Ethical Hacking Presentation October 2006

8/14/2019 Ethical Hacking Presentation October 2006

http://slidepdf.com/reader/full/ethical-hacking-presentation-october-2006 1/98

Ethical Hacking for Ethical Hacking for

EducatorsEducators

Presented ByPresented By

Regina DeLisse Hartley, Ph.D.Regina DeLisse Hartley, Ph.D.

Caldwell Community College & Caldwell Community College &

Technical InstituteTechnical Institute



OverviewOverview

Old School Hackers: History of HackingOld School Hackers: History of Hacking Ec-Council: Certified Ethical HackerEc-Council: Certified Ethical Hacker Learning CompetenciesLearning Competencies Teaching Resources: Ethical HackingTeaching Resources: Ethical Hacking

TextbooksTextbooks Hacking ToolsHacking Tools Hacker Challenge WebsitesHacker Challenge Websites Additional Web SitesAdditional Web Sites Questions and AnswersQuestions and Answers



Old School Hackers:Old School Hackers:

History of HackingHistory of Hacking



PREHISTORYPREHISTORY 1960s: The Dawn of 1960s: The Dawn of

HackingHacking

Original meaning of theOriginal meaning of theword "hack" started atword "hack" started atMIT; meant elegant, wittyMIT; meant elegant, wittyor inspired way of doingor inspired way of doingalmost anything; hacksalmost anything; hackswere programmingwere programming

shortcutsshortcutsELDER DAYS (1970-1979)ELDER DAYS (1970-1979) 1970s: Phone Phreaks1970s: Phone Phreaks

and Cap'n Crunch:and Cap'n Crunch: OneOnephreak, John Draper (akaphreak, John Draper (aka

"Cap'n Crunch"), discovers"Cap'n Crunch"), discoversa toy whistle inside Cap'na toy whistle inside Cap'nCrunch cereal gives 2600-Crunch cereal gives 2600-hertz signal, and canhertz signal, and canaccess AT&T's long-access AT&T's long-

distance switching system.distance switching system.

DraperDraper builds a "bluebuilds a "bluebox" used with whistlebox" used with whistleallows phreaks to makeallows phreaks to makefree calls.free calls.

Steve WozniakSteve Wozniak andandSteve Jobs, futureSteve Jobs, futurefounders of Applefounders of AppleComputer, make and sellComputer, make and sellblue boxes.blue boxes.

THE GOLDEN AGETHE GOLDEN AGE(1980-1991)(1980-1991) 1980: Hacker Message1980: Hacker Message

Boards and GroupsBoards and GroupsHacking groups form;Hacking groups form;

such as Legion of Doomsuch as Legion of Doom(US), Chaos Computer(US), Chaos ComputerClub (Germany).Club (Germany).

1983: Kids' Games1983: Kids' GamesMovie "War Games"Movie "War Games"

introduces public tointroduces public tohacking.hacking.



THE GREAT HACKER WAR THE GREAT HACKER WAR Legion of DoomLegion of Doom vsvs

Masters of Deception;Masters of Deception;

online warfare; jammingonline warfare; jammingphone lines.phone lines.

1984: Hacker 'Zines1984: Hacker 'ZinesHacker magazine 2600Hacker magazine 2600publication; online 'zinepublication; online 'zine

Phrack.Phrack.CRACKDOWN (1986-CRACKDOWN (1986-

1994)1994) 1986:1986: Congress passesCongress passes

Computer Fraud and AbuseComputer Fraud and Abuse

Act; crime to break intoAct; crime to break intocomputer systems.computer systems. 11988: The Morris Worm988: The Morris Worm

Robert T. Morris, Jr.,Robert T. Morris, Jr.,launches self-replicatinglaunches self-replicating

worm on ARPAnet.worm on ARPAnet.

1989: The Germans ,the KGB and KevinMitnick.

German Hackers arrested for breakinginto U.S. computers;sold information toSoviet KGB.

Hacker "The Mentor“ arrested; publishesHacker's Manifesto.

