Ethical Hacking 1

INTRODUCTION

The explosive growth of the Internet has brought many good things: electronic
commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and
new avenues for advertising and information distribution, to name a few. As with most
technological advances, there is also a dark side: criminal hackers. Governments, companies,
and private citizens around the world are anxious to be a part of this revolution, but they are
afraid that some hacker will break into their Web server and replace their logo with pornography,
read their e-mail, steal their credit card number from an on-line shopping site, or implant
software that will secretly transmit their organization's secrets to the open Internet. With these
concerns and others, the ethical hacker can help.
Ethical hacking ,also known as penetration testing or white-hat hacking, involves the
same tools, tricks, and techniques that hackers use, but with one major difference that Ethical
hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical
hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured.
It’s part of an overall information risk management program that allows for ongoing security
improvements. Ethical hacking can also ensure that vendors’ claims about the security of their
products are legitimate.

1.1 Security
Security is the condition of being protected against danger or loss. In the general sense,
security is a concept similar to safety. In the case of networks the security is also called the
information security. Information security means protecting information and information systems
from unauthorized access, use, disclosure, disruption, modification, or destruction. Usually the
security is described in terms of CIA triads. The CIA are the basic principles of security in which
“C” denotes the Confidentiality , “I” represents Integrity and the letter “A” represents the
Availability.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 2

● Confidentiality
Confidentiality is the property of preventing disclosure of information to unauthorized
individuals or systems. This implies that the particular data should be seen only by the authorized
personals. Those persons who is a passive person should not see those data. For example in the
case of a credit card transaction, the authorized person should see the credit card numbers and he
should see that data. Nobody others should see that number because they may use it for some
other activities. Thus the confidentiality is very important. Confidentiality is necessary for
maintaining the privacy of the people whose personal information a system holds.

● Integrity
Integrity means that data cannot be modified without authorization. This means that the
data seen by the authorized persons should be correct or the data should maintain the property of
integrity. With out that integrity the data is of no use. Integrity is violated when a computer virus
infects a computer, when an employee is able to modify his own salary in a payroll database,
when an unauthorized user vandalizes a web site, when someone is able to cast a very large
number of votes in an online poll, and so on. In such cases the data is modified and then we can
say that there is a breach in the security.

● Availability
For any information system to serve its purpose, the information must be available when
it is needed. Consider the case in which the data should have integrity and confidentiality. For
achieving both these goals easily we can make those data off line. But then the data is not
available for the user or it is not available. Hence the data is of no use even if it have all the other
characteristics. This means that the computing systems used to store and process the information,
the security controls used to protect it, and the communication channels used to access it must be
functioning correctly. All these factors are considered to be important since data lacking any of
the above characteristics is useless. Therefore security is described as the CIA trio. Lacking any
one of the CIA means there is a security breach.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 3

1.2 Need for Security

Computer security is required because most organizations can be damaged by hostile
software or intruders. Moreover security is directly related to business. This is because if a
company losses a series of credit card numbers of it`s customers then many customers would be
hesitant to go back to the same company and that particular company will lose many customer
and hence the business. There may be several forms of damage which are obviously interrelated
which are produced by the intruders. These include:
● lose of confidential data
● damage or destruction of data
● damage or destruction of computer system
● loss of reputation of a company
There may be many more in the list due to security breaches. This means that security is
absolutely necessary.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 4

1.3 Hackers

A hacker is a person who is interested in a particular subject and have an immense

knowledge on that subject. In the world of computers a hacker is a person intensely interested in
the arcane and recondite workings of any computer operating system. Most often, hackers are
programmers with advance knowledge of operating systems and programming languages. Eric
Raymond, compiler of “The New Hacker's Dictionary”, defines a hacker as a clever programmer.
A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing
it. Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase
here:
● A person who enjoys learning details of a programming language or system
● A person who enjoys actually doing the programming rather than just theorizing about it
● A person capable of appreciating someone else's hacking
● A person who picks up programming quickly
● A person who is an expert at a particular programming language or system

