ethical hacking
DESCRIPTION
TRANSCRIPT
![Page 1: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/1.jpg)
Ethical Hacking
ROULY BECHAR
Institut Henri FayolÉcole Nationale Supérieure des Mines de St-Étienne
![Page 2: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/2.jpg)
Ethical Hacking
• Independent computer security Professionals breaking into the computer systems.
• Neither damage the target systems nor steal information
• Evaluate target systems security and report back to owners about the vulnerabilities found.
![Page 3: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/3.jpg)
Ethical Hacking
• Completely trustworthy.• Strong programming and computer
networking skills.• Learn about the system and trying to
find its weaknesses.• Techniques of Criminal hackers-
Detection-Prevention.• Published research papers or released
security software.
![Page 4: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/4.jpg)
Five stages to hacking
1. Reconnaissance2. Scanning3. Gaining access4. Maintaining access5. Covering tracks
![Page 5: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/5.jpg)
Reconnaissance
During this phase, a pentester uses a number of publicly available resources to learn more about his target. This information can be retrieved from Internet sources such as forums, bulletin boards, newsgroups, articles, blogs, social networks, andother commercial or non-commercial websites. Additionally, the data can also be gathered through various search engines such as Google, Yahoo!, MSN Bing and others.
![Page 6: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/6.jpg)
Reconnaissance
Two types of reconnaissance :Passive:
Google searchBrows company web pageSocial Network (facebook, twitter,…)……
Active:Network scan ( nmap)Vulnerability scan Social engineering……
![Page 7: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/7.jpg)
Reconnaissance
The purpose of reconnaissance is to specify the target techniques to perform the suitable attacks:• Where the webservers are.• Avoid Broad-scan• Identify vulnerabilities• Wi-fi• Network equipment• Patch level• Default configuration + passwords
![Page 8: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/8.jpg)
ReconnaissanceDefault configuration + passwords:
![Page 9: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/9.jpg)
Passive Reconnaissance Resources
Netcraft: ( Performed on Ecole des mines )
![Page 10: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/10.jpg)
Passive Reconnaissance Resources
Google hacking
(username=* | username:* |) | ( ((password=* | password:*) | (passwd=* | passwd:*) | (credentials=* | credentials:*)) | ((hash=* | hash:*) | (md5:* | md5=*)) | (inurl:auth | inurl:passwd | inurl:pass) ) filetype:log
![Page 11: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/11.jpg)
Passive Reconnaissance ResourcesGoogle hacking
![Page 12: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/12.jpg)
Scanning
This phase mainly deals with identifying the target's network status, operating system, and its relative network architecture. This provides a complete image of the current technologies or devices interconnected and may help further in enumerating various services running over the network.
![Page 13: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/13.jpg)
Scanning
Nmap:Nmap can be used to check, for example, vulnerabilities in network services, and enumerate resources on the target system,scan open ports…It can perform wither a noisy or quiet scanExample of quiet scan:
nmap -Pn –p –sT ip_address
![Page 14: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/14.jpg)
Gaining accessMetasploit
• Exploits• Payloads
![Page 15: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/15.jpg)
Privilege escalation
After exploiting the vulnerabilities and gaining access to the target machine, you can use tools in this category to escalate your privilege to the highest privilege.
![Page 16: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/16.jpg)
Privilege escalation
• Attacking the password used by the privilege accounts• Sniffing the network to get the privilege accounts username and password• Spoofing the network packet of the privilege accounts to run a particular system command
![Page 17: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/17.jpg)
Attacking the password• Offline attack: In this method, the attacker gets the
password file from the target machine and transfers it to his machine. Then he uses the password cracking tool to crack the password. The advantage of this method is that
the attacker doesn't need to worry about a password blocking mechanism available in the target machine,
because he uses his own machine to crack the password .• Online attack: In this method, the attacker guesses the password for a username. This may trigger a system to
block the attacker after several failed password guesses.
![Page 18: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/18.jpg)
Attacking the passwordtools
• Offline attack: Rainbowcrack Samdump John Ophcrack Crunch Wyd …..
• Online attack: BruteSSH Hydra…
![Page 19: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/19.jpg)
Sniffing the networkNetwork sniffer is a software program or hardware device which is capable of monitoring network data. It is usually used to examine network traffic by copying the data without altering the contents. With network sniffer you can see what information is available in your network.
![Page 20: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/20.jpg)
Sniffing the networktools
Hamster Tcpdump Tcpick Wireshark …
![Page 21: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/21.jpg)
Spoofing the network
Network spoofing is a process to modify network data, such as MAC address, IP address, and so on. The goal of this process is to be able to get the data from two communicating parties.
![Page 22: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/22.jpg)
Spoofing the networktools
Arpspoofing Ethercap ….
![Page 23: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/23.jpg)
Spoofing the network
Demo
![Page 24: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/24.jpg)
Maintaining access
The main purpose of these tools is to help us maintain access, bypass the filters deployed on the target machine, or allow us to create a covert connection between our machine and the target. By maintaining this access, we don't need to do the whole penetration testing process again if we want to get back to the target machine at anytime.
![Page 25: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/25.jpg)
Maintaining access(Tunneling)
Tunneling can be defined as a method to encapsulate a protocol inside another protocol. In our case, we use tunneling to bypass the protection provided by thetarget system. Most of the time, the target system will have a firewall that blocks connections to the outside world, except for a few common network protocols suchas HTTP and HTTPS. For this situation, we can use tunneling to wrap our packets inside the HTTP protocol. The firewall will allow these packets to go to the outsideworld.
![Page 26: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/26.jpg)
Maintaining access(Tunneling)
DNS2tcp:DNS2tcp is a tunneling tool to encapsulate TCP traffic in DNS traffic. When it receives connection in a specific port, all of the TCP traffic is sent to the remote dns2tcpd server in DNS traffic and forwarded to a specific host and port.
![Page 27: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/27.jpg)
Maintaining access(Tunneling)
Ptunnel:Ptunnel is a tool that can be used to tunnel TCP connections over ICMP echo request(ping request) and reply (ping reply) packets
![Page 28: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/28.jpg)
Maintaining access(Tunneling)
Stunnel4:Stunnel4 is a tool to encrypt any TCP protocols inside the SSL packets betweenlocal and remote servers.
![Page 29: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/29.jpg)
Practical Example
DNS PoisoningDemo
![Page 30: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/30.jpg)
If you have any questions …..
![Page 31: Ethical hacking](https://reader033.vdocuments.mx/reader033/viewer/2022042515/548284b3b4af9f3a2a8b46b6/html5/thumbnails/31.jpg)