Security & Ethical Hacking p4
-
Upload
amit-tripathi -
Category
Documents
-
view
223 -
download
0
Transcript of Security & Ethical Hacking p4
-
8/8/2019 Security & Ethical Hacking p4
1/20
Ethical Hacking andEthical Hacking andSecuritySecurity
SharadSharad Kr Singh &Kr Singh & AbhineetAbhineet KumarKumarB.TechB.Tech Final YearFinal Year
Accurate Institute Of Management &Accurate Institute Of Management &TechnologyTechnology
-
8/8/2019 Security & Ethical Hacking p4
2/20
OverviewOverview Introduction to Hacking.Introduction to Hacking.
What hackers can do ?What hackers can do ?
Understanding the need to hack your own systems.Understanding the need to hack your own systems.
Our overall goals as an ethical hacker.Our overall goals as an ethical hacker.
Basic terms.Basic terms.
Remote hacking steps.Remote hacking steps.
Basic Security TipsBasic Security Tips
-
8/8/2019 Security & Ethical Hacking p4
3/20
IntrouctionIntrouction to the Hackingto the Hacking
Hacking is a process to bypass the securityHacking is a process to bypass the securitymechanisms of an information system or network.mechanisms of an information system or network.Hacking is done in steps partly by creative thinkingHacking is done in steps partly by creative thinking
and partly by using different tools at a time.and partly by using different tools at a time.
Hacking can also be stated as anHacking can also be stated as an unauthorisedunauthorised use ofuse ofcomputer and network resources.(The term hackercomputer and network resources.(The term hacker
originally meant a very gifted programmer. In recentoriginally meant a very gifted programmer. In recentyears though, with easier access to multiple systems,years though, with easier access to multiple systems,it now has negative implications)it now has negative implications)
-
8/8/2019 Security & Ethical Hacking p4
4/20
What hackers can do?What hackers can do? Hacker can enter any remote system to get allHacker can enter any remote system to get all
the information without any trace.the information without any trace.
Hack any emailHack any email password,websitepassword,website and takeand take
down network with the help of the DDOSdown network with the help of the DDOSattack.attack.
Hacker can break any password (AdminHacker can break any password (Adminpasswordpassword--All O.S)All O.S)
Hacker can call to any one without tracing.Hacker can call to any one without tracing.
-
8/8/2019 Security & Ethical Hacking p4
5/20
Understanding the need to hackUnderstanding the need to hack
your own systemsyour own systemsTo catch a thief, think like a thiefTo catch a thief, think like a thief. Thats the basis. Thats the basis
of ethical hacking. The law of averages worksof ethical hacking. The law of averages works
against security. With the increased numbers andagainst security. With the increased numbers andexpanding knowledge of hackers combined withexpanding knowledge of hackers combined withthe growing number of system vulnerabilitiesthe growing number of system vulnerabilities
and other unknowns, the time will come whenand other unknowns, the time will come when
all computer systems are hacked orall computer systems are hacked orcompromised in some way.compromised in some way.
-
8/8/2019 Security & Ethical Hacking p4
6/20
Our overall goals as an ethicalOur overall goals as an ethical
hacker should be as follows :hacker should be as follows : Hack your systems in a nondestructive fashion.Hack your systems in a nondestructive fashion.
Enumerate vulnerabilities and, if necessary,Enumerate vulnerabilities and, if necessary,prove to management that vulnerabilities existsprove to management that vulnerabilities exists
and can be exploited.and can be exploited.
Apply results to remove the vulnerabilities andApply results to remove the vulnerabilities andbetter secure your systems.better secure your systems.
-
8/8/2019 Security & Ethical Hacking p4
7/20
Basic termsBasic terms
Vulnerability Assessment: A vulnerabilityVulnerability Assessment: A vulnerabilityassessment is a process of identifying, quantifyingassessment is a process of identifying, quantifyingand prioritizing the vulnerabilities in a system.and prioritizing the vulnerabilities in a system.
Penetration Testing: A penetration test is a methodPenetration Testing: A penetration test is a methodof evaluating the security of a computer system orof evaluating the security of a computer system ornetwork by simulating an attack from a maliciousnetwork by simulating an attack from a malicioussource, known as Black Hat Hacker or Cracker.source, known as Black Hat Hacker or Cracker.
Social Engineering: It is a act ofSocial Engineering: It is a act of manupulatingmanupulatingpeople into performing hacking actions or divulgingpeople into performing hacking actions or divulgingconfidential information.confidential information.
-
8/8/2019 Security & Ethical Hacking p4
8/20
Steps Of HackingSteps Of Hacking
Information Gathering/Foot Printing.Information Gathering/Foot Printing. Port Scanning.Port Scanning.
OS Fingerprinting.OS Fingerprinting.
