Ethical Hacking Interview Questions and Answers

Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Example of Hacking: Using password cracking algorithm to gain access to a system

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security. There are different types of hackers:

Ethical Hacker or White hat: “white hat” in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization’s information systems.

Cracker or Black hat: Black Hat hackers, also known as crackers, are those who hack in order to gain unauthorized access to a system and harm its operations or steal sensitive information

Grey hat:  grey hat hacker sometimes called both white and black hacker. The term “grey hat” refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards but does not have the malicious intent typical of a black hat hacker.

Blue hat: Blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term Blue Hat to represent a series of security briefing events.

Red Hat Hacker: Red hat hackers are again a blend of both black hat and white hat hackers. They are usually on the level of hacking government agencies, top-secret information hubs, and generally anything that falls under the category of sensitive information.

Script kiddie: A Script Kiddie is basically a hacker amateur who doesn’t has much knowledge to program tools to breaks into computer networks. He often use downloaded hacking tools from internet written by other hackers/security experts.

Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.

Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

Ethical hacking and ethical hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer systems or network. An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, in an effort to minimize or eliminate any potential attacks. (Or)

Ethical hacking or penetration testing refers to the exploitation of an IT system with the permission of its owner in order to determine its vulnerabilities and weaknesses. It is an essential process of testing and validating an organization’s information security posture and maturity. The results of ethical hacking are typically used to recommend preventive and corrective countermeasures that mitigate the risk of a cyber-attack.

In a world, Information is one of the most valuable assets of an organization/company. Keeping information secure can protect an organization’s image and save an organization a lot of money. Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.

Hacking, or targeting a specific machine, should follow and go through the following five stages:

Reconnaissance: where the hacker attempts to collect as much information as possible about the target.

Maintaining access: Once access is gained, hackers want to keep that access for future exploitation and attacks by securing their exclusive access with backdoors, rootkits and trojans.

Scanning: In this stage involves exploiting the information gathered during reconnaissance phase and using it to examine the victim. The hacker can use automated tools during the scanning phase which can include port scanners, mappers and vulnerability scanners.

Gaining access:  In this is the phase where the real hacking takes place. The hacker now

attempts to exploit vulnerabilities discovered during the reconnaissance and scanning phase to gain access.

Covering tracks: Once hackers have been able to gain and maintain access, they cover their tracks and traces to avoid detection. This also allows them to continue the use of the hacked system and avoid legal actions.

MAC Flooding is one of the most common network attacks. Mac Flooding is a technique where the security of given network switch is compromised. In Mac flooding the hacker or attacker floods the switch with large number of frames, then what a switch can handle. This make switch behaving as a hub and transmits all packets at all the ports. Taking the advantage of this the attacker will try to send his packet inside the network to steal the sensitive information.

Cisco switches are packed with in-built security feature against MAC flooding attacks, called as Port Security. Port Security is a feature of Cisco Switches, which give protection against MAC flooding attacks.

In computing, footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment.  Or Footprinting refers to accumulating and uncovering information about the target network before attempting to gain access. Hacking techniques include:

Open source footprinting:  In this technique will search for administrator contact information, which can be later used for guessing the correct password in social engineering.

Network enumeration:  when the hacker attempts to identify the domain names and network blocks of the targeted

Scanning: Once the network is known, the second step is to pry on the active IP addresses on the network.

Stack fingerprinting:  In this technique should be the final footprinting step that takes place once the port and host are mapped.

Types of Hacking are,

• Website Hacking
• Network Hacking
• Ethical Hacking
• Email Hacking
• Password Hacking
• Online Banking Hacking
• Computer Hacking

Computer Hacking is when files on your computer are viewed, created, or edited without your authorization.

Email hacking is the unauthorized access to, or manipulation of, an email account or email correspondence.

Password hacking, sometimes referred to as password cracking, is a method of recovering passwords from data transmitted by or stored on a computer.

Online banking Hacking Unauthorized accessing bank accounts without knowing the password or without permission of account holder is known as online banking hacking.

