SAMENVATTING Stan van der Veen
ETHICAL HACKING
,Inhoud
Chapter 1 Ethical hacking .................................................................................................................... 2
Chapter 2 Networking foundations ..................................................................................................... 3
Chapter 3 security foundations ........................................................................................................... 6
Chapter 4 Footprinting and Reconnaissance ...................................................................................... 9
Chapter 5 Scanning Networks ........................................................................................................... 15
Chapter 6: Enumeration .................................................................................................................... 22
Chapter 7 System hacking ................................................................................................................. 27
Chapter 8 Malware ............................................................................................................................ 35
Chapter 9 Sniffing .............................................................................................................................. 39
Chapter 10 Social engineering ........................................................................................................... 44
Chapter 11 Wireless security............................................................................................................. 46
Chapter 12 Attack and Defense 441.................................................................................................. 53
Chapter 13 Cryptography .................................................................................................................. 60
1
,Chapter 1 Ethical hacking
Types of hackers:
• White hat: White hat hackers are people who always do their work for good
• Black hat: people who do bad things, generally actions that are against the law
• Gray hat: though, fall in the middle. They are working for good, but they are using the
techniques of black hat hackers
Penetration testing = ethical hacking
Red teaming: a specific type of penetration test where the testers are adversarial to the organization
and network under test. A red teamer would act like an attacker, meaning they would try to be
stealthy so as not to be detected.
Methodology of Ethical hacking
The basic methodology is meant to reproduce what real-life attackers would do; this consist of the
following stages:
1. Reconnaissance is where you gather information about your target, the goal is to understand
the scope. This will help you narrow your actions so you aren’t engaging in anything that
could be unethical.
2. Foot printing is just getting an idea of the “footprint” of the
organization, meaning the size and appearance. This means
trying to identify network blocks, hosts, locations, and
people.
3. Scanning and enumeration when the network blocks are
identified, you will want to identify systems that are
accessible within those network blocks. you will want to
identify services running on any available host. Ultimately,
these services will be used as entry points.
4. Gaining Access this is where you demonstrate that some
services are potentially vulnerable. You do that by exploiting
the service. There are no theoretical or false positives when
you have compromised a system or stolen data and you can
prove it.
5. Maintaining access Once you are in, emulating common attack patterns means that you
should maintain access.
6. Covering tracks is where you hide or delete any evidence to which you managed to get
access. Additionally, you should cover up your continued access.
2
, Chapter 2 Networking foundations
We access systems through their addresses. The problem is that each system will have multiple
addresses. These addresses are best separated into buckets related to the functionality provided by
the protocol each address belongs to. To work with this there are two communication models: OSI
and TCP/ip architecture.
Protocol: is a set of rules or conventions that dictate communication.
Open Systems interconnection (OSI)
Since we build messages from the Application layer down, we’re going to start discussing each of the
layers and their roles there and move downward.
• Application (layer 7) this is the layer closest to the end user. Application layer protocols
manage the communication needs of the application. They may identify resources and
manage interacting with those resources. HTTP is an example of an application layer
protocol.
• Presentation (layer 6) is responsible for preparing data for the Application layer. It makes
sure that the data that is handed up to the application is in the
right format so it can be consumed. ASCII, Unicode and even
JPEG are examples are handled in this layer.
• Session (layer 5) manages the communication between the
endpoints when it comes to maintaining the communication of
the applications (the client or server). Remote procedure calls
(RPCs) are an example of a function at the Session layer.
• Transport (layer 4) Remote procedure calls (RPCs) are an
example of a function at the Session layer. Both the TCP and the
UDP are transport protocols.
• Network (layer 3) gets messages from one endpoint to another.
It does this by taking care of addressing and routing. The IP is
one protocol that exists at this layer.
• Data link (layer 2) takes care of formatting the data to be sent
out on the transmission medium. the media access control
(MAC) address is a layer 2 address, identifying the network
interface on the network so communications can get from one
system to another on the local network. Other Data link layer protocols are ARP, VLANS and
ethernet
• Physical (layer 1) This is all the protocols that manage the physical communications.
10BaseT, 10Base2, 100BaseTX, and 1000BaseT are all examples of Physical layer protocols.
They dictate how the pulses on the wire are handled.
However, the OSI model isn’t always a good when it comes to mapping protocols to the seven layers.
The problem often comes in the areas between the Session and Application layers. As an example, at
which layer does the Secure Shell (SSH) protocol live?