Kevin Mitnick convicted; first person

convicted under lawagainst gaining accessto interstate networkfor criminal purposes.



1993: Why Buy a Car1993: Why Buy a CarWhen You Can HackWhen You Can HackOne?One?Radio station call-inRadio station call-in

contest; hacker-fugitivecontest; hacker-fugitiveKevin Poulsen and friendsKevin Poulsen and friendscrack phone; theycrack phone; theyallegedly get two Porsches,allegedly get two Porsches,$20,000 cash, vacation$20,000 cash, vacationtrips; Poulsen now atrips; Poulsen now afreelance journalistfreelance journalistcovering computer crime.covering computer crime.

First Def ConFirst Def Con hackinghackingconference in Las Vegasconference in Las Vegas

ZERO TOLERANCE (1994-ZERO TOLERANCE (1994-

1998)1998) 1995: The Mitnick1995: The Mitnick

Takedown:Takedown: ArrestedArrestedagain; charged withagain; charged withstealing 20,000 credit cardstealing 20,000 credit card

numbers.numbers.

1995: Russian Hackers Siphon $10 million fromCitibank; Vladimir Levin,leader.

Oct 1998 teenager hacksinto Bell Atlantic phonesystem; disabledcommunication at airportdisables runway lights.

1999 hackers attackPentagon, MIT, FBI websites.

1999: E-commercecompany attacked;

blackmail threats followedby 8 million credit cardnumbers stolen. (www.blackhat.info; www.h2k2.net;www.slais.ubc.ca/; www.sptimes.com;www.tlc.discovery.com)

http://www.blackhat.info/

http://www.h2k2.net/

http://www.slais.ubc.ca/

http://www.sptimes.com/

http://www.tlc.discovery.com/


http://www.sptimes.com/

http://www.slais.ubc.ca/

http://www.h2k2.net/

http://www.blackhat.info/



Ec-Council: Certified EthicalEc-Council: Certified Ethical

Hacker Hacker



EC-Council has certified ITEC-Council has certified IT

professionals from the followingprofessionals from the followingorganizations as CEH:organizations as CEH:

Novell, Canon, Hewlett Packard, US Air ForceNovell, Canon, Hewlett Packard, US Air ForceReserve, US Embassy, Verizon, PFIZER, HDFCReserve, US Embassy, Verizon, PFIZER, HDFCBank, University of Memphis, MicrosoftBank, University of Memphis, MicrosoftCorporation, Worldcom, Trusecure, USCorporation, Worldcom, Trusecure, USDepartment of Defense, Fedex, Dunlop, BritishDepartment of Defense, Fedex, Dunlop, British

Telecom, Cisco, Supreme Court of the Philippines,Telecom, Cisco, Supreme Court of the Philippines,United Nations, Ministry of Defense, UK, NortelUnited Nations, Ministry of Defense, UK, NortelNetworks, MCI, Check Point Software, KPMG, FleetNetworks, MCI, Check Point Software, KPMG, FleetInternational, Cingular Wireless, Columbia DailyInternational, Cingular Wireless, Columbia DailyTribune, Johnson & Johnson, Marriott Hotel,Tribune, Johnson & Johnson, Marriott Hotel,Tucson Electric Power Company, Singapore PoliceTucson Electric Power Company, Singapore Police

ForceForce



PriceWaterhouseCoopers, SAP, Coca-Cola

Corporation, Quantum Research, US Military, IBMGlobal Services, UPS, American Express, FBI,Citibank Corporation, Boehringer Ingelheim,Wipro, New York City Dept Of IT & Telecom –DoITT, United States Marine Corps, ReserveBank of India, US Air Force, EDS, Bell Canada,SONY, Kodak, Ontario Provincial Police, HarrisCorporation, Xerox, Philips Electronics, U.S.Army, Schering, Accenture, Bank One, SAIC,Fujitsu, Deutsche Bank

(Cont.)(Cont.)



Hackers are here. Where areHackers are here. Where are

you?you? The explosive growth of the Internet hasThe explosive growth of the Internet has

brought many good things…As with mostbrought many good things…As with mosttechnological advances, there is also a darktechnological advances, there is also a darkside: criminal hackers.side: criminal hackers.

