Hacking Report

8/6/2019 Hacking Report

http://slidepdf.com/reader/full/hacking-report 1/28

HACKING – A MERE ENTHUSIASM

INTRODUCTION TO HACKING

What is HACKING?

- Hacking refers to an array of activities which are done to intrude

someone else’s personal information space so as to use it for malicious, unwanted

purposes.

- Hacking is a term used to refer to activities aimed at exploiting

security flaws to obtain critical information for gaining access to secured networks.

AND NOT JUST THAT…….

- Hacking also refers to the series of methods and array of activities

used to see and analyze the system for any SECURITY FLAWS, and to notify the

system officials about the mistakes so that the flaws could be overcome.

A Mere Enthusiasm…..

In this huge world of fascinating unsolved problems, since there are

many unsolved problems, someone have to take care about them. But just by

thinking about them won’t work, since these problems are sure to be hard to be

solved. But this is what we call a problem which needs an Enthusiast to solve. Our

journey of so called HACKING begins with a mere enthusiasm to solve a problem

which is still unsolved for rest of the world. Yes a mere Enthusiasm leads to newer

ways of solving the problems, and also better ones to replace the older techniques.

DEPT OF INFORMATION SCIENCE ENGINEERING, P.D.A COLLEGE OF ENGINEERING

Page 1




That is why I wonder how always the newer versions of software systems are

better than the older versions in every possible ways.

Just like in above figure, two men playing Chess are quite creative and well

capable to overcome the move made by the opponent, and not just that he has to

make a move so that older moves and older techniques used to beat opponent also

overcome. Just as the CHESS game, in our software world our newer systems

should be so built that, they should be invulnerable to older problems, and also

they should be so developed that, they should be ready to handle some kind newer problems also. This is what we call a mere Enthusiasm.

WHO IS A HACKER?


Page 2




Since hacking is just a mere enthusiasm, then we may say that, a hacker is

just a mere Enthusiast. But a mere enthusiast is the one who can do any kind of things. Both good and bad ones.

A HACKER IS JUST A MERE ENTHUSIAST WHO LOVES TO WORK ON

COMPUTER.

But not all of them are the same, at least their purpose of solving problems differ.

FIRST OF ALL A HACKER IS DIFFERENT FROM A CRACKER.


Page 3




Since we know who hacker is, now it’s time to know who is cracker. A

CRACKER is a person who hacks any computer with any bad intention like

accessing private important data. Hacking consist of attempting to make

unauthorized entry into computers and explore what is there.

HACKERS BUILD THINGS, CRACKERS BREAK THEM FOR THEIR

PERSONAL PROFIT.

The main aim of hacker is mostly misunderstood; most hackers are not

interested in making any kind of frauds. The main aim and purpose is widely

misunderstood, most hackers are not interested in doing massive frauds, modify

personnel banking, taxation and employee records.

EVERY CRACKER IS A HACKER, BUT NOT EVERY HACKER IS

CRACKER .

We know who really are hacker and cracker, but often a great know ledged

person who used to be a Hacker, who always wants to solve the problems are

misunderstood to a Cracker, who potentially can harm you in many ways.

Some more definitions to understand.


Page 4




Hacker: Someone who uses hacks.

Hacks: A different approach with some significant advantage over the current

approach.

Cracker: someone who destructs things.

Phreakers: phone System Manipulators

Script kiddies: those who are slaves of tools for each and every work they do, but

think of themselves as true hackers.

REASONS BEHIND CRACKING

Just for fun

Show off

crack other systems secretly

Notify many people their thought

Steal important information

Destroy enemy’s computer network during the war

Personal profit, but in an illegal way

Security breaching to overcome any firewall or barrier for outside

networks


Page 5




Nowadays everyone wants to have the Cyber Power, which comes with the

reach in Computer Networks

HACKERS IN HISTORY


Page 6




There were many Hackers in history, long back from 1970’s and up then

their number is increasing at a rapid rate. Below are some of them, who are as

famous as anybody.

IAN MURPHY KEVIN MITNIK JOHAN HELSINGUIS

LINUS TORVALDS MARK ABENE ROBERT MORRIS

BRIEF INFORMATION ABOUT SOME HACKERS…..

