47718307 Ethical Hacking Seminar Report (1)

8/18/2019 47718307 Ethical Hacking Seminar Report (1)

1/30

Ethical Hacking 1

INTRODUCTION

The explosive growth of the Internet has brought many good things: electronic

commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and

new avenues for advertising and information distribution, to name a few. As with most

technological advances, there is also a dark side: criminal hackers. overnments, companies,

and private citi!ens around the world are anxious to be a part of this revolution, but they are

afraid that some hacker will break into their "eb server and replace their logo with pornography,

read their e-mail, steal their credit card number from an on-line shopping site, or implant

software that will secretly transmit their organi!ation#s secrets to the open Internet. "ith these

concerns and others, the ethical hacker can help.$thical hacking ,also known as penetration testing or white-hat hacking, involves the

same tools, tricks, and techni%ues that hackers use, but with one ma&or difference that $thical

hacking is legal. $thical hacking is performed with the target's permission. The intent of ethical

hacking is to discover vulnerabilities from a hacker's viewpoint so systems can be better secured.

It's part of an overall information risk management program that allows for ongoing security

improvements. $thical hacking can also ensure that vendors' claims about the security of their

products are legitimate.

1.1 Security

(ecurity is the condition of being protected against danger or loss. In the general sense,

security is a concept similar to safety. In the case of networks the security is also called the

information security. Information security means protecting information and information systems

from unauthori!ed access, use, disclosure, disruption, modification, or destruction. )sually the

security is described in terms of *IA triads. The *IA are the basic principles of security in which

+* denotes the *onfidentiality , +I represents Integrity and the letter +A represents the

Availability.

Department o Computer Science Nirmala College! "u#attupu$ha


2/30

Ethical Hacking %

& Coni'entiality

*onfidentiality is the property of preventing disclosure of information to unauthori!ed

individuals or systems. This implies that the particular data should be seen only by the authori!ed

personals. Those persons who is a passive person should not see those data. or example in thecase of a credit card transaction, the authori!ed person should see the credit card numbers and he

should see that data. obody others should see that number because they may use it for some

other activities. Thus the confidentiality is very important. *onfidentiality is necessary for

maintaining the privacy of the people whose personal information a system holds.

& Integrity

Integrity means that data cannot be modified without authori!ation. This means that thedata seen by the authori!ed persons should be correct or the data should maintain the property of

integrity. "ith out that integrity the data is of no use. Integrity is violated when a computer virus

infects a computer, when an employee is able to modify his own salary in a payroll database,

when an unauthori!ed user vandali!es a web site, when someone is able to cast a very large

number of votes in an online poll, and so on. In such cases the data is modified and then we can

say that there is a breach in the security.

& (#aila)ility

or any information system to serve its purpose, the information must be available when

it is needed. *onsider the case in which the data should have integrity and confidentiality. or

achieving both these goals easily we can make those data off line. /ut then the data is not

available for the user or it is not available. 0ence the data is of no use even if it have all the other

characteristics. This means that the computing systems used to store and process the information,

the security controls used to protect it, and the communication channels used to access it must be

functioning correctly. All these factors are considered to be important since data lacking any of

the above characteristics is useless. Therefore security is described as the *IA trio. 1acking any

one of the *IA means there is a security breach.



3/30

Ethical Hacking *

1.% Nee' or Security

*omputer security is re%uired because most organi!ations can be damaged by hostile

software or intruders. 2oreover security is directly related to business. This is because if acompany losses a series of credit card numbers of it3s customers then many customers would be

hesitant to go back to the same company and that particular company will lose many customer

and hence the business. There may be several forms of damage which are obviously interrelated

which are produced by the intruders. These include:

4 lose of confidential data

4 damage or destruction of data

4 damage or destruction of computer system

4 loss of reputation of a company

There may be many more in the list due to security breaches. This means that security is

absolutely necessary.



4/30

Ethical Hacking +

1.* Hackers

A hacker is a person who is interested in a particular sub&ect and have an immense

knowledge on that sub&ect. In the world of computers a hacker is a person intensely interested in

the arcane and recondite workings of any computer operating system. 2ost often, hackers are

programmers with advance knowledge of operating systems and programming languages. $ric

5aymond, compiler of +The ew 0acker#s 6ictionary, defines a hacker as a clever programmer.

