Post on 05-Apr-2018
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
1/32
ETHICAL HACKING AND INFORMATION SECURITY
1
ETHICAL HACKING AND INFORMATION SECURITY
INTRODUCTION
PREHISTORY
1960s: The Dawn of Hacking
Original meaning of the word "hack" started at MIT; meant elegant, witty or inspired way
of doing almost anything; hacks were programming shortcuts\
ELDER DAYS (1970-1979)
1970s: Phone Phreaks and Cap'n Crunch:
One phreak, John Draper (aka "Cap'n Crunch"), discovers a toy whistle inside Cap'n
Crunch cereal gives 2600-hertz signal, and can access AT&T's long-distance switchingsystem.
Draper builds a "blue box" used with whistle allows phreaks to make free
calls.
Steve Wozniak and Steve Jobs, future founders of Apple Computer, make
and sell blue boxes.
THE GOLDEN AGE (1980-1991)
1980: Hacker Message Boards and GroupsHacking groups form; such as Legion of Doom (US), Chaos Computer Club (Germany).
1983: Kids' Games
Movie "War Games" introduces public to hacking.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
2/32
ETHICAL HACKING AND INFORMATION SECURITY
2
1.ETHICAL HACKINGAn ethical hacker is a computer and network expert who attacks a security system on behalf of
its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security
system, ethical hackers use the same methods as their less principled counterparts, but report
problems instead of taking advantage of them. Ethical hacking is also known as penetration
testing, intrusion testing and red teaming. An ethical hacker is sometimes called a white hat, a
term that comes from old Western movies, where the "good guy" wore a white hat and the "bad
guy" wore a black hat.
1.1. CYBER ETHICS
Cyber ethics is a code of behavior for using the Internet. Since we are going to view it as the
hackers prospective, we will first dissect what the word hacker stands for?
HACKER:
A person, who delights in having an intimate understanding of the internal workings of a system,
computers and computer networks in particular. It is used to refer to someone skilled in the use
of computer systems, especially if that skill was obtained in an exploratory way. The term is
often misused in a pejorative context, where cracker would be the correct term. And due to that
the term evolved to be applied to individuals, with or without skill, who break into security
systems. Several subgroups of the computer are underground with different attitudes and aims
use different terms to demarcate themselves from each other, or try to exclude some specific
group with which they do not agree. In hackers culture there are many different categories, such
as white hat (ethical hacking), grey hat, black hat and script kiddies. Usually the term cracker
refers to black hat hackers, or, more generally hackers with unlawful intentions.
WHITE HAT HACKER
A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a
person who is ethically opposed to the abuse of computer systems. Realization that the Internet
now represents human voices from around the world has made the defense of its integrity an
important pastime for many. A white hat generally focuses on securing IT systems, whereas a
black hat (the opposite) would like to break into them Terminology. The term white hat hacker is
also often used to describe those who attempt to break into systems or networks in order to helpthe owners of the system by making them aware of security flaws, or to perform some other
altruistic activity. Many such people are employed by computer security companies; these
professionals are sometimes called sneakers. Groups of these people are often called tiger teams.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
3/32
ETHICAL HACKING AND INFORMATION SECURITY
3
GREY HAT HACKER
A Grey Hat in the computer security community, refers to a skilled hacker who sometimes acts
legally, sometimes in good will, and sometimes not. They are a hybrid between white and black
hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or
may not occasionally commit crimes during the course of their technological exploits
Disambiguation .One reason a grey hat might consider himself to be grey is to disambiguatefrom the other two extremes: black and white. It might be a little misleading to say that grey hat
hackers do not hack for personal gain.
BLACK HAT HACKER
A black hat is a person who compromises the security of a computer system without permission
from an authorized party, typically with malicious intent. The term white hat is used for a person
who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The
term cracker was coined by Richard Stallman to provide an alternative to using the existing word
hacker for this meaning.[1] The somewhat similar activity of defeating copy prevention devices
in software which may or may not be legal in a country's laws is actually software cracking.
