Samenvatting Ethical Hacking
Inhoud
Hoofdstuk 1: Getting started with Ethical Hacking ................................................................................. 2
Hoofdstuk 2: system fundamentals ........................................................................................................ 5
Hoofdstuk 3: cryptography...................................................................................................................... 5
Hoofdstuk 4: Footprinting and reconnaissance ...................................................................................... 7
Hoofdstuk 5: Scanning Networks .......................................................................................................... 10
Hoofdstuk 6: Enumeration of Services .................................................................................................. 14
Hoofdstuk 7 Gaining Access to a system ............................................................................................... 18
Hoofdstuk 8: Trojans, Viruses, Worms and Covert Channels................................................................ 20
Hoofdstuk 9: Sniffers ............................................................................................................................. 23
Hoofdstuk 10: social engineering .......................................................................................................... 25
Hoofdstuk 11: Denial of service ............................................................................................................ 25
Hoofdstuk 12: Session Hijacking............................................................................................................ 28
Hoofdstuk 13: Web Servers and Web Applications .............................................................................. 31
Hoofdstuk 14: SQL injection .................................................................................................................. 33
Hoofdstuk 15: Wireless networking ...................................................................................................... 35
Hoofdstuk 16: Evading IDSs, Firewalls and Honeypots ......................................................................... 37
Hoofdstuk 17: Physical security............................................................................................................. 42
,Hoofdstuk 1: Getting started with Ethical Hacking
Black Hats They do not have permission or authorization for their activities; typically their
actions fall outside the law.
White Hats They have permission to perform their tasks. White hats never share information
about a client with anyone other than that client.
Gray Hats These hackers cross into both offensive and defensive actions at different times.
Suicide Hackers This relatively new class of hacker performs their actions without regard to
being stealthy or otherwise covering up their assaults. These individuals are more concerned
with carrying out their attack successfully than the prison time that may ensue if they are
caught.
Another type of hacker is the hacktivist. Hacktivism is any action that an attacker uses to
push or promote a political agenda. Targets of hacktivists have included government
agencies and large corporations.
Target of Evaluation (TOE) A TOE is a system or resource
that is being evaluated for vulnerabilities. A TOE would be
specified in a contract with the client.
Attack This is the act of targeting and actively engaging a
TOE.
Exploit This is a clearly defined way to breach the security of
a system.
Zero Day This describes a threat or vulnerability that is
unknown to developers and has not been addressed. It is
considered a serious problem in many cases.
Security This is described as a state of well‐being in an
environment where only actions that are defined are allowed.
Threat This is considered to be a potential violation of
security.
Vulnerability This is a weakness in a system that can be
attacked and used as an entry point into an environment.
Daisy Chaining This is the act of performing several hacking
attacks in sequence with each building on or acting on the
results of the previous action.
, Confidentiality The core principle that refers to the safeguarding of information and keeping
it away from those not authorized to possess it. Examples of controls that preserve
confidentiality are permissions and encryption.
Integrity Deals with keeping information in a format that is true and correct to its original
purposes, meaning that the data that the receiver accesses is the data the creator intended
them to have.
Availability The final and possibly one of the most important items that you can perform.
Availability deals with keeping information and resources available to those who need to use
it. Information or resources, no matter how safe and sound, are only useful if they are
available when called upon.
Hacking methodologies
• Footprinting means that you are using primarily passive methods of gaining
information from a target prior to performing the later active methods.
• Scanning is the phase in which you take the information gleaned from the
footprinting phase and use it to target your attack much more precisely.
• Enumeration is the next phase where you extract much more detailed information
about what you uncovered in the scanning phase to determine its usefulness.
• System hacking follows enumeration. You can now plan and execute an attack
based on the information you uncovered.
• Escalation of privilege If the hacking phase was successful, then you can start to
obtain privileges that are granted to higher privileged accounts than you broke into
originally.
• Covering tracks is the phase when you attempt to remove evidence of your
presence in a system.
• The purpose of planting back doors is to leave something behind that would enable
you to come back later if you wanted.
,Attacks
• An insider attack is intended to mimic the actions that may be undertaken by
internal employees or parties who have authorized access to a system.
• An outsider attack is intended to mimic those actions and attacks that would be
undertaken by an outside party.
• A stolen equipment attack is a type of attack where an aggressor steals a piece of
equipment and uses it to gain access or extracts the information desired from the
equipment itself.
• A social engineering attack is a form of attack where the pen tester targets the
users of a system seeking to extract the needed information. The attack exploits the
trust inherent in human nature.
, Hoofdstuk 2: system fundamentals
Hoofdstuk 3: cryptography
Nonrepudiation The ability to provide positive identification
of the source or originator of an event is an important part of
security.
Symmetric Cryptography
Symmetric algorithms do some things really well and other things not so well. Modern symmetric
algorithms are great at all of the following:
• Preserving confidentiality
• Increasing speed
• Ensuring simplicity (relatively speaking, of course)
• Providing authenticity
MARS This AES finalist was developed by IBM and supports key lengths of 128–256 bits.
Serpent This AES finalist, developed by Ross Anderson, Eli Biham, and Lars Knudsen, supports key
lengths of 128–256 bits.
Asymmetric, or Public Key, Cryptography
Public key systems feature a key pair made up of a public and a private key.
