A Project Seminar

On

Ethical Hacking

Submitted By

Vavaliya Piyush D.

Submitted To

Naran Lala

College of Professional & Applied Sciences.

 Introduction

Ethical hacking is the process of entering into a hacker's mindset

in order to spot system vulnerabilities by performing typical hacks in a
controlled environment. Hacking For Dummies by Kevin Beaver helps
security professionals understand how malicious users think and work,
enabling administrators to defend their systems against attacks and to
identify security vulnerabilities.

 History of Hacking:-

a) 1960s : The Dawn of Hacking Original meaning of the word "hack"

started at MIT; meant elegant, witty or inspired way of doing almost
anything; hacks were programming shortcuts
b) 1970s: Phone Phreaks and Cap's Crunch: One preach, John Draper
(aka "Cap'n Crunch"), discovers a toy whistle inside Cap'n Crunch cereal
gives 2600-hertz signal, and can access AT&T's long-distance switching
system.
c) 1970s: Phone Phreaks and Cap'n Crunch: One preach, John
Draper (aka "Cap'n Crunch"), discovers a toy whistle inside Cap'n Crunch
cereal gives 2600-hertz signal, and can access AT&T's long-distance
switching system. Steve Wozniak and Steve Jobs, future founders of Apple
Computer, make and sell blue boxes.

d) 1980: Hacker Message Boards and Groups

Hacking groups form; such as Legion of Doom (US), Chaos Computer Club
(Germany).

e) 1983: Kids' Games

Movie "War Games" introduces public to hacking.

THE GREAT HACKER WAR

f) Legion of Doom vs Masters of Deception; online warfare jamming
phone lines.

g) 1984: Hacker 'Zines

Hacker magazine 2600 publication; online 'zine Phrack.

h) 1986: Congress passes Computer Fraud and Abuse Act; crime to break
into computer systems.

1989: The Germans , the KGB and Kevin Mitnick.

i) German Hackers arrested for breaking into U.S. computers; sold
information to Soviet KGB.

j) Hacker "The Mentor“arrested; publishes Hacker's Manifesto.

 k) Kevin Mantic convicted; first person convicted under law against
gaining access to interstate network for criminal purposes.

What is ethical hacking?

• BASIC MEANING :
In simple words Ethical Hacking is testing the resources for a good
cause and for the betterment of technology. It also means to secure the
system.

• TECHNICAL MEANING :
Technically Ethical Hacking is done by a computer hacker who is hired
by an organization to undertake non malicious hacking work in order to
discover computer-security flaws.

G
W
h
:B
TYPES OF HACKERS
tkL
glyb Sp
in
m ro
rsA
d
Ce
ck
a
 Job of each hacker
 The White Hat Approach:

The term "white hat" in Internet slang refers to an ethical computer hacker, or
a computer security expert, who specializes in penetration testing and in other testing
methodologies to ensure the security of an organization's information systems.

 The Black Hat Approach:

A "black hat" hacker is a hacker who "violates computer security for little
reason beyond maliciousness or for personal gain" .The Black Box model follows a
stochastic approach to the attack .

 The Grey Hat Approach:

The Grey Box approach is essentially a hybrid attack model. It incorporates

elements of both the Black Box and the White Box methods. These are good hackers.
Have genuine license to hack.

Advantages:
a) These are good hackers.
b) Have registered police records
c) Generally owned by companies for security designing
d) They have high salaries

 Script Kiddies or Cyber-Punks: Between age 12-30; bored in school; get

caught due to bragging online .
 Professional Criminals or Crackers: Make a living by breaking into systems
and selling the information.
 Coders and Virus Writers: These have strong programming background and
write code but won’t use it themselves; have their own networks called “zoos”;
leave it to others to release their code into “The Wild” or Internet.

Who are Ethical Hackers?

 One of the best ways to evaluate the intruder threat is to have an independent
computer security professionals attempt to break their computer systems” .

 Successful ethical hackers possess a variety of skills. First and foremost, they
must be completely trustworthy.

 Ethical hackers typically have very strong programming and computer

networking skills.

 They are also adept at installing and maintaining systems that use the more
popular operating systems (e.g., Linux or Windows 2000) used on target systems.