A 7good hack7 is a clever solution to a programming problem and 7hacking7 is the act of doing

it. 5aymond lists five possible characteristics that %ualify one as a hacker, which we paraphrase

here:

4 A person who en&oys learning details of a programming language or system4 A person who en&oys actually doing the programming rather than &ust theori!ing about it

4 A person capable of appreciating someone else#s hacking

4 A person who picks up programming %uickly

4 A person who is an expert at a particular programming language or system

As computers became increasingly available at universities, user communities began to extend

beyond researchers in engineering or computer science to other individuals who viewed the

computer as a curiously flexible tool. "hether they programmed the computers to play games,

draw pictures, or to help them with the more mundane aspects of their daily work, once

computers were available for use, there was never a lack of individuals wanting to use them.

/ecause of this increasing popularity of computers and their continued high cost, access to them

was usually restricted. "hen refused access to the computers, some users would challenge the

access controls that had been put in place. They would steal passwords or account numbers by

looking over someone#s shoulder, explore the system for bugs that might get them past the rules,

or even take control of the whole system. They would do these things in order to be able to run

the programs of their choice, or &ust to change the limitations under which their programs were

running. Initially these computer intrusions were fairly benign, with the most damage being the

theft of computer time.8ther times, these recreations would take the form of practical &okes.

0owever, these intrusions did not stay benign for long. 8ccasionally the less talented, or less



5/30

Ethical Hacking ,

careful, intruders would accidentally bring down a system or damage its files, and the system

administrators would have to restart it or make repairs. 8ther times, when these intruders were

again denied access once their activities were discovered, they would react with purposefully

destructive actions. "hen the number of these destructive computer intrusions became

noticeable, due to the visibility of the system or the extent of the damage inflicted, it became

+news and the news media picked up on the story. Instead of using the more accurate term of

+computer criminal, the media began using the term +hacker to describe individuals who break

into computers for fun, revenge, or profit. (ince calling someone a +hacker was originally

meant as a compliment, computer security professionals prefer to use the term +cracker or

+intruder for those hackers who turn to the dark side of hacking.

Types o Hackers-

0ackers can be broadly classified on the basis of why they are hacking system or why the

are indulging hacking. There are mainly three types of hacker on this basis

4 lack/Hat Hacker

A black hat hackers or crackers are individuals with extraordinary computing skills,

resorting to malicious or destructive activities. That is black hat hackers use their knowledge and

skill for their own personal gains probably by hurting others.

4 0hite/Hat Hacker

"hite hat hackers are those individuals professing hackerskills and using them for

defensive purposes. This means that the white hat hackers use their knowledge and skill for the

good of others and for the common good.

4 rey/Hat Hackers

These are individuals who work both offensively and defensively at various times. "e

cannot predict their behaviour. (ometimes they use their skills for the common good while in

some other times he uses them for their personal gains.



6/30

Ethical Hacking 2

1., Can Hacking e Done Ethically3

6ue to some reasons hacking is always meant in the bad sense and hacking means black hat

hacking. /ut the %uestion is can hacking be done ethically9 The answer is yes because to catch a

thief, think like a thief. That's the basis for ethical hacking. (uppose a person or hacker try to

hack in to a system and if he finds a vulnerability. Also suppose that he reports to the company

that there is a vulnerability. Then the company could make patches for that vulnerability and

hence they could protect themselves from some future attacks from some black hat hacker who

tries to use the same vulnerability. (o unless some body try to find a vulnerability, it remains

hidden and on someday somebody might find these vulnerability and exploit them for their own personal interests. (o this can be done using ethical hacking.



7/30

Ethical Hacking 4

%. ETHIC(5 H(C6IN

Ethical hacking defined as +a methodology adopted by ethical hackers to discover the

vulnerabilities existing in information systems' operating environments.