Terminology. Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the
computer and security field and even there, it is considered controversial. Until the 1980s, all
people with a high level of skills at computing were known as "hackers".
PHREAKER
Phreaking is a slang term coined to describe the activity of a culture of people who study,
experiment with, or explore telecommunication systems, such as equipment and systemsconnected to public telephone networks. As telephone networks have become computerized,
phreaking has become closely linked with computer hacking. This is sometimes called the H/P
culture (with H standing for hacking and P standing for phreaking).The term phreak is a
portmanteau of the words phone and freak, and may also refer to the use of various audio
frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for
and by individuals who participate in phreaking. A large percentage of the phone Phreaks were
blind. Because identities were usually masked, an exact percentage cannot be calculated.
SCRIPT KIDDIES
A script kiddie orskiddie,occasionally skid, script bunny, script kitty, script-running juvenile
(SRJ) or similar, is a derogatory term used to describe those who use scripts or programs
developed by others to attack computer systems and networks and deface websites.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
4/32
ETHICAL HACKING AND INFORMATION SECURITY
4
HACKTIVISTS
Hacktivism (a portmanteau of hack and activism) is the use of computers and computer
networks as a means of protest to promote political ends. The term was first coined in 1998 by a
member of the Cult of the Dead Cow hacker collective named Omega. If hacking as "illegally
breaking into computers" is assumed, then hacktivism could be defined as "the nonviolent use of
legal and/or illegal digital tools in pursuit of political ends". These tools include web sitedefacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-
ins, typosquatting and virtual sabotage. If hacking as "clever computer usage/programming" is
assumed, then hacktivism could be understood as the writing of code to promote political
ideology: promoting expressive politics, free speech, human rights, and information ethics
through software development. Acts of hacktivism are carried out in the belief that proper use of
code will be able to produce similar results to those produced by regular activism or civil
disobedience.
MALICIOUS HACKER STRATEGIES
As there are steps to develop any software so was Every hackers do follow some predefined rules
or steps to hack into the system. They are
Reconnaissance:- The Basic information gathering about the target
system.
Scanning :- Scanning the target system for open ports and services
running on the open ports etc.
Gaining Access:- Gaining the actual access to the particular system by
exploiting the system.
Maintaining Access:- Keeping the access of the system even after leaving
the system so as not to perform all the steps from the scratch.
Clearing Tracks:- To remove the footprints if any so as to remain
undetected from the victim.
1.2. INFORMATION GATHERING
Information gathering is the initial process as far as hacking and investigation is
concerned. It is the process of profiling any organisation, system, server or an individual usingmethodologies procedure.
Information gathering is used by attacker as well as investigator to get more information bat the
target.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
5/32
ETHICAL HACKING AND INFORMATION SECURITY
5
ATTACKERS POINT OF VIEW:
Attacker will first gather initial information like domain name , IPaddress , Network IP range ,
operating system, services, control panel information, vulnerable services etc before attacking
into system.
Footprinting is required to ensure that isolated information repositories that are critical to theattack are not overlooked or left undiscovered. Footprinting merely comprises on aspect of the
entire information gathering process, but is considered one of the most important stages of
mature hack.
Attacker will take 90% of time in information gathering & only 10% of time while attacking &
gathering an access to the system.
INVESTIGATION POINT OF VIEW:
Investigator will gather initial information like traces of criminal on internet, about his name,
occupation , address, contact number about his/her company/organization before taking any legalaction
This will help investigator to profile the criminal & his/her activities properly during
interrogation.
Following are the various methodologies for information gathering.
INFORMATION GATHERING USING SEARCH ENGINES
"One leaves footprints/information everywhere while surfing internet". this is basic principle
for investigators as well as hackers. The only difference is the way they use this information.
Attacker will gather information About the system, operating system, about vulnerable
application running on them & later on exploit it.
Investigator will gather information on how he got an access to system & where he left his/her
footprint behind on the same system & later on traced it.
