Ethical Hacking and Information Secutiry Auto Saved)

8/2/2019 Ethical Hacking and Information Secutiry Auto Saved)

1/32

ETHICAL HACKING AND INFORMATION SECURITY

1


INTRODUCTION

PREHISTORY

1960s: The Dawn of Hacking

Original meaning of the word "hack" started at MIT; meant elegant, witty or inspired way

of doing almost anything; hacks were programming shortcuts\

ELDER DAYS (1970-1979)

1970s: Phone Phreaks and Cap'n Crunch:

One phreak, John Draper (aka "Cap'n Crunch"), discovers a toy whistle inside Cap'n

Crunch cereal gives 2600-hertz signal, and can access AT&T's long-distance switchingsystem.

Draper builds a "blue box" used with whistle allows phreaks to make free

calls.

Steve Wozniak and Steve Jobs, future founders of Apple Computer, make

and sell blue boxes.

THE GOLDEN AGE (1980-1991)

1980: Hacker Message Boards and GroupsHacking groups form; such as Legion of Doom (US), Chaos Computer Club (Germany).

1983: Kids' Games

Movie "War Games" introduces public to hacking.


2/32


2

1.ETHICAL HACKINGAn ethical hacker is a computer and network expert who attacks a security system on behalf of

its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security

system, ethical hackers use the same methods as their less principled counterparts, but report

problems instead of taking advantage of them. Ethical hacking is also known as penetration

testing, intrusion testing and red teaming. An ethical hacker is sometimes called a white hat, a

term that comes from old Western movies, where the "good guy" wore a white hat and the "bad

guy" wore a black hat.

1.1. CYBER ETHICS

Cyber ethics is a code of behavior for using the Internet. Since we are going to view it as the

hackers prospective, we will first dissect what the word hacker stands for?

HACKER:

A person, who delights in having an intimate understanding of the internal workings of a system,

computers and computer networks in particular. It is used to refer to someone skilled in the use

of computer systems, especially if that skill was obtained in an exploratory way. The term is

often misused in a pejorative context, where cracker would be the correct term. And due to that

the term evolved to be applied to individuals, with or without skill, who break into security

systems. Several subgroups of the computer are underground with different attitudes and aims

use different terms to demarcate themselves from each other, or try to exclude some specific

group with which they do not agree. In hackers culture there are many different categories, such

as white hat (ethical hacking), grey hat, black hat and script kiddies. Usually the term cracker

refers to black hat hackers, or, more generally hackers with unlawful intentions.

WHITE HAT HACKER

A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a

person who is ethically opposed to the abuse of computer systems. Realization that the Internet

now represents human voices from around the world has made the defense of its integrity an

important pastime for many. A white hat generally focuses on securing IT systems, whereas a

black hat (the opposite) would like to break into them Terminology. The term white hat hacker is

also often used to describe those who attempt to break into systems or networks in order to helpthe owners of the system by making them aware of security flaws, or to perform some other

altruistic activity. Many such people are employed by computer security companies; these

professionals are sometimes called sneakers. Groups of these people are often called tiger teams.


3/32


3

GREY HAT HACKER

A Grey Hat in the computer security community, refers to a skilled hacker who sometimes acts

legally, sometimes in good will, and sometimes not. They are a hybrid between white and black

hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or

may not occasionally commit crimes during the course of their technological exploits

Disambiguation .One reason a grey hat might consider himself to be grey is to disambiguatefrom the other two extremes: black and white. It might be a little misleading to say that grey hat

hackers do not hack for personal gain.

BLACK HAT HACKER

A black hat is a person who compromises the security of a computer system without permission

from an authorized party, typically with malicious intent. The term white hat is used for a person

who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The

term cracker was coined by Richard Stallman to provide an alternative to using the existing word

hacker for this meaning.[1] The somewhat similar activity of defeating copy prevention devices

in software which may or may not be legal in a country's laws is actually software cracking.

Terminology. Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the

computer and security field and even there, it is considered controversial. Until the 1980s, all

people with a high level of skills at computing were known as "hackers".

PHREAKER

Phreaking is a slang term coined to describe the activity of a culture of people who study,

experiment with, or explore telecommunication systems, such as equipment and systemsconnected to public telephone networks. As telephone networks have become computerized,

phreaking has become closely linked with computer hacking. This is sometimes called the H/P

culture (with H standing for hacking and P standing for phreaking).The term phreak is a

portmanteau of the words phone and freak, and may also refer to the use of various audio

frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for

and by individuals who participate in phreaking. A large percentage of the phone Phreaks were

blind. Because identities were usually masked, an exact percentage cannot be calculated.

