How Do You Start Ethical Hacking?

Hi Folks!

Today I will be speaking about different phases of Ethical Hacking. Well if you are searching for this blog, I am sure you want to learn to hack and become a passionate Ethical Hacker!

Well, that’s the case, it’s a very good theme because Ethical Hacking is one of the most interesting jobs in the IT industry today.

Did you know that there is a cyber attack happens every 39 seconds? So every 39 seconds there is a cyber attack and the victim of these cyber attacks ranges from startups to multi-billion companies. So no organization wouldn’t want data to be leaked or their applications to be misused. And that’s where ethical hackers come to the rescue. So these organizations who think their systems or network might get hacked, hire ethical hackers and these ethical hackers tests the system or network for security loopholes or weaknesses that a malicious hacker can use and hacked the target and then work on improving the security of the target system or the network.

If you are a beginner, I am sure you have this question in your mind. The question would be How to become skillful enough to do this job?

Where answer if you are a beginner and you have gone through a lot of blogs, a lot of videos and you learn some basics and even if you have not, you understood that hacking is not that like how it is shown in the movies. It’s not like that you just open your laptop, fire-up your laptop, you just type something in your system and you hacked. That’s not the real image. Hacking is not that simple.

So the question is, how to become skillful enough to do this job to hack something? And the only answer is by practice. So you need a lot of practice and that’s how you became skillful.

Ethical Hacking is not a one-step process. It’s not like that you can just run some tools and hack the target. If you want to hack a target successfully and efficiently, you will have to follow certain steps of ethical hacking. And that’s why I am writing this post so that it will be helpful for beginners and who are just starting with hacking.

So without further ado, let us see the different phases of Ethical Hacking. And as a gift, I will be telling you about few tools about you can use for each phase and also at the end of the phases of Ethical Hacking, I will be talking about some of the great hacks that happen to time.

Let’s look at the different phases of Ethical Hacking -

• Reconnaissance
• Scanning
• Exploitation
• Maintaining Access
• Covering Tracks
• Reporting

Let’s go deeper with these phases.

1. Reconnaissance:

Reconnaissance is a phase of Ethical Hacking where the Hacker collects information about the target Network or Application that he is trying to hack.

So some of the basic information you would want to collect are -

IP Address

IP Address Range

The architecture of the Network

DNS Records

These are very basic information to collect about your target. And depending on your target is, this information might vary.

So now I will be talking about some of the most popular tools used for Reconnaissance.

• Search Engines: Google, DuckDuckGo, Yahoo!
• NSLookup: It is a DNS querying tool and used to get Domain Name and IP Address map of the target
• Whois Lookup: Browser-based query and response tool used to get registration and delegation details of your target.

2. Scanning:

Scanning is the procedure of identifying a point on the target System/Network that a hacker can try to hack.

Some of the vital information you would want to collect during your scanning is -

Active Ports

Active Hosts

Services Running On Your Target

Vulnerable Application/Operating System

Let’s see the popular tools used for Scanning -

• OpenVAS
• Nikto
• WireShark
• Nessus

3. Exploitation:

Exploitation is the step where the hacker takes advantage of the weakness or loophole of the target and hacks it.

There are different steps for Exploitation -

Select Attack

Launch The Attack

Gain Access

Some of the most popular tools used for Exploitation are -

• BeEF
• MetaSpoilt
• SQLMap

4. Maintaining Access:

Maintaining Access is that phase where the hacker installs software or makes changes on the target such that he can access the target later in time.

Ways To Maintaining Access -

Installing Backdoors

Create New Users/Escalate Privileges

Install Rootkits

Trojans

Some of the most popular tools used for Maintaining Access are -

• PowerSploit
• Weevly
• dns2tcp

5. Covering Tracks:

This phase is all about covering the identity of the hacker and the way the exploit has happened.

Common but Vital Ways To Covering Tracks -

Clear Cache/Cookies

Tampering Log Files

Close Ports/Stop Services

6. Reporting:

The final phase of Ethical Hacking is Reporting.

• Reporting is that phase where a hacker creates documentation about the weakness and loopholes found on the target.
• The way he can use these weaknesses and loopholes to hack the target.
• Also, mention certain precautions that target can take make the security batter.

Why Reporting phase can differentiate between an ethical hacker and a malicious hacker?

As an ethical hacker, you know what you should do. You will tell the target organization about information found, the way you hacked the target and also tell them how they make the security batter.

But a malicious hacker wouldn’t do this. A malicious hacker would hack the target, would hide his identity and whatever purposes he hacked for, he just does it and vanishes!

So, Reporting is that phase that differentiates between an ethical hacker and a malicious hacker.

Now let me tell you some of the great hacks that have happened over time.

1. The FBI Hack:

In 2016, the entire database of FBI was hacked and the identities of all undercover FBI and Homeland security agents were made public. Due to which a lot of lives were in danger.

2. The NASA Hack:

A hacker hacks into NASA and downloads the source code used to run the International Space Station. And to fix the issue, NASA has to shut down its network for three weeks.

3. The Commercial Sites Hack:

A student of a university launce a DOS attack with 70 plus computes on 50 plus networks with affected a lot of commercial websites such as eBay, Amazon, etc. Due to which these commercial sites face a lot of business losses.

4. Noble Hack:

A hacker hacked into different banks around the world and stole money from these banks instead of using for his self, he donates this money to the countries living below the poverty line. So his intention was noble and that why people called it Noble Hack.

So now you have an idea of how powerful a hacker can be. But, as an ethical hacker, you should not be involved in any such illegal activity. Because that’s not ethical hackers do. As an ethical hacker, you should always contribute to making the security of the system of the network of any digital appliances or digital device, the security of these digital devices are batter.