Ethical hacking

Category: Entertainment

Presentation Description

ethical hacking,google hacking ,forensics


Presentation Transcript


Hacking A technological threat


INTRODUCTION 1.What is Hacking? 2.Hacking introduction . 3.Types of Hackers. 4.Is Hacking a Crime? 5.White Hat and Black Hat

Overview of Internet Security:

Overview of Internet Security

Computer Hacking - History:

Computer Hacking - History 1960 MIT (Massachusetts Institute of Technology) Tools & Hackers Tools (nerdy student) Hackers (lazy student) Personal Computer Telephone Systems – Phreak Software – Crackers

Types of Hackers :

Types of Hackers Black Hat Crackers Hacktivists Script kiddies Cyber terrorists White Hat Web security developers Cyber crime investigators

Types of Computer Hackers - Methods:

Types of Computer Hackers - Methods Network enumeration Vulnerability analysis Exploitation Accessing Tools

Vital steps for HACKING:

Vital steps for HACKING Information gathering Vulnerability assesment Exploitation Gaining access Clearing off logs NOTE: Protection of IP while intruding into systems

Information Gathering :

Information Gathering Search engines .. By using different queries . Social networking sites .

Information Gathering :

Information Gathering whois tools: -- Sam Spade -- Smart Whois -- Netscan -- GTWhois --

Information Gathering :

Information Gathering DNS must reads: -- RFC 1912 Common DNS Errors -- RFC 2182 Secondary DNS Servers -- RFC 2219 Use of DNS Aliases

Port Scanning and System Enumeration:

Port Scanning and System Enumeration

PowerPoint Presentation:

Internet Footprinting 13 13

Footprinting :

Footprinting In computers, footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. Footprinting can reveal system vulnerabilities and improve the ease with which they can be exploited.

Internet Footprinting Outline:

Internet Footprinting Outline Review publicly available information Perform network reconnaissance Discover landscape Determine vulnerable services

Review publicly available information:

Review publicly available information News: Look for recent news SEC filings Search for phone numbers, contacts Technical info: Look for stupid postings Router configs Admin pages Nessus scans Netcraft Whois/DNS info SamSpade dig

Network reconnaissance:

Network reconnaissance Use traceroute to find vulnerable servers Trout Can also query BGP tools Look up ASNs

Landscape discovery:

Landscape discovery Ping sweep: Find out which hosts are alive nmap, fping, gping, SuperScan, etc. Port scans: Find out which ports are listening Don’t setup a full connection – just SYN Netcat can be run in encrypted mode – cryptcat nmap advanced options XMAS scan sends all TCP options Source port scanning sets source port (e.g., port 88 to scan Windows systems) Time delays Banner grab & O/S guess telnet ftp netcat nmap


Scanning mapping of the target network use system tools like traceroute & ping Visual Tools: NeoTrace (Visual Trace) & Visual Route finding the range of IP addresses discerning the subnet mask identify network devices like firewalls & routers identify servers


Scanning mapping of the reachable services detecting `live` hosts on target network discovering services / listening ports / portscan; nmap; identifying operating system & services identify application behind services & patch level

Classes of Attacks:

Classes of Attacks Authentication The Authentication section covers attacks that target a web site's method of validating the identity of a user, service or application. Authorization The Authorization section covers attacks that target a web site's method of determining if a user, service, or application has the necessary permissions to perform a requested action. Client-side Attacks The Client-side Attacks section focuses on the abuse or exploitation of a web site's users. Command Execution The Command Execution section covers attacks designed to execute remote commands on the web site. All web sites utilize user-supplied input to fulfill requests. Logical Attacks The Logical Attacks section focuses on the abuse or exploitation of a web application's logic flow.

Attack Techniques (Hacking Techniques) :

Attack Techniques (Hacking Techniques) Brute Force A Brute Force attack is an automated process of trial and error used to guess a person's username, password, credit-card number or cryptographic key Cross-site Scripting Cross-site Scripting (XSS) is an attack technique that forces a web site to echo attacker-supplied executable code, which loads in a user's browser. SQL Injection SQL Injection is an attack technique used to exploit web sites that construct SQL statements from user-supplied input. XPath Injection XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.

