INTRODUCTION

TO
ETHICAL HACKING

By Dev Patel (Cute-Devil)

Hackers
 What is Hacking ?

 Hacking is the art of finding solutions to real

life problems.
 The word “ Hack “ is not directly related to
computers.
 Hacking and Computers

 The concept of hacking entered the computer

culture at the MIT University in the 1960s.
 There are two kinds of students
1. Tools
2. Hackers
 1. Tools

 A ``tool'' is someone who attends class in the

college regularly
 is always to be found in the library when no
class is meeting,
 Always Try to get Excellent grades in the
examination.
 Sole Aim: get placed in high payingCompany
2. Hacker

 A ``hacker'' is the opposite: someone who

never goes to class,
 who in fact sleeps all day,
 and who spends the night pursuing
recreational activities rather than studying
text books.
What does this have to do with computers?
Originally, nothing.
 Hackers vs Tools

 There are standards for success as a hacker,

just as grades form a standard for success as a
tool.
 Overall Hackers are more successful in life
and they emerge as a leader in their field.
 Computer Hackers

 Hackers are developers.

 Hackers are those geeks and scientists who
provide IT solutions to real life problems.
 Hackers think beyond the boundaries
 Traits of any Hack

 It must be clever.
 It must produce more good than bad, and
it must not be malicious.
 It should be unexpected, or out of the
ordinary.
 It need not pertain to computers.
 Hack Ideas

 Social Networking site for plants.

 Sending sms to smart phone whenever a
post man delivers the letter in the letter box.
 Sending sms to near & dear ones whenever
you reach the destination.
 Hackers

 Development of Science <><> Hackers

 Misconception

 What about those who break into systems?

 Are they hacker?
 The answer is no.
 Who is Responsible for
misconception

 Media  is the root cause of all this

misconception.
 Lack of Awareness among common students
and people.
 Crackers

 One who breaks into systems illegally are

crackers.
 They are bad guys or gals
 Hacker vs Cracker

o Qualities of hacker:
Lots of knowledge
Good Guy
Strong Ethics
Helps in catching cyber criminals
 Hacker vs Cracker

 Qualities of
cracker Lots of
knowledge Bad
ethics
Cyber criminals
 Skills of Hacker

 Learn Programming languages ( C,C++)

 Learn scripting languages ( JSP, Python, PHP,
perl )
 Good knowledge of database and query
languages (SQL, YQL, FQL,etc)
 Learn Networking (TCP/IP)
 Learn to work in Unix
 Start playing with web api’s
 Learn Assembly Programming
 Important Subjects

 C and M - I
 Data Structures and M-II
 DLD , JAVA & web Technology and M-III
(Probability)
 CSA, OS, DBMS
 Microprocessors, Data Communications
 Computer Networking
 Cryptography & Network Security
 Wireless Communication
 Getting started to learn
Hacking
 TCP/IP
 IP Address
 MACAddress
 Ports
 WebArchitecture
 LANArchitecture
 DOS Commands
 Web Architecture

 The Internet is a worldwide, publicly

accessible network of interconnected
computer networks that transmit data using
the standard Internet Protocol (IP).
 The terms World WideWeb (WWW) and
Internet are not the same
 Internet, web, www

 The Internet is a collection of interconnected

computer networks, linked by copper wires,
fiber-optic cables, wireless connections, etc.
 Web is a collection of interconnected
documents and other resources, linked by
hyperlinks and URLs.
 The World Wide Web is one of the services
accessible via the Internet, along with various
others including e-mail, file sharing, online
gaming etc
 TCP/IP

 TCP/IP is the protocol for communication

between computers on the Internet.
 TCP stands for Transmission Control Protocol
 IP stands for Internet Protocol
 TCP/IP defines how electronic devices (like
computers) should be connected to the
Internet, and how data should be transmitted
between them.
 TCP/IP

 Inside the TCP/IP standard there are several

protocols for handling data communication:
1. TCP
2. IP
3. ICMP
4. DHCP
(Dynamic Host Configuration Protocol) for
Dynamic Addressing
 TCP/IP

