Sei sulla pagina 1di 18







November, 2012

I. II. Title Page Table of Contents
Page no







Today more and more software are developing and people are getting more and more options in their present software. But many are not aware that they are being hacked without their knowledge. One reaction to this state of affairs is a behavior termed Ethical Hacking" which attempts to proactively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties (1999, eric cole). A good ethical hacker should know the methodology chosen by the hacker like reconnaissance, host or target scanning, gaining access, maintaining access and clearing tracks. For ethical hacking we should know about the various tools and methods that can be used by a black hat hacker apart from the methodology used by him. From the point of view of the user one should know at least some of these because some hackers take advantages of those who are not aware of the various hacking methods to hack into a system. Also when thinking from the point of view of the developer, he also should be aware of these since he should be able to close holes in his software even with the usage of the various tools. With the advent of new tools the hackers may make new tactics. But at least the software will be resistant to some of the tools. The term ethical means an authorized person that seek permission of an organization for penetrating into their system for increasing the security and strength of the organization against being hacked by black hat hacker(2000 Farmer & Venema). The term hacker has a different usage in the computer industry today. Originally, the term was defined as: A hacker is a person who enjoys learning the details of computer system and how to stretch their capabilities or a person who is interested in a particular subject and have an immense knowledge on that subject(2001 C.C Palmer). In the world of computers a hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers with advance knowledge of operating systems and programming languages. Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it (1991 Eric S. Raymond).

OBJECTIVES The aim and objectives of this research work is to understand the methods and techniques used by the black hat hackers so that ethical hacker can protect the system or networks against their attack. To understand the various tools used by the ethical hackers. To defend the network with the strategies obtain in the methodology of hacking. To understand the various attacked that can be launched against system or network.

PROBLEM STATEMENT People are already aware that black hat hackers are computer vandals who damages system files after breaking into servers, make and releases viruses, deface web sites, and a whole lot more, the damaged caused by black hat hacker which range from commercial to government sites, national to international, and entertainment to not-for-profit sites. No one is safe. No market has been spared from hacking. Any company can be hacked if it is connected to the Internet, no matter where it is or what it does. MOTIVATION After some research on the proposed topic above it was discovered that with the growth of the Internet, computer security has become a major concern for businesses and governments. They want to be able to take advantage of the Internet for electronic commerce, advertising, information distribution and access, and other pursuits, but they are worried about the possibility of being hacked. At the same time, the potential customers of these services are worried about maintaining control of personal information that varies from credit card numbers to social security numbers and home addresses. In the search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these tiger teams or ethical hackers would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them. This method of evaluating the security of a system has been in use from the early days of computers (2001 C.C. Palmer). DEFINATION OF TERMS Hackers: A person who enjoys learning the details of computer systems and how to stretch their capabilities, hackers are individual whose have detailed knowledge of computer skill and programming knowledge for compromising a machine.

Crackers: these are individual who use their hacking skill for malicious purpose, meaning that they use their knowledge to break into someone system, by altering a file, compromising the system with viruses. They are computer criminals. Whitehat Hackers: These individuals perform ethical hacking to help secure companies and organizations. Their belief is that you must examine your network in the same manner as a criminal hacker to better understand its vulnerabilities. Blackhat Hackers: These are individual that uses their hacking skills for their own advantage by breaking into system illegally for purpose of stealing sensitive information such as credit card details, business secret, bank account, mother maiden name etc. Grayhat Hackers: These are individuals typically follow the law but sometimes venture over to the darker side of blackhat hacking. It would be unethical to employ these individuals to perform security duties for your organization as you are never quite clear where they stand.

With the growth of computer networking, and of the Internet in particular, computer and network vulnerability studies become into existence outside of the military establishment. Most notable of these was the work by Farmer and Venema, which was originally posted to Usenet in December of 1993 (1993 Farmer, Venema). They discussed publicly, perhaps for the first time, this idea of using the techniques of the hacker to assess the security of a system. With the goal of raising the overall level of security on the Internet and intranets, they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so (1993 Farmer, Venema). They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. Farmer and Venema elected to share their report freely on the Internet in order that everyone could read and learn from it. However, they realized that the testing at which they had become so adept might be too complex, time-consuming, or just too boring for the typical system administrator to perform on a regular basis. For this reason, they gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program, called Security Analysis Tool for Auditing Networks, or SATAN, was met with a great amount of media attention around the world (1993 Farmer, Venema).

