Course on Ehtical Hacking - Introduction

22,151 views

Published on

Introduction to Ethical Hacking by Bharat Thakkar

Published in: Technology, News & Politics
52 Comments
96 Likes
Statistics
Notes
  • i want study about hacking and i want to be a hacker can anyone please teach about hacking and how to hack fb account syedhimmad7864@gmail.com this my gmail can anyone help me plz its urgent for me
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you need to hack into any database, delete record, improve credit score, spy on whatsapp, text, phone, emails, as long as it's hack contact darkghostz101@gmail.com via Email :: darkghostz101@gmail.com he is great, you won't be disappointed, cheap and fast, he saved my relationships
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I have used darkghostz101@gmail.com quite a number of times and he has never disappointed me.He does all types of mobile hacks,get unrestricted and unnoticeable access to your partner/spouse, Facebook account,Email,Whatsapp.Text messages.Getting the job done is as simple as sending an email to darkghostz101@gmail.com stating what you..
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • My girlfriend is a big time cheat and I was able to confirm that through the help of cyberphoneways@gmail.com I contacted them to help me hack into my girlfriend social media (Facebook,call log,imessage.Gmail) and discovered she was SLEEPING WITH her so called best friend, now I am happy and single and ready to move on thanks to cyberphoneways@gmail.com who did the hacking job for me Contact cyberphoneways@gmail.com and tell them Miguel referred you to them Please you don't be worried they are quick and fast and reliable cause they have been tested and trusted.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • i was lost with no hope for my wife was cheating and had always got away with it because i did not know how or always too scared to pin anything on her. with the help a friend who recommended me to cyberhackanswers@gmail.com who help hack her phone, email, chat, sms and expose her for a cheater she is. I just want to say a big thank you to cyberhackanswers@gmail.com . am sure someone out there is looking for how to solve his relationship problems, you can also contact him for all sorts of hacking job..he is fast and reliable..tell him james kors reffered you..he would be willing to help
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
22,151
On SlideShare
0
From Embeds
0
Number of Embeds
78
Actions
Shares
0
Downloads
150
Comments
52
Likes
96
Embeds 0
No embeds

No notes for slide
  • In UK and Germany, Using or writing real hacking tools like Nessus, Metasploit, Hydra, Amap, John, other exploits are fairly telltale illegal Some people against this idea claim that “If you own a crow bar, a favored tool for breaking through locked doors, that’s fine. If you own a baseball bat, a wonderful tool which many put to use bashing in people’s skulls, that’s fine. Own a piece of software that can port scan, and you break the law.”
  • - Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. The individual who performs an act of hacktivism is said to be a hacktivist . A hacktivist uses the same tools and techniques as a hacker , but does so in order to disrupt services and bring attention to a political or social cause. For example, one might leave a highly visible message on the home page of a Web site that gets a lot of traffic or which embodies a point-of-view that is being opposed. Or one might launch a denial-of-service attack to disrupt traffic to a particular site. A recent demonstration of hacktivism followed the death of a Chinese airman when his jet fighter collided with a U.S. surveillance plane in April 2001. Chinese and American hacktivists from both countries hacked Web sites and used them as "blackboards" for their statements. Whether hacktivism is a crime may be debated. Opponents argue that hacktivism causes damage in a forum where there is already ample opportunity for nondisruptive free speech. Others insist that such an act is the equivalent of a protest and is therefore protected as a form of free speech.
