SlideShare a Scribd company logo

1.hacking and its types for all types of attackers.ppt

Download as PPT, PDF
R
RohitAhuja58

ITs a PPT which tells about hacking

Education
1 of 32
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Introduction to Ethical Hacking Dr. Rajkumar Tekchandani
Hacking • Hacking is the process of identifying and exploiting weakness in a system or a network to gain unauthorized access to data and system resources. It can also be defined as an unauthorized intrusion into the information systems/networks by an attacker by compromising the security. Example of Hacking: Exploiting the weakness of default password to gain access to the data stored inside the system. • What is Ethical Hacking? • Ethical Hacking sometimes called as Penetration Testing is an act of intruding/penetrating into system or networks to find out threats, vulnerabilities in those systems which a malicious attacker may find and exploit causing loss of data, financial loss or other major damages. The purpose of ethical hacking is to improve the security of the network or systems by fixing the vulnerabilities found during testing. Ethical hackers may use the same methods and tools used by the malicious hackers but with the permission of the authorized person for the purpose of improving the security and defending the systems from attacks by malicious users. • Ethical hackers are expected to report all the vulnerabilities and weakness found during the process to the management.
CIA Triangle
Important characteristics of Information • Information is meaningful data which has to be protected in order to protect the privacy, security, identity of an organization or a person or a nation. An information is called valuable because of few characteristics. The main characteristics which make an information valuable are • 1. Confidentiality Confidentiality ensures that an Information is accessible to only an authorized user. The main pupose of confidentiality is to protect the sensitive information from reaching the wrong hands.It is used to maintain the privacy of the people. Encryption is a good example of confidentiality. • 2. Availability Information should be available to an authorised person when it is requested for. It is the guarantee of access to the authorised individual to information. Keeping all the hardware and software up to date and keeping back up, taking proper recovery measures will ensure availability of data. • 3. Integrity Integrity maintains the correctness or accuracy of the information while the data is in transit, storage or processing. It is the guarantee that information is trust worthy and not tampered. This attribute ensures that an unauthorised person will not be able to modify the data. RSA digital signature, SHA1 hash codes are good examples. • 4. Authentication It is verifying whether the user, data, transactions involved is genuine. This attribute ensures that only genuine or right people are given access to the information. Login mechanisms can be used to verify the authenticity of users • 5. Non-Repuditiation This is a property of information which is used to holds a person responsible for the information he sent or received. In future, he cannot deny his role in sending or receiving the information.
Security, Functionality and Usability Triangle • Security, Functionality and Usability Triangle • There is an inter dependency between these three attributes. When security goes up, usability and functionality come down. Any organization should balance between these three qualities to arrive at a balanced information system.
Phases of Ethical Hacking
Reconnaissance: This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. This is the preparatory phase where we collect as much information as possible about the target. We usually collect information about three groups, Network Host People involved There are two types of Footprinting: Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan the target (Scanning tools) Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc.
Scanning: Three types of scanning are involved: Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host. (Nmap, hping) Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools (Wireshark) Network Mapping: Finding the topology of network(star/ bus), routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the haking process.
Gaining Access https://securitytrails.com/blog/top-15- ethical-hacking-tools-used-by-infosec-professionals This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data. 15 Ethical Hacking Tools You Can’t Miss 1. John the Ripper 2. Metasploit 3. Nmap 4. Wireshark 5. OpenVAS 6. IronWASP 7. Nikto 8. SQLMap 9. SQLNinja 10. Wapiti 11. Maltego 12. AirCrack-ng 13. Reaver 14. Ettercap 15. Canvas
Maintaining Access: Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that targe
Clearing Track: No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created.
• Because they can – A large fraction of hacker attacks have been pranks • Financial Gain • Espionage • Venting anger at a company or organization • Terrorism Why do Hackers Attack?
• Active Attacks – Denial of Service – Breaking into a site • Intelligence Gathering • Resource Usage • Deception • Passive Attacks – Sniffing • Passwords • Network Traffic • Sensitive Information – Information Gathering Types of Hacker Attack
• Over the Internet • Over LAN • Locally • Offline • Theft • Deception Modes of Hacker Attack
Definition: An attacker alters his identity so that some one thinks he is some one else – Email, User ID, IP Address, … – Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: 1. IP Spoofing: 2. Email Spoofing 3. Web Spoofing Spoofing
Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 • Attacker changes his own IP address to spoofed address • Attacker can send messages to a machine masquerading as spoofed machine • Attacker can not receive messages from that machine
Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies IP Spoofing – Source Routing Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 • The path a packet may change can vary over time • To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network Attacker intercepts packets as they go to 10.10.20.30
Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: 1. Create an account with similar email address – Sanjaygoel@yahoo.com: A message from this account can perplex the students 2. Modify a mail client – Attacker can put in any return address he wants to in the mail he sends 3. Telnet to port 25 – Most mail servers use port 25 for SMTP. Attacker logs on to this port and composes a message for the user. Email Spoofing
• Basic – Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com • Man-in-the-Middle Attack – Attacker acts as a proxy between the web server and the client – Attacker has to compromise the router or a node through which the relevant traffic flows • URL Rewriting – Attacker redirects web traffic to another site that is controlled by the attacker – Attacker writes his own web site address before the legitimate link • Tracking State – When a user logs on to a site a persistent authentication is maintained – This authentication can be stolen for masquerading as the user Web Spoofing
• Web Site maintains authentication so that the user does not have to authenticate repeatedly • Three types of tracking methods are used: 1. Cookies: Line of text with ID on the users cookie file – Attacker can read the ID from users cookie file 2. URL Session Tracking: An id is appended to all the links in the website web pages. – Attacker can guess or read this id and masquerade as user 3. Hidden Form Elements – ID is hidden in form elements which are not visible to user – Hacker can modify these to masquerade as another user Web Spoofing – Tracking State
Definition: Process of taking over an existing active session Modus Operandi: 1. User makes a connection to the server by authenticating using his user ID and password. 2. After the users authenticate, they have access to the server as long as the session lasts. 3. Hacker takes the user offline by denial of service 4. Hacker gains access to the user by impersonating the user Session Hijacking
• Attacker can – monitor the session – periodically inject commands into session – launch passive and active attacks from the session Session Hijacking Bob telnets to Server Bob authenticates to Server Bob Attacker Server Die! Hi! I am Bob
• Attackers exploit sequence numbers to hijack sessions • Sequence numbers are 32-bit counters used to: – tell receiving machines the correct order of packets – Tell sender which packets are received and which are lost • Receiver and Sender have their own sequence numbers • When two parties communicate the following are needed: – IP addresses – Port Numbers – Sequence Number • IP addresses and port numbers are easily available so once the attacker gets the server to accept his guesses sequence number he can hijack the session. Session Hijacking – How Does it Work?
Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: 1. Crashing the system or network – Send the victim data or packets which will cause system to crash or reboot. 2. Exhausting the resources by flooding the system or network with information – Since all resources are exhausted others are denied access to the resources 3. Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks Denial of Service (DOS) Attack
Types: 1. Ping of Death 2. SSPing 3. Land 4. Smurf 5. SYN Flood 6. CPU Hog 7. Win Nuke 8. RPC Locator 9. Jolt2 10. Bubonic 11. Microsoft Incomplete TCP/IP Packet Vulnerability 12. HP Openview Node Manager SNMP DOS Vulneability 13. Netscreen Firewall DOS Vulnerability 14. Checkpoint Firewall DOS Vulnerability Denial of Service (DOS) Attack
• This attack takes advantage of the way in which information is stored by computer programs • An attacker tries to store more information on the stack than the size of the buffer How does it work? Buffer Overflow Attacks • Buffer 2 Local Variable 2 Buffer 1 Local Variable 1 Return Pointer Function Call Arguments • Fill Direction Bottom of Memory Top of Memory Normal Stack • Buffer 2 Local Variable 2 Machine Code: execve(/bin/sh) New Pointer to Exec Code Function Call Arguments • Fill Direction Bottom of Memory Top of Memory Smashed Stack Return Pointer Overwritten Buffer 1 Space Overwritten
• Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack • Simple weaknesses can be exploited – If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters • Can be used for espionage, denial of service or compromising the integrity of the data Examples – NetMeeting Buffer Overflow – Outlook Buffer Overflow – AOL Instant Messenger Buffer Overflow – SQL Server 2000 Extended Stored Procedure Buffer Overflow Buffer Overflow Attacks
• A hacker can exploit a weak passwords & uncontrolled network modems easily • Steps – Hacker gets the phone number of a company – Hacker runs war dialer program • If original number is 555-5532 he runs all numbers in the 555- 55xx range • When modem answers he records the phone number of modem – Hacker now needs a user id and password to enter company network • Companies often have default accounts e.g. temp, anonymous with no password • Often the root account uses company name as the password • For strong passwords password cracking techniques exist Password Attacks
• Password hashed and stored – Salt added to randomize password & stored on system • Password attacks launched to crack encrypted password Password Security Hash Function Hashed Password Salt Compare Password Client Password Server Stored Password Hashed Password Allow/Deny Access
• Find a valid user ID • Create a list of possible passwords • Rank the passwords from high probability to low • Type in each password • If the system allows you in – success ! • If not, try again, being careful not to exceed password lockout (the number of times you can guess a wrong password before the system shuts down and won’t let you try any more) Password Attacks - Process
• Dictionary Attack – Hacker tries all words in dictionary to crack password – 70% of the people use dictionary words as passwords • Brute Force Attack – Try all permutations of the letters & symbols in the alphabet • Hybrid Attack – Words from dictionary and their variations used in attack • Social Engineering – People write passwords in different places – People disclose passwords naively to others • Shoulder Surfing – Hackers slyly watch over peoples shoulders to steal passwords • Dumpster Diving – People dump their trash papers in garbage which may contain information to crack passwords Password Attacks - Types
• Computer Security is a continuous battle – As computer security gets tighter hackers are getting smarter • Very high stakes Conclusions

