SlideShare a Scribd company logo

Introduction to Ethical Hacking

Download as PPTX, PDF
N
Neel Kamal

This PPT will give you a brief idea of Ethical Hacking

EducationTechnology
1 of 90
INTRODUCTION TO ETHICAL HACKING By Neel kamal www.thehackbook.com
Hackers
What is Hacking ?  Hacking is the art of finding solutions to real life problems.  The word “ Hack “ is not directly related to computers.
Hacking and Computers  The concept of hacking entered the computer culture at the MIT University in the 1960s.  There are two kinds of students 1. Tools 2. Hackers
1. Tools  A ``tool'' is someone who attends class in the college regularly  is always to be found in the library when no class is meeting,  Always Try to get Excellent grades in the examination.  Sole Aim: get placed in high paying Company
2. Hacker  A ``hacker'' is the opposite: someone who never goes to class,  who in fact sleeps all day,  and who spends the night pursuing recreational activities rather than studying text books. What does this have to do with computers? Originally, nothing.
Hackers vs Tools  There are standards for success as a hacker, just as grades form a standard for success as a tool.  Overall Hackers are more successful in life and they emerge as a leader in their field.
Computer Hackers  Hackers are developers.  Hackers are those geeks and scientists who provide IT solutions to real life problems.  Hackers think beyond the boundaries
Traits of any Hack  It must be clever.  It must produce more good than bad, and it must not be malicious.  It should be unexpected, or out of the ordinary.  It need not pertain to computers.
Hack Ideas  Social Networking site for plants.  Sending sms to smart phone whenever a post man delivers the letter in the letter box.  Sending sms to near & dear ones whenever you reach the destination.
Hackers  Development of Science <><> Hackers
Misconception  What about those who break into systems?  Are they hacker?  The answer is no.
Who is Responsible for misconception  Media  is the root cause of all this misconception.  Lack of Awareness among common students and people.
Crackers  One who breaks into systems illegally are crackers.  They are bad guys or gals
Hacker vs Cracker o Qualities of hacker: Lots of knowledge Good Guy Strong Ethics Helps in catching cyber criminals
Hacker vs Cracker  Qualities of cracker Lots of knowledge Bad ethics Cyber criminals
Skills of Hacker  Learn Programming languages ( C, C++)  Learn scripting languages ( JSP, Python, PHP, perl )  Good knowledge of database and query languages (SQL, YQL, FQL, etc)  Learn Networking (TCP/IP)  Learn to work in Unix  Start playing with web api’s  Learn Assembly Programming
Important Subjects  C and M - I  Data Structures and M-II  DLD , JAVA & web Technology and M-III (Probability)  CSA, OS, DBMS  Microprocessors, Data Communications  Computer Networking  Cryptography & Network Security  Wireless Communication
Getting started to learn Hacking  TCP/IP  IP Address  MAC Address  Ports  Web Architecture  LAN Architecture  DOS Commands
Web Architecture  The Internet is a worldwide, publicly accessible network of interconnected computer networks that transmit data using the standard Internet Protocol (IP).  The terms World Wide Web (WWW) and Internet are not the same
Internet, web, www  The Internet is a collection of interconnected computer networks, linked by copper wires, fiber-optic cables, wireless connections, etc.  Web is a collection of interconnected documents and other resources, linked by hyperlinks and URLs.  The World Wide Web is one of the services accessible via the Internet, along with various others including e-mail, file sharing, online gaming etc
TCP/IP  TCP/IP is the protocol for communication between computers on the Internet.  TCP stands for Transmission Control Protocol  IP stands for Internet Protocol  TCP/IP defines how electronic devices (like computers) should be connected to the Internet, and how data should be transmitted between them.
TCP/IP  Inside the TCP/IP standard there are several protocols for handling data communication: 1. TCP 2. IP 3. ICMP 4. DHCP (Dynamic Host Configuration Protocol) for Dynamic Addressing
TCP/IP  TCP is responsible for breaking data down into IP packets before they are sent, and for assembling the packets when they arrive.  IP is responsible for sending the packets to the correct destination.  IP Routers:- The IP router is responsible for "routing" the packet to the correct destination, directly or via another router.
IP Address  Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network.  An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12  TCP/IP uses four numbers to address a computer. The numbers are always between 0 and 255.
DNS Servers  Names used for TCP/IP addresses are called domain names.  When you address a website e.g. www.thehackbook.com the name is translated to its corresponding IP Address by DNS Servers.  DNS servers contains the list of all registered domain names and their corresponding IP addresses.
MAC Address  Media Access Control (MAC) is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN  MAC addresses are 12-digit hexadecimal numbers (48 bits in length).  MM:MM:MM:SS:SS:SS MM-MM-MM-SS-SS-SS  The first half of a MAC address contains the ID number of the adapter manufacturer. The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer.
Commands  To find IP Address ipconfig  To find MAC Address: ipconfig /all
Ports  1. Hardware Ports  2 Software Ports  There are 65536 software ports in an operating system.
Sockets  The pair of IP address and port numbers separated by a colon is called the socket. e.g- 202.112.67.21:8080 is a socket.
Classification of IP Address  1. Public IP Address  2. Private IP Address  finding public and private IP Address  1. Static IP Address  2. Dynamic IP Address
Network Address Translation (NAT)  The current implementation of IP addressing provides users with a very limited number of IP address .  To solve this shortage problem , a number of organizations have started implementing NAT addressing, which allows them to use a single public IP address for a large number of internal systems having unique private IP addresses.  If any external systems communicates with two different internal systems in NAT network, then it will be impossible to differentiate between two systems.
Working of NAT  Typically a NAT network consists of a large number of the internal systems that are connected to the internet through a routing device known as NAT box.  This NAT box acts as the core & controls all routing , addressing , and interfacing requirements of the network.
NAT  When an internal computer connects to external computer Internal computer(192.168.153.67 :1024) NAT box ( Internal IP Address gets converted to external i.e. public IP address)==== External System (www.thehackbook.com)
NAT Reply from External System External system(www.facebook.com)  NAT box ( NAT box identifies the internal system for which IP packets meant)  Internal System(192.168.153.67)
 Three stages of Hacking any Remote Computer 1. Planning and preparing the attack 2. Gathering information for the attack 3. Executing the attack
