Hacking and Anti Hacking

78
HACKING Don’t Learn to Hack – Hack to Learn HACKING & ANTI-HACKING S.K.Ahsa 1

Transcript of Hacking and Anti Hacking

Page 1: Hacking and Anti Hacking

HACKING

Don’t Learn to Hack – Hack to Learn

HACKING &

ANTI-HACKING

S.K.Ahsan1

Page 2: Hacking and Anti Hacking

SUNAWAR KHAN AHSAN2

Page 3: Hacking and Anti Hacking

SUNAWAR KHAN AHSAN

IN THE NAME OF

THE MOST MERCIFUL THE BENEFICENT !

ALLAH

3

Page 4: Hacking and Anti Hacking

HACKING

DON’T LEARN TO HACK

HACK TO LEARN !

S.K.Ahsan4

Page 5: Hacking and Anti Hacking

Outlines What is Hacking ?Brief History Who is a Hacker ? Types of Hacker What do Hackers do? Hacker’s Techniques & AttacksAnti-HackingDemo Of Hacking

S.K.Ahsan5

Page 6: Hacking and Anti Hacking

What is “HACKING” ?Hacking is not limited to computers. The real meaning of hacking is to expand the capabilities of any electronic device; to use them beyond the original intentions of the manufacturer.

S.K.Ahsan6

Page 7: Hacking and Anti Hacking

• “ Hacking is the use of one's skills (computer, networking, etc.) to try and find vulnerabilities in a network infrastructure. ”

S.K.Ahsan

HACKER ???

7

Page 8: Hacking and Anti Hacking

• Some one who bypasses the system’s control by taking advantage of security weaknesses left in the system by developers !

• One who is both knowledgeable and skilled at computer programming and have it’s own philosophy and code of ethics !

Who is a HACKER ???

8

S.K.Ahsan

Page 9: Hacking and Anti Hacking

A Brief History of Hacking In 1960s

The first comuter hackers emerge at MIT AI (Massachusetts Institute of Technology) there occurred the first hacking incident an victims were electric trains. 1960’s

S.K.Ahsan9

Page 10: Hacking and Anti Hacking

HistoryIn 1970s

– Phreaking : John Draper Hacked the AT&T’s long distance Calling for free .

– Phone hackers break into regional and international phone networks to make free calls.

S.K.Ahsan10

Page 11: Hacking and Anti Hacking

S.K.Ahsan

History1980’s Phone phreaks begin to move into the realm of computer hacking, and the first electronic bulletin board systems (BBSs) spring up.In 1980s

Bill Landreth(the Cracker)Hacked most secure networks.

(Choas C.Club) Hacked Nuclear secrets in Germany.

>>> Use a Computer, Go to Jail ! ! !

11

Page 12: Hacking and Anti Hacking

In 1990s– Two teens Hacked (T online).– 21 year old Argentinean was hacked

NASA, Harvard an Naval war heads info.

S.K.Ahsan

History

12

Page 13: Hacking and Anti Hacking

S.K.Ahsan

1990’s

After a prolonged sting investigation, Secret Service Agents swoop down on hackers in 14 U.S. cities, conducting early-morning raids and arrests.

The Internet begins to take off as a new browser, Netscape Navigator, makes information on the Web more accessible. Hackers take to the new venue quickly, moving all their information and hacking programs to new hacker Web sites.

>>> As information and easy-to-use tools become available to anyone with Net access, the face of

hacking begins to change.

13

Page 14: Hacking and Anti Hacking

S.K.Ahsan

1995-till date

AOL HACKING ! The hacking group Cult of the Dead Cow releases its

Trojan horse program, a powerful hacking tool--at Def

Con. Once a hacker installs the Trojan horse on a machine running Windows 95 or Windows 98, the program allows unauthorized remote access of the machine !

Hackers launch attacks against eBay, Yahoo,

Amazon, and others !

Microsoft becomes the prominent victim of a new type of hack that attacks the domain name server.

