Ethical Hacking for All: Complete A to Z Tips and Tricks to Ethical Hacking Mastering
By Joe Grant
()
About this ebook
When you think of hacking, what might come to your mind are complex codes and scripts that only geniuses can understand. Again, the notion created by the media is that malicious people only do hacking for their personal gains. However, hacking doesn't have to be complex, and it does not have to be done for malicious reas
Related to Ethical Hacking for All
Titles in the series (2)
Ethical Hacking: A Comprehensive Beginner's Guide to Learn and Understand the Concept of Ethical Hacking Rating: 0 out of 5 stars0 ratingsEthical Hacking for All: Complete A to Z Tips and Tricks to Ethical Hacking Mastering Rating: 0 out of 5 stars0 ratings
Related ebooks
Unleashing Your Inner Hacker Rating: 0 out of 5 stars0 ratingsETHICAL HACKING GUIDE-Part 1: Comprehensive Guide to Ethical Hacking world Rating: 0 out of 5 stars0 ratingsComputer Hacking: The Crash Course Guide to Learning Computer Hacking Fast & How to Hack for Beginners Rating: 0 out of 5 stars0 ratingsEthical Hacking Rating: 4 out of 5 stars4/5Ethical Hacking Rating: 0 out of 5 stars0 ratingsEthical Hacking: A Beginners Guide To Learning The World Of Ethical Hacking Rating: 3 out of 5 stars3/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Ethical Hacking: A Comprehensive Beginner's Guide to Learn and Understand the Concept of Ethical Hacking Rating: 0 out of 5 stars0 ratingsUltimate Ethical Hacking Boot Camp Beginner to Pro Rating: 0 out of 5 stars0 ratingsHacking Rating: 3 out of 5 stars3/5Hacked: The Ultimate Guidence Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5HACKING WITH KALI LINUX: A Practical Guide to Ethical Hacking and Penetration Testing (2024 Novice Crash Course) Rating: 0 out of 5 stars0 ratingsLearn Ethical Hacking: A Help Book of Ethical Hacking Rating: 0 out of 5 stars0 ratingsZero to Hacking: Zero Series, #1 Rating: 0 out of 5 stars0 ratingsYour System's Sweetspots: CEO's Advice on Basic Cyber Security: CEO's Advice on Computer Science Rating: 0 out of 5 stars0 ratingsHacking: 10 Easy Beginners Tutorials on How to Hack Plus Basic Security Tips Rating: 0 out of 5 stars0 ratingsPrivileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations Rating: 0 out of 5 stars0 ratingsHacking for Beginners: Your Guide for Learning the Basics - Hacking and Kali Linux: Security and Hacking, #1 Rating: 5 out of 5 stars5/5Cybersecurity and Ethical Hacking: Exploring the Dark Art of Ethical Hacking and Penetration Testing Rating: 0 out of 5 stars0 ratingsEthical Hacking 101 Rating: 5 out of 5 stars5/5Cyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratingsHacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5The Core of Hacking Rating: 0 out of 5 stars0 ratingsHacking into Hackers’ Head: A step towards creating CyberSecurity awareness Rating: 5 out of 5 stars5/5Kali Linux, Ethical Hacking And Pen Testing For Beginners Rating: 0 out of 5 stars0 ratingsEthical Hacking and Computer Securities For Beginners Rating: 0 out of 5 stars0 ratings
Internet & Web For You
Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Six Figure Blogging Blueprint Rating: 5 out of 5 stars5/5Get Rich or Lie Trying: Ambition and Deceit in the New Influencer Economy Rating: 0 out of 5 stars0 ratingsCoding For Dummies Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5How to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5SEO For Dummies Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Podcasting For Dummies Rating: 4 out of 5 stars4/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Stop Asking Questions: How to Lead High-Impact Interviews and Learn Anything from Anyone Rating: 5 out of 5 stars5/5How To Start A Podcast Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The $1,000,000 Web Designer Guide: A Practical Guide for Wealth and Freedom as an Online Freelancer Rating: 5 out of 5 stars5/5C++ Learn in 24 Hours Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5The Gothic Novel Collection Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5The Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Mega Box: The Ultimate Guide to the Best Free Resources on the Internet Rating: 4 out of 5 stars4/5Wordpress for Beginners: The Easy Step-by-Step Guide to Creating a Website with WordPress Rating: 5 out of 5 stars5/5The Logo Brainstorm Book: A Comprehensive Guide for Exploring Design Directions Rating: 4 out of 5 stars4/5
Reviews for Ethical Hacking for All
0 ratings0 reviews
Book preview
Ethical Hacking for All - Joe Grant
Introduction
Hacking, ethical or otherwise, sounds as a complex process where you have to learn every code there is in the world. To a person who is new to hacking, you might feel that you need a lot of prerequisite knowledge on hacking software, programming languages, algorithms and syntaxes, and a lot of other complex elements that only geniuses can decipher. However, you may not need to be or know all that to some extent. This book introduces simple steps and tricks to complete an ethical hack, also called penetration testing.
