Вы находитесь на странице: 1из 51

Ethical Hacking

Aashish Sharma
CS Final Year
 Hacker : any programming specialist who
has expertise to enter computer network
 Cracker : some one who destructs things.
 Hacking : act of illegally entering a
computer system, and making unauthorized
changes to the files and data contain within.
What is Ethical Hacking?
♦ Ethical hacking – defined “methodology adopted by ethical
hackers to discover the vulnerabilities existing in information
systems’ operating environments.”
♦ With the growth of the Internet, computer security has
become a major concern for businesses and governments.
♦ In their search for a way to approach the problem,
organizations came to realize that one of the best ways to
evaluate the intruder threat to their interests would be to have
independent computer security professionals attempt to break
into their computer systems.
Ethical Hacking
♦ Independent computer security
Professionals breaking into the
computer systems.
♦ Neither damage the target
systems nor steal information.
♦ Evaluate target systems security
and report back to owners about
the vulnerabilities found.
Ethical Hackers but not Criminal
♦ Completely trustworthy.
♦ Strong programming and computer
networking skills.
♦ Learn about the system and trying to
find its weaknesses.
♦ Techniques of Criminal hackers-
♦ Published research papers or released
security software.
♦ No Ex-hackers.
June 01, 2004 to Dec.31, 2004
January - 2005
Domains No of Defacements

.com 922
.gov.in 24
.org 53
.net 39
.biz 12
.co.in 48
.ac.in 13
.info 3
.nic.in 2
.edu 2
other 13
Total 1131

Defacement Statistics for Indian Websites

Source: CERT-India
Graph upto fiscal year 2003

Total Number of Hacking Incidents Source: CERT/CC

Types of hacking
data transfer

Interruption Interception

Modification Fabrication
Why do hackers hack?
♦ Just for fun
♦ Show off
♦ Hack other systems secretly
♦ Notify many people their thought
♦ Steal important information
♦ Destroy enemy’s computer network during
the war
What do hackers do after
♦ Patch security hole
– The other hackers can’t intrude
♦ Clear logs and hide themselves
♦ Install rootkit ( backdoor )
– The hacker who hacked the system can use the
system later
– It contains trojan ls, ps, and so on
Being Prepared
♦ What can an intruder see on the target systems?
♦ What can an intruder do with that information?
♦ Does anyone at the target notice the intruder's attempts
or successes?

1. What are you trying to protect?

2. Who are you trying to protect against?
3. How much time, effort, and money are you willing to
expend to obtain adequate protection?
Modes of Ethical Hacking

♦ Insider attack
♦ Outsider attack
♦ Stolen equipment attack
♦ Physical entry
♦ Bypassed authentication attack (wireless
access points)
♦ Social engineering attack
Anatomy of an attack:
– Reconnaissance – attacker gathers
information; can include social engineering.
– Scanning – searches for open ports (port
scan) probes target for vulnerabilities.
– Gaining access – attacker exploits
vulnerabilities to get inside system; used for
spoofing IP.
– Maintaining access – creates backdoor
through use of Trojans; once attacker gains
access makes sure he/she can get back in.
– Covering tracks – deletes files, hides files,
and erases log files. So that attacker cannot
be detected or penalized.

Black Hats White Hats Gray Hats

Black Hats:
→Hacker specialized in unauthorized, illegal
→Use computers to attack systems for profit, for
revenge, or for political motivations
White Hats:
→ Hacker who identifies security weakness in a
computer system or network and
→ Exposes these weakness that will allow the system's
owners to fix the breach.
Grey Hats:
→ Hybrid between White Hats and Black Hats. 16
Script Kiddies:
→ Use scripts or programs developed by others to
attack computer systems and networks.
→ Objective - To impress their friends or gain credit in
computer-enthusiast communities.

Hactivism :
→ The non-violent use of illegal or legally ambiguous
digital tools in pursuit of political ends.
→Writing of code to promote political ideology -
promoting expressive politics, free speech, human
rights. 17
Classes of Attack
1. Authentication
2. Client-Side Attacks
3. Command Execution
4. Information Disclosure


Covers attacks that target a web site's method of

validating the identity of a user, service or application.

 Attack Types :
1. Brute Force
2. Weak Password Recovery Validation

Client-Side Attacks

 Focuses on the abuse or exploitation of a web site's


Attack Examples :
1. Content Spoofing
2. Cross-Site Scripting

Command Execution

Covers attacks designed to execute remote

commands on the web site

Attack Examples :
1. OS Commanding
2. SQL Injection

SQL Injection
♦ Allows a remote attacker to
execute arbitrary database
♦ Relies on poorly formed database queries and
input validation
♦ Often facilitated, but does not rely on unhandled
exceptions and ODBC error messages
♦ Impact: MASSIVE. This is one of the most dangerous
vulnerabilities on the web.
Information Disclosure
Covers attacks designed to acquire system specific
information about a web site like backup / temporary
files, softwares used etc..

Attack Examples :
1. Path Traversal
2. Predictable Resource Location

Definition :-

 Google hacking is a term

that refers to the art of
creating complex search
engine queries in order to
filter through large amounts
of search results for
information related to
computer security.

