Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website .

Ethical Hacking

KaaShiv InfoTechKaaShiv InfoTech

For For Inplant Training / Inplant Training / InternshipInternship, , please download please download

the "Inplant training registration form" the "Inplant training registration form" from our website from our website www.kaashivinfotech.com. Fill the www.kaashivinfotech.com. Fill the form and send it to form and send it to [email protected] [email protected]

www.kaashivinfotech.com

““How often have I said to you that when you have How often have I said to you that when you have eliminated the impossible, whatever remains, eliminated the impossible, whatever remains, however improbable, must be the truth? “however improbable, must be the truth? “

Or a modern variation:Or a modern variation:"If you eliminate the impossible, whatever "If you eliminate the impossible, whatever remains, remains, however improbablehowever improbable, , mustmust be the be the truthtruth."."

For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to [email protected]


AnonymousAnonymousAs for the literal operation of Anonymous, becoming part of it is as As for the literal operation of Anonymous, becoming part of it is as

simple as going onto its Internet Relay Chat forums and typing simple as going onto its Internet Relay Chat forums and typing away. away.

The real-life people involved in Anonymous could be behind their The real-life people involved in Anonymous could be behind their laptops anywhere, from an Internet café in Malaysia to a Michigan laptops anywhere, from an Internet café in Malaysia to a Michigan suburb. suburb.

Anonymous appears to have no spokesperson or leader. Anonymous appears to have no spokesperson or leader.

One could participate for a minute or a day in a chat room, and then One could participate for a minute or a day in a chat room, and then never go back again.never go back again.

Anonymous is the future form of Internet-based social activism. They Anonymous is the future form of Internet-based social activism. They laud the "hactivists" for their actions.laud the "hactivists" for their actions.



Underground Toolkit Arms Hackers For Java FlawBy Antone Gonsalves, CRN March 29, 2012 3:57 PM ET

A software toolkit popular among cyber-criminals has been updated to include malicious code targeting a critical Java vulnerability that experts say many Internet users have yet to patch.…A patch for the Java bug was released in February, but based on the Java patching behavior of 28 million Internet users, Rapid7 estimates that from 60 percent to 80 percent of computers running Java are vulnerable. The bug affects all operating systems, including Windows, starting with XP, Ubuntu and Mac OS X.

In general, up to 60 percent of Java installations are never updated to the latest version, according to Rapid7.

http://www.crn.com/news/security/232700528/underground-toolkit-arms-hackers-for-java-flaw.htm;jsessionid=aN-QwyraKe6tlMxNtzWh5A**.ecappj03?cid=nl_sec



Federal Statute 2B1.1. - Protected Computer - Civil Penalty

Protected Computer Cases.--In the case of an offense involving unlawfully accessing, or exceeding authorized access to, a "protected computer" as defined in 18 U.S.C. § 1030(e)(2), actual loss includes the following pecuniary harm, regardless of whether such pecuniary harm was reasonably foreseeable: reasonable costs to the victim of conducting a damage assessment, and restoring the system and data to their condition prior to the offense, and any lost revenue due to interruption of service.

(B) Gain.--The court shall use the gain that resulted from the offense as an alternative measure of loss only if there is a loss but it reasonably cannot be determined.

(C) Estimation of Loss.--The court need only make a reasonable estimate of the loss. The sentencing judge is in a unique position to assess the evidence and estimate the loss based upon that evidence.



Why Do People HackWhy Do People Hack

To make security stronger ( Ethical Hacking )To make security stronger ( Ethical Hacking )

Just for funJust for fun

Show offShow off

Hack other systems secretlyHack other systems secretly

Notify many people their thoughtNotify many people their thought

Steal important informationSteal important information

Destroy enemyDestroy enemy’’s computer network during the wars computer network during the war



What is Ethical HackingAlso Called – Attack & Penetration Testing, White-hat hacking, Red teaming•It is Legal

•Permission is obtained from the target•Part of an overall security program•Identify vulnerabilities visible from the Internet•Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner

HackingProcess of breaking into systems for:Personal or Commercial GainsMalicious Intent – Causing sever damage to Information & AssetsConforming to accepted professional standards of conduct



Types of HackersTypes of Hackers White Hat Hackers:White Hat Hackers:

A A White HatWhite Hat who specializes in penetration testing and in who specializes in penetration testing and in other testing methodologies to ensure the security of an other testing methodologies to ensure the security of an organization's information systems.organization's information systems.