SCRIPT KIDDIES

A script kiddie orskiddie,occasionally skid, script bunny, script kitty, script-running juvenile

(SRJ) or similar, is a derogatory term used to describe those who use scripts or programs

developed by others to attack computer systems and networks and deface websites.


4/32


4

HACKTIVISTS

Hacktivism (a portmanteau of hack and activism) is the use of computers and computer

networks as a means of protest to promote political ends. The term was first coined in 1998 by a

member of the Cult of the Dead Cow hacker collective named Omega. If hacking as "illegally

breaking into computers" is assumed, then hacktivism could be defined as "the nonviolent use of

legal and/or illegal digital tools in pursuit of political ends". These tools include web sitedefacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-

ins, typosquatting and virtual sabotage. If hacking as "clever computer usage/programming" is

assumed, then hacktivism could be understood as the writing of code to promote political

ideology: promoting expressive politics, free speech, human rights, and information ethics

through software development. Acts of hacktivism are carried out in the belief that proper use of

code will be able to produce similar results to those produced by regular activism or civil

disobedience.

MALICIOUS HACKER STRATEGIES

As there are steps to develop any software so was Every hackers do follow some predefined rules

or steps to hack into the system. They are

Reconnaissance:- The Basic information gathering about the target

system.

Scanning :- Scanning the target system for open ports and services

running on the open ports etc.

Gaining Access:- Gaining the actual access to the particular system by

exploiting the system.

Maintaining Access:- Keeping the access of the system even after leaving

the system so as not to perform all the steps from the scratch.

Clearing Tracks:- To remove the footprints if any so as to remain

undetected from the victim.

1.2. INFORMATION GATHERING

Information gathering is the initial process as far as hacking and investigation is

concerned. It is the process of profiling any organisation, system, server or an individual usingmethodologies procedure.

Information gathering is used by attacker as well as investigator to get more information bat the

target.


5/32


5

ATTACKERS POINT OF VIEW:

Attacker will first gather initial information like domain name , IPaddress , Network IP range ,

operating system, services, control panel information, vulnerable services etc before attacking

into system.

Footprinting is required to ensure that isolated information repositories that are critical to theattack are not overlooked or left undiscovered. Footprinting merely comprises on aspect of the

entire information gathering process, but is considered one of the most important stages of

mature hack.

Attacker will take 90% of time in information gathering & only 10% of time while attacking &

gathering an access to the system.

INVESTIGATION POINT OF VIEW:

Investigator will gather initial information like traces of criminal on internet, about his name,

occupation , address, contact number about his/her company/organization before taking any legalaction

This will help investigator to profile the criminal & his/her activities properly during

interrogation.

Following are the various methodologies for information gathering.

INFORMATION GATHERING USING SEARCH ENGINES

"One leaves footprints/information everywhere while surfing internet". this is basic principle

for investigators as well as hackers. The only difference is the way they use this information.

Attacker will gather information About the system, operating system, about vulnerable

application running on them & later on exploit it.

Investigator will gather information on how he got an access to system & where he left his/her

footprint behind on the same system & later on traced it.

Search engine are most powerful tool to search about any individual , organisation & system

Following are the list of top 10 search engines :

Yahoo Search : www.search.yahoo.com

MSN Live Search: www.live.com

AOL Search : www.search.aol.in

Ask Search : www.ask.com


6/32


6

Altavista Search : www.altavista.com

Fast Search : www.alltheweb.com

Gigablast : www.gigablast.com

Snap Search: www.snap.com

INFORMATION GATHERING USING RELATIONAL SEARCH

ENGINES

These type search engines gets results from different search engines & make relation or

connections between those results.

Kartoo

Maltego

With the continued growth of your organization, the people and hardware deployed to ensure

that it remains in working order is essential, yet the threat picture of your environment is notalways clear or complete. In fact, most often its not what we know that is harmful - its what we

dont know that causes the most damage. This being stated, how do you develop a clear profile

of what the current deployment of your infrastructure resembles? What are the cutting edge tool

platforms designed to offer the granularity essential to understand the complexity of your

network, both physical and resource based?