As computers became increasingly available at universities, user communities began to extend

beyond researchers in engineering or computer science to other individuals who viewed the
computer as a curiously flexible tool. Whether they programmed the computers to play games,
draw pictures, or to help them with the more mundane aspects of their daily work, once
computers were available for use, there was never a lack of individuals wanting to use them.
Because of this increasing popularity of computers and their continued high cost, access to them
was usually restricted. When refused access to the computers, some users would challenge the
access controls that had been put in place. They would steal passwords or account numbers by
looking over someone's shoulder, explore the system for bugs that might get them past the rules,
or even take control of the whole system. They would do these things in order to be able to run
the programs of their choice, or just to change the limitations under which their programs were
running. Initially these computer intrusions were fairly benign, with the most damage being the
theft of computer time.Other times, these recreations would take the form of practical jokes.
However, these intrusions did not stay benign for long. Occasionally the less talented, or less
careful, intruders would accidentally bring down a system or damage its files, and the system

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 5

administrators would have to restart it or make repairs. Other times, when these intruders were
again denied access once their activities were discovered, they would react with purposefully
destructive actions. When the number of these destructive computer intrusions became
noticeable, due to the visibility of the system or the extent of the damage inflicted, it became
“news” and the news media picked up on the story. Instead of using the more accurate term of
“computer criminal,” the media began using the term “hacker” to describe individuals who break
into computers for fun, revenge, or profit. Since calling someone a “hacker” was originally
meant as a compliment, computer security professionals prefer to use the term “cracker” or

“intruder” for those hackers who turn to the dark side of hacking.

Types of Hackers:

Hackers can be broadly classified on the basis of why they are hacking system or why the
are indulging hacking. There are mainly three types of hacker on this basis

● Black-Hat Hacker
A black hat hackers or crackers are individuals with extraordinary computing skills,
resorting to malicious or destructive activities. That is black hat hackers use their knowledge and
skill for their own personal gains probably by hurting others.

● White-Hat Hacker
White hat hackers are those individuals professing hackerskills and using them for
defensive purposes. This means that the white hat hackers use their knowledge and skill for the
good of others and for the common good.

● Grey-Hat Hackers
These are individuals who work both offensively and defensively at various times. We
cannot predict their behaviour. Sometimes they use their skills for the common good while in
some other times he uses them for their personal gains.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 6

1.5 Can Hacking Be Done Ethically?

Due to some reasons hacking is always meant in the bad sense and hacking means black hat
hacking. But the question is can hacking be done ethically? The answer is yes because to catch a
thief, think like a thief. That’s the basis for ethical hacking. Suppose a person or hacker try to
hack in to a system and if he finds a vulnerability. Also suppose that he reports to the company
that there is a vulnerability. Then the company could make patches for that vulnerability and
hence they could protect themselves from some future attacks from some black hat hacker who
tries to use the same vulnerability. So unless some body try to find a vulnerability, it remains
hidden and on someday somebody might find these vulnerability and exploit them for their own
personal interests. So this can be done using ethical hacking.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 7

2. ETHICAL HACKING

Ethical hacking – defined as “a methodology adopted by ethical hackers to discover the

vulnerabilities existing in information systems’ operating environments.”
Ethical hacking is also known as penetration testing, intrusion testing or redteaming.
With the growth of the Internet, computer security has become a major concern for businesses
and governments. They want to be able to take advantage of the Internet for electronic
commerce, advertising, information distribution and access, and other pursuits, but they are
worried about the possibility of being “hacked.” At the same time, the potential customers of
these services are worried about maintaining control of personal information that varies from
credit card numbers to social security numbers and home addresses. In their search for a way to
approach the problem, organizations came to realize that one of the best ways to evaluate the
intruder threat to their interests would be to have independent computer security professionals
attempt to break into their computer systems. This scheme is called Ethical Hacking. This similar
to having independent auditors come into an organization to verify its bookkeeping records. This
method of evaluating the security of a system has been in use from the early days of computers.
In one early ethical hack, the United States Air Force conducted a “security evaluation” of the
Multics operating systems for “potential use as a two-level (secret/top secret) system”. With that
they found out that the particular software is better than the conventional systems. But it also
brought out some of its vulnerabilities.
Successful ethical hackers possess a variety of skills. First and foremost, they must be
completely trustworthy. While testing the security of a client's systems, the ethical hacker may
discover information about the client that should remain secret. In many cases, this information,
if publicized, could lead to real intruders breaking into the systems, possibly leading to financial
losses. During an evaluation, the ethical hacker often holds the “keys to the company,” and
therefore must be trusted to exercise tight control over any information about a target that could
be misused. The sensitivity of the information gathered during an evaluation requires that strong
measures be taken to ensure the security of the systems being employed by the ethical hackers
themselves: limited-access labs with physical security protection and full ceiling-to-floor walls,

