What is Ethical Hacking Who is hacker?

History of hacking Types of hacking Why Ethical Hacking Hacking accidents Why do hackers hack? What hackers do after hacking? What do hackers know?

How can kid hack? Why cant Korean kid hack? How can be a real hacker? Why cant defend against hackers? How can protect the system? What should do after hacked? How to translate the hackers language Ethical Hacking - Process Reporting Ethical Hacking Commandments

so Called Attack & Penetration Testing, hite-hat hacking, Red teaming

Hacking
Process of breaking into systems for: Personal or Commercial Gains Malicious Intent Causing sever damage to Information & Assets

Ethical

Conforming to accepted professional standards of conduct Black-hat Bad White-hat - Good guys Guys

 It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at particular point

of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner

Hack
Cut with repeated irregular blows Examine something very minutely

Hacker
The person who hacks

Cracker
System intruder/destroyer

Hacker means cracker nowadays

Meaning has been changed

Telephone hacking
Use telephone freely Its called phreaking

Computer virus
Destroy many computers

Network hacking
Hack the important server remotely and

destroy/modify/disclose the information

Normal data transfer

Interruption

Interception

Modification

Fabrication

Protection from possible External Attacks Social Engineering

Organizational Attacks

Automated Attacks

Restricted Data Accidental Breaches in Security

Viruses, Trojan Horses, and Worms

Denial of Service (DoS)

Internet Worm
Robert T. Morris made an internet worm. It spread through

the internet and crashed about 6000 systems.

Cuckoos Egg
Clifford Stoll caught the hackers who are the German

hackers applied by KGB

IP Spoof
Kevin Mitnick was caught by Tsutomu Shimomura who

was security expert. Kevin Mitnick uses the IP Spoof attack in this accident

Just for fun Show off Hack other systems secretly Notify many people their thought Steal important information Destroy enemys computer network during the war

Patch security hole

The other hackers cant intrude

Clear logs and hide themselves Install rootkit ( backdoor )

The hacker who hacked the system can use the system later It contains trojan ls, ps, and so on

Install irc related program

identd, irc, bitchx, eggdrop, bnc

Install scanner program

mscan, sscan, nmap

Install exploit program Install denial of service program Use all of installed programs silently

Dont know how to use vi Dont know what unix is Dont know what they do Know how to intrude the system Know how to crash the system Know where the hacking programs are

Kid has much of time

Kid can search for longer time than other people

All hacking program is easy to use Kid doesnt have to know how the hacking program

works These kids are called script kiddies

Almost all Korean kids dont know English well Almost all hacking program manuals are written in

English
However, many hacking program manuals are being

translated

Study C/C++/assembly language Study computer architecture Study operating system Study computer network Examine the hacking tools for a month Think the problem of the computer

There are many unknown security hole Hackers need to know only one security hole to hack the

system Admin need to know all security holes to defend the system

Patch security hole often Encrypt important data

Ex) pgp, ssh

Do not run unused daemon Remove unused setuid/setgid program Setup loghost

Backup the system often Setup firewall Setup IDS

Ex) snort

Shutdown the system

Or turn off the system

Separate the system from network Restore the system with the backup
Or reinstall all programs

Connect the system to the network

1 -> i or l 3 -> e 4 -> a 7 -> t 9 -> g 0 -> o $ -> s | -> i or l

|\| -> n |\/| -> m s -> z z -> s f -> ph ph -> f x -> ck ck -> x

Ex)
1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d

1n

I did not hack this page, it was like this when I hacked in

1. 2. 3. 4. 5.

Preparation Footprinting Enumeration & Fingerprinting Identification of Vulnerabilities Attack Exploit the Vulnerabilities

 Identification of Targets company websites, mail servers,

extranets, etc. Signing of Contract

Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing

Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Forums Databases whois, ripe, arin, apnic Tools PING, whois, Traceroute, DIG, nslookup, sam spade

 Specific targets determined Identification of Services / open ports Operating System Enumeration

Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans TCP Connect, TCP SYN, TCP FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner

Vulnerabilities
Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems,

applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control

Methods Unpatched / Possible Vulnerabilities Tools, Vulnerability information Websites Weak Passwords Default Passwords, Brute force, Social Engineering, Listening to Traffic Insecure Programming SQL Injection, Listening to Traffic Weak Access Control Using the Application Logic, SQL Injection

Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic Ethercap, tcpdump Password Crackers John the ripper, LC4, Pwdump Intercepting Web Traffic Achilles, Whisker, Legion

 Obtain as much information (trophies) from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected systems

Last Ditch Effort Denial of Service

Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security

Application Specific Attacks Exploiting implementations

of HTTP, SMTP protocols Gaining access to application Databases SQL Injection Spamming

Exploits Free exploits from Hacker Websites Customised free exploits Internally Developed Tools Nessus, Metasploit Framework,

Methodology Exploited Conditions & Vulnerabilities that could not be

exploited Proof for Exploits - Trophies Practical Security solutions

 Working Ethically Trustworthiness Misuse for personal gain Respecting Privacy Not Crashing the Systems