Ethical Hacking from ieee dtu students

7/27/2019 Ethical Hacking from ieee dtu students

1/35


2/35

What is Ethical Hacking

Who is hacker?

History of hacking

Types of hackingWhy Ethical Hacking

Hacking accidents

Why do hackers hack?

What hackers do after hacking?

What do hackers know?


3/35

How can kid hack?

Why cant Korean kid hack?

How can be a real hacker?

Why cant defend against hackers?

How can protect the system?

What should do after hacked?

How to translate the hackers language

Ethical Hacking - ProcessReporting

Ethical Hacking Commandments


4/35

so Called Attack & Penetration Testing,

ite-hat hacking, Red teaming

HackingProcess of breaking into systems for:Personal or Commercial Gains

Malicious Intent Causing sever damage to

Information &

AssetsEthicalConforming to accepted professional standards of

conductBlack-hat Bad

guys

White-hat - GoodGuys


5/35

It is Legal

Permission is obtained from the target

Part of an overall security program

Identify vulnerabilities visible from Internet at particular pointof time

Ethical hackers possesses same skills, mindset and tools of ahacker but the attacks are done in a non-destructive manner


6/35

HackCut with repeated irregular blowsExamine something very minutely

HackerThe person who hacks

CrackerSystem intruder/destroyer

Hacker means cracker nowadaysMeaning has been changed


7/35

Telephone hackingUse telephone freelyIts called phreaking

Computer virus

Destroy many computersNetwork hacking

Hack the important server remotely anddestroy/modify/disclose the information


8/35

Normal

data transfer

Interruption Interception

Modification Fabrication


9/35

Viruses, TrojanHorses,

and Worms

SocialEngineering

Automated

Attacks

AccidentalBreaches in

Security Denial ofService (DoS)

Organizational

Attacks

Restricted

Data

Protection from possible External Attacks


10/35

Internet WormRobert T. Morris made an internet worm. It spread through

the internet and crashed about 6000 systems.

Cuckoos EggClifford Stoll caught the hackers who are the German

hackers applied by KGB

IP Spoof

Kevin Mitnick was caught by Tsutomu Shimomura whowas security expert. Kevin Mitnick uses the IP Spoof attack

in this accident


11/35

Just for fun

Show off

Hack other systems secretly

Notify many people their thoughtSteal important information

Destroy enemys computer network during the war


12/35

Patch security holeThe other hackers cant intrude

Clear logs and hide themselves

Install rootkit ( backdoor )The hacker who hacked the system can use the system laterIt contains trojan ls, ps, and so on


13/35

Install irc related programidentd, irc, bitchx, eggdrop, bnc

Install scanner programmscan, sscan, nmap

Install exploit program

Install denial of service program

Use all of installed programs silently


14/35

Dont know how to use vi

Dont know what unix is

Dont know what they do

Know how to intrude the systemKnow how to crash the system

Know where the hacking programs are


15/35

Kid has much of timeKid can search for longer time than other people

All hacking program is easy to use

Kid doesnt have to know how the hacking programworks

These kids are called script kiddies


16/35

Almost all Korean kids dont know English well

Almost all hacking program manuals are written inEnglishHowever, many hacking program manuals are being

translated


17/35

Study C/C++/assembly language

Study computer architecture

Study operating system

Study computer networkExamine the hacking tools for a month

Think the problem of the computer


18/35

There are many unknown security hole

Hackers need to know only one security hole to hack thesystem

Admin need to know all security holes to defend thesystem


19/35

Patch security hole oftenEncrypt important data

Ex) pgp, ssh

Do not run unused daemon

Remove unused setuid/setgid programSetup loghost

Backup the system oftenSetup firewallSetup IDS

Ex) snort


20/35


21/35

1 -> i or l

3 -> e

4 -> a

7 -> t9 -> g

0 -> o

$ -> s

| -> i or l

|\| -> n

|\/| -> m

s -> z

z -> sf -> ph

ph -> f

x -> ck

ck -> x


22/35

Ex)1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d

1n

I did not hack this page, it was like this when I hacked in


23/35

1. Preparation

2. Footprinting

3. Enumeration & Fingerprinting

4.Identification of Vulnerabilities

5. Attack Exploit the Vulnerabilities


24/35

Identification of Targets company websites, mail servers,extranets, etc.

Signing of Contract Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing


25/35

Collecting as much information about the target

DNS Servers

IP Ranges

Administrative Contacts

Problems revealed by administrators

Information Sources

Search engines

Forums

Databases whois, ripe, arin, apnic

Tools PING, whois, Traceroute, DIG, nslookup, sam spade


26/35

Specific targets determined Identification of Services / open ports

Operating System Enumeration

Methods

Banner grabbing

Responses to various protocol (ICMP &TCP) commands

Port / Service Scans TCP Connect, TCP SYN, TCP FIN, etc.

Tools

Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMPScanner


27/35

Vulnerabilities

Insecure Configuration

Weak passwords

Unpatched vulnerabilities in services, Operating systems,applications

Possible Vulnerabilities in Services, Operating Systems

Insecure programming

Weak Access Control


28/35

Methods

Unpatched / Possible Vulnerabilities Tools, Vulnerabilityinformation Websites

Weak Passwords Default Passwords, Brute force, Social

Engineering, Listening to TrafficInsecure Programming SQL Injection, Listening to Traffic

Weak Access Control Using the Application Logic, SQLInjection


29/35

ToolsVulnerability Scanners - Nessus, ISS, SARA, SAINT

Listening to Traffic Ethercap, tcpdump

Password Crackers John the ripper, LC4, Pwdump

Intercepting Web Traffic Achilles, Whisker, Legion


30/35

Obtain as much information (trophies) from the Target AssetGaining Normal Access

Escalation of privileges

Obtaining access to other connected systems

Last Ditch Effort Denial of Service


31/35

Network Infrastructure Attacks

Connecting to the network through modem

Weaknesses in TCP / IP, NetBIOS

Flooding the network to cause DOS

Operating System Attacks

Attacking Authentication Systems

Exploiting Protocol Implementations

Exploiting Insecure configuration

Breaking File-System Security


32/35

Application Specific Attacks

Exploiting implementations of HTTP, SMTP protocols

Gaining access to application Databases

SQL Injection

Spamming


33/35

Exploits Free exploits from Hacker Websites

Customised free exploits

Internally Developed

Tools Nessus, Metasploit Framework,


34/35

MethodologyExploited Conditions & Vulnerabilities that could not be

exploited

Proof for Exploits - Trophies

Practical Security solutions


35/35

Working Ethically Trustworthiness Misuse for personal gain

Respecting Privacy

Not Crashing the Systems

Documents

Ethical Hacking from ieee dtu students