Question

You have been asked to document and describe the hacking process. After all, the goal of white hat hacking is to ensure the security of the company resources, and documentation is always part of the process. In a report to your manager, describe the following topics:

The hacking methodology and phases

How scope is established and why the agreement of the scope is important

How ethics come into play when conducting ethical hacking

Answer 1

HACKING METHODOLOGY and PHASES :

The methodology includes permission from organization. Every action done must be reversible. Does no harm to the target systems. There are eight basic steps to be followed:

1.Permission: In this phase, the penetration test is conducted. There is a need to get written permission from the organization prior to conducting the test.

2. Reconnaissance: Performing Reconnaissance is just like conducting a preliminary survey. In this step, all the information is gathered about the target systems. The tools that are widely used in this phase are NMAP, Hping, Maltego, and Google Dorks.

3.Enumeration and scanning: In this process, the hacker probes his network actively using the information from the above phase. Some of the methods used in this phase are port scans, ping sweeps, operating systems detection, observation of facilities used by the target, and so on.SNMP enumeration, UNIX/Linux enumeration, LDAP enumeration, NTP enumeration, SMTP enumeration, DNS enumeration are the enumeration methods.

4. Gaining Access:  In this process, the vulnerability is located and you attempt to exploit it in order to enter into the system. The primary tool that is used in this process is Metasploit.

5.Escalation of privilege: Exploiting a bug in software to gain elevated access to resources that are normally protected from an application or user. The goal of this step is to move from a low-level account (such as a guest account) all the way up to the administrator.

6. Maintaining Access: It is the process where the hacker has already gained access into a system. After gaining access, the hacker installs some backdoors in order to enter into the system when he needs access in this owned system in the future. Metasploit is the preferred tool in this process.

7. Covering tracks and maintaining backdoors: The process of removing any evidence of the attacker’s presence in a system. The deletion of logs of all the activities that take place during the hacking process.

8.Reporting: Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes.
  

SCOPE:

Hacking is the act of finding the possible entry points that exist in a computer system or a computer network and finally entering into them.

Ethics:

1. Never knowingly use software or process that is obtained or retained either illegally or unethically.
2. Not to engage in deceptive financial practices such as bribery, double billing, or other improper financial practices.
3. Not to make inappropriate reference to the certification or misleading use of certificates, marks or logos in publications, catalogs, documents or speeches.
4. Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided or escaped.