Google Hacking

Google Hacking

Google hacking involves using advance operators in the Google search engine to locate specific strings of text within search results.

Allintitle

allintitle:Brains, Corp. camera

allintitle:"index of/admin"

allintitle:"index of/root"

allintitle:restricted filetype:doc site:gov

allintitle:restricted filetype :mail

allintitle:sensitive filetype:doc

allinurl:/bash_history

allinurl:winnt/system32/ (get cmd.exe)

ext:ini eudora.ini

ext:pwd inurl:(service|authors|administrators |users) "# -FrontPage-"

Filetype

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

filetype:conf slapd.conf

filetype:ctt "msn"

filetype:mdb inurl:"account|users|admin|administrators|passwd|password"

filetype:mdb inurl:users.mdb

filetype:QDF QDF

filetype:pdf "Host Vulnerability Summary Report" "Assessment Report"

filetype:sql ("passwd values ****" | "password values ****" | "pass values ****" )

filetype:xls inurl:"email.xls"

filetype:user eggdrop user

Index

"Index of /admin"

"Index of /" +.htaccess

"Index of /mail"

"Index of /" "Parent Directory" "WS_FTP.ini" filetype:ini

"Index of /" +passwd

"Index of /password"

"Index of /" +password.txt

Intitle

intext:"BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board"

intext:centreware inurl:status

intext:"MOBOTIX M1"

intext:"MOBOTIX M10"

intext:"Open Menu"

intext:"powered by Web Wiz Journal"

intext:"Tobias Oetiker" "traffic analysis"

intitle:index.of "Apache/1.3.28 Server at"

intitle:index.of "Apache/2.0 Server at"

intitle:index.of "Apache/* Server at"

intitle:index.of "HP Apache-based Web Server/*"

intitle:index.of "IBM _ HTTP _ Server/* * Server at"

intitle:index.of "Microsoft-IIS/4.0 Server at"

intitle:index.of "Microsoft-IIS/5.0 Server at"

intitle:index.of "Microsoft-IIS/6.0 Server at"

intitle:index.of "Microsoft-IIS/* Server at"

intitle:index.of "Netscape/* Server at"

intitle:index.of "Oracle HTTP Server/* Server at"

intitle:index.of "Red Hat Secure/*"

intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)

intitle:"Welcome to IIS 4.0!"

intitle:"Welcome to Windows 2000 Internet Services"

intitle:"Welcome to Windows XP Server Internet Services"

intitle:"Welcome to Your New Home Page!"

intitle:"Test Page for Apache Installation" "It worked!" "this Web site!"

intitle:"Test Page for Apache Installation" "Seeing this instead"

intitle:"Test Page for Apache Installation" "You are free"

intitle:"Test Page for the Apache Http Server on Fedora Core"

intitle:"Test Page for the Apache Web Server on RedHat Linux"

intitle:"Test Page for the SSL/TLS-aware Apache Installation" "Hey, it worked!"

intitle:"index of" .bash_history

intitle:"index of" etc/shadow

intitle:"index.of" finances.xls

intitle:"index of" htpasswd

intitle:"Index Of" inurl:maillog

intitle:"index of" master.passwd

intitle:"index of" members OR accounts

intitle:"index.of" mystuff.xml

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"Index of" pwd.db

intitle:"Index of" .sh_history

intitle:"index of" spwd

intitle:"index.of" trillian.ini

intitle:"index of" user_carts OR user_cart

intitle:"active webcam page"

intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"

intitle:"curriculum vitae" "phone * * *" "address *"

intitle:"Dell Laser Printer" ews

intitle:"EvoCam" inurl:"webcam.html"

intitle:liveapplet inurl:LvAppl

intitle:"Multimon UPS status page"

intitle:"my webcamXP server!" inurl:":8080"

intitle:"statistics of" "advanced web statistics"

intitle:"System Statistics" +"System and Network Information Center"

intitle:"Terminal Services Web Connection"

intitle:"Usage Statistics for" "Generated by Webalizer"

intitle:"VNC Desktop" inurl:5800

intitle:"Web Server Statistics for ****"

Inurl

inurl:admin filetype:db

inurl:admin inurl:backup intitle:index.of

inurl:"auth_user_file.txt"

inurl:"/axs/ax-admin.pl" -script

inurl:"/cricket/grapher.cgi"

inurl:hp/device/this.LCDispatcher

inurl:iisadmin

inurl:indexFrame.shtml Axis

inurl:"main.php" "phpMyAdmin" "running on"

inurl:passwd filetype:txt

inurl:"printer/main.html" intext:"settings"

inurl:server-info "Apache Server Information"

inurl:"ViewerFrame?Mode="

inurl:"wvdial.conf" intext:"password"

inurl:"wwwroot/*."

