View
223
Download
0
Category
Preview:
Citation preview
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 1/98
Ethical Hacking for Ethical Hacking for
EducatorsEducators
Presented ByPresented By
Regina DeLisse Hartley, Ph.D.Regina DeLisse Hartley, Ph.D.
Caldwell Community College & Caldwell Community College &
Technical InstituteTechnical Institute
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 2/98
OverviewOverview
Old School Hackers: History of HackingOld School Hackers: History of Hacking Ec-Council: Certified Ethical HackerEc-Council: Certified Ethical Hacker Learning CompetenciesLearning Competencies Teaching Resources: Ethical HackingTeaching Resources: Ethical Hacking
TextbooksTextbooks Hacking ToolsHacking Tools Hacker Challenge WebsitesHacker Challenge Websites Additional Web SitesAdditional Web Sites Questions and AnswersQuestions and Answers
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 3/98
Old School Hackers:Old School Hackers:
History of HackingHistory of Hacking
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 4/98
PREHISTORYPREHISTORY 1960s: The Dawn of 1960s: The Dawn of
HackingHacking
Original meaning of theOriginal meaning of theword "hack" started atword "hack" started atMIT; meant elegant, wittyMIT; meant elegant, wittyor inspired way of doingor inspired way of doingalmost anything; hacksalmost anything; hackswere programmingwere programming
shortcutsshortcutsELDER DAYS (1970-1979)ELDER DAYS (1970-1979) 1970s: Phone Phreaks1970s: Phone Phreaks
and Cap'n Crunch:and Cap'n Crunch: OneOnephreak, John Draper (akaphreak, John Draper (aka
"Cap'n Crunch"), discovers"Cap'n Crunch"), discoversa toy whistle inside Cap'na toy whistle inside Cap'nCrunch cereal gives 2600-Crunch cereal gives 2600-hertz signal, and canhertz signal, and canaccess AT&T's long-access AT&T's long-
distance switching system.distance switching system.
DraperDraper builds a "bluebuilds a "bluebox" used with whistlebox" used with whistleallows phreaks to makeallows phreaks to makefree calls.free calls.
Steve WozniakSteve Wozniak andandSteve Jobs, futureSteve Jobs, futurefounders of Applefounders of AppleComputer, make and sellComputer, make and sellblue boxes.blue boxes.
THE GOLDEN AGETHE GOLDEN AGE(1980-1991)(1980-1991) 1980: Hacker Message1980: Hacker Message
Boards and GroupsBoards and GroupsHacking groups form;Hacking groups form;
such as Legion of Doomsuch as Legion of Doom(US), Chaos Computer(US), Chaos ComputerClub (Germany).Club (Germany).
1983: Kids' Games1983: Kids' GamesMovie "War Games"Movie "War Games"
introduces public tointroduces public tohacking.hacking.
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 5/98
THE GREAT HACKER WAR THE GREAT HACKER WAR Legion of DoomLegion of Doom vsvs
Masters of Deception;Masters of Deception;
online warfare; jammingonline warfare; jammingphone lines.phone lines.
1984: Hacker 'Zines1984: Hacker 'ZinesHacker magazine 2600Hacker magazine 2600publication; online 'zinepublication; online 'zine
Phrack.Phrack.CRACKDOWN (1986-CRACKDOWN (1986-
1994)1994) 1986:1986: Congress passesCongress passes
Computer Fraud and AbuseComputer Fraud and Abuse
Act; crime to break intoAct; crime to break intocomputer systems.computer systems. 11988: The Morris Worm988: The Morris Worm
Robert T. Morris, Jr.,Robert T. Morris, Jr.,launches self-replicatinglaunches self-replicating
worm on ARPAnet.worm on ARPAnet.
1989: The Germans ,the KGB and KevinMitnick.
German Hackers arrested for breakinginto U.S. computers;sold information toSoviet KGB.
Hacker "The Mentor“ arrested; publishesHacker's Manifesto.
Kevin Mitnick convicted; first person
convicted under lawagainst gaining accessto interstate networkfor criminal purposes.