$thical hacking is also known as penetration testing, intrusion testing or redteaming. "ith

the growth of the Internet, computer security has become a ma&or concern for businesses and

governments. They want to be able to take advantage of the Internet for electronic commerce,

advertising, information distribution and access, and other pursuits, but they are worried about

the possibility of being +hacked. At the same time, the potential customers of these services are

worried about maintaining control of personal information that varies from credit card numbers

to social security numbers and home addresses. In their search for a way to approach the

problem, organi!ations came to reali!e that one of the best ways to evaluate the intruder threat to

their interests would be to have independent computer security professionals attempt to break

into their computer systems. This scheme is called $thical 0acking. This similar to having

independent auditors come into an organi!ation to verify its bookkeeping records. This method

of evaluating the security of a system has been in use from the early days of computers. In one

early ethical hack, the )nited (tates Air orce conducted a +security evaluation of the 2ultics

operating systems for +potential use as a two-level ;secret


8/30

Ethical Hacking 7

measures be taken to ensure the security of the systems being employed by the ethical hackers

themselves: limited-access labs with physical security protection and full ceiling-to-floor walls,

multiple secure Internet connections, a safe to hold paper documentation from clients, strong

cryptography to protect electronic results, and isolated networks for testing. $thical hackers also

should possess very strong programming and computer networking skills and have been in the

computer and networking business for several years. Another %uality needed for ethical hacker is

to have more drive and patience than most people since a typical evaluation may re%uire several

days of tedious work that is difficult to automate. (ome portions of the evaluations must be done

outside of normal working hours to avoid interfering with production at +live targets or to

simulate the timing of a real attack. "hen they encounter a system with which they are

unfamiliar, ethical hackers will spend the time to learn about the system and try to find its

weaknesses. inally, keeping up with the ever-changing world of computer and network security

re%uires continuous education and review.

%.1 0hat 'o an Ethical Hacker 'o3

An ethical hacker is a person doing ethical hacking that is he is a security personal who

tries to penetrate in to a network to find if there is some vulnerability in the system. An ethical

hacker will always have the permission to enter into the target network. An ethical hacker will

first think with a mindset of a hacker who tries to get in to the system. 0e will first find out what

an intruder can see or what others can see. inding these an ethical hacker will try to get into the

system with that information in whatever method he can. If he succeeds in penetrating into the

system then he will report to the company with a detailed report about the particular vulnerability

exploiting which he got in to the system. 0e may also sometimes make patches for that particular

vulnerability or he may suggest some methods to prevent the vulnerability.

%.% Re8uire' Skills o an Ethical Hacker-• 2icrosoft: skills in operation, configuration and management.

• 1inux: knowledge of 1inux security setting, configuration, and services.

• irewalls: configurations, and operation of intrusion detection systems.

• 5outers: knowledge of routers, routing protocols, and access control lists

• 2ainframes

• etwork ?rotocols: T*? how they function and can be manipulated.



9/30

Ethical Hacking 9

• ?ro&ect 2anagement: leading, planning, organi!ing, and controlling a penetration

testing team.

%.* HISTOR: ; H(C6IN TRENDS-

In one early ethical hack, the )nited (tates Air orce conducted a +security evaluation

of the 2ultics operating systems for +potential use as a two-level ;secret


10/30

Ethical Hacking 1<

BBC.



11/30


12/30

Ethical Hacking 1%

Treat the information gathered with the utmost respect. All information you obtain during

your testing E from "eb-application log files to clear-text passwords E must be kept private. If

you sense that someone should know there's a problem, consider sharing that information with

the appropriate manager.

• Not crashing your systems-

8ne of the biggest mistakes hackers try to hack their own systems is inadvertently

crashing their systems. The main reason for this is poor planning. These testers have not read the

documentation or misunderstand the usage and power of the security tools and techni%ues.

(nalogy =ith uil'ing Ro))ing

The methodology of a hacker is similar to the one used for usual thefts. 1ets consider the

case of a bank robbery. The first step will be to find information about the total transaction of the

bank, the total amount of money that may be kept in the bank, who is the manager, if the security

personals have a gun with them etc. This is similar to the reconnaissance phase of hacking. The

next step will be to find the ways through which we can enter the building, how many doors are

present in the building, if there is a lock at each door etc. This is similar to the second stage the

scanning in which we will check which all hosts are present, which all services are running etc.