site:gov confidential

site:mil confidential

site:mil "top secret"

"Copyright (c) Tektronix, Inc." "printer status"

"Host Vulnerability Summary Report"

"http://*:*@www"

"Network Vulnerability Assessment Report"

"not for distribution"

"Output produced by SysWatch *"

"These statistics were produced by getstats"

"This file was generated by Nessus"

"This report was generated by WebLog"

"This summary was generated by wwwstat"

"Generated by phpSystem"

"Host Vulnerability Summary Report"

"my webcamXP server!"

sample/LvAppl/

"TOSHIBA Network Camera - User Login"

/home/homeJ.html

/ViewerFrame?Mode=Motion

Other Googlehacking Searches

This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23mysql+dump%22+filetype%3Asql&btnG=Search

These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+username+putty

These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3A%22password.log%22

This file contains port number, version number and path info to MySQL server. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22index+of%22+mysql.conf+OR+mysql_config

This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file. http://www.google.com/search?hl=en&lr=&q=inurl%3Alogin+filetype%3Aswf+swf

These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering about a target. http://www.google.com/search?hl=en&lr=&q=filetype%3Aeml+eml+%2 Bintext%3A%22Subject%22+%2 Bintext%3A%22From%22+%2 Bintext%3A%22To%22

This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases. http://www.google.com/search?num=100&hl= en&lr=&q=filetype%3 Areg+reg+%2Bintext%3A%22internet+account+manager

Footprinting Links

There is plenty of additional information on the Internet to help you learn more about ethical hacking and penetration testing. Some sites to review include:

Google Hacking Database

A search that finds password hashes

Nessus Reports from Google

More Passwords from Google

Google Hacks Volume III by Halla

G-Zapper Blocks the Google Cookie to Search Anonymously

SiteDigger 2.0 searches Google’s cache to look for vulnerabilities

BeTheBot - View Pages as the Googlebot Sees Them

An experts-exchange page to demonstrate the Googlebot

HTTP Header Viewer

Masquerading Your Browser

User Agent Switcher :: Firefox Add-ons

Modify Headers :: Firefox Add-ons

User Agent Sniffer for Project 1

GNU Wget - Tool to Mirror Websites

Teleport Pro - Tool to Mirror Websites

Google Earth

Finding Subdomains (Zone Transfers)

Dakota Judge rules that Zone Transfers are Hacking

Internet Archive - Wayback Machine

Wikto - Web Server Assessment Tool - With Google Hacking

VeriSign Whois Search from VeriSign, Inc.

whois.com

ARIN: WHOIS Database Search

Border Gateway Protocol (BGP) and AS Numbers

Internic | Whois - the only one that finds hackthissite.org

Teenager admits eBay domain hijack

NeoTrace

VisualRoute traceroute: connection test, trace IP address, IP trace, IP address locations

Trojans, Backdoors, and Malware

Trojans, Backdoors, and Malware

Trojans

Both Trojans and malware represent a real danger to the security of end users systems. If an attacker can trick or seduce a user to install one of these programs the hacker may gain full control of the system. Much of this malware works under the principle of “you cannot deny what you must permit.” Meaning that these programs use ports like 25, 53, and 80. Ports the administrator usually has left open. If the programs don’t use these ports the hacker always has the option of using port redirection or covert communication channels. These are the reasons these programs can be so dangerous.

Ethical Hacking Steps

1. Footprinting

2. Scanning and Enumeration

3. Hacking

4. Trojans and Backdoors

5. Sniffing and Session Hijack

6. Web and SQL attacks

FAQ

What is a covert channel? A secret unknown communication channel that is not prevented or secured. What is a macro virus? A virus written using a macro language within a productivity document.Have any viruses, worms, or bots been developed for cell phones? Yes, Sexy Space is considered by some to be the first cell phone bot.What role can SSL, SSH, and TLS play in covert channel communication? Secure tunnels to bypass filters. I heard the term Sheepdip mentioned. What does that mean? Sheepdip is a stand alone system used to scan all media and devices as they come in from outside an organization’s security perimeter to detect malware before the media or device is approved to connect to the internal network.