 TCP is responsible for breaking data down

into IP packets before they are sent, and for
assembling the packets when they arrive.
 IP is responsible for sending the packets to
the correct destination.
 IP Routers:- The IP router is responsiblefor
"routing" the packet to the correct
destination, directly or via another router.
 IP Address

 Every system connected to a network has

a unique Internet Protocol (IP) Address
which acts as its identity on that network.
 An IP Address is a 32-bit address which is
divided into four fields of 8-bits each. For
Example, 203.94.35.12
 TCP/IP uses four numbers to address a
computer. The numbers are always between
0 and 255.
 DNS Servers

 Names used for TCP/IP addresses are called

domain names.
 When you address a website e.g.
www.thehackbook.com
the name is translated to its corresponding IP
Address by DNS Servers.
 DNS servers contains the list of all registered
domain names and their corresponding IP
addresses.
 MAC Address

 Media Access Control (MAC) is a unique value

associated with a network adapter. MAC addresses
are also known as hardware addresses or physical
addresses. They uniquely identify an adapter on a
LAN
 MAC addresses are 12-digit hexadecimal numbers
(48 bits in length).
 MM:MM:MM:SS:SS:SS
MM-MM-MM-SS-SS-SS
 The first half of a MAC address contains the ID
number of the adapter manufacturer. The second
half of a MAC address represents the serial number
assigned to the adapter by the manufacturer.
 Commands

 To find IP Address
ipconfig

 To find MACAddress:
ipconfig /all
 Ports

 1. Hardware Ports
 2 Software Ports
 There are 65536 software ports in an
operating system.
 Sockets

 The pair of IP address and port numbers

separated by a colon is called the socket.
e.g- 202.112.67.21:8080 is a socket.
 Classification of IP
Address

 1. Public IP Address
 2. Private IP Address
 finding public and private IPAddress
 1. Static IPAddress
 2. Dynamic IP Address
Network Address Translation
(NAT)
 The current implementation of IP addressing
provides users with a very limited number of IP
address .
 To solve this shortage problem , a number of
organizations have started implementing NAT
addressing, which allows them to use a single
public IP address for a large number of internal
systems having unique private IP addresses.
 If any external systems communicates with two
different internal systems in NAT network, then
it will be impossible to differentiate between two
systems.
 Working of NAT

 Typically a NAT network consists of a large

number of the internal systems that are
connected to the internet through a routing
device known as NAT box.
 This NAT box acts as the core & controls all
routing , addressing , and interfacing
requirements of the network.
 NAT

 When an internal computer connects to external

computer
Internal computer(192.168.153.67 :1024) NAT box (
Internal IP Address gets converted to external i.e.
public IP address)==== External System
(www.thehackbook.com)
 NAT

Reply from External System

External system(www.facebook.com)  NAT
box ( NAT box identifies the internal system for
which IP packets meant)  Internal
System(192.168.153.67)
 Three stages of Hacking any Remote
Computer
1. Planning and preparing the attack
2. Gathering information for the attack
3. Executing the attack
 Preparing the attack

 Steps performed by a good hacker in this stage:

1. Decide which computer they want to hack
2. Then they will find the IP address of the remote
computer.
3. Find the exact geographical Location of the
computer.
4. Hide their own IP address and identity on
internet
 Finding remote computer

 Lets say a Hacker decides to break into the

computer of one of his facebook friends.
 Then his first step will be to find the IP
address of his friend computer.
 So lets discuss what are the possible ways of
finding the IP address of any remote
computer.
Finding Remote Computer’s IP
Address

1. Sending the link of www.whatstheirip.com

2. Through Instant messaging software
3. Through IRC Chat
4. Through your website
 MSN , Yahoo , g-talk

3. If you are chatting on other messengers like MSN, YAHOO etc. then the
following indirect connection exists between your system and your friend’s
system:

Your System------Chat Server---- Friend’s System

Friend’s System---------Chat Server------- Your System

Thus in this case, you first have to establish a direct connection with your
friend’s computer by either sending him a file or by using the call feature.
Then, goto MSDOS or the command line and type:

C:\>netstat -n

This command will give you the IP Address of your friend’s computer.
 Instant Messanger

1. Ask your friend to come online and chat with you.

2. Case I: If you are chatting on ICQ, then the following connection

exists between your system and your friend’s system:

Your System------DIRECT CONNECTION---- Friend’s System

Friend’s System---------DIRECT CONNECTION------- Your System

Now, goto MSDOS or the command line and type:

C:\>netstat -n

This command will give you the IP Address of your friend’s computer.
 Getting IP from Website

 One can easily log the IP Addresses of all

visitors to their website by using simply
JAVA applets or JavaScript code.
 By using PHP scripts it is possible to
determine user’s O.S and Browser’s.
 Same can be used to determine the exact
geographical location of the visitors.
 Counter Measures

 Do not accept File transfers or calls from unknown

people.

