This document introduces the concept of ethical hacking. It begins by defining hacking as finding solutions to real-life problems, and clarifies that the original meaning of "hack" was not related to computers. It then discusses how the term entered computer culture at MIT in the 1960s, where hackers were students who solved problems in innovative ways, unlike "tools" who just attended class. The document outlines some traits of good hacks and provides examples. It emphasizes that media misconstrues hackers as criminals, and explains that real hackers have strong ethics and help catch cyber criminals, unlike crackers who hack systems illegally. The rest of the document provides an overview of skills, subjects, and basic concepts needed for ethical hacking.
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
Hacking
History Of Hacking
Types of Hacking
The Most World’s famous Hackers
Types Of Hackers
Scope Of Ethical Hackers
Cyber Laws for Hacking and their Punishments in Pakistan
How to Prevent Hacking
a simple presentation with introduction on hacking, presented by anant shrivastava on behalf of linux academy at rkdf bhopal http://academylinux.com and contact anant at http://anantshri.info
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Systems Vulnerability Scanning Overview of vulnerability scanning, Open Port / Service Identification, Banner / Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning - Netcat, Socat, understanding Port and Services tools - Datapipe, Fpipe, WinRelay, Network Reconnaissance – Nmap, THC-Amap and System tools. Network Sniffers and Injection tools – Tcpdump and Windump, Wireshark, Ettercap, Hping Kismet.
This tutorial is related to Hacking.Key terms: Introduction to Hacking,
History of Hacking,
The Hacker attitude,
Basic Hacking skills,
Hacking Premeasured,
IP Address,
Finding IP Address,
IP Address dangers & Concerns,
Hacking Tutorial
Network Hacking,
General Hacking Methodology,
Port Scanning,
ICMP Scanning,
Security Threats,
Counter-attack strategies,
Host-detection techniques,
Host-detection ping,
Denial of Service attacks, DOS Attacks,
Threat from Sniffing and Key Logging,
Trojan Attacks,
IP Spoofing,
Buffer Overflows,
All other types of Attacks, SMURF attacks, Sniffers, Keylogger, trojans,
Hacking NETBIOS,
Internet application security,
Internet application hacking statistics, Web application hacking reasons,
General Hacking Methods,
Vulnerability,
Hacking techniques,
XPath Injection
For more details visit Tech-Blog: https://msatechnosoft.in/blog/tech-blogs/
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
Hacking
History Of Hacking
Types of Hacking
The Most World’s famous Hackers
Types Of Hackers
Scope Of Ethical Hackers
Cyber Laws for Hacking and their Punishments in Pakistan
How to Prevent Hacking
a simple presentation with introduction on hacking, presented by anant shrivastava on behalf of linux academy at rkdf bhopal http://academylinux.com and contact anant at http://anantshri.info
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Systems Vulnerability Scanning Overview of vulnerability scanning, Open Port / Service Identification, Banner / Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning - Netcat, Socat, understanding Port and Services tools - Datapipe, Fpipe, WinRelay, Network Reconnaissance – Nmap, THC-Amap and System tools. Network Sniffers and Injection tools – Tcpdump and Windump, Wireshark, Ettercap, Hping Kismet.
This tutorial is related to Hacking.Key terms: Introduction to Hacking,
History of Hacking,
The Hacker attitude,
Basic Hacking skills,
Hacking Premeasured,
IP Address,
Finding IP Address,
IP Address dangers & Concerns,
Hacking Tutorial
Network Hacking,
General Hacking Methodology,
Port Scanning,
ICMP Scanning,
Security Threats,
Counter-attack strategies,
Host-detection techniques,
Host-detection ping,
Denial of Service attacks, DOS Attacks,
Threat from Sniffing and Key Logging,
Trojan Attacks,
IP Spoofing,
Buffer Overflows,
All other types of Attacks, SMURF attacks, Sniffers, Keylogger, trojans,
Hacking NETBIOS,
Internet application security,
Internet application hacking statistics, Web application hacking reasons,
General Hacking Methods,
Vulnerability,
Hacking techniques,
XPath Injection
For more details visit Tech-Blog: https://msatechnosoft.in/blog/tech-blogs/
Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.