Trojan and Malware Links

The best way to learn more about Trojans and malware is to check out these links:

USB Hacks: Endpoint Insecurity

USB Switchblade - Hak5

Cyber Security

Datapipe http://packetstormsecurity.nl/Exploit_Code_Archive/datapipe.c .Datapipe must be run on both ends of the attack: the attacker’s originating computer and the compromised target behind a firewall.

rinetd www.boutell.com/rinetd/index.html

Web and SQL Testing

Know the Trade - Web and SQL Testing Web Hacking Tips, Tricks, and Techniques The purpose of attacking web server usually is for one of the following reasons: deface the web site, destroy or steal company’s data, gain control of user accounts, perform secondary attacks from the web site, or gain root access to other applications or servers. Intercepting Traffic with Burp Proxy Burp Proxy is a tool that lets you create a history of packets that traverse through the proxy or it allows you to intercept the traffic, make modifications to the packet (or not), then forward it on to the destination. What’s better is that it allows you to intercept HTTPS traffic. The ramifications of this tool should be crystal clear now. If you can get someone’s browser pointed toward your Burp Proxy port, you own them. If they go to their bank, you own it. If they check their Webmail accounts, you own it. Certainly there may be further attempts to help obfuscate passwords even in encrypted communications, but frankly, that doesn’t happen much. As well, banks and other high profile organizations may introduce further authentication mechanisms, but such a tool will produce an adequate bounty; especially if you are arp spoofing a network proxy server. Database and SQL Injection Attacks Many web applications rely on backend databases for information storage and retrieval. Sometimes a script will perform a database query using input supplied from a web page without first verifying that the input does not contain any escape characters. Consider the following example, which may be used to log a user on to a site: query = “SELECT * FROM users WHERE username = '{$_POST['user']}’ AND password = '{$_POST['pass']}’ “; The query string would be passed to a database holding usernames and passwords, and if a result were to be returned, it would imply that the username and password were both correct. Consider, however, if someone were to use a username of bob and a password of ‘ OR 1=1. The query string would turn into the following. “SELECT * FROM users WHERE username = 'bob’ AND password = ‘’ OR 1=1 “; > In this case, the OR 1=1 would make the statement always true, meaning it would always return something. Therefore, the script could be fooled into thinking that the user had been authenticated. By injecting specially crafted queries, it is also possible to disclose potentially sensitive information from the database. Web Exploitation Links The best way to learn more about web hacking is to check out the following links: Netcraft: Web Server Survey Archives ASP Examples ASP Basic Example -- Source code for clock ASP Clock Running (source code is not visible) Apache HTTP Server - Wikipedia, the free encyclopedia The Apache Software Foundation PHP - Wikipedia, the free encyclopedia Recursive acronym PHP Demos on the free T35 Server Hello World in PHP (source code not visible) Source Code for Hello World in PHP M-049: Multiple PHP Vulnerabilities Hardened-PHP Project - PhP Security - Advisory 01/2004 ColdFusion - Wikipedia Macromedia ColdFusion Vulnerabilities ColdFusion Error Page Cross-Site Scripting Vulnerability VBScript Example -- works in IE, not in Firefox Firefox FAQ -- no support for VBScript Microsoft Security Bulletin MS02-009 -- Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines. JavaScript Example -- Works in IE and Firefox JavaScript vulnerabilities surface in multiple browsers ODBC, OLE DB, and ADO Explained by a Microsoft Developer Form Demonstration -- maxlength property and GET method Cross-site scripting - Wikipedia How to install Java on Ubuntu Linux Installing Sun Java(TM) JRE 1.6.0 (Mustang) in Ubuntu Edgy and Dapper � Tuxicity%u2019s source Install tomcat 5.5 - Ubuntu Document Storage Facility WebGoat Installation - OWASP Space Program Blog: Installing Java 5 JDK and Tomcat on Ubuntu (using VMWare) Radarhack -- Getting Started with WebGoat IIS Unicode Vulnerability Explained Download cgiscan.c here phfscan.c source code Explanation of the PHF bug HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections An example of an overly informative error message on SourceForge Introduction to Input Validation with Perl The Unexpected SQL Injection Hello PHP page - running PHP code Hello PHP Page - Source Code

Sniffing Attacks

Sniffing Attacks

Sniffing gives the attacker a way to capture data and intercept passwords. These may be clear text FTP or Telnet password or even encrypted NTLM passwords. Man-in-the-middle attacks can be used to literally steal someone else’s authenticated session. They will be logged in with the same rights and privileges as the user they stole the session from. They are free to erase, change, or modify information at that point.  Sniffing, session hijack, and man-in-the-middle attacks all represent powerful tools for hackers.