 Chat online ONLY after logging on through a Proxy

Server.

 Don’t click on any suspicious link.

 Finding Exact Location

 Once you get the IP address of Remote

computer try to perform IP lookup
 Popular sites for IP Look Up
 1. www.ipmango.com
 2. www.whois.com
 Hiding your IP Address

 Proxy Servers: Definition:

A Proxy Server acts as a buffer between you and the Internet, hence it protects
your identity.

Working:

Case 1: Your System------Proxy Server---- Friend’s System

Case 2: Your System-----Proxy------Chat Server----Friend’s

System

Good Proxy Servers:

 Wingate & WinProxy (For Windows Platform)

 Squid (For Unix Platforms)
 Proxy Bouncing

Definition:

Proxy Bouncing is the phenomenon wherein you connect to several proxy

servers and then connect to the actual destination.

Working:

YOUR SYSTEM--------PROXY 1--------- PROXY 2---------- PROXY 3

----------------PROXY 4----------PROXY 5----------Destination

Tools:

 MultiProxy
 Onion Routing: Using Tor
Network

 download it from http://torproject.org

 DOS Commands

1. nslookup
2. net view
3. net use
4. net user
5. ping
6. tracert
7. arp
8. route
9. nbtstat
10. netstat
11. ipconfig
 Ping

This command will allow you to know if the

host you pinging is alive, which means if it is up
at the time of executing the “ping” command.
syntax :
ping www.thehackbook.com or
OBS: Keep in mind that if the host you pinging
is blocking ICMP packets, then the result will be
host down.
 nslookup

This command has many functionalities.

One is for resolving DNS into IP.

syntax:
nslookup www.thehackbook.com
 nslookup

 Now, another really nice function of nslookup

is to find out IP of specific Mail Severs.
 QUOTE
nslookup (enter)
set type=mx (enter)
yahoo.com
 This command will give you the mail server IP
of yahoo.com. You can use whatever server
you want and if it is listed on DNS, then you
get the IP. Simple, isn’t it?
 tracert

 This command will give you the hops that a

packet will travel to reach its final
destination.
 OBS: This command is good to know the
route a packet takes before it goes to the
target box.
 CODE
tracert x.x.x.x (x is the IP address)
 or
 tracert www.thehackbook.com
 arp

 Address Resolution Protocol

 This command will show you the arp table.
This is good to know if someone is doing arp
poisoning in your LAN.
command
arp -a
 netstat

 This command will show you connection to your

box.
 CODE
netstat
or
 CODE
netstat -a (this will show you all the listening
ports and connection with DNS names)
netstat -n (this will show you all the open
connection with IP addresses)
netstat -an (this will combined both of the
above)
 nbtstat

 This command will show you the netbios

name of the target box.
 CODE
nbtstat -A x.x.x.x (x is the IP address)
 nbtstat -a computername
 net view x.x.x.x or computername (will list the
available sharing folders on the target box
 route

 This command will show you the routing

table, gateway, interface and metric.
 CODE
route print
 Help

 And least but not last, the “help” command.

