Ethical Hacking
E`Hacking
A technological threat
Content
1.What is ethical hacking ?
2.Who are the ethical hacker ?
3.Types of hacker
4.Why do people hack ?
5.What do hacker after hacking ?
6.Process of ethical hacking ?
7.What should we do after hacking ?
2.Who are the ethical hacker ?
3.Types of hacker
4.Why do people hack ?
5.What do hacker after hacking ?
6.Process of ethical hacking ?
7.What should we do after hacking ?
ETHICAL HACKING
Permission is obtained from the target
Identify vulnerabilities visible from Internet at particular point of time
Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
If the hacking is doing for wrong intent then it is called CRACKING.
If the hacking is doing for wrong intent then it is called CRACKING.
Types of hacker
White Hat Hackers-: they are good because they nothing to stole for himself.
Black hat hacker-: they are bad because they stole for himself
Gray hat hacker-: they belongs between the white hat & black hat hacker.
Black hat hacker-: they are bad because they stole for himself
Gray hat hacker-: they belongs between the white hat & black hat hacker.
World’s best three hacker
Jonathan James was known as "c0mrade" on the Internet. What is his ticket to fame? He was convicted and sent to prison for hacking in the United States–all while he was still a minor. At only fifteen years of age, he managed to hack into a number of networks, including those belonging to South, Miami-Dade, the U.S. Department of Defense, and NASA.
Kevin Mitnick’s journey as a computer hacker has been so interesting and compelling that the U.S. Department of Justice called him the “most wanted computer criminal in U.S. history.” His story is so wild that it was the basis for two featured films.
Albert Gonzalez paved his way to Internet fame when he collected over 170 million credit card and ATM card numbers over a period of 2 years. Yep. That’s equal to a little over half the population of the United States. Gonzalez started off as the leader of a hacker group known as Shadow Crew. This group would go on to steal 1.5 million credit card numbers and sell them online for profit. Shadow Crew also fabricated fraudulent passports, health insurance cards, and birth certificates for identity theft crimes total ling $4.3 million stolen
Albert Gonzalez paved his way to Internet fame when he collected over 170 million credit card and ATM card numbers over a period of 2 years. Yep. That’s equal to a little over half the population of the United States. Gonzalez started off as the leader of a hacker group known as Shadow Crew. This group would go on to steal 1.5 million credit card numbers and sell them online for profit. Shadow Crew also fabricated fraudulent passports, health insurance cards, and birth certificates for identity theft crimes total ling $4.3 million stolen
Why do people hack ?
To make security stronger( Ethical hacking).
Just for fun.
Show off.
Hack other system secretly.
Notify many people their thought.
Steal important information.
Destroys enemy’s computer during the war.
Show off.
Hack other system secretly.
Notify many people their thought.
Steal important information.
Destroys enemy’s computer during the war.
What do hacker after hacking ?
Patch security hole.
Clear logs and hide themselves
Install root-kit(backdoor).
The hacker who hacked the system used later.
It moves virus , Trojan in the system.
Install scanner program like mscan , sscan ,nscan.
Install exploit program
Use all install program silently.
Clear logs and hide themselves
Install root-kit(backdoor).
The hacker who hacked the system used later.
It moves virus , Trojan in the system.
Install scanner program like mscan , sscan ,nscan.
Install exploit program
Use all install program silently.
Process of ethical hacking
Preparation
Footprinting
Enumeration & Fingerprinting
Identification of Vulnerabilities
Exploiting the system
Accessing
Covering tracks
Creating back door
Footprinting
Enumeration & Fingerprinting
Identification of Vulnerabilities
Exploiting the system
Accessing
Covering tracks
Creating back door
Preparation
Identification of Targets – company websites, mail servers, extranets, etc.
Signing of Contract
Agreement on protection against any legal issues
Contracts to clearly specifies the limits and dangers of the test
Key people who are made aware of the testing
Agreement on protection against any legal issues
Contracts to clearly specifies the limits and dangers of the test
Key people who are made aware of the testing
Footprinting
Collecting as much information about the target
DNS Servers
IP Ranges
Administrative Contacts
Problems revealed by administrators
Information Sources
Search engines
Databases – whois, ripe, arin, apnic
Tools
PING, whois, Traceroute, DIG, nslookup, sam spade
Tools
PING, whois, Traceroute, DIG, nslookup, sam spade
Enumeration & Fingerprinting
Specific targets determined
Identification of Services / open ports
Operating System Enumeration
Tools
Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
Identification of Services / open ports
Operating System Enumeration
Tools
Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
Identification of Vulnerabilities
Vulnerabilities
Insecure Configuration, Weak passwords
Possible Vulnerabilities in Services, Operating Systems
Insecure programming
Weak Access Control
Tools
Nessus, ISS, SARA, SAINT
Ethercap, tcpdump
John the ripper, LC4, Pwdump
Achilles, Whisker, Legion
Insecure Configuration, Weak passwords
Possible Vulnerabilities in Services, Operating Systems
Insecure programming
Weak Access Control
Tools
Nessus, ISS, SARA, SAINT
Ethercap, tcpdump
John the ripper, LC4, Pwdump
Achilles, Whisker, Legion
Exploiting the system
Gaining access through the following attacks
Operating system attacks
Application level attacks
Scripts and sample program attacks
Misconfiguration attack
DOS attacks
If every attack we mention is failed then hacker use dos attack. It is more powerful then any attack.
Operating system attacks
Application level attacks
Scripts and sample program attacks
Misconfiguration attack
DOS attacks
If every attack we mention is failed then hacker use dos attack. It is more powerful then any attack.
If every attack we mention is failed then hacker use dos attack. It is more powerful then any attack.
Accessing
Enough data has been gathered at this point to make an informed attempt to access the target
Techniques
File share brute forcing
Password file grab
Buffer overflows
Enough data has been gathered at this point to make an informed attempt to access the target
File share brute forcing
Password file grab
Buffer overflows
Covering tracks
clean up the log files.
Shut down the system.
Hide the tools
Creating Back Doors
Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder
Techniques
Create rogue user accounts
Plant remote control services
Replace apps with Trojans
Techniques
Replace apps with Trojans
What should we do after hack ?
Shut down the system or turn off the system.
Separate the system from Network.
Restore the system with the backup or reinstall all program.
Connect the system to the network
Shut down the system or turn off the system.
Separate the system from Network.
Restore the system with the backup or reinstall all program.
Connect the system to the network
0 Comments:
Post a Comment