Upload
lokesh-singh
View
105
Download
1
Embed Size (px)
Citation preview
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 1
ISOFTDL HACKING CLASS 1 INTRODUCTION TO ETHICAL HACKING AUTHOR: LOKESH SINGH www.isoftdl.com
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 2
What Is Hacking??
Everyone here thinks that hacking is just stealing of data and information illegally
but this perception is absolutely wrong.
The below is definition from Wikipedia.... It’s clearly showing hacking as a
negative thing...
"Hacking is unauthorized use of computer and network resources.
(The term "hacker" originally meant a very gifted programmer. In
recent years though, with easier access to multiple systems, it now
has negative implications.)"
Hacking is not always unauthorized... Hacking also includes exploring the Things
that are being hidden from the general usage... So exploring things i.e. being
hidden from general User is also hacking...
Hacking Definition by Me...
“Hacking is art of exploring the hidden things that are being hidden
from general usage and finding loop holes in the security and use
them to benefit the others"
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 3
WHO ARE HACKERS??
Everybody here thinks that hackers are criminals of the virtual world
(i.e. digital World). But this thought is also wrong. Hackers are not
always criminals. It doesn't have any doubt that Hackers are extremely
genius peoples in the field of Computers.
I want to categorize hackers in three Categories:
1. Crackers or Black Hat hackers or cheaters or simply criminals: They
are called criminals because they are having the mindset of causing harm
to security and they steals very useful data and use it in wrong
ways. Phreakers also come in this category who steals account info and
steal your credit card nos. and money over the Net.
2. Ethical hackers: Ethical Hacking Means you think like Hackers i.e.
first you Hack the Systems and find out the loop holes and then try to
correct those Loop Holes. These types of hackers protect the cyberworld
from every possible threat and fix the future coming security loop holes.
These peoples are also called as "GURU's" of Computer Security.
3. Simply Prankers: The hackers who just do hacking for fun...play
pranks to their friends.
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 4
Fig: Different Categories of Hackers
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 5
INTRODUCTION TO SIMPLE TERMS
RELATED TO HACKING!
Threat –An action or event that might compromise security. A threat is
a potential violation of security.
Vulnerability –Existence of a weakness, design, or implementation
error that can lead to an unexpected, undesirable event compromising
the security of the system.
Exploit –A defined way to breach the security of a system
through vulnerability i.e. Use the vulnerability to damage the database or
system.
Attack –An assault on system security that derives from an intelligent
threat. An attack is any action that violates security.
Target of Evaluation –An IT system, product, or component that
is identified or subjected as requiring security evaluation.
Security – A state of well-being of information and infrastructures
in which the possibility of successful yet undetected theft,
tampering, and disruption of information and services is kept low or
tolerable.
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 6
What you will learn in Isoftdl Ethical Hacking
class?
Hacking is has similar to coin which has two sides head and Tail that
means Network Security (White-Hat or Ethical Hackers) and Cracking
or Phreaking (Bad Guys or Black-Hat Hackers). I will teach you both
sides because you will be expert only if you know both sides of
Hacking.
To stop something you must know everything...
Note the above line.
If you limit your thinking and approach then you cannot become a
security specialist as you don't know what is going in attacker's mind. So
to become a security specialist, you have to think like attackers, also
attackers are more than thousands in count but security experts are very
less. So you need to be smart enough to cope with them and prevent
your system and network.
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 7
Below snapshot will tell you what I will teach to you in future hacking
classes:
Fig: What I will teach you in Hacking Class
What is Hacktivism?
Hacktivism basically means hacking for a cause. When Hackers has to
publicize some agenda or send some message to users, they use this
technique to get visibility. The hacktivism consists or several attacks like
Website Defacement. They hack website and display a message or
agenda on it.
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 8
Steps of Conducting Hacking Attacks:
Any hacking attack consists of 5 basic steps. Note: attempt should be
systematic if you wish to achieve success otherwise it’s of no use as you
will be detected and victim will come to know that his system has been
hacked and if he reported it to authorized people then you can be tracked
down and consequences will be really bad.
Stepwise description How an hacking attempt is made:
Step1: Reconnaissance
Refers to a preparatory phase where an attacker seeks to gather as much
information as possible about the target of evaluation prior to launching
an attack.
Passive reconnaissance involves monitoring network data for
patterns and clues.
Active reconnaissance involves probing the network for
Accessible hosts
Open ports
Location of routers
Operating system details (if possible services)
Foot-printing – is a blueprinting of the security profile of an
organization, undertaken in a methodological manner.
Scanning – refers to a pre-attack phase when the hacker scans the
network with specific information gathered during foot-printing.
Enumeration – involves active connections to systems and directed
queries.
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 9
Step2: Scanning Targets
This stage of a hack can be considered to be a logical extension of active
reconnaissance. Get a single point of entry to launch an attack and could
be point of exploit when vulnerability of the system is detected.
Objectives of port scanning:
Open ports
Host operating system
Software or service versions
Vulnerable software versions
Step3: Gaining Access
Gaining access refers to the true attack phase. The exploit can occur over
a LAN, locally, Internet, offline, as deception or theft.
System Hacking
Sniffers
Social Engineering
Denial of Service
Session Hijacking
Buffer Overflows
Root kits
Hacking Web servers
Web application vulnerabilities
Web based password cracking
SQL injection
Hacking Wireless networks
Virus and Worms
Evading IDS, firewalls, Honey pots
Cryptography
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 10
Step 4: Maintaining access
Maintaining access refers to the phase when the attacker tries to retain
his ‘ownership’ of the system. Install tools such as
Root kits.
Trojans and its backdoors.
Backdoors.
Step 5: Covering Tracks or Clearing Traces
Covering tracks refers to remove the evidence of his presence and
activities. Different Techniques include:
Tunneling.
Altering/Clearing log files.
Disabling auditing
That's the overall procedure how a successful hacking attempt is made. I
will discuss all these steps in details in future classes.
ISOFTDL ONLINE HACKING CLASS
LOKESH SINGH (http://www.isoftdl.com) Page 11
Different Types of Hacker Attacks
There are several techniques or methods through which a hacker can
gain access to system. The attackers try to exploit the vulnerability or
loop hole in the system.
Different attack types:
1. Operating System Attacks
2. Code based Attacks also called Wrapped Code attacks
3. Misconfiguration attacks
4. Application Level Attacks
5. Web Based Attacks