You do not need prior hacking knowledge to decipher the skills taught in this book. In it, you will learn how to use modern hacking tools and interpret the results of these tools, including Backtrack Linux, Nmap, MetaGoofil, dig, Nessus, Google, Reconnaissance, Metasploit, Netcat, and Hacker Defender rootkit. You will learn how to use these tools to unearth offensive security systems.
While those with no prior knowledge might find this book a challenge at first, the steps explained in this book are simple, and they target beginners. The aim of writing this book is to teach beginners simple steps and tricks to execute an ethical hack. The book looks at the basics of hacking allowing you to break into weak security systems. You will not only learn what ethical hacking involves but also learn how to perform penetration testing with ease.
An ethical hacker helps point out loopholes in the security system of computers. Unlike black hat and gray hat hacking, an ethical hacker only seeks to gain access to security systems so they can point out where problems lie. In short, ethical hacking prevents the black hat and gray hat hackers. This book comes as a result of years of experience performing penetration tests successfully.
Happy reading!
Chapter 1
What is Ethical Hacking?
Today, when you talk of a hacker, the picture that comes to the mind of many people is a person who breaks into the security systems to obtain information illegally. In the 1990s, however, a hacker was someone with immense knowledge on programming and who would build complex algorithms. With the word hacker
gaining negative hype, now a hacker is a bad guy.
However, a hacker is not always a bad guy, as the media has made everyone believe. You will hear news about a hacker when hacking results in stolen personal details or cyber theft. For many years, hackers have been breaking into security systems of corporates to highlight vulnerabilities that help better the systems. A hacker, therefore, is a creative person, can solve complex problems, and can find ways to compromise the security systems of targets.
There are three main types of hackers based on why they do what they do:
White hat hacker – A white hat hacker does penetration testing to uncover vulnerabilities in a security system. These hackers are employed by organizations as security professionals to find loopholes that malicious attackers might use to gain access to the system.
Black hat hacker – This is also known as a cracker. A back hat hacker will use the knowledge they have to break into security systems for negative purposes. They might steal and sell information or allow access to other people who are equally malicious.
Gray hat hacker – A person who hacks security systems for negative purposes and at the same time offers their services as security professionals to organizations is a gray hat hacker. At one time, a gray hat hacker is the good guy,
and the next time, the bad guy.
Besides the above three categories, there are other types of hackers, including:
Hacktivists – These are groups of hackers who break into systems to have their voices heard. The motivation might be political, human rights, freedom of speech, or any other cause that activists fight for.
Script Kiddie – This is a hacker who can compromise a target using exploits created by other people. However, this hacker lacks knowledge of how exploits work – they cannot create or modify exploits.
