Now a days, lots of attack on website ,network happen like dos attack, SQL injection attack, Cross site scripting attack etc.
As the crime increase ,requirement of ethical hacker and pentester increase as there is direct relationship between
hacker and ethical hacker. There is the need of ethical hacker and pentester in public as well as private organization.
but training was very expensive so people think twice before spending money ,now the opportunity to learn and do so, at no cost at https://www.cybrary.it
1:Phase of pentesting
PenTest, like forensics, is almost as much an art as it is a science – you can only be taught so far, technical techniques and tools are all very well, but you really need a mind that can think sideways and approach a task from as many angles as possible
Tools and tricks to get the information about the computer,ip and mac address,related user and system.
Before starting the pentesting,pentester must have some information about network and system.so pentester scan the entire network with some tool like nMap,zenmap,ping and hping etc
During the enumeration phase, possible entry points into the tested systems are identified. The information collected during the reconnaissance phase is put to use.
System hacking login to system without credentials not only bypass the credentials but also you can work in system as root user by privilege escalation.
It is a generally non-self-replicating type of malware program containing malicious code.A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized access to the affected computer.While Trojans and backdoors are not easily detectable by themselves, computers may appear to run slower due to heavy processor or network usage
7:viruses and worms
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections .a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect.
It is a program that monitors and analyzes network traffic, detecting and finding problems.Various technique and tool is used for sniffing like kali linux MITM attack,tshark,urlsnarf etc
In this technique,ethical hacker create the phishing page of website to obtain credential of users.
10:Denial of service
A DoS attack generally consists of efforts to temporarily interrupt or suspend or down the services of a host connected to the Internet.
It is used to gain unauthorized access to information or services in a computer system.Session hijacking is also known as man in the middle attack.This can be performed with the help of kali linux which is based on debian linux.
12:Hacking Web Servers
Web server can be hacked by varios ways like Denial of Service Attacks,Domain Name System Hijacking,Phishing etc.List of tool to hack web server are Metasploit,Mpack,Zeus etc
Webapplication is used to intercept the proxy,as an intruder,as an repeater etc after hacking the website webapplication is used to upload injecton and script in website like populer c99 injection.
SQL injection is used to insert the qwery and confuse the database of system to gain unauthorised access.Hackers use sql injection to extract the data from website without credential Eg ‘or’‘=’
In this user get to know about the type of wireless interface and how to expoit the different type of security encryption like wep ,wpa,wpa2 etc
users know ,how to sniff the nework using mobile ,hack another user smartphone and extract the data from smartphone,how to root the smartphone etc.
17:IDS,Firewell and Honeypots
IDS stands for Intrusion detection system.IDS is a device or software application that monitors network or system activities.Firewell is used to set rule to inbound and outbound traffic.There are two types of firewell software and hardware.software firewell is cheap as compare to hardware firewell.
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold.Normally this is due to the vulnerability in drivers of system as when driver start performing improperly then system get crashed and blue screen appear on the screen.
Cryptography is the study and application of techniques that hide the real meaning of information by transforming it into non human readable formats and vice versa.The process of transforming information into non human readable form is called encryption.
The process of reversing encryption is called decryption.
Decryption is done using a secret key which is only known to the legitimate recipients of the information