Académique Documents
Professionnel Documents
Culture Documents
PUROHIT VISHNU
Chapter 1
INTRODUCTION
ETHICAL HACKING
PUROHIT VISHNU hacker may discover information about the client that should remain secret. In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. During an evaluation, the ethical hacker often holds the keys to the company, and therefore must be trusted to exercise tight control over any information about a target that could be misused. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-tofloor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing. Ethical hackers also should possess very strong programming and computer networking skills and have been in the computer and networking business for several years. Another quality needed for ethical hacker is to have more drive and patience than most people since a typical evaluation may require several days of tedious work that is difficult to automate. Some portions of the evaluations must be done outside of normal working hours to avoid interfering with production at live targets or to simulate the timing of a real attack. When they encounter a system with which they are unfamiliar, ethical hackers will spend the time to learn about the system and try to find its weaknesses. Finally, keeping up with the ever-changing world of computer and network security requires continuous education and review.
(2)Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both.
SITE NATHDWARA
Page 2
ETHICAL HACKING
PUROHIT VISHNU There are 2 elements to this section1. Intention to cause wrongful loss or damage or Knowledge of the likelihood of wrongful loss or damage AND 2. Destruction or deletion or alteration of information in a computer or Diminishing value or utility of a computer resource or injuriously affecting a computer resource
Let us discuss the relevant terms and issues in detail. Loss signifies detriment or disadvantage. Loss can be temporary or permanent. Loss can relate to something that the loser has currently or is likely to get in the future. This term is best understood through the following illustrations. Illustration 1 Noodle Ltd runs a commercial email service. Sameer launches a denial of service attack on the Noodle website and brings it down for a few hours. Noodles customers are disgruntled that they were unable to access their emails for a few hours and therefore leave the Noodle services. Noodle has suffered a loss of future revenue that it could have earned from these customers. It has also suffered a loss of goodwill and reputation.
SITE NATHDWARA
Page 3
ETHICAL HACKING
PUROHIT VISHNU
Chapter 2
SECURITY
Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. In the case of networks the security is also called the information security. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Usually the security is described in terms of CIA triads. The CIA are the basic principles of security in which C denotes the Confidentiality, I represents Integrity and the letter A represents the Availability.
Confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems. This implies that the particular data should be seen only by the authorized personals. Those persons who is a passive person should not see those data. For example in the case of a credit card transaction, the authorized person should see the credit card numbers and he should see that data. Nobody others should see that number because they may use it for some other activities. Thus the confidentiality is very important. Confidentiality is necessary for maintaining the privacy of the people whose personal information a system holds. Integrity means that data cannot be modified without authorization. This means that the data seen by the authorized persons should be correct or the data should maintain the property of integrity. Without that integrity the data is of no use. Integrity is violated when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on. In such cases the data is modified and then we can say that there is a breach in the security.
Availability For any information system to serve its purpose, the information must be available when it is needed. Consider the case in which the data should have integrity and confidentiality. For achieving both these goals easily we can make those data off line. But then the data is not available for the user or it is not available. Hence the data SITE NATHDWARA Page 4
ETHICAL HACKING
PUROHIT VISHNU is of no use even if it have all the other characteristics. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. All these factors are considered to be important since data lacking any of the above characteristics is useless. Therefore security is described as the CIA trio. Lacking any one of the CIA means there is a security breach.
SITE NATHDWARA
Page 5
ETHICAL HACKING
PUROHIT VISHNU
Chapter 3
HACKER
A hacker is a person who is interested in a particular subject and have an immense knowledge on that subject. In the world of computers a hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers with advance knowledge of operating systems and programming languages. Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase here: A person who enjoys learning details of a programming language or system A person who enjoys actually doing the programming rather than just theorizing about it A person capable of appreciating someone else's hacking A person who picks up programming quickly A person who is an expert at a particular programming language or system
3.1.1 Black-Hat Hacker A black hat hackers are individuals with extraordinary computing skills, resorting to malicious or destructive activities. That is black hat hackers use their knowledge and skill for their own personal gains probably by hurting others. These black hat hackers are also known as crackers
3.1.2 White-Hat Hacker White hat hackers are those individuals professing hacker skills and using them for defensive purposes. This means that the white hat hackers use their knowledge and SITE NATHDWARA Page 6
ETHICAL HACKING
PUROHIT VISHNU skill for the good of others and for the common good. These white hat hackers are also called as security analysts. 3.1.3 Grey-Hat Hackers These are individuals who work both offensively and defensively at various times. We cannot predict their behaviour. Sometimes they use their skills for the common good while in some other times he uses them for their personal gains.
SITE NATHDWARA
Page 7
ETHICAL HACKING
PUROHIT VISHNU
Chapter 4
HACKING
Hacking a process in which an authenticated person,who is a computer and network expert, attacks a security system on behalf of it`s owners a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. In order to test the system an ethical hacker will use the same principles as the usual hacker uses, but reports those vulnerabilities instead of using them for their own advantage.
