basic knowhow hacking

Slide By : Linux AcademySlide By : Linux Academy

Work Shop Work Shop onon

HackingHacking

Slide By : Linux Academy

Understand The differenceUnderstand The difference

Hacking Hacking

&&

CrackingCracking


Understand The differenceUnderstand The difference

hackers build things, hackers build things,

crackers break themcrackers break them


Literal DefinitionsLiteral Definitions

Cracker : some one who destructs Cracker : some one who destructs things.things.

Hacker : Someone who uses hacks.Hacker : Someone who uses hacks.

Hacks : A different approach with some Hacks : A different approach with some significant advantage over the current significant advantage over the current approach.approach.


Some more definitionsSome more definitions

Phreakers : phone System ManipulatorsPhreakers : phone System Manipulators

Script kiddies : those who are slaves of Script kiddies : those who are slaves of tools for each and every work they do, tools for each and every work they do, but think of themselves as true but think of themselves as true hackers.hackers.


Reasons behind crackingReasons behind cracking

► Just for funJust for fun►Show offShow off►crack other systems secretlycrack other systems secretly►Notify many people their thoughtNotify many people their thought►Steal important informationSteal important information►Destroy enemy’s computer network Destroy enemy’s computer network

during the warduring the war


By : Linux Academy

SecuritySecurity

With Hacking and cracking comes the With Hacking and cracking comes the concept of Security.concept of Security.

So what do you think is the :So what do you think is the :

““MOST SECURED SYSTEM”MOST SECURED SYSTEM”


By : Linux Academy

““Most Secured System”Most Secured System”

►A system with power cable A system with power cable removed and sealed inside a removed and sealed inside a many inch thick wall is also many inch thick wall is also not a complete secure systemnot a complete secure system

►This whole concept of secured This whole concept of secured system in itself is a flawed system in itself is a flawed concept.concept.


By : Linux Academy

Common Causes of cracking Common Causes of cracking attemptsattempts

►IgnoranceIgnorance►IgnoranceIgnorance►IgnoranceIgnorance►IgnoranceIgnorance►IgnoranceIgnorance►IgnoranceIgnorance


By : Linux Academy

Social enginneringSocial enginnering

PretextingPretexting PhishingPhishing Dumpster divingDumpster diving


PretextingPretexting

Pretexting is the act of creating and using an Pretexting is the act of creating and using an invented scenario to persuade a target to invented scenario to persuade a target to release release information (e.g. date of birth, Social Security information (e.g. date of birth, Social Security Number, last bill amt.) Number, last bill amt.)

In Pretexting an individual lies about his identity or In Pretexting an individual lies about his identity or purpose to obtain privileged data about another purpose to obtain privileged data about another individual. A pretexter may then use this data to individual. A pretexter may then use this data to engage in engage in identity theftidentity theft or or corporate espionagecorporate espionage..

Pretexting may be employed by telephone or email, Pretexting may be employed by telephone or email,

through customer service instant through customer service instant messagingmessaging or a or a company company Web siteWeb site. .


PhishingPhishing

Phishing is an Phishing is an e-mail fraude-mail fraud method in which the method in which the perpetrator sends out email in an attempt to perpetrator sends out email in an attempt to gather gather personal and financial information from personal and financial information from recipients. Typically, the messages appear to recipients. Typically, the messages appear to come from well known and trustworthy Web sites.come from well known and trustworthy Web sites.

Phishers attempt to Phishers attempt to fraudulentlyfraudulently acquire sensitive acquire sensitive information, such as usernames, information, such as usernames, passwordspasswords and and credit cardcredit card details details

ebayebay and and paypalpaypal are two of the most targeted are two of the most targeted companies, and companies, and online banksonline banks are also common are also common targets targets


Dumpster divingDumpster diving

Dumpster diving, also known as Dumpster diving, also known as trashingtrashing, is another , is another popular method of social engineering. A huge popular method of social engineering. A huge amount of information can be collected through amount of information can be collected through company dumpsters. company dumpsters.