This talks about the classes of IPv4 addresses, The Internet Etiquette, Computer Networks, Basic Communication Model, and Line Configuration in Computer Networks.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
3. What is Hacking ?
Hacking is the art of finding solutions to real
life problems.
The word “ Hack “ is not directly related to
computers.
4. Hacking and Computers
The concept of hacking entered the computer
culture at the MIT University in the 1960s.
There are two kinds of students
1. Tools
2. Hackers
5. 1. Tools
A ``tool'' is someone who attends class in the
college regularly
is always to be found in the library when no
class is meeting,
Always Try to get Excellent grades in the
examination.
Sole Aim: get placed in high paying Company
6. 2. Hacker
A ``hacker'' is the opposite: someone who
never goes to class,
who in fact sleeps all day,
and who spends the night pursuing
recreational activities rather than studying
text books.
What does this have to do with computers?
Originally, nothing.
7. Hackers vs Tools
There are standards for success as a hacker,
just as grades form a standard for success as a
tool.
Overall Hackers are more successful in life
and they emerge as a leader in their field.
8. Computer Hackers
Hackers are developers.
Hackers are those geeks and scientists who
provide IT solutions to real life problems.
Hackers think beyond the boundaries
9. Traits of any Hack
It must be clever.
It must produce more good than bad, and
it must not be malicious.
It should be unexpected, or out of the
ordinary.
It need not pertain to computers.
10. Hack Ideas
Social Networking site for plants.
Sending sms to smart phone whenever a
post man delivers the letter in the letter box.
Sending sms to near & dear ones whenever
you reach the destination.
13. Who is Responsible for
misconception
Media is the root cause of all this
misconception.
Lack of Awareness among common students
and people.
14. Crackers
One who breaks into systems illegally are
crackers.
They are bad guys or gals
15. Hacker vs Cracker
o Qualities of hacker:
Lots of knowledge
Good Guy
Strong Ethics
Helps in catching cyber criminals
16. Hacker vs Cracker
Qualities of cracker
Lots of knowledge
Bad ethics
Cyber criminals
17. Skills of Hacker
Learn Programming languages ( C, C++)
Learn scripting languages ( JSP, Python, PHP,
perl )
Good knowledge of database and query
languages (SQL, YQL, FQL, etc)
Learn Networking (TCP/IP)
Learn to work in Unix
Start playing with web api’s
Learn Assembly Programming
18. Important Subjects
C and M - I
Data Structures and M-II
DLD , JAVA & web Technology and M-III
(Probability)
CSA, OS, DBMS
Microprocessors, Data Communications
Computer Networking
Cryptography & Network Security
Wireless Communication
19. Getting started to learn
Hacking
TCP/IP
IP Address
MAC Address
Ports
Web Architecture
LAN Architecture
DOS Commands
20. Web Architecture
The Internet is a worldwide, publicly
accessible network of interconnected
computer networks that transmit data using
the standard Internet Protocol (IP).
The terms World Wide Web (WWW) and
Internet are not the same
21. Internet, web, www
The Internet is a collection of interconnected
computer networks, linked by copper wires,
fiber-optic cables, wireless connections, etc.
Web is a collection of interconnected
documents and other resources, linked by
hyperlinks and URLs.
The World Wide Web is one of the services
accessible via the Internet, along with various
others including e-mail, file sharing, online
gaming etc
22. TCP/IP
TCP/IP is the protocol for communication
between computers on the Internet.
TCP stands for Transmission Control Protocol
IP stands for Internet Protocol
TCP/IP defines how electronic devices (like
computers) should be connected to the
Internet, and how data should be transmitted
between them.
23. TCP/IP
Inside the TCP/IP standard there are several
protocols for handling data communication:
1. TCP
2. IP
3. ICMP
4. DHCP
(Dynamic Host Configuration Protocol) for
Dynamic Addressing
24. TCP/IP
TCP is responsible for breaking data down
into IP packets before they are sent, and for
assembling the packets when they arrive.