TYPES OF HACKERS:Hackers can be broadly classified on the basis of why they are hacking system or why they are indulging hacking. There are mainly three types of hacker on this basis. a. Black-Hat Hacker: A black hat hackers are individuals with extraordinary computing skills, resorting to malicious or destructive activities. That is black hat hackers use their knowledge and skill for their own personal gains probably by hurting others. These black hat hackers are also known as crackers b. White-Hat Hacker: white hat hackers are those individuals professing hacker skills and using them for defensive purposes. This means that the white hat hackers use their knowledge and skill for the good of others and for the common good. These white hat hackers are also called as security analysts or ethical hackers. c. Grey-Hat Hackers: These are individuals who work for both offensively and defensively at various times. We cannot predict their behaviour. Sometimes they use

their skills for the common good while in some other times he uses them for their personal gains.

ATTRIBUTES HACKER MUST POSSESS A person who enjoys learning details of a programming language or system A person who enjoys actually doing the programming rather than just theorizing about it A person capable of appreciating someone else's hacking A person who picks up programming quickly A person who is an expert at a particular programming language or system.

ADVANTAGES OF ETHICAL HACKING To help the organization in strengthen their computer security. To educate the staff on various kind of attack that can be used to compromise system. Ethical hacker will also detect if there is an attack under way before the attack took place, ethical hacker will find patches to the system or advice the organization for what they can do to stop the attack. To prevent malicious hacker from launching attack against the organization. To help the organization to detect and discovered who, when, what does the malicious hacker stole in the system. By doing so, this evidence can be used to prosecute the attacker.

DISADVANTAGES OF ETHICAL HACKING If the ethical hacker is not sincere to the organization with every exploit he found on the system might hide a back doors on the system and use it for his own advantages An angry ethical hacker might not be pleased with the agreement between him and the organization by using the exploit of confidential information against the organization. Information might be leaked to third parties carelessly from the security penetration tester.

METHODOLOGY OF HACKING As listed below they are mainly five steps in hacking like reconnaissance, scanning, gaining access, maintaining access and clearing tracks. But it is not the end of the process. The actual hacking will be a circular one. Once the hacker completed the five steps then the hacker will start reconnaissance in that stage and the preceding stages to get in to the next level. The various stages in the hacking methodology are:

Reconnaissance Scanning Gaining access Maintaining access Clearing tracks

RECONNAISSANCE The literal meaning of the word reconnaissance means a preliminary survey to gain information. This is also known as foot-printing. In this pre-attack phase ethical hacker gathers as much information about the target network or systems in as much information are publicly available on the internet. The information includes the domain names, locations contact information etc.

SCANNING Scanning is the second phase in the hacking methodology in which the hacker tries to make a blue print of the target network. It is similar to a thief going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked. The blue print includes the ip addresses of the target network which are live, the services which are running on those systems and so on. Usually the services run on predetermined ports. For example the web server will be making use of the port no 80. This implies that if the port 80 is open in a particular system we can understand that the targets web server is running in that host (2006 Hartley, Regina D).

GAINING ACCESS This is the actual hacking phase in which the hacker gains access to the system. The hacker will make use of all the information he collected in the pre- attacking phases. Usually the main hindrance to gaining access to a system is the passwords.

System hacking can be considered as many steps. First the hacker will try to get in to the system. Once he get into the system the next thing he want will be to increase his privileges so that he can have more control over the system. As a normal user the hacker may not be able to see the confidential details or cannot upload or run the different hack tools for his own personal interest (2006 Hartley, Regina D). TYPES OF ATTACK USED FOR GAINING ACCESS Session hijacking Spoofing

SESSION HIJACKING Session hijacking is the process of taking over an existing active session. One of the main reasons for hijacking a session is to bypass the authentication process and gain access to a machine. With session hijacking, a user makes a connection with a server by authenticating, which is done by providing his user ID and password. SPOOFING This is the act of impersonating a legitimate user that has access to the system. It is considered as a passive attack because the hacker does not have to take the authenticated user down but just by impersonating the user. In this example below, the server have a trust relationship with Bob, the attacker impersonate Bob and tell the server I am Bob.

