11
ISOFTDL ONLINE HACKING CLASS LOKESH SINGH (http://www.isoftdl.com ) Page 1 ISOFTDL HACKING CLASS 1 INTRODUCTION TO ETHICAL HACKING AUTHOR: LOKESH SINGH www.isoftdl.com

Isoftdl Hacking Class 1 Introduction to Ethical Hacking

Embed Size (px)

Citation preview

Page 1: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 1

ISOFTDL HACKING CLASS 1 INTRODUCTION TO ETHICAL HACKING AUTHOR: LOKESH SINGH www.isoftdl.com

Page 2: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 2

What Is Hacking??

Everyone here thinks that hacking is just stealing of data and information illegally

but this perception is absolutely wrong.

The below is definition from Wikipedia.... It’s clearly showing hacking as a

negative thing...

"Hacking is unauthorized use of computer and network resources.

(The term "hacker" originally meant a very gifted programmer. In

recent years though, with easier access to multiple systems, it now

has negative implications.)"

Hacking is not always unauthorized... Hacking also includes exploring the Things

that are being hidden from the general usage... So exploring things i.e. being

hidden from general User is also hacking...

Hacking Definition by Me...

“Hacking is art of exploring the hidden things that are being hidden

from general usage and finding loop holes in the security and use

them to benefit the others"

Page 3: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 3

WHO ARE HACKERS??

Everybody here thinks that hackers are criminals of the virtual world

(i.e. digital World). But this thought is also wrong. Hackers are not

always criminals. It doesn't have any doubt that Hackers are extremely

genius peoples in the field of Computers.

I want to categorize hackers in three Categories:

1. Crackers or Black Hat hackers or cheaters or simply criminals: They

are called criminals because they are having the mindset of causing harm

to security and they steals very useful data and use it in wrong

ways. Phreakers also come in this category who steals account info and

steal your credit card nos. and money over the Net.

2. Ethical hackers: Ethical Hacking Means you think like Hackers i.e.

first you Hack the Systems and find out the loop holes and then try to

correct those Loop Holes. These types of hackers protect the cyberworld

from every possible threat and fix the future coming security loop holes.

These peoples are also called as "GURU's" of Computer Security.

3. Simply Prankers: The hackers who just do hacking for fun...play

pranks to their friends.

Page 4: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 4

Fig: Different Categories of Hackers

Page 5: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 5

INTRODUCTION TO SIMPLE TERMS

RELATED TO HACKING!

Threat –An action or event that might compromise security. A threat is

a potential violation of security.

Vulnerability –Existence of a weakness, design, or implementation

error that can lead to an unexpected, undesirable event compromising

the security of the system.

Exploit –A defined way to breach the security of a system

through vulnerability i.e. Use the vulnerability to damage the database or

system.

Attack –An assault on system security that derives from an intelligent

threat. An attack is any action that violates security.

Target of Evaluation –An IT system, product, or component that

is identified or subjected as requiring security evaluation.

Security – A state of well-being of information and infrastructures

in which the possibility of successful yet undetected theft,

tampering, and disruption of information and services is kept low or

tolerable.

Page 6: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 6

What you will learn in Isoftdl Ethical Hacking

class?

Hacking is has similar to coin which has two sides head and Tail that

means Network Security (White-Hat or Ethical Hackers) and Cracking

or Phreaking (Bad Guys or Black-Hat Hackers). I will teach you both

sides because you will be expert only if you know both sides of

Hacking.

To stop something you must know everything...

Note the above line.

If you limit your thinking and approach then you cannot become a

security specialist as you don't know what is going in attacker's mind. So

to become a security specialist, you have to think like attackers, also

attackers are more than thousands in count but security experts are very

less. So you need to be smart enough to cope with them and prevent

your system and network.

Page 7: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 7

Below snapshot will tell you what I will teach to you in future hacking

classes:

Fig: What I will teach you in Hacking Class

What is Hacktivism?

Hacktivism basically means hacking for a cause. When Hackers has to

publicize some agenda or send some message to users, they use this

technique to get visibility. The hacktivism consists or several attacks like

Website Defacement. They hack website and display a message or

agenda on it.

Page 8: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 8

Steps of Conducting Hacking Attacks:

Any hacking attack consists of 5 basic steps. Note: attempt should be

systematic if you wish to achieve success otherwise it’s of no use as you

will be detected and victim will come to know that his system has been

hacked and if he reported it to authorized people then you can be tracked

down and consequences will be really bad.

Stepwise description How an hacking attempt is made:

Step1: Reconnaissance

Refers to a preparatory phase where an attacker seeks to gather as much

information as possible about the target of evaluation prior to launching

an attack.

Passive reconnaissance involves monitoring network data for

patterns and clues.

Active reconnaissance involves probing the network for

Accessible hosts

Open ports

Location of routers

Operating system details (if possible services)

Foot-printing – is a blueprinting of the security profile of an

organization, undertaken in a methodological manner.

Scanning – refers to a pre-attack phase when the hacker scans the

network with specific information gathered during foot-printing.

Enumeration – involves active connections to systems and directed

queries.

Page 9: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 9

Step2: Scanning Targets

This stage of a hack can be considered to be a logical extension of active

reconnaissance. Get a single point of entry to launch an attack and could

be point of exploit when vulnerability of the system is detected.

Objectives of port scanning:

Open ports

Host operating system

Software or service versions

Vulnerable software versions

Step3: Gaining Access

Gaining access refers to the true attack phase. The exploit can occur over

a LAN, locally, Internet, offline, as deception or theft.

System Hacking

Sniffers

Social Engineering

Denial of Service

Session Hijacking

Buffer Overflows

Root kits

Hacking Web servers

Web application vulnerabilities

Web based password cracking

SQL injection

Hacking Wireless networks

Virus and Worms

Evading IDS, firewalls, Honey pots

Cryptography

Page 10: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 10

Step 4: Maintaining access

Maintaining access refers to the phase when the attacker tries to retain

his ‘ownership’ of the system. Install tools such as

Root kits.

Trojans and its backdoors.

Backdoors.

Step 5: Covering Tracks or Clearing Traces

Covering tracks refers to remove the evidence of his presence and

activities. Different Techniques include:

Tunneling.

Altering/Clearing log files.

Disabling auditing

That's the overall procedure how a successful hacking attempt is made. I

will discuss all these steps in details in future classes.

Page 11: Isoftdl Hacking Class 1 Introduction to Ethical Hacking

ISOFTDL ONLINE HACKING CLASS

LOKESH SINGH (http://www.isoftdl.com) Page 11

Different Types of Hacker Attacks

There are several techniques or methods through which a hacker can

gain access to system. The attackers try to exploit the vulnerability or

loop hole in the system.

Different attack types:

1. Operating System Attacks

2. Code based Attacks also called Wrapped Code attacks

3. Misconfiguration attacks

4. Application Level Attacks

5. Web Based Attacks