IAN ARTHUR MURPHY (CAPTAIN ZAP)


Page 7




In the 70's the Ian Murphy was active in, and repeatedly arrested for:

shoplifting, vandalism, and petty theft (mostly at Radio Shack), however; his

parents position in the community allowed them to protect him from prosecution.

In 1981 he was found guilty of felony fraud and theft. Simply put, he was having

high school students steal computer equipment for him. He would them remove the

serial numbers and "fence" or sell the stolen equipment. He was eventually caught,

convicted, and spent considerable time in prison and/or on probation. Ian claims to

have "been the first convicted hacker", and the "first hacker ever convicted of a

crime" (which is of course blatantly false). His felony convictions had nothing to

do with hacking, but instead felony theft and felony fraud. He has repeatedly tried

to capitalize on his felony (and other) convictions. Since most people neglect to

verify his claims they take him at face value and falsely believe him to be some

kind of hacker or security expert.

Ian A. Murphy is nothing more than a middle aged convicted felon, con

artist and petty thief with a long history of running scams. He has virtually no

technical skills (which should be obvious), no formal education, no computer

training, and no security training. He knows just enough computer lingo and jargon

to baffle his audience (provided they lack a technical background). He claims to

have been employed by the Central Intelligence Agency (CIA) as a member of a

covert assassination team, and also claims to have been a Navy SEAL. Subject

claims to have been taught information warfare by the National Security Agency

(NSA). His tradecraft is very poor, and the official records indicate that his claims

are totally false. Official government documents indicate that he was never an

employee, nor a contractor. It should be mentioned that the subject has been

committed to psychiatric facilities several times for "being delusional".


Page 8




Official Navy documents indicate that the subject enlisted for duty on

6/27/74 in Philadelphia, PA. However, he never made it through boot camp at

Great Lakes Naval Training Center. Ian was thrown out after several weeks, and

listed as "unsuitable for military service". Officially since he never graduated from

Boot Camp the Navy never offered him any type of job. He was given an General

Discharge (which is bad news), and was never given any awards or decorations.

The Navy confiscated all uniforms, clothes, and equipment from him and literally

tossed him out with only the clothes on his back, and a one way bus ticket home.

Navy records indicated the he was a high school drop out with no technical

training. Despite what Ian has repeatedly claimed, he was never a Navy SEAL,

never a Green Beret, Ranger, Spec Ops, etc.

Ian has also claimed on numerous occasions, to multiple people, and on a

printed resume he was passing around in 1996 that he is a retired Navy SEAL, that

he is a CIA Agent, a covert operative, claims he was awarded two Congressional

Medal of Honor, a Silver Star, numerous purple hearts, and so on. The only

problem is that he was only in the Navy long enough for them to toss him out

during the first two weeks of boot camp.

He knows how to pretend, is a fluent liar, and easily cons those victims who

take him at face value. If the scam victim had performed even the slightest due

diligence they would have found that the subject had used a bogus address and

business name. The subject has a long history of computer and Internet fraud, and

commonly sets up multiple bogus accounts with an ISP (often using a stolen credit

card or check). He will then run up hundreds of dollars in charges and never pay a

penny on the account.


Page 9




KEVIN DAVID MITNIK

Kevin David Mitnick (born August 6, 1963) is a computer security

consultant and author. He was a world-famous controversial computer hacker in

the late 20th century, who was, at the time of his arrest, the most wanted computer

criminal in United States history. He went by the handle of Condor.

After a well-publicized pursuit, the FBI arrested Kevin Mitnick in February

of 1995 at his apartment in Raleigh, North Carolina, on federal offenses related to

a 2½-year computer hacking spree.

In 1999, Mitnick admitted to the authorities to four counts of wire fraud, two

counts of computer fraud and one count of illegally intercepting a wire

communication, as part of a plea agreement before the United States District of

California in Los Angeles. He was sentenced to 46 months in prison in addition to

22 months for violating the terms of his 1989 supervised release sentence for

computer fraud. He admitted to violating the terms of supervised release by

hacking into PacBell voicemail and other systems and to associating with known

computer hackers, in this case co-defendant Louis De Payne.

