GUIDED BY –
Prof.-Mr.R. Vimal Karthik
What is HACKING ???
Who are Hackers???
What is Ethical Hacking ???
Who are Ethical Hackers???
Types Of Hacking
Hacking - showing computer expertise
Cracking - breaching security on software or
Phreaking - cracking telecom networks
Spoofing - faking the originating IP address in a
Denial of Service (DoS) - flooding a host with
sufficient network traffic so that it can’t respond
Port Scanning - searching for vulnerabilities
Hacking is cracking into an
account or cheating in a game
without using cheat codes.
Hacking passwords requires
a program or requires finding
glitches from the website.
Hacker is a hacker who "violates computer security
for little reason beyond maliciousness or for
Black hats :– highly skilled, malicious, destructive
White hats – skills used for defensive security
Gray hats – offensively and defensively; will hack
for different reasons, depends on situation.
It is Partially Legal (May vary by country law)
Completely legal in INDIA
Permission is obtained from the target user
Part of an overall security program.
Strong programming and computer networking
Techniques of Criminal hackers- DetectionPrevention.
Ethical hackers possesses same skills, mindset and
tools of a hacker but the attacks are done in a nondestructive manner .
E.G. Cyber Crime investigators
Routers : knowledge of routers, routing protocols, and
access control lists Microsoft: skills in operation,
configuration and management.
Linux: knowledge of Linux/Unix; security setting,
configuration, and services.
Firewalls: configurations, and operation of intrusion
Mainframes Network Protocols: TCP/IP how they function
and can be manipulated.
Project Management: knowledge of leading, planning,
organizing, and controlling a penetration testing team.
(Source: http://www.examcram.com )
Who is, ping
nmap • nessus
A typical attacker works in the following manner:
Identify the target system.
Gathering Information on the target system.
Finding a possible loophole in the target
Exploiting this loophole using exploit code.
Removing all traces from the log files and
escaping without a trace.
Discovery of Web application
Getting Real Attack Points
Exploit the system
Finding the defend mechanism and approach for
IP Address and Port as start point for assessmentMYTH
What if IP address is multi-hosted?
One IP can have more application to assess.
Finding web application running on domain.
Host Foot printing
Domain Foot printing.
Both focus on Web application.
Tools and method.
LETS CHECK IT OUT!!!!!
Determine if system is alive
1) Ping sweep: ICMP packets
Fping, nmap for UNIX
Pinger, Ping Sweep for Windows
2) Port Scan: TCP packets
Nmap can send TCP
Hping2 can fragment TCP packets bypassing some
access control devices
Port scanning: Detentive
Networking based IDS like Snort
firewalls can detect port scan attempts
Disable unnecessary services to minimize
Poor Web Application coding
Insecure deployment of web application
Insufficient input validation
No web traffic filtering
Web application attributes are not guarded well. For
example Query String.
Next generation patch management tool released- Secunia
Anonymity tool TOR gains more than 1.2 million users
since NSA PRISM Scandal
Fear of NSA PRISM : Indian Government may ban US
email services for official Communication
CISCO vulnerability allows remote attacker to take control
of Windows System
New York Times. Twitter and Huffington Post Domains
hijacked by Syrian Electronic Army
FBI uses Anonymous Hackers to attack foreign
Palestinian Hacker , who hacked Zuckerberg’s Facebook
Account to be awarded with $12000