Elite hacker – An elite hacker has a deep understanding of exploits and hacking software. This is a hacker who can create or modify hacking software and break into a security system with ease. When an exploit is not working, this hacker finds a way to modify it even if the exploit was written by someone else.
Understanding Hacking Terminologies
There are terms that you need to understand to help you go through this guide.
Vulnerability
This refers to a weakness or a loophole in the security system of an organization. It is a port through which attackers can gain access to information on an organization. The vulnerability can lead black hat hackers into the systems resulting in data compromise.
Asset
An asset refers to data or device that holds information in an organization. Assets need protection from anyone except those authorized to view and manipulate data.
Threat
Threats are imminent dangers to the computer security systems that organizations have put in place. This may represent a malicious hacker who has tried to gain unauthorized access to a computer system or statements from malicious people who say they will get access to a system.
Exploit
An exploit is something that allows a hacker to gain access to a computer system. This exploit comes in the form of software or an algorithm. With an exploit, a hacker takes advantage of vulnerabilities in a computer system.
Risk
After a successful exploit, what damages will a hacker cause? These damages to the asset comprise of risks.
Penetration Testing
In penetration testing, an ethical hacker poses as a black hat hacker to expose and document vulnerabilities in a computer system. It comprises of a set of methods and techniques that a hacker applies to test the security of an organization.
Pre-Engagement and Rules of Engagement
Unlike black hat hacking, where the hacker picks any system to break into, ethical hacking involves an agreement between a hacker and an organization. To hack into a security system, an ethical hacker and their client need to agree. After the agreement, the hacker needs to ensure that they follow all the rules of engagement. These rules comprise of the methodologies to use, hacking duration, goals and milestones, and liabilities and responsibilities of a hacker, among others.
Some of the rules of engagement that hackers need to agree with their clients include:
Signing a nondisclosure
and permission to hack
form by both parties.
The section of the computer system to be tested or hacked.
How long the hacking should take – that is, start and end date.
The method the hacker will use.
Allowed and disallowed techniques.
Liabilities and responsibilities. If you break into a system that should not be accessible or you access information such as credit card details, liabilities, and responsibilities, keep you from using the information.
Because you need to carry out the ethical hack in stages, you need to set milestones to help you track your progress. You can carry out your hack into phases, each taking a set duration. These phases might include:
Scope definition
Reconnaissance
Scanning
Exploitation
Post Exploitation
Reporting
As an ethical hacker, you will give each of the above phases enough time based on the section of the computer system that you will hack.
Ethical Hacking Methodologies
You can carry out an ethical hack using different methodologies, including:
OSSTMM – Open source security testing methodology manual
This methodology includes the majority of the steps carried out in a penetration test – it is an in-depth security test that includes hacking into almost all components of a computer system. This methodology is intense and cumbersome, and in most cases, it is not possible in everyday ethical hacking. Again, the method requires a lot of resources which most companies are not able or willing to give.
NIST
NIST is a more comprehensive ethical hacking methodology carried out in four simple steps – planning, discovery, attack, and reporting. In the first step, planning, an ethical hacker decides on the engagement to be performed. After planning is the discovery phase where the hacker first gathers information, scans the network, identifies service, detects the OS, and then assesses the vulnerability of the computer system.
After discovery, now the actual hacking starts. The attack phase is detailed and includes gaining access, escalating privileges, system browsing, and installation of additional tools. If you compromise a target and the system has multiple interfaces, you will go back to the discovery phase and start all over again on a different interface. The NIST ethical hacking methodology involves reporting after planning and reporting after the attack.
OWASP
OSSTMM and NIST methodologies focus more on network hacking rather than application hacking. OWASP is a simple methodology that involves testing the security of an application. This methodology, which is developed by web application researchers, is an in-depth methodology that follows all the steps in web application testing.
Categories of Ethical Hacking
In ethical hacking, an organization hires your services to test how secure their systems are. While defining the scope of the hack, the hack engagement is also defined along with it. The hack