KEMBAR78
Workshop on Network Security | PDF
UC San Diego, profile picture
Uploaded byUC San Diego
PDF, PPTX2,248 views

Workshop on Network Security

The document discusses various hacking techniques and their implications on security, such as social engineering, ARP poisoning, SQL injection, and cross-site scripting. It emphasizes the need for robust security measures including password complexity, input validation, and awareness of vulnerabilities in web applications and wireless networks. Additionally, it outlines protective mechanisms and specific countermeasures to safeguard against these cyber threats.

Download as PDF, PPTX
Are We Secure ?
What you should know about hacking? • The impact of hacking is much worse than we could possibly imagine.. • A single ID compromised can lead to the devastation of your reputation and even money..
What if your Gmail account is hacked!!
What if FaceBook??!!
Agenda • Social Engineering • ARP Poisoning – MITM • Injection attacks • Cross Site Scripting • Wireless Security • Cross Site Request Forgery • Google Hacking • Linux vs. Microsoft • The Servers FaceOff
To catch a hacker, we should think like one • What does a hacker want? Aaha!! Got it  • Why does he want it? • How he gets it?
• Use at least eight characters, the more characters the better. (safe from Brute Force attacks) • Don't use a word found in a dictionary. (Safe from Dictionary attacks) • Never use the same password twice. (safe for obvious reasons) • Use a random mixture of characters, upper and lower case, numbers, punctuation, spaces and symbols.
Social Engineering is the first attack of the session
• Psychologically manipulating people into performing some action and extracting confidential information, instead of breaking in or using technical cracking skills..
1. Security Question • You got 500 Facebook Friends who could answer all these questions!!
2. Social Networking • Vulnerability : Human tendency to share intimate details of human life. • Though few sites allow us to set privacy controls on visibility, still most of our details are shared to the applications. • So any hacker could exploit this to find information about us.
• Cyber attack on Google in December 2009. • Chinese rebels’ accounts were accessed. • Led to Google pulling out from China. • A combination of Social Engineering and Zero- day vulnerabilities in IE6
Protecting yourself • Be aware that such attacks exist.
DISCLAIMER • Hacking is Illegal • This workshop is for Educational Purposes Only • Only use this stuff on your websites and your own networks.
ARP Poison Routing (APR) MAC Address IP Address Address Resolution Protocol
ARP Poisoning • Usually : Victim  Server • In MITM : Victim  Attacker  Server • Thus the Attacker becomes the “Man in the Middle” (MITM) • This is done using ARP poisoning.
Technique - MITM
Counter Measures • All Your ARP Are Belong To Us ! ! • Encryption • SSL • Always Look out for the SSL Lock , if you are transferring confidential data. • Public Key Cryptography • MD5
PHP - Review • HTML can only display static content. PHP is used for processing. • PHP is a server side scripting language.
• Exploiting the weakness present in the code used for validation. • Technology review: – PHP
Injection attack • THUS A SIMPLE TEXTBOX BECOMES A PORTAL TO THE WEBSERVER. • VULNERABILITY : Input from the user is processed as such by the PHP script in the server.
1. DIRECTORY TRAVERSAL Directory File
Traversing Directories in Windows and Linux – cd ..  Takes us to the parent directory – cd pages  Takes us into the Directory “pages” in the current directory – cd ../etc/files  Goes back to parent directory then enters “etc” directory and then into “files” directory.
Website password.txt Pages Index.html Jive.html Choose.php Pulsar.html Stunner.html
• Apache Tomcat was vulnerable to Directory Traversal attack till version 6.0.18 (fixed July 30,2010) • RAD platform ColdFusion was found vulnerable to DT technique (fixed August 13th , 2010)
Protection mechanisms • Allow only Possible inputs.. • For the chosen scenario, make a list of Bike names.
SQL Injection
A little bit of SQL queries • With SQL, we can query a database and have a result set returned SELECT last_name FROM users WHERE user_id= 10; • Gives a result set like this: last_name rahul
What is SQL Injection? The ability to inject SQL commands into the database engine through an existing application.
How does SQL Injection work? Comments : # , -- username: ' or 1=1 # Password: anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 #AND password = 'anything'
SQL Injection Defense • Input Validation • Reject "select", "insert", "update", "shutdown", "delete", "drop", "--", “#'" • Implement stringent "allow only good" filters • If the input is supposed to be numeric, use a numeric variable in your script to store it. • Magic quotes gpc is an awesome inbuilt input filter for PHP .
Cookies and Sessions • A cookie(client-side) can keep information in the user's browser until deleted. Used for Authentication, site preferences ,focusing Ads. • Sessions (server-side) assigs each user a unique number, called session id. • This session id is stored in a cookie and passed in the URL between pages while the user browses.
XSS
Cross-Site Scripting (XSS) • What is it?: The Web Application is used to store, transport, and deliver malicious active content to an unsuspecting user. • XSS typically results from a web application that takes user input from one user and displays it to another user (or set of users ).