3
ETHICAL HACKING
,Inhoud
Chapter 1 Ethical hacking .................................................................................................................... 2
Chapter 2 Networking foundations ..................................................................................................... 3
Chapter 3 security foundations ........................................................................................................... 6
Chapter 4 Footprinting and Reconnaissance ...................................................................................... 9
Chapter 5 Scanning Networks ........................................................................................................... 15
Chapter 6: Enumeration .................................................................................................................... 22
Chapter 7 System hacking ................................................................................................................. 27
Chapter 8 Malware ............................................................................................................................ 35
Chapter 9 Sniffing .............................................................................................................................. 39
Chapter 10 Social engineering ........................................................................................................... 44
Chapter 11 Wireless security............................................................................................................. 46
Chapter 12 Attack and Defense 441.................................................................................................. 53
Chapter 13 Cryptography .................................................................................................................. 60
1
,Chapter 1 Ethical hacking
Types of hackers:
• White hat: White hat hackers are people who always do their work for good
• Black hat: people who do bad things, generally actions that are against the law
• Gray hat: though, fall in the middle. They are working for good, but they are using the
techniques of black hat hackers
Penetration testing = ethical hacking
Red teaming: a specific type of penetration test where the testers are adversarial to the organization
and network under test. A red teamer would act like an attacker, meaning they would try to be
stealthy so as not to be detected.
Methodology of Ethical hacking
The basic methodology is meant to reproduce what real-life attackers would do; this consist of the
following stages:
1. Reconnaissance is where you gather information about your target, the goal is to understand
the scope. This will help you narrow your actions so you aren’t engaging in anything that
could be unethical.
2. Foot printing is just getting an idea of the “footprint” of the
organization, meaning the size and appearance. This means
trying to identify network blocks, hosts, locations, and
people.
3. Scanning and enumeration when the network blocks are
identified, you will want to identify systems that are
accessible within those network blocks. you will want to
identify services running on any available host. Ultimately,
these services will be used as entry points.
4. Gaining Access this is where you demonstrate that some
services are potentially vulnerable. You do that by exploiting
the service. There are no theoretical or false positives when
you have compromised a system or stolen data and you can
prove it.
5. Maintaining access Once you are in, emulating common attack patterns means that you
should maintain access.
6. Covering tracks is where you hide or delete any evidence to which you managed to get
access. Additionally, you should cover up your continued access.
2
, Chapter 2 Networking foundations
We access systems through their addresses. The problem is that each system will have multiple
addresses. These addresses are best separated into buckets related to the functionality provided by
the protocol each address belongs to. To work with this there are two communication models: OSI
and TCP/ip architecture.
Protocol: is a set of rules or conventions that dictate communication.
Open Systems interconnection (OSI)
Since we build messages from the Application layer down, we’re going to start discussing each of the
layers and their roles there and move downward.
• Application (layer 7) this is the layer closest to the end user. Application layer protocols
manage the communication needs of the application. They may identify resources and
manage interacting with those resources. HTTP is an example of an application layer
protocol.
• Presentation (layer 6) is responsible for preparing data for the Application layer. It makes
sure that the data that is handed up to the application is in the
right format so it can be consumed. ASCII, Unicode and even
JPEG are examples are handled in this layer.
• Session (layer 5) manages the communication between the
endpoints when it comes to maintaining the communication of
the applications (the client or server). Remote procedure calls
(RPCs) are an example of a function at the Session layer.
• Transport (layer 4) Remote procedure calls (RPCs) are an
example of a function at the Session layer. Both the TCP and the
UDP are transport protocols.
• Network (layer 3) gets messages from one endpoint to another.
It does this by taking care of addressing and routing. The IP is
one protocol that exists at this layer.
• Data link (layer 2) takes care of formatting the data to be sent
out on the transmission medium. the media access control
(MAC) address is a layer 2 address, identifying the network
interface on the network so communications can get from one
system to another on the local network. Other Data link layer protocols are ARP, VLANS and
ethernet
• Physical (layer 1) This is all the protocols that manage the physical communications.
10BaseT, 10Base2, 100BaseTX, and 1000BaseT are all examples of Physical layer protocols.
They dictate how the pulses on the wire are handled.
However, the OSI model isn’t always a good when it comes to mapping protocols to the seven layers.
The problem often comes in the areas between the Session and Application layers. As an example, at
which layer does the Secure Shell (SSH) protocol live?
3