  • Course on Ehtical Hacking - Introduction

    1. 1. Ethical Hacking By Bharat Thakkar
    2. 2. Old School Hackers: History of Hacking
    3. 3. Old School Hackers: History of Hacking <ul><li>PREHISTORY </li></ul><ul><ul><li>1960s: The Dawn of Hacking Original meaning of the word &quot;hack&quot; started at MIT; meant elegant, witty or inspired way of doing almost anything; hacks were programming shortcuts </li></ul></ul><ul><li>ELDER DAYS (1970-1979) </li></ul><ul><ul><li>1970s: Phone Phreaks and Cap'n Crunch: One phreak, John Draper (aka &quot;Cap'n Crunch&quot;), discovers a toy whistle inside Cap'n Crunch cereal gives 2600-hertz signal, and can access AT&T's long-distance switching system. </li></ul></ul>
    4. 4. Old School Hackers: History of Hacking <ul><ul><li>Draper builds a &quot;blue box&quot; used with whistle allows phreaks to make free calls. </li></ul></ul><ul><ul><li>Steve Wozniak and Steve Jobs, future founders of Apple Computer, make and sell blue boxes. THE GOLDEN AGE (1980-1991) </li></ul></ul><ul><li>1980: Hacker Message Boards and Groups </li></ul><ul><ul><li>Hacking groups form; such as Legion of Doom (US), Chaos Computer Club (Germany). </li></ul></ul><ul><ul><li>1983: Kids' Games Movie &quot;War Games&quot; introduces public to hacking. </li></ul></ul>
    5. 5. Old School Hackers: History of Hacking <ul><li>THE GREAT HACKER WAR </li></ul><ul><ul><li>Legion of Doom vs Masters of Deception; online warfare; jamming phone lines. </li></ul></ul><ul><ul><li>1984: Hacker 'Zines Hacker magazine 2600 publication; online 'zine Phrack. </li></ul></ul><ul><li>CRACKDOWN (1986-1994) </li></ul><ul><ul><li>1986: US Congress passes Computer Fraud and Abuse Act; crime to break into computer systems. </li></ul></ul><ul><ul><li>1988: The Morris Worm Robert T. Morris, Jr., launches self-replicating worm on ARPAnet. </li></ul></ul>
    6. 6. Old School Hackers: History of Hacking <ul><li>1989: The Germans , the KGB and Kevin Mitnick. </li></ul><ul><ul><li>German Hackers arrested for breaking into U.S. computers; sold information to Soviet KGB. </li></ul></ul><ul><ul><li>Hacker &quot;The Mentor“ arrested; publishes Hacker's Manifesto. </li></ul></ul><ul><ul><li>Kevin Mitnick convicted; first person convicted under law against gaining access to interstate network for criminal purposes. </li></ul></ul>
    7. 7. Old School Hackers: History of Hacking <ul><li>1993: Why Buy a Car When You Can Hack One? </li></ul><ul><ul><li>Radio station call-in contest; hacker-fugitive Kevin Poulsen and friends crack phone; they allegedly get two Porsches, $20,000 cash, vacation trips; Poulsen now a freelance journalist covering computer crime. </li></ul></ul><ul><ul><li>First Def Con hacking conference in Las Vegas </li></ul></ul><ul><li>ZERO TOLERANCE (1994-1998) </li></ul><ul><ul><li>1995: The Mitnick Takedown: Arrested again; charged with stealing 20,000 credit card numbers. </li></ul></ul>
    8. 8. Old School Hackers: History of Hacking <ul><ul><li>1995: Russian Hackers Siphon $10 million from Citibank; Vladimir Levin, leader. </li></ul></ul><ul><ul><li>Oct 1998 teenager hacks into Bell Atlantic phone system; disabled communication at airport disables runway lights. </li></ul></ul><ul><ul><li>1999 hackers attack Pentagon, MIT, FBI web sites. </li></ul></ul><ul><ul><li>1999: E-commerce company attacked; blackmail threats followed by 8 million credit card numbers stolen. (www.blackhat.info; www.h2k2.net; www.slais.ubc.ca/; www.sptimes.com; www.tlc.discovery.com) </li></ul></ul>
    9. 9. A Brief History of Hacking <ul><li>1980s </li></ul><ul><li>-Cyberspace coined </li></ul><ul><li>-414 arrested </li></ul><ul><li>-Two hacker groups formed </li></ul><ul><li>-2600 published </li></ul><ul><li>1990s </li></ul><ul><li>- National Crackdown on hackers </li></ul><ul><li>-Kevin Mitnick arrested </li></ul><ul><li>-Microsoft’s NT operating system pierced </li></ul>
    10. 10. A Brief History of Hacking <ul><li>2001 </li></ul><ul><ul><li>In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. </li></ul></ul><ul><li>2007 </li></ul><ul><ul><li>Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. </li></ul></ul>
    11. 11. Famous Hackers in History Ian Murphy Kevin Mitnick Johan Helsinguis Mark Abene Linus Torvalds Robert Morris
    12. 12. Ethical Hacking
    13. 13. Hackers are here. Where are you? <ul><li>The explosive growth of the Internet has brought many good things…As with most technological advances, there is also a dark side: criminal hackers. </li></ul><ul><li>The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: </li></ul><ul><li>HACKER noun. 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities…. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming. </li></ul>
    14. 14. What is Hacking ? <ul><li>Hacking refers to an array of activities which are done to intrude some one else’s personal information space so as to use it for malicious, unwanted purposes. </li></ul><ul><li>Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. </li></ul>
    15. 15. What is Cracking <ul><li>Cracking is almost the same as hacking because they both get into peoples servers and accounts illegally. </li></ul><ul><li>But a cracker destroys the information and software that they get into. </li></ul>
