Ethical Hacking

1. Footprinting and Reconnaissance

Footprinting is the first phase of ethical hacking. It involves gathering information about the
target system or network, which can be used to identify potential vulnerabilities. The information
gathered in this phase is often used for planning an attack or penetration test.
Types of Footprinting:
•Passive Footprinting: The hacker gathers information without directly interacting with the
target. This may include gathering data from publicly available sources such as social media,
domain registration data, WHOIS records, websites, etc.
•Active Footprinting: In this case, the hacker directly interacts with the target system (e.g.,
pinging the target, scanning IP ranges) to collect information like network topology, live systems,
and open ports.
Common Tools for Footprinting:
•WHOIS lookup tools: Provides domain registration information.
•DNS Queries: Allows information about domain names and their relationships to IP addresses.
•Google Hacking: Searching for sensitive data using Google’s advanced operators.
•Social Media: Gathering information through LinkedIn, Facebook, Twitter, etc.
2. Scanning Networks
Network Scanning refers to the process of identifying active devices on a network and mapping
the network to discover vulnerabilities. This phase follows footprinting and is crucial for
identifying which systems are alive, what services they are running, and what security measures
are in place.
Types of Network Scanning:
•Ping Sweep: A scan to identify live hosts on a network by sending ICMP (ping) requests.
•Port Scanning: Scanning a range of ports on a target system to see which ports are open and
what services they correspond to (e.g., HTTP on port 80, FTP on port 21).
•Vulnerability Scanning: Scanning for weaknesses or misconfigurations in the system.

Common Tools for Network Scanning:

•Nmap: A powerful tool for network discovery and security auditing. It can detect live hosts,
open ports, and services.
•Angry IP Scanner: A network scanning tool for detecting IP addresses within a given range.
•Netcat: A networking utility that reads and writes data across network connections.
3. Enumeration
Enumeration is the process of extracting detailed information about a target system once it has
been identified as a valid target. It involves extracting usernames, group names, shares, services,
and other details that might help in launching attacks.
Types of Enumeration:
•DNS Enumeration: Gathering information about DNS records, domain names, and related
services.
•NetBIOS Enumeration: Extracting information related to Windows-based systems (like user
accounts and shared resources).
•SMB Enumeration: Enumerating shared resources and users over the SMB protocol (used in
Windows networks).
Common Tools for Enumeration:
•Netstat: Can show the active network connections and listening ports.
•Enum4linux: A tool for enumerating information from Windows systems using SMB.
•SNMPwalk: Extracts information from a network device using the Simple Network Management
Protocol (SNMP).
•Nmap Scripts: Nmap has several scripts designed for enumeration tasks (e.g., SMB, HTTP, etc.).
4. System Hacking
System Hacking refers to gaining unauthorized access to a system and its resources. This involves
various techniques to bypass system defenses and achieve root or administrative access.
Phases of System Hacking:
1.Gaining Access: This involves exploiting vulnerabilities (such as weak passwords, outdated
software, misconfigurations, etc.).
2.Escalating Privileges: After initial access, the attacker seeks to gain higher-level privileges (admin
or root access).
3.Maintaining Access: To avoid detection, attackers might install backdoors, trojans, or create new
user accounts to maintain access.
4.Clearing Tracks: Attackers erase logs, files, and other evidence of their presence to avoid
detection.
Common Techniques:
•Brute Force Attacks: Guessing passwords using automated tools (e.g., Hydra).
•Exploiting Vulnerabilities: Using known exploits in software or systems (e.g., buffer overflow
attacks).
•Privilege Escalation: Exploiting a misconfigured system or software flaw to gain higher privileges.
5. Malware Threats
Malware (malicious software) refers to any software designed to harm, exploit, or otherwise
compromise a system. Malware can be used to gain unauthorized access, steal data, or disrupt
system operations.
Types of Malware:
•Viruses: Malicious code that attaches to programs or files and spreads to other systems.
•Worms: Self-replicating programs that spread without user intervention.
•Trojans: Software that pretends to be benign but performs malicious actions once executed.
•Ransomware: Malware that encrypts files and demands payment for decryption.
•Spyware: Software that secretly monitors user activity and collects personal information.
•Adware: Software designed to display unwanted ads or collect browsing data.
Malware Analysis Tools:
•Wireshark: A network protocol analyzer used to monitor suspicious network traffic.
•IDA Pro: A disassembler and debugger used to analyze the behavior of malicious code.
•Cuckoo Sandbox: A tool for automated malware analysis in an isolated environment.
6. Sniffing
Sniffing refers to capturing and analyzing network traffic, often to collect sensitive data such as
login credentials, emails, or other confidential information. Attackers can use sniffing to intercept
communication between a user and a server.
Types of Sniffing:
•Packet Sniffing: Capturing all network packets passing through a network, including passwords,
credit card numbers, and other sensitive data.
•Man-in-the-Middle Attacks: An attacker intercepts and possibly alters communication between
two parties.
•Session Hijacking: Taking control of a web session after intercepting session cookies or tokens.
Sniffing Tools:
•Wireshark: A popular tool for analyzing network traffic, including protocols like HTTP, FTP, and
DNS.
•Tcpdump: A command-line tool for capturing network packets.
•Cain & Abel: A tool that can be used for password cracking, sniffing, and other network security
tasks.
7. Email Tracking
Email Tracking refers to monitoring the activity of an email after it has been sent. Ethical hackers
use email tracking techniques to identify and understand the behavior of malicious emails, track
the recipient’s interaction with the email, and detect phishing attacks.
Methods of Email Tracking:
•Tracking Pixels: A small, invisible image embedded in the email. When the email is opened, the
pixel is loaded, providing information about when and where the email was read.
•Read Receipts: A notification sent by the email client to the sender when the email is opened
(though often disabled by users).
•Link Tracking: Monitoring if and when a recipient clicks on a link within the email.
Common Tools for Email Tracking:
•Mailtrack: A popular tool for tracking Gmail emails.
•Bananatag: A tool for tracking email opens, clicks, and replies.
•Yesware: A tool that provides analytics on email opens and interactions.
END