IP is responsible for sending the packets to
the correct destination.
IP Routers:- The IP router is responsible for
"routing" the packet to the correct
destination, directly or via another router.
25. IP Address
Every system connected to a network has
a unique Internet Protocol (IP) Address
which acts as its identity on that network.
An IP Address is a 32-bit address which is
divided into four fields of 8-bits each. For
Example, 203.94.35.12
TCP/IP uses four numbers to address a
computer. The numbers are always between
0 and 255.
26. DNS Servers
Names used for TCP/IP addresses are called
domain names.
When you address a website e.g.
www.thehackbook.com
the name is translated to its corresponding IP
Address by DNS Servers.
DNS servers contains the list of all registered
domain names and their corresponding IP
addresses.
27. MAC Address
Media Access Control (MAC) is a unique value
associated with a network adapter. MAC addresses
are also known as hardware addresses or physical
addresses. They uniquely identify an adapter on a
LAN
MAC addresses are 12-digit hexadecimal numbers
(48 bits in length).
MM:MM:MM:SS:SS:SS
MM-MM-MM-SS-SS-SS
The first half of a MAC address contains the ID
number of the adapter manufacturer. The second
half of a MAC address represents the serial number
assigned to the adapter by the manufacturer.
28. Commands
To find IP Address
ipconfig
To find MAC Address:
ipconfig /all
29. Ports
1. Hardware Ports
2 Software Ports
There are 65536 software ports in an
operating system.
30. Sockets
The pair of IP address and port numbers
separated by a colon is called the socket.
e.g- 202.112.67.21:8080 is a socket.
31. Classification of IP
Address
1. Public IP Address
2. Private IP Address
finding public and private IP Address
1. Static IP Address
2. Dynamic IP Address
32. Network Address Translation
(NAT)
The current implementation of IP addressing
provides users with a very limited number of IP
address .
To solve this shortage problem , a number of
organizations have started implementing NAT
addressing, which allows them to use a single
public IP address for a large number of internal
systems having unique private IP addresses.
If any external systems communicates with two
different internal systems in NAT network, then
it will be impossible to differentiate between two
systems.
33. Working of NAT
Typically a NAT network consists of a large
number of the internal systems that are
connected to the internet through a routing
device known as NAT box.
This NAT box acts as the core & controls all
routing , addressing , and interfacing
requirements of the network.
34. NAT
When an internal computer connects to external
computer
Internal computer(192.168.153.67 :1024) NAT box (
Internal IP Address gets converted to external i.e.
public IP address)==== External System
(www.thehackbook.com)
35. NAT
Reply from External System
External system(www.facebook.com) NAT
box ( NAT box identifies the internal system for
which IP packets meant) Internal
System(192.168.153.67)
36. Three stages of Hacking any Remote
Computer
1. Planning and preparing the attack
2. Gathering information for the attack
3. Executing the attack
37. Preparing the attack
Steps performed by a good hacker in this stage:
1. Decide which computer they want to hack
2. Then they will find the IP address of the remote
computer.
3. Find the exact geographical Location of the
computer.
4. Hide their own IP address and identity on
internet
38. Finding remote computer
Lets say a Hacker decides to break into the
computer of one of his facebook friends.
Then his first step will be to find the IP
address of his friend computer.
So lets discuss what are the possible ways of
finding the IP address of any remote
computer.
39. Finding Remote Computer’s IP
Address
1. Sending the link of www.whatstheirip.com
2. Through Instant messaging software
3. Through IRC Chat
4. Through your website
40. MSN , Yahoo , g-talk
3. If you are chatting on other messengers like MSN, YAHOO etc. then the
following indirect connection exists between your system and your friend’s
system:
Your System------Chat Server---- Friend’s System
Friend’s System---------Chat Server------- Your System
Thus in this case, you first have to establish a direct connection with your
friend’s computer by either sending him a file or by using the call feature.
Then, goto MSDOS or the command line and type:
C:>netstat -n
This command will give you the IP Address of your friend’s computer.