Maltego is a unique platform developed to deliver a clear threat picture to the environment that

an organization owns and operates. Maltegos unique advantage is to demonstrate the complexity


7/32


7

and severity of single points of failure as well as trust relationships that exist currently within the

scope of your infrastructure.

Yahoo People Search - www.people.yahoo.com


8/32


8

Intelius:

Whois Lookup:

Querying regional Internet Registries:


9/32


9

Domain tools :

samspade.org:

.In registry


10/32


10

Reverse IP Mapping :

Reverse IP mapping is the method to find number of websites hosted on same server

Here by selecting the Reverse IP link we can get list of websites hosted on "IP Address."

Trace Route:

Traceroute gives useful information regarding number of servers between your computers &

remote computers.

1) USeful for investigation as well as different attacks.

2) Visualroute, Neotrace.

Geowhere:

Find Websites using popular news groups, also finds out mailing lists, news groups & extract

information from 20 search engines.


11/32


11

Email Spiders:

Email spiders are automated softwares which captures email id's using spiders & store them on

the database. Spammers are using email spiders to collect thousand emails for spamming

purposes.

Other Tools:

www.visualroute.visualware.com

www.samspade.org

www.dnsstuff.com


12/32


12

1.3 SCANNING

Many time ago we scanned the different ports making telnet manually. Today people use more

sophisticated programs with massive methods to scan IP ranges searching a lot of ports.

Scanning is the process of finding out open/close ports, vulnerabilities in remote system, sever &

networks, Scanning will reveal IP address, Operating systems, Services running on remotecomputer.

There are three types of Scanning.

PORT SCANNING

Port Scanning is one of the most popular technique attacker use to discover the service they

break into.

1) All machines connected to a LAN or connected to internet via a modem run many services

that listen at well-known and so well-known ports.

2)There are 1 to 65535 ports are available in the computer.

3)By the scanning the attacker finds which ports are available.

PORTS: THE PORT NUMBERS ARE UNIGUE ONLY WITHIN A COMPUTER

SYSTEM

1) Port numbers are 16-bit unsigned numbers

2) The port numbers are divided into three ranges:

*Well Known Ports (0.1023)

*The Registered Ports (102449151)

* The Dynamic and/or Private ports (4915265535)

WELL KNOWN PORTS:

echo 7/tcp Echo

ftp-data 20/udp File Transfer[Default Data]

ftp 21/tcp File Transfer[Control]

ssh 22/tcp SSH Remote Login Protocol


13/32


13

telnet 23/tcp Telnet

domain 53/udp Domain Name Service

www-http 80/tcp WorlWideWeb HTTP.

Smtp 25/tcp Simple mail Transfer protocol

REGISTERED PORTS:

wins 1512/tcp Microsoft Windows Internet Name Service

radius 1812/udp RADIUS authentication protocol

yahoo 5010 Yahoo Messenger

x11 6000-6063/tcpWindow System

TCP PACKET HEADER

SYN-Synchronize-it is used to initiate connection between hosts.

ACK-Acknowlegment- it is used to establish connection between hosts.

PSH-push- Tells receiving system to send all buffer data.

URG-urgent- Stats that data contain in packet should be process immediately.

FIN-Finish- tells remote system that there will be no more transmission.

TTL-Time to Live.


14/32


14

TCPCONNECT()

1.The connect() system call provided by an OS is used to open a connection to every interesting

port on the machine.

2.If the port is listening, connect() will succeed, otherwise the port isn't reachable.

STEALTH SCAN:

1.A stealth scan is a kind of scan that is designed to go undetected by auditing tools.

2.Fragmented Scan: The scanner splits the TCP header into several IP fragments.

3.This bypasses some packet filter firewalls because they cannot see a complete TCP header that

can match their filter rules.

SYN SCAN

1.This technique is called half open scanning because a TCP connection is not completed.

2.A SYN packet is sent to remote system.

3.The target host responds with a SYN+ACK, this indicates the port listening and an RST

indicates a non-listener.


15/32


15

1.4 VIRUS, WORMS, TROJANS AND VIRUS ANALYSIS

SPYWARE

Spyware is a piece of software that gets installed on computer without your consent. It collects

your personal information without you being aware of it. Change how your computer or web

browser is configured and bombard you with online advertisements. Spyware programs are

notorious for being difficult to remove on your own and slow down your PC. A program gets

installed in the background while you are doing something else on Internet. Spyware has fairly

widespread because your cable modem or DSL connection is always connected.