    16. 16. Misunderstanding Hacking <ul><li>Many people get mixed up between Hacking and Cracking because they don’t know what a cracker is or they think it is the same thing. </li></ul>
    17. 17. Why do People Hack or Crack <ul><li>People hack to Explore or Create new software. </li></ul><ul><li>But Crackers want to destroy things on the software. </li></ul>
    18. 18. What is a Hacker? <ul><li>Old School Hackers: 1960s style Stanford or MIT hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system. </li></ul><ul><li>Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems. </li></ul>
    19. 19. What is a Hacker? <ul><li>Professional Criminals or Crackers: Make a living by breaking into systems and selling the information. </li></ul><ul><li>Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. (www.tlc.discovery.com) </li></ul>
    20. 20. Hacker and Ethical hacker <ul><li>Hackers </li></ul><ul><ul><li>Access computer system or network without authorization </li></ul></ul><ul><ul><li>Breaks the law; can go to prison </li></ul></ul><ul><li>Ethical hacker </li></ul><ul><ul><li>Performs most of the same activities but with owner’s permission </li></ul></ul><ul><ul><li>Employed by companies to perform penetration tests </li></ul></ul>
    21. 21. HACKER DEFINITIONS <ul><li>A Hacker is someone who has achieved some level of expertise with computers. </li></ul><ul><li>A Cracker is someone who breaks into systems without permission. </li></ul><ul><li>A Script Kiddie is someone who uses scripts or programs from someone else to do his/her cracking. </li></ul><ul><ul><li>Other terms are leech , warez puppy, warez d00d, lamer and rodent. </li></ul></ul><ul><li>A Phreaker is a hacker who specializes in telephone systems. </li></ul><ul><li>A White Hat is someone who professes to be strictly a good guy. </li></ul><ul><li>A Black Hat is someone who is viewed as a bad guy. </li></ul><ul><li>A Grey Hat is someone who falls in between White and black </li></ul>
    22. 22. What is Ethical Hacking? <ul><li>Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.” </li></ul><ul><li>With the growth of the Internet, computer security has become a major concern for businesses and governments. </li></ul>
    23. 23. What is Ethical Hacking? <ul><li>In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. </li></ul>
    24. 24. Who are Ethical Hackers? <ul><li>“One of the best ways to evaluate the intruder threat is to have an independent computer security professionals attempt to break their computer systems” </li></ul><ul><li>Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. </li></ul>
    25. 25. Who are Ethical Hackers? <ul><li>Ethical hackers typically have very strong programming and computer networking skills. </li></ul><ul><li>They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows) used on target systems. </li></ul><ul><li>These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. </li></ul>
    26. 26. What do Ethical Hackers do? <ul><li>An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions: </li></ul><ul><ul><li>What can an intruder see on the target systems? </li></ul></ul><ul><ul><li>What can an intruder do with that information? </li></ul></ul><ul><ul><li>Does anyone at the target notice the intruder’s at tempts or successes? </li></ul></ul><ul><ul><li>What are you trying to protect? </li></ul></ul><ul><ul><li>What are you trying to protect against? </li></ul></ul><ul><ul><li>How much time, effort, and money are you willing to expend to obtain adequate protection? </li></ul></ul>
    27. 27. What you can do legally as an ethical hacker
    28. 28. What You Can Do Legally <ul><li>As an ethical hacker, be aware of what is allowed and what is not allowed </li></ul><ul><ul><li>Laws involving technology change as rapidly as technology itself </li></ul></ul><ul><ul><li>Find what is legal for you locally </li></ul></ul><ul><ul><ul><li>Laws change from place to place </li></ul></ul></ul><ul><li>Some hacking Tools on your computer might be illegal to possess </li></ul><ul><ul><li>Contact local law enforcement agencies before installing hacking tools </li></ul></ul>
    29. 29. Is Port Scanning Legal? <ul><li>Government does not see it as a violation </li></ul><ul><ul><li>it is legal </li></ul></ul><ul><ul><ul><li>As noninvasive or nondestructive in nature </li></ul></ul></ul><ul><ul><ul><li>Not always the case </li></ul></ul></ul><ul><li>Read your ISP’s “Acceptable Use Policy” </li></ul>
    30. 30. Laws <ul><li>Computer crime laws are getting more specific </li></ul><ul><ul><li>Cover cybercrimes and intellectual property issues </li></ul></ul><ul><li>Computer Hacking and Intellectual Property (CHIP) </li></ul><ul><ul><li>New government branch to address cybercrimes and intellectual property issues </li></ul></ul>
    31. 31. IT Act, 2000 <ul><li>Enacted on 17 th May 2000- India is 12th nation in the world to adopt cyber laws </li></ul><ul><li>IT Act is based on Model law on e-commerce adopted by UNCITRAL </li></ul>