More Related Content

PPTX
Ethical Hacking justvamshi .pptx
vamshimatangi
 
PPTX
01-Induction cyber security and etical hacking
ArjitNishad
 
PPTX
Introduction to Pre-Cybersecurity.pptx
youfanlimboo
 
PPTX
Introduction to ethical hacking
HassanAhmedShaikh1
 
PDF
What is ethical hacking and complete cyber security presentation on this file
AyushSrivastava673855
 
PPTX
Ethical Hacking
Aditya Vikram Singhania
 
PPTX
Ethicak hacking
Kshitij Rokde
 
PPT
Ethical Hacking
aashish2cool4u
 
Ethical Hacking justvamshi .pptx
vamshimatangi
 
01-Induction cyber security and etical hacking
ArjitNishad
 
Introduction to Pre-Cybersecurity.pptx
youfanlimboo
 
Introduction to ethical hacking
HassanAhmedShaikh1
 
What is ethical hacking and complete cyber security presentation on this file
AyushSrivastava673855
 
Ethical Hacking
Aditya Vikram Singhania
 
Ethicak hacking
Kshitij Rokde
 
Ethical Hacking
aashish2cool4u
 

Similar to 1.hacking and its types for all types of attackers.ppt (20)

PPTX
Ethical Hacking
Nitheesh Adithyan
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
PPT
unit 2. cyber offences_how criminals plan them.ppt
Dimple Relekar
 
PPTX
Ethical Hacking
Tharindu Kalubowila
 
PPT
Ethical Hacking
Keith Brooks
 
PDF
IRJET- An Overview of Ethical Hacking
IRJET Journal
 
PDF
Lec_11_Introduction to Cyber Security.pdf
MohammedAdel426426
 
PPTX
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
PDF
Ethical Hacking
Syed Irshad Ali
 
PPTX
ethical hacking
samprada123
 
PDF
Introduction to Ethical Hacking pdf file
debmajumder741249
 
PPT
Ethical Hacking
shahhardik27
 
PPT
Ethical hacking
shahhardik27
 
PPTX
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
PPT
Introduction To Ethical Hacking
chakrekevin
 
DOCX
Hacking
gvsai501
 
DOCX
Hacking
gvsai501
 
PDF
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
PDF
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
PPTX
Parag presentation on ethical hacking
parag101
 
Ethical Hacking
Nitheesh Adithyan
 
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
unit 2. cyber offences_how criminals plan them.ppt
Dimple Relekar
 