14

Page 15: Hacking and Anti Hacking

2000– In one of the biggest denial-of-service

attacks , hackers launch attacks against eBay, Yahoo!, CNN.com., Amazon and others.

S.K.Ahsan15

Page 16: Hacking and Anti Hacking

S.K.Ahsan16

Page 17: Hacking and Anti Hacking

Who is a “HACKER” ? There are at least two common interpretations:

A programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-crime.

A programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm.

S.K.Ahsan17

Page 18: Hacking and Anti Hacking

Types of Hackers White Hat Hackers Are hackers in the noble sense of the term,

whose goal is to help improve computer systems .

Black Hat Hackers Are people who break into computer

systems for malicious purposes,

commonly called pirates.

S.K.Ahsan18

Page 19: Hacking and Anti Hacking

S.K.Ahsan19

Page 20: Hacking and Anti Hacking

S.K.Ahsan

How Hackers do HACKING …

20

Page 21: Hacking and Anti Hacking

What Do HACKERS Do?Threaten PeopleStole illegal or Private materialDamage SystemStole PasswordsCrack Unpaid SoftwaresModify data / stream

S.K.Ahsan21

Page 22: Hacking and Anti Hacking

S.K.Ahsan

System– Access confidential information – Threaten someone from YOUR computer– Broadcast your confidential letters or

materials – Store illegal or espionage material

22

Page 23: Hacking and Anti Hacking

S.K.Ahsan

Network– Eavesdrop and replay– Imposer: server / client– Modify data / stream– Denial-of-Service

23

Page 24: Hacking and Anti Hacking

SUNAWAR KHAN AHSANS.K.Ahsan

Common Hacking

Techniques!

24

Page 25: Hacking and Anti Hacking

System hackingNetwork hackingSoftware hacking http://wiki.answers.com/Q/What_are_the_types_of_hacking

S.K.Ahsan25

Page 26: Hacking and Anti Hacking

System Hacking

• Foot printing• Scanning• Enumeration• Gaining access• Covering tracks• Creating backdoors• Denial of service

26

S.K.Ahsan

Page 27: Hacking and Anti Hacking

FootprintingObjective

– To learn as much as you can about target system, it's remote access capabilities, its ports and services, and the aspects of its security.

Techniques– Open source search– Whois– Web interface to whois– ARIN whois

27

S.K.Ahsan

Page 28: Hacking and Anti Hacking

Inside Jobs

Most security breeches

originate inside the network that

is under attack.

Which include stealing passwords, performing

industrial private data, or

committing simple misuse.

S.K.Ahsan28

Page 29: Hacking and Anti Hacking

PING

29

S.K.Ahsan

Page 30: Hacking and Anti Hacking

whois microsoft.com

30

S.K.Ahsan

Page 31: Hacking and Anti Hacking

Web interface to whois

31

S.K.Ahsan

Page 32: Hacking and Anti Hacking

Output of: whois [email protected]

32

S.K.Ahsan

Page 33: Hacking and Anti Hacking

ARIN whois

33

S.K.Ahsan

Page 34: Hacking and Anti Hacking

Scanning

Objective – Bulk target assessment and identification

of listing services focuses the attention on the most promising avenue of entry

Techniques– Ping sweep– TCP/UDP port scan– OS Detection

34

S.K.Ahsan

Page 35: Hacking and Anti Hacking

EnumerationObjective

– More intrusive probing now begins as attackers begin identifying valid user accounts or poorly protected resource shares

Techniques– List user accounts– List file shares– Identify applications

35

S.K.Ahsan

Page 36: Hacking and Anti Hacking

Gaining Access

Objective – Enough data has been gathered at this

point to make an informed attempt to access the target

Techniques– File share brute forcing– Password file grab– Buffer overflows– Password eavesdropping

36

S.K.Ahsan

Page 37: Hacking and Anti Hacking

NETBRUTE FORCE

37

S.K.Ahsan

Page 38: Hacking and Anti Hacking

PASSWORD FILE GRABBER

38

S.K.Ahsan

Page 39: Hacking and Anti Hacking

Covering TracksObjective

– Once total ownership of the target is secured, hiding this from system administrators become paramount ,lest they quickly end the romp.

