VIDEO
HIGHLIGHT
Log InSign up
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Course | Edureka
SummaryTranscriptChat

What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Course | Edureka

Introduction to Hacking

This section introduces the concept of hacking and its evolution into a discipline for the computing community.

What is Hacking?

  • Hacking is the process of finding vulnerabilities in a system and using these found vulnerabilities to gain unauthorized access into the system to perform malicious activities.
  • Hacking can be legal if done with permission, as computer experts are often hired by companies to hack into their systems to find out vulnerabilities and weak endpoints so that they can be fixed.
  • Ethical hackers are people who hack into a system with permission without any malicious intent.

Types of Hackers

  • White hat hackers, also known as ethical hackers, hack into a system with prior permission to find out vulnerabilities so that they can be fixed before someone with malicious intents finds them.
  • Black hat hackers, also known as crackers, are those who hack in order to gain unauthorized access to a system and harm its operations or steal sensitive information.
  • Grey hat hackers are a blend of both black hat and white hat hackers. They act without malicious intent but for their own fun.
  • Suicide hackers work with the intent to bring down major corporations and infrastructure.

Types of Hacking

This section discusses different types of hacking based on what the hacker is trying to achieve.

Computer Hacking

  • The process of stealing computer ID and password by applying hacking methods and getting unauthorized access to a computer system.

Password Hacking

  • The process of recovering secret passwords from data that has been stored in or transmitted by a computer system.

Email Hacking

  • Gaining unauthorized access to an email account and using it without taking the consent of its owner for sending out spam links, third-party threats, and other such harmful activities.

Network Hacking

  • Gathering information about a network using tools like telnet, nslookup, ping tracer, or net start with the intent to harm.

Recognitions and Footprinting

In this section, the speaker discusses the six phases of ethical hacking, with a focus on recognitions and footprinting. The speaker explains what information is gathered during recognitions and how it is used to identify vulnerabilities in the target system.

Six Phases of Ethical Hacking

  • Recognitions: Gathering relevant information about the target system, including operating system, IP configurations, and open ports.
  • Scanning: Actively probing the target machine or network for vulnerabilities that can be exploited.
  • Gaining Access: Exploiting vulnerabilities located during scanning using various methods to enter the target system without raising any alarm.
  • Maintaining Access: Installing backdoors and payloads onto the target system to gain quicker access in the future.
  • Clearing Tracks: Deleting logs of all activities that take place during the hacking session (an unethical activity).
  • Reporting: Compiling a report with findings such as tools used, success rate, vulnerabilities found, and exploit processes.

Recognitions

Active vs Passive Recognitions

  • Active Recognitions: Directly interacting with the computer system to gain information. This method can be accurate but carries a risk of getting detected if done without permission.
  • Passive Recognitions: Gathering essential information without ever interacting with the target system.

Footprinting

  • Gathering as much information as possible to find ways to intrude into a target system or at least decide what kind of attack would be most effective.

Active Information Gathering

In this section, the speaker explains how an ethical hacker can collect information about a target system during the active information gathering phase. The speaker provides examples of information that can be collected such as domain name, IP address, employee information, phone numbers, emails and job.

Footprinting

  • Footprinting is the process of collecting basic and easily accessible information about any computer system or network that is linked to the Internet.
  • General footprinting can be done by anyone with access to the internet.
  • A user can extract basic information about any computer system or network that is linked to the internet.

Domain Name Information

  • Whois is a method of knowing the domain name specification.
  • By using Whois, one can find out all available information about a domain name such as its registered date, expiration date, last updated date and status.
  • One can also find out who it's registered under and where it's located.

Finding IP Address

  • To find out the public IP address of any web server, one can use ping command followed by the website URL.
  • An ethical hacker generally goes through this process to gather some initial information about a target system.

Finding Hosting Company

  • To find out hosting company details for a website or target system an ethical hacker uses sites like "IP to location" on Google search engine.
  • This site provides detailed information regarding ISP (Internet Service Provider), location and other important details related to hosting companies.

