VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
Ethical Hacking and Penetration Testing
1. Ethical Hacking
&
Penetration Testing
Center of Computer
Center of Computer Education and Training
Institute of Professional Studies
December 23,2014
By: Rishabh Upadhyay
Batch: BCA[2012-15]
Under the Guidence of
Prof. R.R.Tewa
2. Pen Test University of Allahabad Local Area Network.
Network Mapping: Locate Important Host and Services,
Firewall and Switches and Hubs.
Develop a Simple Network Scanner.
Demonstrate Some Attacks.
4. Penetration Testing
“The process of evaluating systems,
applications, and protocols with the intent
of identifying vulnerabilities usually from the
perspective of an unprivileged or
anonymous user to determine potential real
world impacts…”
9. Reconnaissance
Purpose:
Narrow down to Specific Target
and Technique
• Visiting Organisation Website
• Consulting Public Internet Registry
• Google Hacking
• Using Tools: Nikto ,Nessus,dig,
nslookup and lot more ..
10. Scanning
Purpose:
Look for Live Host , Firewall
Service Running ,Version
running
Types of Scan:
•
TCP connect Scan
•
SYN Scan
•
UDP Scan
Tools:
Nmap,Nessus ,tracert and lot more
11. Exploitation
Purpose:
To exploit the vulnerability and
to deploy payload on the remote
system
Tools:
Metasploit,Wireshark,Cain,Aircrack-ng,
Etherape,
14. Network Mapping
Why to Map network??
• Mapping Networks gives a better
understanding of underlying Internet and
network infrastructure.
• Network mapping makes testing ,evaluating
security of network easy and efficient.
15. Network Mapping
Network Mapped from SRK Hostel (172.16.233.7)
www.mail1.allduniv.ac.in
JK Web Server
www.allduniv.ac.in
www.proxy5.allduniv.ac.in
Cisco Managed Switched
SRK Hostel’s GateWay
Zonal Switch
CCE Gateway
16. Network Mapping
Network Mapped from EL Lab 1 (172.16.38.11)
www.mail1.allduniv.ac.in
www.proxy5.allduniv.ac.in www.allduniv.ac.in
www.ns2.allduniv.ac.in www.proxy2.allduniv.ac.in
JK Web Server
CCE Gateway
JK Institute Gateway
Fees Deposit Server (backups)
Gateway
Gateway
Gateway
17. Discoveries and
Findings …
Unprotected Switches and Routers
• UoA network has ample number unprotected
Switches and Gateways
• Login Credentials :
login:rwa
password:rwa
login:l2
password: l2
login: cisco
password:cisco
Refer Page 23 & 24 of the
Documentation for detailed
report
24. Discoveries and
Findings …
CCTV Cameras - Central Library
Refer Page 25 & 26 of the
Documentation for detailed
report
• UoA ‘s CCTV camera sends unencrypted over the network
• Weak Login Credentials :
login:admin
password: 1234
26. Discoveries and
Findings …
Refer Page 25 & 26 of the
Documentation for detailed
report
Footage of CCTV Cameras at Central Library
27. Discoveries and
Findings …
FTP Server running on 172.16.8.3
Refer Page 21 & 22 of the
Documentation for detailed
report
• Weak Login Credentials :
login:admin
password: auauau
28.
29. UoA Hacking
Incident
Cause of Phishing Site and Hacking Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
• File Size : 2.94 GB
• Blue print of entire site
• Has credentials of
phpMyAdmin,Joomla
CMS
• It is the server end code
of the site
40. Live Demonstration
Man in the Middle Attack:
Such type of attack are very easy to launch.
•In this type of attack the ,the attacker poisons
the ARP Table(Address Resolution Protocol)
•Hence, can divert all the traffic through its
System and can also alter the packets ,if he
wishes..
•Tools:
Etherape,
Driftnet
41. Live Demonstration
Man in the Middle Attack
***Caution****
1.The attack may or may not be successful
2.It may show some objectionable content
42. Simple Network
Scanner in C#
This simple network scanner scans the given work
group/domain for computers in Directory Services
The Developed Network Scanner take the limit of I P
addresses as Input and scans the entire domain and
outputs the Computer Name.
It uses the following Namespaces:
using System.Net;
using System.Net.Dns;
Methods:
Dns.GetHostByAddress();
45. Thank You !!
Center of ComputerCenter of Computer Education and Training
Institute of Professional Studies
December 23,2014
By: Rishabh Upadhyay
Batch: BCA[2012-15]