The Ethical Hacking Methodology

A Framework for Ethical Hacking 

Since ethical hacking involves mimicking an attacker's techniques, it necessitates following a set of rules. Specifically, these measures consist of: It's important to keep in mind that a given business may apply a different set of stages. 

Reconnaissance and Footprinting - active and passive Scanning
Enumeration
Hacking / Gaining Access
Escalation of Privileges Maintaining Access Covering Tracks Backdoor
Reporting
Reconnaissance and Footprinting

In ethical hacking, identifying attack targets requires doing reconnaissance, which entails acquiring knowledge about the target system or systems. The attacker's approach for ethical hacking may be shaped by the quantity and quality of information they collect. Footprinting is useful for estimating a company's size. 

These two activities are performed simultaneously. For instance, when you collect data about a network, you may learn both the specifics of the systems that make up that network and the total number of systems that make up that network. 

Reconnaissance and footprinting may be divided into two categories: 

Passive 
Tools available to the ethical hacker allow for data collection with little system interaction. It's less risky than other methods since your privacy is protected when data is gathered. For example, the ethical hacker may consult such sources as: 

Whois database
The target’s website
Social media profiles of employees Google search results
DNS queries
Blogs and public forums
The ethical hacker can also use various tools to collect information passively. Some of the key tools are:
WHOIS
Social Media Shodan

Google Hacking DNS Querying The Harvester Recon-ng Maltego
For example, assume that you want to search for www.shuronjit.com on the whois.domaintools.com website. Notice the output. The result of practice-labs.com is displayed.

Active 
When doing active reconnaissance, an ethical hacker establishes a connection to the system and gathers information in this way. The chance of being discovered and exposed is larger, but the information gained is more reliable than with the passive approach. The practise of scanning a system's open ports is an example of active reconnaissance. Ethical hackers do port scans by establishing connections with target systems to learn which ports are accessible. 

When doing active reconnaissance, one might use a number of different instruments. Nmap is a popular tool for this purpose. Let's say you're an ethical hacker interested in doing a ping scan of the 192.168.0.0/24 network to see how many hosts are up. 

using the command: nmap -sP 192.168.0.0/24 

? 

A Process of Scanning and Enumeration 

Scanning and enumeration follow network exploration and the discovery of running systems. Because of the importance of this information in exploiting or getting access. 

Active reconnaissance also includes the practise of enumeration. A great deal of information about a gadget, server, or service may be gleaned by enumeration. 

A few examples of where enumeration may be utilised to locate what you need are: 
Data about the computer's OS, including the release number and Domain Name System settings 

SNMP information
Users and groups
Password hashes and passwords Hostnames
Domain information
Running services and process

Exploitable weaknesses are revealed via scanning. Nikto may be used to scan a Web app for security flaws, for instance. First, let's examine the output of the following command: command: nikto -host http://192.168.0.10 An important point to remember is that you may provide an IP address to a vulnerable Web application and host it. Then, just replace the IP address with the address of the Web application and run the code above. The findings reveal the different types of vulnerabilities that were uncovered. 

Successfully Gaining Access (Exploitation) 

The attacker must take into account the system's state and the surrounding environment before deciding on an attack method. In penetration testing, some typical attack methods include: 

The foundation of all other assaults is social engineering. The assault may be initiated in a number of ways, the most common of which being phishing. 

Attacks on web applications may include cross-site scripting, cross-site request forgery, and SQL injection. You may use them if you are doing a penetration test on a web application. 

Taking over a user's session is a handy technique for when communications aren't secured. Both session hijacking and man-in-the-middle attacks are within the attacker's reach. Cracking a password requires access to the server or system and the use of specialised software. 

There is more privacy and security in a private network as opposed to the public network. An attacker trying to get into a private network will have to try a number of different tactics to gain access. An infected USB drive might be used as a virus delivery mechanism in a social engineering assault. 

Whether you're going to employ a technical approach like a Web application assault, you'll need to find a Webserver and check to see if it's hosting any active Web applications. The web app might then be used to your advantage. 
To get access to sensitive information, social engineering techniques may be used. There might be a hyperlink in the email that the recipient is expected to visit. Users who visit the spoofed URL are sent to a site that falsely presents itself as the bank's official site. In turn, it might infect their computer with malware. 

Sustaining Availability 

Let's pretend you've managed to get into a Windows machine by taking use of a known exploit. Keeping access is not assured. In these cases, you should take steps that will enable you to keep access even after the vulnerability has been addressed. 

For instance, a new account may be created with full administrative privileges. That way, you may establish a secure, remote connection to the compromised machine. Another option is to use a rootkit or backdoor. 

Covering Tracks

It's almost certain that you'll leave some kind of digital footprint while hacking, increasing the likelihood that you'll be stopped or detected. The creation of a user account, for instance, would be recorded in the logs. Covering one's tracks often involves erasing one's digital footprint. When logs are removed, however, a new record is written to the log files to indicate that this has occurred. 

Reporting 

Once you've completed the ethical hacking exam, you must submit your results to whomever ordered it. The report details the risks you posed, such as vulnerabilities, exposed sensitive data, your access to sensitive systems, and recommended countermeasures.