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 8

multiple secure Internet connections, a safe to hold paper documentation from clients, strong
cryptography to protect electronic results, and isolated networks for testing. Ethical hackers also
should possess very strong programming and computer networking skills and have been in the
computer and networking business for several years. Another quality needed for ethical hacker is
to have more drive and patience than most people since a typical evaluation may require several
days of tedious work that is difficult to automate. Some portions of the evaluations must be done
outside of normal working hours to avoid interfering with production at “live” targets or to
simulate the timing of a real attack. When they encounter a system with which they are
unfamiliar, ethical hackers will spend the time to learn about the system and try to find its
weaknesses. Finally, keeping up with the ever-changing world of computer and network security
requires continuous education and review.

2.1 What do an Ethical Hacker do?

An ethical hacker is a person doing ethical hacking that is he is a security personal who
tries to penetrate in to a network to find if there is some vulnerability in the system. An ethical
hacker will always have the permission to enter into the target network. An ethical hacker will
first think with a mindset of a hacker who tries to get in to the system. He will first find out what
an intruder can see or what others can see. Finding these an ethical hacker will try to get into the
system with that information in whatever method he can. If he succeeds in penetrating into the
system then he will report to the company with a detailed report about the particular vulnerability
exploiting which he got in to the system. He may also sometimes make patches for that particular
vulnerability or he may suggest some methods to prevent the vulnerability.

2.2 Required Skills of an Ethical Hacker:

 Microsoft: skills in operation, configuration and management.
 Linux: knowledge of Linux/Unix; security setting, configuration, and services.
 Firewalls: configurations, and operation of intrusion detection systems.
 Routers: knowledge of routers, routing protocols, and access control lists
 Mainframes
 Network Protocols: TCP/IP; how they function and can be manipulated.
 Project Management: leading, planning, organizing, and controlling a penetration
testing team.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 9

2.3 HISTORY / HACKING TRENDS:

In one early ethical hack, the United States Air Force conducted a “security evaluation”
of the Multics operating systems for “potential use as a two-level (secret/top secret) system.”
With the growth of computer networking, and of the Internet in particular, computer and network
vulnerability studies began to appear outside of the military establishment. Most notable of these
was the work by Farmer and Venema, which was originally posted to Usenet in December of
1993.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 10

2.4 ETHICAL HACKING COMMANDMENTS:

 Working ethically:
The word ethical in this context can be defined as working with high profes-sional morals
and principles. Everything you do as an ethical hacker must be aboveboard and must support the
company’s goals. No hidden agendas are allowed! Trustworthiness is the ultimate tenet. The
misuse of information is absolutely forbidden.
 Respecting privacy:
Treat the information gathered with the utmost respect. All information you obtain during
your testing — from Web-application log files to clear-text passwords — must be kept private. If
you sense that someone should know there’s a problem, consider sharing that information with
the appropriate manager.
 Not crashing your systems:
One of the biggest mistakes hackers try to hack their own systems is inadvertently
crashing their systems. The main reason for this is poor planning. These testers have not read the
documentation or misunderstand the usage and power of the security tools and techniques.
Analogy with Building Robbing
The methodology of a hacker is similar to the one used for usual thefts. Lets consider the
case of a bank robbery. The first step will be to find information about the total transaction of the
bank, the total amount of money that may be kept in the bank, who is the manager, if the security
personals have a gun with them etc. This is similar to the reconnaissance phase of hacking. The
next step will be to find the ways through which we can enter the building, how many doors are
present in the building, if there is a lock at each door etc. This is similar to the second stage the
scanning in which we will check which all hosts are present, which all services are running etc.
The third step will be to enter the building which is similar to gaining access. For entering in to a
building we need some keys. Like that in case of network we need some ids and passwords.
Once we entered the building our next aim will be to make an easier way inside when I come
next time which is analogous to the next step maintaining access. In the hacking case we use
Trojans,back door worms etc like placing a hidden door inside the building. Then the final step
in which we will try to hide the fact that I entered the building which is analogous to the clearing
of tracks in the case of hacking

