Slide 1: 4/Dec/2009 Anshul Roy Hacking What is Hacking? : 4/Dec/2009 Anshul Roy Hacking is to secretly find a way of compromising with someone’s else information or penetrating inside someone’s else network.
Hackers can be malicious hackers (hackers with criminal intention) and ethical hackers (hackers who analyze security lapse in networks by hacking it).
Whatever the case, most people give hackers a negative connotation. What is Hacking? Classification of a Hacker : Classification of a Hacker Hackers can be classified by their motivation –
Cyberterrorists – They attack government computers or public utility infrastructures. They crash critical systems or steal classified government information.
Hacktivists – They try to
disseminate political or social
messages through their work. A
hacktivist wants to raise public
awareness over an issue. Hacking Passwords : Hacking Passwords Password hacking is one of the easiest and most common ways attackers obtain unauthorized computer or network access. Passwords are the weakest links in the information security chain. Passwords rely on secrecy. In the few following slides I will show how hackers hack passwords by using password cracking methods. Low–Tech Password Cracking : 4/Dec/2009 Anshul Roy Low–Tech Password Cracking The easiest and the oldest way to crack a password is by using the physical vulnerabilities-
Shoulder surfing – Shoulder surfing (the act of looking over someone’s shoulder to see what they are typing) is an effective low – tech password hack.
Inference – Inference is to simply guess the password from the information you know about the user like – birth date, phone number etc. High-Tech Password Cracking : 4/Dec/2009 Anshul Roy High-Tech Password Cracking High – tech password cracking involves using a program that tries to guess a password by determining all possible password combinations. Some of the commonly used softwares are –
John the Ripper(www.openwall.com/john)
Proactive Password Auditor (www.elcomsoft.com/ppa.html)
(www.rainbowcrack.com) Other Password Hacking Tricks : 4/Dec/2009 Anshul Roy Other Password Hacking Tricks Some other ways to crack passwords are as follow –
Keystroke Logging – One of the best techniques for capturing passwords is remote keystroke logging – the use of software to record keystrokes as they are being typed on the computer. You can download logging tools from www.spectorsoft.com, www.amecisco.com and www.keyghost.com.
Searching – You can try to find passwords by using your favorite text-searching utility – such as Windows search function – to search for passwords on your computer drives. You may be shocked to find what’s on your system. Slide 8: 4/Dec/2009 Anshul Roy Keystroke Logging Hacker Victim The Hacker sends an e-mail to the victim in which he has attached a keystroke logger. Even if the victim does not opens the attachment file, the keystroke logger starts recording the keystrokes. The keystrokes are relayed to the hacker which he can use for personal gain. Social Engineering : Social Engineering Social Engineering takes advantage of the weakest link in any organization’s information security defenses: the employees. Social Engineering is “people hacking” and involves maliciously exploiting the trusting nature of human beings to obtain information that can be used.
Malicious attackers pose as someone else to gain information they otherwise can’t access. Slide 10: 4/Dec/2009 Anshul Roy Social Engineer Victim The social engineer calls the victim and asks for his password. Good Evening sir, I am your Yahoo accounts manager. We are suspecting that your e-mail id has some malware. Yahoo needs to clear it up otherwise your network can crash. Your are required to give me your password. So that it can be cleared. Okay sir, my password is “streetchasers”. I hope you get rid of the malware as soon as possible. The victim trusts him and gives his password. The trust factor in a human being helps a social engineer to gain access to someone’s else account. They may ask the password from the person through mail or telephone conversation. Examples of Social Engineering : 4/Dec/2009 Anshul Roy Examples of Social Engineering Here are some examples of social engineering –
False Vendors – They claim to make updates in the victim’s e-mail account and ask for the password and then gain full access.
Phishers – Phishing e-mails sent by hackers gather user IDs and passwords of unsuspecting recipients. The hacker then use those passwords to gain access to bank accounts and more. Slide 12: 4/Dec/2009 Anshul Roy Phisher Victim Form asking for personal information The unsuspected victim gives information Phisher sends e-mail that appears to be from a source the user trusts and it urges quick action, such as clicking on a link or opening a e-mail attachment. Clicking the link opens a browser window on a web page where the user is asked to provide personal information. Information is relayed to the phisher. Personal data allows phishers to steal identities and money or government and corporate secrets. Slide 13: 4/Dec/2009 Anshul Roy E-Mail Hacking : E-Mail Hacking Practically all messages applications are hacking targets on our network. Infact, e-mail systems are most targeted. In the following slides I have showed some e-mail hacking tricks. E-Mail Bombs : E-Mail Bombs E-mail bombs can crash a server and provide unauthorized administrator access. They attack by creating denial of service (DoS) conditions against your e-mail software and even your network and Internet connection by taking up a large amount of bandwidth and sometimes requiring large amount of storage space. Slide 16: 4/Dec/2009 Anshul Roy An attacker can create an attachment overloading attack by sending hundreds or thousands of e-mails with very large attachments to one or more recipients on a network. Multiple large messages can quickly fill the total storage capacity of an e-mail server. This can create crash the network or require you to take your system offline to clean up the junk. An attacker can crash your e-mail service or bring it to crawl by filling the incoming internet connection with junk. Even if your system automatically identifies and discards obvious attachment attacks, bogus messages eat resources and delay processing of valid messages. Hacker Victim E-mail bomb attack Password Cracking Tools : Password Cracking Tools BIOS passwords
Cain and Aibel
(www.winhex.com) Malware : Malware Chrootkit
(vancouver-webpages.com/rkdet) Slide 19: Thank You