Scribd
Upload
155 views

Security & Ethical Hacking p4

This document provides an introduction to hacking and ethical hacking. It discusses how hackers can access systems remotely and the steps they may take, including information gathering, port scanning, vulnerability assessment, and maintaining unauthorized access. The document emphasizes the importance of hacking your own systems to identify vulnerabilities and better secure them. It provides definitions of key terms and an overview of basic security practices. The overall goal highlighted is to hack systems nondestructively to improve security.

Uploaded by

Amit Tripathi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
155 views

Security & Ethical Hacking p4

This document provides an introduction to hacking and ethical hacking. It discusses how hackers can access systems remotely and the steps they may take, including information gathering, port scanning, vulnerability assessment, and maintaining unauthorized access. The document emphasizes the importance of hacking your own systems to identify vulnerabilities and better secure them. It provides definitions of key terms and an overview of basic security practices. The overall goal highlighted is to hack systems nondestructively to improve security.

Uploaded by

Amit Tripathi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 20

| 

 
 

Sharad Kr Singh & Abhineet Kumar


B.Tech Final Year
Accurate Institute Of Management &
Technology
   
þ Introduction to Hacking.

þ What hackers can do ?

þ Understanding the need to hack your own systems.

þ Our overall goals as an ethical hacker.

þ Basic terms.

þ Remote hacking steps.

þ Basic Security Tips


     

þ Hacking is a process to bypass the security


mechanisms of an information system or network.
Hacking is done in steps partly by creative thinking
and partly by using different tools at a time.

þ Hacking can also be stated as an unauthorised use of


computer and network resources.(The term hacker
originally meant a very gifted programmer. In recent
years though, with easier access to multiple systems,
it now has negative implications)
ë    
þ Hacker can enter any remote system to get all
the information without any trace.

þ Hack any email password,website and take


down network with the help of the DDOS
attack.

þ Hacker can break any password (Admin


password--All O.S)
password

þ Hacker can call to any one without tracing.


   
    
  

    .µ That·s the basis
è 
    .µ
of ethical hacking. The law of averages works
against security. With the increased numbers and
expanding knowledge of hackers combined with
the growing number of system vulnerabilities
and other unknowns, the time will come when
all computer systems are hacked or
compromised in some way.
 
  
   
þ Hack your systems in a nondestructive fashion.

þ Enumerate vulnerabilities and, if necessary,


prove to management that vulnerabilities exists
and can be exploited.

þ Apply results to remove the vulnerabilities and


better secure your systems.
! 
þ 6ulnerability Assessment: A vulnerability
assessment is a process of identifying, quantifying
and prioritizing the vulnerabilities in a system.
þ Penetration Testing: A penetration test is a method
of evaluating the security of a computer system or
network by simulating an attack from a malicious
source, known as Black Hat Hacker or Cracker.
þ Social Engineering: It is a act of manupulating
people into performing hacking actions or divulging
confidential information.


þ Information Gathering/Foot Printing.


þ Port Scanning.
þ OS Fingerprinting.
þ Banner Grabbing.
þ 6ulnerability Assessment.
þ Search & build Exploit.
þ Attack.
þ Maintain Access with help of Root kits and Trojans.
þ Covering Tracks.
     
 
 

Information gathering is the process of getting maximum details of


target host. It is a very important part of remote hacking because more
information about the target system we have number of attacks we can
launch.
Information gathering is done with these steps:
þ Find our company URL/IP address.
þ Find out who is record of target domain name(open
www.robtex.com).
www.robtex.com ).
þ Google Hacking for advance info gathering.
þ Find out physical location of victim(open
www.whatismyipaddress.com).
www.whatismyipaddress.com ).
þ Utilizing the memory of the net:
h Google Cache
h Archive.org
h Newsgroups
   

D What is Port Scanning?


It is similar to a thief going through your neighborhood
and checking every door and window on each house to
see which ones are open and which ones are locked.
D What is Port Scanner?
A port scanner is a piece of software designed to search a
network host for open ports. This is often used by
administraters to check the security of there networks and
by hackers to identify running services on a host with the
view to compromising it.
D Why we perform port scanning?
We perform port scanning to find out target services, so
after we can search related exploits for hacking purposes.
 
 

OS Fingerprinting is a process to find out victim·s


Operating System(Windows,Linux
System(Windows,Linux). ).
When exploring a network for security auditing or
inventory/administration, you usually want to know
more than the bare IP addresses of identified
machines. Your reaction to discovering a printer
may be very different than to finding a router,
wireless access point, telephone PBX, game
console, Windows desktop, or Unix server.
Important Tools: nmap
nmap,, NetScanTools Pro, Pof.
Pof.
! 

Banner Grabbing is an attack designed to deduce the brand and


version of an OS or application, meaning after port scanning we
find apache is open port 80 and Linux is the target OS, but the
version of apache(2.0,2.2,or2.6) for remote hacking is unknown.

Example: c:\
c:\>telnet 69.93.227.34.80[Enter].

Change Port 80 as per requirement like 21 for ftp and SSH and
25 for mail server.
6   
þ What is 6ulnerability Assessment?
The word ´vulnerabilityµdescribes
´vulnerabilityµdescribes a
problem(such as a programming bug or
common misconfiguration
misconfiguration)) that allows a system
to be attacked or broken into.

A vulnerability assessment is a process of


identifying, quantifying, and prioritizing(or
ranking) the vulnerabilities in a system.
      
 
   
 
þ Cataloging assets and capabilities(resources) in a
system.
þ Assigning quantifiable value(or a least rank
order) and importance to those resources.
þ Identifying the vulnerabilities or potential threats
to each resource.
þ Mitigating or eliminating the most serious
vulnerabilities for the most valuable resources.
Important Tools: Xcobra
Xcobra,, Nikto
Nikto,, Privoxy,
Privoxy, ATK,
Canvas.
! | 
Manual Method:
We can find vulnerability manually on following
sites to hack any program and system:
www.milworm.com , www.securityfocus.com .

For exploit and final attack, download the


source code and compile exploit for final attack.
°   
After getting remote access we place a root kit
or Trojan virus for future remote access.
§ 
!
Covering Tracks is a process to delete all logs
on the remote system. If target system is Linux
or Unix, delete all enteries of / var folder and if
it is windows OS delete all events and logs.
 
Launch attack on remote system and get reverse
shell.
!  !
þ Don·t open email attachments unless you are
expecting them.
þ Check for the closed padlock or key symbol in the
browser window when entering your credit card
details and other personal info on a website.
þ Only download software from sites you trust.
þ Assume all your emails are read by other people.
þ Use latest version of your OS and web browsers.
þ Use anti-
anti-virus software and keep the virus
recognition data file upto date.
! "##

You might also like