Traditional methods of Information gathering

 There are two types of traditional methods of information gathering:

• Passive information gathering
  
• Active information gathering

Passive Information Gathering

Before the active information gathering, passive information gathering will occur during the information-gathering phase. The purpose of passive information gathering is to collect information about the target network without establishing direct interaction with the target. It uses the intermediate system for interaction. In the information gathering, a blueprint of the target network infrastructure is prepared. Each and every branch has a unique blueprint. Passive information gathering does not directly interact with the target; that's why it is harmless for the target organization. Active information gathering is more aggressive as compared to passive information gathering. Passive information gathering does not require direct interaction with the target organization as compared to vibrant information gathering. In passive information gathering, the client probes the target system for information using the intermediate system. The description of passive information gathering is as follows where the client probes by the target system using the intermediate system:

In passive information gathering, when we perform information gathering, we have four intentions. These are as follows:

• We want to gather all the available information on the network about the target and about the target actively or passively.
• We want to find the versions of web servers, platforms, operating systems, etc.
• We want to perform techniques like DNS fingerprinting, Whois lookup, and other queries related to network and organization.
• We want to identify vulnerabilities and exploits so that we can launch the attack.

Passive information gathering gets the information of the target that is publicly available using the various passive methods:

Finance

We can either use yahoo finance or Google Finance to know the target's financial posture. It will help us to show whether the organization is losing shares or making money. Using the following link, we can find that:

https://in.finance.yahoo.com/

https://www.google.com/finance

Alerts

If we are receiving updates on a particular subject using SMS or mail, it is generally provided by the Alert. To collect competitive information, this service is used. If we are a pentester, the alert can be used to monitor how the updates of clients Id fooled using the internet. We can use the following link to do this:

https://policies.yahoo.com/us/en/yahoo/privacy/products/alerts/

https://www.google.co.in/alerts

Archive

All versions of every website can be stored by archive.org using the internet. The archive is good for us if the target is updating its website, and we want to know the frequency of the updation. It can also be used to find the look of the previous version of the website. We can use the following link to do this:

https://archive.org/

Email

Using Email, we can generate a discussion with the front desk or support. The address of the sender and receiver is contained in the email header, which is used to track geo-location. It also has the authentication method used, mail server's IP address, etc. Using the service point of mail; we can track our sent mail like its destination, path, when the mail was opened by the other person, etc. We can use the following link to track the mail:

http://whatismyipaddress.com/trace-email#

Whois Lookup

The information about the users that own registered domains is contained in the Whois database. The information about the owner of the website can be retrieved using the Whois database. The personal information about the owners of the site like the server's IP address, physical address, email address, phone number, registration date of site, expiry date of site, etc. Using the following link, we can do this:

https://centralops.net/co/DomainDossier.aspx?dom_whois=1

http://viewdns.info/

DNS Footprinting

Using DNS footprinting, the pentester can know more information about the target. The DNS information is extracted by the pentester from the DNS server. The information can have a mail server, domain name, IP address, computer names, etc. most commonly used domain names are as follows:

• Text record (TXT)
• Host information record (HINFO)
• IP Version 6 Address records (AAAA)
• Reverse-lookup Pointer records (PTR)
• Mail exchange records (HINFO)
• Start of Authority Record (SOA)
• Integrated Services Digital Network records (ISDN)
• Address Mapping Records (A)
• Name Server Records (NS)
• Canonical Name Records (CNAME)

Google Dorks

The search engine is the first method. The spiders or crawlers will take all the sensitive information of the target like credentials, URL, etc. if search engine crawlers are allowed by robots.txt of a site. We will craft special search queries to get this information from the spider or crawlers. We will use the following link to get the information:

inurl:certifiedhacker.com

We will copy the above query and paste it into Google. The query's answer will be all the URLs with certified hackers in them. This type of query is known as Google dorks, and this type of method is called Google hacking. In the Google hacking database of exploit db, we can see many useful queries.

https://www.exploit-db.com/google-hacking-database/

Active Information Gathering

Active information gathering is collecting more information about the target network by directly interacting with the target. It is illegal to do this without authentication. Active information gathering can use OS fingerprinting, port scanning, DNS enumeration, etc. The main goal of vibrant information gathering is to collect all the possible information about the target, just like passive information gathering. As compared to passive information gathering, active information gathering may reveal much more information. In vibrant information gathering, there are always chances that security alarms of the target system are going off. Since the target system and the attacker have a direct connection. All the requested information would be logged and can later be traced back to the source. In active information gathering, we can conduct a port scan to find out all the open ports on the target. We can also conduct scans to find out all the services that are running on the target network. Another opportunity for exploitation is given by the running services of each system. While performing active information gathering, if we become careless, we might be caught by the IPS (intrusion detection system) or IDS (intrusion detection system).
The description of active information gathering is as follows, where the target is directly probed by the client.