    32. 32. Objectives of the IT Act <ul><li>To provide legal recognition for transactions:- </li></ul><ul><li>Carried out by means of electronic data interchange, and other means of electronic communication, commonly referred to as &quot;electronic commerce“ </li></ul><ul><li>To facilitate electronic filing of documents with Government agencies and E-Payments </li></ul><ul><li>To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934 </li></ul>
    33. 33. Extent of application <ul><li>Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality , if such act involves a computer, computer system or network located in India </li></ul>
    34. 34. Cybercrime provisions under IT Act,2000 Offences & Relevant Sections under IT Act Tampering with Computer source documents Sec.65 Hacking with Computer systems, Data alteration Sec.66 Publishing obscene information Sec.67 Un-authorized access to protected system Sec.70 Breach of Confidentiality and Privacy Sec.72 Publishing false digital signature certificates Sec.73
    35. 35. TYPES OF CYBER CRIMES <ul><li>Cyber terrorism </li></ul><ul><li>Cyber pornography </li></ul><ul><li>Defamation </li></ul><ul><li>Cyber stalking (section 509 IPC) </li></ul><ul><li>Sale of illegal articles-narcotics, weapons, wildlife </li></ul><ul><li>Online gambling </li></ul><ul><li>Intellectual Property crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code </li></ul><ul><li>Email spoofing </li></ul><ul><li>Forgery </li></ul><ul><li>Phising </li></ul><ul><li>Credit card frauds </li></ul>Crime against property Crime against Government Crime against persons
    36. 36. What you cannot do as an ethical hacker
    37. 37. What You Cannot Do Legally <ul><li>Accessing a computer without permission is illegal </li></ul><ul><li>Other illegal actions </li></ul><ul><ul><li>Installing worms or viruses </li></ul></ul><ul><ul><li>Denial of Service attacks </li></ul></ul><ul><ul><li>Denying users access to network resources </li></ul></ul>
    38. 38. What You Cannot Do Legally <ul><li>As an independent contractor (ethical hacker), using a contract is just good business </li></ul><ul><ul><li>Contracts may be useful in court </li></ul></ul><ul><ul><li>Internet can also be a useful resource </li></ul></ul><ul><ul><li>Have an attorney read over your contract before sending or signing it </li></ul></ul>
    39. 39. Learning Competencies
    40. 40. Required Skills of an Ethical Hacker <ul><li>Routers: knowledge of routers, routing protocols, and access control lists </li></ul><ul><li>Microsoft: skills in operation, configuration and management. </li></ul><ul><li>Linux: knowledge of Linux/Unix; security setting, configuration, and services. </li></ul>(Source: http://www.examcram.com )
    41. 41. Required Skills of an Ethical Hacker <ul><li>Firewalls: configurations, and operation of intrusion detection systems. </li></ul><ul><li>Mainframes </li></ul><ul><li>Network Protocols: TCP/IP; how they function and can be manipulated. </li></ul><ul><li>Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team. </li></ul>(Source: http://www.examcram.com )
    42. 42. Modes of Ethical Hacking By Bharat Thakkar
    43. 43. Modes of Ethical Hacking <ul><li>Insider attack </li></ul><ul><li>Outsider attack </li></ul><ul><li>Stolen equipment attack </li></ul><ul><li>Physical entry </li></ul><ul><li>Bypassed authentication attack (wireless access points) </li></ul><ul><li>Social engineering attack </li></ul>(Source: http://www.examcram.com )
    44. 44. Anatomy of an Attack <ul><li>Reconnaissance – attacker gathers information; can include social engineering. </li></ul><ul><li>Scanning – searches for open ports (port scan) probes target for vulnerabilities. </li></ul><ul><li>Gaining access – attacker exploits vulnerabilities to get inside system; used for spoofing IP. </li></ul>
    45. 45. Anatomy of an Attack <ul><li>Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in. </li></ul><ul><li>Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized. </li></ul>
    46. 46. Classes of Hackers <ul><li>Black hats – highly skilled, malicious, destructive “crackers” </li></ul><ul><li>White hats – skills used for defensive security analysts </li></ul><ul><li>Gray hats – offensively and defensively; will hack for different reasons, depends on situation. </li></ul>
    47. 47. Hactivism
    48. 48. Hactivism <ul><li>Hacktivism is the writing of code , or otherwise manipulating bits, to promote political ideology. Taking Lessig's message to heart, hacktivism believes that proper use of code will have leveraged effects similar to regular activism (or civil disobedience ). Fewer people can write code, but code affects more people. </li></ul><ul><li>Hacking for social and political cause. </li></ul>
    49. 49. Hactivism <ul><li>The Internet has altered the landscape of political discourse and advocacy since the 1990s, particularly for those wishing to have a more universal means of influencing national and foreign policies. With the Internet’s availability to mainstream society came a growth in the political fever among both the White Hats and the Black Hats'—a fever known as “hacker activism” or “hacktivism.” </li></ul>
