Upload
anup-mohanta
View
221
Download
0
Embed Size (px)
Citation preview
8/9/2019 Ethical Hacking-By Saroj Nayak
1/56
ETHICAL HACKING
ANEW PERSPECTIVE
Presented By
Saroj Nayak
KEC
8/9/2019 Ethical Hacking-By Saroj Nayak
2/56
WHAT IS HACKING?
Username:system
Password:manager
Welcometo ABL Computer Research Lab. Youhave five
newmessages.
$ That ishoweasy itwastohack intoacomputernetwork.
Themostprominentdefinitionofhacking istheactofgainingaccesswithoutlegalauthorizationtoacomputer
orcomputernetwork. Ahacker firstattacksaneasy
target,andthenuses ittohidehisorhertraces for
launchingattacksatmoresecuresites. Thegoalofan
attack istogaincompletecontrolofthesystem (soyoucan
edit,delete, install,orexecuteany file inanyusersdirectory),oftenbygainingaccesstoa "super-user"
account. Thiswillallowbothmaximumaccessandthe
abilitytohideyourpresence.
8/9/2019 Ethical Hacking-By Saroj Nayak
3/56
HACKERS ARE HERE. WHERE
ARE YOU?
The explosive growth of the Internet has broughtmany good thingsAs with most technologicaladvances, there is also a dark side: criminalhackers.
The term hacker has a dual usage in thecomputer industry today. Originally, the termwas defined as:
HACKER noun. 1. A person who enjoys learningthe details of computer systems and how tostretch their capabilities. 2. One who programsenthusiastically or who enjoys programmingrather than just theorizing about programming.
8/9/2019 Ethical Hacking-By Saroj Nayak
4/56
HACKERV/S CRACKER
HackerLots of knowledge
No crime
Fights criminal
CrackerLots of knowledge
Poor crime
Is a criminal
IP AddressThe attackers first step is to find IP address of target system.
It is a 32 bit address divided into four field of 8-bits each.All the web sites are assigned with IP address.
8/9/2019 Ethical Hacking-By Saroj Nayak
5/56
PROXYSERVER
It acts like a buffer between us & the internet. It
also protects your identity.
There are some online proxy sites through which
you can get into. Even you can manually change the proxy
address.You can get the proxy address from
different proxy sites such as
www.allproxysites.com,www.samair.ru etc..
8/9/2019 Ethical Hacking-By Saroj Nayak
6/56
FOOTPRINTING AND
RECONNAISSANCE
8/9/2019 Ethical Hacking-By Saroj Nayak
7/56
TRACE ROUTE
Generally used for
Firewall Detection
Geographical location of target system
When datapackets travel from source todestination system they do not always take the
same path,datapackets take different paths.
8/9/2019 Ethical Hacking-By Saroj Nayak
8/56
8/9/2019 Ethical Hacking-By Saroj Nayak
9/56
WHOIS
8/9/2019 Ethical Hacking-By Saroj Nayak
10/56
WHOIS (CONT.)
http://www.allwhois.com/
8/9/2019 Ethical Hacking-By Saroj Nayak
11/56
WHOIS (CONT.)
8/9/2019 Ethical Hacking-By Saroj Nayak
12/56
SAM SPADE
8/9/2019 Ethical Hacking-By Saroj Nayak
13/56
SAM SPADE (CONT.)
8/9/2019 Ethical Hacking-By Saroj Nayak
14/56
NSLOOKUP
8/9/2019 Ethical Hacking-By Saroj Nayak
15/56
TRACEROUTE
8/9/2019 Ethical Hacking-By Saroj Nayak
16/56
PING
8/9/2019 Ethical Hacking-By Saroj Nayak
17/56
PING OPTIONS
8/9/2019 Ethical Hacking-By Saroj Nayak
18/56
SCANNING AND
ENUMERATION
8/9/2019 Ethical Hacking-By Saroj Nayak
19/56
NMAP
8/9/2019 Ethical Hacking-By Saroj Nayak
20/56
NMAPWIN
8/9/2019 Ethical Hacking-By Saroj Nayak
21/56
SUPERSCAN
8/9/2019 Ethical Hacking-By Saroj Nayak
22/56
SUPERSCAN (CONT.)
