Ethical Hacking

Hands-On Training
Course Outline
• Introduction to Ethical • Session Hijacking
Hacking • Evading Firewalls
• Footprinting/Recon • Hacking Web Servers
• Scanning Networks • Hacking Web Applications
• System Hacking • SQL Injection
• Packet Sniffing • Hacking Wireless Networks
• Social Engineering • Cryptographic Basics
• Denial-of-Service
Building An Ethical Hacking LAB
• System Requirements • LAB Operating Systems
Intel Corei5 ➢Attacker Machines
8GB Ram Kali OS
4 CPUs Parrot OS
@3.0 ghz
500GB SSD ➢Vulnerable OS (Machines)
Owasp Broken Web APP
• Virtualization Platforms Metasploitable-2
➢VMware Workstation Player Windows 7 or higher
➢Microsoft Hyper-V
➢VirtualBox
Where to Get The Lab Software
➢VirtualBox Download - Downloads – Oracle VM VirtualBox

➢Kali Linux Download - Get Kali | Kali Linux

➢Parrot OS Download - Parrot Security

➢Metasploitable-2 - Metasploitable - Browse /Metasploitable2 at

SourceForge.net
➢Owasp Broken Web Application - OWASP Broken Web Applications
Project - Browse /1.2 at SourceForge.net
➢Windows OS
Installing The Lab Software
➢In This Training, We are using VirtualBox as a Virtualization
Platform.
Install VirtualBox
Install VirtualBox Extension Pack

➢Then, Install Virtual Machines (VMs) on the VirtualBox

Configure a NAT Network
Ping all Systems to test Connectivity
All is now set
Ethical Hacking Certifications
• CompTIA Pentest+ - Exam 240 USD
• eJPT(Junior Penetration Tester) - Exam 250 USD
• CEH(Certified Ethical Hacker) – EC-Council – Exam 800 USD
• PNPT(Practical Network Penetration Tester) Exam 400 USD
• (eCPPTv2) Certified Professional Pen Tester – Exam 400 USD
• OSCP – Offensive-Security Certified Professional – Exam 1200
USD
Hacking Vs Ethical Hacking
• Hacking is a way of taking an object (Person, software, or
hardware) and putting it into use contrary to the original
design.

• Ethical hacking is the practice of detecting vulnerabilities in

an application, systems, network, or the organization’s IT
infrastructure (with a written permission/consent) and
recommending appropriate security safeguards to remediate
the discovered vulnerabilities.
Types Of Hackers
• Black Hat
• vs.
• White Hat
• vs.
• Grey Hat
• Script Kiddies
• Hacktivist
White Hat Vs Black Hat
• For instance, Russia, the United States, and China are hacking
each other for geopolitical advantage. From the perspective
of the United States, the Russian hackers might be considered
a black hat, while in Russia they would be celebrated as
heroes.

• Of course, the same applies in reverse. U.S. hackers intruding

upon China are well-paid and well-respected members of the
military or intelligence community with nice homes in the
suburbs
Cyber Crime Law Enforcement
• In the United States, most hacking is investigated and prosecuted
by federal law enforcement.

• Surprisingly, the Secret Service is the lead agency, but they are
primarily involved in coordinating the response, usually not in
investigating.

• They delegate the investigation to one of the numerous federal

agencies, but the FBI's Cyber Crime Task Force is the agency most
often involved.
Cyber Crime Law Enforcement
Cyber Crime Law Enforcement
Nigeria Cyber Crime Law Enforcement
A Word Of Caution
• Even if you don't have malicious intentions, the
knowledge that you are about to acquire can be
misconstrued as bad intentions.

• when somebody finds out you have Kali or any hacking

tools AND the knowledge of how to use them, you are
suddenly guilty until proven innocent.
Professions for Ethical Hackers
1. National Security;
National security agencies are desperately seeking well-trained hackers
to protect their nations and attack their adversaries.

This particularly applies to the field of SCADA/ICS (Supervisory Control

and Data Acquisition/Industrial Control Systems) hacking, where nations
can disable or destroy industrial plants, Power grids, and infrastructure
in times of cyber war.
Professions for Ethical Hackers
2. National Espionage/Spying;
In the name of National security, many governments around the world have
several spies across many continents, but in this digital age, spying on your
enemies can be done digitally.

3. Military/Defense;
With advancements in technology, the military now uses sophisticated digital
equipment, like drones in the field. These improvements have created a need
for the use of ethical hackers in the field and on the frontline operations to
knock out or control the adversaries’ communications and other digital
equipment.
Professions for Ethical Hackers
4. Penetration Testing;
A pentest is essentially a form of legal hacking. A company can hire ethical hackers
or pentesters to try to hack into their systems to determine how secure they are.

