ethical hacking
DESCRIPTION
Ethical Hacking with toolsTRANSCRIPT
![Page 1: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/1.jpg)
Bharat T SabneAkshay M TeleNeha R PatilMayuri A MokalMayur S Ghode
Datta Meghe College of Engineering.
![Page 2: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/2.jpg)
Overview
Old School Hackers: History of Hacking Types of Hackers Common Steps of Hackers Ethical Hacking Required Skills of an Ethical Hacker Ethical Hacking Tools
![Page 3: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/3.jpg)
1971 - Cap ‘n Crunch phone exploit discovered
1988 - Morris Internet worm crashes 6,000 servers
1994 - $10 million transferred from CitiBank accounts
2000 - Major websites succumb to DDoS
2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance)
2001 Code Red• exploited bug in MS IIS to penetrate & spread• probes random IPs for systems running IIS• had trigger time for denial-of-service attack• 2nd wave infected 360000 servers in 14 hours
Code Red 2 - had backdoor installed to allow remote control
Nimda -used multiple infection mechanisms email, shares, web client, IIS2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
Old School Hackers: History of Hacking
![Page 4: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/4.jpg)
Hacker A person who enjoys learning the details of computer systems and
how to stretch their capabilities….
One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
Access computer system or network without authorization
![Page 5: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/5.jpg)
Types of hacker Black-Hat
Unauthorized user (malicious intent)
White-HatDebug or correct security vulnerabilities
Gray-HatMorally Ambiguous. Black-Hat skills, White-Hat tasks?
![Page 6: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/6.jpg)
Common Steps of hackers
Reconnaissance Scanning & Enumeration Gaining access Maintaining access Covering tracks
![Page 7: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/7.jpg)
Reconnaissance
• Intelligent work of obtaining information either actively or passively
• Examples:• Passively: Sniffing Traffic, eavesdropping• Actively: Obtaining data from American Registry for Internet
Numbers (ARIN), whois databases, web sites, social engineering
Scanning
• Identifying systems that are running and services that are active on them
• Examples: Ping sweeps and port scans
Common Steps of hackers
![Page 8: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/8.jpg)
Gaining Access
• Exploiting identified vulnerabilities to gain unauthorized access
• Examples: Exploiting a buffer overflow or brute forcing a password and logging onto a system
Maintaining Access
• Uploading malicious software to ensure re-entry is possible
• Example: Installing a backdoor on a system
Covering Tracks
• Carrying out activities to hide one’s malicious activities
• Example: Deleting or modifying data in a system and its application logs
Common Steps of hackers
![Page 9: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/9.jpg)
Ethical Hacking also known as penetration testing or intrusion testing or
red teaming has become a major concern for businesses and governments.
Companies are worried about the possibility of being “hacked” and potential customers are worried about maintaining control of personal information.
Necessity of computer security professionals to break into the systems of the organization.
Ethical hackers employ the same tools and techniques as the intruders.
They neither damage the target systems nor steal information.
The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.
![Page 10: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/10.jpg)
Required Skills of an Ethical Hacker
Microsoft: skills in operation, configuration and management.
Linux: knowledge of Linux/Unix; security setting, configuration, and services.
Firewalls: configurations, and operation of intrusion detection systems.
Routers: knowledge of routers, routing protocols, and access control lists Mainframes
Network Protocols: TCP/IP; how they function and can be manipulated.
Project Management: leading, planning, organizing, and controlling a penetration testing team.
![Page 11: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/11.jpg)
Hacking Tools: Foot printing and Reconnaissance
NslookupWhois
![Page 12: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/12.jpg)
Hacking Tools: Foot printing and Reconnaissance
PingTraceroute
![Page 13: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/13.jpg)
Hacking Tools: Scanning and Enumeration
nmap SuperScan
![Page 14: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/14.jpg)
Hacking Tools: System Hacking
telnet Snadboy
![Page 15: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/15.jpg)
Hacking Tools: System Hacking
Password Cracking with LOphtcrack Keylogger
![Page 16: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/16.jpg)
Hacking Tools: Trojans and Backdoors
NetBus Game Creates Backdoor for NetBus
![Page 17: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/17.jpg)
Hacking Tools: Sniffers/snooper
MAC makeup Ethereal
![Page 18: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/18.jpg)
Hacking Tools: Web Based Password Cracking
Cain and Abel Legion
![Page 19: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/19.jpg)
Hacking Tools: Covering Tracks
ImageHide ClearLogs
![Page 20: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/20.jpg)
Google Hacking
![Page 21: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/21.jpg)
SQL Injection
Allows a remote attacker to execute arbitrary databasecommands
Relies on poorly formed database queries and insufficient
input validationOften facilitated, but does not rely on unhandled
exceptions and ODBC error messagesImpact: MASSIVE. This is one of the most dangerous
vulnerabilities on the web.
![Page 22: Ethical Hacking](https://reader034.vdocument.in/reader034/viewer/2022052506/5575e379d8b42af74e8b47b5/html5/thumbnails/22.jpg)
Any Questions??