SlideShare a Scribd company logo

Cybersecurity cyberlab1

Download as PPTX, PDF
R
rayborg

This document provides an overview of hacking, including its history and common techniques. It begins with early "phone freaks" who experimented with hacking phone systems using blue boxes and Captain Crunch whistles. It then outlines the stages of a typical penetration test: reconnaissance, scanning/enumeration, gaining access, privilege escalation, maintaining access covertly, and covering tracks. Common hacking methods like password cracking, man-in-the-middle attacks, Trojans, and keyloggers are also summarized. The document concludes by noting that nothing is truly secure and that risk is a balance of attack cost and information value.

1 of 29
Downloaded 16 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Hacking: What is it and how is it done? Introduction to Cybersecurity Slides by Raymond Borges
Outline Background Hacking 101 The penetration test Reconnaissance Enumeration Gaining access Privilege escalation Maintaining access Stealth Conclusion
Background Phone freaks were some of the first hackers • Phreaking- activity of a culture of people who study, experiment with, or explore telecom • Blue box- tone generator capable of producing frequencies to hack phone trunks
Background Below is the blue box built by Steve Wozniak, on display at the Computer History Museum and also the Captain Crunch whistle
The Blue Box How did the Blue Box work? 1. User places a long distance telephone call 2. When the call rings he sends the 2600Hz tone 3. Basically, this tone is signaling you hung up 4. Line makes a "Ka-Cheep" noise, followed by silence, it is now waiting for routing digits 5. Dial a "Key Pulse" followed by telephone # 6. You just made a free call
Phreaking boxes!!! • Blue- can make calls initiated by generating 2600Hz tone followed by • Red- generates tones to simulate inserting coins in pay phones • Black- small electronic circuit added to a telephone which provided the caller with a free call.
Make your own Red Box 1. Download any free tone generator e.g. NCH Tone Generator 2. Create at least one ₵ ₵ or ₵ tone 5, 10 25 sequence by combining 1.7KHz and 2.2KHz i.e. ₵5=One 66 ms tone 3. Save and playback tone to payphone microphone 4. Free calls!
Hacking 101 Hacking - is the investigation and exploitation of system vulnerabilities. Hacking expertise varies, some categories are: • Newbies- Basic concepts but little practice • Cyberpunks – Know the tools of the trade • Coders- Write the tools to automate hacks • Cyber terrorists-Threats to national security
Hacker Hats • White hats- Security professionals (defense) • Black hats- Crackers, bad guys • Grey hats… In between
The penetration test Common steps in a pen test or hacking 1. Reconnaissance 2. Scanning and enumeration 3. Gaining access 4. Escalation of privileges 5. Maintaining access 6. Covering tracks
Information Gathering (Recon.)
Scanning The steps for a scanning methodology are: 1. Identify live systems 2. Discover open ports 3. Identify the OS and services 4. Scan for vulnerabilities
Gaining Access • Once known vulnerabilities are enumerated • Learn the extent of usefulness of exploitation The keystone of security is authentication and the most used method is the password
Password Attacks Passive online attack e.g. a packet sniffer capturing a password in plaintext in network traffic Active online attack e.g. password guessing Offline password cracking e.g. stealing the password hashes and offline cracking Keylogging e.g. hardware or software keystroke logger
Passive online attack 0.http://www.httprecipes.com/1/2/forms.php 1.Run Wireshark 2.Filter http 3.Find post method 4.Follow TCP stream 5. You have username and password in the clear if server isn’t using https SSL or other encryption