Ethical Hacking
Tharindu Kalubowila
 
Ethical Hacking
Keith Brooks
 
IRJET- An Overview of Ethical Hacking
IRJET Journal
 
Lec_11_Introduction to Cyber Security.pdf
MohammedAdel426426
 
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
Ethical Hacking
Syed Irshad Ali
 
ethical hacking
samprada123
 
Introduction to Ethical Hacking pdf file
debmajumder741249
 
Ethical Hacking
shahhardik27
 
Ethical hacking
shahhardik27
 
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
Introduction To Ethical Hacking
chakrekevin
 
Hacking
gvsai501
 
Hacking
gvsai501
 
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
Parag presentation on ethical hacking
parag101
 

More from RohitAhuja58 (11)

PPTX
Industrial Internet of Things and its APPLICATIONS.pptx
RohitAhuja58
 
PPT
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
RohitAhuja58
 
PPTX
Cybersecurity and its Application Perspective.pptx
RohitAhuja58
 
PPTX
Social Network with its ImplicationsPresentation.pptx
RohitAhuja58
 
PPTX
packet sniffing with Wireshark and its implementation.pptx
RohitAhuja58
 
PPTX
Diffie Hellman Key Exchange protocol.pptx
RohitAhuja58
 
PPTX
system hacking and its usages with its Application.pptx
RohitAhuja58
 
PPT
Types of NETWORK RECONNAISSANCE with its Cases.ppt
RohitAhuja58
 
PPTX
2. Footprinting and scanning and its sequence.pptx
RohitAhuja58
 
PPTX
Internet -of- things and its applications.pptx
RohitAhuja58
 
PPTX
Blockchain AND ITS APPLICATIONS FOR FINANCE.pptx
RohitAhuja58
 
Industrial Internet of Things and its APPLICATIONS.pptx
RohitAhuja58
 
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
RohitAhuja58
 
Cybersecurity and its Application Perspective.pptx
RohitAhuja58
 
Social Network with its ImplicationsPresentation.pptx
RohitAhuja58
 
packet sniffing with Wireshark and its implementation.pptx
RohitAhuja58
 
Diffie Hellman Key Exchange protocol.pptx
RohitAhuja58
 
system hacking and its usages with its Application.pptx
RohitAhuja58
 
Types of NETWORK RECONNAISSANCE with its Cases.ppt
RohitAhuja58
 
2. Footprinting and scanning and its sequence.pptx
RohitAhuja58
 
Internet -of- things and its applications.pptx
RohitAhuja58
 
Blockchain AND ITS APPLICATIONS FOR FINANCE.pptx
RohitAhuja58
 

Recently uploaded (20)

PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Pre independence Education in Inndia.pdf
goofy5603
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Institutional Correction lecture only . . .
limvtheghins
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
master seminar digital applications in india
ananyaray35
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 