Methods of Information Gathering

 

Methods of Information Gathering

There are the following three methods of information gathering:

1. Footprinting
2. Scanning
3. Enumeration

Footprinting

In this technique, the information of a target network or system, or the victim is collected as much as possible. Footprinting provides various ways to intrude on the system of an organization. The security posture of the target is also determined by this technique. It can be active as well as passive. In Passive footprinting, the information of any user is collected without knowing him. If the user's sensitive information gets released intentionally and consciously or by direct contact with the owner, active footprinting will be created.

Footprinting techniques are three types. These are as follows:

• Open source footprinting
• Network-based footprinting
• DNS interrogation

Open source footprinting

Open-source footprinting is the safest footprinting. The limitation of footprinting is illegal. It is illegal; that's why hackers can do open-source footprinting without fear. Examples of open source footprinting include DOB, phone number, search for the age, finding someone's email address, using an automation tool to scan the IP, etc. Most companies provide information on their official websites related to their company. Hackers will use the information provided by the company and take benefit from them.

Network-based Footprinting

Network-based footprinting is used to retrieve information like network service, information name within a group, user name, shared data among individuals, etc.

DNS interrogation

After gathering all the required information on various areas using different techniques, the hacker uses the pre-existing tools to query the DNS. DNS interrogation is performed by many freeware online tools.

Objectives of Footprinting

Network Information collection: Footprinting is used to collect information about the network protocol used, authentication mechanism, internal domain name, domain name, existing VPNs, system enumeration, digital and analog telephone number, the IP address of the reachable system, etc.

System information collection: Footprinting is used to collect information about the system like group names and users, routing protocol, routing table, operating system used, system banners, SNMP information, remote system type, system architecture, username, and passwords.

Organization information collection: Footprinting is used to collect information about an organization like employee details, local details, security policies implemented, company directory, address and phone numbers, organization's website, organization's web server links comments in HTML source code, news articles, and press releases.

Scanning

Another essential step of footprinting is scanning, which contains a package of techniques and procedures. In the network, hosts, ports,  and various services are identified by it. It is one of the components of the information-gathering mechanism and intelligence-gathering, which is used by an attacker to create an overview scenario of the target. To find out the possibility of network security attacks, pen-testers use vulnerability scanning. Due to this technique, hackers can find vulnerabilities like weak authentication, unnecessary services, missing patches, and weak encryption algorithms. So an ethical hacker and pen-tester provide the list of all vulnerabilities they found in an organization's network.

There are three types of scanning

• Port scanning
• Network scanning
• Vulnerability scanning

Port scanning

Hackers and penetration testers use this conventional technique to search for open doors so that hackers can access the system of any organization. Hackers need to identify the live hosts, the topology of the target organization, the firewall installed, different devices that are attached to the system, the operating system used, etc., during this scan. Once the hacker fetches the IP address of the victim organization by scanning ports of UDP (user datagram protocol) and TCP (transmission control protocol), they map the organization's network under his grab. Port scanning is performed by the Amap tool.

Network scanning

You should understand the process of 3-way TCP/IP handshaking before learning the vulnerability scanning techniques. Handshaking is the automated process in which communication between two entities is set using some protocols. To provide handshaking between the server and client, two protocols, TCP and IP, are used. A synchronized packet sends by the client to establish a connection. The server listens to the packet and responds to the client with a syn/ack packet. The client again responds by sending the ack packet to the server. The initialized connection between the server and client in packets is denoted by SYN (synchronization). The establishment of a connection between hosts is denoted by ACK.

There are various scans used by scanning techniques, which are as follows:

SYNScan: The three-way handshaking technique of TCP is not completed by an SYN scan or stealth. An SYN packet is sent by the hacker to the target, and if the hacker receives back the SYN/ACK frame, the connection would be completed by the target, and the port can listen to anything. If the target retrieves the RST, it will assume that the ports are not activated or closed. Some IDS system logs this as connection attempts or an attack that why an SYN stealth scan is advantageous.

XMASScan: This scan is used to send the packet containing PSH, FIN, and URG flags. The target will not provide any response if the port is open. But an RST/ACK packet is responded to by the target if the port is closed.

FINScan: XMAS scan and FIN scan are almost the same except that it does not send a packet with PSH and URG flags; it only sends packets with a FIN flag. The response and the limitations of the FIN scan are the same as the XMAS scan.

IDLEScan: This scan determines the sequence number of the IP header and port scan response and sends the SYN packet to the target using the spoofed/hoax IP. Whether the port is open or not depends upon the response of the scan.

Inverse TCP Flag scan: In this scan, the TCP probe packet with no flags or TCP flags sent by the attacker. If the target does not provide any response, it means the port is open. If the RST packet is responded to by the target, it means the port is closed.

