Ethical Ethical Hacking Hacking Submitted by: Md. Khaja Pasha
Ethi mini - ethical hacking
Sep 01, 2014
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
EthicalEthical Hacking Hacking
Submitted by: Md. Khaja Pasha
What is Hacking ???What is Hacking ??? Hacking is unauthorized use of computer Hacking is unauthorized use of computer
and network resources. (The term and network resources. (The term "hacker" originally meant a very gifted "hacker" originally meant a very gifted programmer. In recent years though, programmer. In recent years though, with easier access to multiple systems, it with easier access to multiple systems, it now has negative implications.)now has negative implications.)
Type of HackersType of Hackers Script Kiddies or Cyber-PunksScript Kiddies or Cyber-Punks:: Between age Between age
12-30; bored in school; get caught due to 12-30; bored in school; get caught due to bragging online .bragging online .
Professional Criminals or CrackersProfessional Criminals or Crackers:: Make a Make a living by breaking into systems and selling the living by breaking into systems and selling the information.information.
Coders and Virus WritersCoders and Virus Writers:: These have strong These have strong programming background and write code but programming background and write code but won’t use it themselves; have their own won’t use it themselves; have their own networks called “zoos”; leave it to others to networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. release their code into “The Wild” or Internet.
What do Hackers do?What do Hackers do? A few examples of Web application hacksA few examples of Web application hacks
File QueryFile Query Browser caching Browser caching Cookie and URL hacksCookie and URL hacks SQL Injection SQL Injection Cross-site Scripting (# 1 threat today!)Cross-site Scripting (# 1 threat today!)
Web File QueryWeb File Query A hacker tests for HTTP (80) or HTTPS A hacker tests for HTTP (80) or HTTPS
(443)(443) Does a “View Source” on HTML file to Does a “View Source” on HTML file to
detect directory hierarchydetect directory hierarchy Can view sensitive information left by Can view sensitive information left by
system administrators or programmerssystem administrators or programmers Database passwords in /include filesDatabase passwords in /include files
Browser Page CachingBrowser Page Caching Be aware of differences between Be aware of differences between
browsers!browsers!
Pages with sensitive data should not be Pages with sensitive data should not be cached: page content is easily accessed cached: page content is easily accessed using using browser’s historybrowser’s history
Cookies and URLsCookies and URLs Sensitive data in cookies and URLs?Sensitive data in cookies and URLs?
Issues that arise are:Issues that arise are: Information is stored on a local computer (as files Information is stored on a local computer (as files
or in the browser’s history)or in the browser’s history) Unencrypted data can be intercepted on the Unencrypted data can be intercepted on the
network and/or logged into unprotected web log network and/or logged into unprotected web log filesfiles
SQL Injection AttacksSQL Injection Attacks SQL injection is a security vulnerability
that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements.
Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) AttacksAttacks
Malicious code can secretly gather Malicious code can secretly gather sensitive data from user while using sensitive data from user while using authentic website (login, password, authentic website (login, password, cookie)cookie)
What is Ethical Hacking ??What is Ethical Hacking ?? Ethical hackingEthical hacking – – defined “methodology adopted defined “methodology adopted
by ethical hackers to discover the harmed by ethical hackers to discover the harmed existing in information systems’ of operating existing in information systems’ of operating environments.”environments.”
With the growth of the Internet, computer security has With the growth of the Internet, computer security has become a major concern for businesses and become a major concern for businesses and governments. governments.
In their search for a way to approach the problem, In their search for a way to approach the problem, organizations came to realize that one of the best organizations came to realize that one of the best ways to evaluate the unwanted threat to their ways to evaluate the unwanted threat to their interests would be to have independent computer interests would be to have independent computer security professionals attempt to break into their security professionals attempt to break into their computer systems. computer systems.
Who are Ethical Hackers?Who are Ethical Hackers? ““One of the best ways to evaluate the intruder threat is to have an One of the best ways to evaluate the intruder threat is to have an
independent computer security professionals attempt to break their independent computer security professionals attempt to break their computer systems” computer systems”
Successful ethical hackers possess a variety of skills. First and Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. foremost, they must be completely trustworthy.
Ethical hackers typically have very strong programming and Ethical hackers typically have very strong programming and computer networking skills. computer networking skills.
They are also adept at installing and maintaining systems that use They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) the more popular operating systems (e.g., Linux or Windows 2000) used on target systems. used on target systems.
These base skills are detailed knowledge of the hardware and These base skills are detailed knowledge of the hardware and software provided by the more popular computer and networking software provided by the more popular computer and networking hardware vendors. hardware vendors.
What do Ethical Hackers do?What do Ethical Hackers do? An ethical hacker’s evaluation of a system’s security An ethical hacker’s evaluation of a system’s security
seeks answers to these basic questions: seeks answers to these basic questions: What can an intruder see on the target systems? What can an intruder see on the target systems? What can an intruder do with that information? What can an intruder do with that information? Does anyone at the target notice the intruder’s at Does anyone at the target notice the intruder’s at
tempts or successes? tempts or successes? What are you trying to protect? What are you trying to protect? What are you trying to protect against? What are you trying to protect against? How much time, effort, and money are you willing to How much time, effort, and money are you willing to
expend to obtain adequate protection? expend to obtain adequate protection?
Required Skills of an Ethical Required Skills of an Ethical HackerHacker
Routers:Routers: knowledge of routers, routing protocols, and access knowledge of routers, routing protocols, and access control listscontrol lists
Microsoft:Microsoft: skills in operation, configuration and management. skills in operation, configuration and management. Linux:Linux: knowledge of Linux/Unix; security setting, configuration, and knowledge of Linux/Unix; security setting, configuration, and
services.services. Firewalls:Firewalls: configurations, and operation of intrusion detection configurations, and operation of intrusion detection
systems.systems. Mainframes : knowledge of mainframes .Mainframes : knowledge of mainframes . Network Protocols:Network Protocols: TCP/IP; how they function and can be TCP/IP; how they function and can be
manipulated.manipulated. Project Management:Project Management: knowledge of leading, planning, organizing, knowledge of leading, planning, organizing,
and controlling a penetration testing team.and controlling a penetration testing team.
Hacker ClassesHacker Classes Hacker classesHacker classes
Black hatsBlack hats – highly skilled, – highly skilled, malicious, destructive “crackers”malicious, destructive “crackers” White hatsWhite hats – skills used for – skills used for defensive security analystsdefensive security analysts Gray hatsGray hats – offensively and – offensively and defensively; will hack for different defensively; will hack for different reasons, depends on situation.reasons, depends on situation.
HactivismHactivism – hacking for social and political cause. – hacking for social and political cause. Ethical hackersEthical hackers – determine what attackers can gain access to, – determine what attackers can gain access to,
what they will do with the information, and can they be detected.what they will do with the information, and can they be detected.
How to hack Windows-XP How to hack Windows-XP PasswordsPasswords
Simple User PasswordSimple User Password :- :-simply boot the System and simply boot the System and
press keyboard key “F8”. After this start press keyboard key “F8”. After this start the system in safe made .And open the the system in safe made .And open the Control panel-->User AccountControl panel-->User Accountchange or change or remove the password.remove the password.
Any Questions???Any Questions???OrOr
suggestions???suggestions???
Related Documents
