neighborhood and
checking every door and window on each house to see which ones are open and which ones are
locked. The blue print includes the ip addresses of the target network which are live, the services
which are running on those system and so on. Usually the services run on predetermined
ports.There are different tools used for scanning war dialing and pingers were used earlier but
now a days both could be detected easily and hence are not in much use. Modern port scanning
uses TCP protocol to do scanning and they could even detect the operating systems
running on the particular hosts.
 www.studymafia.org

Enumeration:
Enumeration is the ability of a hacker to convince some servers to give them information that
is vital to them to make an attack. By doing this the hacker aims to find what resources and
shares can be found in the system, what valid user account and user groups are there in the
network, what applications will be there etc. Hackers may use this also to find other hosts in the
entire network.

Gaining access:
This is the actual hacking phase in which the hacker gains access to the system.
The hacker will make use of all the information he collected in the pre-attacking phases.
Usually the main hindrance to gaining access to a system is the passwords. System hacking can
be considered as many steps. First the hacker will try to get in to the system. Once he get in to
the system the next thing he want will be to increase his privileges so that he can have more
control over the system. As a normal user the hacker may not be able to see the confidential
details or cannot upload or run the different hack tools for his own personal interest. Another
way to crack in to a system is by the attacks like man in the middle attack.

 Password Cracking:
There are many methods for cracking the password and then get in to the
system. The simplest method is to guess the password. But this is a tedious work. But in
order to make this work easier there are many automated tools for password
guessing like legion. Legion actually has an inbuilt dictionary in it and the software will
automatically. That is the software it self generates the password using the
dictionary and will check the responses.

Techniques used in password cracking are:

Dictionary cracking
Brute force cracking
Hybrid cracking
Social engineering