The document provides an overview of hacking, including a brief history from the 1960s to present. It discusses different types of hackers like white hat and black hat hackers. Common hacker techniques are described such as footprinting, scanning, gaining access, and covering tracks. The document also outlines methods for anti-hacking like keeping systems updated, using antivirus software, and enabling firewalls.

1. HACKING
Don’t Learn to Hack – Hack to Learn
S.K.Ahsan
1

2. 2

3. IN THE NAME OF
THE MOST MERCIFUL THE
BENEFICENT !
3

4. S.K.Ahsan
4

5.  What is Hacking ?
 Brief History
 Who is a Hacker ?
 Types of Hacker
 What do Hackers do?
 Hacker’s Techniques & Attacks
 Anti-Hacking
 Demo Of Hacking
S.K.Ahsan 5

6. What is “ ” ?
Hacking is not limited to computers. The
real meaning of hacking is to expand
the capabilities of any electronic device;
to use them beyond the original
intentions of the manufacturer.
S.K.Ahsan 6

7. • “ Hacking is the use of one's skills
(computer, networking, etc.) to try and find
vulnerabilities in a network infrastructure. ”
S.K.Ahsan 7

8. Who is a ???
• Some one who bypasses the system’s control by
taking advantage of security weaknesses left in
the system by developers !
• One who is both knowledgeable and skilled at
computer programming and have it’s own
philosophy and code of ethics !
8 S.K.Ahsan

9. A Brief History of
 In 1960s
The first comuter hackers emerge at MIT
AI (Massachusetts Institute of
Technology) there occurred the first
hacking incident an victims were electric
trains. 1960’s
S.K.Ahsan 9

10. In 1970s
– Phreaking : John Draper Hacked the
AT&T’s long distance Calling for free .
– Phone hackers break into regional and
international phone networks to make free
calls.
S.K.Ahsan 10

11. 1980’s
Phone phreaks begin to move into the realm of computer
hacking, and the first electronic bulletin board systems
(BBSs) spring up.
In 1980s
Bill Landreth(the Cracker)
Hacked most secure networks.
(Choas C.Club) Hacked Nuclear secrets in Germany.
S.K.Ahsan
>>> Use a Computer, Go to Jail ! ! !
11

12.  In 1990s
– Two teens Hacked (T online).
– 21 year old Argentinean was hacked
NASA, Harvard an Naval war heads
info.
S.K.Ahsan 12

13.  1990’s
After a prolonged sting investigation,
S.K.Ahsan
swoop down on hackers in 14 U.S. cities, conducting
early-morning raids and arrests.
The Internet begins to take off as a new browser, Netscape
Navigator, makes information on the Web more accessible. Hackers
take to the new venue quickly, moving all their information and
hacking programs to new hacker Web sites.
>>> As information and easy-to-use tools become available to
anyone with Net access, the face of hacking begins to change.
13

14. 1995-till date
The hacking group Cult of the Dead Cow releases its Trojan horse
program, a powerful hacking tool--at Def Con. Once a hacker
installs the on a machine running Windows 95
or Windows 98, the program allows unauthorized remote access
of the machine !
Hackers launch attacks against , ,
S.K.Ahsan
, and !
Microsoft becomes the prominent victim of a new type of hack
that attacks the domain name server.
14

15.  2000
– In one of the biggest denial-of-service attacks ,
hackers launch attacks against eBay, Yahoo!,
CNN.com., Amazon and others.
S.K.Ahsan 15

16. S.K.Ahsan 16

17. Who is a “ ” ?
There are at least two common interpretations:
 A programmer who breaks into computer
systems in order to steal or change or
destroy information as a form of cyber-crime.
 A programmer for whom computing is its
own reward; may enjoy the challenge of
breaking into other computers but does no
harm.
S.K.Ahsan 17

18. Types of
 White Hat Hackers
Are hackers in the noble sense of the term,
whose goal is to help improve computer
systems .
 Black Hat Hackers
Are people who break into computer
systems for malicious purposes,
commonly called pirates.
S.K.Ahsan 18

