(1) The document is a seminar report presented by Parag S. Kosarkar on the topic of ethical hacking.
(2) It introduces ethical hacking and discusses techniques like SQL injection, keylogging, phishing, remote administration tools, and cookie stealing.
(3) The report provides steps people can take to protect themselves from being hacked, such as using antivirus software, firewalls, and secure passwords.
How to Troubleshoot Apps for the Modern Connected Worker
Parag presentation on ethical hacking
1. Seminar Report
on
“ ETHICAL – HACKING ”
Submitted
BY
Mr : - “ Parag S. Kosarkar “
Semester / Section “ – 6 th A
Roll No : - 41
23 FEB , 2012 - 13
Department of Computer Technology PART TIME DEGREE
PROGRAM
YESHWANTRAO CHAVAN COLLEGE OF
ENGINEERING, Nagpur
(An Autonomous Institution Affiliated to Rashtrasant
Tukadoji Maharaj Nagpur University)
3. INTRODUCTION : -
Ethical hacking - also known as penetration testing or intrusion
testing or red teaming has become a major concern for businesses
and governments.
Companies are worried about the possibility of being “hacked” and
potential customers are worried about maintaining control of
personal information.
Necessity of computer security professionals to break into the
systems of the organisation.
Ethical hackers employ the same tools and techniques as the
intruders.
They neither damage the target systems nor steal information.
The tool is not an automated hacker program rather it is an audit
that both identifies the vulnerabilities of a system and provide
advice on how to eliminate them.
4. FAMOUS HACKERS IN HISTORY : -
KEVIN MITNICK IAN MURPHY
JOHAN HELSINGUIS MARK ABENE
ROBERT MORRIS LINUS TORVALDS
5. =
Contents to be Explained : -
SQL Injection
Keylogging
Tabnapping
Phishing
RAT – Remote Administration
Tools or Trojans
Cookie Stealing
What Precautions can be done
to Avoid being Hacked ?
6. Comman Phases of Hacking:-
An ethical hacker follows processes similar to those of a
malicious hacker. The steps to gain and maintain entry into a
computer system are similar no matter what the hacker’s
intentions are. There are five phases that hackers generally
follow in hacking a system.
Phase 1 – Recognise System
Phase 2 – Scanning Process
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
7. What is Hacking ? Hacking refers to an array
of activities which area
done to intrude some
one else’s Personal
Information space so as
to use it for malicious
, unwanted purpose.
What is Cracking ?
Cracking is almost the same as hacking because they
both get into the peoples server & accounts illegally.
But a cracker destroys the information & software
that it gets into, which can cause System Down.
8. Proffesional Criminals or Crackers : -
Make a living by breaking into the systems and
selling the information.
Hacker & Ethical Hacker : -
Hacker can Access computer system or network
information without their permission.
Breaks the LAWS , can go to Prison !
Ethical Hacker does the same but with the legal
permission.
Employed by companies to perform penetration
tests. Quick – Heal Hires Hackers.
9. What you can do Legally ?
As an Ethical hacker , be aware of what is allowed &
what is not .
Laws involving technologies are changing according to
the Techology changes.
Some hacking tools on your computer might be illegal
to possess.
IS PORT – Scanning Legal ?
Government does not see to it as violation.
It is Legal
As noninvasive or non destructible in Nature.
Mostly port 8080 , 80 & 443 are Open
10. What is SQL – INJECTION ?
SQL – Injection is one of the popular web application
hacking method using injection attack, an unauthorized
person can access the Database of the website. Attacker
can extract the data from Database.
What hacker can do with the SQL injection attack ?
ByPassing Logins
Accessing secret data
Modifying content of website
Shutting down the My SQL server
Google Dorking
Example : * inurl:index.php?id=
* inurl:galary.php?id=
11. Checking the Vulnerability : -
Now lets us check the vulnerability of Target – Website
to check the vulnerability add the (‘) at the end of the
url and hit enter.
Eg : - http://www.anywebsite.com/index.php?id=2’
If the page remains same
or do not gives any
message saying …
“ Error 404 – page not found
then its Ok ! ”
12. What is a Keylogger?
A keylogger is a piece of malicious software, usually
called "spyware" or "malware," that records every keystroke you
make on a keyboard. Keyloggers can be installed without your
knowledge or consent when you visit a Web site or read an e-mail,
install a program, or perform other activities. Once installed, the
keylogger records all your keystrokes, and then e-mails the
information and other data to the computer hacker.
13. How Keyloggers are Constructed :
The main idea behind keyloggers is to get in between any two links in the
chain of events between when a key is pressed and when information about
that keystroke is displayed on the monitor.
This can be achieved using video surveillance : a hardware bug in the
keyboard, wiring or the computer itself; intercepting input/output;
substituting the keyboard driver; using a filter driver in the keyboard stack;
intercepting kernel functions by any means possible (substituting addresses
in system tables, splicing function code, etc.); intercepting DLL functions in
user mode, and requesting information from the keyboard using standard
documented methods.
Keyloggers can be divided into two categories: keylogging devices and
keylogging software. Keyloggers that fall into the first category are usually
small devices that can be fixed to the keyboard or placed within a cable or
the computer itself. The keylogging software category is made up of
dedicated programs designed to track and log keystrokes.
14. KEYLOGGER’S Can Be Spread Using : -
MP3 music files
E-mail attachments
Clicking on deceptive pop–ups
P2P networks
AVI files (i.e., "YouTube" or other
videos)
A legitimate Web site link, picture, or
story that was malfaced
Downloaded games or any other PC
tools or programs
Faked malicious Web sites that
impersonate popular sites (sites such
as Google, eBay, Amazon, Yahoo,
banks) or anti-virus programs
15. TABNAPPING ?
From the combination of
'tab' and 'kidnapping' - could be
used by clever phishers to dupe
users into giving up passwords by
secretly changing already-open
browser tabs. All of the major
browsers on Windows and Mac OS
X are vulnerable to the attack.
Because most people keep multiple
tabs open, often for long periods, and
because they trust that the contents
and label of a tab are immutable,
tabnapping could become the next
big thing in identity theft.
16. What is PHISHING ?
Suppose you check your e-mail one day and
find a message from your bank. You've
gotten e-mail from them before, but this one
seems suspicious, especially since it
threatens to close your account if you don't
reply immediately. What do you do ?
PHISHING, a method of online identity
theft. In addition to stealing personal and
financial data, phishers can infect
computers with viruses and convince people
to participate unwittingly in money
laundering.
Most people associate phishing with e-mail
messages that spoof , or mimic, banks
, credit card companies or other business
like Amazon and eBay .
17. Planning : - Phishers decide which business to target and determine how to get e-
mail addresses for the customers of that business. They often use the same mass-
mailing and address collection techniques as spammers.
Setup : - Once they know which business to spoof and who their victims
are, phishers create methods for delivering the message and collecting the data.
Most often, this involves e-mail addressesand a Web page.
Attack :- This is the step people are most familiar with -- the phisher sends a phony
message that appears to be from a reputable source.
Collection :- Phishers record the information victims enter into Web pages or popup
windows.
Since most people won't reveal their bank account, credit card number or
password to just anyone, phishers have to take extra steps to trick their victims into
giving up this information. This kind of deceptive attempt to get information is
called “ Social - Engineering “
Phishers often use real company logos and copy legitimate e-mail
messages, replacing the links with ones that direct the victim to a fraudulent page.
18. REMOTE ADMINISTRATION TOOLS – RAT‟s
It provides an attacker with nearly unlimited access to host
computer along with Screen Capture, File management, shell
control and device drivers control.
RAT is used to remotely connect and manage single or multiple
computers.
RATs uses reverse connections to connect remote system and
hence are more likely to remain undetected. They can hide and
Server or Master and Slave.
A Trojan generally has two parts Clientaster. So a server side
is installed on a remote host and the attacker manipulates it
with client software.
In olden days making a Trojan was a job of master programmer
but now a days several Trojan building tools are available.
20. Cookies are small files that stored on users computer by
websites when a user visits them.
The stored Cookies are used by the web server to identify
and authenticate the user . For example when a user logins
in Facebook a unique string is generated and one copy of it
is saved on the server and other is saved on the users
browser as Cookies, Both are matched every time the user
does any thing in his account.
So if we steal the victims cookie and inject them in our
browser we will be able to imitate the victims identity to
the web server and thus we will be able to login is his
account . This is called as “ Side - Jacking ”.The best thing
about this is that we need not no the victims id or password
all we need is the victims cookie.
21. How be “SAFE ” from Being HACKED …
Always browse sites on a secure https
connection.Facebook has setting for it.
Always use good and reputed antivirus
software.If possible use Internet Security
Suites of those.To stay safe online too.
Use FIREWALLS such as comodo , sygate
, zone – alarm , sunbelt.
Never save password on your pc or on
internet café’s.
Use a good password manager that secures
your password lnline and logs in for you
automatically. Eg. Lastpass
Always clear all private and temp. data using
a cleaner soft, to leave no traces and remove
tracking cookies. Eg : ccleaner .
22. Some Steps in Social Networking which can make you SURF – SAFLY …
In “ FACEBOOK & GMAIL ” Do following settings :
Login in to your Account ;
Goto settings their click on security tab > their edit >
Click onto Browse Facebook on a secure connection (https) when possible.
Also check on Login Notifications This makes whenever you Log In it will
send you an message to your “ Number & Mail “ that your account is being
logged in by some1 if U are not then take action on it with login details
given.
23. REFRENCES : -
Paragkosarkar.blogspot.com
Desitech.tk
Learnhackingathome.com
Gprshub.com
Indiahax.tk
So…
What You Wanna be ?
HACKER
or
CRACKER
Choice is Your „s !!!