CampusFlow
SecurityEthical Hacking
Penetration Testing

Ethical Hacking

Learn penetration testing phases, tools, methodologies, and legal considerations for authorized security testing.

What is Ethical Hacking?

Ethical hacking is the authorized practice of probing systems, networks, and applications to identify security vulnerabilities that an attacker could exploit. Ethical hackers use the same techniques as malicious hackers but with explicit permission, defined scope, and a commitment to report findings responsibly.

With Permission

Always operates under a signed agreement defining scope, rules, and limitations.

Legal & Regulated

Follows legal frameworks, industry standards (OWASP, NIST, PTES), and professional ethics.

Detailed Report

Delivers a comprehensive report with findings, impact analysis, and remediation steps.

Penetration Testing Phases

1

Reconnaissance

Passive recon gathers info without direct interaction (social media, job postings, DNS records). Active recon involves direct probing (port scans, web requests).

Google DorkingShodantheHarvesterMaltego
2

Scanning & Enumeration

Port scanning (TCP SYN, UDP), service version detection, OS fingerprinting, vulnerability scanning. Enumeration extracts user lists, shares, and application details.

NmapMasscanNetcatNikto
3

Gaining Access

Exploits: buffer overflows, SQL injection, XSS, weak credentials. Payload delivery via phishing, drive-by downloads, or direct network exploitation.

MetasploitBurp SuiteSQLMapHydra
4

Maintaining Access

Creates persistent access mechanisms: scheduled tasks, registry run keys, SSH authorized_keys, web shells, or reverse tunnels that survive reboots.

NetcatSSH TunnelsCron JobsWeb Shells
5

Covering Tracks

Deletes or modifies audit logs, clears bash history, hides processes, uses timestomping (modifying file timestamps), and encrypts communication channels.

Log cleanersTimestompingSteganography
6

Reporting

Executive summary for management, technical report with proof-of-concept, prioritized remediation roadmap, and retesting recommendations.

Report templatesScreenshotsCVSS scoring

Essential Hacking Tools

Nmap

Network discovery and security scanning tool. Port scanning, service detection, OS fingerprinting.

Scanner

Metasploit

Penetration testing framework with exploit development, payload generation, and post-exploitation modules.

Exploitation

Burp Suite

Web application security testing platform. Intercepting proxy, scanner, intruder, and repeater tools.

Web

John the Ripper

Password cracking tool supporting多种 hash formats. Dictionary and brute-force attacks.

Cracker

Wireshark

Network protocol analyzer for packet capture and inspection. Deep analysis of network traffic.

Analyzer

Hydra

Parallelized network login cracker supporting numerous protocols (SSH, FTP, HTTP, SMB).

Cracker

SQLMap

Automated SQL injection detection and exploitation tool. Supports many database backends.

Exploitation

Nikto

Web server vulnerability scanner. Checks for outdated software, dangerous files, and misconfigurations.

Scanner

Types of Penetration Tests

Black Box

No prior knowledge of the target system. Simulates an external attacker with zero insider information.

Advantage: Realistic external attack simulation
Disadvantage: Time-consuming, may miss internal vulnerabilities

White Box

Full knowledge of the target — source code, architecture diagrams, credentials provided.

Advantage: Thorough coverage, finds deep vulnerabilities
Disadvantage: Less realistic, requires more preparation

Grey Box

Partial knowledge — some access or credentials provided. Balances realism and depth.

Advantage: Good balance of efficiency and realism
Disadvantage: May miss some attack vectors

CEH Certification

Full Name:Certified Ethical Hacker (CEH)
Provider:EC-Council
Focus:Ethical hacking methodologies, tools, and techniques across 20+ modules
Exam:125 multiple-choice questions, 4-hour duration, covering reconnaissance to reporting
Prerequisites:2 years of security experience or official EC-Council training

Legal & Ethical Considerations

Always obtain written authorization (signed contract) before testing
Define the scope clearly — what systems, methods, and times are permitted
Follow the rules of engagement — never exceed authorized boundaries
Handle all data discovered with confidentiality and integrity
Report all findings honestly — including vulnerabilities that could not be exploited
Never use findings for personal gain, extortion, or unauthorized disclosure
Maintain professional liability insurance and legal counsel

Interview Questions

Q1: What is ethical hacking and how is it different from malicious hacking?

A: Ethical hacking is authorized penetration testing with legal permission. Unlike malicious hackers, ethical hackers follow a code of conduct, have signed agreements defining scope, and provide detailed reports to help organizations fix vulnerabilities.

Q2: Explain the five phases of penetration testing.

A: 1) Reconnaissance — information gathering, 2) Scanning & Enumeration — identifying live hosts and services, 3) Gaining Access — exploiting vulnerabilities, 4) Maintaining Access — establishing persistence, 5) Covering Tracks — removing evidence. Followed by Reporting.

Q3: What is the difference between black box, white box, and grey box testing?

A: Black box gives no prior knowledge (simulates external attacker). White box gives full access to source code and architecture (deepest testing). Grey box provides partial knowledge or credentials (balanced approach).

Q4: What tools would you use in the reconnaissance phase?

A: Passive: Google Dorking, Shodan, theHarvester, WHOIS lookups, DNS enumeration. Active: Nmap for port scanning, Nikto for web server scanning, and custom scripts for banner grabbing.

Q5: What is the CEH certification and what does it cover?

A: CEH (Certified Ethical Hacker) by EC-Council covers 20+ modules including reconnaissance, scanning, enumeration, system hacking, malware threats, sniffing, social engineering, session hijacking, web/app hacking, SQL injection, cryptography, and penetration testing methodologies.