Introduction To Ethical HackingCLASS PRESENTATION

What is hacking?• In layman’s language, hacking is the process of cutting with rough or heavy blows.

•However, in the computer world, hacking refers to the process of using a computer to gain unauthorized access to data in a system.

Types Of Hackers

White hat hacker Gray hat hacker Black hat hacker

• an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.

• A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee.

• violates computer security for little reason beyond maliciousness or for personal gain

Ethical HackingIN DETAILS

Ethical Hacking is:• Legal

• Permitted by the agent

• Part of an overal security programme

• When ethical hackers possess same skills,mindset and tools of a hacker but the attacks are done in a non destructive manner

A successful test doesn't necessarily mean a network or system is 100 percent secure, but it should be able to withstand automated attacks and unskilled hackers.

Why Ethical Hacking?1.Counter

defacements2.Protection from

possible external attacks

Introduction To Ethical Hacking• Ethical hackers use the same methods and techniques to test and bypass a system's defenses as their less-principled counterparts, but rather than taking advantage of any vulnerabilities found, they document them and provide advice on how to fix them.

• The purpose of ethical hacking is to evaluate the security of a system's infrastructure. It entails finding and attempting to exploit any vulnerabilities to determine whether unauthorized access or other malicious activities are possible.

Ethical Hacking Process• Preparation

• Footprinting

• Enumaration fingerprinting

• Identification of vulnerabilities

•Attack

ANY ORGANIZATION THAT HAS A NETWORK CONNECTED TO THE INTERNET OR PROVIDES AN ONLINE SERVICE SHOULD CONSIDER SUBJECTING IT TO A PENETRATION TEST.

Preparation• Identification of Targets – company websites, mail

servers, extranets, etc.

• Signing of Contract• Agreement on protection against any legal issues

• Contracts to clearly specifies the limits and dangers of the test

• Specifics on Denial of Service Tests, Social Engineering, etc.

• Time window for Attacks

• Total time for the testing

• Prior Knowledge of the systems

• Key people who are made aware of the testing

FootprintingCollecting as much information about the target

DNS Servers

IP Ranges

Administrative Contacts

Problems revealed by administrators

Information SourcesSearch enginesForumsDatabases – whois, ripe, arin, apnicTools – PING, whois, Traceroute, DIG, nslookup, sam spade

Enumeration & Fingerprinting

• Specific targets determined

• Identification of Services / open ports

• Operating System Enumeration

MethodsBanner grabbingResponses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc.

ToolsNmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner

Identification of VulnerabilitiesVulnerabilities

• Insecure Configuration

• Weak passwords

• Unpatched vulnerabilities in services, Operating systems, applications

• Possible Vulnerabilities in Services, Operating Systems

• Insecure programming

• Weak Access Control

Identification of VulnerabilitiesMethods

• Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites

• Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic

• Insecure Programming – SQL Injection, Listening to Traffic

• Weak Access Control – Using the Application Logic, SQL Injection

Identification of VulnerabilitiesTools

Vulnerability Scanners - Nessus, ISS, SARA, SAINT

Listening to Traffic – Ethercap, tcpdump

Password Crackers – John the ripper, LC4, Pwdump

Intercepting Web Traffic – Achilles, Whisker, Legion

Attack – Exploit the vulnerabilities• Obtain as much information (trophies) from the Target

Asset

• Gaining Normal Access

• Escalation of privileges

• Obtaining access to other connected systems

Last Ditch Effort – Denial of Service

Attack – Exploit the vulnerabilities

Network Infrastructure Attacks

Connecting to the network through modem

Weaknesses in TCP / IP, NetBIOS

Flooding the network to cause DOS

Operating System AttacksAttacking Authentication SystemsExploiting Protocol ImplementationsExploiting Insecure configurationBreaking File-System Security

Attack – Exploit the vulnerabilities

Application Specific Attacks• Exploiting implementations of HTTP, SMTP protocols

• Gaining access to application Databases

• SQL Injection

• Spamming

Attack – Exploit the vulnerabilitiesExploits

Free exploits from Hacker Websites

Customized free exploits

Internally Developed

Tools – Nessus, Metasploit Framework,

Reporting• Methodology

• Exploited Conditions & Vulnerabilities that could not be exploited

• Proof for Exploits - Trophies

• Practical Security solutions

Ethical Hacking - Commandments• Working Ethically• Trustworthiness

• Misuse for personal gain

• Respecting Privacy

• Not Crashing the Systems

prepared and Presented by: Group 1

•RefferencesWebsites:

Common Vulnerabilities & Exposures – http://cve.mitre.org

Bugtraq – www.securityfocus.com

Mwangi Thiga and Mwangi Edith