The document discusses different types of hackers and hacking techniques. It describes script kiddies, professional criminals, virus writers and their motives. It then explains various web application hacks like file query, SQL injection, and cross-site scripting. The document also discusses ethical hacking and how organizations use ethical hackers to evaluate security vulnerabilities by attempting to break into systems. Ethical hackers possess strong programming and networking skills along with knowledge of operating systems, hardware, protocols and project management. Their evaluations seek to determine what an attacker can access and how they may go undetected.

1. Submitted by: Md. Khaja Pasha

2.  Hacking is unauthorized use of
computer and network resources. (The
term "hacker" originally meant a very
gifted programmer. In recent years
though, with easier access to multiple
systems, it now has negative
implications.)

3.  Script Kiddies or Cyber-Punks: Between age 12-
30; bored in school; get caught due to bragging
online .
 Professional Criminals or Crackers: Make a
living by breaking into systems and selling the
information.
 Coders and Virus Writers: These have strong
programming background and write code but won’t
use it themselves; have their own networks called
“zoos”; leave it to others to release their code into
“The Wild” or Internet.

4.  A few examples of Web application hacks
 File Query
 Browser caching
 Cookie and URL hacks
 SQL Injection
 Cross-site Scripting (# 1 threat today!)

5.  A hacker tests for HTTP (80) or HTTPS (443)
 Does a “View Source” on HTML file to detect
directory hierarchy
 Can view sensitive information left by system
administrators or programmers
 Database passwords in /include files

6.  Be aware of differences between browsers!
 Pages with sensitive data should not be
cached: page content is easily accessed using
browser’s history

7.  Sensitive data in cookies and URLs?
 Issues that arise are:
 Information is stored on a local computer (as files or in
the browser’s history)
 Unencrypted data can be intercepted on the network
and/or logged into unprotected web log files

8.  SQL injection is a security vulnerability that
occurs in the database layer of an application.
Its source is the incorrect escaping of
dynamically-generated string literals embedded
in SQL statements.

9.  Malicious code can secretly gather sensitive
data from user while using authentic website
(login, password, cookie)

10.  Ethical hacking – defined “methodology
adopted by ethical hackers to discover the
harmed existing in information systems’ of
operating environments.”
 With the growth of the Internet, computer security has
become a major concern for businesses and
governments.
 In their search for a way to approach the problem,
organizations came to realize that one of the best ways
to evaluate the unwanted threat to their interests would
be to have independent computer security professionals
attempt to break into their computer systems.

11.  “One of the best ways to evaluate the intruder threat is to have an
independent computer security professionals attempt to break their
computer systems”
 Successful ethical hackers possess a variety of skills. First and foremost,
they must be completely trustworthy.
 Ethical hackers typically have very strong programming and computer
networking skills.
 They are also adept at installing and maintaining systems that use the more
popular operating systems (e.g., Linux or Windows 2000) used on target
systems.
 These base skills are detailed knowledge of the hardware and software
provided by the more popular computer and networking hardware vendors.

12.  An ethical hacker’s evaluation of a system’s security seeks
answers to these basic questions:
 What can an intruder see on the target systems?
 What can an intruder do with that information?
 Does anyone at the target notice the intruder’s at tempts or
successes?
 What are you trying to protect?
 What are you trying to protect against?
 How much time, effort, and money are you willing to expend
to obtain adequate protection?

13.  Routers: knowledge of routers, routing protocols, and access
control lists
 Microsoft: skills in operation, configuration and management.
 Linux: knowledge of Linux/Unix; security setting, configuration,
and services.
 Firewalls: configurations, and operation of intrusion detection
systems.
 Mainframes : knowledge of mainframes .
 Network Protocols: TCP/IP; how they function and can be
manipulated.
 Project Management: knowledge of leading, planning,
organizing, and controlling a penetration testing team.

14.  Hacker classes
 Black hats – highly skilled,
 malicious, destructive “crackers”
 White hats – skills used for
 defensive security analysts
 Gray hats – offensively and
 defensively; will hack for different
 reasons, depends on situation.
 Hactivism – hacking for social and political cause.
 Ethical hackers – determine what attackers can gain access
to, what they will do with the information, and can they be
detected.

15.  Simple User Password :-
simply boot the System and press
keyboard key “F8”. After this start the system in
safe made .And open the Control panel-->User
Accountchange or remove the password.

16. Any Questions???
Or
suggestions???