Chapter 2

11

Intelligent Quotient System Pvt. Ltd.Intelligent Quotient System Pvt. Ltd.

CAUTION

HACKER

AT WORK

Ethical HackingEthical Hacking

22

Introduction to Ethical HackingIntroduction to Ethical Hacking

Ethical hackersEthical hackers Employed by companies to perform penetration testsEmployed by companies to perform penetration tests

Penetration testPenetration test Legal attempt to break into a company’s network to find its Legal attempt to break into a company’s network to find its

weakest linkweakest link Tester only reports findingsTester only reports findings

Security testSecurity test More than an attempt to break in; also includes analyzing More than an attempt to break in; also includes analyzing

company’s security policy and procedures company’s security policy and procedures Tester offers solutions to secure or protect the networkTester offers solutions to secure or protect the network

What is Hacking?What is Hacking?

Hacking is an act of penetrating Hacking is an act of penetrating computer systems to gain knowledge computer systems to gain knowledge about the system and how it works. about the system and how it works.

Hacking is the act of gaining access Hacking is the act of gaining access without legal authorization to a computer without legal authorization to a computer or computer network or network or computer network or network resources.resources.

33

Hackers are actually computer enthusiasts who know Hackers are actually computer enthusiasts who know a lot about computers and computer networks and a lot about computers and computer networks and use this knowledge with a criminal intent. use this knowledge with a criminal intent.

Hacker: is person who uses his hacking skills and Hacker: is person who uses his hacking skills and tool sets for destructive or offensive purposes such tool sets for destructive or offensive purposes such as disseminating viruses or performing DoS attacks as disseminating viruses or performing DoS attacks to compromise or bring down systems and networks. to compromise or bring down systems and networks.

Hackers are sometimes paid to damage corporate Hackers are sometimes paid to damage corporate reputations or steal or reveal credit-card informationreputations or steal or reveal credit-card information

Who is an Hacker?Who is an Hacker?

44

Ethical hacking is the use of hacking Ethical hacking is the use of hacking knowledge to attempt to enter a network knowledge to attempt to enter a network to find its loopholes and back doors. to find its loopholes and back doors.

It is often referred to as ‘legalized It is often referred to as ‘legalized hacking’ and yes it is indeed legal and hacking’ and yes it is indeed legal and can even reap a lot of profits for highly can even reap a lot of profits for highly skilled individuals.skilled individuals.

What is Ethical Hacking?What is Ethical Hacking?

Who is Ethical Hacker?Who is Ethical Hacker?

66

■ Ethical hackers typically have very strong Ethical hackers typically have very strong programming and computer networking skillprogramming and computer networking skill

■ Ethical hackers who stay a step ahead of Ethical hackers who stay a step ahead of malicious hackers must be computer systems malicious hackers must be computer systems experts who are very knowledgeable about experts who are very knowledgeable about Computer programming, Networking and Computer programming, Networking and operating operating systems. systems.


77

Ethical hackers are motivated by different reasons, Ethical hackers are motivated by different reasons, but their purpose is usually the same as that of but their purpose is usually the same as that of crackers: crackers:

Find out the frequent weaknesses in the security of Find out the frequent weaknesses in the security of target systems. target systems.

They’re trying to determine what an intruder can see They’re trying to determine what an intruder can see on a targeted network or system, and what the hacker on a targeted network or system, and what the hacker can do with that information. can do with that information.

This process of testing the security of a system or This process of testing the security of a system or network is known as a network is known as a penetration testpenetration test..

Roll of HackerRoll of Hacker

8888

HackersHackers Access computer system or network without Access computer system or network without

authorizationauthorization Breaks the law; can go to prisonBreaks the law; can go to prison

CrackersCrackers Break into systems to steal or destroy dataBreak into systems to steal or destroy data U.S. Department of Justice calls both hackersU.S. Department of Justice calls both hackers

Ethical hackerEthical hacker Performs most of the same activities but with owner’s Performs most of the same activities but with owner’s

permissionpermission

Roll of HackerRoll of Hacker


99

Why perform an ethical hack?Why perform an ethical hack?Why perform an ethical hack?Why perform an ethical hack?