Preparing the attack  Steps performed by a good hacker in this stage: 1. Decide which computer they want to hack 2. Then they will find the IP address of the remote computer. 3. Find the exact geographical Location of the computer. 4. Hide their own IP address and identity on internet
Finding remote computer  Lets say a Hacker decides to break into the computer of one of his facebook friends.  Then his first step will be to find the IP address of his friend computer.  So lets discuss what are the possible ways of finding the IP address of any remote computer.
Finding Remote Computer’s IP Address 1. Sending the link of www.whatstheirip.com 2. Through Instant messaging software 3. Through IRC Chat 4. Through your website
MSN , Yahoo , g-talk 3. If you are chatting on other messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friend’s system: Your System------Chat Server---- Friend’s System Friend’s System---------Chat Server------- Your System Thus in this case, you first have to establish a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, goto MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
Instant Messanger 1. Ask your friend to come online and chat with you. 2. Case I: If you are chatting on ICQ, then the following connection exists between your system and your friend’s system: Your System------DIRECT CONNECTION---- Friend’s System Friend’s System---------DIRECT CONNECTION------- Your System Now, goto MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
Getting IP from Website  One can easily log the IP Addresses of all visitors to their website by using simply JAVA applets or JavaScript code.  By using PHP scripts it is possible to determine user’s O.S and Browser’s.  Same can be used to determine the exact geographical location of the visitors.
Counter Measures  Do not accept File transfers or calls from unknown people.  Chat online ONLY after logging on through a Proxy Server.  Don’t click on any suspicious link.
Finding Exact Location  Once you get the IP address of Remote computer try to perform IP lookup  Popular sites for IP Look Up  1. www.ipmango.com  2. www.whois.com
Hiding your IP Address  Proxy Servers: Definition: A Proxy Server acts as a buffer between you and the Internet, hence it protects your identity. Working: Case 1: Your System------Proxy Server---- Friend’s System Case 2: Your System-----Proxy------Chat Server----Friend’s System Good Proxy Servers:  Wingate & WinProxy (For Windows Platform)  Squid (For Unix Platforms)
Proxy Bouncing PROXY BOUNCING Definition: Proxy Bouncing is the phenomenon wherein you connect to several proxy servers and then connect to the actual destination. Working: YOUR SYSTEM--------PROXY 1--------- PROXY 2---------- PROXY 3 ----------------PROXY 4----------PROXY 5----------Destination Tools:  MultiProxy
Onion Routing: Using Tor Network  download it from http://torproject.org
DOS Commands 1. nslookup 2. net view 3. net use 4. net user 5. ping 6. tracert 7. arp 8. route 9. nbtstat 10. netstat 11. ipconfig
Ping This command will allow you to know if the host you pinging is alive, which means if it is up at the time of executing the “ping” command. syntax : ping www.thehackbook.com or OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host down.
nslookup This command has many functionalities. One is for resolving DNS into IP. syntax: nslookup www.thehackbook.com
nslookup  Now, another really nice function of nslookup is to find out IP of specific Mail Severs.  QUOTE nslookup (enter) set type=mx (enter) yahoo.com  This command will give you the mail server IP of yahoo.com. You can use whatever server you want and if it is listed on DNS, then you get the IP. Simple, isn’t it?
tracert  This command will give you the hops that a packet will travel to reach its final destination.  OBS: This command is good to know the route a packet takes before it goes to the target box.  CODE tracert x.x.x.x (x is the IP address)  or  tracert www.thehackbook.com
arp  Address Resolution Protocol  This command will show you the arp table. This is good to know if someone is doing arp poisoning in your LAN. command arp -a
netstat  This command will show you connection to your box.  CODE netstat or  CODE netstat -a (this will show you all the listening ports and connection with DNS names) netstat -n (this will show you all the open connection with IP addresses) netstat -an (this will combined both of the above)
nbtstat  This command will show you the netbios name of the target box.  CODE nbtstat -A x.x.x.x (x is the IP address)  nbtstat -a computername  net view x.x.x.x or computername (will list the available sharing folders on the target box
route  This command will show you the routing table, gateway, interface and metric.  CODE route print
Help  And least but not last, the “help” command.  CODE whatevercommand /help  CODE whatevercommand /?
Gathering Information about remote computer  Recap of first step i.e. preparation of attack  Hiding the IP using proxy bouncing  Tracing IP address using Neotrace, and online databases, Visual Route.  Now change your MAC address before starting Information Gathering step. software :- MacAddressChanger
Information Gathering  Typically during the information Gathering step attacker aims to determine the following information about the target system. 1. Network Topology 2. List of open ports 3. List of services 4. Determine the operating system 5. User Information
Gathering Information  It is Possible to gather all these information using various techniques like 1. Network Reconnaissance - Ping sweeping and Traceroute 2. Port Scanning 3. Daemon Banner Grabbing and Port Enumeration 4. ICMP scanning 5. OS detection using OS Finger printing 6. Sniffing
Scanning Using nmap  C:program filesnmap>nmap –sP thehackbook.com nmap sends ICMP echo request to thehackbook .com To Carry out UDP probing: C:program filesnmap>nmap –PU thehackbook.com C:program filesnmap>nmap –PN thehackbook.com
OS Detection  C:program filesnmap>nmap –O www.google.com  C:program filesnmap>nmap –A www. google.com  Os detection using websites: use PHP script to detect visitors OS and browser
Executing the Attack  DOS Attacks : Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users.  ATTACKER-----Infinite/ Malicious Data----- VICTIM Target Network gets choked or cannot handle the malicious data and hence crashes. As a result, even legitimate clients/ people cannot connect to the target network.
Types of DOS Attacks 1. Ping of Death 2. Teardrop attacks 3. SYN flood attacks 4. Land Attacks 5. Smurf Attacks 6. UDP flood Attacks 7. DDOS Attacks 8. Modem-disconnect Attack
Tear Drop Attack  Data sent from the source to the destination system, is broken down into smaller fragments at the source system and then reassembled into larger chunks at the destination system. For Example, Say data of 4000 bytes is to be sent across a network, then it is broken down into three chunks: 1.CHUNK A contains Bytes 1 to 1500. 2.CHUNK B contains Bytes 1501 to 3000 3.CHUNK C contains Bytes 3001 to 4000
