Abstract
An ethical hacker follows processes similar to those of a malicious hacker.Ethical Hacking is a process to probe for vulnerability and providing proof of concept (POC) attacks to visualize the vulnerabilities present in the system. The experimentation for hacking is performed by using five phases of hacking using the available resources in Jeman Educational Systems. Reconnaissance (Information Gathering): In this phase, ethical hackers gather information about the target system or organization. The experimentation for information gathering is performed using commands and the tools like Whoami, Path, Systeminfo, Task list, Ver, vol, IPconfig, Ping, Hostname, Nbtstat, Netstat, NSLookup, Traceroot, Net view, net user, net local group, Netconfig and the like. and tools like WHOIS, DNS queries, search engines, and social engineering techniques are used to collect data such as IP addresses, domain names, email addresses, employee information, and system configurations, operation systems information. Software Tools used for tracking IP Location are Tool Zone Edit, Neo Trace Tool and WhatIsMyIPAddress Tool.The Foot printing is obtained by Google Digging, Scanning experimentation is performed using NMAP TOOL
Scanning (Enumeration and Vulnerability Assessment): Ethical hackers use various scanning tools and techniques to identify potential entry points, open ports, services running on target systems, and vulnerabilities. Network scanning tools like Nmap, vulnerability scanners like Nessus, and web application scanners like OWASP Zap are commonly used in this phase. The scanning is performed using NMAP tool. Enumeration is performed using NetBIOS over TCP/IP and enumerated remote systems using Instant messaging software And Email header and Netstat.
Gaining Access (Exploitation): In this phase, ethical hackers attempt to exploit the identified vulnerabilities to gain unauthorized access. They may use techniques like password cracking, privilege escalation, buffer overflow, or web application attacks. Tools such as Metasploit, Burp Suite, or custom scripts are often utilized to automate the exploitation process. The meterpreter and web application attacks are used for gaining the access to web environment.
Maintaining Access (Post-exploitation): Once access is gained, ethical hackers aim to maintain persistence within the target system. This involves creating backdoors, installing rootkits, or setting up remote access mechanisms. Tools like Netcat, Meterpreter, or PowerShell Empire can assist in maintaining access. The experimentation uses Meterpreter. The experimentation for for Gaining access is performed using port and services, web application attacks and Attack By Using Kali Linux. And DOS Using Goodby Tool. Sql map is used to do attacks on databases.
Covering Tracks (Maintaining Anonymity): Ethical hackers need to ensure that their activities remain undetected. They may delete logs, modify timestamps, and remove traces of their presence. Tools like Timestomp, log cleaners, or network anonymizers (e.g., Tor) can aid in covering tracks.
Analysis and Reporting: After the completion of the ethical hacking exercise, a thorough analysis of the findings is conducted. Ethical hackers document their methodologies, vulnerabilities discovered, and potential impact in a detailed report. They also provide recommendations for remediation and improving the security posture. Thus the important question: Which techniques and tools are used by the hacker to perform the hacking experiment for each phase of hacking of computing assets of your network? Is answered by this hacking experimentation. But it is Endless….