Ethical_Hacking_ppt

Web/System Security through “ ETHICAL HACKING” Guide : Smt. Jayasree K Presented by, Narayanan K Roll No: 27 C7A

PART - 1  What is Hacking?  Categories/Classes of Hackers.  Ethical Hackers – Skills, What do they do?, How much do they get paid?.  Anatomy of Attack

Who is a Hacker ? (Old Defn.)

The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: HACKER :

A person who enjoys learning the details of computer systems and how to stretch their capabilities.

2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.

Who is a Hacker? (New Defn.)

Due to Restriction to access, initially, people began to steal passwords, accounts etc.. – meant as small joke..

Later on, turned into damaging systems, bringing down servers, deleting files etc..with special motives.

The media began using the term “hacker” to describe individuals who break into computers for fun , revenge , or profit .

These people were called “ Crackers” by Computer Security Professionals.

Categories/Classes of Hackers  Black Hats  White Hats (Ethical Hackers)  Grey Hats  Script Kiddies  Hactivism

Black Hats : -> Hacker s pecialized in unauthorized, illegal penetration. -> Use computers to attack systems for profit, for revenge, or for political motivations White Hats : -> Hacker who identifies security weakness in a computer system or network and -> Exposes these weakness that will allow the system's owners to fix the breach. Grey Hats : -> Hybrid between White Hats and Black Hats.

Script Kiddies : -> U se scripts or programs developed by others to attack computer systems and networks. -> Objective - To impress their friends or gain credit in computer-enthusiast communities. Hactivism : -> The non-violent use of illegal or legally ambiguous digital tools in pursuit of political ends . -> W riting of code to promote political ideology - promoting expressive politics, free speech, human rights.

Need of Ethical Hackers: Problem - Growth of the Internet - Computer Security has become a Major Concern Solution - Independent computer security professionals attempt to break into their computer systems – White Hats. How much do they get paid ? In the US, pay - > upwards of $120,000 per annum. Freelance Ethical Hackers can expect to make $10,000 per assignment.

ETHICAL HACKING “ One of the best ways to evaluate the intruder threat is to have independent computer security professionals (White Hats) appointed by company to attempt and break into their own computer systems.” Ethical hacking – Methodology adopted by ethical hackers to discover the loopholes and vulnerabilities existing in the system and fix them .

Skills of Ethical Hackers -> Completely Trustworthy. -> Strong programming and computer networking skills. -> Excellent Unix/Windows internal Knowledge. -> Detailed knowledge of the hardware and software provided by popular vendors. -> Very patient.

Anatomy of Attack Reconnaissance – attacker gathers information; Tools used: whois, traceroute, Spam Spade, dig, host etc.. Scanning – searches for open ports (port scan), probes target for vulnerabilities. Tools : Nmap, Ping, IP Scanner etc.. Gaining access – attacker exploits vulnerabilities to get inside system; Tools : John the Ripper etc.. Maintaining access – creates backdoor through use of Trojans to come back again easily; Tools : NetBus, SubSeven etc.. Covering tracks – deletes files, hides files, and erases log files to avoid detection. Tools : ClearLogs, Image Hide etc..

Classes of Attack

Authentication

Client-Side Attacks

Command Execution

Information Disclosure

Part - 2

Authentication

Covers attacks that target a web site's method of validating the identity of a user, service or application.

Attack Types :

1. Brute Force

2. Weak Password Recovery Validation

Client-Side Attacks  Focuses on the abuse or exploitation of a web site's users.  Attack Examples : 1. Content Spoofing 2. Cross-Site Scripting

Command Execution

C overs attacks designed to execute remote commands on the web site

Attack Examples :

1. OS Commanding

2. SQL Injection

Information Disclosure

Covers attacks designed to acquire system specific information about a web site like backup / temporary files, softwares used etc..

Attack Examples :

1. Path Traversal

2. Predictable Resource Location

Part - 3 Some Hacking Techniques in detail

Injection Exploits :

SQL Injection

Cross-Site Scripting

2. Google Hacking

Google Hack Database

Google Honey Pot

INJECTION EXPLOITS

Injection exploits : Entering malicious data or code into input text fields of web-sites for evil purposes.

 Usually these exploits exploit vulnerabilities resulting from insufficient data validation on input and so forth.

 Examples:

 SQL Injection

 Cross-Site Scripting (XSS)

SQL INJECTION “ SQL injection” is a security vulnerability that occurs in the database layer of an application. The objective -- > To fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.

Example

Common vulnerable login query

JDBC/MySQL Login Syntax

String query = "SELECT * FROM users

WHERE login = ' " + user + " '

AND password = ' " + passwd + " ' ”;

SELECT * FROM users

WHERE login = 'victor'

AND password = '123'

(If it returns something, then login!)

User Input and Final Query

Username :

Password :

Final query would look like this:

SELECT * FROM users

WHERE user = ' ' or 1=1; – –

AND passwd = ' anything'

' or 1=1; – – anything'

Protection Measurements – Do not create SQL string from input field directly without sanitizing. – Limit the no. of login failure ; then lock account temporarily or permanently – Log the login failure case to monitor the attack (both sql injection and brute-force attack)

Input Validation

Limit the length of input field such as username/password field

Don’t allow special characters

One way may be - Allow only

[a-z][A-Z][0-9][@.-_+]

Yet,

There are ways to go around these restrictions.

Cross-Site Scripting (XSS) Attacks Script Injection – Entering malicious script codes into non-validated forms or text fields that will get stored in the database. – When that data is retrieved from database when the users load that webpage the code executes and attack occurs

XSS-Attack: General Overview 1. Attacker sends malicious code 2. Server stores message Did you know this? ..... 3. User requests message 4. Message is delivered by server 5. Browser executes script in message Attacker Client Web Server GET Money for FREE !!! <script> attack code </script> !!! attack code !!! This is only one example out of many attack scenarios! Re: Error message on startup ..... I found a solution! ..... Can anybody help? ..... Error message on startup ..... Post Forum Message: Subject: GET Money for FREE !!! Body: <script> attack code </script> GET Money for FREE !!! <script> attack code </script> Get /forum.jsp?fid=122&mid=2241

Simple XSS Attack http://myserver.com/test.jsp?name=Stefan http://myserver.com/welcome.jsp?name= <script>alert("Attacked")</script> <HTML> <Body> Welcome Stefan </Body> </HTML> <HTML> <Body> Welcome <script>alert("Attacked")</script> </Body> </HTML>

Hacking

Definition :-

Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.

So How Does Google Work?

Crawls and indexes web pages

Stores copies of web pages and graphics on caching servers

Provides simple GUI for querying database of cached pages

Returns search results in order based on relevancy

Google Hacking Queries Inurl : inurl:admin inurl:passwd filetype:txt Index of : "Index of /secret " "Index of /credit-card " Intitle : ?intitle:index.of?MP3 Songname ?intitle:index.of?ebook BookName

GHDB (Google Hack Database) http://johnny.ihackstuff.com/- Johnny Long (White hat hacker) GHDB – A database containing Hacking queries

Google Hack Honey Pot (GHH)