 These base skills are augmented with detailed knowledge of the hardware and
software provided by the more popular computer and networking hardware
vendors.

What do Ethical Hackers do?

 An ethical hacker’s evaluation of a system’s security seeks answers to these basic
questions:

 What can an intruder see on the target systems?

 What can an intruder do with that information?

 Does anyone at the target notice the intruder’s at tempts or successes?

 What are you trying to protect?

 What are you trying to protect against?

  How much time, effort, and money are you willing to expend to obtain
adequate protection?

How much do Ethical Hackers get Paid?

 Globally, the hiring of ethical hackers is on the rise with most of them working
with top consulting firms.

 In the United States, an ethical hacker can make upwards of $120,000 per
annum.

 Freelance ethical hackers can expect to make $10,000 per assignment.

Some ranges from $15,000 to $45,000 for a standalone ethical hack.

Certified Ethical Hacker (C|EH)

Training
  InfoSec Academy

 http://www.infosecacademy.com

• Five-day Certified Ethical Hacker (C|EH) Training

Camp Certification Training Program

• (C|EH) examination

• C|EH Certified Ethical

Hacker Training Camp

(5-Day Package)$3,595
($2,580 training only)

Modes of Ethical Hacking

 Insider attack

 Outsider attack

 Stolen equipment attack

 Physical entry

 Bypassed authentication attack (wireless access points)

 Social engineering attack

Anatomy of an attack:
• Reconnaissance – attacker gathers information; can include social
engineering.
 • Scanning – searches for open ports (port scan) probes target for
vulnerabilities.

• Gaining access – attacker exploits vulnerabilities to get inside system;

used for spoofing IP.

• Maintaining access – creates backdoor through use of Trojans; once

attacker gains access makes sure he/she can get back in.

• Covering tracks – deletes files, hides files, and erases log files. So that
attacker cannot be detected or penalized.

Teaching Resources: Ethical Hacking

Textbooks

Ec-Council
 Ec-Council Topics Covered
 Introduction to Ethical Hacking

 Foot printing

 Scanning

 Enumeration

 System Hacking

 Trojans and Backdoors

 Sniffers

 Denial of Service

 Social Engineering

 Session Hijacking

 Hacking Web Servers

 Ec-Council (Cont.)
 Web Application Vulnerabilities

 Web Based Password Cracking Techniques

 SQL Injection

 Hacking Wireless Networks

 Viruses

 Novell Hacking

 Linux Hacking

 Evading IDS, Firewalls and Honeypots

 Buffer Overflows

 Cryptography

Certified Ethical Hacker Exam Prep

 The Business Aspects of Penetration Testing

 The Technical Foundations of Hacking

 Footprinting and Scanning

 Enumeration and System Hacking

 Linux and automated Security Assessment Tools

 Trojans and Backdoors

 Sniffers, Session Hijacking, and Denial of Service

 Web Server Hacking, Web Applications, and Database Attacks

 Wireless Technologies, Security, and Attacks

 IDS, Firewalls, and Honeypots

 Buffer Overflows, Viruses, and Worms

 Cryptographic Attacks and Defenses

 Physical Security and Social Engineering

 NOW
Some practical Knowledge

How to hack any thing ????

 File Query

 Browser caching

 Cookie and URL hacks

 SQL Injection

 Cross-site Scripting (# 1 threat today!)

Web File Query

 A hacker tests for HTTP (80) or HTTPS (443)

 Does a “View Source” on HTML file to detect directory hierarchy

 Can view sensitive information left by system administrators or programmers

 Database passwords in /include files

Browser Page Caching

 Be aware of differences between browsers!

 Pages with sensitive data should not be cached: page content is easily accessed
using browser’s history.

Cookies and URLs

• Sensitive data in cookies and URLs?

• Issues that arise are Information is stored on a local computer (as files or in the
browser’s history) Unencrypted data can be intercepted on the network and/or
logged into unprotected web log files.

SQL Injection Attacks

 SQL injection is a security vulnerability that occurs in the database layer of an

application.

 Its source is the incorrect escaping of dynamically-generated string literals

embedded in SQL statements.

 Cross-Site Scripting (XSS) Attacks

 Malicious code can secretly gather sensitive data from user while using authentic
website (login, password, cookie).