Replay and Man-in-the-middle • When passwords can’t be caught in plaintext Man-in-the-middle • ARP poisoning • Session hijacking Replay attack
Cain and Abel (ARP poisoning) 1. Install Cain and Abel 2. Connect to a network 3. Select sniffer tab 4. Start sniffer and select network interface 5. Select hosts on bottom and press then ok 6. Select bottom APR tab and click top window 7. Press and select target IP then hit Ok 8. Hit then select passwords tab, (http)
Cain and Abel (ARP poisoning) Man-in-the-middle (Worked in Firefox7) • http://www.voddler.com/ (clueless of attack) • http://www.cnet.com/ (clueless of attack) • https://www.fxhome.com/ (invalid certificate) • https://www.yahoo.com/ (invalid certificate) • https://www.amazon.com/ (invalid certificate) (Invalid certificate, worked in Internet Explorer 9 if continues) • https://accounts.google.com (Gmail) (sometimes, *cookies) • https://login.live.com (Hotmail)
Cain and Abel (ARP poisoning) Secured (Internet Explorer and Firefox) • http://www.facebook.com • https://www.facebook.com • https://www.paypal.com/ Firefox version 7 Secured, detects invalid certificate w/no continue • https://www.paypal.com
Active online attack (Guessing) 1. Your partner, child or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?) 2. The last 4 digits of your social security number. 3. 123 or 1234 or 123456. 4. “password” 5. Your city, or college, football team name. 6. Date of birth – yours, your partner’s or your child’s. 7. “god” 8. “letmein” This list covered about 20% of 9. “money” passwords as of March 10. “love” 31, 2010, according to Lifehacker.com
Offline password cracking Passwords on Windows systems found in SAM C:windowssystem32config C:windowsrepair copy sam and system files http://www.youtube.com/watch?v=SDsJbgl2J8E Passwords in Linux are found in shadow file /etc/shadow Crack password hash files (Cain and Abel)
Offline password cracking 1. Copy sam and system files 2. Run Cain and Abel 3. Select cracker tab 4. Select LM and NTLM 5. Select plus sign 6. Add sam and system files 7. Copy key, exit and paste 8. Right click and crack with LM up to Vista
Keyloggers Record every keystroke the user makes Software keyloggers can send passwords to remote computers (low risk for hacker) Hardware keyloggers may be small dongles placed on the back of a desktop (high risk for hacker)
Other forms of Gaining Access Trojans and backdoors • A Trojan can accomplish any number of things from sending email, keylogging and stealing data to turning your computer into a zombie. • Usually it provides an entrance and a form of maintaining access by implementing a backdoor.
Privilege Escalation Once inside a hacker can seek better ways of cracking the root or administrator password • A good tool that is somewhat famous in the hacker community is Metasploit. • Metasploit is a semi-automated tool for find vulnerabilities that may lead to role elevation.
Stealth Some tactics are: 1. Use passive attacks 2. Use proxies 3. Use the Tor anonymity network if possible 4. Hack from open or public access points 5. Use attack diversions when performing the real active attacks that could expose you
Conclusion Nothing is secure Security - matter of cost of attack vs info value Cost can be calculated in $dollars and effort Active attack = High Risk Passive attack = Low Risk
References • Matt Walker, CEH ALL-IN-ONE, 2011 • Williams Stalling, Lawrie Brown, Computer Security, 2008 • Jon Erickson, Hacking The Art of Exploitation, 2008 • http://www.nch.com.au/tonegen/faq.html • http://sectools.org/index.html • http://www.lifehacker.com.au/2010/03/how- i%E2%80%99d-hack-your-weak-passwords/ • http://www.youtube.com/watch?v=7ezGTP99xSw • http://www.wireshark.org/docs/wsug_html_chunked/ChW orkBuildDisplayFilterSection.html • http://www.youtube.com/watch?v=C_trnrkkPUs&feature=r elated
Questions? You’ve been hacked!