DDoS Attacks:

DDoS Attacks DoS Basics DDos Attack Description DDos Attack Taxonomy Well known DDoS attacks Defense Mechanisms Modern Techniques in Defending

DoS Basics:

DoS Basics What is Internet? What resources you access through Internet? Who uses those resources? Good vs Bad Users Denial-of-Service attack a.k.a. DoS attack is a malicious attempt by a single person or a group of people to cause the victim, site, or node to deny service to its customers. DoS vs DDoS DoS: when a single host attacks DDos: when multiple hosts attacks simultaneously

DoS Basics:

April 19, 2006 CS 521: Network Architecture II DoS Basics What is Internet? What resources you access through Internet? Who uses those resources? Good vs Bad Users Denial-of-Service attack a.k.a. DoS attack is a malicious attempt by a single person or a group of people to cause the victim, site, or node to deny service to its customers. DoS vs DDoS DoS: when a single host attacks DDos: when multiple hosts attacks simultaneously

DDos Attack Description:

DDos Attack Description exhaust the victim's resources network bandwidth, computing power, or operating system data structures DDos Attack build a network of computers discover vulnerable sites or hosts on the network exploit to gain access to these hosts install new programs (known as attack tools ) on the compromised hosts hosts that are running these attack tools are known as zombies many zombies together form what we call an army building an army is automated and not a difficult process nowadays

DDos Attack Description:

DDos Attack Description How to propagate Malicious Code? Central source propagation: this mechanism commonly uses HTTP, FTP, and remote-procedure call (RPC) protocols

DDos Attack Taxonomy:

DDos Attack Taxonomy There are mainly two kinds of DDoS attacks Typical DDoS attacks, and Distributed Reflector DoS (DRDoS) attacks Typical DDoS Attacks:

DDos Attack Taxonomy:

DDos Attack Taxonomy DRDoS Attacks: slave zombies send a stream of packets with the victim's IP address as the source IP address to other uninfected machines (known as reflectors ) the reflectors then connects to the victim and sends greater volume of traffic, because they believe that the victim was the host that asked for it the attack is mounted by noncompromised machines without being aware of the action

DDoS Attack Description:

DDoS Attack Description

DDoS Attack Description:

DDoS Attack Description A Corporate Structure Analogy

Defense Mechanisms:

Defense Mechanisms Preventive defense try to eliminate the possibility of DDoS attacks altogether enable potential victims to endure the attack without denying services to legitimate clients Hosts should guard against illegitimate traffic from or toward the machine. keeping protocols and software up-to-date regular scanning of the machine to detect any "anomalous" behavior monitoring access to the computer and applications, and installing security patches, firewall systems, virus scanners, and intrusion detection systems automatically sensors to monitor the network traffic and send information to a server in order to determine the "health" of the network

PowerPoint Presentation:

cryptography : Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography is not the only means of providing information security, but rather one set of techniques. Cryptography is the process of writing,using various method(“ciphers”)to keep message secret

PowerPoint Presentation:

Crytographic goals : CONFIDENTIALITY: Confidentiality is a service used to keep the content of information from all but those authorized to have it. Secrecy is a term synonymous with confidentiality and privacy. There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. DATA INTEGRITY: Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution.

PowerPoint Presentation:

Classic cryptography: The earliest forms of secret writing required little more than pen & paper analogs , as most people could not read. The main classical cipher types are transposition cipher , which arrange the order of letters in a message. Transposition cipher eg : hello world becomes “ehlol owrdl”. substitution ciphers, which systematical replace letters or group of letters. substitution cipher eg : fly at once becomes “gmz bu podf”

PowerPoint Presentation:

Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques, and, more generally, information security services A cryptanalyst is someone who engages in cryptanalysis Cryptology is the study of cryptography and cryptanalysis A cryptosystem is a general term referring to a set of cryptographic primitives used to provide information security services. Most often the term is used in conjunction with primitives providing confidentiality, i.e., encryption Cryptographic techniques are typically divided into two generic types: symmetric-key cryptography public-key cryptography Cryptography techniques:

PowerPoint Presentation:

Hacking Windows .

Hacking Windows outline:

Hacking Windows outline Scan Enumerate Penetrate Escalate Pillage Get interactive Expand influence

Scanning Windows:

Scanning Windows Port scan, looking for what’s indicative of Windows 88 – Kerberos 139 – NetBIOS 445 – SMB/CIFS 1433 – SQL Server 3268, 3269 – Active Directory 3389 – Terminal Services Trick: Scan from source port = 88 to find IPSec secured systems

Enumerating Windows:

Enumerating Windows Accounts USER account used by most code, but escalates to SYSTEM to perform kernel-level operations System accounts tracked by their SIDs RID at end of SID identifies account type RID = 500 is admin account Need to escalate to Administrator to have any real power Tools userdump – enumerates users on a host sid2user & user2sid translates account names on a host SAM Contains usernames, SIDs, RIDs, hashed passwords Local account stored in local SAM Domain accounts stored in Active Directory (AD) Trusts Can exist between AD domains Allows accounts from one domain to be used in ACLs on another domain

