C.S Projects

Target Discovery

This week we learnt about target discovery. This is a stage during the process of ethical hacking when the tester learns about their target. My tool of interest is nmap which can be used to find information about the operation system of the target so that the tester can exploit vulnerabilities of that OS to his advantage if any. Nmap fingerprints a system by:

Port Scanning- Provides a list of open TCP and UDP ports

ad-hoc forged packets sending

Analysis of the responses received and comparison against a database of known OS’s behavior (fingerprints).

Nmap in Use

To detect the OS of the target the command is nmap -O ipaddress/domainName. The example shows scanning the IP address 182.30.69.100 to get the OS

Utilizing Search Engines

Using Maltego

It helps to find the relationships between people for example their social profile, mutual friends, or companies information websites, subdomains, DNS names and net blocks.

On the domain pentest.id transform to website gives the website www.pentest.id

Performing a DNS Name transformation (Robtex) gives the following results where we can see the subdomains of the domain pentest.id.

Conclusion

Maltego is a powerful tool for visualizing relationships because of its extensive entity palette. You can perform a transformation on domain, person, website, email, conversation etc

Target Scoping and Information Gathering

Before attempting to attack a system, the attacker gathers information about the organisation or individual they want to attack. There are many legal ways to gather information made public. Such as:

1. Google search engine – for websites and any other company data
2. Whois – for IP and domain information
3. Google groups – for emails
4. etc

Results after performing whois search on pentest.id

Introduction to Ethical Hacking and Penetration Testing

What is ethical hacking?

Ethical hacking is one of many types of hacking. A hacker is a person who gains unauthorized access to a computer system or data. There are three types of hackers namely, black-hat hackers, grey-hat hackers, and white-hat hackers. Firstly, black-hat hackers are often called crackers and this type of hackers break through the security illegally. When they do, they encrypt valuable information and often demand ransomware from the company or person whose system they attack. Secondly, grey hat hackers are individuals who break into a security system without malicious intentions. Their aim is to find bugs and vulnerabilities that they can report and hopefully get paid as compensation for their time and resources. Although their intentions are good, they break in without permission hence it is illegal. Lastly, the white-hat hackers are given permission by the company to hack into their system and explore vulnerabilities before the black-hat hackers do hence it is termed ‘ethical hacking’.

Ethical hacking requires strong work ethics. An ethical hacker must be authorized to perform any type of penetration or assessment. As the term ‘ethical’ suggests, the duties and intentions of the hacker must adhere to the moral principles of the organization that the hacker is working for. This means there should be complete transparency between the activities of the hacker and the employer. The hacker is also bound to report the findings of the assessments and stick to the non-disclosure agreement to keep their discoveries confidential.