 

 

 

 

 

Session Hijack with Ettercap

Ettercap is an open source tool written by Alberto Ornaghi and Marco Valleri. Available from http://ettercap.sourceforge.net/, ettercap will compile on most major operating systems. Ettercap is not strictly an attack tool; it includes many plugins for attempting to detect other systems engaging in potentially malicious activity on the network.
Connecting to the attacking server via SSH, we start ettercap with the –T and –q options. The –T option forces ettercap to use a text interface, and the –q option suppresses ettercap listing every packet that it sniffs. From within this interface, we can press p to view the list of plugins available in ettercap, a number of which are listed below.

1. autoadd 1.2 Automatically add new victims in the target range
2. chk_poison 1.1 Check if the poisoning had success
3. dos_attack 1.0 Run a d.o.s. attack against an IP address
4. find_conn 1.0 Search connections on a switched LAN
5. find_ip 1.0 Search an unused IP address in the subnet
6. gw_discover 1.0 Try to find the LAN gateway
6. isolate 1.0 Isolate an host from the lan
7. link_type 1.0 Check the link type (hub/switch)
7. pptp_chapms1 1.0 PPTP: Forces chapms-v1 from chapms-v2
8. pptp_clear 1.0 PPTP: Tries to force cleartext tunnel
9. pptp_pap 1.0 PPTP: Forces PAP authentication
10. pptp_reneg 1.0 PPTP: Forces tunnel re-negotiation
11. rand_flood 1.0 Flood the LAN with random MAC addresses
12. repoison_arp 1.0 Repoison after broadcast ARP
13. smb_clear 1.0 Tries to force SMB cleartext auth
14. smb_down 1.0 Tries to force SMB to not use NTLM2 key auth
15. stp_mangler 1.0 Become root of a switches spanning tree

 

 

Sidejacking with Firesheep

Many social networking domains maintain user access by means of a cookie. Cookies are used to validate users to Facebook, Twitter, and others through an unencrypted channel. Firesheep allows anyone to steal a user’s cookie. With this cookie, a malicious person can have full access to the victim’s/user’s profile.

 

 

 

 

FAQ

Is there a way to tell if the status of a NIC in Linux? The Linux ifconfig -a command can be used to detect promiscuous mode as this is displays the interface’s set flags (i.e PROMISC).
Do IPID's increment? Multiple packets sent from the same system should not have the same sequence number.
What are some of the things that make session hijack possible? One is plain text communication protocols which perform authentication only at the initiation of a session.
Why is SSL vulnerable to MitM attacks? One way identity verification (i.e. Server to client), which is not truly verified due to an implementation error in the client.

Sniffing and Hijack Links

Check out these links to learn more:

Types of DNS records
DNS SRV records for SIP and XMPP
Port Forwarding in and linux
OSI model - Wikipedia
What is an APDU?
AT&T Fiber Optic Splitter Used to Spy on Internet
Virtual LAN - Wikipedia
IEEE 802.1Q - Wikipedia
Ethernet - Wikipedia
VLAN Tagging
VLAN Jumping Attack
VoIP Hopper...Jumping from one VLAN to the next!
Making unidirectional VLAN and PVLAN jumping bidirectional
Bypassing and hacking switches using VLAN
IP Spoofing: An Introduction
Windows NT Patch Available to Improve TCP Initial Sequence Number Randomness
Slashdot | TCP/IP Sequence Number Analysis
IPsec - Wikipedia
Cisco Support Lists
Cisco IOS Password Encryption Facts - Cisco Systems
Looking Glass Overview - Web sites that show live routing information
ILAN Looking Glass--useful for trace demo with ASN values
CERN Looking Glass--also shows ASN values on a trace
Big list of looking glass pages sorted by ASN
Hacker writes rootkit for Cisco's routers
Manpage of TCPDUMP

Scanning and Enumeration

Ethical Hacking - Scanning and Enumeration

Port Scanning and System Enumeration

Port scanning is the process of connecting to TCP and UDP ports for the purpose of finding what services and applications are open on the target device. Once open, applications or services can be discovered. At this point, further information is typically gathered to determine how best to target any vulnerabilities and weaknesses in the system.