More Related Content

PPTX
Ethical Hacking Redefined
Pawan Patil
 
PPTX
Web defacement
student
 
PPT
Security
Prajwal Panchmahalkar
 
PPTX
Password Stealing & Enhancing User Authentication Using Opass Protocol
Prasad Pawar
 
PPTX
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
PPT
Hacking
syahila
 
PPT
Hacking
Harendra Singh
 
PPTX
Hacking
Nadeem Ahmad
 
Ethical Hacking Redefined
Pawan Patil
 
Web defacement
student
 
Security
Prajwal Panchmahalkar
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Prasad Pawar
 
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Hacking
syahila
 
Hacking
Harendra Singh
 
Hacking
Nadeem Ahmad
 

What's hot (20)

PPT
Ulfah
ulfah
 
PPTX
Hacking
parthTrambadiya
 
PPTX
Trojan horse
DevAkabari
 
PDF
Defcon 22-metacortex-grifter-darkside-of-the-internet
Priyanka Aash
 
PDF
KeyLoggers - beating the shit out of keyboard since quite a long time
n|u - The Open Security Community
 
PPT
Trojan backdoors
seth edmond
 
PPT
Backdoor
phanleson
 
PPT
Keyloggers and Spywares
Ankit Mistry
 
PPTX
Computer securety
rushil ahmed
 
PDF
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Priyanka Aash
 
PPTX
BackDoors Seminar
Chaitali Patel
 
DOCX
Introduction to trojans and backdoors
jibinmanjooran
 
PPTX
Trojans and backdoors
Gaurav Dalvi
 
PPTX
Trojan horsies prez
Studio Sheen
 
PDF
Ceh v5 module 06 trojans and backdoors
Vi Tính Hoàng Nam
 
PDF
Let's Hack a House
Synack
 
PPTX
Hacking
satwinderkaurbajwa
 
PPT
Keyloggers
novacharter
 
PPSX
Detection of running backdoors
mridulahuja
 
PPT
Hacking Presentation
Animesh Behera
 
Ulfah
ulfah
 
Hacking
parthTrambadiya
 
Trojan horse
DevAkabari
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Priyanka Aash
 
KeyLoggers - beating the shit out of keyboard since quite a long time
n|u - The Open Security Community
 
Trojan backdoors
seth edmond
 
Backdoor
phanleson
 
Keyloggers and Spywares
Ankit Mistry
 
Computer securety
rushil ahmed
 
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
Priyanka Aash
 
BackDoors Seminar
Chaitali Patel
 
Introduction to trojans and backdoors
jibinmanjooran
 
Trojans and backdoors
Gaurav Dalvi
 
Trojan horsies prez
Studio Sheen
 
Ceh v5 module 06 trojans and backdoors
Vi Tính Hoàng Nam
 
Let's Hack a House
Synack
 
Hacking
satwinderkaurbajwa
 
Keyloggers
novacharter
 
Detection of running backdoors
mridulahuja
 
Hacking Presentation
Animesh Behera
 
Ad

Viewers also liked (17)

PDF
TCPDUMP
Martin Cabrera
 
PPT
Addition
kwalker1318
 
PPT
Cain abel
KUNDOKU .com
 
PPT
Tomasz P from Poland
irenazd
 
PPT
Freeware Security Tools You Need
amiable_indian
 
PDF
Tcpdump basico
Josu Orbe
 
PDF
Introduction to tcpdump
Lev Walkin
 
PPTX
Cain
gasay
 
PPTX
Tcpdump
Sourav Roy
 
PPTX
Tcpdump hunter
Andrew McNicol
 
PPT
TCPdump-Wireshark
Harsh Singh
 
PPT
Tcpdump
Tensor
 
PPTX
Wireshark
Sourav Roy
 
PPTX
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
PPTX
Advantages and disadvantages of social media
Alan Raj
 
PPTX
Cyber security presentation
Bijay Bhandari
 
PPTX
Packet sniffers
Ravi Teja Reddy
 
TCPDUMP
Martin Cabrera
 
Addition
kwalker1318
 
Cain abel
KUNDOKU .com
 
Tomasz P from Poland
irenazd
 
Freeware Security Tools You Need
amiable_indian
 
Tcpdump basico
Josu Orbe
 
Introduction to tcpdump
Lev Walkin
 
Cain
gasay
 
Tcpdump
Sourav Roy
 
Tcpdump hunter
Andrew McNicol
 
TCPdump-Wireshark
Harsh Singh
 
Tcpdump
Tensor
 
Wireshark
Sourav Roy
 
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Advantages and disadvantages of social media
Alan Raj
 
Cyber security presentation
Bijay Bhandari
 
Packet sniffers
Ravi Teja Reddy
 
Ad

Similar to Cybersecurity cyberlab1 (20)

PPT
ETHICAL HACKING
Sweta Leena Panda
 
PPTX
Hacking and cracking
Deepak kumar
 
PDF
Introduction of hacking and cracking
Harshil Barot
 
PPTX
module 3 of cybersecurity of first year students
MayuraD1
 
PPT
Ethical Hacking
aashish2cool4u
 
PPT
Cyber security and detailed informat.ppt
raga04269
 
PPTX
Ethical hacking
Rishabha Garg
 
PPTX
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Qazi Anwar
 
DOCX
Password hacking
Abhay pal
 
PPT
hacking lecture 3c.ppt
peter722626
 
PPT
Ch07.ppt
ImXaib
 
PPT
Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt
ajajkhan16
 
PPT
Hacking 1224807880385377-9
Geoff Pesimo
 
PDF
Ethical Hacking
Syed Irshad Ali
 
PPTX
password cracking and Key logger
Patel Mit
 
PPTX
Ethical hacking 101 - Singapore RSA 2019
Paul Haskell-Dowland
 
PPTX
Hacking
Nadeem Ahmad
 
PPTX
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
PPTX
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
PPTX
Hacking
Mohit Agarwal
 