41. Instant Messanger
1. Ask your friend to come online and chat with you.
2. Case I: If you are chatting on ICQ, then the following connection
exists between your system and your friend’s system:
Your System------DIRECT CONNECTION---- Friend’s System
Friend’s System---------DIRECT CONNECTION------- Your System
Now, goto MSDOS or the command line and type:
C:>netstat -n
This command will give you the IP Address of your friend’s computer.
42. Getting IP from Website
One can easily log the IP Addresses of all
visitors to their website by using simply
JAVA applets or JavaScript code.
By using PHP scripts it is possible to
determine user’s O.S and Browser’s.
Same can be used to determine the exact
geographical location of the visitors.
43. Counter Measures
Do not accept File transfers or calls from unknown
people.
Chat online ONLY after logging on through a Proxy
Server.
Don’t click on any suspicious link.
44. Finding Exact Location
Once you get the IP address of Remote
computer try to perform IP lookup
Popular sites for IP Look Up
1. www.ipmango.com
2. www.whois.com
45. Hiding your IP Address
Proxy Servers: Definition:
A Proxy Server acts as a buffer between you and the Internet, hence it protects
your identity.
Working:
Case 1: Your System------Proxy Server---- Friend’s System
Case 2: Your System-----Proxy------Chat Server----Friend’s
System
Good Proxy Servers:
Wingate & WinProxy (For Windows Platform)
Squid (For Unix Platforms)
46. Proxy Bouncing
PROXY BOUNCING
Definition:
Proxy Bouncing is the phenomenon wherein you connect to several proxy
servers and then connect to the actual destination.
Working:
YOUR SYSTEM--------PROXY 1--------- PROXY 2---------- PROXY 3
----------------PROXY 4----------PROXY 5----------Destination
Tools:
MultiProxy
48. DOS Commands
1. nslookup
2. net view
3. net use
4. net user
5. ping
6. tracert
7. arp
8. route
9. nbtstat
10. netstat
11. ipconfig
49. Ping
This command will allow you to know if the
host you pinging is alive, which means if it is up
at the time of executing the “ping” command.
syntax :
ping www.thehackbook.com or
OBS: Keep in mind that if the host you pinging
is blocking ICMP packets, then the result will be
host down.
50. nslookup
This command has many functionalities.
One is for resolving DNS into IP.
syntax:
nslookup www.thehackbook.com
51. nslookup
Now, another really nice function of nslookup
is to find out IP of specific Mail Severs.
QUOTE
nslookup (enter)
set type=mx (enter)
yahoo.com
This command will give you the mail server IP
of yahoo.com. You can use whatever server
you want and if it is listed on DNS, then you
get the IP. Simple, isn’t it?
52. tracert
This command will give you the hops that a
packet will travel to reach its final
destination.
OBS: This command is good to know the
route a packet takes before it goes to the
target box.
CODE
tracert x.x.x.x (x is the IP address)
or
tracert www.thehackbook.com
53. arp
Address Resolution Protocol
This command will show you the arp table.
This is good to know if someone is doing arp
poisoning in your LAN.
command
arp -a
54. netstat
This command will show you connection to your
box.
CODE
netstat
or
CODE
netstat -a (this will show you all the listening
ports and connection with DNS names)
netstat -n (this will show you all the open
connection with IP addresses)
netstat -an (this will combined both of the
above)
55. nbtstat
This command will show you the netbios
name of the target box.
CODE
nbtstat -A x.x.x.x (x is the IP address)
nbtstat -a computername
net view x.x.x.x or computername (will list the
available sharing folders on the target box
56. route
This command will show you the routing
table, gateway, interface and metric.
CODE
route print
57. Help
And least but not last, the “help” command.
CODE
whatevercommand /help
CODE
whatevercommand /?
58. Gathering Information about
remote computer
Recap of first step i.e. preparation of attack
Hiding the IP using proxy bouncing
Tracing IP address using Neotrace, and online
databases, Visual Route.
Now change your MAC address before
starting Information Gathering step.
software :- MacAddressChanger
59. Information Gathering
Typically during the information Gathering
step attacker aims to determine the following
information about the target system.