Black Hat Hackers:Black Hat Hackers:

A A Black HatBlack Hat is the villain or is the villain or bad guybad guy, especially in a western , especially in a western movie in which such a character would stereotypically wear a movie in which such a character would stereotypically wear a black black hat in contrast to the hero's white hat. in contrast to the hero's white hat.

Gray Hat Hackers:Gray Hat Hackers:

A A Grey HatGrey Hat, in the hacking community, refers to a skilled , in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and hacker whose activities fall somewhere between white and black hat hackers on a variety of spectrablack hat hackers on a variety of spectraFor Inplant Training / Internship,

please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to [email protected]


http://en.wikipedia.org/wiki/Hat

Why CanWhy Can’’t We Defend Against Hackers?t We Defend Against Hackers?

• There are many unknown security hole

• Hackers need to know only one security hole to hack the system

• Admin need to know all security holes to defend the system

www.kaashivinfotech.comwww.kaashivinfotech.com


Why Do We Need Ethical Hacking

Viruses, Trojan Horses, and Worms

SocialEngineering

AutomatedAttacks

Accidental Breaches in Security Denial of

Service (DoS)

OrganizationalAttacks

RestrictedData

Protection from possible External Attacks



Ethical Hacking - Commandments

Working Ethically Trustworthiness Misuse for personal gain

Respecting Privacy Not Crashing the Systems



What do hackers do after hacking? (1)What do hackers do after hacking? (1)

• Patch security hole

• The other hackers can’t intrude

• Clear logs and hide themselves

• Install rootkit ( backdoor )

• The hacker who hacked the system can use the system later

• It contains trojan virus, and so on

• Install irc related program

• identd, irc, bitchx, eggdrop, bncFor Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to [email protected]


What do hackers do after hacking? (2)What do hackers do after hacking? (2)

• Install scanner program

• mscan, sscan, nmap

• Install exploit program

• Install denial of service program

• Use all of installed programs silently



Basic Knowledge RequiredBasic Knowledge Required The basic knowledge that an Ethical Hacker should have about The basic knowledge that an Ethical Hacker should have about

different fields, is as follows:different fields, is as follows:

Should have basic knowledge of ethical and permissible issuesShould have basic knowledge of ethical and permissible issues

Should have primary level knowledge of session hijackingShould have primary level knowledge of session hijacking

Should know about hacking wireless networksShould know about hacking wireless networks

Should be good in sniffingShould be good in sniffing

Should know how to handle virus and wormsShould know how to handle virus and worms

Should have the basic knowledge of cryptographyShould have the basic knowledge of cryptography

Should have the basic knowledge of accounts administrationShould have the basic knowledge of accounts administration

Should know how to perform system hackingShould know how to perform system hacking



Basic Knowledge Required Basic Knowledge Required (con’t)(con’t)

Should have the knowledge of physical infrastructure hackingShould have the knowledge of physical infrastructure hacking

Should have the primary knowledge of social engineeringShould have the primary knowledge of social engineering

Should know to how to do sacking of web serversShould know to how to do sacking of web servers

Should have the basic knowledge of web application weaknessShould have the basic knowledge of web application weakness

Should have the knowledge of web based password breaking procedureShould have the knowledge of web based password breaking procedure

Should have the basic knowledge of SQL injectionShould have the basic knowledge of SQL injection

Should know how to hack LinuxShould know how to hack Linux

Should have the knowledge of IP hackingShould have the knowledge of IP hacking

Should have the knowledge of application hackingShould have the knowledge of application hacking



Denial of ServiceDenial of Service If an attacker is unsuccessful in gaining access, they may If an attacker is unsuccessful in gaining access, they may

use readily available exploit code to disable a target as a use readily available exploit code to disable a target as a last resortlast resort

Techniques Techniques

SYN floodSYN flood

ICMP techniquesICMP techniques

Identical SYN requestsIdentical SYN requests

Overlapping fragment/offset bugsOverlapping fragment/offset bugs

Out of bounds TCP options (OOB)Out of bounds TCP options (OOB)

DDoSDDoS



How Can We Protect The How Can We Protect The System? System?