The term “hacker” has a dual usage in theThe term “hacker” has a dual usage in thecomputer industry today. Originally, the termcomputer industry today. Originally, the termwas defined as:was defined as:

HACKER HACKER noun.noun. 1. A person who enjoys1. A person who enjoys

learning the details of computer systems andlearning the details of computer systems andhow to stretch their capabilities…. 2. One whohow to stretch their capabilities…. 2. One whoprograms enthusiastically or who enjoysprograms enthusiastically or who enjoysprogramming rather than just theorizing aboutprogramming rather than just theorizing about

programming.programming.



What is a Hacker?What is a Hacker?

Old School Hackers:Old School Hackers: 1960s style Stanford or MIT1960s style Stanford or MIThackers. Do not have malicious intent, but do havehackers. Do not have malicious intent, but do havelack of concern for privacy and proprietarylack of concern for privacy and proprietaryinformation. They believe the Internet wasinformation. They believe the Internet wasdesigned to be an open system.designed to be an open system.

Script Kiddies or Cyber-Punks:Script Kiddies or Cyber-Punks: Between 12-30;Between 12-30;predominantly white and male; bored in school; getpredominantly white and male; bored in school; getcaught due to bragging online; intent is tocaught due to bragging online; intent is tovandalize or disrupt systems.vandalize or disrupt systems.

Professional Criminals or Crackers:Professional Criminals or Crackers: Make aMake aliving by breaking into systems and selling theliving by breaking into systems and selling theinformation.information.

Coders and Virus Writers:Coders and Virus Writers: See themselves as anSee themselves as anelite; programming background and write code butelite; programming background and write code butwon’t use it themselves; have their own networkswon’t use it themselves; have their own networkscalled “zoos”; leave it to others to release theircalled “zoos”; leave it to others to release their

code into “The Wild” or Internet.code into “The Wild” or Internet. ((www.tlc.discovery.comwww.tlc.discovery.com))






What is Ethical Hacking?What is Ethical Hacking?

Ethical hackingEthical hacking – defined “methodology– defined “methodologyadopted by ethical hackers to discover theadopted by ethical hackers to discover thevulnerabilities existing in informationvulnerabilities existing in informationsystems’ operating environments.” systems’ operating environments.”

With the growth of the Internet, computerWith the growth of the Internet, computersecurity has become a major concern forsecurity has become a major concern forbusinesses and governments.businesses and governments.

In their search for a way to approach theIn their search for a way to approach theproblem, organizations came to realizeproblem, organizations came to realize

that one of the best ways to evaluate thethat one of the best ways to evaluate theintruder threat to their interests would beintruder threat to their interests would beto have independent computer securityto have independent computer securityprofessionals attempt to break into theirprofessionals attempt to break into their

computer systems.computer systems.



Who are Ethical Hackers?Who are Ethical Hackers? ““One of the best ways to evaluate the intruder One of the best ways to evaluate the intruder

threat is to have an independent computer threat is to have an independent computer security professionals attempt to break their security professionals attempt to break their computer systems” computer systems”

Successful ethical hackers possess a variety of Successful ethical hackers possess a variety of

skills. First and foremost, they must be completelyskills. First and foremost, they must be completelytrustworthy.trustworthy. Ethical hackers typically have very strongEthical hackers typically have very strong

programming and computer networking skills.programming and computer networking skills. They are also adept at installing and maintainingThey are also adept at installing and maintaining

systems that use the more popular operatingsystems that use the more popular operatingsystems (e.g., Linux or Windows 2000) used onsystems (e.g., Linux or Windows 2000) used ontarget systems.target systems.

These base skills are augmented with detailedThese base skills are augmented with detailedknowledge of the hardware and software providedknowledge of the hardware and software provided

by the more popular computer and networkingby the more popular computer and networkinghardware vendors.hardware vendors.



What do Ethical Hackers do?What do Ethical Hackers do?

