8/12/2019 Ethcal Hacking

1/17

PRESENTED BY-

P.RAVALI

PERCY PINSTER

8/12/2019 Ethcal Hacking

2/17

Hacking refers to an array of activities whichare done to intrude someone else personalinformation so as to use it for unwantedpurpose.

Hacking is a term used to refer to activitiesaimed at exploiting security flaws to obtaincritical information for gaining access to

secured network.

8/12/2019 Ethcal Hacking

3/17

PROTECTING HACKING

8/12/2019 Ethcal Hacking

4/17

1. Preparation

2. Footprinting

3. Enumeration & Fingerprinting

4. Identification of Vulnerabilities

5. Attack Exploit the Vulnerabilites

8/12/2019 Ethcal Hacking

5/17

Identification of Targets company websites, mailservers, extranets, etc.

Signing of Contract Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the

test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks

Total time for the testing

Prior Knowledge of the systems

Key people who are made aware of the testing

8/12/2019 Ethcal Hacking

6/17

8/12/2019 Ethcal Hacking

7/17

Specific targets determined Identification of Services / open ports Operating System Enumeration

Methods

Banner grabbing Responses to various protocol (ICMP &TCP)

commands Port / Service Scans TCP Connect, TCP SYN, TCP

FIN, etc.

Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump,

ssh, telnet, SNMP Scanner

8/12/2019 Ethcal Hacking

8/17

Vulnerabilities

Insecure Configuration Weak passwords Unpatched vulnerabilities in services,

Operating systems, applications Possible Vulnerabilities in Services, Operating

Systems Insecure programming Weak Access Control

8/12/2019 Ethcal Hacking

9/17

Network Infrastructure ttacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS

Operating System ttacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security

8/12/2019 Ethcal Hacking

10/17

There are mainly three types of hackers

White hat

Black hat Gray hat

8/12/2019 Ethcal Hacking

11/17

These are good hackers . Have genuine license to hack.

Have registered police records

Evolves themselves in good works Generally owned by companies for security

designing

Have high pay scales.

8/12/2019 Ethcal Hacking

12/17

very dangerous persons.Always have motive to earn huge profit.

Highly paid persons.

Evolves themselves mostly in criminalactivities.

8/12/2019 Ethcal Hacking

13/17

Also known as red hats. Perform both tasks fair as well as unfair.

Generally these are admins.

Have little high pay than white hats. Generally not so dangerous, but sometimes

could be.

8/12/2019 Ethcal Hacking

14/17

Every system connected to a network has a unique InternetProtocol (IP) Address which acts as its identity on thatnetwork.

An IP Address is a 32-bit address which is divided into four

fields of 8-bits each. For Example, 203.94.35.12

All data sent or received by a system will be addressed fromor to the system.

An attackers first step is to find out the IP Address of thetarget system.

8/12/2019 Ethcal Hacking

15/17

Linux

Windows XP, vista, Windows 7

Honeypot package

Virtual PC or VMware

8/12/2019 Ethcal Hacking

16/17

By using the above process we can do thehacking process.

But in real world if we use hackingprocess illegally, then it is a crime so weshould not encourage hacking of any systems.

8/12/2019 Ethcal Hacking

17/17