Inhoud
Hoofdstuk 1: Getting started with Ethical Hacking ................................................................................. 2
Hoofdstuk 2: system fundamentals ........................................................................................................ 5
Hoofdstuk 3: cryptography...................................................................................................................... 5
Hoofdstuk 4: Footprinting and reconnaissance ...................................................................................... 7
Hoofdstuk 5: Scanning Networks .......................................................................................................... 10
Hoofdstuk 6: Enumeration of Services .................................................................................................. 14
Hoofdstuk 7 Gaining Access to a system ............................................................................................... 18
Hoofdstuk 8: Trojans, Viruses, Worms and Covert Channels................................................................ 20
Hoofdstuk 9: Sniffers ............................................................................................................................. 23
Hoofdstuk 10: social engineering .......................................................................................................... 25
Hoofdstuk 11: Denial of service ............................................................................................................ 25
Hoofdstuk 12: Session Hijacking............................................................................................................ 28
Hoofdstuk 13: Web Servers and Web Applications .............................................................................. 31
Hoofdstuk 14: SQL injection .................................................................................................................. 33
Hoofdstuk 15: Wireless networking ...................................................................................................... 35
Hoofdstuk 16: Evading IDSs, Firewalls and Honeypots ......................................................................... 37
Hoofdstuk 17: Physical security............................................................................................................. 42
,Hoofdstuk 1: Getting started with Ethical Hacking
Black Hats They do not have permission or authorization for their activities; typically their
actions fall outside the law.
White Hats They have permission to perform their tasks. White hats never share information
about a client with anyone other than that client.
Gray Hats These hackers cross into both offensive and defensive actions at different times.
Suicide Hackers This relatively new class of hacker performs their actions without regard to
being stealthy or otherwise covering up their assaults. These individuals are more concerned
with carrying out their attack successfully than the prison time that may ensue if they are
caught.
Another type of hacker is the hacktivist. Hacktivism is any action that an attacker uses to
push or promote a political agenda. Targets of hacktivists have included government
agencies and large corporations.
Target of Evaluation (TOE) A TOE is a system or resource
that is being evaluated for vulnerabilities. A TOE would be
specified in a contract with the client.
Attack This is the act of targeting and actively engaging a
TOE.
Exploit This is a clearly defined way to breach the security of
a system.
Zero Day This describes a threat or vulnerability that is
unknown to developers and has not been addressed. It is
considered a serious problem in many cases.
Security This is described as a state of well‐being in an
environment where only actions that are defined are allowed.
Threat This is considered to be a potential violation of
security.
Vulnerability This is a weakness in a system that can be
attacked and used as an entry point into an environment.
Daisy Chaining This is the act of performing several hacking
attacks in sequence with each building on or acting on the
results of the previous action.
, Confidentiality The core principle that refers to the safeguarding of information and keeping
it away from those not authorized to possess it. Examples of controls that preserve
confidentiality are permissions and encryption.
Integrity Deals with keeping information in a format that is true and correct to its original
purposes, meaning that the data that the receiver accesses is the data the creator intended
them to have.
Availability The final and possibly one of the most important items that you can perform.
Availability deals with keeping information and resources available to those who need to use
it. Information or resources, no matter how safe and sound, are only useful if they are
available when called upon.
Hacking methodologies
• Footprinting means that you are using primarily passive methods of gaining
information from a target prior to performing the later active methods.
• Scanning is the phase in which you take the information gleaned from the
footprinting phase and use it to target your attack much more precisely.
• Enumeration is the next phase where you extract much more detailed information
about what you uncovered in the scanning phase to determine its usefulness.
• System hacking follows enumeration. You can now plan and execute an attack
based on the information you uncovered.
• Escalation of privilege If the hacking phase was successful, then you can start to
obtain privileges that are granted to higher privileged accounts than you broke into
originally.
• Covering tracks is the phase when you attempt to remove evidence of your
presence in a system.
• The purpose of planting back doors is to leave something behind that would enable
you to come back later if you wanted.
,Attacks
• An insider attack is intended to mimic the actions that may be undertaken by
internal employees or parties who have authorized access to a system.
• An outsider attack is intended to mimic those actions and attacks that would be
undertaken by an outside party.
• A stolen equipment attack is a type of attack where an aggressor steals a piece of
equipment and uses it to gain access or extracts the information desired from the
equipment itself.
• A social engineering attack is a form of attack where the pen tester targets the
users of a system seeking to extract the needed information. The attack exploits the
trust inherent in human nature.
, Hoofdstuk 2: system fundamentals
Hoofdstuk 3: cryptography
Nonrepudiation The ability to provide positive identification
of the source or originator of an event is an important part of
security.
Symmetric Cryptography
Symmetric algorithms do some things really well and other things not so well. Modern symmetric
algorithms are great at all of the following:
• Preserving confidentiality
• Increasing speed
• Ensuring simplicity (relatively speaking, of course)
• Providing authenticity
MARS This AES finalist was developed by IBM and supports key lengths of 128–256 bits.
Serpent This AES finalist, developed by Ross Anderson, Eli Biham, and Lars Knudsen, supports key
lengths of 128–256 bits.
Asymmetric, or Public Key, Cryptography
Public key systems feature a key pair made up of a public and a private key.
