Deveesh's Blog

Hackathon on Ethical Hacking!

15 June 2022

Deveesh Shetty's photo
Deveesh Shetty
·

2 min read

Hackathon on Ethical Hacking!

Today was the last day of the Ethical Hacking Hackathon, held by CyberSapiens We were given 3 tasks comprising 20 challenges based on Web, Linux and Crypto. And I got 3rd place in it :). Winning a Bluetooth speaker and a certificate

The competition was very challenging and I enjoyed each and every part of it and I learned a lot of things in the workshop.

Total Summary of the Workshop + Hackathon:

  • Services and scope in Cyber Security
  • Importance of Cyber Security
  • Pillars of Cyber Security (CIA triad)
    1. Confidentiality
    2. Integrity
    3. Availability
  • Types of Hackers
  • Basic Linux Commands

Various Stages involved in Ethical Hacking

1. Reconnaissance - Information Gathering

Sources to get it -

  • through search engine
  • Online Services like - 
    spokeo.com
thatsthem.com
com.lullar.com
Social Media
  • Username Search
    knowem.com
checkusernames.com
namechk.com
peekyou.com
  • Email Address Check - 
    hunter.io
centralops.net/co/emaildossier.aspx
viewdns.info
thatsthem.com/reverse-email-lookup
  • Phone Number Search
    truecaller.com
EyeCon App
  • Gathering Financial Information
    google.com
finance.yahoo.com
  • Web Archives
    archive.org
cachedpages.com
timetravel.mementoweb.org
  • Through Job Sites
    linkedIn.com 
monster.com 
naukri.com
indeed.com 
careerbuilder.com
  • Using Groups Forums and Blogs
    quora.com
stackexchange.com
Companies blog sites
Github
  • Using Social Networking Site

  • Shodan Search Engine

    to find specific types of computers connected to the internet
    shodan.io
  • Mirroring Entire Website
    httrack.com
  • Whois lookup
    whois.com
whois.domaintools.com
  • Shoulder Surfing
  • Dumpster Diving

2. Scanning

  • Using Owasp Zap
  • Using exiftools
  • Source Code Review
  • Directory Lister
  • robots.txt
  • Google Hacking Database (GHDB)
  • Burp Suite

3. Gaining Access

  • Dictionary Attack
  • Brute Force Attack
  • Malware Attack

4. Maintaining Access

  • Privilege Escalation
  • Metasploit

5. Clearing Tracks

  • Log files in Windows (clearev in Metasploit)
  • Cookies (Cookie Editor)
  • SQL Injection

Cryptography

To decrypt, encrypted files and passwords.

  • Steganography
  • Wireshark

Protocols

  • Http & Https
  • FTP
  • DNS
  • SMTP
  • TCP, UDP
  • Eavesdroppin

I learned so many new things in this workshop. Glad to be part of it.