Open In App
Related Articles

Ethical Hacking Cheatsheet

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Report issue
Report

Ethical hacking includes authorized attempts to gain unauthorized access to computer systems, applications, or data. Ethical hacking requires replicating the strategies and behaviors of malicious attackers. This practice helps identify security vulnerabilities, So they can be fixed before malicious attackers can exploit them. 

Basics:

Necessary Terms:

Name of TermDescription of term
Hack ValuesThe interests of hackers are based on their worth.
VulnerabilityA weak point in a machine that may be exploited.
ExploitTake advantage of the identified vulnerability or loophole.
PayloadPayload is used for the transmission of the data with the Internet Protocol from the sender to the receiver.
Zero-day attackExploit previously unknown unpatched vulnerabilities.
Daisy-chainingA specific attack is performed by a hacker to gain access to a single system and use it to gain access to other systems on the same network.
DoxingTracking an individual’s personally identifiable information (PII) for malicious purposes.
BotSoftware is used to perform automated tasks.

Elements of Information Security:

Name of TermDescription of term
ConfidentialityMake sure that information is only accessible to authorized people.
IntegrityEnsure accuracy of information.
AvailabilityEnsures availability of resources when requested by authorized users.
AuthenticityMake sure the quality is not broken.
Non-repudiationEnsure delivery and receipt reports by sender and receiver respectively.

Phases of Ethical Hacking:

Name of TermDescription of term
ReconnaissanceThis is the first stage in which hackers try to gather information about their targets.
Scanning & Enumeration During this stage, data is scanned using tools such as dialers, port scanners, network mappers, sweepers, and vulnerability scanners.
Gaining Access In this phase, using the data collected in Phases 1 and 2, hackers design a blueprint for the target’s network.
Maintaining Access Once hackers gain access, they want to retain that access for future exploits and attacks. Once hackers own a system, they can use it as a base to launch further attacks.
Covering Tracks Before attacking, the attacker changes its MAC address and runs the attacking computer through at least one VPN to disguise its identity.

Types of Cyber Threats:

Name of TermDescription of term
Network threatsAttackers can penetrate the channel and steal information being exchanged on the network.
Host threatsGet access to information from your system.
Application threatsExploit gateways that are not protected by the application itself.

Types of Cyber Attacks:

Name of TermDescription of term
OS-Based Cyber AttacksAttacks the victim’s primary operating system.
App Level Cyber AttacksApplication-originated attacks are usually caused by a lack of security testing by developers.
Shrink WrapExploit unpatched libraries and frameworks in your application.
MisconfigurationHacking systems with poorly configured security.

Legal Laws and Cyber Acts:

Name of TermDescription of term
RFC 1918For Private IP Standard 
RFC 3227For Data collection and storage 
ISO 27002For Information Security Guidelines
CAN-SPAMFor Email Marketing
SPY-ActFor License Enforcement 
DMCAFor Intellectual Property 
SOXFor Corporate Finance Processes
GLBAFor Personal Finance Data 
FERPAFor Education Records 
FISMAFor Government Networks Security Standards
CVSSFor Common Vulnerability Scoring System 
CVEFor Common Vulnerabilities and Exposure 

Reconnaissance:

Footprinting information:

Name of TermDescription of term
Network informationScan domains, subdomains, IP addresses, Whois and DNS entries, VPN firewalls, and more with it.
System informationWeb server, operating system, server location, user, username, password, passcode.
Organization informationEmployee information, organizational background, phone number, and location.

Footprinting Tools:

Name of TermDescription of term
MaltegoMaltego is software used for open-source intelligence and forensics.
Recon-ngRecon-ng is a web reconnaissance tool written in Python. 
FOCAFOCA is a tool primarily used to find metadata and hidden information in scanned documents. These documents can be found on the website.
Recon-dogReconDog is a free, open-source tool available on GitHub that is used for information gathering.
DmitryDmitry or Deepmagic Information Gathering Tool is a command line utility included with Kali Linux.

Google Hacking (Dorks):

Name of TermDescription of term
site:Used to gather database only from  specified domains
inurlUsed to gather database only from pages with a query in  URL
intitleUsed to gather database only from pages with the query in the title.
cacheUsed to gather database from a cached version of the queried page
linkUsed to gather database from pages containing the requested URL. Discontinued.
filetypeUsed to gather database Only results for specified file types

Scanning Networks:

Involves collecting additional information about the victim’s host, port, and network services. It aims to identify vulnerabilities and then plan attacks.