DIFFERENCE BETWEEN VIRUS,WORMS AND TROJANS

Virus is an application that self replicates by injecting its code into other datafiles. Virus spreads and attempts to consume specific targets and are normally executables.

Worm copies itself over network. It is a program that views the infectionpoints another computer rather than as other executables files on an already infected

computer.

Trojan is a program that once executed performs a task other than expected.

MODE OF TRANSMISSION

IRC

ICQ

Email Attachments

Physical Access

Browser & email Software Bugs

Advertisements

NetBIOS

Fake Programs


16/32


16

VIRUS PROPERTIES

Your computer can be infected even if files are just copied.

Can be Polymorphic.

Can be memory or non-memory resident.

Can be a stealth virus

Viruses can carry other viruses.

Can make the system never show outward signs.

Can Stay on the computer even if the computer is formatted.

VIRUS OPERATION PHASE

Most of the viruses operate in two phases.

INFECTION PHASEIn this phase virus developers decide

-When to infect program

-Which programs to infect

Some viruses infect the computer as soon as virus file installed in computer

Some viruses infect computer at specific date,time or particular event.

TSR viruses loaded into memory & later infect the PC's.

ATTACK PHASEIn this phase Virus will

-Delete files.

-Replicate itself to another PC's.

-Corrupt targets only.


17/32


17

VIRUS INDICATIONS

Following are some of the common indications of virus when it infects

system.

Files have strange name than the normal.

File extensions can also be changed.

Program takes longer time to load than normal.

Computer's hard drives constantly runs out of free space.

Victim will not be able to open some programs.

Programs getting corrupted without any reasons.

VIRUS TYPES

Following are some of the common indications of virus when it infects system.

Macro Virus - Spreads & Infects database files.

File Virus - Infects Executables.

Source Code Virus - Affects & Damage source code.

NetworkVirus - Spreads via network elements & protocols.

Boot virus - Infects boot sectors & Records.

Shell virus - Virus code forms shell around target host's genuine program & host

it as subroutine.

Terminate & stay resident virus - Remains permanently in the memory during the

work session even after target host is executed & terminated.


18/32


18

METHOS TO AVOIDE DETECTION

SAME LAST MODIFIES DATE.

-In order to avoid detection by users, some viruses employ different kinds of deception.

-Some old viruses, especially on the MS-DOS platform, make sure that the " last modified" date

of a host file stays the same when the file is infected by the virus.

-This approach sometimes fool anti-virus software.

OVERWRITING UNUSED AREAS OF THE .EXE FILES.

KILLING TASKS OF ANTIVIRUS SOFTWARES.

-Some viruses try to avoid detection by killing the tasks associated with antivirus software before

it can detect them.

AVOIDING BAIT FILES & OTHER UNDESIRABLE HOSTS.

-Bait files(goat files) are files that are specially created but anti-virus software, or by anti-virus

professionals themselves, to be infected by a virus.

-Many anti-virus programs perform an integrity check of their own code.

-Infecting such programs will therefore increase the likelihood that the virus is detected.

-Anti-virus professionals can use bait files to take a sample of a virus.

MAKING STEALTH VIRUS

-Some viruses try to trick anti-virus software by intercepting its requests to the operating system.

-The virus can then return an uninfected version of the file to the anti-virus software, so that it

seems the file is "clean."

SELF MODIFICATION ON EACH INFECTION

-Some viruses try to trick anti-viruses software by modifying themselves on each modifications.

-As file signatures are modified, Antivirus softwares find it difficult to detect.

ENCRYPTION WITH VARIABLE KEY.

-Some viruses use simple methods to encipher the code.

-The virus is encrypted with different encryption keys on each infections.

-The AV cannot scan such files directly using conventional methods.


19/32


19

VIRUS ANALYSIS

IDA PRO TOOL

-It is dissembler & debugger tool.

-Runs both on Linux & Windows.

-Can be used in Source Code Analysis, Vulnerabilities Research & Reverse Engineering.

AUTORUNS

PROCESS EXPLORER


20/32


20

2. WEB APPLICATION HACKING & SECURITY

Application security encompasses measures taken throughout the application's life-cycle to

prevent exceptions in the security policy of an application or the

underlying system (vulnerabilities) through flaws inthe design, development, deployment, upgrade, or maintenance of the application.

