When the engineers begin to create networks, protocols, computers, etc, etc, they never thought that they need to set any kind of security to protect the network or computer itself.

 

Now this is  becoming the norm. we need to protect our network or better say we need to protect the  human life and the information, specially the private information, something that only belong to one person or group.

 

Now lets go to the meat:

 

What is an ethical hacker?

Ethical hacker is a professional with different IT skills and background with security in mind who is very knowledge with hacking tools and techniques, in other words WHAT YOU ARE TRYING TO BECOME.

 

What is the objective of the Ethical Hacker?

The main goal is using the same tools and techniques that other hackers use to attack a network or an application or a system to find the weakness in those computer systems and give recommendation how to protect it.

 

Also the ethical hacker try to:

  • See the system in the same way of what any attacker see it.
  • Also see if the attacker can get any benefit of the information that try to access.
  • Also he try to understand what the organization try to protect.
  • What kind of attacker can try to attack that network like competition, disgruntled employee, etc.
  • What resources the company is willing to expend to protect the information or computer system.

 

Types of Hackers:

  • White Hats: This are the ethical ones who make sure the information is protected
  • Black Hats: This are the unethical, the bad guys who try to brake a computer system and get any benefit of it.
  • Cyber Terrorist: This hackers has different motivations like political and others, try to create chaos and terror.
  • Spy hackers: This could be any hacker who try to brake and company or big corporation and try to steal trade secret, market and information that the competition can use to gain profit or take advantage of the other companies or market.
  • State Sponsored Hackers: This are governments with militaries objectives that try to infiltrate other countries to get knowledge of their military, tactics and capacity
  • Hacktivists: Some hackers activist are motivated by religion, politics or other means to expose something that they considered wrong.

I was running a scan to a server behind a Watchguard firewall and then I got banned, the firewall blacklisted my public IP address, this killed me because I manage the firewall and when I begin to troubleshooting what happened I was not able to reach the firewall itself or VPN is.

 

Now if you do:

 

C:\Users\Raul>nmap -T2 192.168.1.20

 

Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-05 17:22 Central Standard Time

 

Nmap scan report for 192.168.1.20

 

Host is up (0.086s latency).

 

Not shown: 996 filtered ports

PORT     STATE SERVICE

80/tcp   open  http

443/tcp  open  https

993/tcp  open  imaps

3389/tcp open  ms-wbt-server

 

Nmap done: 1 IP address (1 host up) scanned in 927.56 seconds

 

C:\Users\Raul>

 

Did you notice the time, it took 927 seconds, mean 15 minutes, Yes, to avoid the to be detected you need to move slowly and slowly, one packet at the time so the IPS will time out and ignore the packet.

 

You could run nmap  192.168.1.20 without the T2 switch and would be faster if there is NOT any IPS/IDS, if there is one you lost the connection and you would need to wait until the IPS remove your IP address from the black listed list.

 

So to make sure you do not lose time and get good result in your pentest scope, you need to be snick, LOL

 

Takes time to sharp your skill, just keep practicing and you will get it.

 

 

 

This sites is dedicated to increase IT Security through forums, blogs, tutorials and security products analysis. You can help to increase the security awareness through your post and recommendations.

 

This is a work in progress, free feel to contribute.

 

Thanks.

Learn-Security.net Team

 

Kali Linux 2.0 has the different password list in /usr/share

 You can see the wordlist folder, now lets go inside:

The file that has the main list is rockyou.txt.gz. You will need to extract it.