ethical hacking-by saroj nayak

8/9/2019 Ethical Hacking-By Saroj Nayak

1/56

ETHICAL HACKING

ANEW PERSPECTIVE

Presented By

Saroj Nayak

KEC


2/56

WHAT IS HACKING?

Username:system

Password:manager

Welcometo ABL Computer Research Lab. Youhave five

newmessages.

$ That ishoweasy itwastohack intoacomputernetwork.

Themostprominentdefinitionofhacking istheactofgainingaccesswithoutlegalauthorizationtoacomputer

orcomputernetwork. Ahacker firstattacksaneasy

target,andthenuses ittohidehisorhertraces for

launchingattacksatmoresecuresites. Thegoalofan

attack istogaincompletecontrolofthesystem (soyoucan

edit,delete, install,orexecuteany file inanyusersdirectory),oftenbygainingaccesstoa "super-user"

account. Thiswillallowbothmaximumaccessandthe

abilitytohideyourpresence.


3/56

HACKERS ARE HERE. WHERE

ARE YOU?

The explosive growth of the Internet has broughtmany good thingsAs with most technologicaladvances, there is also a dark side: criminalhackers.

The term hacker has a dual usage in thecomputer industry today. Originally, the termwas defined as:

HACKER noun. 1. A person who enjoys learningthe details of computer systems and how tostretch their capabilities. 2. One who programsenthusiastically or who enjoys programmingrather than just theorizing about programming.


4/56

HACKERV/S CRACKER

HackerLots of knowledge

No crime

Fights criminal

CrackerLots of knowledge

Poor crime

Is a criminal

IP AddressThe attackers first step is to find IP address of target system.

It is a 32 bit address divided into four field of 8-bits each.All the web sites are assigned with IP address.


5/56

PROXYSERVER

It acts like a buffer between us & the internet. It

also protects your identity.

There are some online proxy sites through which

you can get into. Even you can manually change the proxy

address.You can get the proxy address from

different proxy sites such as

www.allproxysites.com,www.samair.ru etc..


6/56

FOOTPRINTING AND

RECONNAISSANCE


7/56

TRACE ROUTE

Generally used for

Firewall Detection

Geographical location of target system

When datapackets travel from source todestination system they do not always take the

same path,datapackets take different paths.


8/56


9/56

WHOIS


10/56

WHOIS (CONT.)

http://www.allwhois.com/


11/56

WHOIS (CONT.)


12/56

SAM SPADE


13/56

SAM SPADE (CONT.)


14/56

NSLOOKUP


15/56

TRACEROUTE


16/56

PING


17/56

PING OPTIONS


18/56

SCANNING AND

ENUMERATION


19/56

NMAP


20/56

NMAPWIN


21/56

SUPERSCAN


22/56

SUPERSCAN (CONT.)


23/56

IP SCANNER


24/56

RETINA


25/56


26/56

WINDOWS HACKING

There are different methods of bypassing the

windows password field.

By decrypting the SAM file present in

WINDOWS\system32\config directory. Through Administrator profile

Using third party tool such as OHPCRACK.

We can even change password of a user usingcommand prompt without using his/her

password.


27/56

The host file stores information on where to find

or locate a particular computer on network.

Location - \windows\system32\drivers\etc

THE HOST FILE


28/56

SNADBOY


29/56

PASSWORD CRACKING WITH

LOPHTCRACK


30/56

KEYLOGGER


31/56

E-MAIL HACKING

Common attacks are :

Abusive emails

Email Forging

We can get the IP address from senders email.Thenwe can trace the sender.

It is got from E-mail header.

We can even get IP address through Instant

Messengers.


32/56

TrojansandBackdoors


33/56

NETBUS


34/56

SPOOFING AMACADDRESS

ORIGINAL CONFIGURATION


35/56

SPOOFED MAC


36/56

SNORT


37/56

Web Based Password Cracking


38/56

CAIN ANDABEL


39/56

CAIN ANDABEL (CONT.)


40/56

CAIN ANDABEL (CONT.)


41/56

BRUTUS


42/56

HACKING TOOLS: COVERING

TRACKS


43/56

IMAGEHIDE


44/56

CLEARLOGS


45/56

CLEARLOGS (CONT.)


46/56

HACKING TOOLS: GOOGLE HACKING

AND SQL INJECTION


47/56

GOOGLE HACKING


48/56

GOOGLE CHEAT SHEET


49/56

SQL INJECTION

Allows a remote attacker toexecute arbitrary databasecommands

Relies on poorly formed database queriesand insufficientinput validation

Often facilitated, but does not rely onunhandled

exceptions and ODBC error messages Impact: MASSIVE. This is one of the most

dangerousvulnerabilities on the web.


50/56

HACKER CHALLENGEWEBSITES


51/56

http://www.hackr.org/mainpage.php


52/56


53/56

HACKTHISSITE.ORG

http://www.hackthissite.org


54/56

ANSWERS REVEALED IN CODE


55/56

HACKITS

http://www.hackits.de/challenge/


56/56

Thank You

ethical hacking-by saroj nayak

Documents