Background Of What Is Ethical Hacking

Published Date: 02 Nov 2017

Hacking

Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase here:

A person who enjoys learning details of a programming language or system

A person who enjoys actually doing the programming rather than just theorizing about it

A person capable of appreciating someone else's hacking

A person who picks up programming quickly

A person who is an expert at a particular programming language or system.

But in the minds of everybody, today a hacker is someone who is goal is to exploit vulnerabilities in the system or network to find weakness in order to steal information or shutting down services.

Hackers can be classified in four different categories:

Black-hat Hacker: also call cracker, are individuals people trying to get in a system without the permission in order to do something malicious or destructive activities.

White-hat Hacker: are people trying to find any weakness in a system to prove their skill or as challenge. They will make no damage and most of the time; try to alert the owner of the system about the weakness they used.

Grey-Hat hacker: they are a mix of black-hat and white hat; sometimes they do no damage and is only about the challenge, other times it is for malicious activities.

Ethical Hacker: are people with high skill engaged by a company to find weakness in the system before someone using it for any malicious intention. They need to have an authorization from the company before doing any attack.

Ethical Hacking

What is ethical hacking?

Today almost everyone use Internet and computer security has become a major concern for Businesses Company and government.

In their search for a way to approach the problem, organizations realize that one of the best ways to evaluate the intruder threat would be to have independent computer security professionals (also call ethical hacker) attempt to break into their computer systems and employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information.

Instead, they would evaluate the target systems security and report back to the owners with the vulnerabilities they found and instructions for how to fix them. It is important to remind than ethical hacking need a writing contract allow them to try to attack the system of a company. Regarding the location of the target, the law could be different.

In the United Kingdom, ‘’Computer Misuse Act’’ was the first law introduced to deal with computer security, it was publish in 1990. Today it is the ‘’Police and Justice Act’’ of 2006 that include an update of the computer Misuse Act 1990 which been apply. They are few laws, but also some direction from the European Union legislation.

Who are ethical hackers?

Ethical hackers have a strong computer knowledge including programming and networking. They should know how to maintain system that use popular operating system (e.g. Unix, Windows or Linux) usually used on target system. Detailed knowledge of hardware and software provided by popular computer and networking hardware vendors complement this basic knowledge. It is not always necessary that ethical hacker to be a security professional. However, it is an advantage to know how various systems maintain their security. These system management knowledge are necessary for actually vulnerability testing and preparing the report after the testing is carried out.

An ethical hacker should be one step ahead of the malicious hacker and possess immense patience and the capability of persistent concentration. A typical evaluation may require several days, perhaps even several weeks of analysis that the actual testing itself.

Finally, keeping up with the ever-changing world of computer and network security requires continuous education and review on part of the ethical hacker. An ethical hacker should use constructive method as opposed to destructive methods adopted by the malicious hacker. The intent behind an ethical hacker's actions is to protect and rectify the system of its vulnerabilities. An ethical hacker is convinced that he can change something by means of constructively using his skills. He is reliable and trustworthy since he might discover information about the organization that should remain secret. Sometime a black hat can become an ethical hacker.

What do ethical hackers do?

An ethical hacker is a person doing ethical hacking that is he is a security personal who tries to penetrate into a network to find if there is some vulnerability in the system. An ethical hacker will always have the permission to enter into the target network. An ethical hacker will first think with a mindset of a hacker who tries to get in to the system. An ethical hacker’s evaluation of a system’s security seeks answers to three basic questions:

What can an intruder see on the target systems?

What can an intruder do with that information?

Does anyone at the target notice the intruder’s attempts or successes?

When the client requests an evaluation, there is quite a bit of discussion and paperwork that must be done up front. The discussion begins with the client’s answers to questions similar to those:

What are you trying to protect?

What are you trying to protect against?

How much time, effort, and money are you willing to expend to obtain adequate protection?

A surprising number of clients have difficulty precisely answering the first question: a medical center might say "our patient information," an engineering firm might answer "our new product designs," and a Web retailer might answer "our customer database." It is really important to know what critical information cannot be public.

There are mainly five steps in hacking: reconnaissance, scanning, and gaining access, maintaining access and clearing tracks.

Reconnaissance

The literal meaning of the word reconnaissance means a preliminary survey to gain information. This is also known as foot-printing. This is the first stage in the methodology of hacking. This is the stage in which the ethical hacker collects information about the company which the personal is going to hack. This is one of the pre-attacking phases.

Reconnaissance can be passive meaning without directly interact with the target, for example searching information into public records, or news or even job advertisement.

In other hand reconnaissance can be active, that involves interaction with te target directly by any means. It can be calling the help desk or technical department, or rummage through rubbish bins.

Scanning

Scanning is the second phase in the ethical hacking methodology in which the hacker tries to make a blue print of the target network. The blue print includes the IP addresses of the target network which are live, the services which are running on those systems and so on. Usually the services run on predetermined ports.

There are different tools used for scanning like diallers, port scanner, network mapping, sweeping, and vulnerability scanner.

Gaining access

This is the actual hacking phase in which the ethical hacker gains access to the system. The hacker will make use of all the information he collected in the pre-attacking phases. Usually the main hindrance to gaining access to a system is the passwords.

System hacking can be considered as many steps. First the hacker will try to get in to the system. Once he gets in to the system the next thing he wants will be to increase his privileges so that he can have more control over the system. As a normal user the hacker may not be able to see the confidential details or cannot upload or run the different hack tools for his own personal interest.

The attacker exploits the vulnerability in the system during the reconnaissance and scanning phase are now exploited to gain access to the target system.