Search engine are most powerful tool to search about any individual , organisation & system
Following are the list of top 10 search engines :
Yahoo Search : www.search.yahoo.com
MSN Live Search: www.live.com
AOL Search : www.search.aol.in
Ask Search : www.ask.com
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
6/32
ETHICAL HACKING AND INFORMATION SECURITY
6
Altavista Search : www.altavista.com
Fast Search : www.alltheweb.com
Gigablast : www.gigablast.com
Snap Search: www.snap.com
INFORMATION GATHERING USING RELATIONAL SEARCH
ENGINES
These type search engines gets results from different search engines & make relation or
connections between those results.
Kartoo
Maltego
With the continued growth of your organization, the people and hardware deployed to ensure
that it remains in working order is essential, yet the threat picture of your environment is notalways clear or complete. In fact, most often its not what we know that is harmful - its what we
dont know that causes the most damage. This being stated, how do you develop a clear profile
of what the current deployment of your infrastructure resembles? What are the cutting edge tool
platforms designed to offer the granularity essential to understand the complexity of your
network, both physical and resource based?
Maltego is a unique platform developed to deliver a clear threat picture to the environment that
an organization owns and operates. Maltegos unique advantage is to demonstrate the complexity
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
7/32
ETHICAL HACKING AND INFORMATION SECURITY
7
and severity of single points of failure as well as trust relationships that exist currently within the
scope of your infrastructure.
Yahoo People Search - www.people.yahoo.com
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
8/32
ETHICAL HACKING AND INFORMATION SECURITY
8
Intelius:
Whois Lookup:
Querying regional Internet Registries:
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
9/32
ETHICAL HACKING AND INFORMATION SECURITY
9
Domain tools :
samspade.org:
.In registry
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
10/32
ETHICAL HACKING AND INFORMATION SECURITY
10
Reverse IP Mapping :
Reverse IP mapping is the method to find number of websites hosted on same server
Here by selecting the Reverse IP link we can get list of websites hosted on "IP Address."
Trace Route:
Traceroute gives useful information regarding number of servers between your computers &
remote computers.
1) USeful for investigation as well as different attacks.
2) Visualroute, Neotrace.
Geowhere:
Find Websites using popular news groups, also finds out mailing lists, news groups & extract
information from 20 search engines.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
11/32
ETHICAL HACKING AND INFORMATION SECURITY
11
Email Spiders:
Email spiders are automated softwares which captures email id's using spiders & store them on
the database. Spammers are using email spiders to collect thousand emails for spamming
purposes.
Other Tools:
www.visualroute.visualware.com
www.samspade.org
www.dnsstuff.com
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
12/32
ETHICAL HACKING AND INFORMATION SECURITY
12
1.3 SCANNING
Many time ago we scanned the different ports making telnet manually. Today people use more
sophisticated programs with massive methods to scan IP ranges searching a lot of ports.
Scanning is the process of finding out open/close ports, vulnerabilities in remote system, sever &
networks, Scanning will reveal IP address, Operating systems, Services running on remotecomputer.
There are three types of Scanning.
PORT SCANNING
Port Scanning is one of the most popular technique attacker use to discover the service they
break into.
1) All machines connected to a LAN or connected to internet via a modem run many services
that listen at well-known and so well-known ports.
2)There are 1 to 65535 ports are available in the computer.
3)By the scanning the attacker finds which ports are available.
PORTS: THE PORT NUMBERS ARE UNIGUE ONLY WITHIN A COMPUTER
SYSTEM
1) Port numbers are 16-bit unsigned numbers
2) The port numbers are divided into three ranges:
*Well Known Ports (0.1023)
*The Registered Ports (102449151)
* The Dynamic and/or Private ports (4915265535)
WELL KNOWN PORTS:
echo 7/tcp Echo
ftp-data 20/udp File Transfer[Default Data]
ftp 21/tcp File Transfer[Control]
ssh 22/tcp SSH Remote Login Protocol
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
13/32
ETHICAL HACKING AND INFORMATION SECURITY
13
telnet 23/tcp Telnet
domain 53/udp Domain Name Service
www-http 80/tcp WorlWideWeb HTTP.