MAINTAINING ACCESS Now the hacker is inside the system by some means by password guessing or exploiting some of its vulnerabilities. This means that he is now in a position to upload some files and download some of them. The next aim will be to make an easier path to get in when he comes the next time. This is analogous to making a small hidden door in the building so that he can directly enter in to the building through the door easily. In the network scenario the hacker will do it by uploading some software like Trojan horses, sniffers, key stroke loggers etc. (2006 Hartley, Regina,D).

CLEARING TRACKS This is the final step in the hacking methodology. There is a saying that everybody knows a good hacker but nobody knows a great hacker. This means that a good hacker can always clear tracks or any record that they may be present in the network to prove that he was here (2006 Hartley, Regina,D). Whenever a hacker downloads some file or installs some software, its log will be stored in the server logs. So in order to erase the tools that the hacker has used. He needs to clear all the tracks.

An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities and reports those vulnerabilities instead of using them for their own advantage. Ethical hacking, also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target permission. The intent of ethical hacking is to discover vulnerabilities from a hacker viewpoint so systems can be better secured. In this report I am going to discuss the various tools used by the ethical hacker, we have discussed the five phases and methodology of hacking in chapter two which include reconnaissance, scanning, gaining access, maintaining access, clearing of tracks. Each step required specific software or tools used to perform the job. Let discuss the tools one by one.


This are tools to perform footprint of a target network to gather as much information that was made public by running a Whois query about a particular network. Such as the range of the network, the domain name, visual route of the network meaning that where the server was located, the interesting thing to note is that we can even use the simple googling as a footprinting tool. Some of the tools used for this are: Google Samspade etc

GOOGLE Google is one of the most famous search engines used in the Internet. Using some kind of specialized keywords for searching we can find as much information that is put in publicly. For example if we use some keywords like for internal use only followed by the targets domain name we may get many such useful information. Sometimes even if the company actually removed from its site, it sometimes get preserved in the Google`s caches. Sometimes even the job advertisement in Internet can also be used in footprinting.

For example if some company is looking for professional who are good in oracle database, this can be telling to the world that they are using the oracle database in their company. This can be helpful for the hacker since he can look for the vulnerabilities of that particular object. One of the main advantages of Google is its advanced search option. The advanced search have many options like searching for particular domain, documents published after a particular period of time, files of particular format, particular languages etc.

SAMSPADE Samspade is a simple tool which provides us information about a particular host. This tool is very much helpful in finding the addresses, phone numbers etc. The below image 1.0 represents the GUI of the samspade tool. In the text field in the top left corner of the window we just need to put the address of the particular host. Then we can find out various information available publicly of a target domain. The information given may be phone numbers, contact names, IP addresses, email ids, address range etc. We may think that what is the benefit of getting the phone numbers, email ids, addresses etc. But one of the best ways to get information about a company is to just pick up the phone and ask the details. Thus we can get much information in just one click. Image 1.0


There are different tools used for scanning war dialing and pingers were used earlier but now are days, both could be detected easily and hence are not in much use. Modern port scanning uses TCP protocol to do scanning and they could even detect the operating systems running on the particular hosts. Some of the tools used for this scanning are:

War Dialer SuperScan NetBrute

WAR DIALING The war dialer is a hacking tool which is illegal and easier to find out. War dialing is the practice of dialing all the phone numbers in a range in order to find those that will answer with a modem. In earlier days the companies used to use dial in modems which their employees can dial in to the network. Just a phone number is enough in such cases. War dialing software makes use of this vulnerability. A war dialer is a computer program used to identify the phone numbers that can successfully make a connection with a computer modem. The program automatically dials a defined range of phone numbers and logs and enters in a database those numbers that successfully connect to the modem. NETBRUTE This tool is more like superscan that can either scan a domain or specified range of network and determined which systems are responding to ping. It also determined the hosts that are alive or death and the port that are running or open on each host. Below is a graphical image of NetBrute.