Mitnick served five years in prison, of which four and a half years were pre-

trial and eight months were in solitary confinement because the Judge was

convinced he could start a nuclear war by whistling into a pay phone if he were

near one. He was released on January 21, 2000. During his supervised release,

which ended on January 21, 2003, he was initially restricted from using any

communications technology other than a landline telephone. Mitnick fought this

decision in court which ruled in his favor, allowing him to access the Internet.


Page 10




In addition, as per the plea deal, Mitnick was prohibited from profiting from

films or books that are based on his criminal activity for a period of seven years.

Mitnick now runs Mitnick Security Consulting LLC, a computer security

consultancy.

JOHAN “JULF” HELSINGUIS

Johan "Julf" Helsingius, born in 1961 in Helsinki, Finland, started and ran

the Anon.penet.fi internet remailer.

Anon.penet.fi was one of the most popular Internet remailers, handling

10,000 messages a day. The server was the first of its kind to use a password-

protected PO Box system for sending and receiving e-mails. In the eighties he was

the system administrator for the central Finnish news node as well as one of the

founding members of the Finnish UNIX User Group.

In February 1995, the Church of Scientology called in Interpol and Finnish

prosecutors in order to find out user an144108's real identity, an online critic

of Scientology. Pressured by possible police measures which would have meant

disclosing not one but all of the registered names in the database, Julf revealed the

identity of the person Scientology was looking for.]One year later, on Aug 30 1996,

he announced his remailer would shut down.

Helsingius went on to help found EUnet in Finland and was part of the team

of people that established the first Internet link to a Soviet country. Later, when

EUnet was acquired by Qwest Communications and soon after moved

into KPNQwest, Qwest's joint venture with KPN International, Julf became Chief

Technology Officer (CTO) for KPNQwest. He is now an Internet entrepreneur and


Page 11




is serving on the board of various companies (e.g. BaseN, which is based

in Finland). Helsingius lives in Amsterdam, the Netherlands.

Helsingius has studied music and traveled widely. His interests include

active sports, like mountain climbing, and aviation.

SOME IMPORTANT EVENTS TOOK PLACE……

1980’s

Cyberspace coined.

Two hacker groups formed.

414 arrested.

1990’s

National Crackdown on hackers.

Kevin Mitnick arrested.

Microsoft’s NT operating system pierced.

2001

In one of the biggest Denial of Service Attack, hackers launched attacks

against eBay, Yahoo!, CNN.com, Amazon and etc.

2007


Page 12




Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1

Million has been stolen in three months from 250 customer account.

TYPES OF HACKING

1. DOS ( DENIAL OF SERVICE )

In computer security, a denial-of-service attack (DoS attack) is an attempt to

make a computer resource unavailable to its intended users. Typically the targets

are high-profile web servers, and the attack attempts to make the hosted web pages

unavailable on the Internet. An attacker may be able to prevent you from accessing

email, web sites, online accounts (banking, etc.) or other services that rely on the

affected computer.


Page 13




TWO FORMS OF DOS ATTACK

• Force the victim computer(s) to reset or consume its resources such that it

can no longer provide its intended service.

• Obstruct the communication media between the intended users and the

victim so that they can no longer communicate adequately.

2. POD (PING OF DEATH)

A ping of death ("POD") is a type of attack on a computer that involves

sending a malformed or otherwise malicious ping to a computer. A ping is

normally 64 bytes in size; many computer systems cannot handle a ping larger

than the maximum IP packet size, which is 65,535 bytes. Sending a ping of this

size often crashes the target computer.

But the POD attack is nowadays believed to be an EPIC type of attack. In

later 1990’s all the systems and all the firewalls were fixed to avoid sudden system

crash due to malicious ping packet size. Nowadays all systems will just terminate

such packet requests.

3. DDOS (DISTRIBUTED DENIAL OF SERVICE)

In a Distributed denial-of-service (DDoS) attack, an attacker may use your

computer to attack another computer. By taking advantage of security

vulnerabilities or weaknesses, an attacker could take control of your computer.

