October 22, 2020

Ethical Hacking Tutorial

If you ever wondered how to learn hacking, then today in this Ethical Hacking tutorial,...

If you ever wondered how to learn hacking, then today in this Ethical Hacking tutorial, you will be learning about the importance of Ethical Hacking, along with the various technologies and tools that can be used by ‘ethical’ or White Hat Hackers to gain access to a system, application, or data. If you always wanted to learn Ethical Hacking, then this online hacking tutorial will give you an idea about Ethical Hacking basics.

In this Ethical Hacking tutorial, we will be covering the following topics:

Let’s start this Ethical Hacking tutorial by first understanding the actual meaning of hacking.

 

What is Hacking?

Hacking is an unauthorized way to gain access to a system, and it is becoming a major area of concern with the advent of technology. Having said that, not only malicious hacking but Ethical Hacking is also becoming popular. Now, you might be wondering what Ethical Hacking is.

Check out this Ethical Hacking online tutorial video:

Hack on Twitter

Did you witness the latest cyberattack on Twitter? The attack targeted about 130 accounts, in which profiles of many prominent personalities and organizations were compromised.

The hackers were able to gain control of a small number of notable accounts and send questionable tweets from them. The accounts hacked were of Jeff Bezos (the founder of Amazon), Bill Gates (the co-founder of Microsoft Corporation), corporate accounts of Uber and Apple, Warren Buffet, and the rapper, Kanye West.

Source: Twitter

Summarizing, when someone makes use of the vulnerabilities in the code to bypass application security, it is called hacking.

So, how does a software company protect itself from getting hacked? Well, the answer is Ethical Hacking. Let’s understand more about it and learn Ethical Hacking in the next section.

 

What is Ethical Hacking?

Way back in the 1970s, big corporations hired a bunch of people they called the ‘tiger team’ to discover and solve vulnerabilities. The job of the tiger team was to hack, by any means necessary, the existing systems of the companies and then to share how they did the hack.

Later, this ‘hack’ was fixed by the security team.

The above method of first breaking the system by hiring ‘hackers’ and then fixing the security loophole is called Ethical Hacking.

An Example of Ethical Hacking

Let’s learn about Ethical Hacking more clearly using an example.

Let’s say you developed a social media app like Instagram. Once it was ready, you made it available on the Internet, and now, there are thousands of users using your app.

One fine day, your users start reporting that their profiles have gone public automatically. On closer introspection, you realize that your app was hacked using a loophole in the code that you missed out.

Now, let’s understand how to fix the above problem from not repeating. You can do two things:

  1. Try and identify how hackers gained access to your app, and try to fix that issue with your development team
  2. Hire some ‘Ethical Hackers.’ i. e., people who will take your permission before they hack your application, then will break into your system for more vulnerabilities, and later will tell you how they did it.

Which method sounds more appealing and less time-consuming? If you chose the second option, you are in consensus with a lot of CTOs of big organizations out there!

Summarizing, Ethical Hacking is the practice of purposely hacking an application or system of a company to find out the vulnerabilities which the company can fix and solve. Ethical Hacking is never performed without the company’s/software owner’s consent.

But, how do you differentiate between good and bad or ethical and unethical hackers? Let’s go ahead and understand.

Ethical Hacking Course

Types of Hackers

Essentially, there are three types of hackers:

  1. Black Hat Hacker: These are the notorious kind, people who do not take permissions and perform unauthorized hacks on systems with the intent of stealing the information or causing inconvenience to the general public.
  2. White Hat Hacker: These are the ‘Ethical Hackers’ we discussed. They hack systems by taking permission from the software/systems’ owners with the intent of making their security better.
  3. Grey Hat Hacker: These are people who do unauthorized hacks, but do not have the same intent as Black Hat Hackers. For example, they might inform the software owners about the vulnerabilities in exchange for money but are not hired by the companies in the first place.
Types of Hackers

Let’s take an example here. Suppose, you have launched an online shopping app, like Myntra, and users are enjoying shopping from your app.

As you know, to purchase a product online, customers have to pay for it using their debit/credit card, net banking, etc. Now imagine someone just found a defect in the source code of your app, and he is now able to order a product using the saved card details of another customer who has paid online.

Well, this would be a scary situation for you and your customers as well. Here, the hacker can do two things:

First, he can continue making use of the card details of other customers and place hundreds of fake orders from your app. If he does so, then he would be considered as a Black Hat Hacker.

Second, he can inform you about this defect of your source code and also offer you a solution for it, but this time, he informs you about those vulnerabilities and asks you for money in return. Well, in this situation, you must be dealing with a Grey Hat Hacker.

Now imagine that a few days before this incident, you had hired a person to find all such weaknesses and resolve them before an attacker does. This type of an attacker is known as a White Hat Hacker.

Now that you understand what Ethical Hacking is, let’s go ahead in this Ethical Hacking tutorial and understand various techniques and tools that are required to learn Ethical Hacking.

Learn Ethical Hacking from our popular Ethical Hacking Course and become proficient in this domain!

 

Ethical Hacking Tools and Techniques

After understanding the importance and meaning of Ethical Hacking, let’s move further and understand the techniques used by Ethical Hackers to protect a system from unauthorized intruders.