Smtp 25/tcp Simple mail Transfer protocol
REGISTERED PORTS:
wins 1512/tcp Microsoft Windows Internet Name Service
radius 1812/udp RADIUS authentication protocol
yahoo 5010 Yahoo Messenger
x11 6000-6063/tcpWindow System
TCP PACKET HEADER
SYN-Synchronize-it is used to initiate connection between hosts.
ACK-Acknowlegment- it is used to establish connection between hosts.
PSH-push- Tells receiving system to send all buffer data.
URG-urgent- Stats that data contain in packet should be process immediately.
FIN-Finish- tells remote system that there will be no more transmission.
TTL-Time to Live.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
14/32
ETHICAL HACKING AND INFORMATION SECURITY
14
TCPCONNECT()
1.The connect() system call provided by an OS is used to open a connection to every interesting
port on the machine.
2.If the port is listening, connect() will succeed, otherwise the port isn't reachable.
STEALTH SCAN:
1.A stealth scan is a kind of scan that is designed to go undetected by auditing tools.
2.Fragmented Scan: The scanner splits the TCP header into several IP fragments.
3.This bypasses some packet filter firewalls because they cannot see a complete TCP header that
can match their filter rules.
SYN SCAN
1.This technique is called half open scanning because a TCP connection is not completed.
2.A SYN packet is sent to remote system.
3.The target host responds with a SYN+ACK, this indicates the port listening and an RST
indicates a non-listener.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
15/32
ETHICAL HACKING AND INFORMATION SECURITY
15
1.4 VIRUS, WORMS, TROJANS AND VIRUS ANALYSIS
SPYWARE
Spyware is a piece of software that gets installed on computer without your consent. It collects
your personal information without you being aware of it. Change how your computer or web
browser is configured and bombard you with online advertisements. Spyware programs are
notorious for being difficult to remove on your own and slow down your PC. A program gets
installed in the background while you are doing something else on Internet. Spyware has fairly
widespread because your cable modem or DSL connection is always connected.
DIFFERENCE BETWEEN VIRUS,WORMS AND TROJANS
Virus is an application that self replicates by injecting its code into other datafiles. Virus spreads and attempts to consume specific targets and are normally executables.
Worm copies itself over network. It is a program that views the infectionpoints another computer rather than as other executables files on an already infected
computer.
Trojan is a program that once executed performs a task other than expected.
MODE OF TRANSMISSION
IRC
ICQ
Email Attachments
Physical Access
Browser & email Software Bugs
Advertisements
NetBIOS
Fake Programs
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
16/32
ETHICAL HACKING AND INFORMATION SECURITY
16
VIRUS PROPERTIES
Your computer can be infected even if files are just copied.
Can be Polymorphic.
Can be memory or non-memory resident.
Can be a stealth virus
Viruses can carry other viruses.
Can make the system never show outward signs.
Can Stay on the computer even if the computer is formatted.
VIRUS OPERATION PHASE
Most of the viruses operate in two phases.
INFECTION PHASEIn this phase virus developers decide
-When to infect program
-Which programs to infect
Some viruses infect the computer as soon as virus file installed in computer
Some viruses infect computer at specific date,time or particular event.
TSR viruses loaded into memory & later infect the PC's.
ATTACK PHASEIn this phase Virus will
-Delete files.
-Replicate itself to another PC's.
-Corrupt targets only.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
17/32
ETHICAL HACKING AND INFORMATION SECURITY
17
VIRUS INDICATIONS
Following are some of the common indications of virus when it infects
system.
Files have strange name than the normal.
File extensions can also be changed.
Program takes longer time to load than normal.
Computer's hard drives constantly runs out of free space.
Victim will not be able to open some programs.
Programs getting corrupted without any reasons.
VIRUS TYPES
Following are some of the common indications of virus when it infects system.
Macro Virus - Spreads & Infects database files.
File Virus - Infects Executables.
Source Code Virus - Affects & Damage source code.
NetworkVirus - Spreads via network elements & protocols.