Ways of Launching Cross-Site Scripting Attacks Attacker's script must be sent to the victim o Inter-user communication within the target site (i.e., message board, etc.) o URL provided on a third-party web site (either clicked on by victim user or automatically loaded when visiting a malicious web site) o URL embedded in an email or newsgroup posting
Defending XSS • Remove from user input all characters that are meaningful in scripting languages: – =<>"'(); – You must do this filtering on the server side – You cannot do this filtering using Javascript on the client, because the attacker can get around such filtering • More generally, on the server-side, your application must filter user input to remove: – Quotes of all kinds (', ", and `) – Semicolons (;), Asterisks (*), Percents (%), Underscores (_) • Your best bet – define characters that are good and needed for the particular input (alpha and numeric), and filter everything else out .
• The ever changing network scenario..
What’s so special about Wireless networks? • Use internet anywhere, anytime. • Save a lot of money. • No need to carry cables. • IT IS ALWAYS THERE 
The major problem in wireless networks – Plain text packets • Wireless devices broadcast information. • Access Anywhere, at the same time ACCESS TO ANYONE!!
Need for Wireless Security
Evolution of Wireless Security 1. Open SSID 2. Hidden SSID 3. WEP 4. WPA 5. WPA2
1. Open SSID • The SSID (Service Set Identifier) is a name for the wireless network. SSID SSID • Open SSID – SSID is broadcasted SSID by the access point. SSID • So it is visible to everyone. • And so anyone can connect to our network.
2. Hidden SSID • First layer of security. • The user should know the name of the SSID to connect to the internet. • Problem : Hidden SSIDs could be found using Packet Sniffers.
3. WEP – Wired Equivalent Privacy • Both the client PC and the Access point share a common key (Shared Key). Shared Key • The shared key generates a key-stream using RC4 algorithm. • Then the key-stream is XORed with the plain text to create the cipher text. • The cipher text is sent to the receiver.
Key unchanged  Same key-stream every time • If the shared key used is not changed for every frame transmitted, then the data will be XORed with the same key every time!! • So we use an Initialization Vector (IV) which changes for every frame sent thus making the key-stream unique for every frame using RC4 algorithm.
WEP Simplified
WEP Vulnerability • IV changes for each frame transmitted. • But IV is made up of 24 bits – Therefore only 16 million combinations are possible. So surely the key-stream has to repeat after a while. • If two cipher text frames using same key- stream are captured, then using statistical analysis the plain text can be found.
• Searching for Wifi Networks in a moving vehicle. • Once a Wifi network is found, the place is marked with necessary details to connect to that network. (WAR-CHALKING)
Picture showing availability of an Open SSID network with bandwidth 1.5 Mbps.
Is it not CRUEL?
Cracking the WEP Key • Interested in knowing how your home wireless network is getting poached? • Now on to a Live Demo!
So came WPA – Wifi Protected Alliance • WPA – Temporal Key Integrity Protocol – TKIP (Personal) – EAP (Enterprise) • WPA 2 – (Counter mode with Cipher Block Chaining Message Authentication Protocol) – CCMP (Personal) – EAP (Enterprise)
CSRF
CSRF (Cross Site Request Forgery) • A malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. • XSS exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
Bank Forgery
Social Networks soicalnetwork.com Delete certain friends https://social.com/deletefriends.p Add a person as friend hp?id=66 https://social.com/addfriend.php? id=44 Change the password https://social.com/changepass ?new_pass=hacked attacker’s post(CSRF Code) at blog.net 71
CSRF Defenses • Secret Validation Token <input type=hidden value=23a3af01b> • Referer Validation Referer: http://www.facebook.com/home.php
• The best search engine. • Google hacking is not a exact hack. It just makes hacking easy. • VULNERABILITY : We can google ANYTHING!!
• Version of the server our website uses. • Error messages which contain too much information. • Logon Portals • Files containing passwords.
1. Google Caches • Google caches pages whenever its crawler finds a new page in the internet. • When Cached pages are viewed then the IP address of the hacker is not logged into the system.
2. Download anything from internet • “parent directory” akon mp3 –xxx –html –htm –php –shtml –opendir –md5 –md5sum • The above command returns the directory listing of all files under ‘Akon MP3’. Rest is “Right click” “Save Link As” 
3. Get server information • Google provides information about the server which runs a website.. Some times even passwords • Moreover some error logs in the website’s can be exploited to find the actual internal implementation of a website..
Secure against Google hacks • The password file should be saved in any name other than “password.txt” “Pass.db” or any other obviously funny names. • Exceptions should be handled properly.
LINUX vs. MICROSOFT • Linux has NO open ports by default. But windows has open ports for Windows File Sharing even if no files are shared. • Windows is susceptible to NULL session attack on port 139. • Windows gives the root user the COMPLETE power to rule the PC!!
And that includes me too :P
Are We Secure ?