To gain access, the ethical hacker can use for example a buffer overflows exploit, a denial of service, hijack a session, cracking a password.

Maintaining access

No the ethical hacker is inside the system by some means, this means that he is now in a position to upload some files and download some of them. Attackers may prevent the system from being owned by other attackers by securing their exclusive access with Backdoors, RootKits, or Trojans.

Attackers can upload, download, or manipulate data, applications, and configurations on the owned system.

Clearing Tracks

Whenever a hacker downloads some file or installs some software, its log will be stored in the server logs. So in order to cover their tracks and avoid detection by security personnel, hacker have to clear any log. He can use different way to keep an access without been detected for example with tunnelling or steganography.

Example of ethical hacking

Introduction

An ethical hacker cannot try to hack any company, he need a written authorization. In order to demonstrate how an ethical hacker will proceed, witch tool can be use and how, this report will not demonstrate how to attack one company, but several at the same time, to explain every way possible.

Step 1: Reconnaissance

This is the most important step. The hacker will try to get much information as he can get. Exploring the website of the target can be the beginning. Using Google to find specific file are also a popular technique, as you can see on the follow screenshot, you can find critical information such as password. With the search: "filetype:sql insite:pass site:tokiko.co.uk" we can file a dump of the SQL database of a specific website

Also using the job advertisement for a specific company can provide a lot of information. If we analyze the following job advertisement, we can learn for example than the company COAL using CISCO and JUNIPER device. We can also see what specific device, Cisco 3750, 3800, 7200, 6500, Nexus, Juniper Firewall SSG-20, SSG-550, SSG-100, and NS5400. With this information we can search on a website like http://www.exploit-db.com/ an exploit available for these devices, or maybe search on http://www.routerpasswords.com/ the default password for these devices if the company does not change it.

An hacker can get a lot information using tool such as WHOIS or other DNS interrogation. This tool interrogate public database. They are many software to do this query, but the result will always be the same. For example a query on the domain "tesco.com" will give the following result:

Registrant:

Domain Administrator

Tesco PLC

New Tesco House Delamare Road

Cheshunt Herts EN8 9SL

UK

+44.1992632222 Fax: +44.1992646100

Domain Name: tesco.com

Registrar Name: Markmonitor.com

Registrar Whois: whois.markmonitor.com

Registrar Homepage: http://www.markmonitor.com

Administrative Contact:

Domain Administrator

Tesco PLC

New Tesco House Delamare Road

Cheshunt Herts EN8 9SL

UK

+44.1992632222 Fax: +44.1992646100

Technical Contact, Zone Contact:

Domain Administrator

Tesco PLC

New Tesco House Delamare Road

Cheshunt Herts EN8 9SL

UK

+44.1992632222 Fax: +44.1992646100

Created on..............: 1994-12-19.

Expires on..............: 2015-12-18.

Record last updated on..: 2013-01-07.

Domain servers in listed order:

pdns194.ultradns.co.uk

pdns194.ultradns.org

pdns194.ultradns.info

pdns194.ultradns.biz

pdns194.ultradns.net

pdns194.ultradns.com

With this query we can find the administrative contact of who handle the domain, this information can be very helpful to make a social engineering attack for example call the help desk.

If the company is big enough, we can search on the RIPE database, who allocates the IP range. With this information we can know every public IP who use the company in order to perform scanning to locate the weakness server.

A query on a specific IP 86.30.250.33 can provide all the range of IP address allocates to this company.

% This is the RIPE Database query service.

% The objects are in RPSL format.

%

% The RIPE Database is subject to Terms and Conditions.

% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.

% To receive output for a database update, use the "-B" flag.

% Information related to '86.0.0.0 - 86.31.255.255'

inetnum: 86.0.0.0 - 86.31.255.255

netname: UK-NTLI-20050329

descr: Virgin Media Limited

country: GB

org: ORG-NI9-RIPE

admin-c: NNMC1-RIPE

tech-c: NNMC1-RIPE

status: ALLOCATED PA

remarks: For abuse notifications please file an online case @ http://www.virginmedia.com/netreport

mnt-by: RIPE-NCC-HM-MNT

mnt-lower: AS5089-MNT

mnt-routes: AS5089-MNT

source: RIPE #Filtered

Step 2: Scanning

Scanning is the first active step than a hacker will do. They are a lot of tool to do that, but the more efficient is NMAP. On the following screen we can see what service are running on a specific host when the scan is done.

With the specific option we can even see the version of the software running:

Mitec Network Scanner is another scanning tool, only work on Windows OS. It can performs ping sweep, scans for open ports, resource share and services.

http://images.snapfiles.com/screenfiles/mitecscan.gif

Another common category tool for scanner is ‘’banner Grabbing’’, like telnet. You can obtain information as the type of web server use. For example using the command ‘’telnet w3techs.com 80’’ and sending the command ‘’HEAD / HTTP/1.0’’ we can see the version of the server is Apache 2.2.22.

Step 3: Gaining access

Step4: Maintaining access

Step5: Clearing Tracks

Conclusion

I will provide a final year report regarding to my subject How to secure BGP. In this document, I will talk about how works protocols, how to apply it and what are the best practice to use it. I will also give any configurations done on simulator or real routers.

Police and Justice Act 2006

Includes an update (in Part 5) to the Computer Misuse Act 1990.

http://www.legislation.gov.uk/ukpga/2006/48/contents

The Computer Misuse Act 1990

Prohibition of unauthorised access by both internal and external users.

http://www.legislation.gov.uk/ukpga/1990/18/contents