The third step will be to enter the building which is similar to gaining access. or entering in to a

building we need some keys. 1ike that in case of network we need some ids and passwords.

8nce we entered the building our next aim will be to make an easier way inside when I come

next time which is analogous to the next step maintaining access. In the hacking case we use

Tro&ans,back door worms etc like placing a hidden door inside the building. Then the final step in

which we will try to hide the fact that I entered the building which is analogous to the clearing of

tracks in the case of hacking

%., "etho'ology o Hacking-As described above there are mainly five steps in hacking like reconnaissance, scanning,

gaining access, maintaining access and clearing tracks. /ut it is not the end of the process. The

actual hacking will be a circular one. 8nce the hacker completed the five steps then the hacker

will start reconnaissance in that stage and the preceding stages to get in to the next level.The

various stages in the hacking methodology are

4 5econnaissance



13/30

Ethical Hacking 1*

4 (canning F $numeration

4 aining access

4 2aintaining access

4 *learing tracks

%., .1 Reconnaissance-

The literal meaning of the word reconnaissance means a preliminary survey to gain

information. This is also known as foot-printing. This is the first stage in the methodology of

hacking. As given in the analogy, this is the stage in which the hacker collects information about

the company which the personal is going to hack. This is one of the pre-attacking phases.

5econnaissance refers to the preparatory phase where an attacker learns about all of the possible

attack vectors that can be used in their plan.

In this pre-attack phase we will gather as much as information as possible which are publicly

available. The information includes the domain names, locations contact informations etc. The

basic ob&ective of this phase is to make a methodological mapping of the targets security schema

which results in a uni%ue organi!ation profile with respect to network and system involved. As

we are dealing with the Internet we can find many information here which we may not intend to

put it publicly. "e have many tools for such purposes. These include tools like samspade, email

tracker, visual route etc. The interesting thing to note is that we can even use the simple googling

as a footprinting tool.

%., .% Scanning > Enumeration-

(canning is the second phase in the hacking methodology in which the hacker tries to

make a blue print of the target network. It is similar to a thief going through your neighborhood

and checking every door and window on each house to see which ones are open and which ones

are locked. The blue print includes the ip addresses of the target network which are live, the

services which are running on those system and so on. )sually the services run on predetermined

ports.There are different tools used for scanning war dialing and pingers were used earlier but



14/30

Ethical Hacking 1+

now a days both could be detected easily and hence are not in much use. 2odern port scanning

uses T*? protocol to do scanning and they could even detect the operating systems running on

the particular hosts.

Enumeration-

$numeration is the ability of a hacker to convince some servers to give them information

that is vital to them to make an attack. /y doing this the hacker aims to find what resources and

shares can be found in the system, what valid user account and user groups are there in the

network, what applications will be there etc. 0ackers may use this also to find other hosts in the

entire network.

%., .* aining access-

This is the actual hacking phase in which the hacker gains access to the system. The

hacker will make use of all the information he collected in the pre-attacking phases. )sually the

main hindrance to gaining access to a system is the passwords. (ystem hacking can be

considered as many steps. irst the hacker will try to get in to the system. 8nce he get in to the

system the next thing he want will be to increase his privileges so that he can have more control

over the system. As a normal user the hacker may not be able to see the confidential details or

cannot upload or run the different hack tools for his own personal interest. Another way to crack

in to a system is by the attacks like man in the middle attack.

?ass=or' Cracking-

There are many methods for cracking the password and then get in to the system. The

simplest method is to guess the password. /ut this is a tedious work. /ut in order to make this

work easier there are many automated tools for password guessing like legion. 1egion actually

has an inbuilt dictionary in it and the software will automatically. That is the software it self

generates the password using the dictionary and will check the responses.

Techni%ues used in password cracking are:

. Dictionary cracking



15/30

Ethical Hacking 1,

In this type of cracking there will be a list of various words like the persons children3s

name, birthday etc. The automated software will then make use of these words to make different

combinations of these words and they will automatically try it to the system.