ACK Flag Probe Scan: In this scan, TCP probe packets are sent by the attacker where the ACK flag is set to a remote device, analyzing the header information. The port is open or not signified by the RST packet. This scan also checks the filtering system of the victim or target.

Vulnerability scanning

Vulnerability scanning is a proactive identification of Vulnerabilities on the target network. Using some automatic scanning tools and some manual support, vulnerabilities, and threats can be identified. To provide vulnerability scanning, the computer should have an internet connection.

The ports and network can be scanned by the following tools:

Nmap: It is used to extract information like operating system, packet filters or firewall type, live host on the network, and version of the operating system.

Angry IP scanner: It is used to scan for systems available within the given range of input.

Hping2/Hping3: They are network scanning tools and command-line packet crafting. TCP/IP protocols use them.

Superscan: Macfee, which is a TCP port scanner, develops this powerful tool. A super scan is used for pinging.

ZenMap: ZenMap is a very powerful GUI tool. It is used to detect port scanning, ping sweep, OS type, version of OS, etc.

Net Scan Tool: It contains different types of tools. It is used to perform web rippers, flooding, mass emailers, and port scan. This tool is available as a trial version, but it also has a paid version.

The objective of Network Scanning

• Network scanning is used to find the open ports, live hosts, and IP addresses of the target.
• Network scanning is used to find the services which are running on the computer of a target.
• Network scanning is used to find the system architecture and operating system of the victim.
• Network scanning is used to find and deal with vulnerabilities.

Enumeration

Enumeration is the process in which information is extracted from the system like machine names, user names, network resources, shares,,, and services. In enumeration, an active connection is established with the system by the hacker. Hackers use this connection and gain more target information by performing direct queries. If the attacker wants to directly exploit the system, the outcome of the enumeration phase is very useful for them. That's why, in penetration testing, the enumeration phase is considered risky.

There are various types of enumeration. These are as follows:

NetBIOS Enumeration: NetBIOS means Network Basic Input Output System. It is developed by IBM. If you want to enumerate NetBIOS on Windows OS, the printer and file server should be enabled. Using NetBIOS, an attacker can perform a DOS attack on a remote machine.

SNMP Enumeration: SNMP means Simple Network Management Protocol. If the network device is run on Internet Protocol (IP) like a router, SNMP will be used for managing the device. It is based on the client-server architecture. Every network device has the SNMP client or agent, and using the request and response; it communicates with the SNMP managing station. Agent software can access the SNMP request and response, which are configurable variables. Using the SNMP enumeration, an attacker can get information on network resources like devices, shares, routers, etc. An attacker can get device-specific information, traffic statistics, and ARP and Routing table by enumerating the SNMP on the remote device.

LDAP Enumeration: LDAP means Light Weight Directory Access Protocol. It is based on the client-server architecture. The distributed directory services can be accessed by LDAP. A directory service is used for storing users' records, and it is a logical and hierarchical structure. Using the BER (Basic Encoding Rules), the information transmits between the server and the client. The LDAP transmits over TCP (Transmission control protocol). If the server has an anonymous remote query, LDAP supports it. Using the query, the sensitive information of users like contact details, address, user name, department details, etc., can be accessed.

NTP Enumeration: NTP means Network time protocol. Clocks of network computers are synchronized by the NTP. If NTP is in ideal condition, it can achieve 200 milliseconds of accuracy in the local area network. It is based on agent-server architecture. It works on port 123 and UDP (user datagram protocol). The NTP server is queried by the NTP agent. If the attacker queries the NTP server, they can enumerate the host's list, which is connected to the server of NTP. They can also enumerate the operating system, hostname,,, and IP address of the internal clients.

SMTP Enumeration: SMTP means Simple Mail Transfer protocol. It is used to transmit electronic mail. It is based on the client-server architecture. It works on port number 25 and TCP (Transmission control protocol). To send the mail through DNS, it will use the MX server (Mail exchange server). The following built-in commands are given by SMTP:

VERY: In the SMTP server, this command validates the users.

EXPN: It is used to identify the list of mail and deliver the address of aliases.

RECT TO: It is used to define the message's recipients.

The response of the SMTP server towards the above command is different. Because of the varied response of SMTP, SMTP enumeration is possible. Using the same technique, an attacker can find a valid user on the server of SMTP.

DNS Enumeration: DNS means Domain name service. DNS is used to store the record using the DNS database. In DNS, the most commonly used types of records are as follows:

• Domain name aliases
• IP Address
• Nameservers
• Start of authority
• Pointers for reverse DNS lookups
• Mail exchange

DNS works on TCP (Transmission control protocol) as well as UDP (User datagram protocol). It uses port number 53. In DNS, TCP is used for zone transfer, and UDP is used for resolving queries. The database's position can be replicated from the primary server to the secondary server using the DNS zone transfer. DNS enumeration is possible when the DNS primary server is requested by the zone transfer and pretends like a client. In response to the request, it reveals sensitive information related to domain records.

