Ethical Hacking

BY SACHIN TYAGI

Ethical Hacking - ? Why Ethical Hacking ?

Ethical Hacking - Process

Reporting Ethical Hacking Commandments

Required Skills of an Ethical Hacker

Routers: knowledge of routers, routing protocols, and

access control lists Microsoft: skills in operation, configuration and management. Linux: knowledge of Linux/Unix; security setting, configuration, and services. Firewalls: configurations, and operation of intrusion detection systems. Mainframes Network Protocols: TCP/IP; how they function and can be manipulated. Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team.

What is Ethical Hacking

Also Called Attack & Penetration Testing, White-hat hacking, Red teaming Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent Causing sever damage to Information & Assets Ethical Conforming to accepted professional standards of conduct Black-hat Bad guys White-hat - Good Guys

What is Ethical Hacking

It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at

particular point of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a nondestructive manner

Modes of Ethical Hacking

Insider attack

Outsider attack
Stolen equipment attack Physical entry Bypassed authentication attack (wireless access

points) Social engineering attack

(Source: http://www.examcram.com)

 Hacker classes Black hats highly skilled, malicious, destructive crackers White hats skills used for defensive security analysts Gray hats offensively and defensively; will hack for different reasons, depends on situation. Hactivism hacking for social and political

cause. Ethical hackers determine what attackers can gain access to, what they will do with the information, and can they be detected.

(Source: www.eccouncil.org)

WINDOWS SECURITY
USER ACCOUNTS

NTFS PERMISSIONS
QUOTA MANAGEMENT GROUP POLICY

WINDOWS SECURITY
1. Make a folder on the desktop and name it as folder 2. Now, open notepad and write ren folder folder.{21EC2020-3AEA-1069-A2DD-08002B30309D} and now (Notepad Menu) File>save as. In the save as name it as lock.bat and click save ! (Save it on Desktop)4. Now, again open notepad again and write ren folder.{21EC2020-3AEA-1069-A2DD-08002B30309D} folder and now (Notepad Menu) File>save as.In the save as name it as key.bat and click save ! (Save it on Desktop)

NETWORKING BASICS

TYPES OF HACKING
LOCAL HACKING :-THIS TYPE OF HACKING IS DONE
FROM THE AREA WHERE WE HAVE PHYSICAL ACCESS.

REMOTE HACKING:-REMOTE HACKING IS DONE

REMOTELY BY TAKING ADVANTAGE OF THE VULNERABILITY OF THE TARGET SYSTEM.

SOCIAL ENGINEERING:-SOCIAL ENGINEERING IS

THE ACT OF MANIPULATING PEOPLE.

REAL HACKING STEPS

FOOTPRINTING.

PORT SCANNING.
OS FINGERPRINTING. BANNER GRABING. VULNERABILITY ASSESSEMENT. ATTACK. COVERING TRACK.

FOOTPRINTING
IT IS A PROCESS TO GET MAXIMUM DETAILS

OF TARGET . FIND COMPANY URL. FIND OUT WHO IS RECORD OF TARGET DOMAIN (WHOIS.COM) FIND OUT PHYSICAL LOCATION (WHATIS MYIP.COM) TOOL:-SAM SPADE

PORT SCANNING
PORT IS A MEDIUM OF COMMUNICATION

BETWEEN 2 COMPUTERS EVERY SERVICE ON A HOST IS IDENTYFY BY A UNIQUE 16 BIT NUMBER CALLED PORT.

PORT SCANNER
PORT SCANNER IS A SOFTWARE DESIGNED

TO FIND THE OPEN PORT AND BY THE ADMIN TO CHECK THE SECURITY OF NETWORK. NMAP

OS FINGERPRINTING
OS FINGERPRINTING IS A PROCESS TO FIND

OUT THE OPERATING SYSTEM OF TARGET SYSTEM. NMAP CAN FIND THE OS OF TARGET OS. NETSCANTOOL Pro IS ALSO A SOFTWARE TO FIND THE OS.

BANNER GRABBING
BANNER GRABBING IS AN ATTACK DESIGNED

TO DEDUSE THE BRAND AND VERSION OF AN OPERATING SYSTEM.

VULNERABILITY ASSESSMENT
the word "vulnerability" describes a problem

(such as a programming bug or common misconfiguration) that allows a system to be attacked or broken into. A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. MAINTAIN ACCESS After getting remote access we place a root kit or Trojan virus for future remote access, without any password.

Covering Tracks
Covering Tracks is a process to delete all logs on

the remote system. If target system is linux or UNIX, delete all entries of /var folder and if it is windows os delete all events and logs.

What is exploit? An exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability that the system offers to intruders. Why we are Searching Latest Exploits? Because exploit is a code to enter on remote system or crash the system remotely. How do these weaknesses occur? Many systems are shipped with: known and unknown security holes and bugs, and insecure default settings (passwords, etc.) Many vulnerabilities occur as a result of misconfigurations by system administrators.

What is Malware? Malware, a portmanteau from the words malicious and software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or progra m code.[1] The term "computer virus" is sometimes used as a catchall phrase to include all types of malware, including true viruses. [Source: Wikipedia] Types of Malware 1. Virus 2. Worm 3. Trojan 4. Root Kit 5. Spyware

We can create Trojan viruses with help of Trojan builders(RAT): Best tools to create own Trojan (client) part and to control all infected machines are: 1. Lost door v3.0 Stable* 2. NetBus 2.0 Pro 1.Lost Door : Lost door is a remote administration tool for Microsoft Windows operating systems. You can control and mo
nitor remote computer easily and view what user does. Illegal usage of this software is not allowed. Coder and related site is not responsible for any abuse of the software. Download: http://www.lostdoor.cn

How to Spread Virus: Send email after: 1.File Binding 2. Hide exe into excel file. 3. File name phising

How to Hide File & Folder Super Hidden It is a 100% safe and free method to hide a file or folder from others in your system without using any application.For th is ,open dos prompt and type: For Hide: X:\> attrib +a +r +s +h foldername /s /d [enter] For unhide: X:\> attrib -a -r -s -h foldername /s /d [enter]

PASSWORD HACKING
1. Burn Backtrack 4 iso in DVD and boot from DVD

and after start backtrack with username: root and password: toor and open backtrack_ Privilege Escalation _ Password Attacks _ Chntpw 2. Shell Prompt will be open, First see Hard disk Partions with help of following command: # fdisk l 3. note down windows partion name (like SDA1, HDA1) 4. After type following command: 5. chntpw I /mnt/hda1/windows/system32/config/SAM 6. After type 1 and type username: administrator

Password Hacking through Sniffing*

What is Sniffing?

Sniffing is another technique to use internally. A sniffer or packet capture utility is able to capture any traffic travelling along the network segment to which it is connected. We normally set up sniffers throughout the organization to capture network traffic, hoping to identify valuable information such as user IDs and passwords. We use sniffing to passively capture data being sent across the internal network. Laptops are usually the ideal platform since they are portable and easy to conceal. The system does not even need an IP address since it passively captures the traffic

WINDOWS PASSWORD BREAKING

BY OFLINE BOOT BY DOS (FAT ONLY)

BY OFFLINE NT PASSWORD BREAKER.

BY RECUEKIT.