An ethical hacker’s evaluation of a system’sAn ethical hacker’s evaluation of a system’s

security seeks answers to these basic questions:security seeks answers to these basic questions:

• What can an intruder see on the targetWhat can an intruder see on the target

systems?systems?

• What can an intruder do with that information?What can an intruder do with that information?

• Does anyone at the target notice the intruder’sDoes anyone at the target notice the intruder’s

at tempts or successes?at tempts or successes?

• What are you trying to protect?What are you trying to protect?• What are you trying to protect against?What are you trying to protect against?

• How much time, effort, and money are youHow much time, effort, and money are you

willing to expend to obtain adequatewilling to expend to obtain adequate

protection?protection?



How much do Ethical HackersHow much do Ethical Hackers

get Paid?get Paid? Globally, the hiring of ethical hackers is onGlobally, the hiring of ethical hackers is on

the rise with most of them working withthe rise with most of them working with

top consulting firms.top consulting firms. In the United States, an ethical hacker canIn the United States, an ethical hacker can

make upwards of $120,000 per annum.make upwards of $120,000 per annum. Freelance ethical hackers can expect toFreelance ethical hackers can expect to

make $10,000 per assignment.make $10,000 per assignment. Some ranges from $15,000 toSome ranges from $15,000 to

$45,000 for a standalone ethical$45,000 for a standalone ethical

hack.hack.



Certified Ethical Hacker (C|EH)Certified Ethical Hacker (C|EH)

TrainingTraining

InfoSec AcademyInfoSec Academy

http://www.infosecacademy.comhttp://www.infosecacademy.com

• Five-dayFive-day Certified Ethical Hacker (C|EH)Certified Ethical Hacker (C|EH) Training Camp Certification Training ProgramTraining Camp Certification Training Program

• (C|EH)(C|EH) examinationexamination

• C|EH Certified EthicalC|EH Certified Ethical

Hacker Training CampHacker Training Camp(5-Day Package)(5-Day Package)$3,595$3,595

($2,580 training only)($2,580 training only)

(Source: www.eccouncil.org)

http://www.eccouncil.org/




Learning CompetenciesLearning Competencies



Required Skills of an EthicalRequired Skills of an Ethical

Hacker Hacker

Routers:Routers: knowledge of routers, routingknowledge of routers, routingprotocols, and access control listsprotocols, and access control lists

Microsoft:Microsoft: skills in operation, configuration andskills in operation, configuration andmanagement.management.

Linux:Linux: knowledge of Linux/Unix; securityknowledge of Linux/Unix; securitysetting, configuration, and services.setting, configuration, and services.

Firewalls:Firewalls: configurations, and operation of configurations, and operation of intrusion detection systems.intrusion detection systems.

MainframesMainframes Network Protocols:Network Protocols: TCP/IP; how they functionTCP/IP; how they function

and can be manipulated.and can be manipulated. Project Management:Project Management: knowledge of leading,knowledge of leading,

planning, organizing, and controlling aplanning, organizing, and controlling apenetration testing team.penetration testing team.

(Source: http://www.examcram.com)

http://www.examcram.com/




Modes of Ethical HackingModes of Ethical Hacking

Insider attackInsider attack

Outsider attackOutsider attack

Stolen equipment attackStolen equipment attack Physical entryPhysical entry

Bypassed authentication attackBypassed authentication attack

(wireless access points)(wireless access points) Social engineering attackSocial engineering attack

(Source: http://www.examcram.com)





Anatomy of an attack:Anatomy of an attack:

• ReconnaissanceReconnaissance – attacker gathers– attacker gathers

information; can include socialinformation; can include socialengineering.engineering.• ScanningScanning – searches for open ports (port– searches for open ports (port

scan) probes target for vulnerabilities.scan) probes target for vulnerabilities.

• Gaining accessGaining access – attacker exploits– attacker exploitsvulnerabilities to get inside system; usedvulnerabilities to get inside system; usedfor spoofing IP.for spoofing IP.

• Maintaining accessMaintaining access – creates backdoor– creates backdoorthrough use of Trojans; once attackerthrough use of Trojans; once attackergains access makes sure he/she can getgains access makes sure he/she can getback in.back in.

