Explore Courses
course iconScrum AllianceCertified ScrumMaster (CSM) Certification
  • 16 Hours
Best seller
course iconScrum AllianceCertified Scrum Product Owner (CSPO) Certification
  • 16 Hours
Best seller
course iconScaled AgileLeading SAFe 6.0 Certification
  • 16 Hours
Trending
course iconScrum.orgProfessional Scrum Master (PSM) Certification
  • 16 Hours
course iconScaled AgileSAFe 6.0 Scrum Master (SSM) Certification
  • 16 Hours
course iconScaled Agile, Inc.Implementing SAFe 6.0 (SPC) Certification
  • 32 Hours
Recommended
course iconScaled Agile, Inc.SAFe 6.0 Release Train Engineer (RTE) Certification
  • 24 Hours
course iconScaled Agile, Inc.SAFe® 6.0 Product Owner/Product Manager (POPM)
  • 16 Hours
Trending
course iconKanban UniversityKMP I: Kanban System Design Course
  • 16 Hours
course iconIC AgileICP Agile Certified Coaching (ICP-ACC)
  • 24 Hours
course iconScrum.orgProfessional Scrum Product Owner I (PSPO I) Training
  • 16 Hours
course iconAgile Management Master's Program
  • 32 Hours
Trending
course iconAgile Excellence Master's Program
  • 32 Hours
Agile and ScrumScrum MasterProduct OwnerSAFe AgilistAgile CoachFull Stack Developer BootcampData Science BootcampCloud Masters BootcampReactNode JsKubernetesCertified Ethical HackingAWS Solutions Artchitct AssociateAzure Data Engineercourse iconPMIProject Management Professional (PMP) Certification
  • 36 Hours
Best seller
course iconAxelosPRINCE2 Foundation & Practitioner Certificationn
  • 32 Hours
course iconAxelosPRINCE2 Foundation Certification
  • 16 Hours
course iconAxelosPRINCE2 Practitioner Certification
  • 16 Hours
Change ManagementProject Management TechniquesCertified Associate in Project Management (CAPM) CertificationOracle Primavera P6 CertificationMicrosoft Projectcourse iconJob OrientedProject Management Master's Program
  • 45 Hours
Trending
course iconProject Management Master's Program
  • 45 Hours
Trending
PRINCE2 Practitioner CoursePRINCE2 Foundation CoursePMP® Exam PrepProject ManagerProgram Management ProfessionalPortfolio Management Professionalcourse iconAWSAWS Certified Solutions Architect - Associate
  • 32 Hours
Best seller
course iconAWSAWS Cloud Practitioner Certification
  • 32 Hours
course iconAWSAWS DevOps Certification
  • 24 Hours
course iconMicrosoftAzure Fundamentals Certification
  • 16 Hours
course iconMicrosoftAzure Administrator Certification
  • 24 Hours
Best seller
course iconMicrosoftAzure Data Engineer Certification
  • 45 Hours
Recommended
course iconMicrosoftAzure Solution Architect Certification
  • 32 Hours
course iconMicrosoftAzure Devops Certification
  • 40 Hours
course iconAWSSystems Operations on AWS Certification Training
  • 24 Hours
course iconAWSArchitecting on AWS
  • 32 Hours
course iconAWSDeveloping on AWS
  • 24 Hours
course iconJob OrientedAWS Cloud Architect Masters Program
  • 48 Hours
New
course iconCareer KickstarterCloud Engineer Bootcamp
  • 100 Hours
Trending
Cloud EngineerCloud ArchitectAWS Certified Developer Associate - Complete GuideAWS Certified DevOps EngineerAWS Certified Solutions Architect AssociateMicrosoft Certified Azure Data Engineer AssociateMicrosoft Azure Administrator (AZ-104) CourseAWS Certified SysOps Administrator AssociateMicrosoft Certified Azure Developer AssociateAWS Certified Cloud Practitionercourse iconAxelosITIL 4 Foundation Certification
  • 16 Hours
Best seller
course iconAxelosITIL Practitioner Certification
  • 16 Hours
course iconPeopleCertISO 14001 Foundation Certification
  • 16 Hours
course iconPeopleCertISO 20000 Certification
  • 16 Hours
course iconPeopleCertISO 27000 Foundation Certification
  • 24 Hours
course iconAxelosITIL 4 Specialist: Create, Deliver and Support Training
  • 24 Hours
course iconAxelosITIL 4 Specialist: Drive Stakeholder Value Training
  • 24 Hours
course iconAxelosITIL 4 Strategist Direct, Plan and Improve Training
  • 16 Hours
ITIL 4 Specialist: Create, Deliver and Support ExamITIL 4 Specialist: Drive Stakeholder Value (DSV) CourseITIL 4 Strategist: Direct, Plan, and ImproveITIL 4 Foundationcourse iconJob OrientedData Science Bootcamp
  • 6 Months
Trending
course iconJob OrientedData Engineer Bootcamp
  • 289 Hours
course iconJob OrientedData Analyst Bootcamp
  • 6 Months
course iconJob OrientedAI Engineer Bootcamp
  • 288 Hours
New
Data Science with PythonMachine Learning with PythonData Science with RMachine Learning with RPython for Data ScienceDeep Learning Certification TrainingNatural Language Processing (NLP)TensorflowSQL For Data Analyticscourse iconIIIT BangaloreExecutive PG Program in Data Science from IIIT-Bangalore
  • 12 Months
course iconMaryland UniversityExecutive PG Program in DS & ML