Tear Drop Attack  However, in case of a Teardrop attack, these ranges of data chunks are overlapping. For Example, in case of a Teardrop attack, the same 4000 bytes would be broken down into the below three chunks: 1. CHUNK A contains Bytes 1 to 1500. 2. CHUNK B contains Bytes 1499 to 3000 3. CHUNK C contains Bytes 2999 to 4000  In this example therange of CHUNK A is 1 to 1500, range of CHUNK B is 1499 to 3000 while the range of CHUNK C is 2999 to 4000. Thus, the ranges are overlapping  Since here the ranges are overlapping, the target system gets DOS’ed!!!
Trojan Attacks  Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker. Tools:  Netbus, Girlfriend, Back Orrifice and many others
Sniffers Attack Definition: Sniffers are tools that can capture all data packets being sent across the entire network in the raw form. Working: ATTACKER-----Uses sniffer for spying----- VICTIM  Threats: Password Stealing, IP Violation, Spying etc. Tools:  Tcpdump, Ethereal, Dsniff , wireshark and many more.
Buffer Overflow  Buffer overflow tpically occur due to poor programming and a mismanagement of an application memory by the developer.  E.g. If 5 KB of buffer space has been allocated to an application. If the application then tries to store data of 7 KB in the buffer memory. Then the addition 2 KB of data will have nowhere to go and as a result will overflow.  This additional 2 KB of data which overflowed , will overwrite a legitimate piece of data at another memory location.  As a result system crashes or leads to unwanted execution of some other program.
Types of Buffer Overflows 1. Stack Overflows 2. Format String Overflows 3. Heap Overflows 4. Integer overflows
Stack Overflow steps : 1.Identify and take control of a vulnerable application running on the target computer 2.Identifying the malicious code that you would like to execute on the target computer 3. Exploit the priviledge and access of the victim application to execute the malicious code.
Stack Overflow : Step 1 Identifying a vulnerable  application  Study the source code of the application and test it with different types and sizes of artificial input states (Identify the Test cases for which application fails)
Buffer Overflow : Step 2 Planting the malicious code  Attacker sends malicious command as input or in the form of an argument to the vulnerable application. The malicious input is stored in the temporary buffer memory of the application and then remains ready to be executed as and when required.
Executing the Malicious code  Whenever an application calls a function, a separate activation record for that particular function is created on the stack.  Each activation record contains a return address to which the program control is transferred once the function exits.  If one can change this return address to point to the address where malicious code is stored, then the application will jump to the malicious code as the function is over.  This will lead to the execution of malicious code.
Social Networking Websites Hacking  There is no way to hack some one’s gmail account, orkut account, Facebook account, or yahoo account by breaking into servers.  Generally there are two ways of hacking these accounts 1. By finding the password of account 2. By resetting the password There is no any other way of hacking some one’s profile on social networking websites.
Finding passwords  Social Enginnering  Password guessing  Phishing attacks  Key Loggers  Sniffing attacks  Man in the middle attack  Tab Nabbing- Latest kind of phishing attack
Phshing Attack  Fake login page: Demo.  www.facebook.thehackbook.com  www.gmail.thehackbook.com
Tab Nabbing  Aza Raskin , a design expert discovered and extensively wrote about a deadly new phishing technique that he named TAB Nabbing.  All present day browsers are vulnerable to this kind of attack.  It is also a kind of phshing attack that impersonates other websites and fools users into revealing their personal data like usernames, passwords, credit card details, etc.  It makes use of multiple tabs by browsers to fool the victims.
Steps of Tab Nabbing  Victims opens multiple tabs to his favorite websites & is browsing normally.  Using flash widgets, scripts, browser extensions or cross site scripting attacks, it is possible for an attacker to modify the contents of some other open tab in your browser to may be point to the victims bank, email or corporate login account.
Resetting the password  It is possible for an attacker to find out the answer of secret questions available on gmail or yahoo account for password resetting.  Attacker can find it by means of social engineering.
Windows Hacking  Host File: Directing the redirection windows Location- C:windowssystem 32 driveretc Hosts file can be tweaked to carry out no of interesting hacks 1. Blocking certain websites 2. Redirecting the user to some other website
Recovering the deleted data  When you delete a file , it first goes to the recycle bin. After you empty the recycle bin, then file still remains on the hard disk .  Microsoft windows will only delete the link between the operating system & the deleted file.  This means that the file will not be accessible through windows & MS DOS.  The file will still remains on the hard disk and will be available until windows overwrites it with a new file.
Email Forging Definition: Email Forging is the art of sending an email from the victim’s email account without knowing the password. Working:  ATTACKER-----Sends Forged email----- FROM VICTIM
SMS Forging  SMS spoofing became possible after many mobile/cellular operators had integrated their network communications with/in the Internet.  So anybody could send SMS from the Internet using forms at the websites of mobile operators or even through e-mail.
SMS Forging  The working of SMS is explained as under.  First of all the sender send the SMS via SMS gateway. The identity of the sender is attached to the packer of the SMS.  The SMS once reach the SMS gateway is routed to the destination Gateway and then to the receiver’s handset.  There are many ways by which we can send SMS to the SMS gateway.  One of them is to use internet.
SMS Forging  Now the concept of SMS forging lies in changing the SCCP packer which contains the sender information prior delivering to the SMS gateway.  The intruder can change the SCCP packet and can send that packet to any of the receiver as a spoofed SMS.  Some of the Website on the net also provide this facility.  To provide such service is not legal and the user using this may lead so serious consequences with law.  Website: http://www.spranked.com
Software to Restore the deleted files  Restoration : An excellent recovery software Download: www.aumha.org/a/recover.php
Permanently Erasing the data  Software: Eraser download: http://eraser.heidi.ie/
Windows Toolkit  You can remove the cracks of your windows using it.  Play with your logon screen.
The End  About The Hackbook : The Hackbook is a social utility to promote awareness about Information Security and Ethical Hacking by integrating the concepts of social network and education network.