Port Scanning Steps

Port scanning is one of the key steps of ethical hacking. Before a system can be attacked the hacker must determine what systems are up, what applications are running, and what what versions the applications are.

1. Determining If The System Is Alive

• Network Ping Sweeps
  

2. Port Scanning

• Nmap - As you might guess, the name “nmap” implies that the program was ostensibly developed as a network mapping tool. Well, as you can imagine, such a capability is attractive to the folks that attack networks, not just network and system administrators and the network support staff. Of all the tools available it is nmap that people just seem to keep coming back to. The familiar command line interface, the availability of documentation, and the generally competent way in which the tool has been developed and maintained, are all attractive to us. Nmap performs a variety of network tricks. To learn more check out the NMAP tutorial.
  
  
• Nmap - Interesting options
  
  • -f fragments packets
    
  • -D Launches decoy scans for concealment
    
  • -I IDENT Scan – finds owners of processes (on Unix systems)
    
  • -b FTP Bounce
    
• Port Scan Types
  
  • TCP Connect scan
    
  • TCP SYN scan
    
  • TCP FIN scan
    
  • TCP Xmas Tree scan (FIN, URG, and PUSH)
    
  • TCP Null scan
    
  • TCP ACK scan
    
  • UDP scan
    

3. Banner-Grabbing

Many services announce what they are in response to requests. Banner grabbers just collect those banners the easiest way to banner grab:

telnet <ipaddress> 80

4. Operating System Fingerprinting

• Active Stack Fingerprinting
  
  • Nmap
    
  • Xprobe2
    
• Passive fingerprinting
  
  • siphon
    
  • p0f
    

Enumeration

The process of enumeration, finding find what services are running, versions, open shares, account details, or possible points of entry. One such target is SMB. While SMB makes it possible for users to share files and folders, SMB offers access on Windows computers via the IPC$ share. This share, the IPC$, is used to support named pipes that programs used for interprocess (or process-to-process) communications. Because named pipes can be redirected over the network to connect local and remote systems, they also enable remote administration.

1. Attacking Null Sessions

The Windows Server Message Block (SMB) protocol hands out a wealth of information freely. Null Sessions are turned off by default in Win XP, Server 2003, Vista, and Windows 7 but open in Win 2000 and NT.

Null Session Tools

• Dumpsec
  
• Winfo
  
• Sid2User
  
• NBTenun 3.3
  

2. Enumerating Windows Active Directory via LDAP, TCP/UDP 389 and 3268. Active Directory contains user accounts and additional information about accounts on Windows DC's. If the domain is made compatible with earlier versions of Windows, such as Win NT Server, any domain member can enumerate Active Directory

3. Targeting Border Gateway Protocol (BGP). The de facto routing protocol on the Internet. BGP is used by routers to help them guide packets to their destinations. It can be used to find all the networks associated with a particular corporation

Defense with Port Knocking

Port knocking is a rather esoteric method of preventing session creation with a particular port. Port knocking is not currently implemented by default in any stack, but we may soon see patches to permit the use of knocking protocols. The basis of port knocking is the digital analog of the secret handshake. Through the use of timing, data sent with SYN packets, number of SYN packets sent, sequence of ports hit, and other options, a client authorizes itself to access a port. While useful for obscuring the existence of a port, port knocking is simply another layer of authentication. Links can still be saturated through DoS attacks, RST attacks can still kill connections, and sessions can still be hijacked and sniffed. A paranoid system administrator may care to use a port knocking daemon to add an extra layer of security to connections, but securing the connection through a PKI certificate exchange is much more likely to yield tangible security benefits.

Scanning and Enumeration Links

Some links to learn more about scanning and enumeration include:

Port scans legal, judge says (12/18/2000)

Port Scanning and its Legal Implications (2004)

Nmap Tutorial

A Simple Guide to Nmap Usage

YouTube - Trinity Nmap Hack - Matrix Reloaded

Unicornscan

NetScanTools

Nessus Vulnerability Scanner

Nessus Technical Guide

Very simple Nessus installation [Archive] - Ubuntu Forums

How to install the vulnerability scanner Nessus | Ubuntu Linux

fping - a program to ping hosts in parallel

Hping - Wikipedia, the free encyclopedia

Tutorial: Hping2 Basics

Smurf attack - Wikipedia, the free encyclopedia

Preventing Smurf Attacks

Advanced Bash-Scripting Guide

NetBios Howto

NetBIOS NULL Sessions: The Good, The Bad, and The Ugly

Null session attacks: Who's still vulnerable?