Windows Enumeration: Windows Os and Sysinternals tools can be enumerated together. You can download the many more Sysinternals tools using the URL https://technet.microsoft.com/en-in/sysinternals/bb545021.aspx.

LINUX/UNIX Enumeration: Linux or Unix OS and Multiple command-line utilities can be enumerated together. The utilities are provided by the operating system.

Vulnerability Assessment vs Penetration Testing

 

Vulnerability Assessment

Vulnerability assessment is used to find out the Vulnerabilities in the target network. By using some automatic scanning tools and some manual support, vulnerabilities, and threats can be identified. The tool will categorize these vulnerabilities. When the vulnerabilities are classified, the security professional prioritizes these vulnerabilities, and they decide which vulnerability will path first. They will decide whether they should reduce the risk level, or they should remove the weaknesses. In the market, there are a lot of good tools. A vulnerability scan with proper scoping can find out a lot about an environment, including common weaknesses in applications, unapplied patches, gaps in network control, and vulnerabilities in software versions. Using the vulnerability scanning tool, the security team can provide recommendations on how the vulnerabilities can be exactly remediated with configuration changes, patch management, or hardening security infrastructure.

Vulnerability Assessment Process

• Automated discovery of all assets is completed by the vulnerability scanner within our environment.
• In the infrastructure, network, and application, various vulnerabilities are searched and identified.
• The vulnerabilities are identified according to risk and priority.
• Vulnerabilities are remediated by its security professional with configuration changes, patch management, or hardening of security infrastructure.

Penetration testing

Penetration testing is used to find out the Vulnerabilities of a particular network. Penetration testing determines whether a vulnerability is genuine or not. The vulnerability will be considered genuine and reflected on the report if a penetration tester exploits a potentially vulnerable spot. If they are unavailable to find the spot, the report will show unexploitable theoretical vulnerabilities. If we exploit theoretical vulnerabilities, it will lead to Dos. It means it threatens the network, so exploiting theoretical vulnerabilities is not a good idea. A penetration tester tries to harm a customer's network by installing malicious software on the customer's computer or taking down the server, or getting unauthorized access to the customer's system. This step does not include in the vulnerability assessment.

Penetration testing process

• Gathering the open-source intelligence
• Scanning and discovering
• Identify the vulnerabilities
• Attack phase
• Risk analysis
• Send report

Differences between Vulnerability Assessment and Penetration Testing

Vulnerability scanning and penetration testing are different from each other. Penetration testing can exploit the vulnerabilities while a vulnerability scan identifies the rank of vulnerability and report it. The differences between Vulnerability assessment and penetration testing are as follows:

Breadth vs. Depth

Vulnerability coverage (breadth and depth) is the main difference between penetration testing and vulnerability assessment.

Vulnerability assessment detects security weaknesses as many as possible. It is the breadth-over-depth approach. To maintain the security status of the network, security should be regularly employed; especially when ports are opened, new services are added, and new equipment is installed.

Penetration testing is used when the customer asserts that the security defense of their network is strong, but they want to check whether they are hack-proof. It is the depth-over-breadth approach.

The automation degree

Vulnerability assessment allows a wider coverage of vulnerability. It is usually automated.

Penetration testing helps to dig deeper into the weakness. It is a combination of manual and automated techniques.

Choice of professional

In the vulnerability assessment, automated testing does not require high skills. Security department members can also perform it. However, the security employees of a company may find some vulnerabilities, but they can't include them in the report. So the vulnerability assessment vendor of the third party has more information.

To perform penetration testing, we require a high level of expertise. A service provider of penetration testing always outsources it.

Choice of Vendors

The penetration testing and vulnerability assessment differences show that both security testing is expert to guard the security of a network.

Vulnerability assessment is used to maintain security.

Penetration testing discovers the weakness of security.

To take advantage of penetration testing and vulnerability assessment is possible only if you hire a high-quality vendor who can understand pen tests and vulnerability assessments. But most importantly, the vendor should have the ability to translate the difference between vulnerability assessment and pen test to the customer.

Routers and Firewall

 The routers are used to transmit the data packets between different networks. These are the hardware devices, which are placed at gateways of two connected networks. For example, if we want to connect our LAN to our ISP, we can use the router. Using the router, we can connect our network with the internet.

Working of Routers

A router checks the IP address of the source and destination of each packet. After that, it will go to the routing table, which provides directions to transfer the data to the destination of a particular network and check the destination of the packet. Then it will route the packet to another router. This process will stop when the destination IP is reached and responded back. If we have many ways to go to the IP address of the destination, the router will select the most economical way. If the list of routing table does not contain the packet's destination IP address, the default router will get the packet. If the packet has no destination, the packet will be dropped.

