Vulnerability and Ethical Hacking

In this blog, we will cover the related terms on Ethical Hacking and Vulnerability.

Introduction

A vulnerability is a weakness in the system. 

Any type of system may consist of vulnerabilities like computer systems, network systems, routers, switches, and firewalls or computer applications. 

They are the open door to exploitation which generates the possibility of penetration into the systems that may consequence in unauthorized access and a compromise of confidentiality, availability, and integrity of network resources. 

They are a potential risk to the system. 

Vulnerability assessment is the process of scanning the system or software or a network to find flaws or loopholes in it which can provide a backdoor for the attacker to attack the victim. 

It is proactive and systematic energy to discover the vulnerability. 

Vulnerabilities occur due to inappropriate software design, insecure authentication, or misconfiguration. 

 Vulnerability assessment is achieved using scanners which is a hybrid solution that combines automated testing with expert analysis.

a. Reconnaissance process 

Reconnaissance is a term that refers to a set of covert strategies and techniques used to gather information on a target system and another name for it is the Information Gathering and Footprinting Phase. 

Reconnaissance is used for obtaining preliminary data, determining the range of networks, determining which machines are currently operational, discovering open ports and access points, network mapping, and investigating port services.

Types of Scanning 

• Active Scanning

Active scanning means probing the network for individual hosts, IP addresses, and network services which are also commonly referred to as rattling the doorknobs because it consists a higher chance of detection than passive scanning.

Active scanning can provide a hacker with information about security measures in place, but it also increases the likelihood of being caught or raising suspicion. 

Active scans are more thorough than passive scans because they examine internal and external networks in the same manner that a hacker would. 

• Passive Scanning

Passive scanning is the process of gathering information about a potential target without the target's knowledge. 

The majority of people, on the other hand, get their information via conducting Internet searches or Googling a person or company which is also known as the information gathering process. 

Passive scanning strategies include social engineering and dumpster diving. 

These scanners examine the current software and patch versions on networked devices, revealing whether machines are running software that could be a gateway for hackers or trojan attacks, and compare that information to public databases holding patches.

b. Enumerations

The process of obtaining user identities, machine names, network resources, shares, and services from an active system is called enumeration where the attacker establishes a live connection with the system and does target queries to learn more about the target. 

There are different types of enumerations which are listed below: 

i. NetBIOS enumeration 

ii. SNMP enumeration 

iii. LDAP enumeration

iv. SMTP enumeration

v. NTP enumeration 

vi. Windows enumeration

vii. DNS enumeration 

viii. LINUX/UNIX enumeration

Technical Analysis 

During the scanning of the vulnerabilities, two different types of scanning are done in order to carry out the operation. 

The scanning process is discussed in brief below:

Passive scanning

At first passive scanning is done in order to collect the information about the target without the victim’s consent. 

As the report demands to search the vulnerability focusing on the present Nepali cyberspace the scanning is performed in one of the organizations of Nepal named Internet Service Provider whose ISP is Web surfer Nepal Internet Service Provider and is located in the city of Kathmandu. 

The passive scanning is completed with the help of Shodan which is one of the greatest search engines for everything on the Internet and helps to find inaccessible and vulnerable devices like webcams, medical devices, traffic lights, anything which is plugged into the internet.

Active Scanning 

After the successful completion of passive scanning and gathering, general information about the device's active scanning is carried out in order to find the detailed information about the system target using the tool Nmap which is the short form of Network Mapper which is a free and open-source utility for network discovery and security auditing that identifies what hosts are available in-network and also helps to discover the hosts and services the devices offer. Using different Nmap commands the operation is carried out. 

Enumeration 

After successfully carrying out both active and passive scanning, the enumeration phase is carried out where detailed research on the ports opened services running in the system is carried out.