G. rute orce cracking

This is another type of password cracking which does not have a list of pre compiled

words. In this method the software will automatically choose all the combinations of different

letters, special characters, symbols etc and try them automatically. This process is of course very

tedious and time consuming.

C. Hy)ri' cracking

This is a combination of both dictionary and hybrid cracking techni%ue. This means that

it will first check the combination of words in it inbuilt dictionary and if all of them fails it will

try brute force.

4 Social Engineering

The best and the most common method used to crack the password is social engineering.

In this techni%ue the hacker will come in direct contact with the user through a phone call or

some way and directly ask for the password by doing some fraud.

?ri#ilege escalation

?rivilege escalation is the process of raising the privileges once the hacker gets in to the

system. That is the hacker may get in as an ordinary user. And now he tries to increase his

privileges to that of an administrator who can do many things. There are many types of tools

available for this. There are some tools like getadmin attaches the user to some kernel routine so

that the services run by the user look like a system routine rather than user initiated program. The

privilege escalation process usually uses the vulnerabilities present in the host operating system

or the software. There are many tools like hk.exe, metasploit etc. 8ne such community of

hackers is the metasploit.

%., .+ "aintaining (ccess-

ow the hacker is inside the system by some means by password guessing or exploiting

some of it's vulnerabilities. This means that he is now in a position to upload some files and



16/30

Ethical Hacking 12

download some of them. The next aim will be to make an easier path to get in when he comes the

next time. This is analogous to making a small hidden door in the building so that he can directly

enter in to the building through the door easily. In the network scenario the hacker will do it by

uploading some softwares like Tro&an horses, sniffers , key stroke loggers etc.

Hey stroke loggers are actually tools which record every movement of the keys in the

keyboard. There are software and hardware keystroke loggers the directly records the movement

of keys directly. or maintaining access and privilege escalation the hacker who is now inside the

target network will upload the keystroke logging softwares in to the system. The software

keystroke loggers will stay as a middle man between the keyboard driver and the *?). That is

all the keystroke details will directly come to the software so that the tool keeps a copy of them

in a log and forwarding them to the *?).

Tro@an Horses > ack'oors

A Tro&an horse is a destructive program that mas%uerades as a benign application. )nlike

viruses , Tro&an horses do not replicate themselves but they can be &ust as destructive. 8ne of the

most insidious types of Tro&an horse is a program that claims to rid your computer of viruses but

instead introduces viruses on to your computer. The term comes from a reek story of the Tro&an

war in which the reeks fie a giant wooden horse to their foes, the Tro&ans, ostensibly as a peace

offering. /ut after the Tro&ans drag the horse inside their city walls, reek soldiers sneak out of

the horse3s hollow belly and open the city gates, allowing their compatriots to pour in and

capture Troy. enerally a Tro&an is a malware that runs programs that you are either unaware of

or don3t want to have tunning on your system. The hackers will place these Tro&an softwares

inside the network and will go out. Then after sometimes when he come back the Tro&an software

either authenticate the hacker as a valid user or opens some other ports for the hacker to get in.

There are many genere of Tro&ans like

4 password sending


17/30

Ethical Hacking 14

The Tro&ans can be introduced through chat clients, email attachments,physical access to

systems,file sharing,wrappers and through other ?G? softwares. There are many examples for

tro&ans like Tini, netcat, subseven, barkorffice etc. Tini is a very tiny Tro&an which &ust listens to

the port . so after introducing the tini the hacker can send his commands to that port number.

etcat is another Trogen which have the ability to connect to any local port and could start out

bound or inbound T*? or )6? connections to or from any ports. It can even return the command

shell to the hacker through which the hacker can access the system. (ubseven and barkorffice are

other Tro&ans which have a client server architecture which means that the server part will reside

in the target and the hacker can directly access the server with the knowledge of the user.

0rappers

In the maintaining access phase in the hacking we usually upload some software in to the

system so that for some needs. In order to keep the softwares and other data to be hidden from

the administrator and other usual user the hackers usually use wrapper software to wrap their

contents to some pictures, greeting cards etc so that they seem usual data to the administrators.