Banner Grabbing.Banner Grabbing. Vulnerability Assessment.Vulnerability Assessment. Search & build Exploit.Search & build Exploit.
Attack.Attack. Maintain Access with help of Root kits and Trojans.Maintain Access with help of Root kits and Trojans.
Covering Tracks.Covering Tracks.
-
8/8/2019 Security & Ethical Hacking p4
9/20
-
8/8/2019 Security & Ethical Hacking p4
10/20
-
8/8/2019 Security & Ethical Hacking p4
11/20
OS FingerprintingOS Fingerprinting
OS Fingerprinting is a process to find out victimsOS Fingerprinting is a process to find out victimsOperating System(Operating System(Windows,LinuxWindows,Linux).).
When exploring a network for security auditing orWhen exploring a network for security auditing or
inventory/administration, you usually want to knowinventory/administration, you usually want to knowmore than the bare IP addresses of identifiedmore than the bare IP addresses of identifiedmachines. Your reaction to discovering a printermachines. Your reaction to discovering a printermay be very different than to finding a router,may be very different than to finding a router,
wireless access point, telephone PBX, gamewireless access point, telephone PBX, gameconsole, Windows desktop, or Unix server.console, Windows desktop, or Unix server.
Important Tools:Important Tools: nmapnmap,, NetScanToolsNetScanTools Pro,Pro, PofPof..
-
8/8/2019 Security & Ethical Hacking p4
12/20
Banner GrabbingBanner Grabbing
Banner Grabbing is an attack designed to deduce the brand andBanner Grabbing is an attack designed to deduce the brand andversion of an OS or application, meaning after port scanning weversion of an OS or application, meaning after port scanning wefind apache is open port 80 and Linux is the target OS, but thefind apache is open port 80 and Linux is the target OS, but theversion of apache(2.0,2.2,or2.6) for remote hacking is unknown.version of apache(2.0,2.2,or2.6) for remote hacking is unknown.
Example: c:Example: c:\\>telnet 69.93.227.34.80[Enter].>telnet 69.93.227.34.80[Enter].
Change Port 80 as per requirement like 21 for ftp and SSH andChange Port 80 as per requirement like 21 for ftp and SSH and25 for mail server.25 for mail server.
-
8/8/2019 Security & Ethical Hacking p4
13/20
Vulnerability AssessmentVulnerability Assessment
What is Vulnerability Assessment?What is Vulnerability Assessment?The word The word vulnerabilitydescribesvulnerabilitydescribes aa
problem(such as a programming bug orproblem(such as a programming bug or
commoncommon misconfigurationmisconfiguration) that allows a system) that allows a systemto be attacked or broken into.to be attacked or broken into.
A vulnerability assessment is a process ofA vulnerability assessment is a process ofidentifying, quantifying, and prioritizing(oridentifying, quantifying, and prioritizing(orranking) the vulnerabilities in a system.ranking) the vulnerabilities in a system.
-
8/8/2019 Security & Ethical Hacking p4
14/20
Assessments are typically performedAssessments are typically performed
according to the following stepsaccording to the following steps Cataloging assets and capabilities(resources) in aCataloging assets and capabilities(resources) in a
system.system. Assigning quantifiable value(or a least rankAssigning quantifiable value(or a least rank
order) and importance to those resources.order) and importance to those resources. Identifying the vulnerabilities or potential threatsIdentifying the vulnerabilities or potential threats
to each resource.to each resource. Mitigating or eliminating the most seriousMitigating or eliminating the most serious
vulnerabilities for the most valuable resources.vulnerabilities for the most valuable resources.Important Tools:Important Tools: XcobraXcobra,, NiktoNikto,, PrivoxyPrivoxy, ATK,, ATK,
Canvas.Canvas.
-
8/8/2019 Security & Ethical Hacking p4
15/20
Search & Build ExploitSearch & Build Exploit
Manual Method:Manual Method:
We can find vulnerability manually on followingWe can find vulnerability manually on followingsites to hack any program and system:sites to hack any program and system:
www.milworm.comwww.milworm.com ,, www.securityfocus.comwww.securityfocus.com ..
For exploit and final attack, download theFor exploit and final attack, download the
source code and compile exploit for final attack.source code and compile exploit for final attack.
-
8/8/2019 Security & Ethical Hacking p4
16/20
Maintain AccessMaintain Access
After getting remote access we place a root kitAfter getting remote access we place a root kit
or Trojan virus for future remote access.or Trojan virus for future remote access.
-
8/8/2019 Security & Ethical Hacking p4
17/20
-
8/8/2019 Security & Ethical Hacking p4
18/20
AttackAttack
Launch attack on remote system and get reverseLaunch attack on remote system and get reverse
shell.shell.
-
8/8/2019 Security & Ethical Hacking p4
19/20
-
8/8/2019 Security & Ethical Hacking p4
20/20
Thank You!!Thank You!!