Recommended

ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPTSweta Leena Panda
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingaashish2cool4u
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBugRaptors
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Cyber security
Cyber securityCyber security
Cyber securityChethanMp7
 

Recommended

ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPTSweta Leena Panda
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingaashish2cool4u
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBugRaptors
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Cyber security
Cyber securityCyber security
Cyber securityChethanMp7
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMonika Deswal
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
PacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingPacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingAPNIC
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAlapan Banerjee
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Hacking
HackingHacking
HackingSharique Masood
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNamrata Raiyani
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorialMSA Technosoft
 

More Related Content

What's hot

Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
PacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingPacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingAPNIC
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 

What's hot (20)

Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber security
Cyber securityCyber security
Cyber security
 
PacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingPacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto Jacking
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Phishing
PhishingPhishing
Phishing
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
Hacking
HackingHacking
Hacking
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Social engineering
Social engineering Social engineering
Social engineering
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Similar to Introduction to Ethical Hacking

Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Web Fundaments
Web FundamentsWeb Fundaments
Web Fundamentschungmd
 
Internet, Intranet & Extranet & IP and MAC
Internet, Intranet & Extranet & IP and MACInternet, Intranet & Extranet & IP and MAC
Internet, Intranet & Extranet & IP and MACAsmita Singh
 
IT infrastructure and Network technologies for Midterm
IT infrastructure and Network technologies for MidtermIT infrastructure and Network technologies for Midterm
IT infrastructure and Network technologies for MidtermMark John Lado, MIT
 
Operating System Fingerprinting Prevention
Operating System Fingerprinting PreventionOperating System Fingerprinting Prevention
Operating System Fingerprinting Preventiondcalhoun1984
 

Similar to Introduction to Ethical Hacking (20)

Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hack the hack
Hack the hackHack the hack
Hack the hack
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
IBPS SO
IBPS SOIBPS SO
IBPS SO
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Hacking for Dummies 2
Hacking for Dummies 2Hacking for Dummies 2
Hacking for Dummies 2
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 
Lecture5_IP_NAT.ppt
Lecture5_IP_NAT.pptLecture5_IP_NAT.ppt
Lecture5_IP_NAT.ppt
 
