Ethical Hacking and Network Security
-
Upload
sumit-dimri -
Category
Education
-
view
8.589 -
download
9
description
Transcript of Ethical Hacking and Network Security
![Page 1: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/1.jpg)
1
Glimpse on Computer Security
A presentation by –Sumit Dimri
![Page 2: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/2.jpg)
AGENDA
SECURITY GOOGLE HACKING SNIFFERS ARP SPOOFING STEGANOGRAPHY SOCIAL ENGINEERING HACKING WEB SERVER
2
![Page 3: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/3.jpg)
3
Network Security
![Page 4: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/4.jpg)
A Brief History of the World
4
![Page 5: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/5.jpg)
Overview
What is security? Why do we need security? Who is vulnerable?
5
![Page 6: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/6.jpg)
What is “Security”
Dictionary.com says: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, or fear; confidence. 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious.
2. Measures adopted by a government to prevent attack.
3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
…etc.
6
![Page 7: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/7.jpg)
Why do we need security?
Protect vital information while still allowing access to those who need it Trade secrets, medical records, etc.
Provide authentication and access control for resources
7
![Page 8: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/8.jpg)
Who is vulnerable?
Financial institutions and banks Internet service providers Government and defense
agencies Contractors to various
government agencies Multinational corporations ANYONE ON THE NETWORK
8
![Page 9: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/9.jpg)
Security related URLs
http://www.robertgraham.com/pubs/network-intrusion-detection.html
http://online.securityfocus.com/infocus/1527
http://www.snort.org/ http://www.cert.org/ http://www.nmap.org/ http://grc.com/dos/grcdos.htm http://lcamtuf.coredump.cx/newtcp/
9
![Page 10: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/10.jpg)
Google Hacking
Plays a very important role in collecting information about the target.
Google has a variety of special search syntaxes.
List of employees, their personal details. Sometimes simple searches yield
personal pages and non authorized information.
Google can assist an ethical hacker in many ways.
![Page 11: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/11.jpg)
What is Google? A powerful full-text search engine
that indexes over 10 billion websites A tool A site that has launched a
vocabulary all its own
![Page 12: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/12.jpg)
How does GoogleTM work?
![Page 13: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/13.jpg)
The special syntaxes
INTITLEintitle: restricts your search to
the titles of web pages.Intitle: “HACKING”
![Page 14: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/14.jpg)
![Page 15: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/15.jpg)
INURL
inurl: restricts your search to the URLs of web pages. This syntax tends to work well for finding search and help pages because they tend to be rather regular in composition.
Inurl: hacking
![Page 16: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/16.jpg)
![Page 17: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/17.jpg)
SITE
Site: allows you to narrow your search by either a site or a top-level domain.
Site:edu
![Page 18: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/18.jpg)
![Page 19: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/19.jpg)
LINK
Link: returns a list of pages linking to the specified URL. Enter link:www.orkut.com and you’ll be returned a list of pages that link to Orkut.
![Page 20: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/20.jpg)
![Page 21: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/21.jpg)
FILETYPE
Filetype: searches the suffixes or filename extensions.
Filetype:ppt google hacking
![Page 22: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/22.jpg)
![Page 23: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/23.jpg)
15-441 Networks Fall 2002 23
![Page 24: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/24.jpg)
15-441 Networks Fall 2002 24
![Page 25: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/25.jpg)
What are Sniffers? Sniffers monitor network data. A sniffer usually act as network probes
or “snoops”-examining network traffic but not intercepting or altering them.
Ettercap is the best tool for sniffer.
![Page 26: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/26.jpg)
![Page 27: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/27.jpg)
![Page 28: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/28.jpg)
![Page 29: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/29.jpg)
ARP Spoofing
Getting max internet speed using ARP spoofing.
![Page 30: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/30.jpg)
ARP POISONING :arp -a
15-441 Networks Fall 2002 30
![Page 31: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/31.jpg)
15-441 Networks Fall 2002 31
![Page 32: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/32.jpg)
What is Steganography?
The process of hiding data in images is called Steganography.
Attackers can embed information such as: Source code for hacking tool. List of compromised servers. Plans for future attacks.
![Page 33: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/33.jpg)
![Page 34: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/34.jpg)
![Page 35: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/35.jpg)
![Page 36: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/36.jpg)
![Page 37: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/37.jpg)
What Is Social Engineering Social engineering is the human side
of breaking into a corporate network. An employee may unwittingly give
away key information in an email or by answering questions over the phone with someone they don’t know.
![Page 38: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/38.jpg)
Art Of Manipulation
The goal of a social engineer is to trick someone into providing valuable information or access to that information.
It preys on qualities of human nature, such as the desire to be helpful, the tendency to trust people and the fear of getting in trouble.
![Page 39: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/39.jpg)
Human Weakness
People are usually the weakest link in the security chain.
Social engineering is the hardest form of attack to defend against because it cannot be defended with hardware or software alone.
![Page 40: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/40.jpg)
Human Based Social Engineering Human based social engineering can
be broadly categorized into: Technical support Third person approach Dumpster Diving Shoulder Surfing
![Page 41: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/41.jpg)
Computer Based Social Engineering These can be divided into the
following categories: Mail attachments Websites Spam Mail
![Page 42: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/42.jpg)
Reverse Social Engineering More advanced method of gaining
illicit information is known as “reverse social engineering”.
This is when the hacker creates a persona that appears to be in a position of authority so that employees will ask him for information, rather than the other way around.
![Page 43: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/43.jpg)
Hacking Web Servers
Popular web servers Apache web server IIS Web server Sun ONE web server
![Page 44: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/44.jpg)
Invading PHP server
Sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible . This tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.
![Page 45: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/45.jpg)
Steps for web hacking
1. Search the server Make a Google dork to find sites running
Apache and PHP4.4 .
2. Scan the server Start by scanning them using
Nmap,Do and intense scan and find the open ports. If you find port 2000 open, then you have almost got it. Most websites running
![Page 46: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/46.jpg)
PHP4.4 have this port for admin login.
Now just login using port 2000 http://www.website.com:2000And you will be comfortably login into admin Page like this-
![Page 47: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/47.jpg)
![Page 48: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/48.jpg)
3.Hack the siteNow in the fields, you have to type-Username – adminPassword – a’ or 1=1 or ‘bDomain - a’ or 1=1 or ‘bAnd press go , you will login into admin.
![Page 49: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/49.jpg)
![Page 50: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/50.jpg)
![Page 51: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/51.jpg)
Now you have hacked into admin. Actually sitesbased on PHP4.4 have the vulnerability in themthat they are vulnerable to SQL injection. It will Literally take 20 seconds.
![Page 52: Ethical Hacking and Network Security](https://reader035.fdocuments.in/reader035/viewer/2022081422/55585503d8b42a993b8b4be4/html5/thumbnails/52.jpg)
Thanks For your time
52