Techniques– Clear logs– Hide tools

39

S.K.Ahsan

Page 40: Hacking and Anti Hacking

Creating Back DoorsObjective

– Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim if the intruder

Techniques– Create rogue user accounts– Schedule batch jobs– Infect startup files– Plant remote control services– Install monitoring mechanisms– Replace apps with trojans

40

S.K.Ahsan

Page 41: Hacking and Anti Hacking

Rogue Access Points

Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech.

Rogue APs are most often connected by well

meaning but ignorant employees.

S.K.Ahsan41

Page 42: Hacking and Anti Hacking

Viruses and Worms Viruses and worms are

self-replicating programs

or code fragments that

attach themselves to

other programs (viruses)

or machines (worms).

Viruses and worms attempt to shut down networks by

flooding them with massive amounts of bogus

Traffic,usually through e-mail.

S.K.Ahsan42

Page 43: Hacking and Anti Hacking

Back Doors

Hackers can gain access to a

Network by exploiting back doors,

administrative shortcuts, configuration

errors, easily deciphered

passwords, and unsecured dial-ups.

S.K.Ahsan43

Page 44: Hacking and Anti Hacking

Trojan Horses

Trojan horses, which are

Attached to other programs, are

the leading cause of all break-ins.

When a user Downloads and

activates a Trojan horse, the hacked software kicks off

a virus, password gobbler, or remote-control SW that

gives the hacker control of the PC.i.e Snipersky,PerfectKeylogger.

S.K.Ahsan44

Page 45: Hacking and Anti Hacking

Denial of Service

DoS attacks give hackers a way to bring down a network without gaining internal access.

DoS attacks work by flooding the access routers with bogus traffic.

A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.

S.K.Ahsan45

Page 46: Hacking and Anti Hacking

Anarchists Who just like to break stuff. They usually exploit any

target of opportunity.

Crackers hobbyists or professionals who break passwords and

develop Trojan horses or other SW (called warez).

Script kiddies They have no real hacker skills, so they buy or

download warez, which they launch and use “COwbOy “Languages.

S.K.Ahsan46

Page 47: Hacking and Anti Hacking

Phreakers The pirates who use the switched telephone network

(STN) to make free phone calls.

Carders mainly attack chip card systems (particularly bank

cards) to understand how they work and to exploit their flaws. The term carding refers to chip card piracy.

S.K.Ahsan47

Page 48: Hacking and Anti Hacking

Sniffing refers to the act of intercepting TCP packets. This

interception can happen through simple eavesdropping or something more sinister.

S.K.Ahsan48

Page 49: Hacking and Anti Hacking

Port scanning and spoofing The act of sending an illegitimate packet with an

expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

S.K.Ahsan49

Page 50: Hacking and Anti Hacking

Phishing

The method of luring an unsuspecting user into giving out their username and password for a secure web resource, usually a bank or credit card account.

Ebay and PayPal are particularly susceptible to this type of attack.

S.K.Ahsan50

Page 51: Hacking and Anti Hacking

S.K.Ahsan51

Page 52: Hacking and Anti Hacking

S.K.Ahsan52

Page 53: Hacking and Anti Hacking

BRUTUS - ( Brute force )

www.hoobie.net/brutusS.K.Ahsan53

Page 54: Hacking and Anti Hacking

54

S.K.Ahsan

Page 55: Hacking and Anti Hacking

55

S.K.Ahsan

Page 56: Hacking and Anti Hacking

Port numbers and description

56

S.K.Ahsan

Page 57: Hacking and Anti Hacking

S.K.Ahsan57

Page 58: Hacking and Anti Hacking

Hacker’s Techniques & Attacks

FAKE PAGE

S.K.Ahsan58

Page 59: Hacking and Anti Hacking

SUNAWAR KHAN AHSANS.K.Ahsan

Anti Hacking !