Lecture5_IP_NAT.ppt
Lecture5_IP_NAT.pptLecture5_IP_NAT.ppt
Lecture5_IP_NAT.ppt
 
Lecture5_IP_NAT.ppt
Lecture5_IP_NAT.pptLecture5_IP_NAT.ppt
Lecture5_IP_NAT.ppt
 
Web Fundaments
Web FundamentsWeb Fundaments
Web Fundaments
 
Internet, Intranet & Extranet & IP and MAC
Internet, Intranet & Extranet & IP and MACInternet, Intranet & Extranet & IP and MAC
Internet, Intranet & Extranet & IP and MAC
 
IT infrastructure and Network technologies for Midterm
IT infrastructure and Network technologies for MidtermIT infrastructure and Network technologies for Midterm
IT infrastructure and Network technologies for Midterm
 
Operating System Fingerprinting Prevention
Operating System Fingerprinting PreventionOperating System Fingerprinting Prevention
Operating System Fingerprinting Prevention
 
Hacking
HackingHacking
Hacking
 

Recently uploaded

social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 

Recently uploaded (20)

Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 

Introduction to Ethical Hacking

  • 1. INTRODUCTION TO ETHICAL HACKING By Neel kamal www.thehackbook.com
  • 3. What is Hacking ?  Hacking is the art of finding solutions to real life problems.  The word “ Hack “ is not directly related to computers.
  • 4. Hacking and Computers  The concept of hacking entered the computer culture at the MIT University in the 1960s.  There are two kinds of students 1. Tools 2. Hackers
  • 5. 1. Tools  A ``tool'' is someone who attends class in the college regularly  is always to be found in the library when no class is meeting,  Always Try to get Excellent grades in the examination.  Sole Aim: get placed in high paying Company
  • 6. 2. Hacker  A ``hacker'' is the opposite: someone who never goes to class,  who in fact sleeps all day,  and who spends the night pursuing recreational activities rather than studying text books. What does this have to do with computers? Originally, nothing.
  • 7. Hackers vs Tools  There are standards for success as a hacker, just as grades form a standard for success as a tool.  Overall Hackers are more successful in life and they emerge as a leader in their field.
  • 8. Computer Hackers  Hackers are developers.  Hackers are those geeks and scientists who provide IT solutions to real life problems.  Hackers think beyond the boundaries
  • 9. Traits of any Hack  It must be clever.  It must produce more good than bad, and it must not be malicious.  It should be unexpected, or out of the ordinary.  It need not pertain to computers.
  • 10. Hack Ideas  Social Networking site for plants.  Sending sms to smart phone whenever a post man delivers the letter in the letter box.  Sending sms to near & dear ones whenever you reach the destination.
  • 11. Hackers  Development of Science <><> Hackers
  • 12. Misconception  What about those who break into systems?  Are they hacker?  The answer is no.
  • 13. Who is Responsible for misconception  Media  is the root cause of all this misconception.  Lack of Awareness among common students and people.
  • 14. Crackers  One who breaks into systems illegally are crackers.  They are bad guys or gals
  • 15. Hacker vs Cracker o Qualities of hacker: Lots of knowledge Good Guy Strong Ethics Helps in catching cyber criminals
  • 16. Hacker vs Cracker  Qualities of cracker Lots of knowledge Bad ethics Cyber criminals
  • 17. Skills of Hacker  Learn Programming languages ( C, C++)  Learn scripting languages ( JSP, Python, PHP, perl )  Good knowledge of database and query languages (SQL, YQL, FQL, etc)  Learn Networking (TCP/IP)  Learn to work in Unix  Start playing with web api’s  Learn Assembly Programming
  • 18. Important Subjects  C and M - I  Data Structures and M-II  DLD , JAVA & web Technology and M-III (Probability)  CSA, OS, DBMS  Microprocessors, Data Communications  Computer Networking  Cryptography & Network Security  Wireless Communication
  • 19. Getting started to learn Hacking  TCP/IP  IP Address  MAC Address  Ports  Web Architecture  LAN Architecture  DOS Commands
  • 20. Web Architecture  The Internet is a worldwide, publicly accessible network of interconnected computer networks that transmit data using the standard Internet Protocol (IP).  The terms World Wide Web (WWW) and Internet are not the same
  • 21. Internet, web, www  The Internet is a collection of interconnected computer networks, linked by copper wires, fiber-optic cables, wireless connections, etc.  Web is a collection of interconnected documents and other resources, linked by hyperlinks and URLs.  The World Wide Web is one of the services accessible via the Internet, along with various others including e-mail, file sharing, online gaming etc
  • 22. TCP/IP  TCP/IP is the protocol for communication between computers on the Internet.  TCP stands for Transmission Control Protocol  IP stands for Internet Protocol  TCP/IP defines how electronic devices (like computers) should be connected to the Internet, and how data should be transmitted between them.
  • 23. TCP/IP  Inside the TCP/IP standard there are several protocols for handling data communication: 1. TCP 2. IP 3. ICMP 4. DHCP (Dynamic Host Configuration Protocol) for Dynamic Addressing
  • 24. TCP/IP  TCP is responsible for breaking data down into IP packets before they are sent, and for assembling the packets when they arrive.  IP is responsible for sending the packets to the correct destination.  IP Routers:- The IP router is responsible for "routing" the packet to the correct destination, directly or via another router.
  • 25. IP Address  Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network.  An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12  TCP/IP uses four numbers to address a computer. The numbers are always between 0 and 255.
  • 26. DNS Servers  Names used for TCP/IP addresses are called domain names.  When you address a website e.g. www.thehackbook.com the name is translated to its corresponding IP Address by DNS Servers.  DNS servers contains the list of all registered domain names and their corresponding IP addresses.
  • 27. MAC Address  Media Access Control (MAC) is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN  MAC addresses are 12-digit hexadecimal numbers (48 bits in length).  MM:MM:MM:SS:SS:SS MM-MM-MM-SS-SS-SS  The first half of a MAC address contains the ID number of the adapter manufacturer. The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer.
  • 28. Commands  To find IP Address ipconfig  To find MAC Address: ipconfig /all
  • 29. Ports  1. Hardware Ports  2 Software Ports  There are 65536 software ports in an operating system.
  • 30. Sockets  The pair of IP address and port numbers separated by a colon is called the socket. e.g- 202.112.67.21:8080 is a socket.
  • 31. Classification of IP Address  1. Public IP Address  2. Private IP Address  finding public and private IP Address  1. Static IP Address  2. Dynamic IP Address
  • 32. Network Address Translation (NAT)  The current implementation of IP addressing provides users with a very limited number of IP address .  To solve this shortage problem , a number of organizations have started implementing NAT addressing, which allows them to use a single public IP address for a large number of internal systems having unique private IP addresses.  If any external systems communicates with two different internal systems in NAT network, then it will be impossible to differentiate between two systems.
  • 33. Working of NAT  Typically a NAT network consists of a large number of the internal systems that are connected to the internet through a routing device known as NAT box.  This NAT box acts as the core & controls all routing , addressing , and interfacing requirements of the network.
  • 34. NAT  When an internal computer connects to external computer Internal computer(192.168.153.67 :1024) NAT box ( Internal IP Address gets converted to external i.e. public IP address)==== External System (www.thehackbook.com)
  • 35. NAT Reply from External System External system(www.facebook.com)  NAT box ( NAT box identifies the internal system for which IP packets meant)  Internal System(192.168.153.67)
  • 36.  Three stages of Hacking any Remote Computer 1. Planning and preparing the attack 2. Gathering information for the attack 3. Executing the attack
  • 37. Preparing the attack  Steps performed by a good hacker in this stage: 1. Decide which computer they want to hack 2. Then they will find the IP address of the remote computer. 3. Find the exact geographical Location of the computer. 4. Hide their own IP address and identity on internet
  • 38. Finding remote computer  Lets say a Hacker decides to break into the computer of one of his facebook friends.  Then his first step will be to find the IP address of his friend computer.  So lets discuss what are the possible ways of finding the IP address of any remote computer.
  • 39. Finding Remote Computer’s IP Address 1. Sending the link of www.whatstheirip.com 2. Through Instant messaging software 3. Through IRC Chat 4. Through your website
  • 40. MSN , Yahoo , g-talk 3. If you are chatting on other messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friend’s system: Your System------Chat Server---- Friend’s System Friend’s System---------Chat Server------- Your System Thus in this case, you first have to establish a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, goto MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
  • 41. Instant Messanger 1. Ask your friend to come online and chat with you. 2. Case I: If you are chatting on ICQ, then the following connection exists between your system and your friend’s system: Your System------DIRECT CONNECTION---- Friend’s System Friend’s System---------DIRECT CONNECTION------- Your System Now, goto MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
  • 42. Getting IP from Website  One can easily log the IP Addresses of all visitors to their website by using simply JAVA applets or JavaScript code.  By using PHP scripts it is possible to determine user’s O.S and Browser’s.  Same can be used to determine the exact geographical location of the visitors.
  • 43. Counter Measures  Do not accept File transfers or calls from unknown people.  Chat online ONLY after logging on through a Proxy Server.  Don’t click on any suspicious link.
  • 44. Finding Exact Location  Once you get the IP address of Remote computer try to perform IP lookup  Popular sites for IP Look Up  1. www.ipmango.com  2. www.whois.com
  • 45. Hiding your IP Address  Proxy Servers: Definition: A Proxy Server acts as a buffer between you and the Internet, hence it protects your identity. Working: Case 1: Your System------Proxy Server---- Friend’s System Case 2: Your System-----Proxy------Chat Server----Friend’s System Good Proxy Servers:  Wingate & WinProxy (For Windows Platform)  Squid (For Unix Platforms)
  • 46. Proxy Bouncing PROXY BOUNCING Definition: Proxy Bouncing is the phenomenon wherein you connect to several proxy servers and then connect to the actual destination. Working: YOUR SYSTEM--------PROXY 1--------- PROXY 2---------- PROXY 3 ----------------PROXY 4----------PROXY 5----------Destination Tools:  MultiProxy
  • 47. Onion Routing: Using Tor Network  download it from http://torproject.org
  • 48. DOS Commands 1. nslookup 2. net view 3. net use 4. net user 5. ping 6. tracert 7. arp 8. route 9. nbtstat 10. netstat 11. ipconfig
  • 49. Ping This command will allow you to know if the host you pinging is alive, which means if it is up at the time of executing the “ping” command. syntax : ping www.thehackbook.com or OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host down.
  • 50. nslookup This command has many functionalities. One is for resolving DNS into IP. syntax: nslookup www.thehackbook.com
  • 51. nslookup  Now, another really nice function of nslookup is to find out IP of specific Mail Severs.  QUOTE nslookup (enter) set type=mx (enter) yahoo.com  This command will give you the mail server IP of yahoo.com. You can use whatever server you want and if it is listed on DNS, then you get the IP. Simple, isn’t it?
  • 52. tracert  This command will give you the hops that a packet will travel to reach its final destination.  OBS: This command is good to know the route a packet takes before it goes to the target box.  CODE tracert x.x.x.x (x is the IP address)  or  tracert www.thehackbook.com
  • 53. arp  Address Resolution Protocol  This command will show you the arp table. This is good to know if someone is doing arp poisoning in your LAN. command arp -a
  • 54. netstat  This command will show you connection to your box.  CODE netstat or  CODE netstat -a (this will show you all the listening ports and connection with DNS names) netstat -n (this will show you all the open connection with IP addresses) netstat -an (this will combined both of the above)
  • 55. nbtstat  This command will show you the netbios name of the target box.  CODE nbtstat -A x.x.x.x (x is the IP address)  nbtstat -a computername  net view x.x.x.x or computername (will list the available sharing folders on the target box
  • 56. route  This command will show you the routing table, gateway, interface and metric.  CODE route print
  • 57. Help  And least but not last, the “help” command.  CODE whatevercommand /help  CODE whatevercommand /?
  • 58. Gathering Information about remote computer  Recap of first step i.e. preparation of attack  Hiding the IP using proxy bouncing  Tracing IP address using Neotrace, and online databases, Visual Route.  Now change your MAC address before starting Information Gathering step. software :- MacAddressChanger
  • 59. Information Gathering  Typically during the information Gathering step attacker aims to determine the following information about the target system. 1. Network Topology 2. List of open ports 3. List of services 4. Determine the operating system 5. User Information
  • 60. Gathering Information  It is Possible to gather all these information using various techniques like 1. Network Reconnaissance - Ping sweeping and Traceroute 2. Port Scanning 3. Daemon Banner Grabbing and Port Enumeration 4. ICMP scanning 5. OS detection using OS Finger printing 6. Sniffing
  • 61. Scanning Using nmap  C:program filesnmap>nmap –sP thehackbook.com nmap sends ICMP echo request to thehackbook .com To Carry out UDP probing: C:program filesnmap>nmap –PU thehackbook.com C:program filesnmap>nmap –PN thehackbook.com
  • 62. OS Detection  C:program filesnmap>nmap –O www.google.com  C:program filesnmap>nmap –A www. google.com  Os detection using websites: use PHP script to detect visitors OS and browser
  • 63. Executing the Attack  DOS Attacks : Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users.  ATTACKER-----Infinite/ Malicious Data----- VICTIM Target Network gets choked or cannot handle the malicious data and hence crashes. As a result, even legitimate clients/ people cannot connect to the target network.
  • 64. Types of DOS Attacks 1. Ping of Death 2. Teardrop attacks 3. SYN flood attacks 4. Land Attacks 5. Smurf Attacks 6. UDP flood Attacks 7. DDOS Attacks 8. Modem-disconnect Attack
  • 65. Tear Drop Attack  Data sent from the source to the destination system, is broken down into smaller fragments at the source system and then reassembled into larger chunks at the destination system. For Example, Say data of 4000 bytes is to be sent across a network, then it is broken down into three chunks: 1.CHUNK A contains Bytes 1 to 1500. 2.CHUNK B contains Bytes 1501 to 3000 3.CHUNK C contains Bytes 3001 to 4000
  • 66. Tear Drop Attack  However, in case of a Teardrop attack, these ranges of data chunks are overlapping. For Example, in case of a Teardrop attack, the same 4000 bytes would be broken down into the below three chunks: 1. CHUNK A contains Bytes 1 to 1500. 2. CHUNK B contains Bytes 1499 to 3000 3. CHUNK C contains Bytes 2999 to 4000  In this example therange of CHUNK A is 1 to 1500, range of CHUNK B is 1499 to 3000 while the range of CHUNK C is 2999 to 4000. Thus, the ranges are overlapping  Since here the ranges are overlapping, the target system gets DOS’ed!!!
  • 67. Trojan Attacks  Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker. Tools:  Netbus, Girlfriend, Back Orrifice and many others
  • 68. Sniffers Attack Definition: Sniffers are tools that can capture all data packets being sent across the entire network in the raw form. Working: ATTACKER-----Uses sniffer for spying----- VICTIM  Threats: Password Stealing, IP Violation, Spying etc. Tools:  Tcpdump, Ethereal, Dsniff , wireshark and many more.
  • 69. Buffer Overflow  Buffer overflow tpically occur due to poor programming and a mismanagement of an application memory by the developer.  E.g. If 5 KB of buffer space has been allocated to an application. If the application then tries to store data of 7 KB in the buffer memory. Then the addition 2 KB of data will have nowhere to go and as a result will overflow.  This additional 2 KB of data which overflowed , will overwrite a legitimate piece of data at another memory location.  As a result system crashes or leads to unwanted execution of some other program.