Potential security Potential security leaksleaks items are commonly items are commonly

“company phone books, organizational charts, “company phone books, organizational charts, memos, company policy manuals, calendars of memos, company policy manuals, calendars of meetings, events and vacations, system manuals, meetings, events and vacations, system manuals, printouts of sensitive data or login names and printouts of sensitive data or login names and passwords, printouts of source code, disks and passwords, printouts of source code, disks and tapes, company letterhead and memo forms, and tapes, company letterhead and memo forms, and outdated hardware.” outdated hardware.”


Targets of social enginneringTargets of social enginnering

►Unaware of info value — receptionistUnaware of info value — receptionist

►Special privileges — helpdesk tech Special privileges — helpdesk tech supportsupport

►Manufacturer/vendor — vendorsManufacturer/vendor — vendors

►Specific departments — accounting, Specific departments — accounting, HRHR


PortPort

A A Port is a virtual data connection that can be used Port is a virtual data connection that can be used by programs to exchange data directly, instead of by programs to exchange data directly, instead of going through a file or other temporary storage going through a file or other temporary storage location. The most common of these are location. The most common of these are TCPTCP and and UDPUDP ports which are used to exchange data ports which are used to exchange data between computers on the Internetbetween computers on the Internet..

A A 'port''port' is a is a point of contactpoint of contact between a process and between a process and

a connection.a connection.


Types Of AttackTypes Of Attack


DOSDOS(Denial of Service)(Denial of Service)

In In computer securitycomputer security, a denial-of-service attack (DoS attack) , a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web servers, and the attack attempts to make the hosted web pages unavailable on the pages unavailable on the Internet. Internet. AnAn attacker may be able to attacker may be able to prevent you from accessing email, web sites, online accounts prevent you from accessing email, web sites, online accounts (banking, etc.) or other services that rely on the affected (banking, etc.) or other services that rely on the affected computer. computer.

DoS DoS attacksattacks have two general forms: have two general forms:► Force the victim computer(s) to reset or consume its Force the victim computer(s) to reset or consume its

resources such that it can no longer provide its intended resources such that it can no longer provide its intended service. service.

► Obstruct the communication media between the intended Obstruct the communication media between the intended users and the victim so that they can no longer communicate users and the victim so that they can no longer communicate adequately. adequately.


PoDPoD(Ping of Death)(Ping of Death)

A ping of death ("POD") is a type of attack on a A ping of death ("POD") is a type of attack on a computer that involves sending a malformed or computer that involves sending a malformed or otherwise malicious otherwise malicious pingping to a computer. A ping is to a computer. A ping is normally normally 64 bytes64 bytes in size; many computer in size; many computer systems cannot handle a ping larger than the systems cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes. maximum IP packet size, which is 65,535 bytes. Sending a ping of this size often crashes the Sending a ping of this size often crashes the target computer.target computer.


DDoSDDoS (Distributed denial-of-service) (Distributed denial-of-service)

In a distributed denial-of-service (DDoS) attack, In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack an attacker may use your computer to attack another computer. By taking advantage of security another computer. By taking advantage of security vulnerabilities vulnerabilities or or weaknessesweaknesses, an attacker could , an attacker could take take controlcontrol of your computer. Attacker could of your computer. Attacker could force your computer to send huge amounts of data force your computer to send huge amounts of data to a web site or send spam to particular email to a web site or send spam to particular email addresses. The attack is "distributed" because the addresses. The attack is "distributed" because the attacker is using multiple computers, to launch the attacker is using multiple computers, to launch the denial-of-service attack.denial-of-service attack.


SYN floodSYN flood

In which an In which an attackerattacker sends a succession of sends a succession of SYN SYN ((synchronizesynchronize) requests to a target's system.) requests to a target's system.

When a client attempts to start a When a client attempts to start a TCPTCP connection to a connection to a server, the server, the clientclient and and serverserver exchange a series of exchange a series of messages.messages.

UDP UDP

(User Datagram Protocol) is a stateless and connectionless (User Datagram Protocol) is a stateless and connectionless protocolprotocol that runs on top of that runs on top of IPIP networks. networks.

