Ethical hacking by shivam

Ethical hacking by shivam

• 1.
  #!@ Ethical Hacking byShivam
• 2.
  2 #!@ Ethical Hacking -? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
• 3.
  3 #!@ Ethical Hacking Conforming to acceptedprofessional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good GuysBlack-hat – Bad guys
• 4.
  4 #!@ What is EthicalHacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
• 5.
  5 #!@ Why – EthicalHacking Source: CERT-India January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
• 6.
  6 #!@ Why – EthicalHacking Source: CERT/CCTotal Number of Incidents Incidents
• 7.
  7 #!@ Why – EthicalHacking Source: US - CERT
• 8.
  8 #!@ Why – EthicalHacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
• 9.
  9 #!@ Ethical Hacking -Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
• 10.
  10 #!@ Preparation  Identification ofTargets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
• 11.
  11 #!@ Footprinting Collecting as muchinformation about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
• 12.
  12 #!@ Enumeration & Fingerprinting Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
• 13.
  13 #!@ Identification of Vulnerabilities Vulnerabilities Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
• 14.
  14 #!@ Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
• 15.
  15 #!@ Identification of Vulnerabilities Tools VulnerabilityScanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
• 16.
  16 #!@ Attack – Exploitthe vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
• 17.
  17 #!@ Attack – Exploitthe vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
• 18.
  18 #!@ Attack – Exploitthe vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
• 19.
  19 #!@ Attack – Exploitthe vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
• 20.
  20 #!@ Reporting  Methodology  ExploitedConditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
• 21.
  21 #!@ Ethical Hacking -Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems