WHAT IS ETHICAL HACKING AND WHO ARE ETHICAL HACKERS?
Hacking is the act of getting into any computer network or gain any kind of unauthorized access to any network to harm the network or to steal the databases of that network.
And this Hacking is legal up to that point only that it is done to find the weakness in a computer (as Ethical Hackers do in Penetration Testing), network or any server only for testing purpose, and this type of hacking are known as ETHICAL HACKING and those who perform these tasks are known as ‘Ethical Hacker’ or ‘White Hat Hacker’
Ethical Hacking is a part of computing, Basically, Ethical Hacking is the act of breaching into any computer network and finding the loopholes and vulnerabilities in it before a bad hacker (BLACK HAT HACKERS) can find them and harm the system.
Ethical Hackers are the person who uses the same software and techniques as a malicious Hackers (Black Hat Hacker) do to find the loopholes in the network systems and servers. The Ethical Hackers, if we say in a simple way are the security professional or a penetration tester who use their skills and tools for a constructive purpose.
TYPES OF HACKERS
Hackers can be classified into different categories such as white hat, black hat, and grey hat, based on their intent of hacking a system.
· WHITE HAT HACKERS
These are the good guys, we call them as an Ethical Hacker or a Penetration Tester, who uses his/her Hacking skills and tools for a constructive purpose or they are someone who uses their security skills for protection rather than a compromise of computer systems. These are the hackers who hack into any system or a server with the proper permission of the owner of that network or server. The difference in the color of the hat is primarily in the use to which the skills are put, not necessarily in the skillset/mindset required.
· BLACK HAT HACKERS
Blackhat hackers also referred to as “crackers” are people who crack their way into computer systems for personal gain. These crackers get a kick out of breaking into other peoples’ personal property and misusing it.
These are people who hack without the permission of victim or website owner
. Either they do this for fun or for revenge. But mostly for money. They hack a website and ask its owner to pay them or they will destroy it.
· GREY HAT HACKERS
Grey Hat is someone that is a mixture of the two, Black and White. As an example, they might hack legally during the day, employed by a security firm to carry out penetration tests, but, at night they perform illegal
hacks where they don’t have permission. Hence, they have a Grey Hat as they do both illegal and legal work.
In short, a Grey Hat is the combination of Both White and Black Hat Hacker. He does Both white and Black hats jobs.
· RED HAT HACKERS
These are the vigilantes of the hacker world. They’re like White Hats in that they halt Black Hats, but these folks are downright SCARY to those who have ever tried so much as Pen Test. Instead of reporting the malicious hacker, they shut him/her down by uploading viruses, DoSing and accessing his/her computer to destroy it from the inside out. They leverage multiple aggressive methods that might force a cracker to need a new computer.
· BLUE HAT HACKERS
If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue Hat hackers will seek vengeance on those who’ve them angry. Like the Script Kiddies, they have no desire to learn.
· SCRIPT KIDDIES
Script Kiddies normally don’t care about hacking (if they did, they’d be Green Hats. See below.). They copy code and use it for a virus or an SQL or something else. Script Kiddies will never hack for themselves; they’ll just download overused software (LOIC or Metasploit, for example) and watch a YouTube video on how to use it. A common Script Kiddie attack is DoSing or DDoSing (Denial of Service and Distributed Denial of Service), in which they flood an IP with so much information it collapses under the strain. This attack is frequently used by the “hacker” group Anonymous, which doesn’t help anyone’s reputation.
· GREEN HAT HACKERS
These are the hacker, but unlike Script Kiddies, they care about hacking and strive to become full-blown hackers. They’re often flamed by the hacker community for asking many basic questions. When their questions are answered, they’ll listen with the intent and curiosity of a child listening to family stories.
TYPES OF HACKING
· Website Hacking: Website hacking basically means to take unauthorized access to any web server such as its Database.
· Network Hacking: Network hacking is a type of hacking in which a Hacker gathers information about networks using
some premade tools such as Netstat, NS lookup, Ping, Tracert etc. having the main objective of breaking down the network.