• Covering tracksCovering tracks – deletes files, hides– deletes files, hidesfiles, and erases log files. So that attackerfiles, and erases log files. So that attacker

cannot be detected or penalized.cannot be detected or penalized.(Source: www.eccouncil.org)





Hacker classesHacker classes

• Black hatsBlack hats – highly skilled,– highly skilled,

malicious, destructive “crackers” malicious, destructive “crackers” • White hatsWhite hats – skills used for– skills used for

defensive security analystsdefensive security analysts

• Gray hatsGray hats – offensively and– offensively and

defensively; will hack for differentdefensively; will hack for different

reasons, depends on situation.reasons, depends on situation. HactivismHactivism – hacking for social and– hacking for social and

political cause.political cause. Ethical hackersEthical hackers – determine what– determine what

attackers can gain access to, what theyattackers can gain access to, what theywill do with the information, and can theywill do with the information, and can they

be detected.be detected. (Source: www.eccouncil.org)





Teaching Resources: EthicalTeaching Resources: EthicalHacking TextbooksHacking Textbooks



Ec-CouncilEc-Council

Certified Ethical HackerCertified Ethical Hacker

www.eccouncil.org

ISBN 0-9729362-1-1





Ec-Council (Cont.)Ec-Council (Cont.)

Web Application VulnerabilitiesWeb Application Vulnerabilities Web Based Password Cracking TechniquesWeb Based Password Cracking Techniques SQL InjectionSQL Injection Hacking Wireless NetworksHacking Wireless Networks VirusesViruses Novell HackingNovell Hacking

Linux HackingLinux Hacking Evading IDS, Firewalls and HoneypotsEvading IDS, Firewalls and Honeypots Buffer OverflowsBuffer Overflows CryptographyCryptography



Certified Ethical Hacker ExamCertified Ethical Hacker Exam

PrepPrep

http://www.examcram.comISBN 0-7897-3531-8






PrepPrep

The Business Aspects of PenetrationThe Business Aspects of PenetrationTestingTesting

The Technical Foundations of HackingThe Technical Foundations of Hacking Footprinting and ScanningFootprinting and Scanning Enumeration and System HackingEnumeration and System Hacking Linux and automated Security AssessmentLinux and automated Security Assessment

ToolsTools Trojans and BackdoorsTrojans and Backdoors Sniffers, Session Hyjacking, and Denial of Sniffers, Session Hyjacking, and Denial of

ServiceService




Prep (Cont.)Prep (Cont.) Web Server Hacking, Web Applications,Web Server Hacking, Web Applications,

and Database Attacksand Database Attacks

Wireless Technologies, Security, andWireless Technologies, Security, and

AttacksAttacks

IDS, Firewalls, and HoneypotsIDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and WormsBuffer Overflows, Viruses, and Worms Cryptographic Attacks and DefensesCryptographic Attacks and Defenses

Physical Security and Social EngineeringPhysical Security and Social Engineering



Hands-On Information SecurityHands-On Information Security

Lab Manual, Second EditionLab Manual, Second Edition

http://www.course.com/

ISBN 0-619-21631-X

1. Footprinting

2. Scanning and Enumeration

3. Operating System Vulnerabilities

and Resolutions4. Network Security Tools and

Technologies

5. Security Maintenance

6. Information SecurityManagement

7. File System Security and

Cryptography

8. Computer Forensics





Hacking Tools: Footprinting andHacking Tools: Footprinting and

ReconnaissanceReconnaissance



WhoisWhois



Whois (cont.)Whois (cont.)

http://www.allwhois.com/



Whois (cont.)Whois (cont.)



Sam SpadeSam Spade



Sam Spade (Cont.)Sam Spade (Cont.)



NslookupNslookup



Nslookup OptionsNslookup Options



TracerouteTraceroute



PingPing



Ping OptionsPing Options



Hacking Tools: Scanning andHacking Tools: Scanning and

EnumerationEnumeration



nmapnmap



NMapWinNMapWin



SuperScanSuperScan



SuperScan (Cont.)SuperScan (Cont.)



