Ethical Hacking and Network Security


Published on

Hi, friends today Iam presented my ppt on ethical hacking and network security. This will gives you some basic tips and ideas about hacking and how to make our network secure.

Published in: Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • In other words, having systems in place beforehand which prevent attacks before they begin.
  • Since November 2004, the number of indexed pages has doubled. A googol is (10 100 ) Google’s Motto is “Don’t Be Evil”
  • Web servers: There’s actually more than 100 of these around the country. Which is one of the reasons why Google moves so quickly. Index Servers & Doc servers: There’s also redundancy built into the index and doc servers so the millions of people hitting Google at the same time don’t bog it down.
  • Ethical Hacking and Network Security

    1. 1. Glimpse on Computer Security A presentation by – Sumit Dimri
    2. 2. AGENDA <ul><li>SECURITY </li></ul><ul><li>GOOGLE HACKING </li></ul><ul><li>SNIFFERS </li></ul><ul><li>ARP SPOOFING </li></ul><ul><li>STEGANOGRAPHY </li></ul><ul><li>SOCIAL ENGINEERING </li></ul><ul><li>HACKING WEB SERVER </li></ul>
    3. 3. Network Security
    4. 4. A Brief History of the World
    5. 5. Overview <ul><li>What is security? </li></ul><ul><li>Why do we need security? </li></ul><ul><li>Who is vulnerable? </li></ul>
    6. 6. What is “Security” <ul><li> says: </li></ul><ul><ul><li>1. Freedom from risk or danger; safety. </li></ul></ul><ul><ul><li>2. Freedom from doubt, or fear; confidence. </li></ul></ul><ul><ul><li>3. Something that gives or assures safety, as: </li></ul></ul><ul><ul><ul><li>1. A group or department of private guards: Call building security if a visitor acts suspicious. </li></ul></ul></ul><ul><ul><ul><li>2. Measures adopted by a government to prevent attack. </li></ul></ul></ul><ul><ul><ul><li>3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. </li></ul></ul></ul><ul><ul><li>… etc. </li></ul></ul>
    7. 7. Why do we need security? <ul><li>Protect vital information while still allowing access to those who need it </li></ul><ul><ul><li>Trade secrets, medical records, etc. </li></ul></ul><ul><li>Provide authentication and access control for resources </li></ul>
    8. 8. Who is vulnerable? <ul><li>Financial institutions and banks </li></ul><ul><li>Internet service providers </li></ul><ul><li>Government and defense agencies </li></ul><ul><li>Contractors to various government agencies </li></ul><ul><li>Multinational corporations </li></ul><ul><li>ANYONE ON THE NETWORK </li></ul>
    9. 9. Security related URLs <ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul>
    10. 10. Google Hacking <ul><li>Plays a very important role in collecting information about the target. </li></ul><ul><li>Google has a variety of special search syntaxes. </li></ul><ul><li>List of employees, their personal details. </li></ul><ul><li>Sometimes simple searches yield personal pages and non authorized information. </li></ul><ul><li>Google can assist an ethical hacker in many ways. </li></ul>
    11. 11. What is G o o g l e ? <ul><li>A powerful full-text search engine that indexes over 10 billion websites </li></ul><ul><li>A tool </li></ul><ul><li>A site that has launched a vocabulary all its own </li></ul>
    12. 12. How does G o o g l e TM work?
    13. 13. The special syntaxes <ul><li>INTITLE </li></ul><ul><li>intitle: restricts your search to the titles of web pages. </li></ul><ul><li>Intitle: “HACKING” </li></ul>
    14. 15. INURL <ul><li>inurl: restricts your search to the URLs of web pages. This syntax tends to work well for finding search and help pages because they tend to be rather regular in composition. </li></ul><ul><li>Inurl: hacking </li></ul>
    15. 17. SITE <ul><li>Site: allows you to narrow your search by either a site or a top-level domain. </li></ul><ul><li>Site:edu </li></ul>
    16. 19. LINK <ul><li>Link: returns a list of pages linking to the specified URL. Enter and you’ll be returned a list of pages that link to Orkut. </li></ul>
