Embed Size (px)
Citation preview
Ethical HackingEthical Hacking
SUBMITTED BY:SUBMITTED BY:RICHA CHADHARICHA CHADHA
ROLL NO 4ROLL NO 4MBA GEN(PREV)MBA GEN(PREV)
SUBMITTED TO:SUBMITTED TO:
Dr S.L.GUPTADr S.L.GUPTA
Prof USM(KUK)Prof USM(KUK)
Mrs. REETAMrs. REETA
HISTORY OF HACKINGHISTORY OF HACKING
Since the 1980's, the Internet has Since the 1980's, the Internet has vastly grown in popularity and vastly grown in popularity and computer security has become a computer security has become a major concern for businesses and major concern for businesses and governments governments
In a search for ways to reduce the fear and worry of being hacked, organizations have come to the realization that an effective way to evaluate security threats is to have independent security exerts attempt to hack into their computer systems.
With the growth of computing and networking in the early 1990's, computer and network vulnerability studies began to appear outside of the military organization.
WHAT IS ETHICAL HACKING?WHAT IS ETHICAL HACKING?
DefinitionDefinition
Ethical hacking refers to the act of locating weaknesses Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems by and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. duplicating the intent and actions of malicious hackers.
Ethical hacking is also known as Ethical hacking is also known as penetration testingpenetration testing, , intrusion testingintrusion testing, or , or red teamingred teaming. .
An ethical hacker is a security professional who applies An ethical hacker is a security professional who applies their hacking skills for defensive purposes on behalf of the their hacking skills for defensive purposes on behalf of the owners of information systems .owners of information systems .
WHO ARE ETHICAL WHO ARE ETHICAL HACKERS?HACKERS?
Traditionally, a hacker is someone Traditionally, a hacker is someone who likes to tinker with software or who likes to tinker with software or electronic systems. Hackers enjoy electronic systems. Hackers enjoy
exploring and learning how exploring and learning how computer systems operate. They computer systems operate. They
love discovering new ways to work love discovering new ways to work electronically.electronically.
An An Ethical HackerEthical Hacker, also known as a , also known as a whitehat hackerwhitehat hacker, or simply a , or simply a whitehat, is a security professional , is a security professional who applies their hacking skills for who applies their hacking skills for defensive purposes on behalf of the defensive purposes on behalf of the owners of information systems. owners of information systems.
ETHICAL HACKING ETHICAL HACKING PROCESSPROCESS
FLOW CHART OF ETHICAL HACKING PROCESS FLOW CHART OF ETHICAL HACKING PROCESS
PLANNING
RECONNAISSANCE
ENUMERATION
FINAL ANALYSIS
EXPLOITATION
VULNERABILITY ANALYSIS
DELIVERABLES
INTEGRATION
10 COMMANDMENTS OF ETHICAL 10 COMMANDMENTS OF ETHICAL HACKINGHACKING
1. Thou shalt set thy goals1. Thou shalt set thy goals
2. Thou shalt plan thy work, lest thou go off 2. Thou shalt plan thy work, lest thou go off coursecourse
3. Thou shalt obtain permission3. Thou shalt obtain permission
4. Thou shalt work ethically4. Thou shalt work ethically
5. Thou shalt keep records5. Thou shalt keep records
6. Thou shalt respect the privacy of others6. Thou shalt respect the privacy of others
7. Thou shalt do no harm7. Thou shalt do no harm
8. Thou shalt use a scientific process8. Thou shalt use a scientific process
9 Thou shalt not covet thy neighbour's tools9 Thou shalt not covet thy neighbour's tools
10.Thou shalt report all thy findings10.Thou shalt report all thy findings
REQUIRED SKILLSREQUIRED SKILLS
CERTIFICATIONCERTIFICATION Due to the controversy Due to the controversy
surrounding the profession surrounding the profession of ethical hacking, the of ethical hacking, the International Council of E-International Council of E-Commerce Consultants Commerce Consultants (EC-Council) provides a (EC-Council) provides a professional certification for professional certification for Certified Ethical Hackers (CEH)H)
In order to obtain In order to obtain certification, an ethical certification, an ethical hacker must complete a hacker must complete a coursework consisting of 22 coursework consisting of 22 modules, which range from modules, which range from 30 minutes to 5 hours or 30 minutes to 5 hours or more, depending on the more, depending on the depth of the information depth of the information provided. provided.
PROBLEMS ASSOCIATED WITH PROBLEMS ASSOCIATED WITH ETHICAL HACKINGETHICAL HACKING
ControversyControversy
Ethical Issues Ethical Issues
Legal Liability Legal Liability
Forcing Services and Forcing Services and Information on Information on Organizations and Organizations and Society Society
TYPES OF HACKING AND TYPES OF HACKING AND THEIR COUNTER THEIR COUNTER
MEASURESMEASURES
PASSWORD HACKINGPASSWORD HACKING
NETWORK HACKINGNETWORK HACKING
E-MAIL HACKINGE-MAIL HACKING
WIRELESS HACKINGWIRELESS HACKING
DoS ATTACKSDoS ATTACKS
INPUT VALIDATIONINPUT VALIDATION
PRIVACY ATTACKSPRIVACY ATTACKS
IP SPOOFINGIP SPOOFING
CRYPTOGRAPHYCRYPTOGRAPHY
VIRUSESVIRUSES
PASSWORD HACKINGPASSWORD HACKING
Password cracking is the process of recovering secret passwords Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the system. A common approach is to repeatedly try guesses for the password.password.Most passwords can be cracked by using following techniques : Most passwords can be cracked by using following techniques :
HASHINGHASHING GUESSINGGUESSING DEFAULT PASSWORDSDEFAULT PASSWORDS BRUTE FORCE BRUTE FORCE PHISHINGPHISHING
NETWORK HACKINGNETWORK HACKING
Network Hacking is generally means gathering information Network Hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc.Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port Scaning and Port It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools. Surfing using various tools.