    50. 50. Hactivism <ul><li>Those who engage in hacktivism are known as the hacktivists—individuals pairing their needs for activism with their hacking skills to advance free speech worldwide—if they are White Hats—or to carry off some political mission that may have damaging effects to the Websites targeted—if they are Black Hats. </li></ul>
    51. 51. Hactivism <ul><li>The operations commonly used in hacktivism include browsing the Web for information; constructing Websites and posting information on them; transmitting electronic publications and letters through email; and using the Internet to discuss issues, form coalitions, and plan and coordinate activities. </li></ul>
    52. 52. HACKER MOTIVATION <ul><ul><li>Psychological Need/Recognition. </li></ul></ul><ul><ul><li>Desire to Learn/Curiosity. </li></ul></ul><ul><ul><li>Revenge/Maliciousness. </li></ul></ul><ul><ul><li>Experimentation. </li></ul></ul><ul><ul><li>Gang Mentality. </li></ul></ul><ul><ul><li>Misguided trust in other individuals. </li></ul></ul><ul><ul><li>Altruistic reasons. </li></ul></ul><ul><ul><li>Self-gratification. </li></ul></ul><ul><ul><li>Desire to Embarrass. </li></ul></ul><ul><ul><li>Joyriding. </li></ul></ul><ul><ul><li>Scorekeeping. </li></ul></ul><ul><ul><li>Espionage. </li></ul></ul><ul><ul><li>Cyber-Warrior </li></ul></ul>
    53. 53. TYPICAL HACKER ATTACKS <ul><ul><li>Insider Attack. </li></ul></ul><ul><ul><li>Social Engineering. </li></ul></ul><ul><ul><li>Virus Infiltration. </li></ul></ul><ul><ul><li>Denial of Service. </li></ul></ul><ul><ul><li>Software Bug. </li></ul></ul><ul><ul><li>Password Infiltration. </li></ul></ul><ul><ul><li>Lack of Security Infiltration. </li></ul></ul><ul><ul><li>IP Spoofing. </li></ul></ul><ul><ul><li>Trojan Horse. </li></ul></ul><ul><ul><li>Stealth Infiltration. </li></ul></ul><ul><ul><li>Brute Force. </li></ul></ul><ul><ul><li>TCP/IP Protocol Flaw. </li></ul></ul><ul><ul><li>Worms and viruses </li></ul></ul>
    54. 54. Some Statistics <ul><li>49% are inside employees or contractors on the internal network. </li></ul><ul><li>17% come from dial-up from inside employees. </li></ul><ul><li>34% are from the Internet. </li></ul><ul><li>The major financial loss is internal hacking. </li></ul>
    55. 55. How to Become a Hacker
    56. 56. How to Become a Hacker <ul><li>Looking for advice on learning to crack passwords, sabotage systems, mangle websites, write viruses, and plant Trojan horses? You came to the wrong place. </li></ul>
    57. 57. How to Become a Hacker <ul><li>Looking for advice on how to learn the guts and bowels of a system or network, get inside it, and become a real expert? Maybe I can help there. How you use this knowledge is up to you. I hope you'll use it to contribute to computer science and hacking (in its good sense), not to become a cracker or vandal. </li></ul>
    58. 58. Be Curious <ul><li>Take things apart. Look under the hood. Dig through your system directories and see what's in there. View the files with hex editors. Look inside your computer. Wander around computer stores and look at what's there. </li></ul>
    59. 59. Read Everything in Sight <ul><li>If you can afford it, buy lots of books. If you can't, spend time in libraries and online. Borrow books from friends. Go through tutorials. Read the help files on your system. If you're using Unix/Linux, read the man files. Check out the local college bookstores and libraries. And as you're reading, try things. </li></ul>
    60. 60. Experiment <ul><li>Don't be afraid to change things, just to see what'll happen. Do this long enough, of course, and you'll wipe out your system (see next slide), but that's part of becoming a hacker. Try command options and switches you've never tried before. Look for option menus on programs and see what they can do. In Windows, tweak your registry and see what happens. Change settings in .INI files. In Unix, dig around in the directories where you don't normally go. On the Macintosh, play around in the system folder. </li></ul>
    61. 61. Make Backups <ul><li>If you start mucking around with system files, registries, password files, and such, you will eventually destroy your system. Have a backup ready. If you can afford it, have a system you use just for experimenting, ready to reload on a moment's notice, and do your serious work (or serious gaming!) on a different computer. </li></ul>
    62. 62. Don't Limit Yourself <ul><li>Who says a computer or network is the only place to hack? Take apart your telephone. Figure out your television (careful of the high voltage around the picture tube - if you fry yourself, it's not my fault) and VCR. Figure out how closed captioning works. Take apart your printer. </li></ul>
    63. 63. Don't Limit Yourself <ul><li>Take apart your printer. Pick up the latest issues of Nuts & Volts and Midnight Engineer (you've obviously made a good start if you're reading Blacklisted! 411 ). (Download it)Take apart the locks on your doors. Figure out how your radio works. Be insatiably curious and read voraciously. There are groups you can learn from. There are whole Web sites devoted to hacking TiVo units, for example. </li></ul>
