The Comprehensive Guide to Ethical Hacking
1:Phase of pentesting
PenTest, like forensics, is almost as much an art as
it is a science – you can only be taught so far, technical techniques and tools
are all very well, but you really need a mind that can think sideways and
approach a task from as many angles as possible
2:Footprinting
Tools and tricks to get the information about the
computer,ip and mac address,related user and system.
3:Scanning
Before starting the pentesting,pentester must have
some information about network and system.so pentester scan the entire network
with some tool like nMap,zenmap,ping and hping etc
4:Enumeration
During the enumeration phase, possible entry points
into the tested systems are identified. The information collected during the
reconnaissance phase is put to use.
5:System Hacking
System hacking login to system without credentials
not only bypass the credentials but also you can work in system as root user by
privilege escalation.
6:Trojans
It is a generally non-self-replicating type of
malware program containing malicious code.A Trojan often acts as a backdoor,
contacting a controller which can then have unauthorized access to the affected
computer.While Trojans and backdoors are not easily detectable by themselves,
computers may appear to run slower due to heavy processor or network usage
7:viruses and worms
A computer virus attaches itself to a program or
file enabling it to spread from one computer to another, leaving infections .a
worm is its capability to replicate itself on your system, so rather than your
computer sending out a single worm, it could send out hundreds or thousands of
copies of itself, creating a huge devastating effect.
8:Sniffing Traffic
It is a program that monitors and analyzes network
traffic, detecting and finding problems.Various technique and tool is used for
sniffing like kali linux MITM attack,tshark,urlsnarf etc
9:Social engineering
In this technique,ethical hacker create the phishing
page of website to obtain credential of users.
10:Denial of service
A DoS attack generally consists of efforts to
temporarily interrupt or suspend or down the services of a host connected to
the Internet.
11:Session Hijacking
It is used to gain unauthorized access to information
or services in a computer system.Session hijacking is also known as man in the
middle attack.This can be performed with the help of kali linux which is based
on debian linux.
12:Hacking Web Servers
Web server can be hacked by varios ways like Denial
of Service Attacks,Domain Name System Hijacking,Phishing etc.List of tool to
hack web server are Metasploit,Mpack,Zeus etc
13:Webapplication
Webapplication is used to intercept the proxy,as an
intruder,as an repeater etc after hacking the website webapplication is used to
upload injecton and script in website like populer c99 injection.
14:SQL Injection
SQL injection is used to insert the qwery and
confuse the database of system to gain unauthorised access.Hackers use sql
injection to extract the data from website without credential Eg ‘or’‘=’
15:Wireless
In this user get to know about the type of wireless
interface and how to expoit the different type of security encryption like wep
,wpa,wpa2 etc
16:Mobile hacking
users know ,how to sniff the nework using mobile
,hack another user smartphone and extract the data from smartphone,how to root
the smartphone etc.
17:IDS,Firewell and Honeypots
IDS stands for Intrusion detection system.IDS is a device or software application that
monitors network or system activities.Firewell is used to set rule to inbound
and outbound traffic.There are two types of firewell software and
hardware.software firewell is cheap as compare to hardware firewell.
18:Buffer Overflows
A buffer overflow condition exists when a program
attempts to put more data in a buffer than it can hold.Normally this is due to
the vulnerability in drivers of system as when driver start performing
improperly then system get crashed and blue screen appear on the screen.
19:Cryptography
Cryptography is the study and application of
techniques that hide the real meaning of information by transforming it into
non human readable formats and vice versa.The process of transforming
information into non human readable form is called encryption.
The process of reversing encryption is called
decryption.
Decryption is done using a secret key which is only
known to the legitimate recipients of the information
0 Comments:
Post a Comment