ETHICAL HACKING
-
Upload
sweta-leena-panda -
Category
Education
-
view
4.343 -
download
0
Transcript of ETHICAL HACKING
![Page 1: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/1.jpg)
Ethical HackingPRESENTED BY :-SWETA LEENA PANDA
![Page 2: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/2.jpg)
HACKER
![Page 3: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/3.jpg)
Overview of Hacking Types of hacking Hacker Types of Hacker Why do hackers hack? How can kid hack? What does a script kid know? Hackers language How to translate the hackers’ language
CONTENT
![Page 4: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/4.jpg)
Ethical Hacking Ethical Hacking – Process What hackers do after hacking? Why can’t defend against hackers? How can protect the system? What should do after hacked? Final words
![Page 5: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/5.jpg)
overview of hacking
Hack
– Examine something very minutely
– the rapid crafting of a new program or the making of changes to existing, usually complicated software
Hacker
– The person who hacks Cracker
– System intruder/destroyer
![Page 6: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/6.jpg)
HACKER Someone who bypasses the system’s access controls by
taking advantage of security weaknesses left in the system by developers
Person who is totally immersed in computer technology and programming, and who likes to examine the code of programs to see how they work … then uses his or her computer expertise for illicit purposes such as gaining access to computer systems without permission and tampering with programs and data. At that point, this individual would steal information and install backdoors, virus and Trojans
Hacker means cracker nowadays.
![Page 7: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/7.jpg)
Types of hacker White Hat Hackers:
– who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.
Black Hat Hackers:
– A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat.
Gray Hat Hackers:
– A grey hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
![Page 8: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/8.jpg)
Types of hacker Script Kiddies:
– who use scripts or programs developed by others to attack computer systems and networks and deface websites.[
Phreak
– Person who breaks into telecommunications systems to [commit] theft
Cyber Punk
– Recent mutation of … the hacker, cracker, and phreak
![Page 9: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/9.jpg)
Why do people hack??
To make security stronger ( Ethical Hacking ) Just for fun Show off Hack other systems secretly Notify many people their thought Steal important information Destroy enemy’s computer network during
the war
![Page 10: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/10.jpg)
How can kid hack? Kid has much of time
– Kid can search for longer time than other people All hacking program is easy to use Kid doesn’t have to know how the hacking program works These kids are called script kiddies
![Page 11: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/11.jpg)
Hackers language :
1 -> i or l
3 -> e
4 -> a
7 -> t
9 -> g
0 -> o
$ -> s
| -> i or
|\| -> n
|\/| -> m
s -> z
z -> s
f -> ph
ph -> f
x -> ck
ck -> x
![Page 12: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/12.jpg)
What is Ethical Hacking
It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet
at particular point of time Ethical hackers possesses same skills,
mindset and tools of a hacker but the attacks are done in a non-destructive manner
Also Called – Attack & Penetration Testing,
![Page 13: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/13.jpg)
Hackers language translation
EXAMPLE:-
Hacking is good
H4ck||\|g 1$ 900d
![Page 14: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/14.jpg)
Hacking - Process
1. Preparation
2. Foot printing
3. Enumeration & Fingerprinting
4. Identification of Vulnerabilities
5. Attack – Exploit the Vulnerabilities
6. Gaining Access
7. Escalating privilege
8. Covering tracks
9. Creating back doors
![Page 15: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/15.jpg)
Preparation Identification of Targets – company websites, mail servers,
extranets, etc. Signing of Contract
– Agreement on protection against any legal issues– Contracts to clearly specifies the limits and dangers of the test– Specifics on Denial of Service Tests, Social Engineering, etc.– Time window for Attacks– Total time for the testing– Prior Knowledge of the systems– Key people who are made aware of the testing
![Page 16: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/16.jpg)
Foot printing
Collecting as much information about the target
DNS Servers IP RangesAdministrative ContactsProblems revealed by administrators
![Page 17: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/17.jpg)
Information Sources Search engines Forums Databases – whois, Tools – PING, whois, Traceroute, nslookup
![Page 18: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/18.jpg)
Enumeration & Fingerprinting Specific targets determined Identification of Services / open ports Operating System Enumeration
MethodsBanner grabbingResponses to various protocol (ICMP &TCP)
commands Port / Service Scans – TCP Connect, TCP SYN,
TCP FIN, etc.
![Page 19: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/19.jpg)
Identification of VulnerabilitiesVulnerabilities: It is a weakness which allows an attacker to
reduce a system's information assurance. Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating
systems, applications Possible Vulnerabilities in Services, Operating
Systems Insecure programming,Weak Access Control
![Page 20: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/20.jpg)
ToolsVulnerability Scanners - Nessus, ISS, SARA,
SAINTListening to Traffic – Ethercap, tcpdumpPassword Crackers – John the ripper, LC4,
PwdumpIntercepting Web Traffic – Achilles, Whisker,
Legion
![Page 21: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/21.jpg)
Gaining access: Enough data has been gathered at this point to make an informed
attempt to access the target Techniques
– Password eavesdropping
– File share brute forcing
– Password file grab
– Buffer overflows
![Page 22: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/22.jpg)
Escalating Privileges If only user-level access was obtained in the last step, the attacker will
now seek to gain complete control of the system Techniques
– Password cracking
– Known exploits
![Page 23: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/23.jpg)
Covering Tracks
Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp.
Techniques– Clear logs– Hide tools
![Page 24: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/24.jpg)
Creating Back Doors Trap doors will be laid in various parts of the system to ensure that
privileged access is easily regained at the whim of the intruder Techniques
– Create rogue user accounts
– Schedule batch jobs
– Infect startup files
– Plant remote control services
– Install monitoring mechanisms
– Replace apps with trojans
![Page 25: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/25.jpg)
Denial of Service If an attacker is unsuccessful in gaining access, they may use readily
available exploit code to disable a target as a last resort Techniques
– SYN flood
– ICMP techniques
– Identical SYN requests
– Overlapping fragment/offset bugs
– Out of bounds TCP options (OOB)
– DDoS
![Page 26: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/26.jpg)
What do hackers do after hacking? Patch security hole
– The other hackers can’t intrude Clear logs and hide themselves Install rootkit ( backdoor )
– The hacker who hacked the system can use the system later
– It contains trojan virus, and so on Install irc related program
– identd, irc, bitchx, eggdrop, bnc
![Page 27: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/27.jpg)
Install scanner program
– mscan, sscan, nmap Install exploit program Install denial of service program Use all of installed programs silently
![Page 28: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/28.jpg)
How can protect the system? Patch security hole often Encrypt important data
Ex) pgp, ssh Do not run unused daemon Remove unused setuid/setgid program Setup loghost
• Backup the system often Setup firewall Setup IDS
Ex) snort
![Page 29: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/29.jpg)
What should do after hacked? Shutdown the system
– Or turn off the system Separate the system from network Restore the system with the backup
– Or reinstall all programs Connect the system to the network
![Page 30: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/30.jpg)
H4CKING VS CR4CKING
HACKING WITH MALICIOUS INTENTION IS CRACKING
The basic difference is hackers do not do anything disastrous.
Cracking yield more devastating results.Cracking is crime.Cyber crime are the results of cracking ,not
hacking
![Page 31: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/31.jpg)
H4cking prone areas
![Page 32: ETHICAL HACKING](https://reader035.fdocuments.net/reader035/viewer/2022062702/554a5420b4c90531228b4ca8/html5/thumbnails/32.jpg)
Please send suggestions and feedbacksI am waiting for your replay. THANK YOU