Attacker could force your computer to send huge amounts of data to a web site or


Page 14




send spam to particular email addresses. The attack is "distributed" because the

attacker is using multiple computers, to launch the denial-of-service attack.

4. SYN FLOOD

In this method the attacker sends a succession of SYN ( synchronize)

requests to a target's system. When a client attempts to start a TCP connection to a

server, the client and server exchange a series of messages. And also shares the

data with the attacker.

5. UDP (USER DATAGRAM PROTOCOL)

UDP is a stateless connectionless protocol that runs on top of the IP

networks.UDP flood attack can be initiated by sending a large number of UDP

packets to the target system on random ports, so that it will determine which

application is awaiting packets on destination port, it will generate ICMP packet of

destination unreachable to the source address. Large number of such UDP packets

will degrade the service or even a complete SHUT DOWN.

What is ICMP?

ICMP is the "Internet Control Message Protocol". ICMP packets are small

packets used in local networks and on the Internet, most typically, for network


Page 15




troubleshooting and problem location. ICMP may be used for reporting the route

packets are taking to reach an arbitrary destination either locally or on the Internet

or to determine if a particular local or Internet connected device is reachable and/or

responding.

Various operating systems make use of the ICMP protocol for the above

mentioned purposes via utilities such as 'traceroute' and 'ping' in the UNIX/Linux

world, or 'tracert' and 'ping' in the Windows world.

6. PING FLOODING

PING FLOODING is nothing but degraded version of POD (Ping of Death),

but unlike POD, this one is still effective and works on almost all systems. Here

attacker just sends multiple ping requests to the target keeping packet size well

below 65535 bytes but more than 64 bytes. This will eventually take up all the

bandwidth of the target.

Here the attacker can request ping from the target of user specified ping size

as below in command prompt.

Ping target_ip_add –t –l packet_size

For e.g. Ping 192.168.5.1 –t –l 65500

Ping 169.254.227.226 –t –l 800


Page 16




7. SQL INJECTION

SQL Injection is a code injection technique that exploits a security

vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape

characters embedded in SQL statements or user input is not strongly typed and

thereby unexpectedly executed. It is an instance of a more general class of

vulnerabilities that can occur whenever one programming or scripting language is

embedded inside another. SQL injection attacks are also known as SQL insertion

attacks.

Nowadays this method is very popular because, everywhere the use of

database is increasing very rapidly.

WINDOWS HACKING

Even though it is called WINDOWS HACKING, we actually cant include it

in the list under the name Types of Hacking, since it’s just the techniques used to

overcome some minor problems related to a particular single computer mainly

related to the Windows Operating Systems. The main difference in Windows

Hacking those we are going to see are non network based hacks.

WINDOWS 98 PASSWORD HACK


Page 17




1. At the startup of the system press F8 and enter into the DOS Mode and we can

get rid of the system password by just entering following commands

In command prompt enter…….

rename c:\windows\*pwl c:\windows\*zzz

Now we can restart the system with normal settings, and when the password

console asks for password, enter your own password and type it again for

confirmation. Now your desired new password is set. Again we can set old

password as below……

rename c:\windows\*zzz c:\windows\*pwl

2. If you want to get rid of the WINDOWS 98 password, the simplest way is to use

the system with “SAFE MODE”.

We can enter into SAFE MODE by pressing F5 while the system boot up

and system configuration is being displayed. While entering SAFE MODE,

password console wont appears and we can use almost all programs, but some GUI

will be degraded.

WINDOWS XP PASSWORD HACK

1.The above mentioned method with SAFE MODE, do not work in WINDOWS

XP, since its corrected in XP, but still we can get rid of administrator’s password in


Page 18




XP with just mere standard account or guest account with the help of command

prompt.

Following steps are to be followed in command prompt…..

net user username password

For E.g.……if there is administrator user called “XYZ” and password is

unknown, then we can reset its password as…..

net user XYZ password

We can also maintain USER ACCOUNTS in WINDOWS XP without any

Administrator privileges as below…….

To add an user…… net user new_username password /add

To remove an user…… net user username /delete

So by using 1st and 3rd commands we can even delete the administrator’s

account without any privileges.