SITE NATHDWARA
ETHICAL HACKING
PUROHIT VISHNU
4.3.1 Password Cracking There are many methods for cracking the password and then get in to the system. The simplest method is to guess the password. But this is a tedious work. But in order to make this work easier there are many automated tools for password guessing like legion. Many types of password cracking strategies are used today by the hackers which are described below.
4.3.2 Dictionary cracking In this type of cracking there will be a list of various words like the persons children`s name etc. The automated software will then make use of these words to make different combinations of these words and they will automatically try it to the system.
4.3.3 Brute force cracking This is another type of password cracking which does not have a list of pre compiled words. In this method the software will automatically choose all the combinations of different letters, special characters, symbols etc and try them automatically. This process is of course very tedious and time consuming.
4.3.4 Hybrid cracking This is a combination of both dictionary and hybrid cracking technique. This means that it will first check the combination of words in it inbuilt dictionary and if all of them fails it will try brute force. SITE NATHDWARA Page 9
ETHICAL HACKING
PUROHIT VISHNU
4.4.1 Loftcrack This is a software from @stake which is basically a password audit tool. This software uses the various password cracking methodologies. Loftcrack helps the administrators to find if their users are using an easy password or not. This is very high profile software which uses dictionary cracking then brute force cracking. Some times it uses the precompiled hashes called rainbow tables for cracking the passwords.
4.4.2 Privilege escalation Privilege escalation is the process of raising the privileges once the hacker get in to the system. That is the hacker may get in as an ordinary user. And now he tries to increase his privileges to that of an administrator who can do many things. There are many types of tools available for this.
4.4.3 Metasploit Metasploit is actually a community which provides an online list of vulnerabilities. The hacker can directly download the vulnerabilities and directly use in the target system for privilege escalation and other exploits. Metasploit is a command line tool and is very dangerous as the whole community of black hat hackers are contributing their own findings of different vulnerabilities of different products.
4.4.4 Man in the Middle Attack In this type of system hacking we are not actually cracking the password instead we let all the traffic between a host and a client to go through the hacker system so that he can directly find out the passwords and other details. In the man in the middle attack what a hacker does is he will tell to the user that he is the server and then tell the server that I am the client. SITE NATHDWARA Page 10
ETHICAL HACKING
PUROHIT VISHNU
Chapter 5
SCANNING & ENUMERATION
Scanning is the second phase in the hacking methodology in which the hacker tries to make a blue print of the target network. It is similar to a thief going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked. The blue print includes the ip addresses of the target network which are live, the services which are running on those system and so on. Usually the services run on predetermined ports. For example the web server will be making use of the port no 80. This implies that if the port 80 is open in a particular system we can understand that the targets web server is running in that host. There are different tools used for scanning war dialing and pingers were used earlier but now a days both could be detected easily and hence are not in much use. Modern port scanning uses TCP protocol to do scanning and they could even detect the operating systems running on the particular hosts.
5.2 PINGERS
SITE NATHDWARA
Page 11
ETHICAL HACKING
PUROHIT VISHNU Pingers and yet another category of scanning tools which makes use of the Internet Control Message Protocol(ICMP) packets for scanning. The ICMP is actually used to know if a particular system is alive or not. Pingers using this principle send ICMP packets to all host in a given range if the acknowledgment comes back we can make out that the system is live. Pingers are automated software which sends the ICMP packets to different machines and checking their responses. But most of the firewalls today blocks ICMP and hence they also cannot be used.
ETHICAL HACKING
PUROHIT VISHNU The fig 2.4 show the GUI of the superscan. In this either we can search a particular host or over a range of IP addresses. As an output the software will report the host addresses which are running. There is another option port list setup which will display the set of services which are running on different hosts.
5.5 NMAP
Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. The fig 2.5 shows the GUI of the Nmap. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters or firewalls are in use, and dozens of other characteristics. It can even find the different versions. It was designed to rapidly scan large networks, but works fine against single hosts. We also have the option of different types of scan like syn scan, stealth scan, syn stealth scan etc and using this we can even time the scanning of different ports. Using this software we just need to specify the different host address ranges and the type of scan to be conducted. As an output we get the hosts which are live, the services which are running etc. It can even detect the version of the operating system making use of the fact that different operating systems react differently to the same packets as they use their own protocol stacks.
5.6 ENUMERATION
Enumeration is the ability of a hacker to convince some servers to give them information that is vital to them to make an attack. By doing this the hacker aims to find what resources and shares can be found in the system, what valid user account and user groups are there in the network, what applications will be there etc. Hackers may use this also to find another hosts in the entire network. A common type of enumeration is by making use of the null sessions. Many of the windows operating systems will allow null sessions through which a hacker can log on. A null session is a connection which uses no user name and password. That is a null session is created by keeping the user name and password as null. Once the hacker is logged in then he SITE NATHDWARA Page 13
ETHICAL HACKING
PUROHIT VISHNU start enumeration by issuing some queries to find the list of users and groups either local or active including SID`s, list of hosts, list of shares or processes etc. One of the tools used after logging in using null sessions is NBTscan which allows the hacker to scan the network this helps the hacker to get the user name, resource shares etc. Other tools used are NAT(Netbios Auditing Tool), DumpSec etc.