Most routers have different ports so that they can connect the different devices to the internet simultaneously. The router uses the routing table to find out where the traffic is coming and where to send the data. Generally, ISP (Internet service provider) provides the router. The ISP assigns our router's IP address, and that IP address is the public IP address. Whenever we use the internet on our device, we are identified in the world using the public IP address. Routers keep our private IP addresses protected. Our laptop, TV media box, desktop, and network copier have different private IP addresses. If they don't have a different private IP address, the router will be unable to recognize the requesting device.

Importance of Router

The following are some importance of router:

• Ethernet is the most commonly used network. Apart from that, we have many other networks like the Token ring and ATM. The network uses different methods to encapsulate the data or packets so that the data cannot directly communicate. Routers translate these packets, which are coming from different networks so that the packets can understand each other.
• A broadcast storm is prevented by the routers. If we don't have a router, the broadcast will go to every device's every port and be processed by every device. If we have a large amount of broadcasts in the whole network, chaos can occur. A router sub-divides the network into more than one smaller network, and all that networks are connected by the router. A router would not allow the broadcast to flow between subnets.

Security features of Routers

The following are some security feature of the router:

• We can prevent unauthorized access using password-protected networks.
• The malware attack risk can be removed by the secured routers.
• Secured routers are used to protect sensitive data.
• Additional protection against DoS can be provided by the sophisticated routers.

Firewall

In the event of an emergency, the firewall is used as a wall to block the fires. A network firewall is used to set a barrier between the internet and LAN (local area network). The purpose of a network firewall is to protect our private LAN. It is used to save our important data from leaking out. Without the firewall capability, the routers will blindly pass traffic between two different networks. A firewall is used to monitor the traffic and block the traffic, which is not authorized to go out. A network firewall separates the internet and the LAN. In the LAN, it also segments the ordinary data and the important data. Due to this, the internal invasion can be avoided. You will determine the amount of threats that are blocked by your firewall. By blocking, firewall prevents your private network from outside users. You need to create a Demilitarized Zone (DMZ) if you allow remote access from others to your network. Most of the firewall provided the DMZ option. It will designate a directory on the computer of a gateway, just like Demilitarized Zone. Virus protected is offered by some firewalls. It is recommended for every computer to install the anti-virus.

Working of Network Firewall

Some hardware firewalls allow you to define the blocking rules like UDP (User diagram protocol) or TCP (transmission control protocol) or by IP address. This helps you to forbidden the IP address and unwanted ports. Software applications and services define some other type of firewall. Such firewall acts like a proxy server, which is used to interconnect the two separate networks. The combination of a software firewall and a hardware firewall is more efficient and safer.

Importance of Firewall

• Using the firewall, you can protect your home computer. To protect your network, you should use a hardware firewall if you have more than one computer. You should follow the policy of the network administrator if you are using a public computer.
• A firewall is designed to protect the organization from cyber-attacks. Many internal programs that have potentially exploitable can be protected by firewall from danger by limiting the traffic that crosses the boundary of the network, which is available only for authorized traffic.
• A firewall provides you a clear boundary between the outside and inside of your network. Firewall solution provides filtering, ensuring that the users inside your network can access the external services easily. It also prevents your internal computers from getting the connection from external computers until they meet specific access requirements.

Security features of the firewall

• A hardware firewall is used to detect suspicious traffic.
• Using the hardware firewall, the data packets, which seem suspicious, can be blocked.
• Using the analyze content of the NGFW firewall, the leakage of data can be detected.
• A firewall provides a secure network so that multiple persons can interact, for example, online video games.
• A firewall is used to protect your private information like online banking credentials, social security numbers.

Penetration testing

 Penetration testing can exploit the vulnerabilities while a vulnerability scan identifies the rank of vulnerability and report it. Penetration testing is a protective and unauthorized effect of hacking into the computer system to find vulnerabilities from various viewpoints. The white hat hackers perform penetration testing. Penetration testing is of two types, External and Internal. An External penetration test is used to test the effectiveness of a security system to detect and prevent attacks. It also finds the weaknesses in internal-facing assets like websites, email, and file shares. Internal penetration tests always assume that you have internal network access. If you are worried that an employee of your organization could access unauthorized data, an internal pen test can provide valuable insight. Suppose an employee of your organization opens an attachment with a phishing email or your site's visitor access the information that he is not authorized to view by plugging their device into your local network. In that case, this test will provide you the amount of damage an intruder does.

Need for Penetration Testing

• The goal of amateur or professional hackers is to steal the sensitive data of your organization. They may be wanted to destroy your company, or they may be after the money. Your company's reputation can be negatively affected by one single incident of system downtime. Your customer or business partner will think twice about their relationship security with your organization.
• To secure your system, regularly updating your password and window firewall is not enough. Highly skilled hackers can easily access your computer system. They can get any information they want without even knowing you.
• Any organization, corporation, or company that depends on IT should have to regularly test the security of their system. To prevent your company from illegal hacking or the negative effect of system downtime, you also have to update your security features.