ETHICAL HACKING
Sweta Leena Panda
 
Hacking and cracking
Deepak kumar
 
Introduction of hacking and cracking
Harshil Barot
 
module 3 of cybersecurity of first year students
MayuraD1
 
Ethical Hacking
aashish2cool4u
 
Cyber security and detailed informat.ppt
raga04269
 
Ethical hacking
Rishabha Garg
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Qazi Anwar
 
Password hacking
Abhay pal
 
hacking lecture 3c.ppt
peter722626
 
Ch07.ppt
ImXaib
 
Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt
ajajkhan16
 
Hacking 1224807880385377-9
Geoff Pesimo
 
Ethical Hacking
Syed Irshad Ali
 
password cracking and Key logger
Patel Mit
 
Ethical hacking 101 - Singapore RSA 2019
Paul Haskell-Dowland
 
Hacking
Nadeem Ahmad
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Hacking
Mohit Agarwal
 

More from rayborg (6)

PDF
Borges rprojectcs691y
rayborg
 
PPTX
Cybersecurity cyberlab3
rayborg
 
PPTX
Cybersecurity cyberlab2
rayborg
 
PPTX
Research week3 idea
rayborg
 
PPTX
Mushroom tutorial http://rjdatamining.weebly.com
rayborg
 
PDF
Project 2 Data Mining Part 1
rayborg
 
Borges rprojectcs691y
rayborg
 
Cybersecurity cyberlab3
rayborg
 
Cybersecurity cyberlab2
rayborg
 
Research week3 idea
rayborg
 
Mushroom tutorial http://rjdatamining.weebly.com
rayborg
 
Project 2 Data Mining Part 1
rayborg
 

Cybersecurity cyberlab1

  • 1. Hacking: What is it and how is it done? Introduction to Cybersecurity Slides by Raymond Borges
  • 2. Outline Background Hacking 101 The penetration test Reconnaissance Enumeration Gaining access Privilege escalation Maintaining access Stealth Conclusion
  • 3. Background Phone freaks were some of the first hackers • Phreaking- activity of a culture of people who study, experiment with, or explore telecom • Blue box- tone generator capable of producing frequencies to hack phone trunks
  • 4. Background Below is the blue box built by Steve Wozniak, on display at the Computer History Museum and also the Captain Crunch whistle
  • 5. The Blue Box How did the Blue Box work? 1. User places a long distance telephone call 2. When the call rings he sends the 2600Hz tone 3. Basically, this tone is signaling you hung up 4. Line makes a "Ka-Cheep" noise, followed by silence, it is now waiting for routing digits 5. Dial a "Key Pulse" followed by telephone # 6. You just made a free call
  • 6. Phreaking boxes!!! • Blue- can make calls initiated by generating 2600Hz tone followed by • Red- generates tones to simulate inserting coins in pay phones • Black- small electronic circuit added to a telephone which provided the caller with a free call.
  • 7. Make your own Red Box 1. Download any free tone generator e.g. NCH Tone Generator 2. Create at least one ₵ ₵ or ₵ tone 5, 10 25 sequence by combining 1.7KHz and 2.2KHz i.e. ₵5=One 66 ms tone 3. Save and playback tone to payphone microphone 4. Free calls!
  • 8. Hacking 101 Hacking - is the investigation and exploitation of system vulnerabilities. Hacking expertise varies, some categories are: • Newbies- Basic concepts but little practice • Cyberpunks – Know the tools of the trade • Coders- Write the tools to automate hacks • Cyber terrorists-Threats to national security
  • 9. Hacker Hats • White hats- Security professionals (defense) • Black hats- Crackers, bad guys • Grey hats… In between
  • 10. The penetration test Common steps in a pen test or hacking 1. Reconnaissance 2. Scanning and enumeration 3. Gaining access 4. Escalation of privileges 5. Maintaining access 6. Covering tracks
  • 12. Scanning The steps for a scanning methodology are: 1. Identify live systems 2. Discover open ports 3. Identify the OS and services 4. Scan for vulnerabilities
  • 13. Gaining Access • Once known vulnerabilities are enumerated • Learn the extent of usefulness of exploitation The keystone of security is authentication and the most used method is the password
  • 14. Password Attacks Passive online attack e.g. a packet sniffer capturing a password in plaintext in network traffic Active online attack e.g. password guessing Offline password cracking e.g. stealing the password hashes and offline cracking Keylogging e.g. hardware or software keystroke logger