"hat the wrapper softwares actually does is they will place the malicious data in to the white

spaces in the harmless data. There are some tools like blindslide which will insert and extract the

data into &ust &peg or bmp pictures. Actually what they does is that they will insert the data into

the white spaces that may be present in the files. The most attractive thing is that most of the

time they will not alter the si!e of the file.

Elite=rap

This is a very notorious wrapper software. $litewrap is a command line tool which wraps one

or more Tro&ans in to a normal file. After the processing the product will look like one program

while it will contain many softwares. The speciality of this is that we can even make the

Tro&ans,packed in to it, to get executed when the user open that file. or example consider the

case in which the netcat Tro&an is packed to a flash greeting card. ow when the user opens the

card, in the background, the netcat will start working and will start listening to some ports which

will be exploited by the hackers.

%., ., Clearing Tracks -

ow we come to the final step in the hacking. There is a saying that +everybody knows a

good hacker but nobody knows a great hacker. This means that a good hacker can always clear



18/30

Ethical Hacking 17

tracks or any record that they may be present in the network to prove that he was here. "henever

a hacker downloads some file or installs some software, its log will be stored in the server logs.

(o in order to erase those the hacker uses man tools.

(u'itpol

8ne such tool is windows resource kit's auditpol.exe. This is a command line tool with

which the intruder can easily disable auditing. Another tool which eliminates any physical

evidence is the evidence eliminator. (ometimes apart from the server logs some other in

formations may be stored temporarily. The $vidence $liminator deletes all such evidences.

0in$apper

This is another tool which is used for clearing the tracks. This tool will make a copy of

the log and allows the hackers to edit it. )sing this tool the hacker &ust need to select those logs

to be deleted. Then after the server is rebooted the logs will be deleted.

*. Reporting

Assess your results to see what you uncovered, assuming that the vulnerabilities haven't

been made obvious before now. This is where knowledge counts. $valuating the results and



19/30

Ethical Hacking 19

correlating the specific vulnerabilities discovered is a skill that gets better with experience.

Jou'll end up knowing your systems as well as anyone else. This makes the evaluation process

much simpler moving forward. (ubmit a formal report to upper management or to your

customer, outlining your results

+. ('#antages an' 'isa'#antages

$thical hacking nowadays is the backbone of network security. $ach day its relevance is

increasing,the ma&or pros F cons of ethical hacking are given below:



20/30

Ethical Hacking %<

('#antages

• To catch a thief you have to think like a thief

• 0elps in closing the open holes in the system network

• ?rovides security to banking and financial establishments

•?revents website defacements

• An evolving techni%ue 6isadvantages

• All depends upon the trustworthiness of the ethical hacker

• 0iring professionals is expensive.

Auture enhancements-

• As it an evolving branch the scope of enhancement in technology is immense. o ethical

hacker can ensure the system security by using the same techni%ue repeatedly. 0e would

have to improve, develop and explore new avenues repeatedly.

• 2ore enhanced softwares should be used for optimum protection. Tools used, need to be

updated regularly and more efficient ones need to be developed

,. Ethical hacking tools an' "etho's$thical hackers utili!e and have developed variety of tools to intrude into different kinds of

systems and to evaluate the security levels.The nature of these tools differ widely. 0ere we

describe some of the widely used tools in ethical hacking.

,.1 Samspa'e



21/30

Ethical Hacking %1

(amspade is a simple tool which provides us information about a particular host. This

tool is very much helpful in finding the addresses, phone numbers etc. The fig G. represents the

)I of the samspade tool. In the text field in the top left corner of the window we &ust need to

put the address of the particular host. Then we can find out various information available. The

information given may be phone numbers, contact names, I? addresses , email ids, address range

etc. "e may think that what is the benefit of getting the phone numbers, email ids, addresses etc.

/ut one of the best way to get information about a company is to &ust pick up the phone and ask

the details. Thus we can much information in &ust one click.

Aig %.1 Samspa'e UI

,.% Email Tracker

"e often used to receive many spam messages in our mail box. "e don3t know where it

comes from. $mail tracker is a software which helps us to find from which server does the mail

actually came from. $vey message we receive will have a header associated with it. The email

tracker use this header information for find the location.

