Concept Of Hacking
• Hacker is a computer person who is very curious and wants to learn as much as possible
about computer systems.
• Hacking was developing and improving software to increase the performance of
• Hacking has a lot of meanings depending upon the person’s knowledge and his work
intentions. Hacking is an Art as well as a Skill. It is the knowledge by which one gets to
achieve his goals, anyhow, using his skills and power.
• Ethical Hacking is testing the resources for a good cause and for the betterm
• Technically Ethical Hacking means penetration testing which is focused on S
Protecting IT Systems.
Types of Hackers
• White Hat Hacker
• Black Hat Hacker
• Grey Hat Hacker
White Hat Hacker
• A White Hat Hacker is computer guy who perform Ethical Hacking.
These are usually security professionals with knowledge of hacking and
the hacker toolset and who use this knowledge to locate security
weaknesses and implement countermeasures in the resources.
• They are also known as an Ethical Hacker or a Penetration Tester. They
focus on Securing and Protecting IT Systems.
Black Hat Hacker
• A Black Hat Hacker is computer guy who performs
Unethical Hacking. These are the Criminal hackers or
Crackers who use their skills and knowledge for illegal or
malicious purposes. They break into or otherwise violate the
system integrity of remote machines, with malicious intent
• These are also known as an Unethical Hacker or a Security
Cracker. They focus on Security Cracking and Data stealing.
Grey Hat Hacker
• A Grey Hat Hacker is a Computer guy who sometimes acts legally, sometimes in good
will, and sometimes not. They usually do not hack for personal gain or have malicious
intentions, but may or may not occasionally commit crimes during the course of their
• They are hybrid between White Hat and Black Hat Hackers.
Classification of Hackers
• Script Kiddies
• Coders are the programmers who have the ability to find the
unique vulnerability in existing software and to create working
• These are the individuals with a deep understanding of the OSI
Layer Model and TCP/IP Stacks.
• Admin the computer guys who have experience with several operating systems, and
know how to exploit several existing vulnerabilities.
• A majority of Security Consultants fall in this group and work as a part of Security Team.
• Script Kiddies are the bunnies who use script and programs
developed by others to attack computer systems and Networks.
• They get the least respect but are most annoying and dangerous
and can cause big problems without actually knowing what they
Steps Performed by a Hacker
1. Performing Reconnaissance
2. Scanning and enumeration
3. Gaining access
4. Maintaining access and Placing backdoors
5. Covering tracks or Clearing Logs
Phase I: Reconnaissance
• Reconnaissance can be described as the pre-attack phase and is a systematic attempt to
locate, gather, identify, and record information about the target. The hacker seeks to find
out as much information as possible about the target.
Phase II: Scanning and Enumeration
• Scanning and enumeration is considered the second pre-attack phase. This phase
involves taking the information discovered during reconnaissance and using it to examine
• Scanning involves steps such as intelligent system port scanning which is used to
determine open ports and vulnerable services. In this stage the attacker can use different
automated tools to discover system vulnerabilities.
Phase III: Gaining Access
• This is the phase where the real hacking takes place. Vulnerabilities discovered during the
reconnaissance and scanning phase are now exploited to gain access. The method of connection the hacker uses for an exploit can be a local area network, local access to a
PC, the Internet, or offline. Gaining access is known in the hacker world as owning the
• During a real security breach it would be this stage where the hacker can utilize simple
techniques to cause irreparable damage to the target system.
Phase IV: Maintaining Access and Placing Backdoors
• Once a hacker has gained access, they want to keep that access for future exploitation
and attacks. Sometimes, hackers harden the system from other hackers or security
personnel by securing their exclusive access with backdoors, rootkits, and Trojans.
• The attacker can use automated scripts and automated tools for hiding attack evidence
and also to create backdoors for further attack.
Phase V: Clearing Tracks
• In this phase, once hackers have been able to gain and maintain access, they cover their
tracks to avoid detection by security personnel, to continue to use the owned system, to
remove evidence of hacking, or to avoid legal action.
• At present, many successful security breaches are made but never detected. This includes
cases where firewalls and vigilant log checking were in place.
• A proxy server is a server that acts as an intermediary between a workstation user and the
Internet so that the enterprise can ensure security, administrative control, and caching
• Hackers generally use the Proxy server on the Internet to make their Identity invisible to
• A Proxy site is a web page which allows you to browse your favorite web sites -- even
though your access to those web sites might be blocked by a content filter.
• If you find that you are blocked from your favorite websites, use one of these web proxy
sites to get around the block.
How Proxy Sites Work
Proxy sites enable you to bypass your own Internet provider and browse through the proxy web
site. All that you have to do is type the web site address you would like to visit in the form they
provide, and start browsing. Once you keep browsing using that form, you are protected and
your real IP address is not being logged.
Given below is a list of Web Proxies:
• An anonymous proxy is a piece of software designed to protect the privacy and
anonymity of web browsers from web site operators, Internet snoops, and even
• The anonymous proxy software resides on a proxy server. The web browser connects to
the proxy server and the proxy server connects to the web server.
• The web server does not know who you are, it only knows who the proxy server is. The
proxy server does know who you are -- so you had better choose a proxy server that you
In addition to hiding your IP address, an anonymous proxy server will typically remove
traffic such as:
• Referrer information
Some of the Anonymous Proxy Servers are:
Rayat Institute of Engineering and Information Technology, Railmajra, Near Ropar (Chandigarh)