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 6/98
1993: Why Buy a Car1993: Why Buy a CarWhen You Can HackWhen You Can HackOne?One?Radio station call-inRadio station call-in
contest; hacker-fugitivecontest; hacker-fugitiveKevin Poulsen and friendsKevin Poulsen and friendscrack phone; theycrack phone; theyallegedly get two Porsches,allegedly get two Porsches,$20,000 cash, vacation$20,000 cash, vacationtrips; Poulsen now atrips; Poulsen now afreelance journalistfreelance journalistcovering computer crime.covering computer crime.
First Def ConFirst Def Con hackinghackingconference in Las Vegasconference in Las Vegas
ZERO TOLERANCE (1994-ZERO TOLERANCE (1994-
1998)1998) 1995: The Mitnick1995: The Mitnick
Takedown:Takedown: ArrestedArrestedagain; charged withagain; charged withstealing 20,000 credit cardstealing 20,000 credit card
numbers.numbers.
1995: Russian Hackers Siphon $10 million fromCitibank; Vladimir Levin,leader.
Oct 1998 teenager hacksinto Bell Atlantic phonesystem; disabledcommunication at airportdisables runway lights.
1999 hackers attackPentagon, MIT, FBI websites.
1999: E-commercecompany attacked;
blackmail threats followedby 8 million credit cardnumbers stolen. (www.blackhat.info; www.h2k2.net;www.slais.ubc.ca/; www.sptimes.com;www.tlc.discovery.com)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 7/98
Ec-Council: Certified EthicalEc-Council: Certified Ethical
Hacker Hacker
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 8/98
EC-Council has certified ITEC-Council has certified IT
professionals from the followingprofessionals from the followingorganizations as CEH:organizations as CEH:
Novell, Canon, Hewlett Packard, US Air ForceNovell, Canon, Hewlett Packard, US Air ForceReserve, US Embassy, Verizon, PFIZER, HDFCReserve, US Embassy, Verizon, PFIZER, HDFCBank, University of Memphis, MicrosoftBank, University of Memphis, MicrosoftCorporation, Worldcom, Trusecure, USCorporation, Worldcom, Trusecure, USDepartment of Defense, Fedex, Dunlop, BritishDepartment of Defense, Fedex, Dunlop, British
Telecom, Cisco, Supreme Court of the Philippines,Telecom, Cisco, Supreme Court of the Philippines,United Nations, Ministry of Defense, UK, NortelUnited Nations, Ministry of Defense, UK, NortelNetworks, MCI, Check Point Software, KPMG, FleetNetworks, MCI, Check Point Software, KPMG, FleetInternational, Cingular Wireless, Columbia DailyInternational, Cingular Wireless, Columbia DailyTribune, Johnson & Johnson, Marriott Hotel,Tribune, Johnson & Johnson, Marriott Hotel,Tucson Electric Power Company, Singapore PoliceTucson Electric Power Company, Singapore Police
ForceForce
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 9/98
PriceWaterhouseCoopers, SAP, Coca-Cola
Corporation, Quantum Research, US Military, IBMGlobal Services, UPS, American Express, FBI,Citibank Corporation, Boehringer Ingelheim,Wipro, New York City Dept Of IT & Telecom –DoITT, United States Marine Corps, ReserveBank of India, US Air Force, EDS, Bell Canada,SONY, Kodak, Ontario Provincial Police, HarrisCorporation, Xerox, Philips Electronics, U.S.Army, Schering, Accenture, Bank One, SAIC,Fujitsu, Deutsche Bank
(Cont.)(Cont.)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 10/98
Hackers are here. Where areHackers are here. Where are
you?you? The explosive growth of the Internet hasThe explosive growth of the Internet has
brought many good things…As with mostbrought many good things…As with mosttechnological advances, there is also a darktechnological advances, there is also a darkside: criminal hackers.side: criminal hackers.
The term “hacker” has a dual usage in theThe term “hacker” has a dual usage in thecomputer industry today. Originally, the termcomputer industry today. Originally, the termwas defined as:was defined as:
HACKER HACKER noun.noun. 1. A person who enjoys1. A person who enjoys
learning the details of computer systems andlearning the details of computer systems andhow to stretch their capabilities…. 2. One whohow to stretch their capabilities…. 2. One whoprograms enthusiastically or who enjoysprograms enthusiastically or who enjoysprogramming rather than just theorizing aboutprogramming rather than just theorizing about
programming.programming.