  • 12 Months
course iconMaryland UniversityCertificate Program in DS and BA
  • 31 Weeks
course iconIIIT BangaloreAdvanced Certificate Program in Data Science
  • 8+ Months
course iconLiverpool John Moores UniversityMaster of Science in ML and AI
  • 750+ Hours
course iconIIIT BangaloreExecutive PGP in ML and AI
  • 600+ Hours
Data ScientistData AnalystData EngineerAI EngineerData Analysis Using ExcelDeep Learning with Keras and TensorFlowDeployment of Machine Learning ModelsFundamentals of Reinforcement LearningIntroduction to Cutting-Edge AI with TransformersMachine Learning with PythonMaster Python: Advance Data Analysis with PythonMaths and Stats FoundationNatural Language Processing (NLP) with PythonPython for Data ScienceSQL for Data Analytics CoursesAI Advanced: Computer Vision for AI ProfessionalsMaster Applied Machine LearningMaster Time Series Forecasting Using Pythoncourse iconDevOps InstituteDevOps Foundation Certification
  • 16 Hours
Best seller
course iconCNCFCertified Kubernetes Administrator
  • 32 Hours
New
course iconDevops InstituteDevops Leader
  • 16 Hours
KubernetesDocker with KubernetesDockerJenkinsOpenstackAnsibleChefPuppetDevOps EngineerDevOps ExpertCI/CD with Jenkins XDevOps Using JenkinsCI-CD and DevOpsDocker & KubernetesDevOps Fundamentals Crash CourseMicrosoft Certified DevOps Engineer ExperteAnsible for Beginners: The Complete Crash CourseContainer Orchestration Using KubernetesContainerization Using DockerMaster Infrastructure Provisioning with Terraformcourse iconTableau Certification
  • 24 Hours
Recommended
course iconData Visualisation with Tableau Certification
  • 24 Hours
course iconMicrosoftMicrosoft Power BI Certification
  • 24 Hours
Best seller
course iconTIBCO Spotfire Training
  • 36 Hours
course iconData Visualization with QlikView Certification
  • 30 Hours
course iconSisense BI Certification
  • 16 Hours
Data Visualization Using Tableau TrainingData Analysis Using Excelcourse iconEC-CouncilCertified Ethical Hacker (CEH v12) Certification
  • 40 Hours
course iconISACACertified Information Systems Auditor (CISA) Certification
  • 22 Hours
course iconISACACertified Information Security Manager (CISM) Certification
  • 40 Hours
course icon(ISC)²Certified Information Systems Security Professional (CISSP)
  • 40 Hours
course icon(ISC)²Certified Cloud Security Professional (CCSP) Certification
  • 40 Hours
course iconCertified Information Privacy Professional - Europe (CIPP-E) Certification
  • 16 Hours
course iconISACACOBIT5 Foundation
  • 16 Hours
course iconPayment Card Industry Security Standards (PCI-DSS) Certification
  • 16 Hours
course iconIntroduction to Forensic
  • 40 Hours
course iconPurdue UniversityCybersecurity Certificate Program
  • 8 Months
CISSPcourse iconCareer KickstarterFull-Stack Developer Bootcamp
  • 6 Months
Best seller
course iconJob OrientedUI/UX Design Bootcamp
  • 3 Months
Best seller
course iconEnterprise RecommendedJava Full Stack Developer Bootcamp
  • 6 Months
course iconCareer KickstarterFront-End Development Bootcamp
  • 490+ Hours
course iconCareer AcceleratorBackend Development Bootcamp (Node JS)
  • 4 Months
ReactNode JSAngularJavascriptPHP and MySQLcourse iconPurdue UniversityCloud Back-End Development Certificate Program
  • 8 Months
course iconPurdue UniversityFull Stack Development Certificate Program
  • 9 Months
course iconIIIT BangaloreExecutive Post Graduate Program in Software Development - Specialisation in FSD
  • 13 Months
Angular TrainingBasics of Spring Core and MVCFront-End Development BootcampReact JS TrainingSpring Boot and Spring CloudMongoDB Developer Coursecourse iconBlockchain Professional Certification
  • 40 Hours
course iconBlockchain Solutions Architect Certification
  • 32 Hours
course iconBlockchain Security Engineer Certification
  • 32 Hours
course iconBlockchain Quality Engineer Certification
  • 24 Hours
course iconBlockchain 101 Certification
  • 5+ Hours
NFT Essentials 101: A Beginner's GuideIntroduction to DeFiPython CertificationAdvanced Python CourseR Programming LanguageAdvanced R CourseJavaJava Deep DiveScalaAdvanced ScalaC# TrainingMicrosoft .Net Frameworkcourse iconSalary Hike GuaranteedSoftware Engineer Interview Prep
  • 3 Months
Data Structures and Algorithms with JavaScriptData Structures and Algorithms with Java: The Practical GuideLinux Essentials for Developers: The Complete MasterclassMaster Git and GitHubMaster Java Programming LanguageProgramming Essentials for BeginnersComplete Python Programming CourseSoftware Engineering Fundamentals and Lifecycle (SEFLC) CourseTest-Driven Development for Java ProgrammersTypeScript: Beginner to Advanced