19. S.K.Ahsan 19

20. How do
S.K.Ahsan
20

21. What Do Do?
Threaten People
Stole illegal or Private material
Damage System
Stole Passwords
Crack Unpaid Softwares
Modify data / stream
S.K.Ahsan 21

22. – Access confidential information
– Threaten someone from YOUR computer
– Broadcast your confidential letters or
materials
– Store illegal or espionage material
S.K.Ahsan
22

23. – Eavesdrop and replay
– Imposer: server / client
– Modify data / stream
– Denial-of-Service
S.K.Ahsan
23

24. S.K.Ahsan
24

25. System hacking
Network hacking
Software hacking
http://wiki.answers.com/Q/What_are_the_types_of_hacking
S.K.Ahsan 25

26. • Foot printing
• Scanning
• Enumeration
• Gaining access
• Covering tracks
• Creating backdoors
• Denial of service
26 S.K.Ahsan

27.  Objective
– To learn as much as you can about target
system, it's remote access capabilities, its
ports and services, and the aspects of its
security.
 Techniques
– Open source search
– Whois
– Web interface to whois
– ARIN whois
27 S.K.Ahsan

28.  Most security breeches
originate inside the network that
is under attack.
 Which include stealing passwords, performing
industrial private data, or
committing simple misuse.
S.K.Ahsan 28

29. 29 S.K.Ahsan

30. 30 S.K.Ahsan

31. 31 S.K.Ahsan

32. 32 S.K.Ahsan

33. 33 S.K.Ahsan

34.  Objective
– Bulk target assessment and identification
of listing services focuses the attention on
the most promising avenue of entry
 Techniques
– Ping sweep
– TCP/UDP port scan
– OS Detection
34 S.K.Ahsan

35.  Objective
– More intrusive probing now begins as
attackers begin identifying valid user
accounts or poorly protected resource
shares

Techniques
– List user accounts
– List file shares
– Identify applications
35 S.K.Ahsan

36.  Objective
– Enough data has been gathered at this
point to make an informed attempt to
access the target
 Techniques
– File share brute forcing
– Password file grab
– Buffer overflows
– Password eavesdropping
36 S.K.Ahsan

37. 37 S.K.Ahsan

38. 38 S.K.Ahsan

39.  Objective
– Once total ownership of the target is
secured, hiding this from system
administrators become paramount ,lest
they quickly end the romp.
 Techniques
– Clear logs
– Hide tools
39 S.K.Ahsan

40.  Objective
– Trap doors will be laid in various parts of
the system to ensure that privileged access
is easily regained at the whim if the
intruder
 Techniques
– Create rogue user accounts
– Schedule batch jobs
– Infect startup files
– Plant remote control services
– Install monitoring mechanisms
– Replace apps with trojans
40 S.K.Ahsan

41.  Rogue access points (APs) are unsecured wireless
access points that outsiders can easily breech.
 Rogue APs are most often connected by well
meaning but ignorant employees.
S.K.Ahsan 41

42.  Viruses and worms are
self-replicating programs
or code fragments that
attach themselves to
other programs (viruses)
or machines (worms).
 Viruses and worms attempt to shut down networks by
flooding them with massive amounts of bogus
Traffic,usually through e-mail.
S.K.Ahsan 42

43.  Hackers can gain access to a
Network by exploiting back doors,
administrative shortcuts, configuration
errors, easily deciphered
passwords, and unsecured dial-ups.
S.K.Ahsan 43

44.  Trojan horses, which are
Attached to other programs, are
the leading cause of all break-ins.
 When a user Downloads and
activates a Trojan horse, the hacked software kicks off
a virus, password gobbler, or remote-control SW that
gives the hacker control of the PC.i.e
Snipersky,PerfectKeylogger.
S.K.Ahsan 44

45.  DoS attacks give hackers a way to bring down a
network without gaining internal access.
 DoS attacks work by flooding the access routers with
bogus traffic.
 A DDoS is more difficult to block because it uses
multiple, changing, source IP addresses.
S.K.Ahsan 45

46.  Who just like to break stuff. They usually exploit any
target of opportunity.
 hobbyists or professionals who break passwords and
develop Trojan horses or other SW (called warez).
 They have no real hacker skills, so they buy or
download warez, which they launch and use
“COwbOy “Languages.
S.K.Ahsan 46