Scanning Types:

Name of TermDescription of term
Port scanningThe process of Checking open ports and services.
Network scanningThe process of checking lists of IP Addresses
Vulnerability scanningThis is also called penetration testing

Common Ports to Scan:

Port Number 

 Protocol Type

 Network Type

22 

TCP 

SSH (Secure Shell) 

23 

TCP 

Telnet     

25 

TCP 

SMTP (Simple Mail Transfer Protocol) 

53 

TCP/UDP 

DNS (Domain Name System)

80 

TCP 

HTTP (Hypertext Transfer Protocol)

123 

TCP 

NTP (Network Time (Network)

443 

TCP/UDP 

HTTPS     

500 

TCP/UDP 

IKE/IPSec (Internet Key )

631 

TCP/UDP 

IPP (Internet Printing (Internet)

3389 

TCP/UDP 

RDP (Remote Desktop)

9100 

TCP/UDP

AppSocket/JetDirect 

Scanning Tools:

Name of ToolDescription of Tool
NmapNmap (“Network Mapper”) is a free and open-source utility for network exploration and security testing.
HpingHping is a command line-oriented TCP/IP packet compiler/parser.
ArpingArping is a tool for polling hosts on a network. Unlike the ping command, which operates at the network layer.

Enumeration:

Enumeration is a process in ethical hacking, which Interact with the system and interrogate it to obtain the necessary information. Involves the discovery and exploitation of vulnerabilities.

Enumeration Techniques:

Name of TermDescription of term
Windows enumeration It helps to get system information.
Windows user account enumerationIt is process to check the current user.
NetBIOS enumeration Configure IP address  (default gateway, subnet, DNS, domain controller).
SNMP enumeration Process of collection of information about all network configurations.
LDAP enumeration To access directory listings in Active Directory or from other directory services
NTP enumeration Using the NTP enumeration, you can collect information such as a list of servers connected to the NTP server, IP addresses, system names, and operating systems 
SMTP enumeration SMTP enumeration allows us to identify valid users on the SMTP server.
Brute forcing Active Directory In a brute force attack, an attacker gains access to your system just by repeatedly logging in with multiple passwords until they guess the right password.

Sniffing:

Sniffing Involves retrieving packets of data over a network using a specific program or device.

Sniffing Types:

Type of ScanningDescription
Passive sniffingIn passive sniffing, There is no packet sending is required.
Active sniffingIn active sniffing, We request a packet with source and destination addresses.

Sniffing Tools:

Name of tools for sniffingDescription
BetterCAP

The BetterCAP tool is a very powerful, flexible, and portable best software tool created to perform various types of MITM attacks against networks and manipulate its HTTP, HTTPS, and TCP traffic in real-time, sniffing it for as well as credentials, and much more through it.

Ettercap

Ettercap tool is a software comprehensively sharp tool suited for man-in-the-middle attacks for networks. It has features as well as sniffing of live connections, content filtering.

Wireshark

Wireshark tool is a tool that is known as one of the most popular packet sniffers. It offers an unlimited number of features designed to implement and assist in the dissection and analysis of traffic for it.

Tcpdump

 tcpdump is a tool that provides the ability to intercept and ability to observing TC P/IP and other packets during transmission over the network.

WinDump

A Windows port the popular to Linux as well as packet sniffers at tcpdump, which is a command-line tool that is perfect for displaying header information through it. Due to the success of tcpdump on Unix-like operating systems os, it was “ported over” to the windows platforms to it, This simply means it was cloned to allow for Windows packet capturing it.

Dsniff

This tool is a pair of tools designed to perform sniffing packets with differentiating protocols with the intention of intercepting and revealing passwords as well the Dsniff tool is designed for the Unix and Linux platforms and does not have a full equivalent on the Windows platforms for support.

Sniffing Attacks:

Name of TermDescription of term
MAC floodingSend multiple fake MAC addresses to the switch until the CAM table is full. This puts the switch open on failure, where it propagates incoming traffic to all ports on the network.
DHCP attacksA type of denial-of-service attack that exhausts all available server addresses.
DNS poisoningManipulate the DNS table by replacing a legitimate IP address with a malicious one.
VLAN hoppingAttack a host on one VLAN to access traffic on other VLANs.
OSPF attacksForm a trust relationship with adjacent routers.

System Hacking:

System hacking is defined as a compromise between a computer system and software to gain access to a target computer and steal or misuse their sensitive information.

Types of system attacks:

Name of TermDescription of term
LM Hashing It is  used to compromise the password hash
Sidejacking It  is a process of  Stealing access to a website, often through cookie hijacking
Session HijackingIt is the process of targeting and detecting client-server traffic  and predict sequences

Social Engineering:

Social engineering refers to pressuring people in a targeted organization to disclose sensitive or confidential information.