The fig G.G shows the )I of the email tracker software. 8ne of the options in the email

tracker is to import the mail header. In this software we &ust need to import the mails header to it.

Then the software finds from which area does that mail come from. That is we will get



22/30

Ethical Hacking %%

information like from which region does the message come from like Asia pacific, $urope etc.

To be more specific we can use another tool visual route to pinpoint the actual location of the

server. The option of connecting to visual route is available in the email tracker. @isual route is a

tool which displays the location a particular server with the help of I? addresses. "hen we

connect this with the email tracker we can find the server which actually send the mail. "e can

use this for finding the location of servers of targets also visually in a map.

Aig %.% Email tracker UI

,.* Bisual Route

The visual route )I have a world map drawn to it. The software will locate the position

of the server in that world map. It will also depict the path though which the message came to

our system. This software will actually provide us with information about the routers through

which the message or the path traced by the mail from the source to the destination. "e may

wonder what is the use of finding the place from which the message came. (uppose you got the

email id of an employee of our target company and we mailed to him telling that u are his

greatest friend. (ome times he may reply you saying that he don3t know you. Then you use the



23/30


24/30

Ethical Hacking %+

successfully connect to the modem. (ome programs can also identify the particular operating

system running in the computer and may also conduct automated penetration testing. In such

cases, the war dialer runs through a predetermined list of common user names and passwords in

an attempt to gain access to the system.

,., ?ingers

?ingers and yet another category of scanning tools which makes use of the Internet

*ontrol 2essage ?rotocol;I*2?= packets for scanning. The I*2? is actually used to know if a

particular system is alive or not. ?ingers using this principle send I*2? packets to all host in a

given range if the acknowledgment comes back we can make out that the system is live. ?ingers

are automated software which sends the I*2? packets to different machines and checking their

responses. /ut most of the firewalls today blocks I*2? and hence they also cannot be used.

,.2 ?ort Scanning

A port scan is a method used by hackers to determine what ports are open or in use on a

system or network. /y using various tools a hacker can send data to T*? or )6? ports one at a

time. /ased on the response received the port scan utility can determine if that port is in use.

)sing this information the hacker can then focus their attack on the ports that are open and try to

exploit any weaknesses to gain access. ?ort scanning software, in its most basic state, simply

sends out a re%uest to connect to the target computer on each port se%uentially and makes a note

of which ports responded or seem open to more in-depth probing. etwork security applications

can be configured to alert administrators if they detect connection re%uests across a broad range

of ports from a single host. To get around this the intruder can do the port scan in strobe or

stealth mode. (trobing limits the ports to a smaller target set rather than blanket scanning all

LMMCL ports. (tealth scanning uses techni%ues such as slowing the scan. /y scanning the ports

over a much longer period of time you reduce the chance that the target will trigger an alert.

,.4 Super Scan

(uper(can is a powerful T*? port scanner, that includes a variety of additional

networking tools like ping, traceroute, 0TT? 0$A6, "08I( and more. It uses multithreaded

and asynchronous techni%ues resulting in extremely fast and versatile scanning. Jou can perform



25/30

Ethical Hacking %,

ping scans and port scans using any I? range or specify a text file to extract addresses from.

8ther features include T*? (J scanning, )6? scanning, 0T21 reports, built-in port

description database, "indows host enumeration, banner grabbing and more.

Aig %.+ Superscan UI

The fig G.N show the )I of the superscan. In this either we can search a particular host or over a

range of I? addresses. As an output the software will report the host addresses which are running.

There is another option port list setup which will display the set of services which are running on

different hosts.

,.7. Nmap

map ;7etwork 2apper7= is a free and open source utility for network exploration or

security auditing. 2any systems and network administrators also find it useful for tasks such as

network inventory, managing service upgrade schedules, and monitoring host or service uptime.

The fig G.M shows the )I of the map.