47. The pirates who use the switched telephone network
(STN) to make free phone calls.
mainly attack chip card systems (particularly bank
cards) to understand how they work and to exploit
their flaws. The term carding refers to chip card
piracy.
S.K.Ahsan 47

48.  refers to the act of intercepting TCP packets. This
interception can happen through simple
eavesdropping or something more sinister.
S.K.Ahsan 48

49.  The act of sending an illegitimate packet with an
expected acknowledgment (ACK), which a hacker
can guess, predict, or obtain by snooping.
S.K.Ahsan 49

50.  The method of luring an unsuspecting user into giving
out their username and password for a secure web
resource, usually a bank or credit card account.
 Ebay and PayPal are particularly susceptible to this
type of attack.
S.K.Ahsan 50

51. S.K.Ahsan 51

52. S.K.Ahsan 52

53. S.K.Ahsan 53

54. 54 S.K.Ahsan

55. 55 S.K.Ahsan

56. 56 S.K.Ahsan

57. S.K.Ahsan 57

58. Hacker’s Techniques &
Attacks
S.K.Ahsan 58

59. S.K.Ahsan
59

60. “The opposite
of hacking".
If hacking is defined as an attack on a
computer system then Anti-Hacking is
the protection of that system.
S.K.Ahsan 60

61. S.K.Ahsan 61

62. S.K.Ahsan
62

63.  Don't ignore operating system updates
 Anti-virus software
 Activate the firewall in Windows XP
 Email software preview windows
 Logging out
 Audit your computer regularly
 Regularly remove spyware
 Password issues
 Increasing Security Against a Brute Force
Attack
S.K.Ahsan 63

64.  Don't wait to be alerted via mainstream
media of problems that have been
discovered
 It's wise to visit the software vendors'
site and keep abreast of any critical
security updates. In the case of
Microsoft, you'll need to go to the
Windows Update site.
S.K.Ahsan 64

65.  Anti-virus software used *properly*.
 Ensure that it's regularly updated.
 Even missing one update could bring
down your computer .
 remember to password protect the
settings on the software so no-one else
can alter protection levels.
S.K.Ahsan 65

66. S.K.Ahsan 66

67.  Anti-virus software isn't enough,it's also a
good idea to install firewall software which will
help prevent unauthorized incoming and
outgoing communications from your computer
while connected to the Internet.
 Port scanning is *very* common and is
carried out with a view to finding weaknesses
in your system that can then be exploited.
S.K.Ahsan 67

68. S.K.Ahsan 68

69.  3rd party solutions for filtering email of spam
and viruses as their inboxes become
inundated with junk.
 Email filtering can be very effective in
dramatically reducing security risks before the
mail even has a chance to be collected by
your email software.
S.K.Ahsan 69

70.  Ensure that you log out of online services
properly. Failure to do so can allow others
who use your computer to gain access to
those services.
S.K.Ahsan 70

71.  If your computer is used by others, carry
out regular audits of the software on it.
 It's safest to make it a policy not to allow
any software to be installed without your
permission.
 Spybot again is a very effective tool for
detecting and removing software that may
be a security risk.
S.K.Ahsan 71

72.  If you and your familiar do a lot of surfing and
downloading of shareware software, then it's
likely you'll also accumulate your fair share of
spyware.
 Some software companies use spyware that
is incorporated into their software products to
gather data about customers, which is often
sold to other companies.
S.K.Ahsan 72

73. S.K.Ahsan 73

74.  If you must store usernames and passwords
on your system, ensure they are contained in
a document that is password protected.
 Don't let Windows "remember" passwords for
you. Passwords should always be more than
8 characters long and contain a mixture of
numbers and letters. Learn more about
password security issues.
S.K.Ahsan 74

75.  Increasing the length of the PIN
 Allowing the PIN to contain characters other
than numbers, such as * or #
 Imposing a 30 second delay between failed
authentication attempts
 Locking the account after 5 failed
authentication attempts
S.K.Ahsan 75

76. S.K.Ahsan 76

77. S.K.Ahsan
77

78. S.K.Ahsan
78