1. Network Topology
2. List of open ports
3. List of services
4. Determine the operating system
5. User Information
60. Gathering Information
It is Possible to gather all these information using
various techniques like
1. Network Reconnaissance
- Ping sweeping and Traceroute
2. Port Scanning
3. Daemon Banner Grabbing and Port
Enumeration
4. ICMP scanning
5. OS detection using OS Finger printing
6. Sniffing
61. Scanning Using nmap
C:program filesnmap>nmap –sP
thehackbook.com
nmap sends ICMP echo request to
thehackbook .com
To Carry out UDP probing:
C:program filesnmap>nmap –PU
thehackbook.com
C:program filesnmap>nmap –PN
thehackbook.com
62. OS Detection
C:program filesnmap>nmap –O
www.google.com
C:program filesnmap>nmap –A www.
google.com
Os detection using websites: use PHP script
to detect visitors OS and browser
63. Executing the Attack
DOS Attacks : Such an attack clogs up so
much bandwidth on the target system that it
cannot serve even legitimate users.
ATTACKER-----Infinite/ Malicious Data-----
VICTIM
Target Network gets choked or cannot handle
the malicious data and hence crashes.
As a result, even legitimate clients/ people
cannot connect to the target network.
64. Types of DOS Attacks
1. Ping of Death
2. Teardrop attacks
3. SYN flood attacks
4. Land Attacks
5. Smurf Attacks
6. UDP flood Attacks
7. DDOS Attacks
8. Modem-disconnect Attack
65. Tear Drop Attack
Data sent from the source to the destination system, is broken
down into smaller fragments at the source system and then
reassembled into larger chunks at the destination system.
For Example,
Say data of 4000 bytes is to be sent across a network, then it
is broken down into three chunks:
1.CHUNK A contains Bytes 1 to 1500.
2.CHUNK B contains Bytes 1501 to 3000
3.CHUNK C contains Bytes 3001 to 4000
66. Tear Drop Attack
However, in case of a Teardrop attack, these ranges of
data chunks are overlapping. For Example, in case of a
Teardrop attack, the same 4000 bytes would be
broken down into the below three chunks:
1. CHUNK A contains Bytes 1 to 1500.
2. CHUNK B contains Bytes 1499 to 3000
3. CHUNK C contains Bytes 2999 to 4000
In this example therange of CHUNK A is 1 to 1500,
range of CHUNK B is 1499 to 3000 while the range of
CHUNK C is 2999 to 4000. Thus, the ranges are
overlapping
Since here the ranges are overlapping, the target
system gets DOS’ed!!!
67. Trojan Attacks
Trojans act as RATs or Remote
Administration Tools that allow remote
control and remote access to the attacker.
Tools:
Netbus, Girlfriend, Back Orrifice and many
others
68. Sniffers Attack
Definition:
Sniffers are tools that can capture all data packets being sent across
the entire network in the raw form.
Working: ATTACKER-----Uses sniffer for spying----- VICTIM
Threats:
Password Stealing, IP Violation, Spying etc.
Tools:
Tcpdump, Ethereal, Dsniff , wireshark and many more.
69. Buffer Overflow
Buffer overflow tpically occur due to poor
programming and a mismanagement of an
application memory by the developer.
E.g. If 5 KB of buffer space has been allocated to an
application. If the application then tries to store data
of 7 KB in the buffer memory. Then the addition 2 KB
of data will have nowhere to go and as a result will
overflow.
This additional 2 KB of data which overflowed , will
overwrite a legitimate piece of data at another
memory location.
As a result system crashes or leads to unwanted
execution of some other program.
70. Types of Buffer Overflows
1. Stack Overflows
2. Format String Overflows
3. Heap Overflows
4. Integer overflows
71. Stack Overflow
steps :
1.Identify and take control of a vulnerable
application running on the target computer
2.Identifying the malicious code that you would
like to execute on the target computer
3. Exploit the priviledge and access of the victim
application to execute the malicious code.