Open Web Application Security Project (OWASP) and Web Application Security Consortium

(WASC) updates on the latest threats which impair web based applications. This aids developers,

security testers and architects to focus on better design and mitigation strategy. OWASP Top 10

has become an industrial norm in assessing Web Applications.

2.1. WHY WEB APPLICATION SECURITY?

Application Layer

Attacker sends attacks inside valid HTTP requests. Your custom code is tricker into doing something it should not. Security requires software development expertise, not signatures.

Network Layer

Firewall, hardening, patching, IDS, and SSL cannot detect or stop attacks insideHTTP requests.

Security relies on signature databases.

2.2. SECURITY MISCONCEPTIONS

"The firewall protects my web server and database"

- Access to the server through ports 80 and 443 makes the web server part of your external

perimeter defence.

- Vulnerabilities in the web server software or web applications may allow access to internal

network resources.

"The IDS protects my web server and database"

- The IDS is configured to detect signatures of various well-known attacks.

- Attack signatures do not include those for attacks against custom applications.


21/32


21

"SSL secures my site"

- SSL secures the transport of data between the web server and the user's browser.

- SSL does not protect against attacks against the server and applications.

- SSL is the hackers best friend due to the false sense of security.

The Source of Problem

" Malicious hackers don't create security holes; they simply exploit them. Security holes and

vulnerabilities - the real root cause of the problem - are the result of bad software design and

implementation."

-John Viega & Gary McGraw.

2.3 REASONS FOR ATTACKING WEB APPLICATIONS

* Vulnerability Used


22/32


22

2.4. SECURITY GUIDELINES

-Validate Input and Output.

-Fail Securely(Closed).

-Keep it Simple.

-Use and Reuse trusted Components.

-Defence in Depth.

-Only as Secure as the Weakest Link.

-Security By Obscurity Won't Work.

-Least Privilege

-Compartmentalization (Separation of Privileges)

Validate Input and Output.

All User input and user output should be checked to ensure it is both appropriate

and expected.

Allow only explicitly defined characteristics and drop all other data.

Fail Securely

When it fails, it fails closed.

It should fail to a state that rejects all subsequent security requests.

A good analogy is a firewall fails it should drop all subsequent packets.

Keep it Simple

If a security system is too complex for its user base, it will either not be used or

users will try to find measures to bypass it.

This message applies equally to tasks that an administrator must perform in order

to secure an application.


23/32


23

This message is also intended for security layer API's that application

developers.must use to build the system.

Use and Reuse trusted Components

Using and reusing trusted components makes sense both from a resource stanceand from a security stance.

When someone else has proven they got it, take advantage of it.

Defence in Depth

Relying on one component to perform its function 100%of the time is

unrealistic.

While we hope to build software and hardware that works as planned, predicting

the unexpected is difficult. Good systems don't predict the unexpected, but plan for it.

Only as Secure as the Weakest Link

Careful thought must be given to what one is securing.

Attackers are lazy and will find the weakest point and attempt to exploit it.

Security By Obscurity Won't Work

It's naive to think that hidings things from prying eyes doesn't buy some amount

of time.

This strategy doesn't work in the long term and has no guarantee of working in the

short term.

Least Privilege

Systems should be designed in such a way that they run with the least amount of

system privilege they need to do their job.


24/32


24

Compartmentalization (Separation of Privileges)

Compartmentalizing users, processes and data helps contain problems if they do

occur.

Compartmentalization is an important concept widely adopted in the information

security realm.

WEB APPLICATIONS SECURITY CHECKLIST

3. WIRELESS HACKING & SECURITY

Wireless networking Technology is becoming increasingly popular but at the same time has

introduced many security issues. The popularity in wireless technology is driven by two primary

factors - convenience and cost. A Wireless local area network (WLAN) allows workers to access

digital resources without being locked into their desks. Laptops could be carried into meetings or

even into Starbucks cafe tapping into the wireless network. This convenience has become

affordable.

Wireless LAN standards are defined by the IEEE's 802.11 working group. WLAN's come inthree flavours:

802.11b

Operates in the 2.4000GHz to 2.2835GHz frequency range and can operate at up

to 11 megabits per second.


25/32


25

802.11aOperates in the5.15-5.35GHz frequency range and can operate at up to 54 megabits per

second.