Boot virus - Infects boot sectors & Records.
Shell virus - Virus code forms shell around target host's genuine program & host
it as subroutine.
Terminate & stay resident virus - Remains permanently in the memory during the
work session even after target host is executed & terminated.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
18/32
ETHICAL HACKING AND INFORMATION SECURITY
18
METHOS TO AVOIDE DETECTION
SAME LAST MODIFIES DATE.
-In order to avoid detection by users, some viruses employ different kinds of deception.
-Some old viruses, especially on the MS-DOS platform, make sure that the " last modified" date
of a host file stays the same when the file is infected by the virus.
-This approach sometimes fool anti-virus software.
OVERWRITING UNUSED AREAS OF THE .EXE FILES.
KILLING TASKS OF ANTIVIRUS SOFTWARES.
-Some viruses try to avoid detection by killing the tasks associated with antivirus software before
it can detect them.
AVOIDING BAIT FILES & OTHER UNDESIRABLE HOSTS.
-Bait files(goat files) are files that are specially created but anti-virus software, or by anti-virus
professionals themselves, to be infected by a virus.
-Many anti-virus programs perform an integrity check of their own code.
-Infecting such programs will therefore increase the likelihood that the virus is detected.
-Anti-virus professionals can use bait files to take a sample of a virus.
MAKING STEALTH VIRUS
-Some viruses try to trick anti-virus software by intercepting its requests to the operating system.
-The virus can then return an uninfected version of the file to the anti-virus software, so that it
seems the file is "clean."
SELF MODIFICATION ON EACH INFECTION
-Some viruses try to trick anti-viruses software by modifying themselves on each modifications.
-As file signatures are modified, Antivirus softwares find it difficult to detect.
ENCRYPTION WITH VARIABLE KEY.
-Some viruses use simple methods to encipher the code.
-The virus is encrypted with different encryption keys on each infections.
-The AV cannot scan such files directly using conventional methods.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
19/32
ETHICAL HACKING AND INFORMATION SECURITY
19
VIRUS ANALYSIS
IDA PRO TOOL
-It is dissembler & debugger tool.
-Runs both on Linux & Windows.
-Can be used in Source Code Analysis, Vulnerabilities Research & Reverse Engineering.
AUTORUNS
PROCESS EXPLORER
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
20/32
ETHICAL HACKING AND INFORMATION SECURITY
20
2. WEB APPLICATION HACKING & SECURITY
Application security encompasses measures taken throughout the application's life-cycle to
prevent exceptions in the security policy of an application or the
underlying system (vulnerabilities) through flaws inthe design, development, deployment, upgrade, or maintenance of the application.
Open Web Application Security Project (OWASP) and Web Application Security Consortium
(WASC) updates on the latest threats which impair web based applications. This aids developers,
security testers and architects to focus on better design and mitigation strategy. OWASP Top 10
has become an industrial norm in assessing Web Applications.
2.1. WHY WEB APPLICATION SECURITY?
Application Layer
Attacker sends attacks inside valid HTTP requests. Your custom code is tricker into doing something it should not. Security requires software development expertise, not signatures.
Network Layer
Firewall, hardening, patching, IDS, and SSL cannot detect or stop attacks insideHTTP requests.
Security relies on signature databases.
2.2. SECURITY MISCONCEPTIONS
"The firewall protects my web server and database"
- Access to the server through ports 80 and 443 makes the web server part of your external
perimeter defence.
- Vulnerabilities in the web server software or web applications may allow access to internal
network resources.
"The IDS protects my web server and database"
- The IDS is configured to detect signatures of various well-known attacks.
- Attack signatures do not include those for attacks against custom applications.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
21/32
ETHICAL HACKING AND INFORMATION SECURITY
21
"SSL secures my site"
- SSL secures the transport of data between the web server and the user's browser.
- SSL does not protect against attacks against the server and applications.
- SSL is the hackers best friend due to the false sense of security.
The Source of Problem
" Malicious hackers don't create security holes; they simply exploit them. Security holes and
vulnerabilities - the real root cause of the problem - are the result of bad software design and
implementation."