1.hacking and its types for all types of attackers.ppt

  • 1. Introduction to Ethical Hacking Dr. Rajkumar Tekchandani
  • 2. Hacking • Hacking is the process of identifying and exploiting weakness in a system or a network to gain unauthorized access to data and system resources. It can also be defined as an unauthorized intrusion into the information systems/networks by an attacker by compromising the security. Example of Hacking: Exploiting the weakness of default password to gain access to the data stored inside the system. • What is Ethical Hacking? • Ethical Hacking sometimes called as Penetration Testing is an act of intruding/penetrating into system or networks to find out threats, vulnerabilities in those systems which a malicious attacker may find and exploit causing loss of data, financial loss or other major damages. The purpose of ethical hacking is to improve the security of the network or systems by fixing the vulnerabilities found during testing. Ethical hackers may use the same methods and tools used by the malicious hackers but with the permission of the authorized person for the purpose of improving the security and defending the systems from attacks by malicious users. • Ethical hackers are expected to report all the vulnerabilities and weakness found during the process to the management.
  • 4. Important characteristics of Information • Information is meaningful data which has to be protected in order to protect the privacy, security, identity of an organization or a person or a nation. An information is called valuable because of few characteristics. The main characteristics which make an information valuable are • 1. Confidentiality Confidentiality ensures that an Information is accessible to only an authorized user. The main pupose of confidentiality is to protect the sensitive information from reaching the wrong hands.It is used to maintain the privacy of the people. Encryption is a good example of confidentiality. • 2. Availability Information should be available to an authorised person when it is requested for. It is the guarantee of access to the authorised individual to information. Keeping all the hardware and software up to date and keeping back up, taking proper recovery measures will ensure availability of data. • 3. Integrity Integrity maintains the correctness or accuracy of the information while the data is in transit, storage or processing. It is the guarantee that information is trust worthy and not tampered. This attribute ensures that an unauthorised person will not be able to modify the data. RSA digital signature, SHA1 hash codes are good examples. • 4. Authentication It is verifying whether the user, data, transactions involved is genuine. This attribute ensures that only genuine or right people are given access to the information. Login mechanisms can be used to verify the authenticity of users • 5. Non-Repuditiation This is a property of information which is used to holds a person responsible for the information he sent or received. In future, he cannot deny his role in sending or receiving the information.
  • 5. Security, Functionality and Usability Triangle • Security, Functionality and Usability Triangle • There is an inter dependency between these three attributes. When security goes up, usability and functionality come down. Any organization should balance between these three qualities to arrive at a balanced information system.
  • 7. Reconnaissance: This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. This is the preparatory phase where we collect as much information as possible about the target. We usually collect information about three groups, Network Host People involved There are two types of Footprinting: Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan the target (Scanning tools) Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc.
  • 8. Scanning: Three types of scanning are involved: Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host. (Nmap, hping) Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools (Wireshark) Network Mapping: Finding the topology of network(star/ bus), routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the haking process.
  • 9. Gaining Access https://securitytrails.com/blog/top-15- ethical-hacking-tools-used-by-infosec-professionals This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data. 15 Ethical Hacking Tools You Can’t Miss 1. John the Ripper 2. Metasploit 3. Nmap 4. Wireshark 5. OpenVAS 6. IronWASP 7. Nikto 8. SQLMap 9. SQLNinja 10. Wapiti 11. Maltego 12. AirCrack-ng 13. Reaver 14. Ettercap 15. Canvas
  • 10. Maintaining Access: Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that targe
  • 11. Clearing Track: No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created.
  • 12. • Because they can – A large fraction of hacker attacks have been pranks • Financial Gain • Espionage • Venting anger at a company or organization • Terrorism Why do Hackers Attack?
  • 13. • Active Attacks – Denial of Service – Breaking into a site • Intelligence Gathering • Resource Usage • Deception • Passive Attacks – Sniffing • Passwords • Network Traffic • Sensitive Information – Information Gathering Types of Hacker Attack
  • 14. • Over the Internet • Over LAN • Locally • Offline • Theft • Deception Modes of Hacker Attack
  • 15. Definition: An attacker alters his identity so that some one thinks he is some one else – Email, User ID, IP Address, … – Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: 1. IP Spoofing: 2. Email Spoofing 3. Web Spoofing Spoofing
  • 16. Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 • Attacker changes his own IP address to spoofed address • Attacker can send messages to a machine masquerading as spoofed machine • Attacker can not receive messages from that machine
  • 17. Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies IP Spoofing – Source Routing Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 • The path a packet may change can vary over time • To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network Attacker intercepts packets as they go to 10.10.20.30
  • 18. Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: 1. Create an account with similar email address – Sanjaygoel@yahoo.com: A message from this account can perplex the students 2. Modify a mail client – Attacker can put in any return address he wants to in the mail he sends 3. Telnet to port 25 – Most mail servers use port 25 for SMTP. Attacker logs on to this port and composes a message for the user. Email Spoofing