72. Stack Overflow : Step 1
Identifying a vulnerable
application
Study the source code of the application and
test it with different types and sizes of
artificial input states (Identify the Test cases
for which application fails)
73. Buffer Overflow : Step 2
Planting the malicious
code
Attacker sends malicious command as input
or in the form of an argument to the
vulnerable application. The malicious input is
stored in the temporary buffer memory of the
application and then remains ready to be
executed as and when required.
74. Executing the Malicious
code
Whenever an application calls a function, a
separate activation record for that particular
function is created on the stack.
Each activation record contains a return address
to which the program control is transferred once
the function exits.
If one can change this return address to point to
the address where malicious code is stored, then
the application will jump to the malicious code as
the function is over.
This will lead to the execution of malicious code.
75. Social Networking Websites
Hacking
There is no way to hack some one’s gmail
account, orkut account, Facebook account, or
yahoo account by breaking into servers.
Generally there are two ways of hacking
these accounts
1. By finding the password of account
2. By resetting the password
There is no any other way of hacking some
one’s profile on social networking websites.
76. Finding passwords
Social Enginnering
Password guessing
Phishing attacks
Key Loggers
Sniffing attacks
Man in the middle attack
Tab Nabbing- Latest kind of phishing attack
78. Tab Nabbing
Aza Raskin , a design expert discovered and
extensively wrote about a deadly new phishing
technique that he named TAB Nabbing.
All present day browsers are vulnerable to this
kind of attack.
It is also a kind of phshing attack that
impersonates other websites and fools users into
revealing their personal data like usernames,
passwords, credit card details, etc.
It makes use of multiple tabs by browsers to fool
the victims.
79. Steps of Tab Nabbing
Victims opens multiple tabs to his favorite
websites & is browsing normally.
Using flash widgets, scripts, browser
extensions or cross site scripting attacks, it is
possible for an attacker to modify the
contents of some other open tab in your
browser to may be point to the victims bank,
email or corporate login account.
80. Resetting the password
It is possible for an attacker to find out the
answer of secret questions available on gmail
or yahoo account for password resetting.
Attacker can find it by means of social
engineering.
81. Windows Hacking
Host File: Directing the redirection
windows Location- C:windowssystem 32
driveretc
Hosts file can be tweaked to carry out no of
interesting hacks
1. Blocking certain websites
2. Redirecting the user to some other website
82. Recovering the deleted data
When you delete a file , it first goes to the recycle
bin. After you empty the recycle bin, then file still
remains on the hard disk .
Microsoft windows will only delete the link
between the operating system & the deleted file.
This means that the file will not be accessible
through windows & MS DOS.
The file will still remains on the hard disk and will
be available until windows overwrites it with a
new file.
83. Email Forging
Definition:
Email Forging is the art of sending an email
from the victim’s email account without
knowing the password.
Working:
ATTACKER-----Sends Forged email-----
FROM VICTIM
84. SMS Forging
SMS spoofing became possible after many
mobile/cellular operators had integrated their
network communications with/in the
Internet.
So anybody could send SMS from the
Internet using forms at the websites of
mobile operators or even through e-mail.
85. SMS Forging
The working of SMS is explained as under.
First of all the sender send the SMS via SMS
gateway.
The identity of the sender is attached to the
packer of the SMS.
The SMS once reach the SMS gateway is routed
to the destination Gateway and
then to the receiver’s handset.
There are many ways by which we can send SMS
to the SMS gateway.
One of them is to use internet.
86. SMS Forging
Now the concept of SMS forging lies in changing the
SCCP packer which contains
the sender information prior delivering to the SMS
gateway.
The intruder can change the SCCP packet and can
send that packet to any of the receiver as a spoofed
SMS.
Some of the Website on the net also provide this
facility.
To provide such service is not legal and the user
using this may lead so
serious consequences with law.
Website: http://www.spranked.com
87. Software to Restore the
deleted files
Restoration : An excellent recovery software
Download: www.aumha.org/a/recover.php
89. Windows Toolkit
You can remove the cracks of your windows
using it.
Play with your logon screen.
90. The End
About The Hackbook : The Hackbook is a
social utility to promote awareness about
Information Security and Ethical Hacking by
integrating the concepts of social network
and education network.