802.11gOperates in the 2.4GHz frequency range (increased bandwidth range) and can

operate at up to 54megabits per second.

When setting up a WLAN, the channel and service set identifier(SSID) must be configured in

addition to traditional network settings such as IP address and a subnet mask.

The channel is a number between 1 and 11 ( 1 and 13 inEUROPE) and designates

the frequency on which the network will operate.

The SSID is an alphanumeric string that differentiates networks operating on the

same channel.

It just essentially a configurable name that identifies an individual network. These

settings are important factors when identifying WLAN's and sniffing traffic.

SSIDs

The SSID is a unique identifier that wireless networking devices use to establish and maintain

wireless connectivity. SSID acts as a single shared password between access points and clients.

Security concerns arise when the default values are not changed as these units can be easily

compromised.

ATTACKERS POINT OF VIEW:

If the target access point responds to a broadcast SSID probe,then he might just be in luck.This is

because most wireless card drivers are configured with an SSID of ANY so that they will be able

to associate with the wireless network .When the SSID is set to ANY the driver sends a probe

request to the broadcast address with a zero-length SSID and info. Though this configuration

makes it easier for the user,as the user does not have to remember the SSID to connect to the

wireless LAN,it makes it much simpler for the attackers to gather SSIDs.Some of the common

default passwords are

3com AirConnect 2.4 GHz DS(newer 11 mbit,Harris/Intersil Prism based)

Default SSID: 'comcomcom'


26/32


26

3Com other Access points

default SSID: '3Com'

Addtron (Model:?)

default SSID:'WLAN'

Cisco Aironet 900 Mhz/2.4 GHz BR10000/e,BR5200/e and BR4800

Default SSID : 'tsunami';'2'

Console Port :No default password

HTTP management :On by default, No default Password

APPLE AIRPORT

Default SSID :'AirPort Network '; ' AirPort Netzwerk'

Baystack 650/660 802.11 DS AP

Default SSID :'Default SSID'

Default admin pass:


27/32


27

Default channel :1

MAC addr : 00:20:d8:XX:XX:XX

Compaq WL -100/200/300/400

Default SSID :'Compaq'

Dlink DL-713 802.11 DS Access Point

Default SSID :'WLAN'

Default Channel :11

Default IP address :DHCP-administered

3.1. WIRELESS STANDARDS

Different methods and standards of wireless communication have developed across the world,

based on various commercially driven requirements. These technologies can roughly be

classified into four individual categories, based on their specific application and transmission

range. These categories are summarized in the figure below.


28/32


28

3.2. WEP & WPA SUMMARY

WEP

Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks.

Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to

provide data confidentiality comparable to that of a traditional wired network. WEP,

recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first

security choice presented to users by router configuration tools.

Although its name implies that it is as secure as a wired connection, WEP has been demonstrated

to have numerous flaws and has been deprecated in favor of newer standards such as WPA2. In

2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected

Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE

declared that both WEP-40 and WEP-104 "have been deprecated as they fail to meet their

security goals".

WPA and WPA2

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security

protocols and security certification programs developed by the Wi-Fi Alliance to secure wirelesscomputer networks. The Alliance defined these in response to serious weaknesses researchers

had found in the previous system, WEP (Wired Equivalent Privacy).

WPA (sometimes referred to as the draft IEEE 802.11i standard) became available around 1999

and was intended as an intermediate measure in anticipation of the availability of the more

secure and complex WPA2. WPA2 became available around 2004 and is a common shorthand

for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.


29/32


29

A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup, allows WPA and WPA2

security to be bypassed and effectively broken in many situations.

HACKING TOOL: Netstumbler:http://netstumbler.org

3.3. CRACKING WEP & WPA & COUNTERMEASURES

What is aircrack ?

aircrack is a set of tools for auditing wireless networks:

airodump: 802.11 packet capture program aireplay: 802.11 packet injection program aircrack: static WEP and WPA-PSK key cracker airdecap: decrypts WEP/WPA capture files

This document has been translated in Spanish (thanks to ShaKarO).

Is there an aircrack discussion forum ?

Sure: http://100h.org/forums/. Also, check out #aircrack on irc.freenode.net

Where to download aircrack ?

The official download location is http://www.cr0.net:8040/code/network/. However, if you can't

access port 8040 for some reason, you may use this mirror instead:http://100h.org/wlan/aircrack/.