UDP flood attack can be initiated by sending a large UDP flood attack can be initiated by sending a large number of UDP number of UDP packets packets to random to random ports ports on the victim on the victim system. As a result it will determine what application is system. As a result it will determine what application is waiting on the destination port, waiting on the destination port,

it will generate an it will generate an ICMP packetICMP packet of destination unreachable of destination unreachable to the source address. Large number of such to the source address. Large number of such UDP packetsUDP packets will result in degraded service or a complete shutdown.will result in degraded service or a complete shutdown.


ICMP floods/SmurfICMP floods/Smurf An assault on a network Attacks that floods it with An assault on a network Attacks that floods it with

excessive messages in order to impede normal traffic. It is excessive messages in order to impede normal traffic. It is accomplished by sending accomplished by sending ping ping requests (ICMP echo requests (ICMP echo requests) to a broadcast address on the target network or requests) to a broadcast address on the target network or an intermediate network. an intermediate network.

Teardrop AttackTeardrop Attack It involves sending It involves sending IPIP fragments with fragments with

overlapping oversized payloads to the target machine. A overlapping oversized payloads to the target machine. A bug in the bug in the TCP/IPTCP/IP fragmentation re-assembly code caused fragmentation re-assembly code caused the fragments to be improperly handled, crashing the the fragments to be improperly handled, crashing the operating system as a result of this operating system as a result of this


Sql InjectionSql Injection

Now a days Now a days this this

attack method is attack method is

HOTHOT


ReasonReason

► increase in the use of database.increase in the use of database.

►A lot more increase in ignorant and A lot more increase in ignorant and novice programmers.novice programmers.


How to secure your selfHow to secure your self

Primary work to beef up your security.Primary work to beef up your security.

►A good antivirus (AVG free / NOD32 A good antivirus (AVG free / NOD32 trial)trial)

►A good firewall (Sygate personal)A good firewall (Sygate personal)►A good spy ware / Trojan buster.A good spy ware / Trojan buster.►Use of genuine software.Use of genuine software.►Avoid ignoring even the simplest of Avoid ignoring even the simplest of

thingsthings


OR,OR,

Start usingStart usingLINUXLINUX


How open Source model How open Source model HELPHELP

With open source software comes the With open source software comes the concept of publicly viewable codesconcept of publicly viewable codes

Which on one hand increases the Which on one hand increases the chance of cracking attempt also on the chance of cracking attempt also on the other hand increases the chance of other hand increases the chance of hacking.hacking.


Google hackingGoogle hacking

►Google is the best tools now a days to Google is the best tools now a days to access a site.access a site.

►This game of using google to hack This game of using google to hack around is called around is called

GOOGLE - HACKINGGOOGLE - HACKING


Google hacking : EXAMPLEGoogle hacking : EXAMPLE

►Sony camera’s onlineSony camera’s online►http://www.google.com/search?num=1http://www.google.com/search?num=1

00&hl=en&lr=&ie=UTF-8&safe=off&q00&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Asnc-rz30+inurl%3Ahome%=intitle%3Asnc-rz30+inurl%3Ahome%2F+&btnG=Search2F+&btnG=Search


How to become a hackerHow to become a hacker

►The best approach is to gain as much The best approach is to gain as much knowledge about stuff as you can.knowledge about stuff as you can.

►good command over C / C++ / Perl will good command over C / C++ / Perl will definetely help.definetely help.

►But above all you need a good logical But above all you need a good logical brain.brain.


Some reference’s for youSome reference’s for you

►Hackthissite.orgHackthissite.org►Hellboundhackers.orgHellboundhackers.org►Hackquest.deHackquest.de►Hackits.deHackits.de►http://johnny.ihackstuff.comhttp://johnny.ihackstuff.com


Question’sQuestion’s

Linux Academy

+91 755 4270644

27, Noble Plaza, zone-IIMP Nagar, Bhopal

http://www.academylinux.com

basic knowhow hacking

Technology