26/30

Ethical Hacking %2

Aig %., Nmap UI

map uses raw I? packets in novel ways to determine what hosts are availableon the network,

what services those hosts are offering, what operating systems they are running, what type of

packet filters or firewalls are in use, and do!ens of other characteristics. It can even find the

different versions. It was designed to rapidly scan large networks, but works fine against single

hosts. "e also have the option of different types of scan like syn scan, stealth scan, syn stealth

scan etc and using this we can even time the scanning of different ports. )sing this software we

&ust need to specify the different host address ranges and the type of scan to be conducted. As an

output we get the hosts which are live, the services which are running etc. It can even detect the

version of the operating system making use of the fact that different operating systems react

differently to the same packets as they use their own protocol stacks.

,.9 5otcrack



27/30

Ethical Hacking %4

This is a software from Ostake which is basically a password audit tool. This software

uses the various password cracking methodologies. 1oftcrack helps the administrators to find if

their users are using an easy password or not. This is very high profile software which uses

dictionary cracking then brute force cracking. (ome times it uses the precompiled hashes called

rainbow tables for cracking the passwords.

Aig %.2 5otcrack UI

The fig G.L given above shows the )I of loftcrack. )sually in windows the passwords are

stored in the sam file in the config directory of system CG. This file operating system protected

that is we cannot access this file if the operating system is running. /ut with this loftcrack we

&ust need to run a wi!ard to get the details of the passwords stored in the sam file. As seen from

the figure the software used the dictionary of GBML words in this case. It also got options to use

the brute force and pre-compiled hashes.

,.1< "etasploit

2etasploit is actually a community which provides an online list of vulnerabilities. The

hacker can directly download the vulnerabilities and directly use in the target system for

privilege escalation and other exploits. 2etasploit is a command line tool and is very dangerous



28/30

Ethical Hacking %7

as the whole community of black hat hackers are contributing their own findings of different

vulnerabilities of different products.

,.11 "an in the "i''le (ttack

In this type of system hacking we are not actually cracking the password instead we let

all the traffic between a host and a client to go through the hacker system so that he can directly

find out the passwords and other details. In the man in the middle attack what a hacker does is he

will tell to the user that he is the server and then tell the server that I am the client. ow the

client will send packets to the hacker thinking that he is the server and then the hacker instead of

replying forwards a copy of the actual re%uest to the actual server. The server will then reply to

the hacker which will forward a copy of the reply to the actual client. ow the client will think

that he got the reply from the server and the server will think that it replied to the actual client./ut actually the hacker,the man in the middle, also have a copy of the whole traffic from which

he can directly get the needed data or the password using which he can actually hack in.

CONC5USION



29/30

Ethical Hacking %9

8ne of the main aim of the seminar is to make others understand that there are so many

tools through which a hacker can get in to a system. There are many reasons for everybody

should understand about this basics. 1ets check its various needs from various perspectives.

4 Stu'ent

A student should understand that no software is made with !ero vulnerabilities. (o while

they are studying they should study the various possibilities and should study how to prevent that

because they are the professionals of tomorrow.

4 ?roessionals

?rofessionals should understand that business is directly related to security. (o they

should make new software with vulnerabilities as less as possible. If they are not aware of these

then they wont be cautious enough in security matters.

4 Users

The software is meant for the use of its users. $ven if the software menders make the

software with high security options with out the help of users it can never be successful. Its like a

highly secured building with all doors open carelessly by the insiders. (o users must also be

aware of such possibilities of hacking so that they could be more cautious in their activities. In

the preceding sections we saw the methodology of hacking, why should we aware of hacking and

some tools which a hacker may use. ow we can see what can we do against hacking or to

protect ourselves from hacking.

4 The first thing we should do is to keep ourselves updated about those softwares we and using

for official and reliable sources.

4 $ducate the employees and the users against black hat hacking.

4 )se every possible security measures like 0oney pots, Intrusion 6etection (ystems, irewalls

etc.

4 $very time make our password strong by making it harder and longer to be cracked.

4 The final and foremost thing should be to try ETHIC(5 H(C6IN at regular intervals.

REAERENCES



30/30

Ethical Hacking *<

. http:

Date post:	07-Jul-2018
Category:	Documents
Upload:	sushil-ranjan
View:	230 times
Download:	0 times

47718307 Ethical Hacking Seminar Report (1)

Documents