Seminar Report on “ ETHICAL – HACKING ” Submitted BY Mr : - “ Parag S. Kosarkar “ Semester / Section “ – 6 th A Roll No : - 41 23 FEB , 2012 - 13Department of Computer Technology PART TIME DEGREE PROGRAM YESHWANTRAO CHAVAN COLLEGE OF ENGINEERING, Nagpur (An Autonomous Institution Affiliated to Rashtrasant Tukadoji Maharaj Nagpur University)
INTRODUCTION : - Ethical hacking - also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments. Companies are worried about the possibility of being “hacked” and potential customers are worried about maintaining control of personal information. Necessity of computer security professionals to break into the systems of the organisation. Ethical hackers employ the same tools and techniques as the intruders. They neither damage the target systems nor steal information. The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.
FAMOUS HACKERS IN HISTORY : - KEVIN MITNICK IAN MURPHY JOHAN HELSINGUIS MARK ABENE ROBERT MORRIS LINUS TORVALDS
=Contents to be Explained : - SQL Injection Keylogging Tabnapping Phishing RAT – Remote Administration Tools or Trojans Cookie Stealing What Precautions can be done to Avoid being Hacked ?
Comman Phases of Hacking:- An ethical hacker follows processes similar to those of amalicious hacker. The steps to gain and maintain entry into acomputer system are similar no matter what the hacker’sintentions are. There are five phases that hackers generallyfollow in hacking a system. Phase 1 – Recognise System Phase 2 – Scanning Process Phase 3 - Gaining Access Phase 4 - Maintaining Access Phase 5 - Covering Tracks
What is Hacking ? Hacking refers to an array of activities which area done to intrude some one else’s Personal Information space so as to use it for malicious , unwanted purpose.What is Cracking ? Cracking is almost the same as hacking because they both get into the peoples server & accounts illegally. But a cracker destroys the information & software that it gets into, which can cause System Down.
Proffesional Criminals or Crackers : - Make a living by breaking into the systems and selling the information.Hacker & Ethical Hacker : - Hacker can Access computer system or network information without their permission. Breaks the LAWS , can go to Prison ! Ethical Hacker does the same but with the legal permission. Employed by companies to perform penetration tests. Quick – Heal Hires Hackers.
What you can do Legally ? As an Ethical hacker , be aware of what is allowed & what is not . Laws involving technologies are changing according to the Techology changes. Some hacking tools on your computer might be illegal to possess.IS PORT – Scanning Legal ? Government does not see to it as violation. It is Legal As noninvasive or non destructible in Nature. Mostly port 8080 , 80 & 443 are Open
What is SQL – INJECTION ?SQL – Injection is one of the popular web applicationhacking method using injection attack, an unauthorizedperson can access the Database of the website. Attackercan extract the data from Database.What hacker can do with the SQL injection attack ? ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example : * inurl:index.php?id= * inurl:galary.php?id=
Checking the Vulnerability : - Now lets us check the vulnerability of Target – Website to check the vulnerability add the (‘) at the end of the url and hit enter. Eg : - http://www.anywebsite.com/index.php?id=2’ If the page remains same or do not gives any message saying …“ Error 404 – page not foundthen its Ok ! ”
What is a Keylogger? A keylogger is a piece of malicious software, usuallycalled "spyware" or "malware," that records every keystroke youmake on a keyboard. Keyloggers can be installed without yourknowledge or consent when you visit a Web site or read an e-mail,install a program, or perform other activities. Once installed, thekeylogger records all your keystrokes, and then e-mails theinformation and other data to the computer hacker.
How Keyloggers are Constructed : The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor. This can be achieved using video surveillance : a hardware bug in the keyboard, wiring or the computer itself; intercepting input/output; substituting the keyboard driver; using a filter driver in the keyboard stack; intercepting kernel functions by any means possible (substituting addresses in system tables, splicing function code, etc.); intercepting DLL functions in user mode, and requesting information from the keyboard using standard documented methods. Keyloggers can be divided into two categories: keylogging devices and keylogging software. Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself. The keylogging software category is made up of dedicated programs designed to track and log keystrokes.
KEYLOGGER’S Can Be Spread Using : - MP3 music files E-mail attachments Clicking on deceptive pop–ups P2P networks AVI files (i.e., "YouTube" or other videos) A legitimate Web site link, picture, or story that was malfaced Downloaded games or any other PC tools or programs Faked malicious Web sites that impersonate popular sites (sites such as Google, eBay, Amazon, Yahoo, banks) or anti-virus programs
TABNAPPING ? From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs. All of the major browsers on Windows and Mac OS X are vulnerable to the attack.Because most people keep multipletabs open, often for long periods, andbecause they trust that the contentsand label of a tab are immutable,tabnapping could become the nextbig thing in identity theft.
What is PHISHING ? Suppose you check your e-mail one day and find a message from your bank. Youve gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you dont reply immediately. What do you do ? PHISHING, a method of online identity theft. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering. Most people associate phishing with e-mail messages that spoof , or mimic, banks , credit card companies or other business like Amazon and eBay .
Planning : - Phishers decide which business to target and determine how to get e- mail addresses for the customers of that business. They often use the same mass- mailing and address collection techniques as spammers. Setup : - Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addressesand a Web page. Attack :- This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source. Collection :- Phishers record the information victims enter into Web pages or popup windows. Since most people wont reveal their bank account, credit card number or password to just anyone, phishers have to take extra steps to trick their victims into giving up this information. This kind of deceptive attempt to get information is called “ Social - Engineering “ Phishers often use real company logos and copy legitimate e-mail messages, replacing the links with ones that direct the victim to a fraudulent page.
REMOTE ADMINISTRATION TOOLS – RAT‟s It provides an attacker with nearly unlimited access to host computer along with Screen Capture, File management, shell control and device drivers control. RAT is used to remotely connect and manage single or multiple computers. RATs uses reverse connections to connect remote system and hence are more likely to remain undetected. They can hide and Server or Master and Slave. A Trojan generally has two parts Clientaster. So a server side is installed on a remote host and the attacker manipulates it with client software. In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available.
Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate the user . For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies, Both are matched every time the user does any thing in his account. So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as “ Side - Jacking ”.The best thing about this is that we need not no the victims id or password all we need is the victims cookie.
How be “SAFE ” from Being HACKED … Always browse sites on a secure https connection.Facebook has setting for it. Always use good and reputed antivirus software.If possible use Internet Security Suites of those.To stay safe online too. Use FIREWALLS such as comodo , sygate , zone – alarm , sunbelt. Never save password on your pc or on internet café’s. Use a good password manager that secures your password lnline and logs in for you automatically. Eg. Lastpass Always clear all private and temp. data using a cleaner soft, to leave no traces and remove tracking cookies. Eg : ccleaner .
Some Steps in Social Networking which can make you SURF – SAFLY …In “ FACEBOOK & GMAIL ” Do following settings : Login in to your Account ; Goto settings their click on security tab > their edit > Click onto Browse Facebook on a secure connection (https) when possible. Also check on Login Notifications This makes whenever you Log In it will send you an message to your “ Number & Mail “ that your account is being logged in by some1 if U are not then take action on it with login details given.
REFRENCES : - Paragkosarkar.blogspot.com Desitech.tk Learnhackingathome.com Gprshub.com Indiahax.tk So… What You Wanna be ? HACKER or CRACKER Choice is Your „s !!!