Benefits of Penetration testing

There are various benefits of penetration testing, which are as follows:

Reveal Vulnerabilities

The main purpose of penetration testing is to find out the weaknesses of your computer system and network infrastructure. While penetration testing, the actions, and habits of employees of your organization will also be researched so that it could lead us to data breaches and malicious infiltration. Penetration tester provides you a report about the security vulnerabilities. After that, you know about the software and hardware that need to improve or about the policies and recommendations that need to improve for the overall security of your organization.

Show Real risks

Penetration testers will try to exploit identified vulnerabilities. That means you can see the action of the attacker in the real world. The attacker might execute the command of your operating system and access the sensitive data of your system. An attacker might face the difficulty of exploitation, so penetration testing will also tell you that vulnerability is not as risky as telling theoretically. A specialist can only perform that type of analysis.

Test Cyber-Defence Capability

While penetration testing, you should find the attacks and respond adequately on time. When an intrusion is detected, you should begin investigating the intruders, and discover and block them. We will block them, whether the intruders are malicious or not. Experts test the effectiveness of your protection strategy.

Ensure Business Continuity

You have to ensure that your company operations are up and running all the time. For this, you want the availability of the network, 24/7 communication, and resource access. Any disruption in your company will make a negative impact on customers or business partners. When we do penetration testing, it will reveal your potential threats. It will also ensure that there is no unexpected downtime or accessibility loss in your operations.

Third-Party opinion

If someone identifies an issue in your organization, your management may not be inclined to act or react. The management faces a bigger impact by the report, which is made by a third party expects. This report may lead to the allocation of additional funds.

Follow certification

A certain level of penetration testing is required in your industry and legal compliance. According to the PCI regulation and ISO 27001 standards, the regular security review and penetration testing are conducted by the manager and system owner with skilled testers. That's why the pen test focuses on the consequences of real life.

Maintain Trust

A system breakdown or cyber-attack negatively affects the loyalty of your business partners and customers. You can reassure all your partners if your company is famous for its penetration testing, and systematic and strict security.

Password Cracking

Password cracking is the most enjoyable hack for bad guys. It increases the sense of exploration and is useful in figuring out the password. Password cracking may not have a burning desire to hack the password of everyone. The actual password of the user is not stored in the well-designed password-based authentication system. Due to this, the hacker can easily access to user's account on the system. Instead of a password, a password hash is stored by the authentication system. The hash function is a one-way design. It means it is difficult for a hacker to find the input that produces a given output. The comparison of the real password and the comparison of two password hashes are almost good. The hash function compares the stored password and the hash password provided by the user. In the password-cracking process, we extract the password from an associated password hash. Using the following ways, we can accomplish it:

Dictionary attack: Most of the users use common and weak passwords. A hacker can quickly learn about a lot of passwords if we add a few punctuations like substituting $ for S and taking a list of words.

Brute-force guessing attack: A given length has so many potential passwords. If you use a brute-force attack, it will guarantee that a hacker will eventually crack the password.

Hybrid Attack: It is a combination of a Dictionary attack and Brute force attack techniques. This attack first tries to crack the password using the dictionary attack. If it is unsuccessful in cracking the password, it will use a brute-force attack.

How to create a strong password

There are 12 tools for password cracking. These tools use different password-cracking algorithms to crack the password. Most tools for password cracking are free. So you should maintain a strong password. The following tips are important while creating the password:

• The most important factor is password length. The Length of a password increases the complexity of password-guessing brute force attacks. The password can be cracked in a minute if it is made by random 7 characters. If the password is 10 characters, it takes more time as compared to 7 characters.
• The brute force password guessing will become more difficult if the user uses a variety of characters. Due to this, the hackers have to try various options for each password's character. Special characters and incorporate numbers also increase the difficulty for the hacker.
• In the credential stuffing attack, the hacker uses the stolen password from one online account to the other accounts. So it would be best to use a unique, random, and long password for all your online accounts.

What to avoid for a strong password

Cybercriminal or hacker knows all the clever tricks that users use while creating their passwords. Some common avoidable password mistakes are as follows:

Dictionary word: Using the dictionary attacks, every word in the dictionary is tested in seconds.

Personal information: The dictionary words are birthplace, relative's name, birthdate, favorite name, pet's name, your name, and so on. If they are not, various tools in the market grab the information of the users from social media and build a wordlist for the hackers.

Patterns: Most commonly used passwords are asdfgh, qwerty, 123457678, 1111111, and so on. Every password cracker has these passwords on their list.

Character Substitution: The well-known character substitutions are $ for S and 4 for A. These substitutions are automatically tested by dictionary attacks.