Aircrack is included in the Troppix LiveCD, which features { Prism2 / PrismGT / Realtek /

Atheros / Ralink } drivers patched for packet injection, as well as the acx100, ipw2200(Centrino) and zd1211 drivers.

It says "cygwin1.dll not found" when I start aircrack.exe.

You can download this library from: http://100h.org/wlan/aircrack/.

To use aircrack, drag&drop your .cap or .ivs capture file(s) over aircrack.exe. If you want to pass

options to the program you'll have to start a shell (cmd.exe) and manually type the commandline; there is also a GUI for aircrack, developed by hexanium.

Example:

C:\TEMP> aircrack.exe -n 64 -f 8 out1.cap out2.cap ...

See below for a list of options.
http://netstumbler.org/http://netstumbler.org/http://netstumbler.org/http://netstumbler.org/


30/32


31/32


31

4. CONCLUSION :

The word "hacker" carries weight. People strongly disagree as to what a hacker is. Hacking may

be defined as legal or illegal, ethical or unethical. The medias portrayal of hacking has boosted

one version of discourse. The conflict between discourses is important for our understanding of

computer hacking subculture. Also, the outcome of the conflict may prove critical in deciding

whether or not our society and institutions remain in the control of a small elite or we move

towards a radical democracy (a.k.a. socialism). It is my hope that the hackers of the future will

move beyond their limitations (through inclusion of women, a deeper politicization, and more

concern for recruitment and teaching) and become hacktivists. They need to work with non-

technologically based and technology-borrowing social movements (like most modern social

movements who use technology to do their task more easily) in the struggle for global justice.

Otherwise the non-technologically based social movements may face difficulty continuing to

resist as their power base is eroded while that of the new technopower elite is growing and thefictionesque cyberpunk-1984 world may become real.

If you knowthe enemy and know yourself,you need not fear the results of a hundred battles.

HACKING - An ART of EXPLOITING.


32/32


5. REFERENCES:

^http://www.eccouncil.org/cnda.htm ^abhttp://www.eccouncil.org/certification/certified_ethical_hacker.aspx ^https://eccouncil.org/cehv7.aspx ^EC-Council."CEH v7 Exam (312-50)". Retrieved May 3, 2011. ^D'Ottavi, Alberto (2003-02-03)."Interview: Father of the Firewall". Retrieved 2008-

06-06.

^http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600 ^http://www.eccouncil.org/pressroom/Recognition%20of%20EC-

Council%20Certifications.pdf

^http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149

^http://iase.disa.mil/eta/iawip/content_pages/iabaseline.html
http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-0http://www.eccouncil.org/cnda.htmhttp://www.eccouncil.org/cnda.htmhttp://www.eccouncil.org/cnda.htmhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-0http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-0http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-1http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-1http://www.eccouncil.org/certification/certified_ethical_hacker.aspxhttp://www.eccouncil.org/certification/certified_ethical_hacker.aspxhttp://www.eccouncil.org/certification/certified_ethical_hacker.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-2https://eccouncil.org/cehv7.aspxhttps://eccouncil.org/cehv7.aspxhttps://eccouncil.org/cehv7.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-3http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-3https://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspxhttps://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspxhttps://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-4http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-4http://comment.silicon.com/0,39024711,10002714,00.htmhttp://comment.silicon.com/0,39024711,10002714,00.htmhttp://comment.silicon.com/0,39024711,10002714,00.htmhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-5http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-6http://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-7http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-8http://iase.disa.mil/eta/iawip/content_pages/iabaseline.htmlhttp://iase.disa.mil/eta/iawip/content_pages/iabaseline.htmlhttp://iase.disa.mil/eta/iawip/content_pages/iabaseline.htmlhttp://iase.disa.mil/eta/iawip/content_pages/iabaseline.htmlhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-8http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-7http://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdfhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-6http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-5http://comment.silicon.com/0,39024711,10002714,00.htmhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-4https://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-3https://eccouncil.org/cehv7.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-2http://www.eccouncil.org/certification/certified_ethical_hacker.aspxhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-1http://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-cert_1-0http://www.eccouncil.org/cnda.htmhttp://en.wikipedia.org/wiki/Certified_Ethical_Hacker#cite_ref-0

Documents

Ethical Hacking and Information Secutiry Auto Saved)