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 11

2.5 Methodology of Hacking:

As described above there are mainly five steps in hacking like reconnaissance, scanning,
gaining access, maintaining access and clearing tracks. But it is not the end of the process. The
actual hacking will be a circular one. Once the hacker completed the five steps then the hacker
will start reconnaissance in that stage and the preceding stages to get in to the next level.The
various stages in the hacking methodology are
● Reconnaissance
● Scanning & Enumeration
● Gaining access
● Maintaining access
● Clearing tracks

2.5 .1 Reconnaissance:
The literal meaning of the word reconnaissance means a preliminary survey to gain
information. This is also known as foot-printing. This is the first stage in the methodology of
hacking. As given in the analogy, this is the stage in which the hacker collects information about
the company which the personal is going to hack. This is one of the pre-attacking phases.
Reconnaissance refers to the preparatory phase where an attacker learns about all of the possible
attack vectors that can be used in their plan.
In this pre-attack phase we will gather as much as information as possible which are publicly
available. The information includes the domain names, locations contact informations etc. The
basic objective of this phase is to make a methodological mapping of the targets security schema
which results in a unique organization profile with respect to network and system involved. As
we are dealing with the Internet we can find many information here which we may not intend to
put it publicly. We have many tools for such purposes. These include tools like samspade, email
tracker, visual route etc. The interesting thing to note is that we can even use the simple googling
as a footprinting tool.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 12

2.5 .2 Scanning & Enumeration:

Scanning is the second phase in the hacking methodology in which the hacker tries to
make a blue print of the target network. It is similar to a thief going through your neighborhood
and checking every door and window on each house to see which ones are open and which ones
are locked. The blue print includes the ip addresses of the target network which are live, the
services which are running on those system and so on. Usually the services run on predetermined
ports.There are different tools used for scanning war dialing and pingers were used earlier but
now a days both could be detected easily and hence are not in much use. Modern port scanning
uses TCP protocol to do scanning and they could even detect the operating systems running on
the particular hosts.

Enumeration:
Enumeration is the ability of a hacker to convince some servers to give them information
that is vital to them to make an attack. By doing this the hacker aims to find what resources and
shares can be found in the system, what valid user account and user groups are there in the
network, what applications will be there etc. Hackers may use this also to find other hosts in the
entire network.

2.5 .3 Gaining access:

This is the actual hacking phase in which the hacker gains access to the system. The
hacker will make use of all the information he collected in the pre-attacking phases. Usually the
main hindrance to gaining access to a system is the passwords. System hacking can be
considered as many steps. First the hacker will try to get in to the system. Once he get in to the
system the next thing he want will be to increase his privileges so that he can have more control
over the system. As a normal user the hacker may not be able to see the confidential details or
cannot upload or run the different hack tools for his own personal interest. Another way to crack
in to a system is by the attacks like man in the middle attack.
Password Cracking:
There are many methods for cracking the password and then get in to the system. The
simplest method is to guess the password. But this is a tedious work. But in order to make this

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 13

work easier there are many automated tools for password guessing like legion. Legion actually
has an inbuilt dictionary in it and the software will automatically. That is the software it self
generates the password using the dictionary and will check the responses.
Techniques used in password cracking are:
1. Dictionary cracking
In this type of cracking there will be a list of various words like the persons children`s
name, birthday etc. The automated software will then make use of these words to make different
combinations of these words and they will automatically try it to the system.
2. Brute force cracking
This is another type of password cracking which does not have a list of pre compiled
words. In this method the software will automatically choose all the combinations of different
letters, special characters, symbols etc and try them automatically. This process is of course very
tedious and time consuming.
3. Hybrid cracking
This is a combination of both dictionary and hybrid cracking technique. This means that
it will first check the combination of words in it inbuilt dictionary and if all of them fails it will
try brute force.
● Social Engineering
The best and the most common method used to crack the password is social engineering.
In this technique the hacker will come in direct contact with the user through a phone call or
some way and directly ask for the password by doing some fraud.
 Privilege escalation
Privilege escalation is the process of raising the privileges once the hacker gets in to the
system. That is the hacker may get in as an ordinary user. And now he tries to increase his
privileges to that of an administrator who can do many things. There are many types of tools
available for this. There are some tools like getadmin attaches the user to some kernel routine so
that the services run by the user look like a system routine rather than user initiated program. The
privilege escalation process usually uses the vulnerabilities present in the host operating system
or the software. There are many tools like hk.exe, metasploit etc. One such community of
hackers is the metasploit.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 14