    17. 21. FILETYPE <ul><li>Filetype: searches the suffixes or filename extensions. </li></ul><ul><li>Filetype:ppt google hacking </li></ul>
    18. 23. 15-441 Networks Fall 2002
    19. 24. 15-441 Networks Fall 2002
    20. 25. What are Sniffers? <ul><li>Sniffers monitor network data. </li></ul><ul><li>A sniffer usually act as network probes or “snoops”-examining network traffic but not intercepting or altering them. </li></ul><ul><li>Ettercap is the best tool for sniffer. </li></ul>
    21. 29. ARP Spoofing <ul><li>Getting max internet speed using ARP spoofing. </li></ul>
    22. 30. ARP POISONING :arp -a 15-441 Networks Fall 2002
    23. 31. 15-441 Networks Fall 2002
    24. 32. What is Steganography? <ul><li>The process of hiding data in images is called Steganography. </li></ul><ul><li>Attackers can embed information such as: </li></ul><ul><ul><li>Source code for hacking tool. </li></ul></ul><ul><ul><li>List of compromised servers. </li></ul></ul><ul><ul><li>Plans for future attacks. </li></ul></ul>
    25. 37. What Is Social Engineering <ul><li>Social engineering is the human side of breaking into a corporate network. </li></ul><ul><li>An employee may unwittingly give away key information in an email or by answering questions over the phone with someone they don’t know. </li></ul>
    26. 38. Art Of Manipulation <ul><li>The goal of a social engineer is to trick someone into providing valuable information or access to that information. </li></ul><ul><li>It preys on qualities of human nature, such as the desire to be helpful, the tendency to trust people and the fear of getting in trouble. </li></ul>
    27. 39. Human Weakness <ul><li>People are usually the weakest link in the security chain. </li></ul><ul><li>Social engineering is the hardest form of attack to defend against because it cannot be defended with hardware or software alone. </li></ul>
    28. 40. Human Based Social Engineering <ul><li>Human based social engineering can be broadly categorized into: </li></ul><ul><li>Technical support </li></ul><ul><li>Third person approach </li></ul><ul><li>Dumpster Diving </li></ul><ul><li>Shoulder Surfing </li></ul>
    29. 41. Computer Based Social Engineering <ul><li>These can be divided into the following categories: </li></ul><ul><li>Mail attachments </li></ul><ul><li>Websites </li></ul><ul><li>Spam Mail </li></ul>
    30. 42. Reverse Social Engineering <ul><li>More advanced method of gaining illicit information is known as “reverse social engineering”. </li></ul><ul><li>This is when the hacker creates a persona that appears to be in a position of authority so that employees will ask him for information, rather than the other way around. </li></ul>
    31. 43. Hacking Web Servers <ul><li>Popular web servers </li></ul><ul><li>Apache web server </li></ul><ul><li>IIS Web server </li></ul><ul><li>Sun ONE web server </li></ul>
    32. 44. Invading PHP server <ul><li>Sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible . This tutorial is applicable on PHP4.4 machines with Apache running in parallel with them. </li></ul>
    33. 45. Steps for web hacking <ul><li>1. Search the server </li></ul><ul><li>Make a Google dork to find sites running Apache and PHP4.4 . </li></ul><ul><li>2. Scan the server </li></ul><ul><li>Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open, then you have almost got it. Most websites running </li></ul>
    34. 46. PHP4.4 have this port for admin login. Now just login using port 2000 And you will be comfortably login into admin Page like this-
    35. 48. 3.Hack the site Now in the fields, you have to type- Username – admin Password – a’ or 1=1 or ‘b Domain - a’ or 1=1 or ‘b And press go , you will login into admin.
    36. 51. Now you have hacked into admin. Actually sites based on PHP4.4 have the vulnerability in them that they are vulnerable to SQL injection. It will Literally take 20 seconds.
    37. 52. Thanks For your time 