Patch security hole oftenPatch security hole often Encrypt important dataEncrypt important data

Ex) pgp, sshEx) pgp, ssh Do not run unused daemonDo not run unused daemon Remove unused setuid/setgid programRemove unused setuid/setgid program Setup loghostSetup loghost

• Backup the system oftenBackup the system often Setup firewallSetup firewall Setup IDSSetup IDS

Ex) snortEx) snort



What should do after hacked?What should do after hacked? Shutdown the systemShutdown the system

Or turn off the systemOr turn off the system Separate the system from networkSeparate the system from network

Restore the system with the backupRestore the system with the backup

Or reinstall all programsOr reinstall all programs Connect the system to the networkConnect the system to the network



Ethical Hacking - Process1. Preparation

2. Foot Printing

3. Enumeration & Fingerprinting

4. Identification of Vulnerabilities

5. Attack – Exploit the Vulnerabilities

6. Gaining Access

7. Escalating Privilege

8. Covering Tracks

9. Creating Back Doors



1.Preparation Identification of Targets – company websites, mail servers,

extranets, etc. Signing of Contract

Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the

test Specifics on Denial of Service Tests, Social Engineering,

etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing



2.FootprintingCollecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators

Information Sources Search engines Forums Databases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup,

sam spade



3.Enumeration & Fingerprinting

Specific targets determined Identification of Services / open ports Operating System Enumeration

Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN,

etc.

Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh,

telnet, SNMP Scanner



4.Identification of Vulnerabilities

Vulnerabilities

Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating

systems, applications Possible Vulnerabilities in Services, Operating

Systems Insecure programming Weak Access Control



4.Identification of VulnerabilitiesMethods Unpatched / Possible Vulnerabilities – Tools,

Vulnerability information Websites Weak Passwords – Default Passwords, Brute force,

Social Engineering, Listening to Traffic Insecure Programming – SQL Injection, Listening to

Traffic Weak Access Control – Using the Application Logic,

SQL Injection



4.Identification of Vulnerabilities

ToolsVulnerability Scanners - Nessus, ISS, SARA, SAINTListening to Traffic – Ethercap, tcpdumpPassword Crackers – John the ripper, LC4, PwdumpIntercepting Web Traffic – Achilles, Whisker, Legion

Websites Common Vulnerabilities & Exposures –

http://cve.mitre.org Bugtraq – www.securityfocus.com Other Vendor Websites



http://cve.mitre.org/

http://www.securityfocus.com/

5.Attack – Exploit the Vulnerabilities Obtain as much information (trophies)

from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected

systems

Last Ditch Effort – Denial of Service



5.Attack – Exploit the Vulnerabilities

Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS

Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security



5.Attack – Exploit the Vulnerabilities

Application Specific Attacks Exploiting implementations of HTTP, SMTP

protocols Gaining access to application Databases SQL Injection Spamming



5.Attack – Exploit the VulnerabilitiesExploits Free exploits from Hacker Websites Customised free exploits Internally Developed

Tools – Nessus, Metasploit Framework,



6. Gaining access:6. Gaining access: Enough data has been gathered at this point to make an Enough data has been gathered at this point to make an

informed attempt to access the targetinformed attempt to access the target

TechniquesTechniques

Password eavesdroppingPassword eavesdropping

File share brute forcingFile share brute forcing

Password file grabPassword file grab

Buffer overflowsBuffer overflows



7. Escalating Privileges7. Escalating Privileges If only user-level access was obtained in the last step, the If only user-level access was obtained in the last step, the

attacker will now seek to gain complete control of the attacker will now seek to gain complete control of the systemsystem


Password crackingPassword cracking

Known exploitsKnown exploits



8. Covering Tracks8. Covering Tracks Once total ownership of the target is secured, Once total ownership of the target is secured,

hiding this fact from system administrators hiding this fact from system administrators becomes paramount, lest they quickly end the becomes paramount, lest they quickly end the romp.romp.


Clear logsClear logs Hide toolsHide tools



9. Creating Back Doors9. Creating Back Doors Trap doors will be laid in various parts of the system to Trap doors will be laid in various parts of the system to

ensure that privileged access is easily regained at the whim ensure that privileged access is easily regained at the whim of the intruderof the intruder


Create rogue user accountsCreate rogue user accounts Schedule batch jobsSchedule batch jobs Infect startup filesInfect startup files Plant remote control servicesPlant remote control services Install monitoring mechanismsInstall monitoring mechanisms Replace apps with trojansReplace apps with trojans




Thank you


Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website .

Documents

future form of internet

java bug

internet users

percent of java installations

internet caf

critical java vulnerability

java patching behavior

java flawby antone gonsalves