Hacking
Jan 21, 2015
Hacking
What I s Hack ing
Computer hacking is when someone modifies computer hardware or software in a way that alters the creator's original intent.
Commun i t i e s o f Hacke r
HackerPhreaksCrackers
Script kiddies
• Hackers are Intelligent Computer Professionals.
• Motive/Intent –• To gain in-depth knowledge of a system,
what’s happening at the backend, behind the screen.
• To find possible security vulnerabilities in a system.
• They create security awareness by sharing knowledge. It’s a team work.
Hacker?
Types of Hacker
Types of Hacker
Whi te Ha t
• A white hat is the hero or good guy, especially in computing slang, where it refers to an ethical hacker or Penetration tester who focuses on securing and protecting IT systems.
• White Hat Hackers, also known as Ethical Hackers
Types of Hacker
B l a c k H a t
• A black hat is the villain or bad guy. It refers to a hacker that breaks into networks or computers, or creates computer viruses. Black Hat Hackers (also called "crackers") who are specialized in unauthorized penetration of information systems.
• They may use computers to attack systems for profit, for fun, or for political motivations or as a part of a social cause.
Types o f Hacker
Grey Hat• A grey hat, in the hacking community,
refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not.
• They are a hybrid between white and black hat hackers.
• They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological
Fa m o u s H a c ke r s i n H i s t o r y
Ian Murphy Kevin Mitnick Johan Helsinguis
Mark AbeneLinus Torvalds Robert Morris
• An Individuals who break into computers with malicious intent.
• Motive/Intent –• To seek unauthorized access into a
system and cause damage or destroy or reveal confidential information.
• To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge.
• Effects- Can cause financial losses & image/reputation damages,
defamation in the society for individuals or organizations
Crackers /At tackers
Phreaks?
• Phreaks – These are persons who use computer devices and software to break into phone networks.
• Motive/Intention- To find loopholes in security in phone network and to make phone calls at free of cost!!!
• Effects- You may have to big amount of phone bills, for doing nothing!!!
Scr ip t K idd ies
• Script Kiddies – These are persons not having technical skills to hack computers.
• Motive/Intention- They use the available information about known
• vulnerabilities to break into remote systems.
• It’s an act performed for a fun or out of curiosity.
Mal ic ious Hacker St ra teg ies
Reconnaissance
Scanning
Attack
1
2
3
Reconnaissance
Sacnn ing
Scanning is the process of finding out open/close ports,vulnerabilities in remote system, server & networks.• Scanning will reveal• IP addresses• Operating systems• Services running on each computer.• Services running on each computer.
Types o f Scann ing
• Port Scanning• Network Scanning• Vulnerability Scanning
Por t Scann ing
• Port Scanning is one of the most popular technique attacker use todiscover the service they break into.• All machines connected to a LAN or connected to Internet via amodem run many services that listen at well-known and not so wellknownports.• There are 1 to 65535 ports are available in the computer.• By port scanning the attacker finds which ports are available .
Network Scann ing
Understand IP Addresses and related information about the computer network systems
Vulnerab i l i ty Scann ing
Understand the exiting weakness
Top 10 Vu lnerab i l i t ies1. SQL Injection 2. Cross Site Scripting (XSS)3. Malicious File Execution4. Insecure Direct Object Reference5. Cross Site Request Forgery (CSRF)6. Information Leakage and Improper
Error Handling7. Broken Authentication and Session
Management8. Insecure Cryptographic Storage9. Insecure Communications10. Failure to Restrict URL Access
Example Of SQL Injection