IP Scanner IP Scanner



HyenaHyena



RetinaRetina



LANguardLANguard



Hacking Tools: System HackingHacking Tools: System Hacking



telnettelnet

S db



SnadboySnadboy

P d C ki ithP d C ki ith



Password Cracking withPassword Cracking with

LOphtcrackLOphtcrack



Keylogger Keylogger



Hacking Tools: Trojans andHacking Tools: Trojans and

BackdoorsBackdoors



NetBusNetBus

G C t B kd fG C t B kd f



Game Creates Backdoor for Game Creates Backdoor for

NetBusNetBus



SubSevenSubSeven



Hacking Tools: SniffersHacking Tools: Sniffers

S fi MAC ddSpoofing a MAC address



Spoofing a MAC addressSpoofing a MAC address

Original ConfigurationOriginal Configuration



Spoofed MacSpoofed Mac



EtherealEthereal



IrisIris



Hacking Tools: Web BasedHacking Tools: Web Based

Password CrackingPassword Cracking



Cain and AbelCain and Abel



Cain and Abel (Cont.)Cain and Abel (Cont.)



LegionLegion



BrutusBrutus



Hacking Tools: Covering TracksHacking Tools: Covering Tracks

ImageHideImageHide



ImageHideImageHide



ClearLogsClearLogs



ClearLogs (Cont.)ClearLogs (Cont.)



Hacking Tools: Google HackingHacking Tools: Google Hacking

and SQL Injectionand SQL Injection



Google HackingGoogle Hacking

G l Ch Sh



Google Cheat SheetGoogle Cheat Sheet

SQL I j tiSQL I j ti



SQL InjectionSQL Injection

Allows a remote attacker toAllows a remote attacker toexecute arbitrary databaseexecute arbitrary database

commandscommands Relies on poorly formed database queriesRelies on poorly formed database queries

and insufficientand insufficientinput validationinput validation

Often facilitated, but does not rely onOften facilitated, but does not rely onunhandledunhandled

exceptions and ODBC error messagesexceptions and ODBC error messages Impact: MASSIVE. This is one of the mostImpact: MASSIVE. This is one of the most

dangerousdangerous

vulnerabilities on the web.vulnerabilities on the web.



Common Database QueryCommon Database Query

Problem: Unvalidated InputProblem: Unvalidated Input



Problem: Unvalidated InputProblem: Unvalidated Input

Piggybacking Queries withPiggybacking Queries with



Piggybacking Queries withPiggybacking Queries with

UNIONUNION

C



Hacker Challenge WebsitesHacker Challenge Websites

http://www.hackr.org/index.php



http://www.hackr.org/mainpage.php





H k hi iH kthi it




Hackthissite.orgHackthissite.org

http://www.hackthissite.org

A l d i dA l d i d



Answers revealed in codeAnswers revealed in code

H kitH kit



HackitsHackits

http://www.hackits.de/challenge/

Additi l W b SitAdditi l W b Sit



Additional Web SitesAdditional Web Sites

L i f Ethi l H kiL i f Ethi l H ki



Legion of Ethical HackingLegion of Ethical Hacking

L i f Ethi l H ki (C t )L i f Ethi l H ki (C t )



Legion of Ethical Hacking (Cont.)Legion of Ethical Hacking (Cont.)

Hacker HighschoolHacker Highschool

http://www.hackerhighschool.org/




http://www.hackerhighschool.org/





j h ih k t ff /johnny ihackstuff com/



johnny.ihackstuff.com/ johnny.ihackstuff.com/

H H kHappyHacker org



HappyHacker.orgHappyHacker.org

F d tFoundstone



FoundstoneFoundstone

Insecure orgInsecure org



Insecure.orgInsecure.org

SANS InstituteSANS Institute



SANS InstituteSANS Institute



Questions & AnswersQuestions & Answers

Ethical Hacking Presentation October 2006

Documents

Transcript of Ethical Hacking Presentation October 2006