content What is ethical hacking ?

Who are the ethical hacker ?

Types of hacker

Why do people hack ?

What do hacker after hacking ?

Process of ethical hacking ?

What should we do after hacking ?

ETHICAL HACKINGPermission is obtained from the target

Identify vulnerabilities visible from Internet at particular point of time

Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner

if the hacking is doing for wrong intent then it is called CRACKING.

Types of hacker

White Hat Hackers-: they are good because they nothing to stole for himself.

Black hat hacker-: they are bad because they stole for himself

Gray hat hacker-: they belongs between the white hat & black hat hacker.

World’s best three hacker Jonathan James was known as “c0mrade” on the Internet. What is his ticket to

fame? He was convicted and sent to prison for hacking in the United States–all while he was still a minor. At only fifteen years of age, he managed to hack into a number of networks, including those belonging to Bell South, Miami-Dade, the U.S. Department of Defence, and NASA.

Kevin Mitnick’s journey as a computer hacker has been so interesting and compelling that the U.S. Department of Justice called him the “most wanted computer criminal in U.S. history.” His story is so wild that it was the basis for two featured films.

Albert Gonzalez paved his way to Internet fame when he collected over 170 million credit card and ATM card numbers over a period of 2 years. Yep. That’s equal to a little over half the population of the United States.Gonzalez started off as the leader of a hacker group known as Shadow Crew. This group would go on to steal 1.5 million credit card numbers and sell them online for profit. Shadow Crew also fabricated fraudulent passports, health insurance cards, and birth certificates for identity theft crimes totalling $4.3 million stolen

Why do people hack ?

To make security stronger( Ethical hacking).

Just for fun.

Show off.

Hack other system secretly.

Notify many people their thought.

Steal important information.

Destroys enemy’s computer during the war.

What do hacker after hacking ?

Patch security hole.

Clear logs and hide themselves

Install rootkit(backdoor).

The hacker who hacked the system used later.

It moves virus , Trojan in the system.

Install scanner program like mscan , sscan ,nscan.

Install exploit program

Use all install program silently.

Process of ethical hacking Preparation Footprinting Enumeration & Fingerprinting Identification of Vulnerabilities Exploiting the system Accessing Covering tracks Creating back door

Preparation Identification of Targets – company websites, mail

servers, extranets, etc.

Signing of Contract

Agreement on protection against any legal issues

Contracts to clearly specifies the limits and dangers of the test

Key people who are made aware of the testing

Footprinting Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Databases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup, sam

spade

Enumeration & Fingerprinting Specific targets determined Identification of Services / open ports

Operating System Enumeration

Tools

Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner

Identification of Vulnerabilities

Vulnerabilities

Insecure Configuration, Weak passwords

Possible Vulnerabilities in Services, Operating Systems

Insecure programming

Weak Access Control

Tools

- Nessus, ISS, SARA, SAINT

Ethercap, tcpdump

John the ripper, LC4, Pwdump

Achilles, Whisker, Legion

Exploiting the system(1)Gaining access through the following attacks Operating system attacks

Application level attacks

Scripts and sample program attacks

Misconfiguration attack

<2> DOS attacks->If every attack we mention is failed then hacker use dos attack. It is more powerful then any attack.

Accessing Enough data has been gathered at this point to

make an informed attempt to access the target

Techniques

File share brute forcing

Password file grab

Buffer overflows

Covering tracks clean up the log files.

Shut down the system.

Hide the tools

Creating Back Doors

Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder

Techniques

Create rogue user accounts

Plant remote control services

Replace apps with trojans

What should we do after hack ?

. Shut down the system or turn off the system.

Separate the system from Network.

Restore the system with the backup or reinstall all program.

Connect the system to the network