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 11/98
What is a Hacker?What is a Hacker?
Old School Hackers:Old School Hackers: 1960s style Stanford or MIT1960s style Stanford or MIThackers. Do not have malicious intent, but do havehackers. Do not have malicious intent, but do havelack of concern for privacy and proprietarylack of concern for privacy and proprietaryinformation. They believe the Internet wasinformation. They believe the Internet wasdesigned to be an open system.designed to be an open system.
Script Kiddies or Cyber-Punks:Script Kiddies or Cyber-Punks: Between 12-30;Between 12-30;predominantly white and male; bored in school; getpredominantly white and male; bored in school; getcaught due to bragging online; intent is tocaught due to bragging online; intent is tovandalize or disrupt systems.vandalize or disrupt systems.
Professional Criminals or Crackers:Professional Criminals or Crackers: Make aMake aliving by breaking into systems and selling theliving by breaking into systems and selling theinformation.information.
Coders and Virus Writers:Coders and Virus Writers: See themselves as anSee themselves as anelite; programming background and write code butelite; programming background and write code butwon’t use it themselves; have their own networkswon’t use it themselves; have their own networkscalled “zoos”; leave it to others to release theircalled “zoos”; leave it to others to release their
code into “The Wild” or Internet.code into “The Wild” or Internet. ((www.tlc.discovery.comwww.tlc.discovery.com))
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 12/98
What is Ethical Hacking?What is Ethical Hacking?
Ethical hackingEthical hacking – defined “methodology– defined “methodologyadopted by ethical hackers to discover theadopted by ethical hackers to discover thevulnerabilities existing in informationvulnerabilities existing in informationsystems’ operating environments.” systems’ operating environments.”
With the growth of the Internet, computerWith the growth of the Internet, computersecurity has become a major concern forsecurity has become a major concern forbusinesses and governments.businesses and governments.
In their search for a way to approach theIn their search for a way to approach theproblem, organizations came to realizeproblem, organizations came to realize
that one of the best ways to evaluate thethat one of the best ways to evaluate theintruder threat to their interests would beintruder threat to their interests would beto have independent computer securityto have independent computer securityprofessionals attempt to break into theirprofessionals attempt to break into their
computer systems.computer systems.
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 13/98
Who are Ethical Hackers?Who are Ethical Hackers? ““One of the best ways to evaluate the intruder One of the best ways to evaluate the intruder
threat is to have an independent computer threat is to have an independent computer security professionals attempt to break their security professionals attempt to break their computer systems” computer systems”
Successful ethical hackers possess a variety of Successful ethical hackers possess a variety of
skills. First and foremost, they must be completelyskills. First and foremost, they must be completelytrustworthy.trustworthy. Ethical hackers typically have very strongEthical hackers typically have very strong
programming and computer networking skills.programming and computer networking skills. They are also adept at installing and maintainingThey are also adept at installing and maintaining
systems that use the more popular operatingsystems that use the more popular operatingsystems (e.g., Linux or Windows 2000) used onsystems (e.g., Linux or Windows 2000) used ontarget systems.target systems.
These base skills are augmented with detailedThese base skills are augmented with detailedknowledge of the hardware and software providedknowledge of the hardware and software provided
by the more popular computer and networkingby the more popular computer and networkinghardware vendors.hardware vendors.
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 14/98
What do Ethical Hackers do?What do Ethical Hackers do?
An ethical hacker’s evaluation of a system’sAn ethical hacker’s evaluation of a system’s
security seeks answers to these basic questions:security seeks answers to these basic questions:
• What can an intruder see on the targetWhat can an intruder see on the target
systems?systems?
• What can an intruder do with that information?What can an intruder do with that information?
• Does anyone at the target notice the intruder’sDoes anyone at the target notice the intruder’s
at tempts or successes?at tempts or successes?
• What are you trying to protect?What are you trying to protect?• What are you trying to protect against?What are you trying to protect against?
• How much time, effort, and money are youHow much time, effort, and money are you
willing to expend to obtain adequatewilling to expend to obtain adequate
protection?protection?
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 15/98
How much do Ethical HackersHow much do Ethical Hackers
get Paid?get Paid? Globally, the hiring of ethical hackers is onGlobally, the hiring of ethical hackers is on
the rise with most of them working withthe rise with most of them working with
top consulting firms.top consulting firms. In the United States, an ethical hacker canIn the United States, an ethical hacker can
make upwards of $120,000 per annum.make upwards of $120,000 per annum. Freelance ethical hackers can expect toFreelance ethical hackers can expect to
make $10,000 per assignment.make $10,000 per assignment. Some ranges from $15,000 toSome ranges from $15,000 to
$45,000 for a standalone ethical$45,000 for a standalone ethical
hack.hack.
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 16/98
Certified Ethical Hacker (C|EH)Certified Ethical Hacker (C|EH)
TrainingTraining
InfoSec AcademyInfoSec Academy
http://www.infosecacademy.comhttp://www.infosecacademy.com
• Five-dayFive-day Certified Ethical Hacker (C|EH)Certified Ethical Hacker (C|EH) Training Camp Certification Training ProgramTraining Camp Certification Training Program
• (C|EH)(C|EH) examinationexamination
• C|EH Certified EthicalC|EH Certified Ethical
Hacker Training CampHacker Training Camp(5-Day Package)(5-Day Package)$3,595$3,595
($2,580 training only)($2,580 training only)
(Source: www.eccouncil.org)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 17/98
Learning CompetenciesLearning Competencies
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 18/98
Required Skills of an EthicalRequired Skills of an Ethical
Hacker Hacker
Routers:Routers: knowledge of routers, routingknowledge of routers, routingprotocols, and access control listsprotocols, and access control lists
Microsoft:Microsoft: skills in operation, configuration andskills in operation, configuration andmanagement.management.
Linux:Linux: knowledge of Linux/Unix; securityknowledge of Linux/Unix; securitysetting, configuration, and services.setting, configuration, and services.
Firewalls:Firewalls: configurations, and operation of configurations, and operation of intrusion detection systems.intrusion detection systems.
MainframesMainframes Network Protocols:Network Protocols: TCP/IP; how they functionTCP/IP; how they function
and can be manipulated.and can be manipulated. Project Management:Project Management: knowledge of leading,knowledge of leading,
planning, organizing, and controlling aplanning, organizing, and controlling apenetration testing team.penetration testing team.
(Source: http://www.examcram.com)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 19/98
Modes of Ethical HackingModes of Ethical Hacking
Insider attackInsider attack
Outsider attackOutsider attack
Stolen equipment attackStolen equipment attack Physical entryPhysical entry
Bypassed authentication attackBypassed authentication attack
(wireless access points)(wireless access points) Social engineering attackSocial engineering attack
(Source: http://www.examcram.com)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 20/98
Anatomy of an attack:Anatomy of an attack:
• ReconnaissanceReconnaissance – attacker gathers– attacker gathers
information; can include socialinformation; can include socialengineering.engineering.• ScanningScanning – searches for open ports (port– searches for open ports (port
scan) probes target for vulnerabilities.scan) probes target for vulnerabilities.
• Gaining accessGaining access – attacker exploits– attacker exploitsvulnerabilities to get inside system; usedvulnerabilities to get inside system; usedfor spoofing IP.for spoofing IP.
• Maintaining accessMaintaining access – creates backdoor– creates backdoorthrough use of Trojans; once attackerthrough use of Trojans; once attackergains access makes sure he/she can getgains access makes sure he/she can getback in.back in.
• Covering tracksCovering tracks – deletes files, hides– deletes files, hidesfiles, and erases log files. So that attackerfiles, and erases log files. So that attacker
cannot be detected or penalized.cannot be detected or penalized.(Source: www.eccouncil.org)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 21/98
Hacker classesHacker classes
• Black hatsBlack hats – highly skilled,– highly skilled,
malicious, destructive “crackers” malicious, destructive “crackers” • White hatsWhite hats – skills used for– skills used for
defensive security analystsdefensive security analysts
• Gray hatsGray hats – offensively and– offensively and
defensively; will hack for differentdefensively; will hack for different
reasons, depends on situation.reasons, depends on situation. HactivismHactivism – hacking for social and– hacking for social and
political cause.political cause. Ethical hackersEthical hackers – determine what– determine what
attackers can gain access to, what theyattackers can gain access to, what theywill do with the information, and can theywill do with the information, and can they
be detected.be detected. (Source: www.eccouncil.org)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 22/98
Teaching Resources: EthicalTeaching Resources: EthicalHacking TextbooksHacking Textbooks
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 23/98
Ec-CouncilEc-Council
Certified Ethical HackerCertified Ethical Hacker
www.eccouncil.org
ISBN 0-9729362-1-1
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 24/98
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 25/98
Ec-Council (Cont.)Ec-Council (Cont.)
