System hacking
Download as PPTX, PDF1 like3,712 views
1. Steps before hacking a System Footprinting, Scanning, Enumeration 2. System Hacking stage 3. Goals for System Hacking 4. System Hacking Methodology 5. System Hacking Steps 6. Password Cracking 7. Privilege escalation 8. Executing Applications 9. Hiding Files 10. Covering tracks
More Related Content
What's hot (20)
Similar to System hacking (20)
More from CAS (20)
Recently uploaded (20)
System hacking
- 1. SYSTEM HACKING MR. RAJASEKAR RAMALINGAM FACULTY - DEPARTMENT OF IT COLLEGE OF APPLIED SCIENCES โ SUR SULTANATE OF OMAN [email protected]
- 2. CONTENT 1. Steps before hacking a System ๏ Footprinting ๏ Scanning ๏ Enumeration 2. System Hacking stage 3. Goals for System Hacking 4. System Hacking Methodology 5. System Hacking Steps 6. Password Cracking 7. Privilege escalation 8. Executing Applications 9. Hiding Files 10. Covering tracks 2 SYSTEMHACKING
- 3. 1. STEPS BEFORE HACKING A SYSTEM 3 SYSTEM HACKING
- 4. 1.1 FOOTPRINTING ๏ข Process of accumulating data regarding a specific network environment. ๏ข Purpose of finding ways to intrude into the network environment. ๏ข Can be used to attack a system, and also to protect it. ๏ข In the footprinting phase, the attacker creates a profile of the target organization, with the information such as its IP address range, namespace, and employee web usage. ๏ข Footprinting improves the ease with which the systems can be exploited by revealing system vulnerabilities. ๏ข Determining the objective and location of an intrusion is the primary step involved in footprinting. ๏ข Once the objective and location of an intrusion is known, specific information about the organization can be gathered. 4 SYSTEM HACKING
- 5. 1.2 SCANNING ๏ข Procedure for identifying active hosts on a network, either for the purpose of network security assessment or for attacking them. ๏ข The attacker finds information about the target assessment through its IP addresses that can be accessed over the Internet. ๏ข Scanning is mainly concerned with the identification of systems on a network and the identification of services running on each computer. ๏ข Some of the scanning procedures such as port scans and ping sweeps return information about the services offered by the live hosts that are active on the Internet and their IP addresses. 5 SYSTEM HACKING
- 6. 1.3 ENUMERATION ๏ข Enumeration is the method of intrusive probing into the target assessment through which attackers gather information such as network user lists, routing tables, and Simple Network Management Protocol (SNMP) data. ๏ข The attacker's objective is to identify valid user accounts or groups where he or she can remain inconspicuous once the system has been compromised. ๏ข Enumeration involves making active connections to the target system or subjecting it to direct queries. 6 SYSTEM HACKING
- 7. 2. SYSTEM HACKING STAGE ๏ข Every criminal commits a crime to achieve certain goal. ๏ข Likewise, an attacker can also have certain goals behind performing attacks on a system. ๏ข The following may be some of the goals of attackers in committing attacks on a system. ๏ข The table shows the goal of an attacker at different hacking stages and the technique used to achieve that goal. 7 SYSTEM HACKING
- 8. 3. GOALS FOR SYSTEM HACKING 8 SYSTEM HACKING
- 9. 4. SYSTEM HACKING METHODOLOGY ๏ข Before hacking a system, an attacker uses footprinting, scanning, and enumeration techniques to detect the target area of the attack and the vulnerabilities that prove to be doorways for the attacker. ๏ข Once the attacker gains all the necessary information, he or she starts hacking. ๏ข The following diagram depicts the hacking methodology followed by ethical / Unethical hackers: 9 SYSTEM HACKING
- 10. System Hacking Methodologyโฆ. 10 SYSTEM HACKING
- 11. 5. SYSTEM HACKING STEPS ๏ข System hacking cannot be accomplished at a single go. ๏ข Various steps that include ๏ข Cracking passwords ๏ข Escalating privileges ๏ข Executing applications ๏ข Hiding files ๏ข Covering tracks ๏ข Discuss these steps one by one thoroughly, to determine how the attacker hacks the system. 11 SYSTEM HACKING
- 12. System Hacking Stepsโฆ 12 SYSTEM HACKING
- 13. 6. PASSWORD CRACKING 13 SYSTEM HACKING
- 14. PASSWORD CRACKING โฆ ๏ข Process of recovering passwords from the data that has been transmitted by a computer system or stored in it. ๏ข Helps a user to recover a forgotten or lost password, as a preventive measure by the system administrators. ๏ข Can also be used to gain unauthorized access to a system. ๏ข Many hacking attempts start with password cracking attempts. ๏ข Most attackers use password cracking techniques to gain unauthorized access to the vulnerable system. ๏ข Passwords may be cracked manually or with automated tools. ๏ข Programs designed for cracking passwords are the functions of the number of possible passwords per second that can be checked. ๏ข Most of the passwords cracking techniques are successful due to weak or easily guessable passwords. 14 SYSTEM HACKING
- 15. 6.1 PASSWORD CRACKING TECHNIQUES 15 SYSTEM HACKING
- 16. 6.2 TYPES OF PASSWORD ATTACKS 16 SYSTEM HACKING
- 17. 6.3 PASSWORD CRACKING TOOLS 17 SYSTEM HACKING
- 18. 7. PRIVILEGE ESCALATION ๏ข An attacker can gain access to the network using a non-admin user account, and the next step would be to gain administrative privileges. ๏ข Attacker performs privilege escalation attack which takes advantage of design flaw, programming errors, bugs, and configuration oversights in the OS and software application to gain administrative access to the network and its associated applications. ๏ข These privileges allows attacker to view private information , delete files, or install malicious programs such as viruses, Trojans, worms, etc. 18 SYSTEM HACKING
- 19. PRIVILEGE ESCALATIONโฆ Types of Privilege escalation: 1. Vertical Privilege escalation ๏ข Requires granting higher privileges or higher level of access than administrator. ๏ข This is accomplished by doing kernel-level operations that permit to run unauthorized code. 2. Horizontal Privilege escalation ๏ข Requires using same privileges or higher level of access that already has been granted but assuming the identity of another user with similar privileges. 19 SYSTEM HACKING
- 20. 7.1 PRIVILEGE ESCALATION TOOLS 20 SYSTEM HACKING
- 21. 8. EXECUTING APPLICATIONS 21 โข Attackers execute malicious applications in this stage. โข This is called โOwningโ the system. โข Executing applications is done after the attacker gains the administrative privileges. โข The attacker may try to execute some of his or her own malicious programs remotely on the victim's machine to gather information that leads to exploitation or loss of privacy, gain unauthorized access to system resources, crack passwords, capture screenshots, install a backdoor to maintain easy access, etc. SYSTEM HACKING
- 22. EXECUTING APPLICATIONS โฆ. 22 SYSTEM HACKING
- 23. ๏ข The malicious programs that the attacker executes on victim's machine maybe: ๏ข Backdoors: Programming designed to deny or disrupt operation, gather information that leads to exploitation or loss of privacy, gain unauthorized access to system resources. ๏ข Crackers: Piece of software or program designed for the purpose of cracking the code or passwords. ๏ข Keyloggers: This can be hardware or a software type. In either case the objective is to record each and every key stroke made on the computer keyboard. ๏ข Spyware: Spy software may capture the screen shots and send them to a specified location defined by the hacker. The attacker has to maintain the access to the victim's computer until his or her purpose is fulfilled. ๏ข After deriving all the requisite information from the victimโs computer, the attacker installs several back doors to maintain easy access to the victimโs computer in the future. 23 SYSTEM HACKING
- 24. 9. HIDING FILES ๏ข Many proactive applications are capable of preventing or detecting and deleting malicious applications. ๏ข In order to avoid malicious applications being detected by protective applications, attackers hide malicious files inside other legitimate files. ๏ข Rootkits are programs that hide their presence as well as attacker's malicious activities, granting them full access to the server or host at ๏ข that time and also in future. ๏ข Rootkits replace certain operating system calls and utilities with its own modified versions o f those routines that in turn undermine the security of the target system causing malicious functions to be executed. ๏ข A typical root kit comprises o f backdoor programs, DDOS programs, packet sniffers, log-wiping utilities, IRC bots, etc. 24 SYSTEM HACKING
- 26. 12.9.1 TYPES OF ROOTKIT 26 SYSTEM HACKING
- 27. 12.10 COVERING TRACKS 27 โข Once the attacker breaks into the target network or computer successfully, he tries to hide himself from being detected or traced out. โข The attacker tries to cover all the tracks or logs that are generated during his attempts to gain access to the target network. SYSTEM HACKING
- 28. 12.10.1WHY COVER TRACKS? 28 SYSTEM HACKING