Web/System Security through “ ETHICAL HACKING” Guide : Smt. Jayasree K Presented by, Narayanan K Roll No: 27 C7A
PART - 1 What is Hacking? Categories/Classes of Hackers. Ethical Hackers – Skills, What do they do?, How much do they get paid?. Anatomy of Attack
Who is a Hacker ? (Old Defn.) <ul><li>The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: HACKER : </li></ul><ul><li>A person who enjoys learning the details of computer systems and how to stretch their capabilities. </li></ul><ul><li>2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming. </li></ul>
Who is a Hacker? (New Defn.) <ul><li>Due to Restriction to access, initially, people began to steal passwords, accounts etc.. – meant as small joke.. </li></ul><ul><li>Later on, turned into damaging systems, bringing down servers, deleting files etc..with special motives. </li></ul><ul><li>The media began using the term “hacker” to describe individuals who break into computers for fun , revenge , or profit . </li></ul><ul><li>These people were called “ Crackers” by Computer Security Professionals. </li></ul>
Categories/Classes of Hackers Black Hats White Hats (Ethical Hackers) Grey Hats Script Kiddies Hactivism
Black Hats : -> Hacker s pecialized in unauthorized, illegal penetration. -> Use computers to attack systems for profit, for revenge, or for political motivations White Hats : -> Hacker who identifies security weakness in a computer system or network and -> Exposes these weakness that will allow the system's owners to fix the breach. Grey Hats : -> Hybrid between White Hats and Black Hats.
Script Kiddies : -> U se scripts or programs developed by others to attack computer systems and networks. -> Objective - To impress their friends or gain credit in computer-enthusiast communities. Hactivism : -> The non-violent use of illegal or legally ambiguous digital tools in pursuit of political ends . -> W riting of code to promote political ideology - promoting expressive politics, free speech, human rights.
Need of Ethical Hackers: Problem - Growth of the Internet - Computer Security has become a Major Concern Solution - Independent computer security professionals attempt to break into their computer systems – White Hats. How much do they get paid ? In the US, pay - > upwards of $120,000 per annum. Freelance Ethical Hackers can expect to make $10,000 per assignment.
ETHICAL HACKING “ One of the best ways to evaluate the intruder threat is to have independent computer security professionals (White Hats) appointed by company to attempt and break into their own computer systems.” Ethical hacking – Methodology adopted by ethical hackers to discover the loopholes and vulnerabilities existing in the system and fix them .
Skills of Ethical Hackers -> Completely Trustworthy. -> Strong programming and computer networking skills. -> Excellent Unix/Windows internal Knowledge. -> Detailed knowledge of the hardware and software provided by popular vendors. -> Very patient.
Anatomy of Attack Reconnaissance – attacker gathers information; Tools used: whois, traceroute, Spam Spade, dig, host etc.. Scanning – searches for open ports (port scan), probes target for vulnerabilities. Tools : Nmap, Ping, IP Scanner etc.. Gaining access – attacker exploits vulnerabilities to get inside system; Tools : John the Ripper etc.. Maintaining access – creates backdoor through use of Trojans to come back again easily; Tools : NetBus, SubSeven etc.. Covering tracks – deletes files, hides files, and erases log files to avoid detection. Tools : ClearLogs, Image Hide etc..
Authentication <ul><li>Covers attacks that target a web site's method of validating the identity of a user, service or application. </li></ul><ul><li>Attack Types : </li></ul><ul><li>1. Brute Force </li></ul><ul><li>2. Weak Password Recovery Validation </li></ul>
Client-Side Attacks Focuses on the abuse or exploitation of a web site's users. Attack Examples : 1. Content Spoofing 2. Cross-Site Scripting
Command Execution <ul><li>C overs attacks designed to execute remote commands on the web site </li></ul><ul><li>Attack Examples : </li></ul><ul><li>1. OS Commanding </li></ul><ul><li>2. SQL Injection </li></ul>
Information Disclosure <ul><li>Covers attacks designed to acquire system specific information about a web site like backup / temporary files, softwares used etc.. </li></ul><ul><li>Attack Examples : </li></ul><ul><li>1. Path Traversal </li></ul><ul><li>2. Predictable Resource Location </li></ul>
Part - 3 Some Hacking Techniques in detail <ul><li>Injection Exploits : </li></ul><ul><li> SQL Injection </li></ul><ul><li> Cross-Site Scripting </li></ul><ul><li>2. Google Hacking </li></ul><ul><li> Google Hack Database </li></ul><ul><li> Google Honey Pot </li></ul>
INJECTION EXPLOITS <ul><li>Injection exploits : Entering malicious data or code into input text fields of web-sites for evil purposes. </li></ul><ul><li> Usually these exploits exploit vulnerabilities resulting from insufficient data validation on input and so forth. </li></ul><ul><li> Examples: </li></ul><ul><li> SQL Injection </li></ul><ul><li> Cross-Site Scripting (XSS) </li></ul>
SQL INJECTION “ SQL injection” is a security vulnerability that occurs in the database layer of an application. The objective -- > To fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.
