ETHICAL HACKING

INTRODUCED BYSIDDHARTH VAIRAGI

INDIAN INSTITUTE OF TECHNICAL COMPUTER APPLICATION

Content•Type Of Hackers•Ethical Hacking•History•Famous Hackers•Process Of Hacking•Virtualization•Footprinting•Scanning•Windows Hacking •System Hacking

•Steganography•Cryptography•Virus / Trojan•Social Engineering1. Phishing2. Email Tracking Bombing

•WiFi Hacking•Mobile Hacking •SQL Injection•Cyber Law•Reference

Type Of Hackers1.White Hat Hackers2.Black Hat Hackers3.Gray Hat Hackers4.Script Kiddies5.Hacktivists6.State Sponsored Hackers7.Spy Hackers8.Suicide 9.C.P Hackers

What is Ethical HackingEthical hacking as the term denotes is used for ethical, legal or good reasons. Ethical Hackers work similarly to any other black hat hacker or cracker but their aim is to provide complete security to any system to prevent other black hat hackers. They find out the loopholes in any operating systems and apply complete security to it so that other hackers would not able to attack the system. Black hat hackers are actually the cyber criminals and ethical hackers are the cyber police. Both had weapons with them but one is using it protect others and other one is using it for damage others. Ethical Hackers do have sound knowledge as what measures that a black hat hacker can take to damage the systems, therefore they applied the security to the system accordingly and thus make the system of any organization completely safe and secure.

Role of Ethical Hackers•There can lots of roles and responsibilities for an ethical hacker, but to summarize their roles and responsibilities a White hat hacker can do the following for an organization

•They can find out the vulnerabilities and loopholes in any IT system.

•Ethical Hackers can also suggest the list of steps that should be taken to prevent the risk on a system and can also provide the system complete security.

•They can recommend any organization about the detailed report and analysis related to security of any IT system.

History Of Hacking

1960's : Hacking is not limited to computers. The real meaning of hacking is to expand the capabilities of any electronic device; to use them beyond the original intentions of the manufacturer. As a matter of fact, the first hackers appeared in the 1960's at the Massachusetts Institute of Technology (MIT), and their first victims were electric trains. They wanted them to perform faster and more efficiently.

1970's(phreaks or phone hackers) : During the 1970's, a different kind of hacker appeared: the phreaks or phone hackers. They learned ways to hack the telephonic system and make phone calls for free. Within these group of people, a phreaker became famous because a simple discovery. John Draper, also known as Captain Crunch, found that he could make long distance calls with a whistle. He built a blue box that could do this and the Esquire magazine published an article on how to build them

Arduino-Based Blue Box (phreaks or phone hackers) Steve Jobs and phone hacking

1980's(Bulletin Board Systems) : During the 1980's, phreaks started to migrate to computers, and the first Bulletin Board Systems (BBS) appeared. BBS are like the yahoo groups of today, were people posted messages of any kind of topics. The BBS used by hackers specialized in tips on how to break into computers, how to use stolen credit card numbers and share stolen computer passwords.

1990's: During the 1990's, when the use of the internet widespread around the world, hackers multiplied, but it wasn't until the end of the decade that system's security became mainstream among the public.

1998’s (military satellite system): Hackers claim to have

broken into a Pentagon network and stolen software for a military satellite system. They threaten to sell the software to terrorists.

2001 (I Love You): The "I Love You" virus debuts on the Internet in May, appearing first in the Philippines, then spreading across the globe in a matter of hours. It causes an estimated $10 billion of damage globally in lost files and computer downtime before a solution is found.

World’s Most Famous Hacker

Jonathan James Kevin Mitnick Albert Gonzalez

Kevin Poulsen Gary McKinnon

Famous Indian Hacker

Ankit FadiaCertified Ethical Hacker

Process Of Hacking

VIRTUALIZATION FOOTPRINTING SCANNING WINDOWSHACKING

SYSTEMHACKING

SQL INJECTION

STEGANOGRAPHYCRYPTOGRAPHYVIRUS / TROJAN

SOCIAL ENGINEERING

WiFi HACKING

MOBILEHACKING

Virtualization:Why is virtualization useful?=>The techniques and features that Virtual Box provides are useful for several scenarios:•Running multiple operating systems simultaneously.•Easier software installations.•Testing and disaster recovery.•Infrastructure consolidation.

Features overview=>Here’s a brief outline of Virtual Box’s main features:•Portability. Virtual Box runs on a large number of 32-bit and 64-bit host operating systems.•No hardware virtualization required.•Guest Additions: shared folders, seamless windows, 3D virtualization

Supported host operating systemsCurrently, Virtual Box runs on the following host operating systems:Windows hosts:•Windows Vista SP1 and later (32-bit and 64-bit1).•Windows Server 2008 (64-bit)•Windows Server 2008 R2 (64-bit)•Windows 7 (32-bit and 64-bit)•Windows 8 (32-bit and 64-bit)•Windows 8.1 (32-bit and 64-bit)•Windows 10 RTM build 10240 (32-bit and 64-bit)•Windows Server 2012 (64-bit)•Windows Server 2012 R2 (64-bit)