5. Bug Bounty Hunting;

Corporations, organizations, and website owners are now offering rewards
(bounties) to hackers who can find vulnerabilities (bugs) in their software before
the general public becomes aware of them.
Professions for Ethical Hackers
6. Zero-Day Developer;
Some hackers develop zero-days and then sell them to cybercrime gangs or
national espionage agencies. These zero-day exploits can sell for millions of dollars
as they enable national espionage agencies to spy on their adversaries and their
citizens.
7. Information Security (Infosec) Engineers;
A Cybersecurity engineer (CISO) needs to understand the offense of the opposition
(hacking) to mount an effective defense (information security).
Reconnaissance/Information Gathering
Reconnaissance, also known as information gathering is a set of processes and
techniques (Scanning, Footprinting, & enumeration) used to discover and collect
information from a target system.
Examples of information that can be gathered;
1. Active machines
2. Ip addresses
3. Opened ports
4. Running services
5. OS details
Reconnaissance Continued…
Active Reconnaissance;
Active reconnaissance is information gathered while actively interacting with the
target system. Active reconnaissance is risky, because it can be detected by the
target, but it usually provides the attacker with more reliable and accurate
information.
This method of reconnaissance also risks triggering the target’s security devices
such as firewalls and intrusion detection systems (IDS).
Reconnaissance Continued…
Passive Reconnaissance;
Passive reconnaissance (also referred to as OSINT) is the process of learning about
the target system without directly interacting with it.

It means that the information about the target can be gathered from third-party
sources, such as DNS, Wappalyzer, Shodan, Netcraft, Google, social networking
sites, etc.
Reconnaissance Tools
Passive Reconnaissance Tools: Active Reconnaissance Tools:
1. Wappalyzer 1. Nmap
2. Whois.domaintools.com 2. Zenmap
3. Crt.sh 3. Nitko
4. Haveibeenpwned.com
5. Builtwith.com
6. Hunter.io
7. Shodan.io
8. Google ducking
Information Gathering Lab Exercise
1. Use Wappalyzer to discover Website technologies on udemy.com
2. Use builtwith.com to discover Website technologies on udemy.com
3. Use crt.sh to discover subdomains
4. Used haveibeenpwned.com to discover data breaches
5. Use nmap to discover open ports on skullsecurity.com
6. Use nmap to discover running services on skullsecurity.com
7. Use nmap to discover Server Operating system on skullsecurity.com
System Hacking
Sniffing
Sniffing is a process of monitoring and
capturing all data packets passing through
given network. Sniffers are used by
network/system administrator to monitor
and troubleshoot network traffic.

Attackers use sniffers to capture data

packets containing sensitive information
such as password, account information etc.
 There are two types Of Sniffing:
Active Sniffing -
Active sniffing attacks employ the use of advanced pieces of hardware
known as switches.

Active sniffing attacks are often initiated by injecting Address

Resolution Protocols (ARPs) into a network in order to overflow the
Switch Content Address Memory (CAM) table.
There are two types Of Sniffing Continued:

Passive Sniffing –
This type of sniffing is generally carried out at the hub. Unlike active
sniffing, the hub may be immediately injected with a sniffer device to
simply collect data packets.

However, hubs are rarely utilized nowadays, therefore passive sniffing

attacks are also rarely recorded.
 Sniffing Tools
1. Wireshark
2. BetterCap
3. EtherCap
4. TCPDump
5. NetworkMiner
6. Kismet
7. Dsniff
 Sniffing Preventions
1. Do not use public Wi-Fi networks:
2. Rely on a trusted VPN connection:
3. Look for secure HTTPS protocols before surfing the web:
4. Don’t fall prey to social engineering tricks and traps:
5. Adopt a sniffer detection application
Install sniffing detection tools on your device:
include Anti Sniff, Neped, ARP Watch and Snort.
Spoofing Attacks
Spoofing happens when someone impersonates a trusted contact or brand,
pretending to be someone you trust in order to access sensitive personal
information.
Spoofing Attacks (Continued)

Types Of Spoofing Attacks

• Email Spoofing
• Website Spoofing (DNS)
• IP Spoofing
• ARP Spoofing
Spoofing Attacks (Continued)
Email Spoofing Example….
Spoofing Attacks (Continued)

Spoofing Tools;
• BetterCap
• Zaproxy
• SslStrip
• BurpSuite
• MitmProxy