8/9/2019 Ethical Hacking-By Saroj Nayak
23/56
IP SCANNER
8/9/2019 Ethical Hacking-By Saroj Nayak
24/56
RETINA
8/9/2019 Ethical Hacking-By Saroj Nayak
25/56
8/9/2019 Ethical Hacking-By Saroj Nayak
26/56
WINDOWS HACKING
There are different methods of bypassing the
windows password field.
By decrypting the SAM file present in
WINDOWS\system32\config directory. Through Administrator profile
Using third party tool such as OHPCRACK.
We can even change password of a user usingcommand prompt without using his/her
password.
8/9/2019 Ethical Hacking-By Saroj Nayak
27/56
The host file stores information on where to find
or locate a particular computer on network.
Location - \windows\system32\drivers\etc
THE HOST FILE
8/9/2019 Ethical Hacking-By Saroj Nayak
28/56
SNADBOY
8/9/2019 Ethical Hacking-By Saroj Nayak
29/56
PASSWORD CRACKING WITH
LOPHTCRACK
8/9/2019 Ethical Hacking-By Saroj Nayak
30/56
KEYLOGGER
8/9/2019 Ethical Hacking-By Saroj Nayak
31/56
E-MAIL HACKING
Common attacks are :
Abusive emails
Email Forging
We can get the IP address from senders email.Thenwe can trace the sender.
It is got from E-mail header.
We can even get IP address through Instant
Messengers.
8/9/2019 Ethical Hacking-By Saroj Nayak
32/56
TrojansandBackdoors
8/9/2019 Ethical Hacking-By Saroj Nayak
33/56
NETBUS
8/9/2019 Ethical Hacking-By Saroj Nayak
34/56
SPOOFING AMACADDRESS
ORIGINAL CONFIGURATION
8/9/2019 Ethical Hacking-By Saroj Nayak
35/56
SPOOFED MAC
8/9/2019 Ethical Hacking-By Saroj Nayak
36/56
SNORT
8/9/2019 Ethical Hacking-By Saroj Nayak
37/56
Web Based Password Cracking
8/9/2019 Ethical Hacking-By Saroj Nayak
38/56
CAIN ANDABEL
8/9/2019 Ethical Hacking-By Saroj Nayak
39/56
CAIN ANDABEL (CONT.)
8/9/2019 Ethical Hacking-By Saroj Nayak
40/56
CAIN ANDABEL (CONT.)
8/9/2019 Ethical Hacking-By Saroj Nayak
41/56
BRUTUS
8/9/2019 Ethical Hacking-By Saroj Nayak
42/56
HACKING TOOLS: COVERING
TRACKS
8/9/2019 Ethical Hacking-By Saroj Nayak
43/56
IMAGEHIDE
8/9/2019 Ethical Hacking-By Saroj Nayak
44/56
CLEARLOGS
8/9/2019 Ethical Hacking-By Saroj Nayak
45/56
CLEARLOGS (CONT.)
8/9/2019 Ethical Hacking-By Saroj Nayak
46/56
HACKING TOOLS: GOOGLE HACKING
AND SQL INJECTION
8/9/2019 Ethical Hacking-By Saroj Nayak
47/56
GOOGLE HACKING
8/9/2019 Ethical Hacking-By Saroj Nayak
48/56
GOOGLE CHEAT SHEET
8/9/2019 Ethical Hacking-By Saroj Nayak
49/56
SQL INJECTION
Allows a remote attacker toexecute arbitrary databasecommands
Relies on poorly formed database queriesand insufficientinput validation
Often facilitated, but does not rely onunhandled
exceptions and ODBC error messages Impact: MASSIVE. This is one of the most
dangerousvulnerabilities on the web.
8/9/2019 Ethical Hacking-By Saroj Nayak
50/56
HACKER CHALLENGEWEBSITES
8/9/2019 Ethical Hacking-By Saroj Nayak
51/56
http://www.hackr.org/mainpage.php
8/9/2019 Ethical Hacking-By Saroj Nayak
52/56
8/9/2019 Ethical Hacking-By Saroj Nayak
53/56
HACKTHISSITE.ORG
http://www.hackthissite.org
8/9/2019 Ethical Hacking-By Saroj Nayak
54/56
ANSWERS REVEALED IN CODE
8/9/2019 Ethical Hacking-By Saroj Nayak
55/56
HACKITS
http://www.hackits.de/challenge/
8/9/2019 Ethical Hacking-By Saroj Nayak
56/56
Thank You