Learn Ethical Hacking From Scratch

Updated on 18 September, 2020

8.31K+ views
10 min read

Despite the appealing title, ethical hacking or in more technical terms, “Penetration Testing” is not something you can master by reading an article or doing a crash course. There is much more to ethical hacking! In this article, we would have a look at what hacking is, the different types of hackers, steps involved in a hacking or penetration testing activity including common tools and techniques, how the industry looks at ethical hacking and the common certifications related to hacking. 

Before we jump into the details, let us understand what a vulnerability is, because we would be using this term again and again. Vulnerability is any loophole or a weakness in the system that could be exploited by a hacker. 

What is hacking and ethical hacking? 

To understand hacking, let us first understand what a hacker does. Whenever we think of a hacker, we imagine a guy with a hood, sitting in a dark room, having multiple computer screens in front of him and typing something at a blazing speed! We hate to burst your bubble, but most hackers do not fit that preconceived stereotype! A computer hacker is a person with deep domain expertise in computer systems, who is well versed in various methods of overcoming defense mechanisms by exploiting vulnerabilities in a computer system or network. A hacker could be financially or politically motivated or could be working with an organization to help them strengthen their infrastructure. 

Hacking refers to the activities that can overpower/derail the security mechanisms of digital devices like computers, smartphones, tablets, and even entire networks. It exploits the vulnerabilities present in the system or network to gain unauthorized access to confidential information. Hacking could be for personal benefit or with malicious intent. 

However, in ethical hacking, the hacker exploits the vulnerability, gains access to the data, but never alters, deletes or uses it for personal or professional gain. The hacker, in this case, will disclose the vulnerability to the owner of the system with a “Proof of Concept” (PoC) and request the owner to get the vulnerability remediated. Generally, ethical hackers have explicit permission to exploit the target from the owner. 