SUPERSCAN SuperScan is a powerful TCP port scanner that includes a variety of additional networking tools like ping, traceroute, HTTP HEAD, WHOIS and more. It uses multi- threaded and asynchronous techniques resulting in extremely fast and versatile scanning. You can perform ping scans and ports scans using any IP range or specify a text file to extract addresses from. Other features include TCP SYN scanning, UDP scanning, HTML reports, Stealthy scanning that make it hard to detect by Intrusion Detection System (IDS), built-in port description database, and Windows host enumeration, banner grabbing and more. image 2.0 below show a GUI of superscan tool.


In this phase this is when the real hacking begins by using the information we have gathered at the preliminary stage and the second stage to get into the system with different kind of techniques such as by logging in using null sessions. Most system has a built-in version of null session which the username will be null and password will be null This allow the hacker to performed some query about the system by gathering information about Group policy, Password Policy, Remote Account, Remote Support, Shared Resources, Authenticated Account running on the system and other information that can be used to compromised the system so that he can have more control over the system. Username and Password is the vital key to gain access to the system, so therefore we need some tools to get this done for us. Below are some tools that can do the job, such as:

Dictionary Cracking Brute Force Cracking Social Engineering

Dictionary cracking In this type of cracking there will be a list of various words like the persons children`s name, birthday etc. The automated software will then make use of these words to make different combinations of these words and they will automatically try it to the system. Brute force cracking This is another type of password cracking which does not have a list of pre compiled words. In this method the software will automatically choose all the combinations of different letters, special characters, symbols etc. and try them automatically. This process is of course very tedious and time consuming. IMAGE 3.0 show the GUI of brute force cracking software

Social Engineering The best and the most common method used to crack the password is social engineering. In this technique the hacker will come in direct contact with the user through a phone call or some way and directly ask for the password by impersonating a staff of the organization claiming he lost his password and ask for password reset.


In this stage the hacker wants to expand his privileges and upload some software into the system for some needs. In other to keep the software and other data to be hidden from the administrator and other usual user, the hacker use a tool called Wrapper to wrap his contents to some pictures. Now the hacker is in position to upload some files and download some of them. The next aim will be to make an easier path to get in when he comes the next time. By creating a hidden back door in the building, so that he can directly enter in to the building through the door easily. Below is some software to create the back door.


Tini Netcat Barkorffice etc.

Tini is a very tiny Trojan which just listens to the port 7777. So after introducing the tini into the target system, the hacker can send his commands to that port number. NETCAT Netcat is Trojan tool which run in background and listening to every port opening in the system and send report to the hacker without the consent of the administrator. He have the ability to connect to any local port and could start out bound or inbound TCP or UDP connections to or from any ports. It can even return an interface to the hacker through which the hacker can access the system. BACKORFFICE Barkorffice is Trojan program which have a client server architecture which means that the server part will reside in the target and the hacker can directly access the server with the knowledge of the user.


Hacker clear track for the possibilities of not being caught or being prosecute. There are various tools one can use to do this, but to mention a few below is one of the tool for clearing track and erase log in the system.

Winzapper This tool will make a copy of the log and allows the hackers to edit it. With this tool hacker just needs to select those logs to be deleted. Then after the server is rebooted the logs will be deleted.

This seminar is to make others understand that there are so many tools through which a hacker can get in to a system. There are many reasons for everybody should understand about this basic. So therefore company should provide a platform to educate their employees and the users to be security conscious by hardening the strength of their password by using combination of number, symbol and alphabet to make it harder and longer to be cracked. More so, people should often change their password interval by interval. For companies, they should be policy that clearly state rules for password and every possible security measures like Honey pots, Intrusion Detection Systems, Firewalls etc. should not be over emphasized. Finally and foremost companies should employ ethical hacker as far as security is concern and penetration testing should be perform at regular intervals.

1) 2) 3) 4) E. S. Raymond, The New Hackers Dictionary, MIT Press, Cambridge, MA (1991). D. Farmer and W.Z. Venema, Improving the Security of Your Site by Breaking into It, originally posted to Usenet (December 1993); it has since been updated and is now available at 5) Eric Cole Hacker Beware Publisher: New Riders Publishing (First Edition August 13, 2001) 6) 7) 8) C.C. PALMER IBM SYSTEMS JOURNAL VOL 40, NO 3, Published: 2001 Hartley, Regina D. (2006). Ethical Hacking: Teaching Students to Hack. (Doctoral Dissertation, East Carolina University, 2006).