Mac OS X hosts (64-bit):•10.8 (Mountain Lion)•10.9 (Mavericks)•10.10 (Yosemite)•10.11 (El Capitan) Intel hardware is required.Linux hosts (32-bit and 64-bit3). Among others, this includes:•Ubuntu 10.04 to 15.04•Debian GNU/Linux 6.0 (“Squeeze”) and 8.0 (“Jessie”)•Oracle Enterprise Linux 5, Oracle Linux 6 and 7•Redhat Enterprise Linux 5, 6 and 7•Fedora Core / Fedora 6 to 22•Gentoo Linux•OpenSUSE 11.4, 12.1, 12.2, 13.1•Mandriva 2011

Starting Virtual Box

After Installed Ubuntu

Use Ubuntu in The Virtual Box

FootprintingWhat is Footprinting ? Footprinting is the first and most convenient way that hackers use to gather information. about computer systems and the companies they belong to. The purpose of footprinting to. learn as much as you can about a system, it's remote access capabilities, its ports and. services, and the aspects of its security.

Identify VulnerabilitiesIt allows attacker to identify Vulnerabilities in the target system in order to select appropriate exploits.

Objectives Of Footprinting•Domain Name•Internal Domain Name•Network Blocks •IP Address Of The reachable System•Rough website / Private Website•TCP & UDP services Running•Access Control Mechanisms and ACL’s•Networking Protocols•VPN Points•IDSes Running Analog/Digital Telephone number•Authentication Mechanisms•System enumeration

Collect System Information•User and group names•System banners•Routing tables•SNMP information

•System architecture•Remote system type•System names•Password

Collect Organization’s information•Employee details•Organization’s Website•Company directory•Location details•Address and phone numbers•Comments in HTML Source Code

•Security policies implemented •Web Server links relevant to the organization•Background of the organization•News articles•Press release

ScanningScanning is the second phase of hackingBy scanning we can find out:•Which all servers are alive (AKA)•Specific IP address•Operating system•System architecture •Service running on each systemTypes of scanning•Port Scanning•Network Scanning•Vulnerability Scanning

Port scanner

Port scanner is an application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify services running on a host and exploit vulnerabilities.

Network scanner

Network scanning is a procedure for identifying active hosts on a network; Scanning procedures, such as ping sweeps and port scan s, return information about which IP addresses map to live hosts that are active on the Internet and what services they offer.

Vulnerability Scanning

The automated process of proactively identifying vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited or threatened; Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet

Windows Hacking

System HackingPassword Hacking:

TYPES OF PASSWORD HACKING

There are of four types of password attack1.passive online attack2.Active online attack3.Offline attack4.Non technical attack

PASSIVE ONLINE ATTACKIn passive online attacks an attacker don’t contact with authorizing party for stealing password, in other words he attempts password hacking but without communicating with victim or victim account. Types of passive online attacks includes wire sniffing, Man in the middle attack and reply attack.

ACTIVE ONLINE ATTACKThis type of attack can be directly termed as password guessing. An attacker tries number of passwords one by one against victim to crack his/her password.

OFFLINE ATTACKOffline password attacks are performed from a location other than the actual computer where the password reside or were used. Offline attacks requires physical access to the computer which stores password file, the attacker copies the password file and then tries to break passwords in his own system. Offline attacks include, dictionary attacks, hybrid attacks, brute force attack, precomputed hash attacks, syllable attacks, rule based attacks and rainbow attacks.

NON TECHNICAL ATTACKThis type of attacks does not require any technical knowledge hence termed as non-technical attacks. This kind of attacks may include, social engineering, shoulder surfing, keyboard sniffing and dumpster diving.

STEGANOGRAPHY

The art and science of hiding information by embedding messages within other, seemingly harmless messages. Steganography works by replacing bits of useless or unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images.Steganography sometimes is used when encryption is not permitted. Or, more commonly, steganography is used to supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen.

TYPES OF STEGANOGRAPHY

•Text Steganography•Image Audio Steganography•Video Steganography

What is Cryptography ?Techniques used for deciphering a message without any knowledge of enciphering details.

Cryptography

Plaintext : A message in its natural format readable by an attacker.Ciphertext : Message altered to be unreadable by anyone except the intended recipients.Key : Sequence that controls the operation and behavior of the cryptographic algorithm.Encryption : The process of converting the plaintext to ciphertext is encryption.Decryption : The reveres process of restoring the plaintext from the ciphertext is decryption

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems.

Virus / Trojan

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Phishing (Social Engineering)

Email tracking is a method for monitoring the email delivery to intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well the IP address of the recipient.

Email Tracking & Bombing (Social Engineering)

WiFi Hacking

Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by accessing the voicemail messages of a mobile phone without the consent of the phone's owner.

Mobile Hacking

Hack All Applica

tions Of

Mobile

Tools of Mobile HackingDroidjack hack

Spy Phone Hack

Hash Suite Droid

SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS).

SQL Injection

IntroductionCyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.We can categorize Cyber crimes in two waysThe Computer as a Target :-using a computer to attack other computers.e.g. Hacking, Virus/Worm attacks, DOS attack etc.The computer as a weapon :-using a computer to commit real world crimes.e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

Cyber Law

• www.iitca.co.in•https://www.eccouncil.org•http://www.cyberlawsindia.net

Reference