KaaShiv InfoTech Ethical Hacking For Inplant Training / Internship, please download the "Inplant training registration form" from our website

KaaShiv InfoTechKaaShiv InfoTech

Ethical HackingEthical Hacking

For For Inplant Training / Inplant Training / InternshipInternship, , please download please download

the "Inplant training registration form" the "Inplant training registration form" from our website from our website www.kaashivinfotech.com. Fill the www.kaashivinfotech.com. Fill the form and send it to form and send it to [email protected] [email protected]

www.kaashivinfotech.com

INTRODUCTIONINTRODUCTION

Ethical Hacking

Knowledge is Power

To Teach is to Defend

Hacking is frowned upon

For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to [email protected]


Presentation OverviewPresentation Overview

Presentation #1 will be an introduction to tools and tricks used Presentation #1 will be an introduction to tools and tricks used by “script-kiddies”, or those new to the hacker community.by “script-kiddies”, or those new to the hacker community.

Many people may have seen or used the following tools and Many people may have seen or used the following tools and tricks, but most moderate to advanced users frown upon them.tricks, but most moderate to advanced users frown upon them.



Presentation OverviewPresentation Overview NetBios Hacking – Connect, view, share

IP Scanning – Angry IP Scanner

Cain – Excellent script-kiddie tool

Sub7/Netbus – Remote Admin Tools

PuTTy/Token2 – Tools of the trade



Windows NetBios Hacking

This is one of the most basic file access tricks known to This is one of the most basic file access tricks known to Windows.Windows.

Not necessarily hacking, but beginners call it such.Not necessarily hacking, but beginners call it such.

Can be used with a samba brute-force password guesser.Can be used with a samba brute-force password guesser.



NetBios Hacking Protection Disable file sharing! Use a firewall such as ZoneAlarm when you are not sharing

files. Password protect your shares. Use a hardware firewall such as a router with built-in firewall. This is an old hack, but it still can compromise an entire

system.



IP ScanningIP Scanning Finding vulnerable targets in the wild.Finding vulnerable targets in the wild. Viruses and bots use IP sweepers, so ISPs will flag this Viruses and bots use IP sweepers, so ISPs will flag this

activity.activity. IP Scanning is very common among exploit seeking viruses.IP Scanning is very common among exploit seeking viruses.



Finding Appropriate IP Range

First we must find a range to search. This could be any combination of IP ranges such as 192.168.*.*

Next we must determine what we are searching for. Finally, we decide what tools to use. For now, we will stick

to Angry IP Scanner.



Searching for HTTPSearching for HTTP Lets find some HTTP servers! In Angry IP Scanner, set IP range and change Ports to [x] Scan Port: port 80 Begin scan…. After scan has completed, to only sort out which IPs have port 80 open, go to

Utils>Delete From List>Closed Ports Our list is complete.



What We Often Find

Generally we will find routers and modems. Often if they are default, they also have default passwords (for another day)

Sometimes we stumble upon websites, personal projects, etc. This is VERY dangerous as you could be scanning a computer

which is illegal to access…



Prevention from IP scans?Prevention from IP scans?

If you’re on the internet, you have an IP. IP scanners will give an ALIVE message.

Firewalls are VITAL if you are directly connected to the internet (ZoneAlarm, etc.)

HTTP access to routers should be turned off unless absolutely necessary. If enabled, ensure passwords are hard to guess/break.



Cain & Abel :-D

Cain is a very, very evil script-kiddie tool.

We can spoof, crack, trace, inject, sniff, poison, and a few other things.

This program is dangerous in the wrong hands because it works verywell.



ARP Poisoning Cain currently only arp poisons through ethernet cards.

Broad overview of how to get it to run.

First, enable the sniffer and retrieve list of potential victim IPs.

Next, click the IP you want to add and press the + sign.

Watch the packets come in, and capture EVERYTHING the IP is sending and receiving via ARP poisoning.



Creative & Powerful Tool Cain is creative, powerful, and has a huge damage potential in the wrong hands.

Keep those firewalls up! ARP Poisoning can be prevented by firewalling your connection.

Be aware of malicious users on your network, watching for that little Cain program to pop up on their screen.



Sub7/NetBus Remote Admin Tools, or RAT for short are essentially total control over a

computer. RAT tools are servers designed to take complete control without the user’s notice. Sub7 is a well known black-hat RAT used to take over computers without the

need for a “server” broadcast. NetBus is also well known, but is a bit noisier and often leaves more traces. Many other RATs out there.



SUB 7 CONFIGURE First, the hacker configures Sub7 with a configuration exe.

This produces a new server with the desired options. Options can include IRC control, broadcast of infection,

methods of install, ways to stick server, etc. Sub7 can also be password protected to prevent other hackers

access to the victim.



OUR Sub7 SERVER

For now we know the victim will be able to broadcast via port 4000 (radmin port)

We want to ensure server sticks. We want a password to prevent other uninvited guests. Only install the minimum, IRC, ICQ, AIM is extra so disable it.



SEND OUR VICTIM THE EXE

This part is difficult to pull off, hackers have many ways to This part is difficult to pull off, hackers have many ways to social engineer victims to do this part.social engineer victims to do this part.

User must execute server.exeUser must execute server.exe Once executed, server is automatically launched and we are Once executed, server is automatically launched and we are

ready to take control.ready to take control.



Client Side RAT Control We now have total control of our victim machine, so lets view their hard drive. Eject their cd-rom. Ok, enough of this, lets let them know we have taken over with a friendly error. Finally, using Sub7’s fun little Matrix mode, let us remind them that reality is a

mere fictional state of mind.



Prevention of RATsPrevention of RATs

Do not execute anything you do not trust!Do not execute anything you do not trust! Always enable show file extensions to be turned on (Windows Always enable show file extensions to be turned on (Windows

defaults them off?!?)defaults them off?!?) Be aware of strange activity. RATs do not need to broadcast to Be aware of strange activity. RATs do not need to broadcast to

take over, they can use other methods such as AIM messages, take over, they can use other methods such as AIM messages, IRC bot commands, and other various client messages.IRC bot commands, and other various client messages.

Advanced RATs will be covered in a later presentation.Advanced RATs will be covered in a later presentation.



PUTTY/TOKEN PUTTY/TOKEN

Excellent text based ssh/telnet/ftp/raw TTY clients. Learn how to use these as they become vital later in a hackers

life. Token 2 has excellent proxy abilities, so read up on how to use

Socks-5 and SSH. Begin learning about potential tunneling via SSH and PuTTy.



CONCLUSION Keep safe! Just because I teach this does not mean it is legit stuff.

Play around on test boxes, use VMWare, give your roomie a scare but not your college professor!

I would like to continue this as long as I have an audience. I learn as everyone else learns.

Ideas include advanced scanning and penetration, wireless hacking, root kit exploration, shell/exploit writing, web defacing/hacking, virus exploration/writing, maybe some old school hardware hacks (red/blue/beige boxes, credit card readers), and whatever else people want to hear about.




Thank you


Documents

KaaShiv InfoTech Ethical Hacking For Inplant Training / Internship, please download the "Inplant training registration form" from our website