More Related Content

PPTX
Shmoocon Epilogue 2013 - Ruining security models with SSH
byAndrew Morris
 
PDF
Common crypto attacks and secure implementations
byTrupti Shiralkar, CISSP
 
PDF
Web Security.pdf
byAdityaKumar1548
 
PDF
Heartbleed Overview
bySensePost
 
PDF
CNIT 128 3. Attacking iOS Applications (Part 1)
bySam Bowne
 
PPTX
Rat a-tat-tat
bySensePost
 
PPTX
Offence oriented Defence
bySensePost
 
PDF
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
byAndrew Morris
 
Common crypto attacks and secure implementations
byTrupti Shiralkar, CISSP
 
Web Security.pdf
byAdityaKumar1548
 
Heartbleed Overview
bySensePost
 
CNIT 128 3. Attacking iOS Applications (Part 1)
bySam Bowne
 
Rat a-tat-tat
bySensePost
 
Offence oriented Defence
bySensePost
 
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 

What's hot

PDF
CNIT 129S Ch 7: Attacking Session Management
bySam Bowne
 
PDF
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
bySam Bowne
 
PPTX
Attacking VPN's
byn|u - The Open Security Community
 
PDF
Socially Acceptable Methods to Walk in the Front Door
byMike Felch
 
PDF
Heartbleed && Wireless
byLuis Grangeia
 
PPTX
Offensive Python for Pentesting
byMike Felch
 
PPTX
OSX/Pirrit: The blue balls of OS X adware
byAmit Serper
 
PDF
CNIT 124: Ch 9: Password Attacks
bySam Bowne
 
PDF
Advances in Open Source Password Cracking
byn|u - The Open Security Community
 
PDF
TeelTech - Advancing Mobile Device Forensics (online version)
byMike Felch
 
PDF
Aes jul-upload
bySetia Juli Irzal Ismail
 
PDF
Infosecurity.be 2019: What are relevant open source security tools you should...
byB.A.
 
PPSX
Scratching Your Brain into Dark Web by Arpit Maheshwari
byOWASP Delhi
 
PDF
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
byDefconRussia
 
PPT
BSidesJXN 2017 - Improving Vulnerability Management
byAndrew McNicol
 
PPTX
44CON @ IPexpo - You're fighting an APT with what exactly?
by44CON
 
PPTX
How to do Cryptography right in Android Part One
byArash Ramez
 
PPTX
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
byAndrew Morris
 
PPTX
Creating Havoc using Human Interface Device
byPositive Hack Days
 
PDF
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
byShakacon
 
CNIT 129S Ch 7: Attacking Session Management
bySam Bowne
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
bySam Bowne
 
Attacking VPN's
byn|u - The Open Security Community
 
Socially Acceptable Methods to Walk in the Front Door
byMike Felch
 
Heartbleed && Wireless
byLuis Grangeia
 
Offensive Python for Pentesting
byMike Felch
 
OSX/Pirrit: The blue balls of OS X adware
byAmit Serper
 
CNIT 124: Ch 9: Password Attacks
bySam Bowne
 
Advances in Open Source Password Cracking
byn|u - The Open Security Community
 
TeelTech - Advancing Mobile Device Forensics (online version)
byMike Felch
 
Aes jul-upload
bySetia Juli Irzal Ismail
 
Infosecurity.be 2019: What are relevant open source security tools you should...
byB.A.
 