-John Viega & Gary McGraw.
2.3 REASONS FOR ATTACKING WEB APPLICATIONS
* Vulnerability Used
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
22/32
ETHICAL HACKING AND INFORMATION SECURITY
22
2.4. SECURITY GUIDELINES
-Validate Input and Output.
-Fail Securely(Closed).
-Keep it Simple.
-Use and Reuse trusted Components.
-Defence in Depth.
-Only as Secure as the Weakest Link.
-Security By Obscurity Won't Work.
-Least Privilege
-Compartmentalization (Separation of Privileges)
Validate Input and Output.
All User input and user output should be checked to ensure it is both appropriate
and expected.
Allow only explicitly defined characteristics and drop all other data.
Fail Securely
When it fails, it fails closed.
It should fail to a state that rejects all subsequent security requests.
A good analogy is a firewall fails it should drop all subsequent packets.
Keep it Simple
If a security system is too complex for its user base, it will either not be used or
users will try to find measures to bypass it.
This message applies equally to tasks that an administrator must perform in order
to secure an application.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
23/32
ETHICAL HACKING AND INFORMATION SECURITY
23
This message is also intended for security layer API's that application
developers.must use to build the system.
Use and Reuse trusted Components
Using and reusing trusted components makes sense both from a resource stanceand from a security stance.
When someone else has proven they got it, take advantage of it.
Defence in Depth
Relying on one component to perform its function 100%of the time is
unrealistic.
While we hope to build software and hardware that works as planned, predicting
the unexpected is difficult. Good systems don't predict the unexpected, but plan for it.
Only as Secure as the Weakest Link
Careful thought must be given to what one is securing.
Attackers are lazy and will find the weakest point and attempt to exploit it.
Security By Obscurity Won't Work
It's naive to think that hidings things from prying eyes doesn't buy some amount
of time.
This strategy doesn't work in the long term and has no guarantee of working in the
short term.
Least Privilege
Systems should be designed in such a way that they run with the least amount of
system privilege they need to do their job.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
24/32
ETHICAL HACKING AND INFORMATION SECURITY
24
Compartmentalization (Separation of Privileges)
Compartmentalizing users, processes and data helps contain problems if they do
occur.
Compartmentalization is an important concept widely adopted in the information
security realm.
WEB APPLICATIONS SECURITY CHECKLIST
3. WIRELESS HACKING & SECURITY
Wireless networking Technology is becoming increasingly popular but at the same time has
introduced many security issues. The popularity in wireless technology is driven by two primary
factors - convenience and cost. A Wireless local area network (WLAN) allows workers to access
digital resources without being locked into their desks. Laptops could be carried into meetings or
even into Starbucks cafe tapping into the wireless network. This convenience has become
affordable.
Wireless LAN standards are defined by the IEEE's 802.11 working group. WLAN's come inthree flavours:
802.11b
Operates in the 2.4000GHz to 2.2835GHz frequency range and can operate at up
to 11 megabits per second.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
25/32
ETHICAL HACKING AND INFORMATION SECURITY
25
802.11aOperates in the5.15-5.35GHz frequency range and can operate at up to 54 megabits per
second.
802.11gOperates in the 2.4GHz frequency range (increased bandwidth range) and can
operate at up to 54megabits per second.
When setting up a WLAN, the channel and service set identifier(SSID) must be configured in
addition to traditional network settings such as IP address and a subnet mask.
The channel is a number between 1 and 11 ( 1 and 13 inEUROPE) and designates
the frequency on which the network will operate.
The SSID is an alphanumeric string that differentiates networks operating on the
same channel.
It just essentially a configurable name that identifies an individual network. These
settings are important factors when identifying WLAN's and sniffing traffic.
SSIDs
The SSID is a unique identifier that wireless networking devices use to establish and maintain
wireless connectivity. SSID acts as a single shared password between access points and clients.
Security concerns arise when the default values are not changed as these units can be easily
compromised.