· Email Hacking: Email Hacking means to gain an unauthorized access on any email account and use it without the prior information of its owner.
· Ethical Hacking: Ethical Hacking means finding the loopholes or weakness in any computer system or any network system as well as giving the solution of that loopholes or weakness.
· Password Hacking: Password Hacking is the process in which hacker tries to find or recover a password from any computer system or any server transmitting the data over a network.
· Computer Hacking: This is the process of stealing computer ID and password by applying hacking methods and getting unauthorized access to a computer system.
ADVANTAGES OF HACKING
A hacker is someone who seeks to find and exploit weaknesses in a computer system, network, or any software in general. There are many benefits of hacking, I’ll list a few:
Hacking can allow for the revelation of bugs and weaknesses in a software, which could, in turn, be used to make the software even stronger. For example, a programmer could test out his/her software by “hacking” it themselves or asking a professional hacker to do it for them.
Hacking can allow nations to monitor/spy on other nations (may the greatest nation win).
Hacking is what made your computer the way it is today.
Hacking can help you become a good programmer, as you would most likely be aware of the many security threats and weaknesses when creating/updating software.
DISADVANTAGES OF HACKING
As with all types of activities which have a darker side, there will be dishonest people presenting drawbacks. The possible drawbacks of ethical hacking include:
· The ethical hacker using the knowledge they gain to do malicious hacking activities
· Allowing the company’s financial and banking details to be seen.
· The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on a computer system
· Massive security breach.
ETHICAL HACKING TOOLS
Metasploit Framework is one of the most Powerful Tools which helps in Penetration Testing. It is a tool mainly used mainly used for developing and executing exploit code against the target remotely. It has proven itself as a very useful tool for INFORMATION GATHERING, EXPLOIT DEVELOPMENT, VULNERABILITY SCANNING etc.
You can find it officially at http://www.metasploit.com/
Nmap also called as “NETWORK MAPPER”, this tool is used to map or scan the network and gather information about the target network along with the open ports, Operating System information, service running on the server, details about the firewalls etc.
Maltego is an open source hacking application, it comes for both Windows as well as Linux operating system. It’s an intelligence and forensics tool basically designed to gather all the information about the target in a very simplified, deep and readable way.
Wireshark is one of the best network analyzer tool, and guess what it’s free also. Wireshark is available for both Windows as well as Linux operating system. It is used for malware analysis, and Network analysis etc.
JOHN THE RIPPER:
John the Ripper (JTR) is a one of the fast password cracking tool available out there. JTR is basically used to detect the weak password of almost all the LINUX operating system
ACUNETIX WEB SECURITY SCANNER:
It’s a website security scanner, it basically scans your website for SQL Injection, Cross Site Scripting and almost other
NESSUS SECURITY SCANNER:
Nessus is also a website security scanner unlike Acunetix, it also scans your website for all the vulnerabilities including SQL Injection, Cross site Scripting and many more vulnerabilities, it also scans for the malware present on the server, apart from all this Nessus also provide custom and Executive report of the network. But unfortunately, this web application scanning tool is not free, yes you have to pay for it, but trust me it is very useful tool in the field of Ethical Hacking and Penetration Testing.
Iron WASP (Iron Web Application Security Testing Platform) is an open source system, it is used for vulnerability testing of any server. It’s customizable feature for both an expert user and a beginner user attracts many customers towards itself, and the best part is that it’s an open source vulnerability scanning system.
HconSTF is one of the very very useful tool for Penetration Testing and Ethical hacking, it performs all the activities which an individual needed in Penetration testing such as Information gathering,
Enumeration, Reconnaissance, Vulnerability scanning, Exploiting the target, and last but not the least Reporting.
Ettercap is an ethical hacking tool mainly available for performing ‘Man in the Middle’ attack of almost all types of networks by making a fake Access Point or fake Server between a client and a server.