Scratching Your Brain into Dark Web by Arpit Maheshwari
byOWASP Delhi
 
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
byDefconRussia
 
BSidesJXN 2017 - Improving Vulnerability Management
byAndrew McNicol
 
44CON @ IPexpo - You're fighting an APT with what exactly?
by44CON
 
How to do Cryptography right in Android Part One
byArash Ramez
 
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
byAndrew Morris
 
Creating Havoc using Human Interface Device
byPositive Hack Days
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
byShakacon
 

Similar to Workshop on Network Security

PPTX
Ethical Hacking
byLalit Kumar
 
PPTX
Security concepts
byartisriva
 
PDF
Real life hacking101
byFlorent Batard
 
ODP
a
bySandeep Kumar
 
PDF
Invited Talk - Cyber Security and Open Source
byhack33
 
PPTX
Web Application Vulnerabilities
byPreetish Panda
 
PPT
Security and Linux Security
byRizky Ariestiyansyah
 
PDF
Penetration Testing is the Art of the Manipulation
byJongWon Kim
 
PDF
Websec
byKristaps Kūlis
 
PDF
Web security 101
byKristaps Kūlis
 
KEY
Introduction to web security @ confess 2012
byjakobkorherr
 
PPT
unit1_last.pptsfsfsfsfsgeeyeeeyyeyeywwww
byzmulani8
 
PPTX
Hacking by Pratyush Gupta
byTenet Systems Pvt Ltd
 
PDF
Rich Web App Security - Keeping your application safe
byJeremiah Grossman
 
PPT
hacking lecture 3c.ppt
bypeter722626
 
PPT
Penetration Testing Basics
byRick Wanner
 
PDF
Owasp for dummies handouts
byBCC
 
PDF
CyberIgnite.pdf
byGDSCPUP
 
PDF
Web Application Security with PHP
byjikbal
 
PPTX
Cyber Security By Preetish Panda
byPreetish Panda
 
Ethical Hacking
byLalit Kumar
 
Security concepts
byartisriva
 
Real life hacking101
byFlorent Batard
 
a
bySandeep Kumar
 
Invited Talk - Cyber Security and Open Source
byhack33
 
Web Application Vulnerabilities
byPreetish Panda
 
Security and Linux Security
byRizky Ariestiyansyah
 
Penetration Testing is the Art of the Manipulation
byJongWon Kim
 
Websec
byKristaps Kūlis
 
Web security 101
byKristaps Kūlis
 
Introduction to web security @ confess 2012
byjakobkorherr
 
unit1_last.pptsfsfsfsfsgeeyeeeyyeyeywwww
byzmulani8
 
Hacking by Pratyush Gupta
byTenet Systems Pvt Ltd
 
Rich Web App Security - Keeping your application safe
byJeremiah Grossman
 
hacking lecture 3c.ppt
bypeter722626
 
Penetration Testing Basics
byRick Wanner
 
Owasp for dummies handouts
byBCC
 
CyberIgnite.pdf
byGDSCPUP
 
Web Application Security with PHP
byjikbal
 
Cyber Security By Preetish Panda
byPreetish Panda
 

More from UC San Diego

PDF
A primer on network devices
byUC San Diego
 
PDF
Datacenter traffic demand characterization
byUC San Diego
 
PDF
Smart Homes, Buildings and Internet-of-things
byUC San Diego
 
PDF
Social Networks analysis to characterize HIV at-risk populations - Progress a...
byUC San Diego
 
PDF
eyeTalk - A system for helping people affected by motor neuron problems
byUC San Diego
 
PDF
Pirc net poster
byUC San Diego
 
PDF
Ajaxism
byUC San Diego
 
PDF
Basic terminologies for a developer
byUC San Diego
 
PDF
Fields in computer science
byUC San Diego
 
PDF
Understanding computer networks
byUC San Diego
 
PDF
FOSS Introduction
byUC San Diego
 
PDF
Network Programming with Umit project
byUC San Diego
 
PDF
Introduction to Python
byUC San Diego
 
PDF
Airline reservation system db design
byUC San Diego
 
PPTX
Socket programming in Java (PPTX)
byUC San Diego
 
PDF
Socket programming using java
byUC San Diego
 
PDF
Routing basics
byUC San Diego
 
PDF
Technology Quiz
byUC San Diego
 
PDF
Android application development
byUC San Diego
 
PDF
Pervasive Web Application Architecture
byUC San Diego
 
A primer on network devices
byUC San Diego
 
Datacenter traffic demand characterization
byUC San Diego
 
Smart Homes, Buildings and Internet-of-things
byUC San Diego
 
Social Networks analysis to characterize HIV at-risk populations - Progress a...
byUC San Diego
 
eyeTalk - A system for helping people affected by motor neuron problems
byUC San Diego
 