ATTACKERS POINT OF VIEW:
If the target access point responds to a broadcast SSID probe,then he might just be in luck.This is
because most wireless card drivers are configured with an SSID of ANY so that they will be able
to associate with the wireless network .When the SSID is set to ANY the driver sends a probe
request to the broadcast address with a zero-length SSID and info. Though this configuration
makes it easier for the user,as the user does not have to remember the SSID to connect to the
wireless LAN,it makes it much simpler for the attackers to gather SSIDs.Some of the common
default passwords are
3com AirConnect 2.4 GHz DS(newer 11 mbit,Harris/Intersil Prism based)
Default SSID: 'comcomcom'
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
26/32
ETHICAL HACKING AND INFORMATION SECURITY
26
3Com other Access points
default SSID: '3Com'
Addtron (Model:?)
default SSID:'WLAN'
Cisco Aironet 900 Mhz/2.4 GHz BR10000/e,BR5200/e and BR4800
Default SSID : 'tsunami';'2'
Console Port :No default password
HTTP management :On by default, No default Password
APPLE AIRPORT
Default SSID :'AirPort Network '; ' AirPort Netzwerk'
Baystack 650/660 802.11 DS AP
Default SSID :'Default SSID'
Default admin pass:
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
27/32
ETHICAL HACKING AND INFORMATION SECURITY
27
Default channel :1
MAC addr : 00:20:d8:XX:XX:XX
Compaq WL -100/200/300/400
Default SSID :'Compaq'
Dlink DL-713 802.11 DS Access Point
Default SSID :'WLAN'
Default Channel :11
Default IP address :DHCP-administered
3.1. WIRELESS STANDARDS
Different methods and standards of wireless communication have developed across the world,
based on various commercially driven requirements. These technologies can roughly be
classified into four individual categories, based on their specific application and transmission
range. These categories are summarized in the figure below.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
28/32
ETHICAL HACKING AND INFORMATION SECURITY
28
3.2. WEP & WPA SUMMARY
WEP
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks.
Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to
provide data confidentiality comparable to that of a traditional wired network. WEP,
recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first
security choice presented to users by router configuration tools.
Although its name implies that it is as secure as a wired connection, WEP has been demonstrated
to have numerous flaws and has been deprecated in favor of newer standards such as WPA2. In
2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected
Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE
declared that both WEP-40 and WEP-104 "have been deprecated as they fail to meet their
security goals".
WPA and WPA2
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security
protocols and security certification programs developed by the Wi-Fi Alliance to secure wirelesscomputer networks. The Alliance defined these in response to serious weaknesses researchers
had found in the previous system, WEP (Wired Equivalent Privacy).
WPA (sometimes referred to as the draft IEEE 802.11i standard) became available around 1999
and was intended as an intermediate measure in anticipation of the availability of the more
secure and complex WPA2. WPA2 became available around 2004 and is a common shorthand
for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
29/32
ETHICAL HACKING AND INFORMATION SECURITY
29
A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup, allows WPA and WPA2
security to be bypassed and effectively broken in many situations.
HACKING TOOL: Netstumbler:http://netstumbler.org
3.3. CRACKING WEP & WPA & COUNTERMEASURES
What is aircrack ?
aircrack is a set of tools for auditing wireless networks:
airodump: 802.11 packet capture program aireplay: 802.11 packet injection program aircrack: static WEP and WPA-PSK key cracker airdecap: decrypts WEP/WPA capture files
This document has been translated in Spanish (thanks to ShaKarO).
Is there an aircrack discussion forum ?
Sure: http://100h.org/forums/. Also, check out #aircrack on irc.freenode.net
Where to download aircrack ?
The official download location is http://www.cr0.net:8040/code/network/. However, if you can't
access port 8040 for some reason, you may use this mirror instead:http://100h.org/wlan/aircrack/.
Aircrack is included in the Troppix LiveCD, which features { Prism2 / PrismGT / Realtek /
Atheros / Ralink } drivers patched for packet injection, as well as the acx100, ipw2200(Centrino) and zd1211 drivers.
