ethical hacking
DESCRIPTION
Ethical Hacking with toolsTRANSCRIPT
Bharat T SabneAkshay M TeleNeha R PatilMayuri A MokalMayur S Ghode
Datta Meghe College of Engineering.
Overview
Old School Hackers: History of Hacking Types of Hackers Common Steps of Hackers Ethical Hacking Required Skills of an Ethical Hacker Ethical Hacking Tools
1971 - Cap ‘n Crunch phone exploit discovered
1988 - Morris Internet worm crashes 6,000 servers
1994 - $10 million transferred from CitiBank accounts
2000 - Major websites succumb to DDoS
2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance)
2001 Code Red• exploited bug in MS IIS to penetrate & spread• probes random IPs for systems running IIS• had trigger time for denial-of-service attack• 2nd wave infected 360000 servers in 14 hours
Code Red 2 - had backdoor installed to allow remote control
Nimda -used multiple infection mechanisms email, shares, web client, IIS2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
Old School Hackers: History of Hacking
Hacker A person who enjoys learning the details of computer systems and
how to stretch their capabilities….
One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
Access computer system or network without authorization
Types of hacker Black-Hat
Unauthorized user (malicious intent)
White-HatDebug or correct security vulnerabilities
Gray-HatMorally Ambiguous. Black-Hat skills, White-Hat tasks?
Common Steps of hackers
Reconnaissance Scanning & Enumeration Gaining access Maintaining access Covering tracks
Reconnaissance
• Intelligent work of obtaining information either actively or passively
• Examples:• Passively: Sniffing Traffic, eavesdropping• Actively: Obtaining data from American Registry for Internet
Numbers (ARIN), whois databases, web sites, social engineering
Scanning
• Identifying systems that are running and services that are active on them
• Examples: Ping sweeps and port scans
Common Steps of hackers
Gaining Access
• Exploiting identified vulnerabilities to gain unauthorized access
• Examples: Exploiting a buffer overflow or brute forcing a password and logging onto a system
Maintaining Access
• Uploading malicious software to ensure re-entry is possible
• Example: Installing a backdoor on a system
Covering Tracks
• Carrying out activities to hide one’s malicious activities
• Example: Deleting or modifying data in a system and its application logs
Common Steps of hackers
Ethical Hacking also known as penetration testing or intrusion testing or
red teaming has become a major concern for businesses and governments.
Companies are worried about the possibility of being “hacked” and potential customers are worried about maintaining control of personal information.
Necessity of computer security professionals to break into the systems of the organization.
Ethical hackers employ the same tools and techniques as the intruders.
They neither damage the target systems nor steal information.
The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.
Required Skills of an Ethical Hacker
Microsoft: skills in operation, configuration and management.
Linux: knowledge of Linux/Unix; security setting, configuration, and services.
Firewalls: configurations, and operation of intrusion detection systems.
Routers: knowledge of routers, routing protocols, and access control lists Mainframes
Network Protocols: TCP/IP; how they function and can be manipulated.
Project Management: leading, planning, organizing, and controlling a penetration testing team.
Hacking Tools: Foot printing and Reconnaissance
NslookupWhois
Hacking Tools: Foot printing and Reconnaissance
PingTraceroute
Hacking Tools: Scanning and Enumeration
nmap SuperScan
Hacking Tools: System Hacking
telnet Snadboy
Hacking Tools: System Hacking
Password Cracking with LOphtcrack Keylogger
Hacking Tools: Trojans and Backdoors
NetBus Game Creates Backdoor for NetBus
Hacking Tools: Sniffers/snooper
MAC makeup Ethereal
Hacking Tools: Web Based Password Cracking
Cain and Abel Legion
Hacking Tools: Covering Tracks
ImageHide ClearLogs
Google Hacking
SQL Injection
Allows a remote attacker to execute arbitrary databasecommands
Relies on poorly formed database queries and insufficient
input validationOften facilitated, but does not rely on unhandled
exceptions and ODBC error messagesImpact: MASSIVE. This is one of the most dangerous
vulnerabilities on the web.
Any Questions??