Pirc net poster
byUC San Diego
 
Ajaxism
byUC San Diego
 
Basic terminologies for a developer
byUC San Diego
 
Fields in computer science
byUC San Diego
 
Understanding computer networks
byUC San Diego
 
FOSS Introduction
byUC San Diego
 
Network Programming with Umit project
byUC San Diego
 
Introduction to Python
byUC San Diego
 
Airline reservation system db design
byUC San Diego
 
Socket programming in Java (PPTX)
byUC San Diego
 
Socket programming using java
byUC San Diego
 
Routing basics
byUC San Diego
 
Technology Quiz
byUC San Diego
 
Android application development
byUC San Diego
 
Pervasive Web Application Architecture
byUC San Diego
 

Recently uploaded

PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PDF
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
PDF
Unlock This Brilliant App Freezur That Builds Brainrot Videos That Captivate ...
bySOFTTECHHUB
 
PDF
The Gory Details of a Full-Featured Userspace CPU Scheduler by Avi Kivity
byScyllaDB
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PPTX
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
PDF
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
PDF
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PDF
“Toward Hardware-agnostic ADAS Implementations for Software-defined Vehicles,...
byEdge AI and Vision Alliance
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PDF
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
PPTX
Enterprise Architecture for Microsoft 365: From Vision to Value
bySimon Denton
 
PDF
Using Copilot with Microsoft Office Apps
byDeb Walther
 
PDF
“Depth Estimation from Monocular Images Using Geometric Foundation Models,” a...
byEdge AI and Vision Alliance
 
PDF
Netflix's Scalable Page Construction with Real-Time Impression History by Sau...
byScyllaDB
 
PPTX
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PDF
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
Unlock This Brilliant App Freezur That Builds Brainrot Videos That Captivate ...
bySOFTTECHHUB
 
The Gory Details of a Full-Featured Userspace CPU Scheduler by Avi Kivity
byScyllaDB
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
“Toward Hardware-agnostic ADAS Implementations for Software-defined Vehicles,...
byEdge AI and Vision Alliance
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
Enterprise Architecture for Microsoft 365: From Vision to Value
bySimon Denton
 
Using Copilot with Microsoft Office Apps
byDeb Walther
 
“Depth Estimation from Monocular Images Using Geometric Foundation Models,” a...
byEdge AI and Vision Alliance
 
Netflix's Scalable Page Construction with Real-Time Impression History by Sau...
byScyllaDB
 