To determine flaws and vulnerabilitiesTo determine flaws and vulnerabilities To provide a quantitative metric for evaluating To provide a quantitative metric for evaluating

systems and networkssystems and networks To measure against pre-established baselinesTo measure against pre-established baselines To determine risk to the organizationTo determine risk to the organization To design mitigating controlsTo design mitigating controls

To determine flaws and vulnerabilitiesTo determine flaws and vulnerabilities To provide a quantitative metric for evaluating To provide a quantitative metric for evaluating

systems and networkssystems and networks To measure against pre-established baselinesTo measure against pre-established baselines To determine risk to the organizationTo determine risk to the organization To design mitigating controlsTo design mitigating controls


1010

Skills Required Becoming an Skills Required Becoming an Ethical HackerEthical Hacker

Criminal mindsetCriminal mindset

Thorough knowledge about Computer Thorough knowledge about Computer

programming, Networking and operating systems. programming, Networking and operating systems.

highly targeted platforms (such as Windows, highly targeted platforms (such as Windows,

Unix, and Linux), etc.Unix, and Linux), etc.

Patience, persistence, and immense perseverancePatience, persistence, and immense perseverance


1111

Levels in Ethical HackingLevels in Ethical HackingLevels in Ethical HackingLevels in Ethical Hacking


1212

Ethical Hacking StepsEthical Hacking StepsEthical Hacking StepsEthical Hacking Steps


1313

Definition: the gathering of information about a Definition: the gathering of information about a potential system or network.potential system or network.

Attacker’s point of viewAttacker’s point of view Identify potential target systemsIdentify potential target systems Identify which types of attacks may be useful on Identify which types of attacks may be useful on

target systemstarget systems

Defender’s point of viewDefender’s point of view Know available toolsKnow available tools Vulnerability analysis: know what information Vulnerability analysis: know what information

you’re giving away, what weaknesses you have.you’re giving away, what weaknesses you have.

FootprintingFootprintingFootprintingFootprinting


1414

Gathering information of target Gathering information of target informationinformationInternet Domain name, network

blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes

Intranet Protocols (IP,NETBIOS), internal domain names, etc

Remote access Phone numbers, remote control, telnet, authentication

Extranet Connection origination, destination, type, access control

FootprintingFootprintingFootprintingFootprinting


1515

After obtaining a list of network and IP After obtaining a list of network and IP addresses scanning starts: addresses scanning starts: ping sweeps ping sweeps (active machines): user pinger in Windows and (active machines): user pinger in Windows and

nmap in Linux/UNIX. This is an example of pinger.nmap in Linux/UNIX. This is an example of pinger.

TCP port scanningTCP port scanning (open ports in active machines): SYN (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and connect scans work with most hosts. SYN is stealthier and may not be logged. and may not be logged.

In Windows NT use SuperScan and in Linux/UNIX use In Windows NT use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools.scripts with binary files, not graphical tools.

ScanningScanningScanningScanning


1616

OS detection OS detection (stack fingerprinting):(stack fingerprinting): probe the TCP/IP stack, because it varies with OSs. Requires probe the TCP/IP stack, because it varies with OSs. Requires

at least one listening port to make determination. at least one listening port to make determination. why is it important? There are hacker tools OS and Net why is it important? There are hacker tools OS and Net

device specific. In Linux/UNIX use nmap with -O. You can device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a use the Netcraft site to check the OS of a host running a Web server.Web server.

OS detection OS detection (passive signatures): (passive signatures): monitoring the traffic the operating system can be detected, monitoring the traffic the operating system can be detected,

among other things. Siphon is a recent Linux/UNIX tool. among other things. Siphon is a recent Linux/UNIX tool. Once the OS is identified enumeration can take place.Once the OS is identified enumeration can take place.