Google Hacking Queries
Inurl :
inurl:passwd filetype:txt
Index of :
"Index of /secret "
"Index of /credit-card "
Intitle :
?intitle:index.of?MP3 Songname
?intitle:index.of?ebook BookName
♦ Viruses - A virus is a small piece of software that
piggybacks on real programs. For example, a virus
might attach itself to a program such as a spreadsheet
program. Each time the spreadsheet program runs,
the virus runs, too, and it has the chance to reproduce
(by attaching to other programs) or wreak havoc.

♦ E-mail viruses - An e-mail virus moves around in e-

mail messages, and usually replicates itself by
automatically mailing itself to dozens of people in
the victim's e-mail address book.
♦ Worms - A worm is a small piece of software that uses
computer networks and security holes to replicate itself.
A copy of the worm scans the network for another
machine that has a specific security hole. It copies itself
to the new machine using the security hole, and then
starts replicating from there, as well. Code Red is an
example of a nasty worm.

♦ Trojan horses - A Trojan horse is simply a computer

program. The program claims to do one thing (it may
claim to be a game) but instead does damage when you
run it (it may erase your hard disk). Trojan horses have
no way to replicate automatically.

♦ A destructive program that masquerades as a benign

application. Unlike viruses, Trojan horses do not replicate
themselves but they can be just as destructive. One of the
most insidious types of Trojan horse is a program that claims
to rid your computer of viruses but instead introduces viruses
onto your computer.

♦ The term comes from a story in Homer's Iliad, in which the

Greeks give a giant wooden horse to their foes, the Trojans,
ostensibly as a peace offering. But after the Trojans drag the
horse inside their city walls, Greek soldiers sneak out of the
horse's hollow belly and open the city gates, allowing their
compatriots to pour in and capture Troy.
Hell Raising:

♦ Denial of Service attacks (DoS) are a type of

attack on a network that is designed to bring the
network to its knees by flooding it with useless
traffic. Two types of DoS are called a Zombie and
Pulsing Zombie.
IP Spoofing is a technique used to gain
unauthorized access to computers, whereby the
intruder sends messages to a computer with an IP
address indicating that the message is coming
from a trusted host.
Port Scanning is the act of systematically scanning a
computer's ports. Since a port is a place where
information goes into and out of a computer, port
scanning identifies open doors to a computer. Port
scanning has legitimate uses in managing
networks, but port scanning also can be malicious
in nature if someone is looking for a weakened
access point to break into your computer.
Wireless Security
♦ Insertion Attacks
Unauthorized devices on the wireless network. This
can be clients or base stations.
♦ Interception and monitoring wireless traffic
Wireless Sniffer , Hijacking the session, Broadcast
Monitoring, ArpSpoof Monitoring and Hijacking,
BaseStation Clone (Evil Twin) intercept traffic
♦ Client to Client Attacks
Two wireless clients can talk directly to each other
by-passing the base station. Because of this, each
client must protect itself from other clients.
Wireless (continued)
♦ Jamming
Denial of service attacks for wired networks are popular. This
same principle can be applied to wireless traffic, where
legitimate traffic gets jammed because illegitimate traffic
overwhelms the frequencies, and legitimate traffic can not get

♦ 2.4 GHz Interfering Technology

An attacker with the proper equipment and tools can easily
flood the 2.4 GHz frequency, so that the signal to noise drops
so low, that the wireless network ceases to function. This can
be a risk with even non-malicious intent as more technologies
use the same frequencies and cause blocking. Cordless
phones, baby monitors, and other devices like Bluetooth that
operate on the 2.4 GHz frequency can disrupt a wireless
War Chalking:
Using chalk to place a special symbol on a
sidewalk or other surface that indicates a
nearby wireless network, especially one that
offers Internet access.
Based on old hobo
language -----
Hacking Tools: Web Based
Password Cracking
Cain and Abel
Cain and Abel (Cont.)
CERT - The Experts

Established in 1988, the CERT®

Coordination Center (CERT/CC) is a center
of Internet security expertise, located at the
Software Engineering Institute, a federally
funded research and development center
operated by Carnegie Mellon University.
Penalties under IT Act,
♦ S. 66 (2) – Hacking with Computer System
“Whoever commits hacking shall be
punished with imprisonment up to
three years or with fine which may
extend upto two lakh rupees, or both.”

Amarjit & Associates, New Delhi

Penalties under IT Act,
♦ S. 72 – Penalty for Breach of Confidentiality and privacy

“If any person who, in pursuance of any powers

conferred under this Act, Rules or Regulations
made thereunder, has secured access to any
electronic record, book register, correspondence,
information, document or other material without
the consent of the person concerned discloses such
electronic record, book, register, correspondence,
information, document, or other material to any
other person shall be punished with imprisonment
for a term which may extend to two years, or with
fine which may extend to one lakh rupees, or with
Penalties under Indian Penal
♦ S. 379 – Punishment for Theft

“ Whoever commits theft shall

be punished with imprisonment of
either description for a term which
may extend to three years, or with
fine, or with both.”
Penalties under Indian Penal
♦ S. 406 – Punishment for criminal
breach of trust.

“Whoever commits criminal breach of

trust shall be punished with
imprisonment of either description for
a term which may extend to three
years, or with fine, or with both.”
Penalties under Indian Penal
♦ S. 447 – Punishment for criminal trespass

“Whoever commits criminal trespass shall be

punished with imprisonment of either
description for a term which may extend to
three months, or with fine which may extend
to five hundred rupees, or with both.”