1.Ethical Hacking Overview
1.1 What is Ethical Hacking?
- Definition: The practice of legally hacking into systems to find vulnerabilities before malicious hackers do.
- Objective: Protect networks, data, and systems from cyber threats.
- Legal vs. Illegal Hacking:
- White Hat: Ethical hackers (legal)
- Black Hat: Malicious hackers (illegal)
- Gray Hat: In between (not strictly ethical but not malicious)
2.Hacking Phases (Cyber Kill Chain)
| Phase | Description |
| 1. Reconnaissance | Information gathering (Passive/Active) |
| 2. Scanning | Identifying vulnerabilities (Nmap, Nessus) |
| 3. Gaining Access | Exploiting weaknesses (Metasploit, ExploitDB) |
| 4. Maintaining Access | Installing backdoors, rootkits |
| 5. Covering Tracks | Deleting logs, clearing traces |
3.Information Gathering (Reconnaissance)
3.1 Passive vs. Active Reconnaissance
| Type | Method |
| Passive | Google Dorking, WHOIS lookup, Shodan.io |
| Active | Scanning, social engineering, email phishing |
3.2 Tools for Reconnaissance
| Tool | Use |
| whois | Domain information lookup |
| theHarvester | Gather emails, subdomains, and names |
| Maltego | OSINT visualization |
| Shodan | Search for exposed devices |
4.Scanning & Enumeration
4.1 Network Scanning Tools
| Tool | Function |
| Nmap | Port scanning |
| Netcat | Network debugging, banner grabbing |
| Nessus | Vulnerability scanning |
| OpenVAS | Security assessment |
4.2 Common Port Numbers
| Protocol | Port |
| FTP | 21 |
| SSH | 22 |
| HTTP | 80 |
| HTTPS | 443 |
| RDP | 3389 |
5.Gaining Access (Exploitation)
5.1 Common Exploits
| Attack Type | Description |
| Buffer Overflow | Overwriting memory to execute malicious code |
| SQL Injection | Injecting SQL queries into databases |
| Cross-Site Scripting (XSS) | Injecting scripts into web pages |
| Privilege Escalation | Gaining higher system privileges |
5.2 Exploitation Tools
| Tool | Use |
| Metasploit | Exploit framework |
| Exploit-DB | Public database of exploits |
| SQLmap | Automated SQL injection |
6.Maintaining Access & Covering Tracks
6.1 Backdoor Techniques
- Rootkits: Hides malicious activities
- Trojan Horses: Disguised malware
- Remote Access Trojans (RATs): Full system control
6.2 Log Cleaning Techniques
| Method | Tool |
| Clearing Logs | rm /var/log/* (Linux) |
| Altering Timestamps | touch -t 202304010000 file.txt |
| Hiding Processes | rootkits |
7.Wireless Hacking
7.1 Wireless Attacks
| Attack | Description |
| Evil Twin Attack | Fake Wi-Fi to capture data |
| Deauthentication Attack | Kicking users off a Wi-Fi network |
| WPS Attack | Exploiting weak Wi-Fi Protected Setup (WPS) |
7.2 Wireless Hacking Tools
| Tool | Function |
| Aircrack-ng | Wi-Fi password cracking |
| Reaver | WPS attack tool |
| Kismet | Wireless network monitoring |
8.Web Application Security
8.1 Common Web Attacks
| Attack | Description |
| SQL Injection | Injecting SQL to extract data |
| Cross-Site Request Forgery (CSRF) | Tricking users into executing unwanted actions |
| Broken Authentication | Weak login mechanisms |
8.2 Web Security Tools
| Tool | Function |
| Burp Suite | Web vulnerability scanning |
| OWASP ZAP | Automated web application testing |
9.Cryptography & Steganography
9.1 Encryption Algorithms
| Algorithm | Type |
| AES | Symmetric |
| RSA | Asymmetric |
| SHA-256 | Hashing |
9.2 Cryptography Tools
| Tool | Function |
| John the Ripper | Password cracking |
| Hashcat | GPU-accelerated hash cracking |
| GPG | File encryption |
10.Social Engineering Attacks
10.1 Types of Social Engineering
| Attack Type | Description |
| Phishing | Deceptive emails/websites |
| Vishing | Voice phishing |
| Baiting | Using infected USB drives |
| Pretexting | Impersonation to gain information |
10.2 Social Engineering Tools
| Tool | Function |
| SET (Social Engineering Toolkit) | Simulated phishing attacks |
| Maltego | OSINT analysis |
11.Security Countermeasures
11.1 Best Practices
- Keep software updated
- Use strong passwords (min. 12 characters)
- Enable Multi-Factor Authentication (MFA)
- Use firewalls & IDS/IPS
- Regular security audits & penetration testing
11.2 Security Tools
| Tool | Function |
| Snort | Intrusion detection system (IDS) |
| Wireshark | Network traffic analysis |
| Fail2Ban | Prevents brute-force attacks |
12.Command Line Cheat Sheet
Windows Commands
ipconfig /all # View network config
netstat -an # View active connections
tasklist # Show running processes
Linux Commands
ifconfig # Show network settings
nmap -sV 192.168.1.1 # Scan open ports
sudo john hash.txt # Crack password hashes