SQL injection (SQLi) is a type of hack that sends SQL commands to a server. The SQL injection attack runs commands on the server and either inserts data or returns data to the attacker.  Or an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management

• Kali Linux: Developed by Offensive Security as the rewrite of Backtrack, Kali Linux distro tops our list of the best operating systems for hacking purposes.
• Parrot Security OS
• Back Box
• Matriux Linux
• Caine
• Bugtracq
• Samurai Web Testing Framework
• Pentoo Linux
• DEFT Linux
• BlackArch Linux
• Deft Linux
• ArchStrike Linux
• Fedora Security Spin
• Network Security Toolkit (NST)

Most widely used scripting language for hackers is Python. Python has some important features that make it particularly useful for hacking, but probably most importantly, it has some pre-built libraries that provide some powerful functionality.

Some important hacking techniques that are commonly used to get your personal information in an unauthorized way.

• Virus, Trojan etc.
• Key logger
• ClickJacking Attacks
• Denial of Service (DoS\DDoS)
• Waterhole attacks
• Fake WAP
• Eavesdropping (Passive Attacks)
• Phishing

Top hacking software’s used by hackers and cyber security professionals.

Nessus: Most used in vulnerability scanner

Network Mapper (NMAP): Used to Scan Ports and Map Networks – and a whole bunch more

Metasploit: The Metasploit Project is a hugely popular pentesting or hacking framework.

John the Ripper: Password Cracking Tool

Cain and Abel Hacking Tool: Password Cracker/ Password Hacking

THC Hydra: Password Cracking Tool

 Wireshark: Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.

OWASP Zed: Web Vulnerability Scanner

Ettercap: Middle Attackers

Aircrack-ng: Password Cracking Tool (Wi-Fi)

Maltego: Digital Forensics

Nikto: Website Vulnerability Scanner Hacking Tool

IronWASP: Web application vulnerability testing

HconSTF: Pentesting tool

Kismet: for wireless networks

Burp Suite is an integrated platform used for attacking web applications. It contains all the possible tools a hacker would require for attacking an application. Some of these functionalities include, but are not limited to:

• Comparer
• Decoder
• Intruder
• Repeater
• Spider
• Sequencer
• Scanner
• Proxy

A denial of service attack sends massive amounts of traffic to a website in an attempt to crash either the router or the web server. Hackers can use a syn attack, buffer overflow attack, smurf attack or even viruses.

CSRF or Cross site request forgery is an attack from a malicious website that will send a request to a web application that a user is already authenticated against from a different website. To prevent CSRF you can append unpredictable challenge token to each request and associate them with user’s session.  It will ensure the developer that the request received is from a valid source

Penetration testing and ethical hacking are often used interchangeably, but there is a subtle difference. Penetration testing is a systematic approach to identifying vulnerabilities and assessing security controls in a target system. Ethical hacking, on the other hand, refers to the act of intentionally exploiting vulnerabilities in a system to identify weaknesses and improve its security. In essence, ethical hacking is a subset of penetration testing.

The “kill chain” is a concept used to describe the stages an attacker typically goes through during a successful compromise. The stages can vary, but a common kill chain model includes steps like reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Understanding the kill chain helps security professionals identify and disrupt attacks at various stages to mitigate their impact.

A zero-day vulnerability refers to a previously unknown software vulnerability that is exploited by attackers before the software vendor becomes aware of it. Zero-day vulnerabilities can be exploited by developing an exploit or using a proof-of-concept code to take advantage of the vulnerability. The exploitation can involve techniques like code injection, privilege escalation, or remote code execution, depending on the nature of the vulnerability.

Social engineering attacks target human vulnerabilities rather than technical ones. To protect a network against social engineering attacks, you can:

• Educate employees about social engineering techniques and the importance of not divulging sensitive information.
• Implement strong authentication mechanisms, such as two-factor authentication (2FA) or multi-factor authentication (MFA).
• Regularly update and patch software to prevent attackers from exploiting known vulnerabilities.
• Employ email filtering and content scanning to detect and block phishing emails or malicious attachments.