    64. 64. Get Some Real Tools <ul><li>You can't cut a board in half with a screwdriver. Well, maybe you can, but it'll take a long time. Dig around and find the proper tools for the operating systems you're using. They're out there on the Web. You can get some pretty good stuff as shareware or freeware (especially on Linux). </li></ul>
    65. 65. Get Some Real Tools <ul><li>The serious power tools often cost serious money. What kinds of tools? Hex file editors. Snoopers that analyze system messages and network traffic. Compilers and APIs for programming. Scripting tools. Disk editors/formatters. Disassemblers. When you get good, write some of your own. </li></ul>
    66. 66. Learn to Program <ul><li>If you want to be a hacker, you're going to have to learn to program. The easiest way to start depends on the operating system you're using. The choice of language is very individual. It's almost a religious thing. Suggest a programming language to a beginner, and someone will disagree. </li></ul>
    67. 67. Learn to Program <ul><li>Heck, you'll probably get flamed for it in a newsgroup. In Unix, I'd suggest getting started with Perl. Buy a copy of the camel book ( Programming Perl ) and the llama book ( Learning Perl ). You'll have the fundamentals of programming really fast! The best part is that the language itself is free. </li></ul>
    68. 68. Learn to Program <ul><li>In Windows, you can get started quickly using a visual development environment like Visual Basic or Java. No matter what the system, if you want to get serious, you'll eventually need to learn C (or C++ or C# or some other variant). Real hackers know more than one programming language, anyway, because no one language is right for every task. </li></ul>
    69. 69. Learn to Type <ul><li>Hackers spend a lot of time at their keyboards. HackingWiz (of hackers.com and Hacker's Haven BBS fame) says he can type 140+ wpm. The typing tutor may be boring, but it pays off. </li></ul>
    70. 70. Use Real Operating Systems <ul><li>Windows 95/98/Me is a shell on top of a 32-bit patch to a 16-bit DOS. Get some real operating systems (Linux, Windows NT, Mac OS, OS/2...) and learn them. You can't call yourself a linguist if you only know one language, and you certainly can't call yourself a hacker if you only know one OS. Linux is a hacker's dream. All the source code is freely available. Play with it, analyze it, learn it. Eventually, perhaps you can make a contribution to Linux yourself. Who knows, you might even have a chance to write your own OS. </li></ul>
    71. 71. Talk to People <ul><li>It's hard to learn in a vacuum. Take classes. Join users groups or computer clubs. Talk to people on IRC or newsgroups or Web boards until you find people to learn with. That can take a while. Every third message on newsgroups like alt.hack* is &quot;teach me to hack.&quot; Sigh. The best way to be accepted in any group is to contribute something. Share what you learn, and others will share with you. </li></ul>
    72. 72. Do Some Projects <ul><li>It's important to pick some projects and work until you've finished them. Learning comes from doing, and you must follow the project through start to finish to really understand it. Start really simple. Make an icon. Customize your system (the startup screen on Win95, or the prompt on Unix). Make a script that performs some common operation. Write a program that manipulates a file (try encrypting something). </li></ul>
    73. 73. Learn to Really Use the Internet <ul><li>Start with the Web. Read the help for the search engines. Learn how to use Boolean searches. Build up an awesome set of bookmarks. Then move on to other Internet resources. Get on Usenet. Find some underground BBSs. Get on IRC. You'll find useful information in the strangest places. Get to the point where you can answer your own questions. It's a whole lot faster than plastering them all over various newsgroups and waiting for a serious answer. </li></ul>
    74. 74. Learn to Really Use the Internet <ul><li>Once you've gone through these steps, go out and contribute something. The Internet was built by hackers. Linux was built by hackers. Usenet was built by hackers. Sendmail was built by hackers. Be one of the hackers that builds something. </li></ul>
    75. 75. Ethical Hacking How TO By Bharat Thakkar
    76. 76. How To <ul><li>Footprinting and Reconnaissance </li></ul><ul><li>Scanning and Enumeration </li></ul><ul><li>System Hacking </li></ul><ul><li>Trojans and Backdoors </li></ul><ul><li>Sniffers </li></ul><ul><li>Social Engineering </li></ul>
    77. 77. Hacking Tools: Footprinting and Reconnaissance
    78. 78. What is FootPrinting <ul><li>Footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. Footprinting can reveal system vulnerabilities and improve the ease with which they can be exploited </li></ul>
    79. 79. What is FootPrinting <ul><li>Footprinting begins by determining the location and objective of an intrusion. Once this is known, specific information about the organization is gathered using non-intrusive methods. For example, the organization's own Web page may provide a personnel directory or employee bios, which may prove useful if the hacker needs to use social engineering to reach the objective. Conducting a whois query on the Web provides the domain names and associated networks related to a specific organization. </li></ul>
