INTRODUCTION
WHAT
IS ETHICAL HACKING ?
So
hacking is the process of finding vulnerabilities in a system and using these
found vulnerabilities to gain unauthorized access into the system to perform
malicious activities ranging from deleting system files or stealing sensitive
information hacking is illegal and can lead to extreme consequences if you're
caught in the act people have been sentenced to years and years of imprisonment
because of hacking ,nonetheless hacking can be legal if done with permission
computer experts are often hired by companies to hack into their systems to
find out vulnerabilities and weak end points so that they can be fixed this is
done as a precautionary measure against legitimate hackers who have malicious
intents such people who hack into a system with permission without any
malicious intent are known as ethical hackers and the process is known as
ethical hacking so now that we know exactly what ethical hacking is and who
ethical hackers are let's go over.
TYPES OF HACKERS
1)WHITE HAT HACKERS
White
hat hackers is another name for an ethical hacker they hack into a system with
prior permission to find out vulnerabilities ,so that they can be fixed before
a person which malicious intents finds them and does his job with it ,after
that we have
2)BLACK HAT HACKERS
Now
black hat hackers also known as crackers are those who hack in order to gain
unauthorized access to a system and harm its operations or steal sensitive
information ,black hat hacking is illegal and has always been illegal , because
of it's malicious intent which includes stealing corporate data violating privacy
damaging the system blocking network communications and much more.
3)GREY HAT HACKERS
Now
grey hat hackers are a blend of both black hat and white hat hackers they act without
malicious intent but for their own fun they exploit security weakness in a
computer system or network without the owner's permission or knowledge ,their
intent is to bring the weakness, the attention of the owners and getting appreciation
in form of a little bounty from the owners ,now last but not the least.
4) SUICIDE HACKER
A suicide hacker is a person who works with the intent to bring down major corporations
and infrastructure these kinds of hackers are not scared of the consequences of
their actions as they mostly work with vengeance in their mind these people are
also called “Hacktivists” because
they mostly utilize the technology to announce a social ideological reform or some
religious reform or a political message and general most hacktivism involves
website deaf games or denial of service.
so
now that we've discussed the different kinds of hackers that are there let’s
move to different types of hacking now we can segregate hacking into different
types depending on what the hacker is trying to achieve.
TYPES OF HACKING
1)COMPUTER HACKING
We
have computer hacking so this is the process of stealing the computer ID and
password by applying hacking methods and getting unauthorized access to a
computer system.
2)PASSWORD HACKING
This
is the process of recovering secret passwords from data that has been stored in
or transmitted by a computer system.
3)EMAIL HACKING
Now
this includes gaining unauthorized access to an email account and using it without
taking the permission of it’s owner for sending out spam links third-party
threats and other such harmful activities.
4)NETWORK HACKING
Now
hacking a network means gathering information about a network using a tool like
telnet ,NS lookup ,ping ,tracer or net stap now these are done with the intent
to harm the network system and/or hamper it’s operations.
5)WEBSITE HACKING
Now hacking a website means taking unauthorized control over web servo and its associated software such has a database and other interfaces.
Now hacking can also be segregated into many more classifications but these are the five major types of hacking that exist today okay now like every discipline out there in the world ethical hacking too is divided into distinct phases ethical hacking has six distinct phases now these phases are not strict rules but more like a guide line to be followed.
PHASES OF ETHICAL HACKING
1)RECONNAISSANCE
Reconnaissance
is the process of information gathering in this phase the hacker gathers
relevant information regarding the target system these include detecting
services operating system packet hops to reach the system IP configurations etc
and for this purpose vary stools like N map and Google Docs are used for
recognition purposes.
2)SCANNING
In
the scanning phase the hacker begins to actively probe the target machine or network
for vulnerabilities that can be exploited tools like nessuss, nex pose and N
map are widely used by hackers and ethical hackers a like in this process.
3)GAINING ACCESS
Now
in this phase the vulnerability located during scanning is exploited using
various methods and hackers try to enter the target system without raising any
alarm the primary tool that is used in this process is called Metasploit.
4)MAINTAIN ACCESS
Now this is one of the most integral phases in this phase the hacker installed as various back doors and payloads onto the target system just in case you don't know payload is a term used for activities performed on system after gaining unauthorized access to it secondly back doors help the hackers gain quicker access onto the target system in the future whenever they want to do so.
5)CLEARING TRACKS
Now
this part is an unethical activity it has to do with the deletion of logs of
all the activities that take place during the hacking session none the less ethical
hackers still have to perform this fails to demonstrate how a black hacker
would go about his activities on the system that is being taggers.
6)REPORTING
Reporting is the last step of finishing the ethical hacking process here the ethical hacker compiles a report with his findings and the job that was done such as tools used the success rate vulnerabilities found and exploit processes.
Reconnaissance is of two types active and
passive.
Active Reconnaissance refers to the process when you
the hacker directly interact with the computer system to gain information this
information can be relevant and accurate but there is a risk of getting detected
if you're planning active reconnaissance without permission if you are detected
then system admin can take severe actions against you and trail your subsequent
activities.
Passive Reconnaissance is exactly the opposite of active
reconnaissance that means you the hacker don't have any direct interactions
with the computer this process is used to gather essential information without
ever interacting with the target system.
Now getting deeper into reconnaissance we can
talk about two more things.
FOOT PRINTING
Foot
printing is basically the first step where a hacker gathers as much information
as possible to find the ways to intrude it to a target system or at least
decide what types of attacks will be more suitable for the target now foot
printing is a part of reconnaissance which is used for gathering possible information
about targets computer system or network foot printing could be both passive
and active for example reviewing a company's website is a very good example of
passive foot printing whereas attempting to gain access to sensitive
information through social engineering is an example of active information
gathering or after foot printing now during this phase an ethical hacker can
collect some information like the domain name the IP address ,name, spaces,
employee information ,phone numbers ,emails and job information.
now let me just tell you guys how easily foot
printing can be done from your own computer now you as a user ,can extract the
basic and easily accessible information about any computer system or network
that is linked to the Internet general foot printing can be done by anybody in
all honesty.
No comments:
Post a Comment