A lot of people think that all hackers have extraordinary skills that enable them to hack computer systems and thieve any valuable information they are seeking to get. In fact, ethical hackers are absolutely different from this kind of hacking. They are security professional who work similarly as hackers but only for the purpose of knowing how computer system work and to know what tools to use in order to find security weakness and how to solve it. Hackers use special type of computer software to gain access to system information. Ethical hackers have the same skills and employ the same computer software used by hackers to be able to defend computer system and network system against malicious attackers.
Gathering Target Information (reconnaissance & Footprinting)
The first step of hacking process is gathering information about the target. This step is also known as a Footprinting. In the age of internet, bits and pieces of information about the target (e.g organization) can be collected from many resources. These information can be enlightening when pieced together.
Hackers use information gathering to determine high value targets of the organization, where the most important information locates. Information gathering not only helps to identify where the information is located, but also helps to find and decide the best way to get access to the target. Many people jump to use hacking tools, but information gathering is critical to minimize the efforts and time spent in detection.
Gathering Network and Host Information (Scanning & Enumeration)
Scanning is the first step of active hacking. It is used to locate target systems or networks for later attack. So it is important that gathering information be as complete as possible to determine the locations and targets to scan. While scanning step, the hacker still gathering information regarding on the network and its host systems. IP address, services, operating system, installed programs, and such information can be very useful for hackers to decide which type of exploits to use in hacking system.
Enumeration is step after scanning. Once scanning is finished, it is used to gather and compile machine names, user names, services, shares, and network resources. It is also known as a process of connecting to the target in order to get this information. The object of enumeration is to find a user account or system account for in order to hack the target system. There are many hacking tools designed for scanning IP address and locating NetBIOS name, MAC Address, and logged in username information.
Trojans, Backdoors, Viruses, and Worms
Trojan and backdoors are two ways hackers use to access to the target system. They come in many different forms, but all of them have one common thing. They must be installed by another program or user could be tricked to install it. Trojan and backdoors are harmful tools in ethical hacker, so they must be used carefully to test the security of the system or network.
Viruses and worms can be used to infect and modify a system to allow a hacker to gain access. In fact, many viruses and worms carry Trojans and Backdoors. In this way, a virus or worm works as a carrier and allow malicious code such as Trojan and Backdoor to be transferred from one system to another system. This situation is similar to Drag Smuggling and contraband goods, where the virus is like the smugglers, scan for hidden port or any weakness point in the boundaries to break into the target country and transfer contraband goods (Trojans & Backdoors) into that country.
Gathering Data from Networks: Sniffers
A sniffer is a packet capturing tool. It is used by hackers to capture and display data that is being transmitted between hosts on the network. Often, this data is encrypted and needed to be decrypted. Some sophisticated sniffers have an algorithm to decrypt this data and reassemble it into the original data such as a document or an email (that because data is divided into small packet during transmitting). Actually, hacker use sniffer to discover usernames, passwords, and other important information transmitted over the network. Most hacking tools require the use of sniffer to get the important information sent from/to target system.
Web servers and web applications have high opportunity to be attacked. The main factor of this, that the system runs web server software must be available for the public through the Internet. The web server cannot be full isolated and to some degree must be available to check and investigate users. Once the webserver has been attacked, there will be another dangerous door opened for the hackers. In fact, web servers are the most accessible system in the network, so they are easier to be exploited than the other systems.
The target information on the web server is usually stored in the database on the webserver; this database is accessed by web application. So web server and web application go hand in hand. So any weakness can be exploited in the web application may cause a great risk to the system including the database.
Attacking Applications (Buffer overflow).
Buffer overflow is hacking technique used to exploit weakness in applications. Exploiting via buffer overflow can be done via user input field. The input field is where the user may enter a username and password on website, add data to URL. Buffer overflow can be caused by entering invalid parameters that are not verified by the application. The main factors that may cause applications exploited via buffer overflows are:
When there are many pressures force programmer to finish the application quickly. A lot of mistakes will be done.
Boundary checks are not done fully. Often, it is skipped entirely.(boundary check means the process of checking and validating parameters of input field, size and data type).
Programming languages such as C and C++ which are used to develop applications have errors in it. For example; the strcpy(), strcat(), bcopy(), gets(), sprint(), and scanf() function in C language can be exploited because these functions donââ‚¬â„¢t check if the allocated space in the stack is so enough or not for holding data.
Good programming practice can avoid such problems.
But how buffer overflow can happen can be explained as following:
Each program has a block of memory of specific size (Buffer).
If the program tries to add too much data into the buffer, the overflowing will happen, and the extra data will overwrite critical information or instructions and change the normal execution of the program.
Overflow may overwrite the return pointer, so the flow of control of the program can be switched to malicious code.
So system programs must perform boundary checks and validation to prevent such dangers.
Because of JVM (Java virtual machine) and the full isolation from the physical machine, any application developed by java programming language cannot be exploited using buffer overflow technique.
Cryptography is the study of encryption and decryption algorithm. Encryption is the process of converting the message from understandable form (plain text) in non-understandable form (cipher text) and vice versa for decryption. The purpose of encryption is to make data unreadable by hackers who use sniffer tools to capture and read it. Any hacker sniffing and captures this data, must has the secret of how to decrypt it. This technique ensures the secrecy and privacy of communications.
Performing a Penetration Test
Penetration Test or Pen test is the practical part of ethical attacking where the security professional or pen tester simulates methods used by hacker to gain unauthorized access to an organization's system or network. The purpose of this testing is to test the security implementations and security policy of the system. The hacker is absolutely differing from professional pen tester. The professional pen tester uses his skills to identify the weakness points of the system and improve the security without causing the loss of data and services or damaging the system.
This is a list of some programs used in pen testing:
Cerberus Internet Scanner
FoundScan Hardware Appliances