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 

Workshop on Network Security

  • 2.
  • 3.
    What you shouldknow about hacking? • The impact of hacking is much worse than we could possibly imagine.. • A single ID compromised can lead to the devastation of your reputation and even money..
  • 4.
    What if yourGmail account is hacked!!
  • 5.
  • 6.
    Agenda • Social Engineering • ARP Poisoning – MITM • Injection attacks • Cross Site Scripting • Wireless Security • Cross Site Request Forgery • Google Hacking • Linux vs. Microsoft • The Servers FaceOff
  • 7.
    To catch ahacker, we should think like one • What does a hacker want? Aaha!! Got it  • Why does he want it? • How he gets it?
  • 8.
    • Use atleast eight characters, the more characters the better. (safe from Brute Force attacks) • Don't use a word found in a dictionary. (Safe from Dictionary attacks) • Never use the same password twice. (safe for obvious reasons) • Use a random mixture of characters, upper and lower case, numbers, punctuation, spaces and symbols.
  • 9.
    Social Engineering is thefirst attack of the session
  • 10.
    • Psychologically manipulating people into performing some action and extracting confidential information, instead of breaking in or using technical cracking skills..
  • 11.
    1. Security Question •You got 500 Facebook Friends who could answer all these questions!!
  • 12.
    2. Social Networking •Vulnerability : Human tendency to share intimate details of human life. • Though few sites allow us to set privacy controls on visibility, still most of our details are shared to the applications. • So any hacker could exploit this to find information about us.
  • 13.
    • Cyber attackon Google in December 2009. • Chinese rebels’ accounts were accessed. • Led to Google pulling out from China. • A combination of Social Engineering and Zero- day vulnerabilities in IE6
  • 14.
    Protecting yourself • Beaware that such attacks exist.
  • 16.
    DISCLAIMER • Hacking isIllegal • This workshop is for Educational Purposes Only • Only use this stuff on your websites and your own networks.
  • 18.
    ARP Poison Routing(APR) MAC Address IP Address Address Resolution Protocol
  • 19.
    ARP Poisoning • Usually: Victim  Server • In MITM : Victim  Attacker  Server • Thus the Attacker becomes the “Man in the Middle” (MITM) • This is done using ARP poisoning.
  • 20.
  • 21.
    Counter Measures • AllYour ARP Are Belong To Us ! ! • Encryption • SSL • Always Look out for the SSL Lock , if you are transferring confidential data. • Public Key Cryptography • MD5
  • 23.
    PHP - Review •HTML can only display static content. PHP is used for processing. • PHP is a server side scripting language.
  • 25.
    • Exploiting theweakness present in the code used for validation. • Technology review: – PHP
  • 26.
    Injection attack • THUSA SIMPLE TEXTBOX BECOMES A PORTAL TO THE WEBSERVER. • VULNERABILITY : Input from the user is processed as such by the PHP script in the server.
  • 28.
  • 29.
    Traversing Directories inWindows and Linux – cd ..  Takes us to the parent directory – cd pages  Takes us into the Directory “pages” in the current directory – cd ../etc/files  Goes back to parent directory then enters “etc” directory and then into “files” directory.
  • 30.
    Website password.txt Pages Index.html Jive.html Choose.php Pulsar.html Stunner.html
  • 31.
    • Apache Tomcatwas vulnerable to Directory Traversal attack till version 6.0.18 (fixed July 30,2010) • RAD platform ColdFusion was found vulnerable to DT technique (fixed August 13th , 2010)
  • 32.
    Protection mechanisms • Allowonly Possible inputs.. • For the chosen scenario, make a list of Bike names.
  • 34.
  • 35.
    A little bitof SQL queries • With SQL, we can query a database and have a result set returned SELECT last_name FROM users WHERE user_id= 10; • Gives a result set like this: last_name rahul
  • 36.
    What is SQLInjection? The ability to inject SQL commands into the database engine through an existing application.
  • 37.
    How does SQLInjection work? Comments : # , -- username: ' or 1=1 # Password: anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 #AND password = 'anything'
  • 38.
    SQL Injection Defense •Input Validation • Reject "select", "insert", "update", "shutdown", "delete", "drop", "--", “#'" • Implement stringent "allow only good" filters • If the input is supposed to be numeric, use a numeric variable in your script to store it. • Magic quotes gpc is an awesome inbuilt input filter for PHP .
  • 39.
    Cookies and Sessions •A cookie(client-side) can keep information in the user's browser until deleted. Used for Authentication, site preferences ,focusing Ads. • Sessions (server-side) assigs each user a unique number, called session id. • This session id is stored in a cookie and passed in the URL between pages while the user browses.
  • 41.
  • 42.
    Cross-Site Scripting (XSS) •What is it?: The Web Application is used to store, transport, and deliver malicious active content to an unsuspecting user. • XSS typically results from a web application that takes user input from one user and displays it to another user (or set of users ).
  • 43.
    Ways of LaunchingCross-Site Scripting Attacks Attacker's script must be sent to the victim o Inter-user communication within the target site (i.e., message board, etc.) o URL provided on a third-party web site (either clicked on by victim user or automatically loaded when visiting a malicious web site) o URL embedded in an email or newsgroup posting