2.5 .4 Maintaining Access:

Now the hacker is inside the system by some means by password guessing or exploiting
some of it’s vulnerabilities. This means that he is now in a position to upload some files and
download some of them. The next aim will be to make an easier path to get in when he comes
the next time. This is analogous to making a small hidden door in the building so that he can
directly enter in to the building through the door easily. In the network scenario the hacker will
do it by uploading some softwares like Trojan horses, sniffers , key stroke loggers etc.
Key stroke loggers are actually tools which record every movement of the keys in the
keyboard. There are software and hardware keystroke loggers the directly records the movement
of keys directly. For maintaining access and privilege escalation the hacker who is now inside
the target network will upload the keystroke logging softwares in to the system. The software
keystroke loggers will stay as a middle man between the keyboard driver and the CPU. That is
all the keystroke details will directly come to the software so that the tool keeps a copy of them
in a log and forwarding them to the CPU.
 Trojan Horses & Backdoors
A Trojan horse is a destructive program that masquerades as a benign application. Unlike
viruses , Trojan horses do not replicate themselves but they can be just as destructive. One of the
most insidious types of Trojan horse is a program that claims to rid your computer of viruses but
instead introduces viruses on to your computer. The term comes from a Greek story of the Trojan
war in which the Greeks fie a giant wooden horse to their foes, the Trojans, ostensibly as a peace
offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of
the horse`s hollow belly and open the city gates, allowing their compatriots to pour in and
capture Troy. Generally a Trojan is a malware that runs programs that you are either unaware of
or don`t want to have tunning on your system. The hackers will place these Trojan softwares
inside the network and will go out. Then after sometimes when he come back the Trojan
software either authenticate the hacker as a valid user or opens some other ports for the hacker to
get in. There are many genere of Trojans like
● password sending/capturing
● FTP Trojans
● Keystroke captures Trojans

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 15

● Remote access Trojans

● Destructive Trojans
● Denial of Service Trojans
● Proxy Trojans
The Trojans can be introduced through chat clients, email attachments,physical access to
systems,file sharing,wrappers and through other P2P softwares. There are many examples for
trojans like Tini, netcat, subseven, barkorffice etc. Tini is a very tiny Trojan which just listens to
the port 7777. so after introducing the tini the hacker can send his commands to that port
number. Netcat is another Trogen which have the ability to connect to any local port and could
start out bound or inbound TCP or UDP connections to or from any ports. It can even return the
command shell to the hacker through which the hacker can access the system. Subseven and
barkorffice are other Trojans which have a client server architecture which means that the server
part will reside in the target and the hacker can directly access the server with the knowledge of
the user.
 Wrappers
In the maintaining access phase in the hacking we usually upload some software in to the
system so that for some needs. In order to keep the softwares and other data to be hidden from
the administrator and other usual user the hackers usually use wrapper software to wrap their
contents to some pictures, greeting cards etc so that they seem usual data to the administrators.
What the wrapper softwares actually does is they will place the malicious data in to the white
spaces in the harmless data. There are some tools like blindslide which will insert and extract the
data into just jpeg or bmp pictures. Actually what they does is that they will insert the data into
the white spaces that may be present in the files. The most attractive thing is that most of the
time they will not alter the size of the file.
 Elitewrap
This is a very notorious wrapper software. Elitewrap is a command line tool which wraps one
or more Trojans in to a normal file. After the processing the product will look like one program
while it will contain many softwares. The speciality of this is that we can even make the
Trojans,packed in to it, to get executed when the user open that file. For example consider the
case in which the netcat Trojan is packed to a flash greeting card. Now when the user opens the

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 16

card, in the background, the netcat will start working and will start listening to some ports which
will be exploited by the hackers.