More in ScanningMore in ScanningMore in ScanningMore in Scanning

Types of ScanningTypes of ScanningTypes of ScanningTypes of Scanning

Scanning Type Purpose

Port scanning Determines open ports and services

Network scanning IP addresses

Vulnerability scanning

Presence of known weaknesses

Scanning MethodologyScanning MethodologyScanning MethodologyScanning Methodology

Check for Live System

Check for Open Ports

Banner Grabbing /

OS Fingerprinting

Service Identification

Vulnerability Scanning

Prepare Proxies

Draw Network Diagrams of

Vulnerable Hosts

Attack

Scanning MethodologyScanning MethodologyScanning MethodologyScanning Methodology

Scanning ToolsScanning ToolsScanning ToolsScanning Tools

■ NmapNmap

■ NessusNessus

■ SNMP Scanner SNMP Scanner

■ THC-ScanTHC-Scan

■ NetscanNetscan

■ IPSecScanIPSecScan

EnumerationEnumeration

Enumeration occurs after scanning and is the Enumeration occurs after scanning and is the process of gathering and compiling usernames, process of gathering and compiling usernames, machine names, network resources, shares, machine names, network resources, shares, and services. and services.

It also refers to actively querying or It also refers to actively querying or connecting to a target system to acquire this connecting to a target system to acquire this information.information.

Enumeration Steps

Hackers need to be methodical in their approach to Hackers need to be methodical in their approach to hacking. The following steps are an example of those a hacking. The following steps are an example of those a hacker might perform in preparation for hacking a hacker might perform in preparation for hacking a target system:target system:

1. 1. Extract usernames using enumeration.Extract usernames using enumeration. 2. 2. Gather information about the host using null sessions.Gather information about the host using null sessions. 3. 3. Perform Windows enumeration using the Superscan Perform Windows enumeration using the Superscan

tool.tool. 4. 4. Acquire the user accounts using the tool GetAcct.Acquire the user accounts using the tool GetAcct. 5. 5. Perform SNMP port scanning.Perform SNMP port scanning.

SQL injectionSQL injection

SQL injection is a code injection technique that SQL injection is a code injection technique that exploits a security vulnerability occurring in the exploits a security vulnerability occurring in the database layer of an application. database layer of an application.

The vulnerability is present when user input is either The vulnerability is present when user input is either incorrectly filtered for string literal escape characters incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.strongly typed and thereby unexpectedly executed.

SQL injectionSQL injection

During a SQL injection attack, malicious code is During a SQL injection attack, malicious code is inserted into a web form field or the website’s code to inserted into a web form field or the website’s code to make a system execute a command shell or other make a system execute a command shell or other arbitrary commands. arbitrary commands.

Just as a legitimate user enters queries and additions Just as a legitimate user enters queries and additions to the SQL database via a web form, the hacker can to the SQL database via a web form, the hacker can insert commands to the SQL server through the same insert commands to the SQL server through the same web form field. web form field.

Wireless Hacking TechniquesWireless Hacking Techniques

Cracking encryption and authentication Cracking encryption and authentication mechanismmechanism

Eavesdropping or sniffingEavesdropping or sniffing Denial of ServiceDenial of Service AP masquerading or spoofingAP masquerading or spoofing MAC spoofingMAC spoofing

Securing Your Wireless NetworkSecuring Your Wireless Network

Use Strong Encryption ProtocolUse Strong Encryption Protocol Don’t Announce YourselfDon’t Announce Yourself-Disable SSID -Disable SSID Change Default Administrator Passwords and Change Default Administrator Passwords and

UsernamesUsernames Limit Access To Your Access PointLimit Access To Your Access Point Do Not Auto-Connect to Open Wi-Fi NetworksDo Not Auto-Connect to Open Wi-Fi Networks Assign Static IP Addresses to DevicesAssign Static IP Addresses to Devices Enable Firewalls On Each Computer and the RouterEnable Firewalls On Each Computer and the Router Position the Router or Access Point SafePosition the Router or Access Point Safe

Chapter 2

Technology

Transcript of Chapter 2