Who are the different types of hackers? 

Hackers can be generally categorized into three types based on the kind of work they do and the intent behind their hacking. 

  1. Black Hat Hackers – These are hackers who attempt to bypass security mechanisms to gain unauthorized access with a malicious intent. Generally, these hackers work with the intent of financial gain and/or causing damage to the target. They may be individuals, self-motivated groups (also known as hacktivists who aim to bring political or social change) or politically motivated groups (state sponsored hackers). 
  2. White Hat Hackers – These are professionals generally working with or for a company to help strengthen its digital security systems. The white hat hacker has explicit permission from the system or the information owner to attack the system. The intent here is to fix potential vulnerabilities before the black hat hackers could exploit them. 
  3. Grey Hat Hackers – These individuals operate either as   white hat hackers or black hat hackers, hence the nomenclature. 

What are the steps involved in hacking? 

Let us take a deeper dive into ethical hacking and understand the steps involved. Throughout this section, we will look at the steps involved in ethical hacking, and some commonly used tools and techniques which hackers generally use. To illustrate our explanation, let us assume an attacker, Mr. X is targeting an organization TaxiCompany Inc. 

1. Reconnaissance or Foot-printing – As per the Oxford dictionary, reconnaissance means, “the activity of getting information about an area for military purposes, using soldiers, planes, etc.”. Similarly, in hacking, reconnaissance means gathering information about your target. This information includes IP address ranges, Network, DNS Records, Websites, or people working with the organization. So, in this step, Mr. X would try to find the details of the key people working for TaxiCompany Inc., its website, etc. 

Reconnaissance could be active or passive in nature. In active foot printing, Mr. X would directly be scanning the network of TaxiCompany, or its websites using various tools. In passive foot printing, the Mr. X would not directly interact with any infrastructure or person. He would rather look at publicly available information from social media, public websites, etc. 
Commonly used tools/techniques for reconnaissance:  

  • Who Is: Who is lookup tells you details about the website, the owner, contact number of the owner, and the address where the website is registered? You can simply visit who.is and enter the domain you wish to search for. 
  • NMAP: NMAP or the Network Map is a tool widely used for recon and scanning. Hackers can use this tool to find details like IP range, active hosts, open ports, etc. A simple command is nmap to find active hosts is “nmap -sn 192.168.1.1-100”. This command will find all active hosts in the provided IP range. 
  • Social Engineering: This is a technique, whereby the attacker engages directly or indirectly with the staff of the target organization and manipulates them psychologically to reveal confidential information. 

Some other tools which are used for footprinting include social media sites, Nessus, Acunetix, lullar.com 

2. Scanning – Once Mr. X has some basic information about the TaxiCompany, he would start to collect in-depth information which could help him penetrate the network and access confidential information. Mr. X is most likely to use port scanners, sweepers and vulnerability scanners of different types. Mr. X could now be targeting the website or the network of the organization. For websites, using scanners like Nessus and Acunetix could give loads of information about the server where the website is hosted, open ports, server version, hosting platform, etc. In case of a network, network mapping and scanning tools will help Mr. X understand the active hosts, services (ports) running on them and with some intense scans, the OS running on the active hosts and even the vulnerabilities present! 
Kali Linux is a distribution of Linux operating system which is widely used by hackers around the globe for hacking and penetration testing. It contains almost every tool one would need for various steps of hacking. NMAP, wireshark, ncap, metasploit, etc. are pre-loaded in Kali Linux. 

Now based on the information gathered in the scanning phase, Mr. X can now easily look for vulnerabilities in the OS or the hardware using databases like NVD or CVE. 
Commonly used tools/techniques for scanning: 

Apart from NMAP, the below tools are used to perform vulnerability scanning: 

  • Nessus: The most famous vulnerability scanner from Tenable, it has 100s of plugins which allows you to make sure all vulnerabilities and misconfigurations are identified. 
  • Acunetix: Acunetix is known for its features and capabilities for web application scanning. 

