Escolar Documentos
Profissional Documentos
Cultura Documentos
By:
Aashish Sharma
CS Final Year
HACKER
>Definitions<
Hacker : any programming specialist who
has expertise to enter computer network
unauthorized.
Cracker : some one who destructs things.
Hacking : act of illegally entering a
computer system, and making unauthorized
changes to the files and data contain within.
What is Ethical Hacking?
♦ Ethical hacking – defined “methodology adopted by ethical
hackers to discover the vulnerabilities existing in information
systems’ operating environments.”
♦ With the growth of the Internet, computer security has
become a major concern for businesses and governments.
♦ In their search for a way to approach the problem,
organizations came to realize that one of the best ways to
evaluate the intruder threat to their interests would be to have
independent computer security professionals attempt to break
into their computer systems.
Ethical Hacking
♦ Independent computer security
Professionals breaking into the
computer systems.
♦ Neither damage the target
systems nor steal information.
♦ Evaluate target systems security
and report back to owners about
the vulnerabilities found.
Ethical Hackers but not Criminal
Hackers
♦ Completely trustworthy.
♦ Strong programming and computer
networking skills.
♦ Learn about the system and trying to
find its weaknesses.
♦ Techniques of Criminal hackers-
Detection-Prevention.
♦ Published research papers or released
security software.
♦ No Ex-hackers.
June 01, 2004 to Dec.31, 2004
January - 2005
Domains No of Defacements
.com 922
.gov.in 24
.org 53
.net 39
.biz 12
.co.in 48
.ac.in 13
.info 3
.nic.in 2
.edu 2
other 13
Total 1131
Interruption Interception
Modification Fabrication
Why do hackers hack?
♦ Just for fun
♦ Show off
♦ Hack other systems secretly
♦ Notify many people their thought
♦ Steal important information
♦ Destroy enemy’s computer network during
the war
What do hackers do after
hacking?
♦ Patch security hole
– The other hackers can’t intrude
♦ Clear logs and hide themselves
♦ Install rootkit ( backdoor )
– The hacker who hacked the system can use the
system later
– It contains trojan ls, ps, and so on
Being Prepared
♦ What can an intruder see on the target systems?
♦ What can an intruder do with that information?
♦ Does anyone at the target notice the intruder's attempts
or successes?
♦ Insider attack
♦ Outsider attack
♦ Stolen equipment attack
♦ Physical entry
♦ Bypassed authentication attack (wireless
access points)
♦ Social engineering attack
Anatomy of an attack:
– Reconnaissance – attacker gathers
information; can include social engineering.
– Scanning – searches for open ports (port
scan) probes target for vulnerabilities.
– Gaining access – attacker exploits
vulnerabilities to get inside system; used for
spoofing IP.
– Maintaining access – creates backdoor
through use of Trojans; once attacker gains
access makes sure he/she can get back in.
– Covering tracks – deletes files, hides files,
and erases log files. So that attacker cannot
be detected or penalized.
Hackers
Hactivism :
→ The non-violent use of illegal or legally ambiguous
digital tools in pursuit of political ends.
→Writing of code to promote political ideology -
promoting expressive politics, free speech, human
rights. 17
Classes of Attack
1. Authentication
2. Client-Side Attacks
3. Command Execution
4. Information Disclosure
18
Authentication
Attack Types :
1. Brute Force
2. Weak Password Recovery Validation
19
Client-Side Attacks
Attack Examples :
1. Content Spoofing
2. Cross-Site Scripting
20
Command Execution
Attack Examples :
1. OS Commanding
2. SQL Injection
21
SQL Injection
♦ Allows a remote attacker to
execute arbitrary database
commands
♦ Relies on poorly formed database queries and
insufficient
input validation
♦ Often facilitated, but does not rely on unhandled
exceptions and ODBC error messages
♦ Impact: MASSIVE. This is one of the most dangerous
vulnerabilities on the web.
Information Disclosure
Covers attacks designed to acquire system specific
information about a web site like backup / temporary
files, softwares used etc..
Attack Examples :
1. Path Traversal
2. Predictable Resource Location
24
Hacking
Definition :-
25
Google Hacking Queries
Inurl :
inurl:admin
inurl:passwd filetype:txt
Index of :
"Index of /secret "
"Index of /credit-card "
Intitle :
?intitle:index.of?MP3 Songname
?intitle:index.of?ebook BookName
26
Viruses:
♦ Viruses - A virus is a small piece of software that
piggybacks on real programs. For example, a virus
might attach itself to a program such as a spreadsheet
program. Each time the spreadsheet program runs,
the virus runs, too, and it has the chance to reproduce
(by attaching to other programs) or wreak havoc.