Example <ul><li>Common vulnerable login query </li></ul><ul><li>JDBC/MySQL Login Syntax </li></ul><ul><li>String query = "SELECT * FROM users </li></ul><ul><li>WHERE login = ' " + user + " ' </li></ul><ul><li>AND password = ' " + passwd + " ' ”; </li></ul><ul><li>SELECT * FROM users </li></ul><ul><li>WHERE login = 'victor' </li></ul><ul><li>AND password = '123' </li></ul><ul><li>(If it returns something, then login!) </li></ul>
User Input and Final Query <ul><li>Username : </li></ul><ul><li>Password : </li></ul><ul><li>Final query would look like this: </li></ul><ul><li>SELECT * FROM users </li></ul><ul><li>WHERE user = ' ' or 1=1; – – </li></ul><ul><li>AND passwd = ' anything' </li></ul>' or 1=1; – – anything'
Protection Measurements – Do not create SQL string from input field directly without sanitizing. – Limit the no. of login failure ; then lock account temporarily or permanently – Log the login failure case to monitor the attack (both sql injection and brute-force attack)
Input Validation <ul><li>Limit the length of input field such as username/password field </li></ul><ul><li>Don’t allow special characters </li></ul><ul><li>One way may be - Allow only </li></ul><ul><li>[a-z][A-Z][0-9][@.-_+] </li></ul><ul><li>Yet, </li></ul><ul><li>There are ways to go around these restrictions. </li></ul>
Cross-Site Scripting (XSS) Attacks Script Injection – Entering malicious script codes into non-validated forms or text fields that will get stored in the database. – When that data is retrieved from database when the users load that webpage the code executes and attack occurs
XSS-Attack: General Overview 1. Attacker sends malicious code 2. Server stores message Did you know this? ..... 3. User requests message 4. Message is delivered by server 5. Browser executes script in message Attacker Client Web Server GET Money for FREE !!! <script> attack code </script> !!! attack code !!! This is only one example out of many attack scenarios! Re: Error message on startup ..... I found a solution! ..... Can anybody help? ..... Error message on startup ..... Post Forum Message: Subject: GET Money for FREE !!! Body: <script> attack code </script> GET Money for FREE !!! <script> attack code </script> Get /forum.jsp?fid=122&mid=2241
Hacking <ul><li>Definition :- </li></ul><ul><li>Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security. </li></ul>
So How Does Google Work? <ul><li>Crawls and indexes web pages </li></ul><ul><li>Stores copies of web pages and graphics on caching servers </li></ul><ul><li>Provides simple GUI for querying database of cached pages </li></ul><ul><li>Returns search results in order based on relevancy </li></ul>
Google Hacking Queries Inurl : inurl:admin inurl:passwd filetype:txt Index of : "Index of /secret " "Index of /credit-card " Intitle : ?intitle:index.of?MP3 Songname ?intitle:index.of?ebook BookName
GHDB (Google Hack Database) http://johnny.ihackstuff.com/- Johnny Long (White hat hacker) GHDB – A database containing Hacking queries
Google Hack Honey Pot (GHH) <ul><li>R eaction to a new type of malicious web traffic: search engine hackers. </li></ul><ul><li>It is designed to provide reconnaissance against attackers who use search engines as a hacking tool against your resources. </li></ul><ul><li>GHH implements honeypot theory to provide additional security to your web presence – Every packet entering or leaving is monitored.. </li></ul>
General Hacking Prevention <ul><li>Hack into your own system to spot vulnerabilities </li></ul><ul><li>Use very Strong Passwords and change them every 6 months </li></ul><ul><li>Perform Input Validation on text fields in web sites. </li></ul><ul><li>Good Coding Practices </li></ul><ul><li>Update yourself about the latest trends in hacking and take preventive measures </li></ul>