    80. 80. What is FootPrinting <ul><li>Other information obtained may include learning the Internet technologies being used; the operating system and hardware being used; IP addresses; e-mail addresses and phone numbers; and policies and procedures. </li></ul>
    81. 81. Whois
    82. 82. Sam Spade
    83. 83. Nslookup
    84. 84. Traceroute
    85. 85. Hacking Tools: Scanning and Enumeration
    86. 86. Scanning and Enumeration <ul><li>Network Enumeration is the process of identifying domain names and associated networks. The process is performing various queries on the many whois databases found on the internet. The result is the hacker now having the information needed to attack the system they are learning about. Companie's domain names are listed with registrars, and the hacker would simply query the registrar to obtain the information they are looking for. The hacker simply needs to know which registrar the company is listed with. There are five types of queries which are as follows: </li></ul>
    87. 87. Scanning and Enumeration <ul><li>Registrar Query: This query gives information on potential domains matching the target. </li></ul><ul><li>Organizational Query: This is searching a specific registrar to obtain all instances of the target's name. The results show many different domains associated with the company. </li></ul>
    88. 88. Scanning and Enumeration <ul><li>Domain Query: A domain query is based off of results found in an organizational query. Using a domain query, you could find the company's address, domain name, administrator and his/her phone number, and the system's domain servers. The administrative contact could be very useful to a hacker as it provides a purpose for a war dialer. This is also where social engineering comes into play. But that's a talk for another time. Many administrators now post false phone numbers to protect themselves from this. </li></ul>
    89. 89. Scanning and Enumeration <ul><li>Network Query: The fourth method one could use the American Registry for Internet Numbers is to discover certain blocks owned by a company. It's good to use a broad search here, as well as in the registrar query. </li></ul><ul><li>POC Query: This query finds the many IP addresses a machine may have. </li></ul>
    90. 90. nmap
    91. 91. NMapWin
    92. 92. SuperScan
    93. 93. IP Scanner
    94. 94. Hyena
    95. 95. Retina
    96. 96. Hacking Tools: System Hacking
    97. 97. System Hacking <ul><li>Hacking operating systems (OSs) is a preferred method of the bad guys. OSs comprise a large portion of hacker attacks simply because every computer has one and so many well-known exploits can be used against them. </li></ul>
    98. 98. System Hacking <ul><li>Occasionally, some operating systems that are more secure out of the box — such as Novell NetWare and the flavors of BSD UNIX — are attacked, and vulnerabilities turn up. But hackers prefer attacking operating systems like Windows and Linux because they are widely used and better known for their vulnerabilities. </li></ul>
    99. 99. System Hacking <ul><li>Here are some examples of attacks on operating systems: </li></ul><ul><ul><li>Exploiting specific protocol implementations </li></ul></ul><ul><ul><li>Attacking built-in authentication systems </li></ul></ul><ul><ul><li>Breaking file-system security </li></ul></ul><ul><ul><li>Cracking passwords and encryption mechanisms </li></ul></ul>
    100. 100. telnet
    101. 101. Snadboy
    102. 102. Password Cracking with LOphtcrack
    103. 103. Keylogger
    104. 104. Hacking Tools: Trojans and Backdoors
    105. 105. Trojans and Backdoors <ul><li>Malicious software packages exist on the Internet that attempt to gain complete control over computer systems. These programs, sometimes called Remote Access Trojans (RAT) or Backdoor Software (named as the software opens a &quot;back door&quot; on your computer in which it can tell your machine what to do), are sometimes attached to Trojan Horses, viruses, worms, and spyware exploits. If your system is infected, there is virtually no limit to what these programs can do: </li></ul>
    106. 106. NetBus
    107. 107. Game Creates Backdoor for NetBus
    108. 108. SubSeven
    109. 109. Hacking Tools: Sniffers
    110. 110. Sniffers <ul><li>A program to capture data across a computer network. Used by hackers to capture user id names and passwords. Software tool that audits and identifies network traffic packets. Is also used legitimately by network operations and maintenance personnel to troubleshoot network problems. </li></ul><ul><li>is a software program that is installed to monitor network traffic. Sniffers typically correct a certain number of characters at the beginning of ... </li></ul><ul><li>Software that monitor activities over the network (private or public). </li></ul>
    111. 111. Spoofing a MAC address Original Configuration
    112. 112. Spoofed Mac
    113. 113. Ethereal
    114. 114. Iris
    115. 115. Snort
    116. 116. Hacking Tools: Web Based Password Cracking
    117. 117. Cain and Abel
    118. 118. Cain and Abel (Cont.)