  • 19. • Basic – Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com • Man-in-the-Middle Attack – Attacker acts as a proxy between the web server and the client – Attacker has to compromise the router or a node through which the relevant traffic flows • URL Rewriting – Attacker redirects web traffic to another site that is controlled by the attacker – Attacker writes his own web site address before the legitimate link • Tracking State – When a user logs on to a site a persistent authentication is maintained – This authentication can be stolen for masquerading as the user Web Spoofing
  • 20. • Web Site maintains authentication so that the user does not have to authenticate repeatedly • Three types of tracking methods are used: 1. Cookies: Line of text with ID on the users cookie file – Attacker can read the ID from users cookie file 2. URL Session Tracking: An id is appended to all the links in the website web pages. – Attacker can guess or read this id and masquerade as user 3. Hidden Form Elements – ID is hidden in form elements which are not visible to user – Hacker can modify these to masquerade as another user Web Spoofing – Tracking State
  • 21. Definition: Process of taking over an existing active session Modus Operandi: 1. User makes a connection to the server by authenticating using his user ID and password. 2. After the users authenticate, they have access to the server as long as the session lasts. 3. Hacker takes the user offline by denial of service 4. Hacker gains access to the user by impersonating the user Session Hijacking
  • 22. • Attacker can – monitor the session – periodically inject commands into session – launch passive and active attacks from the session Session Hijacking Bob telnets to Server Bob authenticates to Server Bob Attacker Server Die! Hi! I am Bob
  • 23. • Attackers exploit sequence numbers to hijack sessions • Sequence numbers are 32-bit counters used to: – tell receiving machines the correct order of packets – Tell sender which packets are received and which are lost • Receiver and Sender have their own sequence numbers • When two parties communicate the following are needed: – IP addresses – Port Numbers – Sequence Number • IP addresses and port numbers are easily available so once the attacker gets the server to accept his guesses sequence number he can hijack the session. Session Hijacking – How Does it Work?
  • 24. Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: 1. Crashing the system or network – Send the victim data or packets which will cause system to crash or reboot. 2. Exhausting the resources by flooding the system or network with information – Since all resources are exhausted others are denied access to the resources 3. Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks Denial of Service (DOS) Attack
  • 25. Types: 1. Ping of Death 2. SSPing 3. Land 4. Smurf 5. SYN Flood 6. CPU Hog 7. Win Nuke 8. RPC Locator 9. Jolt2 10. Bubonic 11. Microsoft Incomplete TCP/IP Packet Vulnerability 12. HP Openview Node Manager SNMP DOS Vulneability 13. Netscreen Firewall DOS Vulnerability 14. Checkpoint Firewall DOS Vulnerability Denial of Service (DOS) Attack
  • 26. • This attack takes advantage of the way in which information is stored by computer programs • An attacker tries to store more information on the stack than the size of the buffer How does it work? Buffer Overflow Attacks • Buffer 2 Local Variable 2 Buffer 1 Local Variable 1 Return Pointer Function Call Arguments • Fill Direction Bottom of Memory Top of Memory Normal Stack • Buffer 2 Local Variable 2 Machine Code: execve(/bin/sh) New Pointer to Exec Code Function Call Arguments • Fill Direction Bottom of Memory Top of Memory Smashed Stack Return Pointer Overwritten Buffer 1 Space Overwritten
  • 27. • Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack • Simple weaknesses can be exploited – If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters • Can be used for espionage, denial of service or compromising the integrity of the data Examples – NetMeeting Buffer Overflow – Outlook Buffer Overflow – AOL Instant Messenger Buffer Overflow – SQL Server 2000 Extended Stored Procedure Buffer Overflow Buffer Overflow Attacks
  • 28. • A hacker can exploit a weak passwords & uncontrolled network modems easily • Steps – Hacker gets the phone number of a company – Hacker runs war dialer program • If original number is 555-5532 he runs all numbers in the 555- 55xx range • When modem answers he records the phone number of modem – Hacker now needs a user id and password to enter company network • Companies often have default accounts e.g. temp, anonymous with no password • Often the root account uses company name as the password • For strong passwords password cracking techniques exist Password Attacks
  • 29. • Password hashed and stored – Salt added to randomize password & stored on system • Password attacks launched to crack encrypted password Password Security Hash Function Hashed Password Salt Compare Password Client Password Server Stored Password Hashed Password Allow/Deny Access
  • 30. • Find a valid user ID • Create a list of possible passwords • Rank the passwords from high probability to low • Type in each password • If the system allows you in – success ! • If not, try again, being careful not to exceed password lockout (the number of times you can guess a wrong password before the system shuts down and won’t let you try any more) Password Attacks - Process
  • 31. • Dictionary Attack – Hacker tries all words in dictionary to crack password – 70% of the people use dictionary words as passwords • Brute Force Attack – Try all permutations of the letters & symbols in the alphabet • Hybrid Attack – Words from dictionary and their variations used in attack • Social Engineering – People write passwords in different places – People disclose passwords naively to others • Shoulder Surfing – Hackers slyly watch over peoples shoulders to steal passwords • Dumpster Diving – People dump their trash papers in garbage which may contain information to crack passwords Password Attacks - Types
  • 32. • Computer Security is a continuous battle – As computer security gets tighter hackers are getting smarter • Very high stakes Conclusions