A Seminar report On Ethical Hacking Study Mafia

A Seminar Report On Ethical Hacking Study Mafia-Free PDF

  • Date:28 May 2020
  • Views:54
  • Downloads:0
  • Pages:18
  • Size:976.26 KB

Share Pdf : A Seminar Report On Ethical Hacking Study Mafia

Download and Preview : A Seminar Report On Ethical Hacking Study Mafia

Report CopyRight/DMCA Form For : A Seminar Report On Ethical Hacking Study Mafia


www studymafia org, I have made this report file on the topic Ethical Hacking I have tried my best to elucidate all. the relevant detail to the topic to be included in the report While in the beginning I have tried to. give a general view about this topic, My efforts and wholehearted co corporation of each and everyone has ended on a successful. note I express my sincere gratitude to who assisting me throughout the preparation of. this topic I thank him for providing me the reinforcement confidence and most importantly the. track for the topic whenever I needed it,www studymafia org. INTRODUCTION, Ethical hacking also known as penetration testing or white. hat hacking involves the same tools tricks and techniques that hackers use but with one major. difference that Ethical hacking is legal Ethical hacking is performed with the target s. permission The intent of ethical hacking is to discover vulnerabilities from a hacker s viewpoint. so systems can be better secured It s part of an overall information risk management program. that allows for ongoing security improvements Ethical hacking can also ensure that vendors. claims about the security of their products are legitimate. Security is the condition of being protected against danger or loss In the general. sense security is a concept similar to safety In the case of networks the security is also. called the information security Information security means protecting information and. information systems from unauthorized access use disclosure disruption modification. or destruction,Need for Security, Computer security is required because most organizations can be damaged by.
hostile software or intruders There may be several forms of damage which are obviously. interrelated which are produced by the intruders These include. lose of confidential data,Damage or destruction of data. Damage or destruction of computer system,Loss of reputation of a company. www studymafia org, Eric Raymond compiler of The New Hacker s Dictionary. defines a hacker as a clever programmer A good hack is a clever solution to a. programming problem and hacking is the act of doing it Raymond lists five possible. characteristics that qualify one as a hacker which we paraphrase here. A person who enjoys learning details of a programming language or system. A person who enjoys actually doing the programming rather than just theorizing. A person capable of appreciating someone else s hacking. A person who picks up programming quickly, A person who is an expert at a particular programming language or system. Types of Hackers, Hackers can be broadly classified on the basis of why they are hacking system or why the are.
indulging hacking There are mainly three types of hacker on this basis. Black Hat Hacker, A black hat hackers or crackers are individuals with extraordinary computing. skills resorting to malicious or destructive activities That is black hat hackers use their. knowledge and skill for their own personal gains probably by hurting others. White Hat Hacker, White hat hackers are those individuals professing hacker skills and using them for. defensive purposes This means that the white hat hackers use their knowledge and skill for the. good of others and for the common good,Grey Hat Hackers. These are individuals who work both offensively and defensively at. various times We cannot predict their behaviour Sometimes they use their skills for the. common good while in some other times he uses them for their personal gains. www studymafia org,Engineering,Organizational Attacks. Accidental Breaches,in Security,Viruses Trojan Horses Service DoS.
Different kinds of system attacks,General hacking,www studymafia org. ETHICAL HACKING, Ethical hacking defined as a methodology adopted by ethical hackers to discover the. vulnerabilities existing in information systems operating environments. With the growth of the Internet computer security has become a major concern for. businesses and governments, In their search for a way to approach the problem organizations came to realize that one. of the best ways to evaluate the intruder threat to their interests would be to have. independent computer security professionals attempt to break into their computer. What do an Ethical Hacker do, An ethical hacker is a person doing ethical hacking that is he is a security personal. who tries to penetrate in to a network to find if there is some vulnerability in the system An. ethical hacker will always have the permission to enter into the target network An ethical hacker. will first think with a mindset of a hacker who tries to get in to the system. He will first find out what an intruder can see or what others can. see Finding these an ethical hacker will try to get into the system with that information in. whatever method he can If he succeeds in penetrating into the system then he will report to. the company with a detailed report about the particular vulnerability exploiting which. he got in to the system He may also sometimes make patches for that particular vulnerability. or he may suggest some methods to prevent the vulnerability. www studymafia org,Required Skills of an Ethical Hacker.
Microsoft skills in operation configuration and management. Linux knowledge of Linux Unix security setting configuration and services. Firewalls configurations and operation of intrusion detection systems. Routers knowledge of routers routing protocols and access control lists. Mainframes, Network Protocols TCP IP how they function and can be manipulated. Project Management leading planning organizing and controlling a penetration testing. www studymafia org,ETHICAL HACKING COMMANDMENTS, Every ethical hacker must abide by a few basic commandments If not bad things can. happen The commandments are as follows,Working ethically. The word ethical in this context can be defined as working with high profes sional. morals and principles Everything you do as an ethical hacker must be aboveboard and must. support the company s goals No hidden agendas are allowed Trustworthiness is the ultimate. tenet The misuse of information is absolutely forbidden. Respecting privacy, Treat the information gathered with the utmost respect All information you obtain. during your testing from Web application log files to clear text passwords must be. kept private If you sense that someone should know there s a problem consider sharing that. information with the appropriate manager,Not crashing your systems.