History of Website

  • Archive.org is used by ethical hackers to know more about history of websites or target systems they are going after.
  • It shows when archive.org has crawled through a website along with dates it has scrolled through.
  • It gives summary of host domain and TLD along with mime type summary which helps in deciding what kind of attack should be performed.

Nmap Tutorial

In this section, the speaker explains how to use Nmap as a tool to get a lot of information regarding any system.

Using Nmap

  • Nmap is a powerful tool that can be used for network exploration, management and security auditing.
  • It can be used to discover hosts and services on a computer network, thus creating a "map" of the network.
  • It can also be used to identify open ports, operating systems and software versions running on target systems.

Scanning Techniques

  • There are various scanning techniques available in Nmap such as TCP connect scan, SYN scan, UDP scan etc.
  • Each technique has its own advantages and disadvantages depending on the situation.

Output Formats

  • Nmap provides various output formats such as XML, grepable output etc.
  • These formats help in analyzing the results obtained from scans.

Conclusion

  • The speaker concludes by stating that ethical hacking is an important process that helps organizations identify vulnerabilities in their systems before they are exploited by malicious hackers.

Active and Passive Fingerprinting

In this section, the speaker explains the difference between active and passive fingerprinting. Active fingerprinting involves sending packets to a target machine and analyzing its response to determine the operating system. Passive fingerprinting is based on sniffer traces from the remote system.

Active Fingerprinting

  • Active fingerprinting involves sending specifically crafted packets to a target machine.
  • The analysis of the packet that is sent to the target system includes four things: TTL, window size, DF flag, and type of service (TOS).
  • The TTL (time to live) helps determine what operating system sets it in an outbound packet.
  • The window size helps determine which kind of OS is running on the server.
  • The DF flag (don't fragment bit) can help identify if a packet comes back fragmented or not.
  • Analyzing TOS gives more information about what operating system is being run on the target machine.

Passive Fingerprinting

  • Passive fingerprinting is based on sniffer traces from the remote system.
  • By analyzing different traces such as Wireshark of the packets, you can determine the operating system of the remote host.

Accuracy of Fingerprinting

In this section, the speaker discusses how accurate fingerprinting can be in determining an operating system.

  • Analyzing these factors of a packet may be able to determine the remote operating system but this method is not 100% accurate and mostly works better for some operating systems than others.

Conclusion

In this section, the speaker concludes by introducing future videos that will delve into tools used in ethical hacking like Metasploit and Nmap.

  • The speaker concludes the video by introducing future videos that will delve into tools used in ethical hacking like Metasploit and Nmap.
  • The audience is encouraged to subscribe to the channel for more videos.
Video description

🔥Certified Ethical Hacking Course - CEH v12 Training : https://www.edureka.co/ceh-ethical-hacking-certification-course 🔵 Edureka Cyber Security Masters Program: https://bit.ly/3pfHHIN This Edureka video on "What is Ethical Hacking" (Blog: https://bit.ly/2rmFo9p) will give you an introduction to Ethical Hacking. This is a beginners tutorial covering all the fundamentals of Ethical Hacking. Below are the topics covered in this video: 0:43 What is Ethical Hacking 1:41 Types of Hackers 3:20 Types of Hacking 4:39 Phases of Ethical Hacking 7:03 Reconnaissance 8:40 FootPrinting 13:47 FingerPrinting 🔵 CyberSecurity Certification Training : https://www.edureka.co/cybersecurity-certification-training 🔥Edureka CompTIA Security+ Certification Training: https://bit.ly/3nxeVRl #EthicalHacking #edureka #ForBeginners #CyberSecurity Do subscribe to our channel and hit the bell icon to never miss an update from us in the future: https://goo.gl/6ohpTV For more information, Please write back to us at sales@edureka.co or call us at IND: 9606058406 / US: 18338555775 (toll free). Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka