Ethical Hacking

LEGAL WARNING: It’s illegal to use

these attack(s) against public
computers or networks. You may
perform your acquired skills on your
own infrastructure or with prior
permission from the other party……..
By,
Jayesh Patel
Can HACKING be ETHICAL???

• The noun ‘hacker’ refers to a person who enjoys learning the

details of computer systems and stretches their capabilities.
• The verb ‘hacking’ describes the rapid development of new
programs or the reverse engineering of already existing
software to make the code better, and efficient.
• The term ‘cracker’ refers to a person who uses his hacking
skills for offensive purposes.
• The term ‘ethical hacker’ refers to security professionals
who apply their hacking skills for defensive purposes.
Security Triangle:
• The number of exploits gets minimized when
the numbers of weaknesses are reduced
Moving towards security means moving away
from functionality and ease of use
Types of Hackers
Black hats
o Individuals with extraordinary computing skills,
resorting to malicious or destructive
activities. Also known as ‘Crackers.’
White Hats
o Individuals professing to have hacker skills, using them for
defensive purposes. Also
known as ‘Security Analysts’.

Gray Hats
o Individuals who work both
offensively and defensively at various times.

Black-hat – Bad guys White-hat - Good Guys

Phases of Ethical Hacking
Footprinting and Scanning

•Footprinting is the blueprinting of the security

profile of an organization, undertaken in a
methodological manner.

•Footprinting is one of the two pre-attack

phases. The other is scanning .
Getting whois info
Scanning
Scanning is one of three components of intelligence
gathering for an attacker. The attacker finds information
about the:
specific IP addresses
operating systems
system architecture
services running on each computer.
The various types of scanning are as follows:
 Port scanning
 Network Scanning
 Vulnerability Scanning
System hacking
Types of Password Attack
. Dictionary attack – Based on a list of FUP (Frequently Used
Passwords) for a given account.
.Brute force attack – Random permutation & combination of
characters to guess password.
. Hybrid attack – Mixture of Dictionary & Brute Force Attack.
.Social engineering – Attacking Human Stupidity.
.Shoulder surfing – Peeping into keyboard while victim is
typing password.
. Dumpster diving – Searching in dustbins, office backyard & in
garbage to collect passwords.
Keystroke Loggers
.If all other attempts to sniff out domain privileges fail, then a
keystroke logger is the solution
Trojans
With the help of a Trojan
computer and would be able to read personal documents, delete files,
display pictures,
and/or show messages
Working of Trojan
.Attacker gets access to the trojaned system as the system goes online.
. By way of the access provided by the Trojan, the attacker can stage
attacks of different types.
 DoS attack

A Denial-of-Service attack (DoS) is an attack through which a

person can render a system unusable, or significantly slow
down the system for legitimate users by overloading the
resources, so that no one can access it.
• attempt to "flood" a network, thereby preventing
legitimate network traffic. attempt to disrupt connections
between two machines, thereby preventing access.
•attempt to prevent a particular individual from accessing a
service
Smurf Attack

• The perpetrator generates a large amount of ICMP

echo (ping) traffic to a network broadcast address
with a spoofed source IP set to a victim host.
• The result will be a large number of ping replies
(ICMP Echo Reply) flooding back to the innocent,
spoofed host.
• An amplified ping reply stream can overwhelm the
victim’s network connection.
Ping Of Death
• The attacker deliberately sends an IP packet
larger than the 65,536 bytes allowed by the IP
protocol.
• Fragmentation allows a single IP packet to be
broken down into smaller segments.
• The fragments can add up to more than the
allowed 65,536 byte. The operating system,
unable to handle oversized packets, freezes,
reboots or simply crashes.
• The identity of the attacker sending the
oversized packet can be easily spoofed.
Counter Measures

• Use Firewalls and Intrusion Detection Systems

• Intrusion Prevention Systems along with
Honeypots.

•Configure individual hosts and routers not to

respond to ping requests or broadcasts.
•Configure routers not to forward packets
directed to broadcast addresses.
Web 2.0 Hacking
Cross site Scripting(XSS)

• Cross Site Scripting (or XSS) is one of the most

common application-layer web attacks. XSS
commonly targets scripts embedded in a page
which are executed on the client-side (in the
user’s web browser) rather than on the server-
side
Google Database Hack
• inurl:admin filetype:txt
• inurl:admin filetype:db
• inurl:admin filetype:cfg
• inurl:mysql filetype:cfg
• inurl:passwd filetype:txt
• inurl:iisadmin
• inurl:auth_user_file.txt
• To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
• allinurl:/scripts/cart32.exe
• allinurl:/CuteNews/show_archives.php
• allinurl:/phpinfo.php
Bibliography

• http://www.null.co.in
• http://en.wikipedia.org
Thank you

Stay informed ,
Be secure

http://johnny.ihackstuff.com/