Hacking Tools: Google Hacking and SQL Injection:

Hacking Tools: Google Hacking and SQL Injection

Lifecycle of a Google Hack:

Lifecycle of a Google Hack 1. Security Problem discovered on online product; 2. Analyze online product 3. Find typical string 4. Create a google request 5. Find vulnerable websites


Examples: -- inurl:php.bak mysql_connect mysql_select_db -- ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-“ -- "index of/" "ws_ftp.ini" "parent directory“ -- !Host=*.* intext:enc_UserPassword=* ext:pcf

footprinting @ google:

footprinting @ google news group articles of employees @<targetdomain> search business partners link:<targetdomain> site:<targetdomain> intitle:index.of site:<targetdomain> error | warning site:<targetdomain> login | logon

footprinting @ google:

footprinting @ google site:<targetdomain> username | userid site:<targetdomain> password site:<targetdomain> admin | administrator site:<targetdomain> inurl:backup | inurl:bak site:<targetdomain> intranet

Google Hacking:

Google Hacking What to know: Advanced Operands: site:<domainname> inurl:<path> filetype:<xls|doc|pdf|mdb|ppt|rtf|…….> intitle:<keyword> intext:<keyword>

Google Hacking:

Google Hacking The Power of combining Advanced Operands: – -- shows all websites NOT from the official Webserver -- maps are hostnames without contacting target network --,,, … Offline Analysis of the search result: --

Google Hacking:

Google Hacking The Google Hacking Database -- Directory Listings - Hidden/Private Files intitle:index.of ‘parent directory’ intitle:index.of.admin intitle:index.of inurl:admin intitle:index.of ws_ftp.log

Google Hacking:

Google Hacking Error Messages of Scripts ‘Fatal error: call to undefined function’ –reply –the –next ‘Warning: Failed opening’ include_path -- Search for vulnerable Scripts inurl:guestbook/guestbooklist.asp ‘Post Date’ ‘From Country’

Google Hacking:

Google Hacking -- Search for Backups filetype:bak inurl:php.bak filetype:bak inurl:php.bak -- Search for: --- Printers; --- Webcams; --- Intranet Sites; --- Network Tools Ntop, MRTG; --- Databases

Google Hacking:

Google Hacking

Web Application Security Consortium (WASC) Statistics:

Web Application Security Consortium (WASC) Statistics

SQL Injection :

SQL Injection Allows a remote attacker to execute arbitrary database commands Relies on poorly formed database queries and insufficient input validation Often facilitated, but does not rely on unhandled exceptions and ODBC error messages Impact: MASSIVE. This is one of the most dangerous vulnerabilities on the web.


Introduction very hard to understand the conceptual idea of SQL injection without partially understanding the code that runs in the background. SQL is relatively easy to read, a little more difficult to write There is a necessity to understand the different types of SELECT commands that are mostly used to retrieve information from a database .

How common is it?:

55 How common is it? It is probably the most common Website vulnerability today! It is a flaw in "web application" development, it is not a DB or web server problem Most programmers are still not aware of this problem A lot of the tutorials & demo “templates” are vulnerable Even worse, a lot of solutions posted on the Internet are not good enough In pen tests over 60% of web applications are vulnerable to SQL Injection

How does SQL Injection work?:

56 How does SQL Injection work? Common vulnerable login query SELECT * FROM users WHERE login = ' victor ' AND password = ' 123 ' (If it returns something then login!) ASP/MS SQL Server login syntax var sql = " SELECT * FROM users WHERE login = ' " + formusr + " ' AND password = ' " + formpwd + " ' ";

Injecting through Strings:

57 Injecting through Strings formusr = ' or 1=1 – – formpwd = anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 – – AND password = ' anything '

SQL Injection Characters:

58 SQL Injection Characters ' or " character String Indicators -- or # single-line comment /*…*/ multiple-line comment + addition, concatenate (or space in url) || (double pipe) concatenate % wildcard attribute indicator ?Param1=foo&Param2=bar URL Parameters PRINT useful as non transactional command @ variable local variable @@ variable global variable waitfor delay '0:0:10' time delay

Other injection possibilities:

Other injection possibilities Using SQL injections, attackers can: Add new data to the database Perform an INSERT in the injected SQL Modify data currently in the database Perform an UPDATE in the injected SQL Often can gain access to other user’s system capabilities by obtaining their password

Problem: Unvalidated Input :

Problem: Unvalidated Input

authorStream Live Help