Number and special character: Most people use a special character and number at the end of the password. The password cracker developer uses these patterns.

Common passwords: Some companies like Splashdata publish a list every year which contains the most commonly used passwords. Just like the attacker, they crack the breached password and create these lists. While creating the password, you should never use these lists.

Random password: You should maintain your online account password as unique, random, and long. To store the password for online accounts, you should use the password manager.

Miscellaneous Hackers

 

We defined the well-known hackers in the Types of hacker files. In this section, according to the working of hackers, hackers are also divided into different categories. These are as follows:

1. Red hat hackers
2. Script Kiddies
3. Blue hat hackers
4. Green hat hackers
5. Elite hackers
6. State-sponsored hackers
7. Neophyte hackers
8. Hacktivist

7. Neophyte hackers
8. Hacktivist

Red hat hackers

The Red hat hackers are a mixture of the white hat hackers and black hat hackers. Red hat hackers are also called eagle-eyed hackers. They usually hack sensitive information like government agencies' information, information on the top-secret hub, etc. The main purpose of the red hat hacker is to halt the black hat hackers.

Script Kiddies

In hacking, these people are the most dangerous. This type of hacker usually doesn't care about hacking. They are unskilled people. They will never hack anything for themselves. They use the available download tools or scripts, which are provided by other hackers for hacking. They copy code and use it as a virus or something else. They normally attack networks and computer systems. To do this, they only want to impress society and their friends. Script kiddies download Metasploit or LOIC, which are overused software.

Blue hat hackers

Blue hat hacker is much like script kiddies. In the hacking field, blue hat hackers are beginners. The hacker will become the blue hat hacker if the script kiddies want to take revenge. If any people challenge the blue hat hacker and make him angry, he will play back to the people. They have no learning desire, just like the script kiddies.

Green hat hackers

Like the script kiddies, green hat hackers are also amateurs in the hacking world, but green hat hackers care about hacking. They want to learn the hacking and attempt to become full-blown hackers. Green hat hackers are inspired by hackers and ask them many basic questions. When hacker answered their questions, they will listen with intent and curiosity.

Elite hackers

Elite hackers are considered "cutting-edge geniuses" in the computer and network industry. In the field of hacking, elite hackers are experts and innovators. The community identifies elite hackers. They are the individual who is expert in their work.

State-Sponsored Hackers

These types of hackers are appointed by the government. To avoid any danger to the country, they provide Cybersecurity. To say the top, they gain other countries' confidential information. State-sponsored hackers are highly paid.

Neophyte hackers

Neophyte hackers are new to hacking. In the field of technology and hacking, they have no knowledge or experience.

Hacktivist

Hacktivist is a hacker or a group of hackers. They are also known as activist online versions; They use technology to announce political, ideological, social, and religious messages. They gain access to the network and the government's computer for further political and social ends.

Importance of Ethical hacking

 

Hacking is important for several purposes. Consider the below points:

• In the existing industry, there are many jobs for ethical hacking. In the organization, to test the security systems, ethical hacking is really useful. Ethical hacking ensures that all the systems are secure and not vulnerable to black hat hackers. These days, there are a lot of hacking attacks. That's why the demand for ethical hackers is huge.
• We hear that attackers are hacking big companies and big systems. Some time ago, a hacker hacked the Uber website. Due to this, the important information of around 50 million users was exposed. Many big companies like Google, Yahoo, Instagram, Facebook, and Uber, they hire hackers. The hackers try to hack their systems. After hacking the system, they tell all the places where they found the weakness so that the company can fix it. Many companies also perform bug bounty programs. In this program, all the hackers around the world try to hack the website or web of that company. If the hacker finds any bug, the company will pay them a reward for the bug.
• Ethical hacking is used to secure important data from enemies. It works as a safeguard of your computer from blackmail by people who want to exploit the vulnerability. Using ethical hacking, a company or organization can find out security vulnerabilities and risks.
• Governments use State-sponsored hacking to prevent intelligence information about influence politics, an enemy state, etc. Ethical hacking can ensure the safety of the nation by preventing cyber-terrorism and terrorist attacks.
• Hackers can think from an attacker's perspective and find potential entry points and fix them before any attacks.
• Ethical hacking helps us learn new skills used in many roles like software developer, risk management, quality assurance tester, and network defender.
• In a company, trained ethical hackers are the main strength. To ensure the functions of software aptly, ethical hackers can apply quick security tests under extreme and standard conditions.
• Ethical hackers develop many tools and methods and quality assurance testers to eliminate all the system's vulnerabilities.
• In an organization, ethical hacking can identify the weakness of your software security. Using the hacker's perspective, you can look at your security and fix any anomalies before making a problem in the company's success.