  • 70. Types of Buffer Overflows 1. Stack Overflows 2. Format String Overflows 3. Heap Overflows 4. Integer overflows
  • 71. Stack Overflow steps : 1.Identify and take control of a vulnerable application running on the target computer 2.Identifying the malicious code that you would like to execute on the target computer 3. Exploit the priviledge and access of the victim application to execute the malicious code.
  • 72. Stack Overflow : Step 1 Identifying a vulnerable  application  Study the source code of the application and test it with different types and sizes of artificial input states (Identify the Test cases for which application fails)
  • 73. Buffer Overflow : Step 2 Planting the malicious code  Attacker sends malicious command as input or in the form of an argument to the vulnerable application. The malicious input is stored in the temporary buffer memory of the application and then remains ready to be executed as and when required.
  • 74. Executing the Malicious code  Whenever an application calls a function, a separate activation record for that particular function is created on the stack.  Each activation record contains a return address to which the program control is transferred once the function exits.  If one can change this return address to point to the address where malicious code is stored, then the application will jump to the malicious code as the function is over.  This will lead to the execution of malicious code.
  • 75. Social Networking Websites Hacking  There is no way to hack some one’s gmail account, orkut account, Facebook account, or yahoo account by breaking into servers.  Generally there are two ways of hacking these accounts 1. By finding the password of account 2. By resetting the password There is no any other way of hacking some one’s profile on social networking websites.
  • 76. Finding passwords  Social Enginnering  Password guessing  Phishing attacks  Key Loggers  Sniffing attacks  Man in the middle attack  Tab Nabbing- Latest kind of phishing attack
  • 77. Phshing Attack  Fake login page: Demo.  www.facebook.thehackbook.com  www.gmail.thehackbook.com
  • 78. Tab Nabbing  Aza Raskin , a design expert discovered and extensively wrote about a deadly new phishing technique that he named TAB Nabbing.  All present day browsers are vulnerable to this kind of attack.  It is also a kind of phshing attack that impersonates other websites and fools users into revealing their personal data like usernames, passwords, credit card details, etc.  It makes use of multiple tabs by browsers to fool the victims.
  • 79. Steps of Tab Nabbing  Victims opens multiple tabs to his favorite websites & is browsing normally.  Using flash widgets, scripts, browser extensions or cross site scripting attacks, it is possible for an attacker to modify the contents of some other open tab in your browser to may be point to the victims bank, email or corporate login account.
  • 80. Resetting the password  It is possible for an attacker to find out the answer of secret questions available on gmail or yahoo account for password resetting.  Attacker can find it by means of social engineering.
  • 81. Windows Hacking  Host File: Directing the redirection windows Location- C:windowssystem 32 driveretc Hosts file can be tweaked to carry out no of interesting hacks 1. Blocking certain websites 2. Redirecting the user to some other website
  • 82. Recovering the deleted data  When you delete a file , it first goes to the recycle bin. After you empty the recycle bin, then file still remains on the hard disk .  Microsoft windows will only delete the link between the operating system & the deleted file.  This means that the file will not be accessible through windows & MS DOS.  The file will still remains on the hard disk and will be available until windows overwrites it with a new file.
  • 83. Email Forging Definition: Email Forging is the art of sending an email from the victim’s email account without knowing the password. Working:  ATTACKER-----Sends Forged email----- FROM VICTIM
  • 84. SMS Forging  SMS spoofing became possible after many mobile/cellular operators had integrated their network communications with/in the Internet.  So anybody could send SMS from the Internet using forms at the websites of mobile operators or even through e-mail.
  • 85. SMS Forging  The working of SMS is explained as under.  First of all the sender send the SMS via SMS gateway. The identity of the sender is attached to the packer of the SMS.  The SMS once reach the SMS gateway is routed to the destination Gateway and then to the receiver’s handset.  There are many ways by which we can send SMS to the SMS gateway.  One of them is to use internet.
  • 86. SMS Forging  Now the concept of SMS forging lies in changing the SCCP packer which contains the sender information prior delivering to the SMS gateway.  The intruder can change the SCCP packet and can send that packet to any of the receiver as a spoofed SMS.  Some of the Website on the net also provide this facility.  To provide such service is not legal and the user using this may lead so serious consequences with law.  Website: http://www.spranked.com
  • 87. Software to Restore the deleted files  Restoration : An excellent recovery software Download: www.aumha.org/a/recover.php
  • 88. Permanently Erasing the data  Software: Eraser download: http://eraser.heidi.ie/
  • 89. Windows Toolkit  You can remove the cracks of your windows using it.  Play with your logon screen.
  • 90. The End  About The Hackbook : The Hackbook is a social utility to promote awareness about Information Security and Ethical Hacking by integrating the concepts of social network and education network.