 CODE
whatevercommand /help
 CODE
whatevercommand /?
Gathering Information about
remote computer
 Recap of first step i.e. preparation of attack
 Hiding the IP using proxy bouncing
 Tracing IP address using Neotrace, and online
databases, Visual Route.
 Now change your MAC address before
starting Information Gathering step.
software :- MacAddressChanger
 Information Gathering

 Typically during the information Gathering

step attacker aims to determine the following
information about the target system.
1. NetworkTopology
2. List of open ports
3. List of services
4. Determine the operating system
5. User Information
 Gathering Information

 It is Possible to gather all these information using

various techniques like
1.Network Reconnaissance
- Ping sweeping andTraceroute
2. Port Scanning
3.Daemon Banner Grabbing and Port
Enumeration
4. ICMP scanning
5. OS detection using OS Finger printing
6. Sniffing
 Scanning Using nmap

 C:\program files\nmap>nmap –sP

thehackbook.com
nmap sends ICMP echo request to
thehackbook .com
To Carry out UDP probing:
C:\program files\nmap>nmap –PU
thehackbook.com
C:\program files\nmap>nmap –PN
thehackbook.com
 OS Detection

 C:\program files\nmap>nmap –O
www.google.com
 C:\program files\nmap>nmap –A www.
google.com
 Os detection using websites: use PHP script
to detect visitors OS and browser
 Executing the Attack

 DOS Attacks : Such an attack clogs up so

much bandwidth on the target system that it
cannot serve even legitimate users.
 ATTACKER-----Infinite/ Malicious Data-----
 VICTIM
Target Network gets choked or cannot handle
the malicious data and hence crashes.

As a result, even legitimate clients/ people

cannot connect to the target network.
 Types of DOS Attacks

1. Ping of Death
2. Teardrop attacks
3. SYN flood attacks
4. Land Attacks
5. SmurfAttacks
6. UDP flood Attacks
7. DDOSAttacks
8. Modem-disconnectAttack
 Tear Drop Attack

 Data sent from the source to the destination system, is broken

down into smaller fragments at the source system and then
reassembled into larger chunks at the destination system.

For Example,

Say data of 4000 bytes is to be sent across a network, then it

is broken down into three chunks:
1.CHUNK A contains Bytes 1 to 1500.
2.CHUNK B contains Bytes 1501 to 3000
3.CHUNK C contains Bytes 3001 to 4000
 Tear Drop Attack
 However, in case of a Teardrop attack, these ranges of
data chunks are overlapping. For Example, in case of a
Teardrop attack, the same 4000 bytes would be
broken down into the below three chunks:

1.CHUNK A contains Bytes 1 to 1500.

2.CHUNK B contains Bytes 1499 to 3000
3.CHUNK C contains Bytes 2999 to 4000
 In this example the range of CHUNK A is 1 to 1500,
range of CHUNK B is 1499 to 3000 while the range of
CHUNK C is 2999 to 4000. Thus, the ranges are
overlapping
 Since here the ranges are overlapping, the target
system gets DOS’ed!!!
 Trojan Attacks

 Trojans act as RATs or Remote

Administration Tools that allow remote
control and remote access to the attacker.

Tools:

 Netbus, Girlfriend, Back Orrifice and many

others
 Sniffers Attack
Definition:

Sniffers are tools that can capture all data packets being sent across
the entire network in the raw form.

Working: ATTACKER-----Uses sniffer for spying----- VICTIM

 Threats:

Password Stealing, IP Violation, Spying etc.

Tools:

 Tcpdump, Ethereal, Dsniff , wireshark and many more.

 Buffer Overflow

 Buffer overflow tpically occur due to poor

programming and a mismanagement of an
application memory by the developer.
 E.g. If 5 KB of buffer space has been allocated to an
application. If the application then tries to store data
of 7 KB in the buffer memory. Then the addition 2 KB
of data will have nowhere to go and as a result will
overflow.
 This additional 2 KB of data which overflowed , will
overwrite a legitimate piece of data at another
memory location.
 As a result system crashes or leads to unwanted
execution of some other program.
 Types of Buffer Overflows

1. Stack Overflows
2. Format StringOverflows
3. Heap Overflows
4. Integer overflows
 Stack Overflow

steps :
1.Identify and take control of a vulnerable
application running on the target computer

2.Identifying the malicious code that you would

like to execute on the target computer

3.Exploit the priviledge and access of the victim

application to execute the malicious code.
 Stack Overflow : Step 1
Identifying a vulnerable
 application

 Study the source code of the application and

test it with different types and sizes of
artificial input states (Identify the Test cases
for which application fails)
 Buffer Overflow : Step 2
Planting the malicious
code