Web Application VulnerabilitiesWeb Application Vulnerabilities Web Based Password Cracking TechniquesWeb Based Password Cracking Techniques SQL InjectionSQL Injection Hacking Wireless NetworksHacking Wireless Networks VirusesViruses Novell HackingNovell Hacking
Linux HackingLinux Hacking Evading IDS, Firewalls and HoneypotsEvading IDS, Firewalls and Honeypots Buffer OverflowsBuffer Overflows CryptographyCryptography
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 26/98
Certified Ethical Hacker ExamCertified Ethical Hacker Exam
PrepPrep
http://www.examcram.comISBN 0-7897-3531-8
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 27/98
Certified Ethical Hacker ExamCertified Ethical Hacker Exam
PrepPrep
The Business Aspects of PenetrationThe Business Aspects of PenetrationTestingTesting
The Technical Foundations of HackingThe Technical Foundations of Hacking Footprinting and ScanningFootprinting and Scanning Enumeration and System HackingEnumeration and System Hacking Linux and automated Security AssessmentLinux and automated Security Assessment
ToolsTools Trojans and BackdoorsTrojans and Backdoors Sniffers, Session Hyjacking, and Denial of Sniffers, Session Hyjacking, and Denial of
ServiceService
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 28/98
Certified Ethical Hacker ExamCertified Ethical Hacker Exam
Prep (Cont.)Prep (Cont.) Web Server Hacking, Web Applications,Web Server Hacking, Web Applications,
and Database Attacksand Database Attacks
Wireless Technologies, Security, andWireless Technologies, Security, and
AttacksAttacks
IDS, Firewalls, and HoneypotsIDS, Firewalls, and Honeypots
Buffer Overflows, Viruses, and WormsBuffer Overflows, Viruses, and Worms Cryptographic Attacks and DefensesCryptographic Attacks and Defenses
Physical Security and Social EngineeringPhysical Security and Social Engineering
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 29/98
Hands-On Information SecurityHands-On Information Security
Lab Manual, Second EditionLab Manual, Second Edition
http://www.course.com/
ISBN 0-619-21631-X
1. Footprinting
2. Scanning and Enumeration
3. Operating System Vulnerabilities
and Resolutions4. Network Security Tools and
Technologies
5. Security Maintenance
6. Information SecurityManagement
7. File System Security and
Cryptography
8. Computer Forensics
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 30/98
Hacking Tools: Footprinting andHacking Tools: Footprinting and
ReconnaissanceReconnaissance
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 31/98
WhoisWhois
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 32/98
Whois (cont.)Whois (cont.)
http://www.allwhois.com/
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 33/98
Whois (cont.)Whois (cont.)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 34/98
Sam SpadeSam Spade
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 35/98
Sam Spade (Cont.)Sam Spade (Cont.)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 36/98
NslookupNslookup
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 37/98
Nslookup OptionsNslookup Options
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 38/98
TracerouteTraceroute
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 39/98
PingPing
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 40/98
Ping OptionsPing Options
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 41/98
Hacking Tools: Scanning andHacking Tools: Scanning and
EnumerationEnumeration
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 42/98
nmapnmap
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 43/98
NMapWinNMapWin
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 44/98
SuperScanSuperScan
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 45/98
SuperScan (Cont.)SuperScan (Cont.)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 46/98
IP Scanner IP Scanner
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 47/98
HyenaHyena
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 48/98
RetinaRetina
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 49/98
LANguardLANguard
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 50/98
Hacking Tools: System HackingHacking Tools: System Hacking
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 51/98
telnettelnet
S db
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 52/98
SnadboySnadboy
P d C ki ithP d C ki ith
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 53/98
Password Cracking withPassword Cracking with
LOphtcrackLOphtcrack
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 54/98
Keylogger Keylogger
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 55/98
Hacking Tools: Trojans andHacking Tools: Trojans and
BackdoorsBackdoors
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 56/98
NetBusNetBus
G C t B kd fG C t B kd f
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 57/98
Game Creates Backdoor for Game Creates Backdoor for
NetBusNetBus
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 58/98
SubSevenSubSeven
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 59/98
Hacking Tools: SniffersHacking Tools: Sniffers