Threat intelligence provides information about current and emerging threats, including tactics, techniques, and procedures (TTPs) used by attackers. Ethical hackers leverage threat intelligence to understand the latest attack trends, identify potential vulnerabilities, and proactively test the security defenses of organizations. It helps them stay updated on new hacking techniques, vulnerabilities, and the tools attackers might use.

When conducting a wireless network penetration test, you typically follow these steps:

• Identify the wireless network’s security parameters, including SSID, encryption, authentication methods, etc.
• Perform wireless scanning and enumeration to discover access points, their configurations, and potential vulnerabilities.
• Assess the strength of wireless encryption and authentication mechanisms.
• Attempt to crack wireless encryption or bypass authentication to gain unauthorized access.
• Test for rogue access points and misconfigurations.
• Evaluate wireless network segmentation and isolation.
• Document findings, vulnerabilities, and recommendations in a report.

Ethical hacking emphasizes the importance of conducting security assessments and penetration tests in a responsible and lawful manner. Maintaining an ethical approach ensures that tests are conducted with proper authorization, respect for privacy, and adherence to legal and ethical guidelines. It helps build trust between organizations and security professionals and ensures that the focus remains on improving security rather than causing harm or disruption.

By adapting following method, you can stop your website from getting hacked

Sanitizing and validating user’s parameters: By Sanitizing and validating user parameters before submitting them to the database can reduce the chances of being attacked by SQL injection

Using Firewall: Firewall can be used to drop traffic from suspicious IP address if attack is a simple DOS

Encrypting the Cookies: Cookie or Session poisoning can be prevented by encrypting the content of the cookies, associating cookies with the client IP address and timing out the cookies after some time

Validating and Verifying user input: This approach is ready to prevent form tempering by verifying and validating the user input before processing it

Validating and Sanitizing headers:  These techniques is useful against cross site scripting or XSS, this technique includes validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values to reduce XSS attacks

Keylogger Trojan is malicious software that can monitor your keystroke, logging them to a file and sending them off to remote attackers.  When the desired behavior is observed, it will record the keystroke and captures your login username and password.

To synchronize clocks of networked computers, NTP (Network Time Protocol) is used.  For its primary means of communication UDP port 123 is used.  Over the public internet NTP can maintain time to within 10 milliseconds

A network sniffer monitors data flowing over computer network links. By allowing you to capture and view the packet level data on your network, sniffer tool can help you to locate network problems. Sniffers can be used for both stealing information off a network and also for legitimate network management. Network sniffing is used for ethical as well as unethical purposes.

The Packet Sniffer is a tool used by network administrator to sniff each of the “packets” of data travelling over the network, in order to determine the health of network and diagnose network related issues. Hence, this tool is called as a Packet Sniffer. Cyber criminals/ hackers use these tools for spying on and stealing data from the network traffic.

LDAP (Lightweight Directory Access Protocol) is a protocol that is used for getting access to the directory listing in the present active directory or also from the other directory services.

CoWPAtty Package Description. Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). CoWPAtty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.

(Simplifies and speeds up the dictionary/hybrid attack against WPA2 passwords)

MIB (Management Information Base) is a virtual database.  It contains all the formal description about the network objects that can be managed using SNMP.  The MIB database is hierarchical and in MIB each managed objects is addressed through object identifiers (OID).

Scanning is a set of procedures for identifying hosts, ports and the services attached to a network. Scanning is a critical component for information gathering. It allows the hacker to create a profile on the site of the organization to be hacked. Scanning is where they dive deeper into the system to look for valuable data and services in a specific IP address range Types of scanning include:

• Port scanning
• Vulnerability scanning
• Network scanning

It’s best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP.

Most useful programming languages for ethical hacking:

• C or C++: Create Exploits
• Purpose: Create Exploits
• Assembly Language: Reverse Engineering
• Python: Create Exploits
• PHP: Database Hacking
• HTML and JavaScript: Web hacking and pentesting

Let’s examine eight of the most common cyber-attacks that your business could face and ways to avoid them.

• Password Attacks.
• Denial-of-Service (DoS) Attacks.
• “Man in the Middle” (MITM)
• Drive-By Downloads.
• Rogue Software.