SITE NATHDWARA
Page 14
ETHICAL HACKING
PUROHIT VISHNU
Chapter 6
MAINTAINING ACCESS
Now the hacker is inside the system by some means by password guessing or exploiting some of it`s vulnerabilities. This means that he is now in a position to upload some files and download some of them. The next aim will be to make an easier path to get in when he comes the next time. This is analogous to making a small hidden door in the building so that he can directly enter in to the building through the door easily. In the network scenario the hacker will do it by uploading some softwares like Trojan horses,sniffers, key stroke loggers etc.
ETHICAL HACKING
PUROHIT VISHNU softwares inside the network and will go out. Then after sometimes when he come back the Trojan software either authenticate the hacker as a valid user or opens some other ports for the hacker to get in. There are many genere of Trojans like password sending/capturing FTP Trojans Keystroke captures Trojans Remote access Trojans Destructive Trojans Proxy Trojans
6.3 WRAPPERS
In the maintaining access phase in the hacking we usually upload some software in to the system so that for some needs. In order to keep the softwares and other data to be hidden from the administrator and other usual user the hackers usually use wrapper software to wrap their contents to some pictures, greeting cards etc so that they seem usual data to the administrators. What the wrapper softwares actually does is they will place the malicious data in to the white spaces in the harmless data. There are some tools like blindslide which will insert and extract the data into just jpeg or bmp pictures. Actually what they does is that they will insert the data into the white spaces that may be present in the files. The most attractive thing is that most of the time they will not alter the size of the file.
6.4 ELITEWRAP
This is a very notorious wrapper software. Elitewrap is a command line tool which wraps one or more Trojans in to a normal file. After the processing the product will look like one program while it will contain many softwares. The speciality of this is that we can even make the Trojans,packed in to it, to get executed when the user open that file. For example consider the case in which the netcat Trojan is packed to a flash greeting card. Now when the user opens the card, in the background, the netcat will start working and will start listening to some ports which will be exploited by the hackers.
SITE NATHDWARA
Page 16
ETHICAL HACKING
PUROHIT VISHNU
Case Study
Type Of Case :Appellant :Respondent :Submited Date :Subject :Decision :Case Details :Cyber Terrorism Maharastra Government Unknown MUMBAI, 20 September 2007 Official Website Of Maharastra Government Hacked Official website has been affected by viruses IT experts were trying yesterday to restore the official website of the government of Maharashtra, which was hacked in the early hours of Tuesday. Rakesh Maria, joint commissioner of police, said that the states IT officials lodged a formal complaint with the Cyber Crime Branch police on Tuesday. He added that the hackers would be tracked down. Yesterday the website, http://www.maharashtragovernment.in , remained blocked. Deputy Chief Minister and Home Minister R.R. Patil confirmed that the Maharashtra government website had been hacked. He added that the state government would seek the help of IT and the Cyber Crime Branch to investigate the hacking. We have taken a serious view of this hacking, and if need be the government would even go further and seek the help of private IT experts. Discussions are in progress between the officials of the IT Department and experts, Patil added. Result of Case:According to a senior official from the state governments IT department, the official website has been affected by viruses on several occasions in the past, but was never hacked.
SITE NATHDWARA
Page 17
ETHICAL HACKING
PUROHIT VISHNU
CONCLUSION
One of the main aim of the seminar is to make others understand that there are so many tools through which a hacker can get in to a system. There are many reasons for everybody should understand about this basics. Lets check its various needs from various perspectives. Student A student should understand that no software is made with zero vulnerabilities. So while they are studying they should study the various possibilities and should study how to prevent that because they are the professionals of tomorrow. If they are not aware of these then they wont be cautious enough in security matters. Users The software is meant for the use of its users. Even if the software menders make the software with high security options with out the help of users it can never be successful. Its like a highly secured building with all doors open carelessly by the insiders. So users must also be aware of such possibilities of hacking so that they could be more cautious in their activities. In the preceding sections we saw the methodology of hacking, why should we aware of hacking and some tools which a hacker may use. Now we can see what can we do against hacking or to protect ourselves from hacking. The first thing we should do is to keep ourselves updated about those softwares we and using for official and reliable sources. Educate the employees and the users against black hat hacking. Use every possible security measures like Honey pots, Intrusion Detection Systems, Firewalls etc. Every time make our password strong by making it harder and longer to be cracked. The final and foremost thing should be to try ETHICAL HACKING at regular intervals.
SITE NATHDWARA
Page 18
ETHICAL HACKING
PUROHIT VISHNU
REFERENCE
BEST BOOKS:[1] Hacking exposed by Stuart McClure [2] Unofficial guide to ethical hacking by Ankit Fadia [3] Google Hacks by Calishain & Cornets BEST WEBSITES:[1] www.google.com [2] www.securityfocus.com [3] www.darkangel.pro.tcq [4] http://www.cybercrimelaw.org/index.cfm - Cybercrime Law [5] http://www.rbs2.com/ccrime.htm#anchor666666 - Computer Crimes, Ronald B.Standler
SITE NATHDWARA
Page 19