  • 45.
    Defending XSS • Removefrom user input all characters that are meaningful in scripting languages: – =<>"'(); – You must do this filtering on the server side – You cannot do this filtering using Javascript on the client, because the attacker can get around such filtering • More generally, on the server-side, your application must filter user input to remove: – Quotes of all kinds (', ", and `) – Semicolons (;), Asterisks (*), Percents (%), Underscores (_) • Your best bet – define characters that are good and needed for the particular input (alpha and numeric), and filter everything else out .
  • 48.
    • The everchanging network scenario..
  • 50.
    What’s so specialabout Wireless networks? • Use internet anywhere, anytime. • Save a lot of money. • No need to carry cables. • IT IS ALWAYS THERE 
  • 51.
    The major problemin wireless networks – Plain text packets • Wireless devices broadcast information. • Access Anywhere, at the same time ACCESS TO ANYONE!!
  • 52.
  • 53.
    Evolution of WirelessSecurity 1. Open SSID 2. Hidden SSID 3. WEP 4. WPA 5. WPA2
  • 54.
    1. Open SSID •The SSID (Service Set Identifier) is a name for the wireless network. SSID SSID • Open SSID – SSID is broadcasted SSID by the access point. SSID • So it is visible to everyone. • And so anyone can connect to our network.
  • 55.
    2. Hidden SSID •First layer of security. • The user should know the name of the SSID to connect to the internet. • Problem : Hidden SSIDs could be found using Packet Sniffers.
  • 57.
    3. WEP –Wired Equivalent Privacy • Both the client PC and the Access point share a common key (Shared Key). Shared Key • The shared key generates a key-stream using RC4 algorithm. • Then the key-stream is XORed with the plain text to create the cipher text. • The cipher text is sent to the receiver.
  • 58.
    Key unchanged Same key-stream every time • If the shared key used is not changed for every frame transmitted, then the data will be XORed with the same key every time!! • So we use an Initialization Vector (IV) which changes for every frame sent thus making the key-stream unique for every frame using RC4 algorithm.
  • 59.
  • 60.
    WEP Vulnerability • IVchanges for each frame transmitted. • But IV is made up of 24 bits – Therefore only 16 million combinations are possible. So surely the key-stream has to repeat after a while. • If two cipher text frames using same key- stream are captured, then using statistical analysis the plain text can be found.
  • 61.
    • Searching forWifi Networks in a moving vehicle. • Once a Wifi network is found, the place is marked with necessary details to connect to that network. (WAR-CHALKING)
  • 63.
    Picture showing availability of an Open SSID network with bandwidth 1.5 Mbps.
  • 64.
    Is it notCRUEL?
  • 65.
    Cracking the WEPKey • Interested in knowing how your home wireless network is getting poached? • Now on to a Live Demo!
  • 66.
    So came WPA– Wifi Protected Alliance • WPA – Temporal Key Integrity Protocol – TKIP (Personal) – EAP (Enterprise) • WPA 2 – (Counter mode with Cipher Block Chaining Message Authentication Protocol) – CCMP (Personal) – EAP (Enterprise)
  • 68.
  • 69.
    CSRF (Cross SiteRequest Forgery) • A malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. • XSS exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
  • 70.
  • 71.
    Social Networks soicalnetwork.com Delete certain friends https://social.com/deletefriends.p Add a person as friend hp?id=66 https://social.com/addfriend.php? id=44 Change the password https://social.com/changepass ?new_pass=hacked attacker’s post(CSRF Code) at blog.net 71
  • 72.
    CSRF Defenses • SecretValidation Token <input type=hidden value=23a3af01b> • Referer Validation Referer: http://www.facebook.com/home.php
  • 75.
    • The bestsearch engine. • Google hacking is not a exact hack. It just makes hacking easy. • VULNERABILITY : We can google ANYTHING!!
  • 76.
    • Version ofthe server our website uses. • Error messages which contain too much information. • Logon Portals • Files containing passwords.
  • 77.
    1. Google Caches •Google caches pages whenever its crawler finds a new page in the internet. • When Cached pages are viewed then the IP address of the hacker is not logged into the system.
  • 78.
    2. Download anythingfrom internet • “parent directory” akon mp3 –xxx –html –htm –php –shtml –opendir –md5 –md5sum • The above command returns the directory listing of all files under ‘Akon MP3’. Rest is “Right click” “Save Link As” 
  • 79.
    3. Get serverinformation • Google provides information about the server which runs a website.. Some times even passwords • Moreover some error logs in the website’s can be exploited to find the actual internal implementation of a website..
  • 80.
    Secure against Googlehacks • The password file should be saved in any name other than “password.txt” “Pass.db” or any other obviously funny names. • Exceptions should be handled properly.
  • 84.
    LINUX vs. MICROSOFT •Linux has NO open ports by default. But windows has open ports for Windows File Sharing even if no files are shared. • Windows is susceptible to NULL session attack on port 139. • Windows gives the root user the COMPLETE power to rule the PC!!
  • 85.
  • 86.