1. ON T Ethical Hacking
TI A
AU ER
C K
C ORK
HA W
1
Intelligent Quotient System Pvt. Ltd.
2. Introduction to Ethical Hacking
Ethical hackers
Employed by companies to perform penetration tests
Penetration test
Legal attempt to break into a company’s network to find its
weakest link
Tester only reports findings
Security test
More than an attempt to break in; also includes analyzing
company’s security policy and procedures
Tester offers solutions to secure or protect the network
2
3. What is Hacking?
Hacking is an act of penetrating computer
systems to gain knowledge about the system
and how it works.
Hacking is the act of gaining access without
legal authorization to a computer or computer
network or network resources.
3
4. Who is an Hacker?
Hackers are actually computer enthusiasts who know
a lot about computers and computer networks and
use this knowledge with a criminal intent.
Hacker: is person who uses his hacking skills and tool
sets for destructive or offensive purposes such as
disseminating viruses or performing DoS attacks to
compromise or bring down systems and networks.
Hackers are sometimes paid to damage corporate
reputations or steal or reveal credit-card information
4
5. What is Ethical Hacking?
Ethical hacking is the use of hacking
knowledge to attempt to enter a network to
find its loopholes and back doors.
It is often referred to as ‘legalized hacking’
and yes it is indeed legal and can even reap a
lot of profits for highly skilled individuals.
6. Who is Ethical Hacker?
■ Ethical hackers typically have very strong
programming and computer networking skill
■ Ethical hackers who stay a step ahead of
malicious hackers must be computer systems
experts who are very knowledgeable about
Computer programming, Networking and
operating systems.
6
7. Roll of Hacker
Ethical hackers are motivated by different reasons,
but their purpose is usually the same as that of
crackers:
Find out the frequent weaknesses in the security of
target systems.
They’re trying to determine what an intruder can see
on a targeted network or system, and what the hacker
can do with that information.
This process of testing the security of a system or
network is known as a penetration test.
7
Intelligent Quotient System Pvt. Ltd.
8. Roll of Hacker
Hackers
Access computer system or network without
authorization
Breaks the law; can go to prison
Crackers
Break into systems to steal or destroy data
U.S. Department of Justice calls both hackers
Ethical hacker
Performs most of the same activities but with owner’s
permission
8
9. Why perform an ethical hack?
To determine flaws and vulnerabilities
To provide a quantitative metric for evaluating
systems and networks
To measure against pre-established baselines
To determine risk to the organization
To design mitigating controls
9
Intelligent Quotient System Pvt. Ltd.
10. Skills Required Becoming an
Ethical Hacker
Criminal mindset
Thorough knowledge about Computer
programming, Networking and operating systems.
highly targeted platforms (such as Windows,
Unix, and Linux), etc.
Patience, persistence, and immense perseverance
10
Intelligent Quotient System Pvt. Ltd.
13. Footprinting
Definition: the gathering of information about a
potential system or network.
Attacker’s point of view
Identify potential target systems
Identify which types of attacks may be useful on
target systems
Defender’s point of view
Know available tools
Vulnerability analysis: know what information
you’re giving away, what weaknesses you have.
13
Intelligent Quotient System Pvt. Ltd.
14. Footprinting
Gathering information of target information
Internet Domain name, network
blocks, IP addresses open to
Net, TCP and UDP services
running, ACLs, IDSes
Intranet Protocols (IP,NETBIOS),
internal domain names, etc
Remote access Phone numbers, remote
control, telnet,
authentication
Extranet Connection origination,
destination, type, access
control 14
Intelligent Quotient System Pvt. Ltd.
15. Scanning
After obtaining a list of network and IP addresses
scanning starts:
ping sweeps (active machines): user pinger in Windows and
nmap in Linux/UNIX. This is an example of pinger.
TCP port scanning (open ports in active machines): SYN
and connect scans work with most hosts. SYN is stealthier
and may not be logged.
In Windows NT use SuperScan and in Linux/UNIX use
nmap. See an example of SuperScan. BUT, hackers use
scripts with binary files, not graphical tools.
15
Intelligent Quotient System Pvt. Ltd.
16. More in Scanning
OS detection (stack fingerprinting):
probe the TCP/IP stack, because it varies with OSs. Requires
at least one listening port to make determination.
why is it important? There are hacker tools OS and Net
device specific. In Linux/UNIX use nmap with -O. You can
use the Netcraft site to check the OS of a host running a
Web server.
OS detection (passive signatures):
monitoring the traffic the operating system can be detected,
among other things. Siphon is a recent Linux/UNIX tool.
Once the OS is identified enumeration can take place.
16
Intelligent Quotient System Pvt. Ltd.
17. Types of Scanning
Scanning Type Purpose
Port scanning Determines open ports and
services
Network scanning IP addresses
Vulnerability scanning Presence of known
weaknesses
18. Scanning Methodology
Check for Live System
Check for Open Ports
Service Identification
Banner Grabbing /
OS Fingerprinting
21. Enumeration
Enumeration occurs after scanning and is the
process of gathering and compiling usernames,
machine names, network resources, shares,
and services.
It also refers to actively querying or
connecting to a target system to acquire this
information.
22. Enumeration Steps
Hackers need to be methodical in their approach to
hacking. The following steps are an example of those
a hacker might perform in preparation for hacking a
target system:
1. Extract usernames using enumeration.
2. Gather information about the host using null sessions.
3. Perform Windows enumeration using the Superscan
tool.
4. Acquire the user accounts using the tool GetAcct.
5. Perform SNMP port scanning.
23. SQL injection
SQL injection is a code injection technique that
exploits a security vulnerability occurring in the
database layer of an application.
The vulnerability is present when user input is either
incorrectly filtered for string literal escape characters
embedded in SQL statements or user input is not
strongly typed and thereby unexpectedly executed.
24. SQL injection
During a SQL injection attack, malicious code is
inserted into a web form field or the website’s code to
make a system execute a command shell or other
arbitrary commands.
Just as a legitimate user enters queries and additions
to the SQL database via a web form, the hacker can
insert commands to the SQL server through the same
web form field.
25. Wireless Hacking Techniques
Cracking encryption and authentication
mechanism
Eavesdropping or sniffing
Denial of Service
AP masquerading or spoofing
MAC spoofing
26. Securing Your Wireless Network
Use Strong Encryption Protocol
Don’t Announce Yourself-Disable SSID
Change Default Administrator Passwords and
Usernames
Limit Access To Your Access Point
Do Not Auto-Connect to Open Wi-Fi Networks
Assign Static IP Addresses to Devices
Enable Firewalls On Each Computer and the Router
Position the Router or Access Point Safe