S fi MAC ddSpoofing a MAC address
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 60/98
Spoofing a MAC addressSpoofing a MAC address
Original ConfigurationOriginal Configuration
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 61/98
Spoofed MacSpoofed Mac
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 62/98
EtherealEthereal
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 63/98
IrisIris
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 64/98
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 65/98
Hacking Tools: Web BasedHacking Tools: Web Based
Password CrackingPassword Cracking
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 66/98
Cain and AbelCain and Abel
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 67/98
Cain and Abel (Cont.)Cain and Abel (Cont.)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 68/98
Cain and Abel (Cont.)Cain and Abel (Cont.)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 69/98
LegionLegion
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 70/98
BrutusBrutus
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 71/98
Hacking Tools: Covering TracksHacking Tools: Covering Tracks
ImageHideImageHide
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 72/98
ImageHideImageHide
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 73/98
ClearLogsClearLogs
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 74/98
ClearLogs (Cont.)ClearLogs (Cont.)
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 75/98
Hacking Tools: Google HackingHacking Tools: Google Hacking
and SQL Injectionand SQL Injection
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 76/98
Google HackingGoogle Hacking
G l Ch Sh
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 77/98
Google Cheat SheetGoogle Cheat Sheet
SQL I j tiSQL I j ti
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 78/98
SQL InjectionSQL Injection
Allows a remote attacker toAllows a remote attacker toexecute arbitrary databaseexecute arbitrary database
commandscommands Relies on poorly formed database queriesRelies on poorly formed database queries
and insufficientand insufficientinput validationinput validation
Often facilitated, but does not rely onOften facilitated, but does not rely onunhandledunhandled
exceptions and ODBC error messagesexceptions and ODBC error messages Impact: MASSIVE. This is one of the mostImpact: MASSIVE. This is one of the most
dangerousdangerous
vulnerabilities on the web.vulnerabilities on the web.
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 79/98
Common Database QueryCommon Database Query
Problem: Unvalidated InputProblem: Unvalidated Input
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 80/98
Problem: Unvalidated InputProblem: Unvalidated Input
Piggybacking Queries withPiggybacking Queries with
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 81/98
Piggybacking Queries withPiggybacking Queries with
UNIONUNION
C
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 82/98
Hacker Challenge WebsitesHacker Challenge Websites
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 83/98
http://www.hackr.org/mainpage.php
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 84/98
H k hi iH kthi it
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 85/98
Hackthissite.orgHackthissite.org
http://www.hackthissite.org
A l d i dA l d i d
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 86/98
Answers revealed in codeAnswers revealed in code
H kitH kit
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 87/98
HackitsHackits
http://www.hackits.de/challenge/
Additi l W b SitAdditi l W b Sit
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 88/98
Additional Web SitesAdditional Web Sites
L i f Ethi l H kiL i f Ethi l H ki
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 89/98
Legion of Ethical HackingLegion of Ethical Hacking
L i f Ethi l H ki (C t )L i f Ethi l H ki (C t )
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 90/98
Legion of Ethical Hacking (Cont.)Legion of Ethical Hacking (Cont.)
Hacker HighschoolHacker Highschool
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 91/98
Hacker HighschoolHacker Highschool
http://www.hackerhighschool.org/
Hacker HighschoolHacker Highschool
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 92/98
Hacker HighschoolHacker Highschool
j h ih k t ff /johnny ihackstuff com/
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 93/98
johnny.ihackstuff.com/ johnny.ihackstuff.com/
H H kHappyHacker org
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 94/98
HappyHacker.orgHappyHacker.org
F d tFoundstone
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 95/98
FoundstoneFoundstone
Insecure orgInsecure org
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 96/98
Insecure.orgInsecure.org
SANS InstituteSANS Institute
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 97/98
SANS InstituteSANS Institute
8/14/2019 Ethical Hacking Presentation October 2006
http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 98/98
Questions & AnswersQuestions & Answers
Recommended