It says "cygwin1.dll not found" when I start aircrack.exe.
You can download this library from: http://100h.org/wlan/aircrack/.
To use aircrack, drag&drop your .cap or .ivs capture file(s) over aircrack.exe. If you want to pass
options to the program you'll have to start a shell (cmd.exe) and manually type the commandline; there is also a GUI for aircrack, developed by hexanium.
Example:
C:\TEMP> aircrack.exe -n 64 -f 8 out1.cap out2.cap ...
See below for a list of options.
http://netstumbler.org/http://netstumbler.org/http://netstumbler.org/http://netstumbler.org/8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
30/32
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
31/32
ETHICAL HACKING AND INFORMATION SECURITY
31
4. CONCLUSION :
The word "hacker" carries weight. People strongly disagree as to what a hacker is. Hacking may
be defined as legal or illegal, ethical or unethical. The medias portrayal of hacking has boosted
one version of discourse. The conflict between discourses is important for our understanding of
computer hacking subculture. Also, the outcome of the conflict may prove critical in deciding
whether or not our society and institutions remain in the control of a small elite or we move
towards a radical democracy (a.k.a. socialism). It is my hope that the hackers of the future will
move beyond their limitations (through inclusion of women, a deeper politicization, and more
concern for recruitment and teaching) and become hacktivists. They need to work with non-
technologically based and technology-borrowing social movements (like most modern social
movements who use technology to do their task more easily) in the struggle for global justice.
Otherwise the non-technologically based social movements may face difficulty continuing to
resist as their power base is eroded while that of the new technopower elite is growing and thefictionesque cyberpunk-1984 world may become real.
If you knowthe enemy and know yourself,you need not fear the results of a hundred battles.
HACKING - An ART of EXPLOITING.
8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)
32/32
ETHICAL HACKING AND INFORMATION SECURITY
5. REFERENCES:
^http://www.eccouncil.org/cnda.htm ^abhttp://www.eccouncil.org/certification/certified_ethical_hacker.aspx ^https://eccouncil.org/cehv7.aspx ^EC-Council."CEH v7 Exam (312-50)". Retrieved May 3, 2011. ^D'Ottavi, Alberto (2003-02-03)."Interview: Father of the Firewall". Retrieved 2008-
06-06.
^http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600 ^http://www.eccouncil.org/pressroom/Recognition%20of%20EC-
Council%20Certifications.pdf
^http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149
^http://iase.disa.mil/eta/iawip/content_pages/iabaseline.html
http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-0http://www.eccouncil.org/cnda.htmhttp://www.eccouncil.org/cnda.htmhttp://www.eccouncil.org/cnda.htmhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-0http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-0http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-1http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-1http://www.eccouncil.org/certification/certified_ethical_hacker.aspxhttp://www.eccouncil.org/certification/certified_ethical_hacker.aspxhttp://www.eccouncil.org/certification/certified_ethical_hacker.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-2https://eccouncil.org/cehv7.aspxhttps://eccouncil.org/cehv7.aspxhttps://eccouncil.org/cehv7.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-3http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-3https://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspxhttps://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspxhttps://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-4http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-4http://comment.silicon.com/0,39024711,10002714,00.htmhttp://comment.silicon.com/0,39024711,10002714,00.htmhttp://comment.silicon.com/0,39024711,10002714,00.htmhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-5http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-6http://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-7http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-8http://iase.disa.mil/eta/iawip/content_pages/iabaseline.htmlhttp://iase.disa.mil/eta/iawip/content_pages/iabaseline.htmlhttp://iase.disa.mil/eta/iawip/content_pages/iabaseline.htmlhttp://iase.disa.mil/eta/iawip/content_pages/iabaseline.htmlhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-8http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-7http://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-6http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-5http://comment.silicon.com/0,39024711,10002714,00.htmhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-4https://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-3https://eccouncil.org/cehv7.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-2http://www.eccouncil.org/certification/certified_ethical_hacker.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-1http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-0http://www.eccouncil.org/cnda.htmhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-0