There are various types of attacks that a hacker can perform. For example, you are using a social media app, and suddenly, it stops responding to your requests. There might be two reasons for this:

First, some maintenance work might be going on in the app. Second, a hacker might be purposely sending unnecessary requests for creating data traffic to disrupt the app’s services. The latter type of attack is known as the denial of service, i.e., flooding the target machine with a huge amount of fraudulent requests to disrupt its normal operations.

 

Penetration Testing

Penetration Testing

As you can see, Ethical Hacking is a vast subject that includes everything related to cybersecurity, such as computer security, types of cybersecurity attacks, securing the network, and much more.

The very first method used by Ethical Hackers is penetration testing. It is a part of Ethical Hacking that is specifically concerned with information systems. Suppose, you launched a website that provides various services to your customers, and to avail of these services, customers have to provide their contact information.

Although you have resolved all possible issues related to security breaches on your website, hackers are as innovative as your development team members. Hence, it is possible that a hacker finds a defect in your code and sends dubious messages to your customers using their contact information.

Therefore, it is important to perform regular pen tests on your system with the same determination as hackers do. However, in your case, you are not harming the system; instead, you are trying to make your system more secure.

So, the process of exposing all the vulnerabilities of your system to check how your system would respond to malicious activities is known as penetration testing. It requires highly trained professionals as they will have to find weaknesses without hampering other functionalities of the system.

Watch this YouTube video on Ethical Hacking for beginners:

Need for Penetration Testing

Now, why do we need penetration testing? Here are a few reasons for this:

  • If you have developed a website or an application, then you would definitely want to prevent it from any kind of data breach. Penetration testing will prove to be helpful in that case.
  • Imagine that you have established all the security controls like firewalls to protect your system, but you have to test the system against all the security breaches to check whether the security controls protect your system or not.

Penetration Testing Phases

Let’s discuss various phases that we have to go through while performing penetration testing to learn to hack in an ‘ethical’ way:

Phases of Penetration Testing
  1. Reconnaissance: It is the process of observing and gathering information of all the networks and servers that belong to an organization. Basically, in this phase, you’ll try to learn everything about an organization and how it operates, which include social engineering, Internet searches, non-intrusive network scanning, etc.
  2. Scanning: After all the information of the target organization is gathered, the attacker begins to scan the network to search what servers and hosts the organization uses, whether there is any vulnerable application present in the system, etc.
  3. Gaining Access: In this phase, the attacker is aware of the vulnerabilities of the system and tries to exploit them to gain access to the system. Various techniques can be used by the attacker to gain access to a system, which includes brute-forcing.
  4. Maintaining Access: After gaining access to the system, the hacker needs to maintain that access long enough to accomplish all his objectives. In this phase, the attacker also tries to install some backdoors in the system so that he can access that system in the future as well.
  5. Clearing Tracks: Well, an Ethical Hacker will never want to leave a track of what activities took place during the attack, so for that, he has to clear all log files related to the attack.
  6. Reporting: It is the last phase of penetration testing where the ‘ethical’ hacker has to report about the vulnerabilities found, the tools used by him, etc. Basically, the attacker has to explain the whole process step by step to the owner of the system.

Ethical Hacking Tools

Let’s move further in this Ethical Hacking tutorial and see what tools are used for Ethical Hacking.

NMAP Logo

NMAP stands for network mapper. This tool is used to discover networks present in your surroundings. If you want to perform penetration testing, then this tool can be used in the first phase of Ethical Hacking, i. e., the reconnaissance phase, where you need to observe all the networks that belong to an organization.

NMAP is a free open-source network scanner that scans hosts and servers on a computer network. It sends packets and analyzes their responses.

Metasploit is an open-source framework developed by Rapid7. It is one of the most powerful exploitation tools used by both ‘malicious’ hackers and ‘ethical’ hackers. With the help of Metasploit, hackers can perform fundamental pen tests on small networks. It is a primary tool used in the gaining access phase of penetration testing.

There are three different versions of Metasploit:

  1. Framework: The command line version
  2. Community: The graphical UI version
  3. Pro: The fully featured and paid version

Burp Suite is a PortSwigger product that provides a user-friendly platform for performing penetration testing on web applications.

This tool provides information such as each HTTP request made by your browser and the URLs that you have visited in your browser. It keeps a record of all requests and responses when you browse an application via Burp.

Angry IP Scanner is an open-source and lightweight tool used for scanning IP addresses and ports connected to a system. As you know, every system has its own IP address that allows it to connect with other systems on the Internet. Angry IP Scanner gathers any information about the scanned IPs.

This tool creates a separate scanning thread for each IP address, which is scanned, and this method is known as a multi-threaded approach.

Wireshark is one of the most famous tools used for analyzing network packets. It provides detailed information about the captured data packets.

This tool can be used to troubleshoot network problems, examine security problems, verify network applications, debug protocol implementations, and learn network protocol internals.

These are some basic tools used by Ethical Hackers to gain access to a system.

 

Boost Your Career in Ethical Hacking

So far, in this Ethical Hacking tutorial, we discussed all the Ethical Hacking basics, along with various tools and techniques that you can use to become a successful Ethical Hacker. We also discussed the step-by-step procedure and some basic tools that can be used to perform Ethical Hacking effectively. You can also explore a few more Cyber Security Tutorials to become more proficient in this field.

Reach out to us at our Cyber Security Community and resolve all your queries.

The post Ethical Hacking Tutorial appeared first on Intellipaat Blog.

Source link