The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Published by Enhelion, 2019-12-02 15:13:16

Mod 3 (Part I)

Mod 3 (Part I)

Ethical Hacking Methodologies
There are number of steps that need to be followed to plan and implement a penetration testing
project or ethical hacking project. Below is the summary of the steps that are involved in ethical

Information Gathering / Reconnaissance


Gaining Access

Maintaining Access

Clearing Tracks


This is a First step in Penetration testing as well as in Ethical Hacking. The point is to gather as
much as information about the Target Company, Network infrastructure or personnel as possible.

Two types of information gathering techniques exist, and they are:


ACTIVE Reconnaissance means to be physically and gather information like (Calling, talking,
visiting, etc.)

At this stage Hackers uses more intrusive methods to gather information and actively touches
target site and networks as a normal user. It does not involve a hacking system but may involve
personal contact and site visits.

Some Tools and Methods:

i) Banner Grabbing – an ethical hacker could connect to the device using Telnet or
SSH to identify what it is.

ii) Mail Bouncing – send an email to wrong email address to check the Bounce
message and identify the mail servers.

iii) DNS Zone Transfer – To get a list of all the available servers and host
iv) View company’s public website source code and directory structure – To identify

the type of possible CMS they are using.
v) Social Engineering – e.g. Find out where Sys-admin goes after work and go with

him, socialize and make friend and get the information out of him!
vi) Shoulder Surfing – Stand on someone’s Shoulder, watch and gather information

like password, codes, etc.
vii) Dumpster Diving – This is mainly done by local people who steal information
viii) Piggy Backing/Site Visits – E.g. Following People visiting sites and bypassing


Reconnaissance techniques are, hence, use to gain important intel about an organisation and its
internal structure and network.

PASSIVE Reconnaissance means to find information through websites, social media, job
advertisement, etc.)

This step is used to gather information about a company, network or other large with using any
intrusive means. It is very difficult to detect and defend against by the target company. Most of
this information is publicly available to everyone who can access the web, newspapers,
advertisements, brochures, etc.

You can use resources like company websites, exchange commission, literature, job site posting,
partner sites, etc. to gather information. The information can include the name of company officers,
addresses of major locations, such as data centres, partner network and connections. The type of
systems used, IP address space, domain names, telephone numbers, email addresses of the
company, email addresses of the employees, etc. can also be found using these sources.

WHOIS and other tools can also be used for gathering information, such as name of administrator,
IP address space, location, email addresses, phone numbers, etc. Other tools include Sam spade
and many web-based tools are also available. One popular tool is maltego on Kali Linux.

Click to View FlipBook Version