One of the biggest mistakes hackers try to hack their own sys tems is. inadvertently crashing their systems The main reason for this is poor planning These testers. have not read the documentation or misunderstand the usage and power of the security tools. and techniques,www studymafia org,Methodology of Hacking. As described above there are mainly five steps in hacking like reconnaissance. scanning gaining access maintaining access and clearing tracks But it is not the end of the. process The actual hacking will be a circular one Once the hacker completed the five steps then. the hacker will start reconnaissance in that stage and the preceding stages to get in to the next. level The various stages in the hacking methodology are. Reconnaissance,Scanning Enumeration,Gaining access. Maintaining access,Clearing tracks,Reconnaissance, The literal meaning of the word reconnaissance means a preliminary survey to gain. information This is also known as foot printing This is the first stage in the methodology. of hacking As given in the analogy this is the stage in which the hacker collects information. about the company which the personal is going to hack This is one of the pre attacking phases. Reconnaissance refers to the preparatory phase where an attacker learns about all of the possible. attack vectors that can be used in their plan,Scanning Enumeration. Scanning is the second phase in the hacking methodology in which the hacker tries to make a. blue print of the target network It is similar to a thief going through your neighborhood and. checking every door and window on each house to see which ones are open and which ones are. locked The blue print includes the ip addresses of the target network which are live the services. which are running on those system and so on Usually the services run on predetermined. ports There are different tools used for scanning war dialing and pingers were used earlier but. now a days both could be detected easily and hence are not in much use Modern port scanning. uses TCP protocol to do scanning and they could even detect the operating systems. running on the particular hosts,www studymafia org.
Enumeration, Enumeration is the ability of a hacker to convince some servers to give them information that. is vital to them to make an attack By doing this the hacker aims to find what resources and. shares can be found in the system what valid user account and user groups are there in the. network what applications will be there etc Hackers may use this also to find other hosts in the. entire network,Gaining access, This is the actual hacking phase in which the hacker gains access to the system. The hacker will make use of all the information he collected in the pre attacking phases. Usually the main hindrance to gaining access to a system is the passwords System hacking can. be considered as many steps First the hacker will try to get in to the system Once he get in to. the system the next thing he want will be to increase his privileges so that he can have more. control over the system As a normal user the hacker may not be able to see the confidential. details or cannot upload or run the different hack tools for his own personal interest Another. way to crack in to a system is by the attacks like man in the middle attack. Password Cracking, There are many methods for cracking the password and then get in to the. system The simplest method is to guess the password But this is a tedious work But in. order to make this work easier there are many automated tools for password. guessing like legion Legion actually has an inbuilt dictionary in it and the software will. automatically That is the software it self generates the password using the. dictionary and will check the responses,Techniques used in password cracking are. Dictionary cracking,Brute force cracking,Hybrid cracking.
Social engineering,www studymafia org,Privilege escalation. Privilege escalation is the process of raising the privileges once the hacker. gets in to the system That is the hacker may get in as an ordinary user And now he tries to. increase his privileges to that of an administrator who can do many things There are many. types of tools available for this There are some tools like getadmin attaches the user to some. kernel routine so that the services run by the user look like a system routine rather than user. initiated program The privilege escalation process usually uses the vulnerabilities present in. the host operating system or the software There are many tools like hk exe metasploit. etc One such community of hackers is the metasploit. Maintaining Access, Now the hacker is inside the system by some means by password guessing or exploiting. some of it s vulnerabilities This means that he is now in a position to upload some files and. download some of them The next aim will be to make an easier path to get in when he comes. the next time This is analogous to making a small hidden door in the building so that he can. directly enter in to the building through the door easily In the network scenario the. hacker will do it by uploading some softwares like Trojan horses sniffers key stroke. loggers etc,Clearing Tracks, Now we come to the final step in the hacking There is a saying that. everybody knows a good hacker but nobody knows a great hacker This means that a good. hacker can always clear tracks or any record that they may be present in the network to prove. that he was here Whenever a hacker downloads some file or installs some software its log. will be stored in the server logs So in order to erase those the hacker uses man tools One. such tool is windows resource kit s auditpol exe This is a command line tool with which the. intruder can easily disable auditing Another tool which eliminates any physical evidence is the. evidence eliminator Sometimes apart from the server logs some other in formations may be. stored temporarily The Evidence Eliminator deletes all such evidences. www studymafia org,www studymafia org,Ethical hacking tools. Ethical hackers utilize and have developed variety of tools to intrude into different. kinds of systems and to evaluate the security levels The nature of these tools differ widely Here. we describe some of the widely used tools in ethical hacking. Samspade is a simple tool which provides us information about a particular host This. tool is very much helpful in finding the addresses phone numbers etc. The above fig 2 1 represents the GUI of the samspade tool In the text field in the top left. corner of the window we just need to put the address of the particular host Then we can find. out various information available The information given may be phone numbers contact. names IP addresses email ids address range etc We may think that what is the benefit of. Seminar report On Ethical Hacking Submitted in partial fulfillment of the requirement for the award of degree Of MCA SUBMITTED TO SUBMITTED BY www studymafia org www studymafia org www studymafia org Preface I have made this report file on the topic Ethical Hacking I have tried my best to elucidate all the relevant detail to the topic to be included in the report While in the beginning I

Related Books