2.5 .5 Clearing Tracks :

Now we come to the final step in the hacking. There is a saying that “everybody knows a
good hacker but nobody knows a great hacker”. This means that a good hacker can always clear
tracks or any record that they may be present in the network to prove that he was here. Whenever
a hacker downloads some file or installs some software, its log will be stored in the server logs.
So in order to erase those the hacker uses man tools.

 Auditpol
One such tool is windows resource kit’s auditpol.exe. This is a command line tool with
which the intruder can easily disable auditing. Another tool which eliminates any physical
evidence is the evidence eliminator. Sometimes apart from the server logs some other in
formations may be stored temporarily. The Evidence Eliminator deletes all such evidences.

 Winzapper
This is another tool which is used for clearing the tracks. This tool will make a copy of
the log and allows the hackers to edit it. Using this tool the hacker just need to select those logs
to be deleted. Then after the server is rebooted the logs will be deleted.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 17

3. Reporting

Assess your results to see what you uncovered, assuming that the vulnerabilities haven’t
been made obvious before now. This is where knowledge counts. Evaluating the results and
correlating the specific vulnerabilities discovered is a skill that gets better with experience.
You’ll end up knowing your systems as well as anyone else. This makes the evaluation process
much simpler moving forward. Submit a formal report to upper management or to your
customer, outlining your results

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 18

4. Advantages and disadvantages

Ethical hacking nowadays is the backbone of network security. Each day its relevance is
increasing,the major pros & cons of ethical hacking are given below:
Advantages
 To catch a thief you have to think like a thief”
 Helps in closing the open holes in the system network
 Provides security to banking and financial establishments
 Prevents website defacements
 An evolving technique Disadvantages
 All depends upon the trustworthiness of the ethical hacker
 Hiring professionals is expensive.

Future enhancements:

 As it an evolving branch the scope of enhancement in technology is immense. No ethical

hacker can ensure the system security by using the same technique repeatedly. He would
have to improve, develop and explore new avenues repeatedly.

 More enhanced softwares should be used for optimum protection. Tools used, need to be
updated regularly and more efficient ones need to be developed

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 19

5. Ethical hacking tools and Methods

Ethical hackers utilize and have developed variety of tools to intrude into different kinds of
systems and to evaluate the security levels.The nature of these tools differ widely. Here we
describe some of the widely used tools in ethical hacking.

5.1 Samspade
Samspade is a simple tool which provides us information about a particular host. This
tool is very much helpful in finding the addresses, phone numbers etc. The fig 2.1 represents the
GUI of the samspade tool. In the text field in the top left corner of the window we just need to
put the address of the particular host. Then we can find out various information available. The
information given may be phone numbers, contact names, IP addresses , email ids, address range
etc. We may think that what is the benefit of getting the phone numbers, email ids, addresses etc.
But one of the best way to get information about a company is to just pick up the phone and ask
the details. Thus we can much information in just one click.

Fig 2.1 Samspade GUI

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 20

5.2 Email Tracker

We often used to receive many spam messages in our mail box. We don`t know where it
comes from. Email tracker is a software which helps us to find from which server does the mail
actually came from. Evey message we receive will have a header associated with it. The email
tracker use this header information for find the location.
The fig 2.2 shows the GUI of the email tracker software. One of the options in the email
tracker is to import the mail header. In this software we just need to import the mails header to it.
Then the software finds from which area does that mail come from. That is we will get
information like from which region does the message come from like Asia pacific, Europe etc.
To be more specific we can use another tool visual route to pinpoint the actual location of the
server. The option of connecting to visual route is available in the email tracker. Visual route is a
tool which displays the location a particular server with the help of IP addresses. When we
connect this with the email tracker we can find the server which actually send the mail. We can
use this for finding the location of servers of targets also visually in a map.

