1.

Introduction to Ethical
Hacking and Penetration Testing
1.1 Overview of Ethical Hacking
Ethical hacking is the process of legally breaking into systems to find and fix
vulnerabilities, ensuring security compliance with laws like the Computer Fraud
and Abuse Act (CFAA) and GDPR, while adhering to a strict code of ethics.
Example: A security consultant is hired to test a company’s network for
weaknesses by simulating a cyberattack or a bug bounty hunter getting paid for
reporting security vulnerabilities to organization bug bounty programs.

1.2 Types of Hackers

Hackers are categorized by intent:

White Hat: Ethical hackers who secure systems.Example: A cybersecurity

professional hired to test defenses.

Black Hat: Malicious hackers who exploit systems for personal gain.Example:
A hacker breaking into a bank's system to steal money.

Grey Hat: Hackers who sometimes violate laws but without malicious
intent.Example: A hacker discloses a vulnerability without permission but
doesn't exploit it.

1.3 Types of Penetration Testing

Black Box: The tester has no prior knowledge of the system.Example: A
simulated attack from an external threat.

White Box: The tester has full knowledge of the system.Example: Testing with
full access to source code and infrastructure.

Gray Box: The tester has limited knowledge, often from a user
perspective.Example: An employee-level attack simulation.

1. Introduction to Ethical Hacking and Penetration Testing 1

 External vs Internal Testing: External focuses on outside attacks, while
internal simulates threats from within the organization.Example: Testing
firewall security (external) vs insider threat detection (internal).

Vulnerability Scanning vs Penetration Testing: Scanning identifies potential

vulnerabilities, while penetration testing actively exploits them.Example:
Running Nessus for vulnerabilities vs manually attempting to exploit them.

1.4 Penetration Testing Process:

1. Pre-Engagement
The pre-engagement stage is where the main commitments, tasks, scope,
limitations, and related agreements are documented in writing. During this
stage, contractual documents are drawn up, and essential information is
exchanged that is relevant for penetration testers and the client, depending on
the type of assessment.
Scope: 10.10.110.0/24, web server - cybrom.com
Out of Scope[Not to test]: 10.10.110.2, admin.example.com

2. Information Gathering/Reconnaissance/Enumeration
Information gathering is an essential part of any assessment. Because
information, the knowledge gained from it, the conclusions we draw, and the
steps we take are based on the information available.

3. Vulnerability Assessment

The next stop on our journey is Vulnerability Assessment , where we use the
information found to identify potential weaknesses. We can use vulnerability
scanners that will scan the target systems for known vulnerabilities and
manual analysis where we try to look behind the scenes to discover where the
potential vulnerabilities might lie. CVE - Common vulnerabilities and Exposures

Tools : nikto, nessus, rapid7, nmap etc.

4. Exploitation

Exploitation is the attack performed against a system or application based on

the potential vulnerability discovered during our information gathering and

1. Introduction to Ethical Hacking and Penetration Testing 2

 enumeration. We use the information from the Information Gathering stage,
analyze it in the Vulnerability Assessment stage, and prepare the potential
attacks. Often many companies and systems use the same applications but
make different decisions about their configuration. This is because the same
application can often be used for various purposes, and each organization will
have different objectives.

5. Post-Exploitation

In most cases, when we exploit certain services for our purposes to gain
access to the system, we usually do not obtain the highest possible privileges.
Because services are typically configured in a certain way "isolated" to stop
potential attackers, bypassing these restrictions is the next step we take in this
stage. However, it is not always easy to escalate the privileges. After gaining
in-depth knowledge about how these operating systems function, we must
adapt our techniques to the particular operating system and carefully study
how Linux Privilege Escalation and Windows Privilege Escalation work.

6. Lateral Movement

Lateral movement is one of the essential components for moving through a

corporate network. We can use it to overlap with other internal hosts and
further escalate our privileges within the current subnet or another part of the
network. However, just like Pillaging , the Lateral Movement stage requires
access to at least one of the systems in the corporate network.

7. Proof-of-Concept
The Proof-Of-Concept ( POC ) is merely proof that a vulnerability found exists. As
soon as the administrators receive our report, they will try to confirm the
vulnerabilities found by reproducing them.

8. Post Engagement

The Post-Engagement stage also includes cleaning up the systems we exploit so

that none of these systems can be exploited using our tools. For example,
leaving a bind shell on a web server that does not require authentication and is
easy to find will do the opposite of what we are trying to do. In this way, we
endanger the network through our carelessness.

1. Introduction to Ethical Hacking and Penetration Testing 3

 A Penetration Test ( Pentest ) is an organized, targeted, and authorized attack
attempt to test IT infrastructure and its defenders to determine their susceptibility
to IT security vulnerabilities. A pentest uses methods and techniques that real
attackers use. As penetration testers, we apply various techniques and analyses
to gauge the impact that a particular vulnerability or chain of vulnerabilities may
have on the confidentiality, integrity, and availability of an organization's IT
systems and data.
A pentest aims to uncover and identify ALL vulnerabilities in the systems under investigation

Other assessments, such as a red team

and improve the security for the tested systems.

assessment , may be scenario-based and focus on only the vulnerabilities leveraged

to reach a specific end goal (i.e., accessing the CEO's email inbox or obtaining a
flag planted on a critical server).
Vulnerability analysis is a generic term that can include vulnerability or security
assessments and penetration tests. In contrast to a penetration test, vulnerability
or security assessments are performed using purely automated tools. Systems are
checked against known issues and security vulnerabilities by running scanning
tools like Nessus, Qualys, OpenVAS, and similar. In most cases, these automated
checks cannot adapt the attacks to the configurations of the target system. This is
why manual testing conducted by an experienced human tester is essential.

1.5 Setting Up a Lab Environment

A secure lab environment is essential for ethical hacking practice, enabling safe
simulations without harming real systems.

Installing Kali Linux: Kali Linux is a specialized operating system designed for
penetration testing with built-in security tools like Nmap and Metasploit.

Example: Kali Linux is used to run network scans and attempt system exploits
in a safe, controlled setting. It contains quite a lot tools which can be helpful
during our penetration testing journey.

Virtual Machines (VirtualBox, VMware): Virtual machines allow the creation

of isolated environments where you can run multiple operating systems
simultaneously for testing.

Example: Using VirtualBox to run both a Windows machine as the target and
Kali Linux as the attacking machine.

1. Introduction to Ethical Hacking and Penetration Testing 4

 Introduction to Penetration Testing Platforms (Hack The Box, TryHackMe,
Portswigger Labs): These platforms provide real-world scenarios to practice
hacking techniques in a guided, legal, and safe environment.

Example: A beginner solving challenges on Hack The Box to improve skills in

exploiting web applications.

Setting up Metasploitable 2 for System/Network/Web Hacking: This will help

student in attacking the controlled environment for learning purpose.
Reference link for installation is here

1. Introduction to Ethical Hacking and Penetration Testing 5