59

Page 60: Hacking and Anti Hacking

DEFINITION

“The opposite

of hacking".

If hacking is defined as an attack on a computer system then Anti-Hacking is the protection of that system.

AntiHacking

S.K.Ahsan60

Page 61: Hacking and Anti Hacking

S.K.Ahsan61

Page 62: Hacking and Anti Hacking

SUNAWAR KHAN AHSANS.K.Ahsan

Anti Hacking

Techniques!

62

Page 63: Hacking and Anti Hacking

Don't ignore operating system updates Anti-virus software Activate the firewall in Windows XP Email software preview windows Logging out Audit your computer regularly Regularly remove spyware Password issues Increasing Security Against a Brute Force

Attack

S.K.Ahsan63

Page 64: Hacking and Anti Hacking

Don't ignore operating system updates

Don't wait to be alerted via mainstream media of problems that have been discovered

It's wise to visit the software vendors' site and keep abreast of any critical security updates. In the case of Microsoft, you'll need to go to the Windows Update site.

S.K.Ahsan64

Page 65: Hacking and Anti Hacking

Anti-virus software Anti-virus software used *properly*. Ensure that it's regularly updated. Even missing one update could bring

down your computer . remember to password protect the

settings on the software so no-one else can alter protection levels. 

S.K.Ahsan65

Page 66: Hacking and Anti Hacking

ANTI-VIRUS

S.K.Ahsan66

Page 67: Hacking and Anti Hacking

Activate the firewall in Windows XP Anti-virus software isn't enough,it's also a

good idea to install firewall software which will help prevent unauthorized incoming and outgoing communications from your computer while connected to the Internet.

Port scanning is *very* common and is carried out with a view to finding weaknesses in your system that can then be exploited. 

S.K.Ahsan67

Page 68: Hacking and Anti Hacking

Firewall

S.K.Ahsan68

Page 69: Hacking and Anti Hacking

Email software preview windows

3rd party solutions for filtering email of spam and viruses as their inboxes become inundated with junk.

Email filtering can be very effective in dramatically reducing security risks before the mail even has a chance to be collected by your email software.

S.K.Ahsan69

Page 70: Hacking and Anti Hacking

Logging out

Ensure that you log out of online services properly. Failure to do so can allow others who use your computer to gain access to those services.

S.K.Ahsan70

Page 71: Hacking and Anti Hacking

Audit your computer regularly

If your computer is used by others, carry out regular audits of the software on it.

It's safest to make it a policy not to allow any software to be installed without your permission.

Spybot again is a very effective tool for detecting and removing software that may be a security risk.

S.K.Ahsan71

Page 72: Hacking and Anti Hacking

Regularly remove spyware

If you and your familiar do a lot of surfing and downloading of shareware software, then it's likely you'll also accumulate your fair share of spyware.  

Some software companies use spyware that is incorporated into their software products to gather data about customers, which is often sold to other companies.

S.K.Ahsan72

Page 73: Hacking and Anti Hacking

Anti-Spyware

S.K.Ahsan73

Page 74: Hacking and Anti Hacking

Password issues If you must store usernames and passwords

on your system, ensure they are contained in a document that is password protected.

Don't let Windows "remember" passwords for you. Passwords should always be more than 8 characters long and contain a mixture of numbers and letters. Learn more about password security issues.

S.K.Ahsan74

Page 75: Hacking and Anti Hacking

Increasing Security Against a Brute Force Attack

Increasing the length of the PIN Allowing the PIN to contain characters other

than numbers, such as * or # Imposing a 30 second delay between failed

authentication attempts Locking the account after 5 failed

authentication attemptsS.K.Ahsan75

Page 76: Hacking and Anti Hacking

DEMO OF

HACKING

S.K.Ahsan76

Page 77: Hacking and Anti Hacking

SUNAWAR KHAN AHSANS.K.Ahsan

77

Page 78: Hacking and Anti Hacking

SUNAWAR KHAN AHSANS.K.Ahsan

How To Own A Shadow!The Chase For Knuth

Gooooooood By

78