3. Gaining Access – Now Mr. X knows the network, active hosts, services running, details of the operating system and the vulnerabilities present. Next, Mr. X would gain access to the assets of TaxiCompany. Mr. X now has several options to penetrate the network. He can send a “Phishing Mail” to some key people (contacted using social engineering) and trick them into clicking a malicious link (and seek username and password). Alternately, he could try tricking them into downloading a malicious attachment and installing a keylogger to get all the keystrokes. This is a fairly easy task. There are certain fake-mailers like zmail or emkei.cz which allow you to send email to anyone using any email ID as the source email. Emkei is a very popular and useful tool for sending fake email and running phishing campaigns. One can design a mail looking exactly like the original one from the same email ID and trick someone into clicking or downloading something. 

Designing a phishing page or creating a malicious file is also possible using “Metasploit”. Metasploit allows you to create an exploit and using msfvenom (or any similar tool) you can attach this exploit to an innocent looking pdf or excel file! Once the target user inside TaxiCompany opens this attachment, Mr. X gets the meterpreter shell and can now access almost everything on the target machine. Mr. X has now successfully gained the access of a system within TaxiCompany. Now he is free to navigate the system and the network to get the information he is looking for or infect more devices! 

Commonly used tools/techniques for gaining access: 

  • Kali Linux: A fully loaded operating system with all the tools starting from wireshark to Metasploit to burp suite, it contains everything! 
  • Phishing: A technique where the users are lured into clicking or downloading something on their computers. It is also possible by phone calls; a common example is fraudsters pretending to be from Bank and asking card details and OTP. 

4. Maintaining Access – Once Mr. X has gained access; he would probably like to secure that access or create another one to ensure that he has a persistent access to that machine. This could be done by using Trojans, Rootkits and backdoors. This is generally done to ensure that more information could be gained or to launch attacks using this machine. In a case where attacker controls a machine and uses it to launch further attacks, the machine is said to be a bot. An attacker uses several of these bots, called ‘botnet’, to launch attacks such as Distributed Denial of Service (DDoS) wherein thousands of requests are sent to a server at a time, potentially consuming all the bandwidth and forcing the legitimate traffic to drop. 

5. Covering Tracks – Now Mr. X has the access to the TaxiCompany’s confidential information and one of the computer systems. He now wants to make sure that he is not caught! This is generally done by corrupting or deleting the logs. While this is done at the end, some precautions need to be taken from the onset, such as using a Virtual Private Network or a VPN. VPN is a tool which encrypts any data between the source and the destination, hence making it very difficult to intercept the data. Also, VPN ensures that your actual public IP address is not visible to the target. There is always a dummy IP address which is visible to the target. So even if someone gets to know the IP of the attacker, that would actually be only the IP address of the VPN service provider! Some common free VPN tools are Hide my Ass, Nord VPN and Express VPN. 

How does the industry view ethical hacking? 

Ethical hacking is not only about CTF, HTB and bug bounties. It is much more than that. These days every company hires ethical hackers to make sure that their network, applications and data are secure from cyberattacks. Penetration testers are highly paid within an organization and they play a key role in identifying the security vulnerabilities and helping to fix them. There are various sub domains for ethical hacking which include mobile security, web application security, network penetration testing, API security and system security. 

Certifications related to ethical hacking 

If you want to pursue a career in Cyber Security, or to be more precise, in ethical hacking, having a credential is helpful. It affirms your prowess in cyber security and gives you an edge over your counterparts during the hiring process. Below are a few certifications in the field of ethical hacking that are globally acknowledged: 

  • EC-Council Certified Ethical Hacker (CEH) – The CEH, or Certified Ethical Hacker credential is the number one certification that any aspiring ethical hacker should aspire towards. The most common certification in the field of cyber security, it provides in-depth working knowledge about ethical hacking and the concepts related to it. 
  • CompTIA Security+  –  A little less technical than the CEH, CompTIA Security+ aims at imparting fundamental knowledge of security concepts and offers less focus on practical, hands-on skills. 
  • Offensive Security’s OSCP – One of the toughest and most reputed certifications in this sector that necessitates passing a 24-hour exam, it aims to test your skill set and understanding of cyber security. 

KnowledgeHut offers in-depth training that can help you to prep for these sought-after certification exams. Get guidance from the experts—click here to explore ways to crack these exams at your very first attempt!