NULL sessions restrictions of server and workstation RPC operations

Null session in Windows XP

Listing usernames via a null session on Windows XP

Download Winfo -- NetBIOS Null Session Enumeration Tool

NetBIOS Suffixes (16th Character of the NetBIOS Name)

NetScanTools.com

SystemTools.com - DumpSec and Hyena

Description of the Windows File Protection feature

Introduction to Ethical Hacking 3

Know the Trade - Ethical Hacking and Penetration Testing

Want to learn more about the steps of ethical hacking?

Ethical Hacking Steps

Hackers can target many different platforms, operating systems, and hardware yet the methodology stays remarkably similar. The steps involved in hacking generally involve:

1. Footprinting

2. Scanning and Enumeration

3. System Hacking

4. Plant Rootkits and Backdoors

5. Covering Tracks

6. Expanding Influence

An ethical hacker needs skills in these steps and items such as sniffing, session hijacking, Trojans, fuzzing, and buffer overflows to name just a few.

Network Security and Ethical Hacking Testing

Ethical hacking is of utmost importance because of the vast amount of network traffic that is transmitted through the worlds LANs, MANs, WANs  everyday. It is not just external networks that are important but also internal network communications that needs to be checked regularly for lapses in security and potential breaches. Every organization must have controls in place to patch, update systems, and perform periodic vulnerability assessment scans. Today more and more organizations are creating positions for ethical hacking professionals to perform network testing and vulnerability assessment on a regular basis.

Penetration testing should be performed using network testing tools. These tools might include Nmap, Netcat, or even bootable Linux OS’s such as Backtrack. Such tools provide valuable information for the IT security professional such as:

* Assessing traffic sniffing and online password attacks that are occurring over the network.

* Analyzing points of vulnerability in the system is assessed to find out what areas needs to be protected from hackers and cyber criminals
* Performing ports scans, ping sweeps, and network probes are performed so that hackers are immediately identified

* Detecting malicious traffic such as ARP poisoning, TCP XMAS scans, UDP port scans and rouge DHCP server redirects

* Scanning for high order open ports assigned to Trojans and malware. These ports can include 31337 and 123456.

Periodic ethical hacking testing is very important in today’s environment where data is constantly exchanged through Internet connections that span the glob. Whether it is a simple email, downloading a file, or browsing the web, unless your network is patched, running antivirus, filtering spam and totally secure, you can never be sure of what will happen should such programs be executed inside your network. It is very easy for malicious hacker to invade your system and retrieve confidential data, if your network lacks adequate IT security or weak access controls your network could be vulnerable. Having a ethical hacking expert armed with the proper network security tools can help assess such problems and ensure that you are aware of vulnerable areas in your network infrastructure. By being aware of such vulnerabilities, you can take adequate steps to ensure that they are never brought down by intruders, hackers, and cyber criminals.

There are many network security testing programs that you can check out. These can be downloaded from the net. Just remember to get the permission of the network administrator before loading these programs on a company computer. Every hacking program has a set of functions that help you to test your network strength and also perform various analyses on network protocols. These tools are used by both the good and bad guys.

Network Security Testing and periodic penetration testing should be done on a regular basis as networks are never static. Adding new computer, expanding to different locations and adding new WAN routes can all introduce vulnerabilities and add risk. IT network security tools must be used to analyze such new vulnerabilities so that precautions can be taken to prevent unauthorized access to networks from external sources. Most of the tools you need are vailable online and can be downloaded in a couple of minutes for installation.

The Job of An Ethical Hacker

Security testing is the primary job of ethical hackers and those wanting to know the trade. These tests may be configured in such way that the ethical hackers have full knowledge, partial knowledge or no knowledge of the target of evaluation (TOE). The following pages contain resources to help you learn more. Each area is broken up into a specific aspect of the hacking event.

The best way to learn more about ethical hacking, perpetration testing and gain the skills needed to work in this field is to:

1. Learn how to program.

2. Get one of the open-source bootable Linux.

3. Learn to use the tools and basic Linux commands.

4. Learn how to use the World Wide Web and write scripts and HTML code.

5. Get certified

 

Ethical Hacking Notice

As a final note: Nothing contained on this site is intended to teach or encourage the use of security tools or methodologies for illegal or unethical purposes. Always act in a responsible manner. Make sure you have written permission from the proper individuals before you use any of the tools or techniques described within. Always obtain permission before installing any of these tools on a network.