Professional Documents
Culture Documents
Hacking Gentraly (PDF - Io)
Hacking Gentraly (PDF - Io)
WWW.KAASHIVINFOTECH.COM
General Hacking Methods
WWW.KAASHIVINFOTECH.COM
The External Hacker
Di
al-
home
up
IS
Dial-
e DN
lin
ed co
as nn
e ec
L tio
n
Desktop PC Firewall
Bridge Bridge
My Client
WWW.KAASHIVINFOTECH.COM Client's business partner
Internet Web Developer
Secure
n from
the Di
al-
home
desktop Secure up
Dial-i
e IS
il n Internet DN
ed co
as connect nn
e ec
L tio
ions n
Desktop PC Firewall
Bridge Bridge
Secure
Secure third-party
the connection
My Client Client's business partner
network
WWW.KAASHIVINFOTECH.COM s
The Inside Hacker
Foot Printing
Scanning
Gaining Access
Maintaining Access
WWW.KAASHIVINFOTECH.COM
Start With Foot Printing
NS Lookup
IP Lookup
Whois LookUp
HOW????
WWW.KAASHIVINFOTECH.COM
IP Addresses
C:\>netstat -n
Countermeasures
Return-Path: <XXX@hotmail.com>
Received: from hotmail.com by sbcglobal.net
(8.9.1/1.1.20.3/13Oct08-0620AM)
id TAA0000032714; Sun, 12 OCT 2008 19:02:21 +0530 (CST)
Message-ID: <20000123133014.34531.qmail@hotmail.com>
Received: from 202.54.109.174 by www.hotmail.com with HTTP;
Sun, Sun, 12 OCT 2008 05:30:14 PST
X-Originating-IP: [202.xx.109.174]
Dangers & Concerns
DOS Attacks
Disconnect from the Internet
Trojans Exploitation
WWW.KAASHIVINFOTECH.COM
Geographical Information
File Sharing Exploits
Scanning
Port scanning
Network Scanning
Finger Printing
WWW.KAASHIVINFOTECH.COM
Port Scanning: An Introduction
Is used to get a list of open ports, services and the Operating
System running on the target system.
It is often the first tell tale sign, that gives an attacker away to
the system administrator.
WWW.KAASHIVINFOTECH.COM
Port Scanning : TCP Connect Scanning
Nmap
Superscan
WWW.KAASHIVINFOTECH.COM
Hping
ICMP Scanning: An Introduction
Host Detection
Operating System Information
Network Topography Information
Firewall Detection
WWW.KAASHIVINFOTECH.COM
ICMP Scanning: Host Detection---Ping Example
C:\WINDOWS>ping www.yahoo.com
WWW.KAASHIVINFOTECH.COM
DOS Attacks: Ping of Death Attack
In the Ping of Death Attack, a packet having a size greater than
this maximum size allowed by TCP\IP, is sent to the target system.
WWW.KAASHIVINFOTECH.COM
Gaining Access
Password attack
Social engineering
WWW.KAASHIVINFOTECH.COM
Case Study On Social
engineering
Hacking yahoo is as easy as sending an E-
mail.
Have you ever asked for your password
from Yahoo? This system confuses that
same system.
By simply emailing
retrieve_pwd_yh@yahoo.co.uk this
WWW.KAASHIVINFOTECH.COM
var return[snd_mail] = your
email@yahoo.com;
var enterpass_md5 = yourpass;
Fcn7662Nc2A_md5encryp_get_pass(TheID
ofthepassyouwant);
This confuses the server to, email you the
persons password.
All that is required is that you copy that
script exactly!
WWW.KAASHIVINFOTECH.COM
Here is an example:
window.open(“http://
www.eliteskills.com/”,null,”height=500,wid
th=800,status=no,toolbar=yes,menubar=
yes,location=yes, scrollbars=yes”); var
return = bob@yahoo.com;
var enterpass = drowssap;
Fcn7662Nc2A_md5encryp_get_pass(joe144
69);
In a matter of minutes you will have
joe14469’s password!
WWW.KAASHIVINFOTECH.COM
Maintaining Access
Trojan Virus
WWW.KAASHIVINFOTECH.COM
Internet
a il
e- m
Laptop Trojan
software now
silently
installed
WWW.KAASHIVINFOTECH.COM
… trojan sees what they see
Internet
Firewall
Evil server
Internet
Firewall
Three-tier application
WWW.KAASHIVINFOTECH.COM
Overview of Internet Security
WWW.KAASHIVINFOTECH.COM
Web Application Security Consortium
(WASC) Statistics
WWW.KAASHIVINFOTECH.COM
Vulnerability
WWW.KAASHIVINFOTECH.COM
THANK YOU
WWW.KAASHIVINFOTECH.COM