Introduction to Ethical Hacking and

intrusion Prevention (IT304)

LEE CHEW MUN

Vulnerability Research

 A process of discovering vulnerabilities and design weaknesses

 Websites and tools exist to aid the hackers
 Essential to keep current on the latest exploits
 Used to adequately protect the system and network
 Administrators can learn how to detect, prevent, and recover from an attack
Footprinting

 Per-attack phase
 Accumulating data regarding a target’s environment and architecture
 Purpose is to learn as much as possible about a system, its remote access points, its ports
and services, and any specific aspects of its security
 Google search engine can be creatively to perform information gathering
 Google Hacking
 Network Mapping Tools
Seven Steps of Information Gathering

Footprinting Unearth initial Information

Locate Network Range

Ascertain Active Machines

Discover Open Ports/Access Points

Detect Operating Systems

Uncover Services on Ports

Map the Network

DNS Enumeration

 A process of locating all the DNS servers and their corresponding records for an
organization
 Internal and External DNS Servers can yield
 Usernames
 Computer names
 IP addresses of potential target systems
 Nslookup, the American Registry of Internet Numbers (ARIN) and Whois can be used to
gain information that can be sued to perform DNS enumeration
Whois and ARIN Lookups

 Whois evolved from the UNIX operating systems

 It can be found today in many hacking toolkits
 ARIN is a database of information including information as the owners of static IP
addresses
 ARIN database can be querried using the Whois tool:
 http://www.arin.net/whois
Finding the Address Range of the Network

 IP addresses are used to locate, scan, and connect to targets systems

 Hackers need to know how to find the network range and the subnet mask
 ARIN or the Internet Assigned Numbers Authority is a good place to start
 Tracing the route also review the geographic location of the target system
 traceroute, VirtualRoute, NeoTrace
DNS Records

 A (address) – Maps a host name to an IP address

 SOA (Start of Authority) – Identifies the DNS server responsible for the domain
information
 CNAME (canonical name) – Provides additional names or aliases for the address record
 MX (mail exchange) – Identifies the mail server for the domain
 SRV (service) – Identifies services such as directory services
 PTR (pointer) – Maps IP addresses to host names
 NS (name server) – Identifies other name servers for the domain
Traceroute

 A packet-tracking tool available on most operating systems

 Operates by sending Internet Control Message Protocol (ICMP)
 It sends echo to each hop (router/gateway) along the path, until the destination address is
reached
 When ICMP messages are sent back from the router, the time to live (TTL) is decremented by
one for each router along the path
 It allows hackers to determine how many hops a router is from the sender
 Often blocked by firewall or a packet-filtering router
 It can act as an alert to hacker that a firewall is present and techniques for bypassing the firewall can
then be used
Web Spiders

 Used mainly by spammers to collect email addresses from the Internet

 Uses syntax such as the @ symbol to locate email addresses and copies them into a list
 Email addresses collected are then added to a database and used later to send unsolicited
emails
 Hackers can automate the information gathering process
 robot.txt file is included in the root of the website with a listing of directories that needed
protection
Social Engineering

 Nontechnical method of breaking into a system or network

 Deceiving users of a system and convince them to give out information
 Hackers used it to attack the human element of a system
 Used to gather information before or during an attack
 Use of influence and persuasion to deceive people for the purpose of obtaining
information
 Uses telephone and Internet
 Users are the weak link in security
Common Types of Social Engineering

 Human-based
 Calling the help desk and trying to find out a password
 Computer-based
 Sending a user an email and asking them to re-enter a password, known as phishing
Human-Based Social Engineering

 Impersonating an employee or valid user

 Posing as an important user
 Using a third person
 Hackers pretend to have permission from an authorized source to use a system
 Calling technical support
 Shoulder surfing
 Dumpster diving
Computer-Based Social Engineering

 E-mail attachments
 Fake websites
 Popup windows
Insider Attacks

 By getting hired as an employee

 Disgruntled employee
 Can be powerful because attackers have physical access
Phishing Attacks

 Involves sending email, usually posing as bank, credit-card companies

 Request that the recipient confirm banking information or reset password
 Users click the link in the e-mail and is redirected to a fake website
Social Engineering Countermeasures

 Security policies enforcement

 Security-awareness training
 Security policies should address but not limited to:
 User accounts setup and termination
 How often passwords are changed
 Who can access what information
 How violations are to be handled
 Destruction of paper documents
 Physical access restriction
Group Project Target
Lab/Assignment

 nslookup
 whois
 Google hacking (be careful)
 tracert/traceroute