Fig 2.2 Email tracker GUI

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 21

5.3 Visual Route

The visual route GUI have a world map drawn to it. The software will locate the position
of the server in that world map. It will also depict the path though which the message came to
our system. This software will actually provide us with information about the routers through
which the message or the path traced by the mail from the source to the destination. We may
wonder what is the use of finding the place from which the message came. Suppose you got the
email id of an employee of our target company and we mailed to him telling that u are his
greatest friend. Some times he may reply you saying that he don`t know you. Then you use the
email tracker and the visual route to find that he is not working from the office. Then you can
understand that there are home users in the company. We should understand the fact that the
home users are not protected like the employees working from office. This can be helpful for the
hacker to get in to the system.

Fig 2.3 Visual route GUI

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 22

5.4 War Dialing

The war dialers is a hacking tool which is now illegal and easier to find out. War dialing
is the practice of dialing all the phone numbers in a range in order to find those that will answer
with a modem. Earlier the companies used to use dial in modems to which their employees can
dial in to the network. Just a phone number is enough in such cases. War dialing software makes
use of this vulnerability. A war dialer is a computer program used to identify the phone numbers
that can successfully make a connection with a computer modem. The program automatically
dials a defined range of phone numbers and logs and enters in a database those numbers that
successfully connect to the modem. Some programs can also identify the particular operating
system running in the computer and may also conduct automated penetration testing. In such
cases, the war dialer runs through a predetermined list of common user names and passwords in
an attempt to gain access to the system.

5.5 Pingers
Pingers and yet another category of scanning tools which makes use of the Internet
Control Message Protocol(ICMP) packets for scanning. The ICMP is actually used to know if a
particular system is alive or not. Pingers using this principle send ICMP packets to all host in a
given range if the acknowledgment comes back we can make out that the system is live. Pingers
are automated software which sends the ICMP packets to different machines and checking their
responses. But most of the firewalls today blocks ICMP and hence they also cannot be used.

5.6 Port Scanning

A port scan is a method used by hackers to determine what ports are open or in use on a
system or network. By using various tools a hacker can send data to TCP or UDP ports one at a
time. Based on the response received the port scan utility can determine if that port is in use.
Using this information the hacker can then focus their attack on the ports that are open and try to
exploit any weaknesses to gain access. Port scanning software, in its most basic state, simply
sends out a request to connect to the target computer on each port sequentially and makes a note
of which ports responded or seem open to more in-depth probing. Network security applications
can be configured to alert administrators if they detect connection requests across a broad range
of ports from a single host. To get around this the intruder can do the port scan in strobe or

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 23

stealth mode. Strobing limits the ports to a smaller target set rather than blanket scanning all
65536 ports. Stealth scanning uses techniques such as slowing the scan. By scanning the ports
over a much longer period of time you reduce the chance that the target will trigger an alert.

5.7 Super Scan

SuperScan is a powerful TCP port scanner, that includes a variety of additional
networking tools like ping, traceroute, HTTP HEAD, WHOIS and more. It uses multithreaded
and asynchronous techniques resulting in extremely fast and versatile scanning. You can perform
ping scans and port scans using any IP range or specify a text file to extract addresses from.
Other features include TCP SYN scanning, UDP scanning, HTML reports, built-in port
description database, Windows host enumeration, banner grabbing and more.

Fig 2.4 Superscan GUI

The fig 2.4 show the GUI of the superscan. In this either we can search a particular host or over a
range of IP addresses. As an output the software will report the host addresses which are running.
There is another option port list setup which will display the set of services which are running on
different hosts.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 24

5.8. Nmap
Nmap ("Network Mapper") is a free and open source utility for network exploration or
security auditing. Many systems and network administrators also find it useful for tasks such as
network inventory, managing service upgrade schedules, and monitoring host or service uptime.
The fig 2.5 shows the GUI of the Nmap.

Fig 2.5 Nmap GUI

Nmap uses raw IP packets in novel ways to determine what hosts are availableon the network,
what services those hosts are offering, what operating systems they are running, what type of
packet filters or firewalls are in use, and dozens of other characteristics. It can even find the
different versions. It was designed to rapidly scan large networks, but works fine against single
hosts. We also have the option of different types of scan like syn scan, stealth scan, syn stealth
scan etc and using this we can even time the scanning of different ports. Using this software we
just need to specify the different host address ranges and the type of scan to be conducted. As an

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 25

output we get the hosts which are live, the services which are running etc. It can even detect the
version of the operating system making use of the fact that different operating systems react
differently to the same packets as they use their own protocol stacks.