E-MAIL HACKINGE-MAIL HACKING
All email communications on the internet are possible by two All email communications on the internet are possible by two protocols:protocols:1)1) Simple Mail Transfer Protocol (SMTP port-25) Simple Mail Transfer Protocol (SMTP port-25)2)2) Post Office Protocol (POP port-110) Post Office Protocol (POP port-110)
E-Mail hacking consists of various techniques as discussed below.E-Mail hacking consists of various techniques as discussed below.
1) EMail Tracing :-1) EMail Tracing :- Generally, the path taken by an email while Generally, the path taken by an email while travelling from sender to receiver can be explained by following travelling from sender to receiver can be explained by following diagram.diagram.
DoS ATTACKSDoS ATTACKS
A denial of service (DoS) attack is an attack that clogs up so A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's much memory on the target system that it can not serve it's users, or it causes the target system to crash, reboot, or users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:-different kinds of dos attacks as discussed below:-
PING OF DEATHPING OF DEATH
TEARDROP ATTACKTEARDROP ATTACK
LAND ATTACK LAND ATTACK
SMURF ATTACKSMURF ATTACK
VIRUSESVIRUSES
What is a Computer Virus ?What is a Computer Virus ?A potentially damaging computer programme capable of A potentially damaging computer programme capable of reproducing itself causing great harm to files or other programs reproducing itself causing great harm to files or other programs without permission or knowledge of the user. without permission or knowledge of the user. Types of Types of viruses :-viruses :- The different types of viruses are as follows-The different types of viruses are as follows-
BOOT SECTOR VIRUSBOOT SECTOR VIRUS FILE OR PROGRAM FILE OR PROGRAM STEALTH VIRUSESSTEALTH VIRUSES POLYMORPHIC VIRUSESPOLYMORPHIC VIRUSES MACRO VIRUSESMACRO VIRUSES
HACKING TOOLSHACKING TOOLS
PORT SCANNERSPORT SCANNERS
Nmap :-Nmap :- This tool developed by Fyodor is one of the This tool developed by Fyodor is one of the best unix and windows based port scanners. This best unix and windows based port scanners. This advanced port scanner has a number of useful advanced port scanner has a number of useful arguments that gives user a lot of control over the arguments that gives user a lot of control over the process. process.
Superscan :-Superscan :- A Windows-only port scanner, pinger, A Windows-only port scanner, pinger, and resolverand resolverSuperScan is a free Windows-only closed-source SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, variety of additional networking tools such as ping, traceroute, http head, and whois. traceroute, http head, and whois.
OS FINGERPRINTING OS FINGERPRINTING TOOLSTOOLS
Nmap :-Nmap :- This tool developed by Fyodor is one of This tool developed by Fyodor is one of the best unix and windows based active os the best unix and windows based active os fingerprinting tool.fingerprinting tool.
P0f :-P0f :- A passive OS fingerprinting tool. P0f is A passive OS fingerprinting tool. P0f is able to identify the operating system of a target able to identify the operating system of a target host simply by examining captured packets host simply by examining captured packets even when the device in question is behind an even when the device in question is behind an overzealous packet firewall.P0f can detect overzealous packet firewall.P0f can detect firewall presence, NAT use, existence of load firewall presence, NAT use, existence of load balancers, and more!balancers, and more!
PASSWORD CRACKERSPASSWORD CRACKERS Cain and Abel :-Cain and Abel :- The top password recovery tool for The top password recovery tool for
Windows. This Windows-only password recovery tool Windows. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing boxes, uncovering cached passwords and analyzing routing protocols. routing protocols.
John the Ripper :-John the Ripper :- A powerful, flexible, and fast multi- A powerful, flexible, and fast multi-platform password hash cracker. John the Ripper is a fast platform password hash cracker. John the Ripper is a fast password cracker, currently available for many flavors of password cracker, currently available for many flavors of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed Several other hash types are added with contributed patches. patches.
ENCRYPTION TOOLSENCRYPTION TOOLS OpenSSL :-OpenSSL :- The premier SSL/TLS encryption library. The The premier SSL/TLS encryption library. The
OpenSSL Project is a collaborative effort to develop a OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The full-strength general purpose cryptography library. The project is managed by a worldwide community of project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.develop the OpenSSL toolkit and its related documentation.
Tor :-Tor :- An anonymous Internet communication system Tor is An anonymous Internet communication system Tor is a toolset for a wide range of organizations and people that a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and Using Tor can help you anonymize web browsing and publishing, instant messaging, irc, ssh, and other publishing, instant messaging, irc, ssh, and other applications that use the TCP protocol. Tor also provides a applications that use the TCP protocol. Tor also provides a platform on which software developers can build new platform on which software developers can build new applications with built-in anonymity, safety, and privacy applications with built-in anonymity, safety, and privacy features. features.
E-BOOKS FOR ETHICAL E-BOOKS FOR ETHICAL HACKINGHACKING