 Attacker sends malicious command as input

or in the form of an argument to the
vulnerable application. The malicious input is
stored in the temporary buffer memory of the
application and then remains ready to be
executed as and when required.
 Executing the Malicious
code
 Whenever an application calls a function, a
separate activation record for that particular
function is created on the stack.
 Each activation record contains a return address
to which the program control is transferred once
the function exits.
 If one can change this return address to point to
the address where malicious code is stored, then
the application will jump to the malicious code as
the function is over.
 This will lead to the execution of malicious code.
 Social Networking Websites
Hacking
 There is no way to hack some one’s gmail
account, orkut account, Facebook account, or
yahoo account by breaking into servers.
 Generally there are two ways of hacking
these accounts
1. By finding the password of account
2. By resetting the password
There is no any other way of hacking some
one’s profile on social networking websites.
 Finding passwords

 Social Enginnering
 Password guessing
 Phishing attacks
 Key Loggers
 Sniffing attacks
 Man in the middle attack
 Tab Nabbing- Latest kind of phishing attack
 Phshing Attack

 Fake login
page: Demo.
 www.facebook.thehackbook.co
m
 www.gmail.thehackbook.com
 Tab Nabbing

 Aza Raskin , a design expert discovered and

extensively wrote about a deadly new phishing
technique that he named TAB Nabbing.
 All present day browsers are vulnerable to this
kind of attack.
 It is also a kind of phshing attack that
impersonates other websites and fools users into
revealing their personal data like usernames,
passwords, credit card details, etc.
 It makes use of multiple tabs by browsers to fool
the victims.
 Steps of Tab Nabbing

 Victims opens multiple tabs to his favorite

websites & is browsing normally.
 Using flash widgets, scripts, browser
extensions or cross site scripting attacks, it is
possible for an attacker to modify the
contents of some other open tab in your
browser to may be point to the victims bank,
email or corporate login account.
 Resetting the password

 It is possible for an attacker to find out the

answer of secret questions available on gmail
or yahoo account for password resetting.
 Attacker can find it by means of social
engineering.
 Windows Hacking

 Host File: Directing the redirection

windows Location- C:\windows\system 32 \
driver\etc
Hosts file can be tweaked to carry out no of
interesting hacks
1. Blocking certain websites
2. Redirecting the user to some other website
Recovering the deleted data

 When you delete a file , it first goes to the recycle

bin. After you empty the recycle bin, then file still
remains on the hard disk .
 Microsoft windows will only delete the link
between the operating system & the deleted file.
 This means that the file will not be accessible
through windows & MS DOS.
 The file will still remains on the hard disk and will
be available until windows overwrites it with a
new file.
 Email Forging

Definition:

Email Forging is the art of sending an email

from the victim’s email account without
knowing the password.

Working:

 ATTACKER-----Sends Forged email-----

FROM VICTIM
 SMS Forging

 SMS spoofing became possible after many

mobile/cellular operators had integrated their
network communications with/in the
Internet.
 So anybody could send SMS from the
Internet using forms at the websites of
mobile operators or even through e-mail.
 SMS Forging

 The working of SMS is explained as under.

 First of all the sender send the SMS via SMS
gateway.
The identity of the sender is attached to the
packer of the SMS.
 The SMS once reach the SMS gateway is routed
to the destination Gateway and
then to the receiver’s handset.
 There are many ways by which we can send SMS
to the SMS gateway.
 One of them is to use internet.
 SMS Forging

 Now the concept of SMS forging lies in changing the

SCCP packer which contains
the sender information prior delivering to the SMS
gateway.
 The intruder can change the SCCP packet and can
send that packet to any of the receiver as a spoofed
SMS.
 Some of the Website on the net also provide this
facility.
 To provide such service is not legal and the user
using this may lead so
serious consequences with law.
 Website: http://www.spranked.com
 Software to Restore the
deleted files

Restoration : An excellent recovery software

Download: www.aumha.org/a/recover.php
Permanently Erasing the data

 Software: Eraser
download: http://eraser.heidi.ie/
 Windows Toolkit

 You can remove the cracks of your windows

using it.
 Play with your logon screen.
 The End

 About The Hackbook : The Hackbook is a

social utility to promote awareness about
Information Security and Ethical Hacking by
integrating the concepts of social network
and education network.
tHe CoUrCe OuTlInE