5.9 Loftcrack
This is a software from @stake which is basically a password audit tool. This software
uses the various password cracking methodologies. Loftcrack helps the administrators to find if
their users are using an easy password or not. This is very high profile software which uses
dictionary cracking then brute force cracking. Some times it uses the precompiled hashes called
rainbow tables for cracking the passwords.

Fig 2.6 Loftcrack GUI

The fig 2.6 given above shows the GUI of loftcrack. Usually in windows the passwords are
stored in the sam file in the config directory of system 32. This file operating system protected
that is we cannot access this file if the operating system is running. But with this loftcrack we
just need to run a wizard to get the details of the passwords stored in the sam file. As seen from
the figure the software used the dictionary of 29156 words in this case. It also got options to use
the brute force and pre-compiled hashes.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 26

5.10 Metasploit
Metasploit is actually a community which provides an online list of vulnerabilities. The
hacker can directly download the vulnerabilities and directly use in the target system for
privilege escalation and other exploits. Metasploit is a command line tool and is very dangerous
as the whole community of black hat hackers are contributing their own findings of different
vulnerabilities of different products.

5.11 Man in the Middle Attack

In this type of system hacking we are not actually cracking the password instead we let
all the traffic between a host and a client to go through the hacker system so that he can directly
find out the passwords and other details. In the man in the middle attack what a hacker does is he
will tell to the user that he is the server and then tell the server that I am the client. Now the
client will send packets to the hacker thinking that he is the server and then the hacker instead of
replying forwards a copy of the actual request to the actual server. The server will then reply to
the hacker which will forward a copy of the reply to the actual client. Now the client will think
that he got the reply from the server and the server will think that it replied to the actual client.
But actually the hacker,the man in the middle, also have a copy of the whole traffic from which
he can directly get the needed data or the password using which he can actually hack in.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 27

CONCLUSION

One of the main aim of the seminar is to make others understand that there are so many
tools through which a hacker can get in to a system. There are many reasons for everybody
should understand about this basics. Lets check its various needs from various perspectives.
● Student
A student should understand that no software is made with zero vulnerabilities. So while
they are studying they should study the various possibilities and should study how to prevent that
because they are the professionals of tomorrow.
● Professionals
Professionals should understand that business is directly related to security. So they
should make new software with vulnerabilities as less as possible. If they are not aware of these
then they wont be cautious enough in security matters.
● Users
The software is meant for the use of its users. Even if the software menders make the
software with high security options with out the help of users it can never be successful. Its like a
highly secured building with all doors open carelessly by the insiders. So users must also be
aware of such possibilities of hacking so that they could be more cautious in their activities. In
the preceding sections we saw the methodology of hacking, why should we aware of hacking and
some tools which a hacker may use. Now we can see what can we do against hacking or to
protect ourselves from hacking.

● The first thing we should do is to keep ourselves updated about those softwares we and using
for official and reliable sources.
● Educate the employees and the users against black hat hacking.
● Use every possible security measures like Honey pots, Intrusion Detection Systems, Firewalls
etc.
● Every time make our password strong by making it harder and longer to be cracked.
● The final and foremost thing should be to try ETHICAL HACKING at regular intervals.

Department of Computer Science Nirmala College, Muvattupuzha

Ethical Hacking 28

REFERENCES

1. http://netsecurity.about.com
2. http://researchweb.watson.ibm.com
3. http://www.eccouncil.org
4. http://www.ethicalhacker.net
5. http://www.infosecinstitute.com
6. http://searchsecurity.techtarget.com
7. http://www.blackhat.com
8. http://www.astalavista.com
9. http://www.cert.org
10. http://www.neohapsis.com
11. http://packetstormsecurity.org
12. http://www.securityfocus.com
13. http://www.securitydocs.com
14. http://www.foundstone.com

Department of Computer Science Nirmala College, Muvattupuzha