  • 15. Passive online attack 0.http://www.httprecipes.com/1/2/forms.php 1.Run Wireshark 2.Filter http 3.Find post method 4.Follow TCP stream 5. You have username and password in the clear if server isn’t using https SSL or other encryption
  • 16. Replay and Man-in-the-middle • When passwords can’t be caught in plaintext Man-in-the-middle • ARP poisoning • Session hijacking Replay attack
  • 17. Cain and Abel (ARP poisoning) 1. Install Cain and Abel 2. Connect to a network 3. Select sniffer tab 4. Start sniffer and select network interface 5. Select hosts on bottom and press then ok 6. Select bottom APR tab and click top window 7. Press and select target IP then hit Ok 8. Hit then select passwords tab, (http)
  • 18. Cain and Abel (ARP poisoning) Man-in-the-middle (Worked in Firefox7) • http://www.voddler.com/ (clueless of attack) • http://www.cnet.com/ (clueless of attack) • https://www.fxhome.com/ (invalid certificate) • https://www.yahoo.com/ (invalid certificate) • https://www.amazon.com/ (invalid certificate) (Invalid certificate, worked in Internet Explorer 9 if continues) • https://accounts.google.com (Gmail) (sometimes, *cookies) • https://login.live.com (Hotmail)
  • 19. Cain and Abel (ARP poisoning) Secured (Internet Explorer and Firefox) • http://www.facebook.com • https://www.facebook.com • https://www.paypal.com/ Firefox version 7 Secured, detects invalid certificate w/no continue • https://www.paypal.com
  • 20. Active online attack (Guessing) 1. Your partner, child or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?) 2. The last 4 digits of your social security number. 3. 123 or 1234 or 123456. 4. “password” 5. Your city, or college, football team name. 6. Date of birth – yours, your partner’s or your child’s. 7. “god” 8. “letmein” This list covered about 20% of 9. “money” passwords as of March 10. “love” 31, 2010, according to Lifehacker.com
  • 21. Offline password cracking Passwords on Windows systems found in SAM C:windowssystem32config C:windowsrepair copy sam and system files http://www.youtube.com/watch?v=SDsJbgl2J8E Passwords in Linux are found in shadow file /etc/shadow Crack password hash files (Cain and Abel)
  • 22. Offline password cracking 1. Copy sam and system files 2. Run Cain and Abel 3. Select cracker tab 4. Select LM and NTLM 5. Select plus sign 6. Add sam and system files 7. Copy key, exit and paste 8. Right click and crack with LM up to Vista
  • 23. Keyloggers Record every keystroke the user makes Software keyloggers can send passwords to remote computers (low risk for hacker) Hardware keyloggers may be small dongles placed on the back of a desktop (high risk for hacker)
  • 24. Other forms of Gaining Access Trojans and backdoors • A Trojan can accomplish any number of things from sending email, keylogging and stealing data to turning your computer into a zombie. • Usually it provides an entrance and a form of maintaining access by implementing a backdoor.
  • 25. Privilege Escalation Once inside a hacker can seek better ways of cracking the root or administrator password • A good tool that is somewhat famous in the hacker community is Metasploit. • Metasploit is a semi-automated tool for find vulnerabilities that may lead to role elevation.
  • 26. Stealth Some tactics are: 1. Use passive attacks 2. Use proxies 3. Use the Tor anonymity network if possible 4. Hack from open or public access points 5. Use attack diversions when performing the real active attacks that could expose you
  • 27. Conclusion Nothing is secure Security - matter of cost of attack vs info value Cost can be calculated in $dollars and effort Active attack = High Risk Passive attack = Low Risk
  • 28. References • Matt Walker, CEH ALL-IN-ONE, 2011 • Williams Stalling, Lawrie Brown, Computer Security, 2008 • Jon Erickson, Hacking The Art of Exploitation, 2008 • http://www.nch.com.au/tonegen/faq.html • http://sectools.org/index.html • http://www.lifehacker.com.au/2010/03/how- i%E2%80%99d-hack-your-weak-passwords/ • http://www.youtube.com/watch?v=7ezGTP99xSw • http://www.wireshark.org/docs/wsug_html_chunked/ChW orkBuildDisplayFilterSection.html • http://www.youtube.com/watch?v=C_trnrkkPUs&feature=r elated