Você está na página 1de 11

ISOFTDL ONLINE HACKING CLASS

ISOFTDL HACKING CLASS 1 INTRODUCTION TO ETHICAL HACKING AUTHOR: LOKESH SINGH www.isoftdl.com

LOKESH SINGH (http://www.isoftdl.com)

Page 1

ISOFTDL ONLINE HACKING CLASS

What Is Hacking??
Everyone here thinks that hacking is just stealing of data and information illegally but this perception is absolutely wrong. The below is definition from Wikipedia.... Its clearly showing hacking as a negative thing...

"Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)"

Hacking is not always unauthorized... Hacking also includes exploring the Things that are being hidden from the general usage... So exploring things i.e. being hidden from general User is also hacking...

Hacking Definition by Me... Hacking is art of exploring the hidden things that are being hidden from general usage and finding loop holes in the security and use them to benefit the others"

LOKESH SINGH (http://www.isoftdl.com)

Page 2

ISOFTDL ONLINE HACKING CLASS

WHO ARE HACKERS??


Everybody here thinks that hackers are criminals of the virtual world (i.e. digital World). But this thought is also wrong. Hackers are not always criminals. It doesn't have any doubt that Hackers are extremely genius peoples in the field of Computers.

I want to categorize hackers in three Categories: 1. Crackers or Black Hat hackers or cheaters or simply criminals: They are called criminals because they are having the mindset of causing harm to security and they steals very useful data and use it in wrong ways. Phreakers also come in this category who steals account info and steal your credit card nos. and money over the Net.

2. Ethical hackers: Ethical Hacking Means you think like Hackers i.e. first you Hack the Systems and find out the loop holes and then try to correct those Loop Holes. These types of hackers protect the cyberworld from every possible threat and fix the future coming security loop holes. These peoples are also called as "GURU's" of Computer Security.

3. Simply Prankers: The hackers who just do hacking for fun...play pranks to their friends.

LOKESH SINGH (http://www.isoftdl.com)

Page 3

ISOFTDL ONLINE HACKING CLASS

Fig: Different Categories of Hackers

LOKESH SINGH (http://www.isoftdl.com)

Page 4

ISOFTDL ONLINE HACKING CLASS

INTRODUCTION TO SIMPLE TERMS RELATED TO HACKING!


Threat An action or event that might compromise security. A threat is a potential violation of security. Vulnerability Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system. Exploit A defined way to breach the security of a system through vulnerability i.e. Use the vulnerability to damage the database or system. Attack An assault on system security that derives from an intelligent threat. An attack is any action that violates security. Target of Evaluation An IT system, product, or component that is identified or subjected as requiring security evaluation. Security A state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable.

LOKESH SINGH (http://www.isoftdl.com)

Page 5

ISOFTDL ONLINE HACKING CLASS

What you will learn in Isoftdl Ethical Hacking class?


Hacking is has similar to coin which has two sides head and Tail that means Network Security (White-Hat or Ethical Hackers) and Cracking or Phreaking (Bad Guys or Black-Hat Hackers). I will teach you both sides because you will be expert only if you know both sides of Hacking. To stop something you must know everything... Note the above line. If you limit your thinking and approach then you cannot become a security specialist as you don't know what is going in attacker's mind. So to become a security specialist, you have to think like attackers, also attackers are more than thousands in count but security experts are very less. So you need to be smart enough to cope with them and prevent your system and network.

LOKESH SINGH (http://www.isoftdl.com)

Page 6

ISOFTDL ONLINE HACKING CLASS

Below snapshot will tell you what I will teach to you in future hacking classes:

Fig: What I will teach you in Hacking Class

What is Hacktivism?
Hacktivism basically means hacking for a cause. When Hackers has to publicize some agenda or send some message to users, they use this technique to get visibility. The hacktivism consists or several attacks like Website Defacement. They hack website and display a message or agenda on it.

LOKESH SINGH (http://www.isoftdl.com)

Page 7

ISOFTDL ONLINE HACKING CLASS

Steps of Conducting Hacking Attacks:


Any hacking attack consists of 5 basic steps. Note: attempt should be systematic if you wish to achieve success otherwise its of no use as you will be detected and victim will come to know that his system has been hacked and if he reported it to authorized people then you can be tracked down and consequences will be really bad. Stepwise description How an hacking attempt is made: Step1: Reconnaissance Refers to a preparatory phase where an attacker seeks to gather as much information as possible about the target of evaluation prior to launching an attack. Passive reconnaissance involves monitoring network data for patterns and clues. Active reconnaissance involves probing the network for Accessible hosts Open ports Location of routers Operating system details (if possible services) Foot-printing is a blueprinting of the security profile of an organization, undertaken in a methodological manner. Scanning refers to a pre-attack phase when the hacker scans the network with specific information gathered during foot-printing. Enumeration involves active connections to systems and directed queries.

LOKESH SINGH (http://www.isoftdl.com)

Page 8

ISOFTDL ONLINE HACKING CLASS Step2: Scanning Targets This stage of a hack can be considered to be a logical extension of active reconnaissance. Get a single point of entry to launch an attack and could be point of exploit when vulnerability of the system is detected. Objectives of port scanning: Open ports Host operating system Software or service versions Vulnerable software versions

Step3: Gaining Access Gaining access refers to the true attack phase. The exploit can occur over a LAN, locally, Internet, offline, as deception or theft. System Hacking Sniffers Social Engineering Denial of Service Session Hijacking Buffer Overflows Root kits Hacking Web servers Web application vulnerabilities Web based password cracking SQL injection Hacking Wireless networks Virus and Worms Evading IDS, firewalls, Honey pots Cryptography

LOKESH SINGH (http://www.isoftdl.com)

Page 9

ISOFTDL ONLINE HACKING CLASS Step 4: Maintaining access Maintaining access refers to the phase when the attacker tries to retain his ownership of the system. Install tools such as Root kits. Trojans and its backdoors. Backdoors.

Step 5: Covering Tracks or Clearing Traces Covering tracks refers to remove the evidence of his presence and activities. Different Techniques include: Tunneling. Altering/Clearing log files. Disabling auditing That's the overall procedure how a successful hacking attempt is made. I will discuss all these steps in details in future classes.

LOKESH SINGH (http://www.isoftdl.com)

Page 10

ISOFTDL ONLINE HACKING CLASS

Different Types of Hacker Attacks


There are several techniques or methods through which a hacker can gain access to system. The attackers try to exploit the vulnerability or loop hole in the system. Different attack types: 1. Operating System Attacks 2. Code based Attacks also called Wrapped Code attacks 3. Misconfiguration attacks 4. Application Level Attacks 5. Web Based Attacks

LOKESH SINGH (http://www.isoftdl.com)

Page 11