Hacking Process

The hacking process has five phases. These are as follows:

1. Reconnaissance
2. Scanning
3. Access
4. Maintaining access
5. Clearing tracks

Reconnaissance

The reconnaissance phase is the first phase of the hacking process. This phase is also known as information gathering and footprinting. This phase is very time-consuming. In this phase, we observe and gather all the networks and servers that belong to an organization. We will learn everything about the organization like internet searching, social engineering, non-intrusive network scanning, etc. Depending on the target, the Reconnaissance phase can last days, weeks, or months. The main purpose of this phase is to learn about the potential target as much as possible. We normally collect information about three groups, which are as follows:

• People Involved
• Host
• Network

Footprinting is of two types:

1. Active: Inactive reconnaissance, we directly interact with the target to get the information. To scan the target, we can use the Nmap tool.
2. Passive: In passive reconnaissance, we indirectly collect information about the target. We can get information about the target from public websites, social media, etc.

Scanning

After gathering all the target organization's information, the exploitable vulnerabilities are scanned by the hacker in the network. In this scan, the hacker will look for weaknesses like outdated applications, open services, open ports, and the equipment types used on the network.

The scanning is of three types:

Port scanning: In this phase, we scan the target to get information like live systems, open ports, and various systems that are running on the host.

Vulnerability scanning: In this phase, we check the target for weaknesses that can be exploited. This scan can be done using automatic tools.

Network Mapping: In this, we draw a network diagram of available information by finding the routers, the topology of the network, firewall servers, and host information. In the hacking process, this map may serve as an important piece of information.

Gaining access

In this phase, the hacker gains access to sensitive data using the previous phase's knowledge. The hackers use this data and the network to attack other targets. In this phase, the attackers have some control over other devices. An attacker can use various techniques like brute-forcing to gain access to the system.

Maintaining access

In this phase, to maintain access to devices, hackers have various options, like creating a backdoor. A persistent attack on the network can be maintained by the hacker using the backdoor. Without fear of losing access to the device, the hacker can perform an attack on the device they have gained control of. The backdoors are noisy. The chances of a hacker being discovered when a backdoor is created. The backdoor leaves a larger footprint for the IDS (intrusion detection system). Using the backdoor, a hacker can access the system at any time in the future.

Clearing Tracks

An ethical hacker will never want to leave a track of the activities while hacking. So all the files which are related to the attack, he has to remove it. The clearing tracks phase's main purpose is to remove all traces through which no one can find him.

What Problem Hacking Identify

Hacking Identifies the following problems:

• Ethics is different from individual to individual. Ethics are just a matter of intention and interpretation of hackers and what they are trying to activate. In a few different ways, we can perceive ethical hacking. For some users, it's a noble and great pursuit. It provides a way for us to understand how a hacker thinks and attacks. This knowledge provides a big advantage in protecting the system from an attack.
• In a company, confidential information can disclose by the ethical hacker to the other parties. The disclosure of information can be intentionally or unintentional by the hacker.
• The white hat hackers are in the majority. Sometimes ethical hackers use some methods, and due to this, they could be considered grey hat hackers in the application. A hacker needs to get written permission which it is clearly defined what we can and cannot do at the time working on a network.
• In 1986, an act called Computer Fraud and Abuse was passed. This act says that accessing a Computer without authentication and stealing financial/credit card information and private government information is illegal. The technological version of trespassing is breaking into a computer system. A hacker should say that there would be no harm to the computer system when they break into the computer system. Persons expect privacy. When that privacy is broken, a person loses their priceless information, even if it seems intangible. Many people don't know about the different types of hackers like grey hat hackers, black hat hackers, and white hat hackers. People suppose that all hackers are not to be trusted and malicious. An ethical hacker should come with stigmatization. Due to the lack of this type of knowledge, some people have fear and uncertainty about ethical hackers. An unknown often drives this fear, and that unknown is the extent of the capabilities of an ethical hacker.
• We know that privacy is priceless. The individual is seen to be a potential threat that can take privacy away. That is why an ethical hacker needs to maintain a high ethical standard. There are some complicated ethical hacking situations, and that situation an ethical hacker may be faced sometimes. For example, it is very common on the workplace computer to find illegally pirated material like games, movies, and music. The individual should inform the management about the misuse of company computers and network resources, but it depends on whether the individual will inform or not. That would be an ethical decision made by a person working on that user's device. In that scenario, a twist occurs when the network security individual finds child pornography on the workplace computer. In that situation, the individual must immediately report it to management and law enforcement. If an individual fails to report it to law enforcement, due to this, the person who found it liable for criminal prosecution may leave. In the network, an ethical hacker may have a complex role. The hacker will be fine until they have a strong ethical standard.
• According to Sun Tzu, we don't need to fear the result of any hundred battles until we know ourselves and our enemy. We will defeat every victory we gained if we know ourselves but don't know about the enemy. In every battle, we will succumb if we know neither ourselves nor the enemy.