Steps of Social Engineering:

Name of TermDescription of term
ResearchThe process of collecting information about the target company
Select targetThe process of Choosing a target employee of a targeted company
RelationshipIt is Gaining the trust of your target employees by building relationships
ExploitThe process of Extracting information from  targeted employees
Identity theft Identity theft occurs when someone steals your personal information to commit fraud.

Web Hacking:

Web hacking generally refers to exploiting applications over the Hypertext Transfer Protocol (HTTP). This can be done by manipulating the application through a web graphical interface, by manipulating the Uniform Resource Identifier (URI), or by abusing HTTP elements.

Web Server Hacking : 

A web server is a system for storing, processing, and serving websites. Web server hacks include:

Name of TermDescription of term
Information gatheringIn web servers hacking, Information gathering is Collecting robots.txt to view hidden directories/files
FootprintingFootprinting in web server hacking is a  listing of popular web apps 
MirroringThis makes it easy to find directory forms and other important records from  mirrored copies without making several requests to the web server.
vulnerabilities analysisA vulnerability assessment is a review focused on security-related issues that have a moderate or severe impact on the security of a product or system.

Web Server Hacking Topen-sourceools:

Names of ToolsDescription of Tools
Wfetch

Wfetch was originally part of the IIS 6.0 Resource Kit Tools. Can be used to troubleshoot HTTP redirects, HTTP status codes, etc.

THC Hydra

This tool is widely used for hacking quick network logins. Attack the login page using both dictionary and brute force attacks.

HULK DoS

HULK is a denial of service (DoS) tool used to attack web servers by generating a unique and disguised amount of traffic.

w3af

w3af is a web application attack and audit framework. The purpose of this project is to create a framework that helps secure web applications by finding and exploiting all vulnerabilities in web applications.

Metasploit

The Metasploit framework is a very powerful tool that both cyber criminals and ethical hackers can use to investigate systematic vulnerabilities in networks and servers.

Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and database takeovers.

Cryptography:

Encryption is the process of hiding sensitive information.

General Terms:

Name of termDescription of term
CipherEncryption and decryption algorithm.
Clear text / plaintextUnencrypted data 
Cipher textEncrypted data 

Encryption Algorithms:

Name of termDescription of term
DES (Data Encryption Standard)Block cipher, 56-bit key, 64-bit block size 
3DES (Triple Data Encryption Standard)Block cipher, 168-bit key 
AESIterated block cipher. 
RC (Rivest Cipher)Symmetric-key algorithm. 
BlowfishA fast symmetric block cipher, 64-bit block size, 32 to 448 bits key
TwofishSymmetric-key block cipher
RSA (Rivest–Shamir–Adleman)Achieving strong encryption through the use of two large prime numbers. 
Diffie–HellmanUsed for generating a shared key between two entities over an insecure channel. 
DSA (Digital Signature Algorithm)Private key tells who signed the message. Public key verifies the digital signature 

Cloud Security:

Cloud providers implement restricted access and access policies with logs and the ability to request access and denial reasons.

Cloud Computing Attacks:

Name of termDescription of term
Wrapping attackChange the unique characters but keep the signature valid.
Side channel attacksAn attacker controls VMs on the same physical host (either by compromising one or placing one of their own).
Cloud Hopper attackThe goal is to compromise an employee’s or cloud service company’s account in order to obtain confidential information.
Cloudborne attackExploit specific BMC vulnerabilities
Man-In-The-Cloud (MITC) attackIt runs using a file sync service (such as Google Drive or Dropbox) as infrastructure.

Malware and Other Attacks:

Malware is a malicious program designed to damage your system and give its creator access to your system.

Trojans: 

The malware is contained in seemingly harmless programs. The types are:

Name of termDescription of term
Remote access trojans (RATs)Malware that contains a backdoor for administrative control of the target computer.
Backdoor TrojansUninterrupted access by an attacker by installing a backdoor on the targeted system.
Botnet TrojansInstall the boot program on the target system
Rootkit TrojansAllow access to unauthorized areas of the software.
E-banking TrojansIt intercepts account information before encrypting it and sends it to the attacker.
Proxy-server TrojansAllows an attacker to use the victim’s computer as a proxy to connect to the Internet.

Viruses: 

Here are some examples of computer viruses:

Name of termDescription of term
Stealth virusThe virus takes aggressive steps to hide infection from antivirus.
Logic Bomb virusIt does not self-replicate, does not increase in population, and may be parasitic.
Polymorphic virusModifies payload to evade signature detection.
Metamorphic virusA virus that can reprogram/rewrite itself.
Macro virusMacro creation for MS Office products.
File infectorsThe virus infects executable files.
Boot sector infectorsMalicious code that runs at system startup.
Multipartite virusesCombine file infectors and boot record infectors.


Last Updated : 05 Oct, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads