ON T Ethical Hacking TI A AU ERC K C ORKHA W 1 Intelligent Quotient System Pvt. Ltd.
Introduction to Ethical Hacking Ethical hackers Employed by companies to perform penetration tests Penetration test Legal attempt to break into a company’s network to find its weakest link Tester only reports findings Security test More than an attempt to break in; also includes analyzing company’s security policy and procedures Tester offers solutions to secure or protect the network 2
What is Hacking? Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works. Hacking is the act of gaining access without legal authorization to a computer or computer network or network resources. 3
Who is an Hacker? Hackers are actually computer enthusiasts who know a lot about computers and computer networks and use this knowledge with a criminal intent. Hacker: is person who uses his hacking skills and tool sets for destructive or offensive purposes such as disseminating viruses or performing DoS attacks to compromise or bring down systems and networks. Hackers are sometimes paid to damage corporate reputations or steal or reveal credit-card information 4
What is Ethical Hacking? Ethical hacking is the use of hacking knowledge to attempt to enter a network to find its loopholes and back doors. It is often referred to as ‘legalized hacking’ and yes it is indeed legal and can even reap a lot of profits for highly skilled individuals.
Who is Ethical Hacker?■ Ethical hackers typically have very strongprogramming and computer networking skill■ Ethical hackers who stay a step ahead ofmalicious hackers must be computer systemsexperts who are very knowledgeable aboutComputer programming, Networking andoperating systems. 6
Roll of Hacker Ethical hackers are motivated by different reasons, but their purpose is usually the same as that of crackers: Find out the frequent weaknesses in the security of target systems. They’re trying to determine what an intruder can see on a targeted network or system, and what the hacker can do with that information. This process of testing the security of a system or network is known as a penetration test. 7 Intelligent Quotient System Pvt. Ltd.
Roll of Hacker Hackers Access computer system or network without authorization Breaks the law; can go to prison Crackers Break into systems to steal or destroy data U.S. Department of Justice calls both hackers Ethical hacker Performs most of the same activities but with owner’s permission 8
Why perform an ethical hack? To determine flaws and vulnerabilities To provide a quantitative metric for evaluating systems and networks To measure against pre-established baselines To determine risk to the organization To design mitigating controls 9 Intelligent Quotient System Pvt. Ltd.
Skills Required Becoming an Ethical Hacker Criminal mindset Thorough knowledge about Computer programming, Networking and operating systems. highly targeted platforms (such as Windows, Unix, and Linux), etc. Patience, persistence, and immense perseverance 10 Intelligent Quotient System Pvt. Ltd.
Levels in Ethical Hacking 11 Intelligent Quotient System Pvt. Ltd.
Ethical Hacking Steps 12 Intelligent Quotient System Pvt. Ltd.
Footprinting Definition: the gathering of information about a potential system or network. Attacker’s point of view Identify potential target systems Identify which types of attacks may be useful on target systems Defender’s point of view Know available tools Vulnerability analysis: know what information you’re giving away, what weaknesses you have. 13 Intelligent Quotient System Pvt. Ltd.
Footprinting Gathering information of target information Internet Domain name, network blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes Intranet Protocols (IP,NETBIOS), internal domain names, etc Remote access Phone numbers, remote control, telnet, authentication Extranet Connection origination, destination, type, access control 14 Intelligent Quotient System Pvt. Ltd.
Scanning After obtaining a list of network and IP addresses scanning starts: ping sweeps (active machines): user pinger in Windows and nmap in Linux/UNIX. This is an example of pinger. TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged. In Windows NT use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools. 15 Intelligent Quotient System Pvt. Ltd.
More in Scanning OS detection (stack fingerprinting): probe the TCP/IP stack, because it varies with OSs. Requires at least one listening port to make determination. why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server. OS detection (passive signatures): monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool. Once the OS is identified enumeration can take place. 16 Intelligent Quotient System Pvt. Ltd.
Types of Scanning Scanning Type PurposePort scanning Determines open ports and servicesNetwork scanning IP addressesVulnerability scanning Presence of known weaknesses
Scanning Methodology Check for Live System Check for Open Ports Service Identification Banner Grabbing / OS Fingerprinting
Enumeration Enumeration occurs after scanning and is the process of gathering and compiling usernames, machine names, network resources, shares, and services. It also refers to actively querying or connecting to a target system to acquire this information.
Enumeration Steps Hackers need to be methodical in their approach to hacking. The following steps are an example of those a hacker might perform in preparation for hacking a target system: 1. Extract usernames using enumeration. 2. Gather information about the host using null sessions. 3. Perform Windows enumeration using the Superscan tool. 4. Acquire the user accounts using the tool GetAcct. 5. Perform SNMP port scanning.
SQL injection SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
SQL injection During a SQL injection attack, malicious code is inserted into a web form field or the website’s code to make a system execute a command shell or other arbitrary commands. Just as a legitimate user enters queries and additions to the SQL database via a web form, the hacker can insert commands to the SQL server through the same web form field.
Wireless Hacking Techniques Cracking encryption and authentication mechanism Eavesdropping or sniffing Denial of Service AP masquerading or spoofing MAC spoofing
Securing Your Wireless Network Use Strong Encryption Protocol Don’t Announce Yourself-Disable SSID Change Default Administrator Passwords and Usernames Limit Access To Your Access Point Do Not Auto-Connect to Open Wi-Fi Networks Assign Static IP Addresses to Devices Enable Firewalls On Each Computer and the Router Position the Router or Access Point Safe