    119. 119. Legion
    120. 120. Brutus
    121. 121. Hacking Tools: Covering Tracks
    122. 122. ImageHide
    123. 123. ClearLogs
    124. 124. Hacking Tools: Google Hacking and SQL Injection
    125. 125. Google Hacking
    126. 126. Google Cheat Sheet
    127. 127. SQL Injection <ul><li>Allows a remote attacker to execute arbitrary database commands </li></ul><ul><li>Relies on poorly formed database queries and insufficient input validation </li></ul><ul><li>Often facilitated, but does not rely on unhandled exceptions and ODBC error messages </li></ul><ul><li>Impact: MASSIVE. This is one of the most dangerous vulnerabilities on the web. </li></ul>
    128. 128. Common Database Query
    129. 129. Problem: Unvalidated Input
    130. 130. Piggybacking Queries with UNION
    131. 131. Phreaking
    132. 132. What is Phreaking <ul><li>Phreaking is basically hacking with a telephone. Using different &quot;boxes&quot; and &quot;tricks&quot; to manipulate the phone companies and their phones, you gain many things, two of which are: knowledge about telephones and how they work, and free local and long distance phone calls. </li></ul>
    133. 133. Why Phreak <ul><li>Phreaking, like hacking, is used to gather information about telephones, telephone companies, and how they work. There are other benefits as well. As stated above, you also get free phone calls. But, these are used mainly to gather more information about the phones, and to allow us free access to all information. </li></ul>
    134. 134. Boxes and what they do <ul><li>Red Box generates tones for free phone calls </li></ul><ul><li>Black Box when called, caller pays nothing </li></ul><ul><li>Beige Box lineman's handset </li></ul><ul><li>Green Box generates coin return tones </li></ul><ul><li>Cheese Box turns your phone into a payphone </li></ul><ul><li>Acrylic Box steal 3-way calling and other services </li></ul><ul><li>Aqua Box stops F.B.I. lock-in-trace </li></ul><ul><li>Blast Box phone microphone amplifier </li></ul><ul><li>Blotto Box shorts out all phones in your area </li></ul><ul><li>Blue Box generates 2600hz tone </li></ul><ul><li>Brown Box creates party line </li></ul><ul><li>Bud Box tap neighbors phone </li></ul><ul><li>Chatreuse Box use electricity from phone </li></ul>
    135. 135. Boxes and what they do <ul><li>Chrome Box manipulates traffic signals </li></ul><ul><li>Clear Box free calls </li></ul><ul><li>Color Box phone conversation recorder </li></ul><ul><li>Copper Box causes crosstalk interference </li></ul><ul><li>Crimson Box hold button </li></ul><ul><li>Dark Box re-route calls </li></ul><ul><li>Dayglo Box connect to neighbors phone line </li></ul><ul><li>Divertor Box re-route calls </li></ul><ul><li>DLOC Box create party line </li></ul><ul><li>Gold Box dialout router </li></ul><ul><li>Infinity Box remote activated phone tap </li></ul><ul><li>Jack Box touch-tone key pad </li></ul><ul><li>Light Box in-use light </li></ul>
    136. 136. Boxes and what they do <ul><li>Lunch Box AM transmitter </li></ul><ul><li>Magenta Box connect remote phone line to another </li></ul><ul><li>Mauve Box phone tap without cutting into the line </li></ul><ul><li>Neon Box external microphone </li></ul><ul><li>Noise Box creates line noise </li></ul><ul><li>Olive Box external ringer </li></ul><ul><li>Party Box creates party line </li></ul><ul><li>Pearl Box tone generator </li></ul><ul><li>Pink Box creates party line </li></ul><ul><li>Purple Box hold button </li></ul><ul><li>Rainbow Box kill trace </li></ul><ul><li>Razz Box tap neighbors phone </li></ul>
    137. 137. Boxes and what they do <ul><li>Rock Box add music to phone line </li></ul><ul><li>Scarlet Box causes interference </li></ul><ul><li>Silver Box create DTMF tones for A,B,C, and D </li></ul><ul><li>Static Box raises voltage on phone line </li></ul><ul><li>Switch Box add services </li></ul><ul><li>Tan Box phone conversation recorder </li></ul><ul><li>TV Cable Box see sound waves on TV </li></ul><ul><li>Urine Box create disturbance on phone headset </li></ul><ul><li>Violet Box stop payphone from hanging up </li></ul><ul><li>White Box DTMF key pad </li></ul><ul><li>Yellow Box add line extension </li></ul>
    138. 138. Hacker Challenge Websites
    139. 139. hackr http://www.hackr.org/mainpage.php
    140. 140. Hackthissite.org http://www.hackthissite.org
    141. 141. Hackits http://www.hackits.de/challenge/
    142. 142. Additional Web Sites
    143. 143. Legion of Ethical Hacking
    144. 144. Hacker Highschool http://www.hackerhighschool.org/
    145. 145. johnny.ihackstuff.com/
    146. 146. HappyHacker.org
    147. 147. Foundstone
    148. 148. Insecure.org
    149. 149. Thankyou Bharat Thakkar Email : bharatthakkar61@gmail.com Cell : +91-93769 22853 Cell : +91-90169 86926

    ×