2. To get rid of the WINDOWS XP Password, there is another simple technique,

but the restriction is here the account you want to access should be windows

created administrator, not the original Windows Root Administrator.

The trick is as follows……


Page 19




When computer asks for the password for the user account, press

ctrl+alt+del from the keyboard. The classic password console will be displayed,

there we can change the username as “Administrator “ now without any password

you can login, and now are actually using the real Windows XP Root

Administrator, and you have all the privileges, and you can change the password of

the account you wanted to login.

WINDOWS VISTA PASSWORD HACK

Above mentioned any of the techniques to hack password for WINDOWS

OS’s don’t work for WINDOWS VISTA, that is what the advantage of hacking,

since the Microsoft has been informed at regular intervals about the loop holes in

their system, and that is why they always seek Feedback from all the people over

the world for their products, so that they can overcome the problems and flaws.

And by the way about hacking the VISTA password, it’s quite simple, just

use ULTIMATE BOOT DISK, which is bootable and it will retrieve the password

for you. It uses the Brute force technique to match the password.

I hope WINDOWS 7 would probably be invulnerable to this disk too.


Page 20




COMPUTER SAFETY

When it comes to our own computer’s safety, how it is related to the outer

Hacker’s world. But yeah they both are really connected to each other.

HACKING YOUR PC


Page 21




Ohh...This looks really bad....

What is on your PC?

• Banking, Taxes, Medical Records


Page 22




•

Cookies! Browser History!

• Password File??

How do they get in??

• Viruses/ Trojans

• Spywares

• Key loggers

• Remote Login


Page 23




The above figure illustrates how the private information is being stolen from a

personal computer, these are mainly done with help some Trojans, and spywares

and Remote Login (Force) programs.

HOW TO SAFEGAURD OUR COMPUTER

• Antivirus & Antispyware

• Always have a good Firewall

• Automatic Updates

• Backup you’re Data – Securely!

• Control Access to your special PC, and use good passwords

• Never neglect any kind minor/ major problems


Page 24




• Don’t open up any new unknown web links

• Don’t trust any unknown software's and their sources

OR

START

USING

LINUX

Ubuntu – Fedora – Open Suse – Kubuntu – Debian - Red Hat – Slackware –

Many Moooooreeeee


Page 25




ADVANTAGES AND DISADVANTAGES

Advantages:-

Hacking leads to debug and fixing up any system flaws.

The world is full of fascinating problems to be solved, and Hacker is the one

to try out them.

Nobody should ever have to solve same problem again, therefore hackers

share the solutions to officials.

Being a hacker will take lot of intelligence, hard work, practice and

dedication, so companies can always rely on the solutions provided by them.

Disadvantages:-

Every Cracker is also a Hacker.

Important data loss and huge loss of hard work of program developers.

Computer security threats, Network threats.

Nowadays since all Banking is done through network, financial crisis can

happen anytime.


Page 26




CONCLUSION

“Information is free and needs to be accessible for everyone.“ This is

what hackers believe in, so they retrieve whatever they want.

Internet is a rich source of huge amount of information available 24 x 7, just

we need is little intelligence to get it.

Hacking is not always Bank Robbery!.

A mere enthusiast use his/ her brain to solve a problem in his/ her own way

and shares it to everyone, this person is what we call a real HACKER.

Hacking leads the computer world to a whole new level.

Increased rate of Computer Security & also Computer Threats.

The challenge between Hackers and Developers leads to better products for

the users.

GOOGLE – The best way to go.


Page 27




REFERENCES

www.hackthissite.org

www.wikipedia.com

www.hackquest.de

www.wikihow.com/Hack

www.securityfocus.com

www.academylinux.com

Last but not the least www.google.com


Page 28

http://www.hackthissite.org/

http://www.wikipedia.com/

http://www.hackquest.de/

http://www.wikihow.com/Hack

http://www.securityfocus.com/

http://www.academylinux.com/

http://www.google.com/


http://www.hackthissite.org/

http://www.wikipedia.com/

http://www.hackquest.de/

http://www.wikihow.com/Hack

http://www.securityfocus.com/

http://www.academylinux.com/


Hacking Report

Documents