PRESENTED BY Mathew jose

http://ethicalhacking228.blogspot.in/pls logon to this site to get tips on

ethical hacking re…..

Ethical Hacking - ?

Why – Ethical Hacking ?

Ethical Hacking - Process

Ethical Hacking – Commandments

Reporting

Ethical

Hacking

Conforming to accepted professional standards of conduct

What is Ethical Hacking

Process of breaking into systems for:Personal or Commercial GainsMalicious Intent – Causing sever damage to Information & Assets

Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming

White-hat - Good GuysBlack-hat – Bad guys

What is Ethical HackingIt is LegalPermission is obtained from the targetPart of an overall security programIdentify vulnerabilities visible from Internet at

particular point of timeEthical hackers possesses same skills, mindset

and tools of a hacker but the attacks are done in a non-destructive manner

Why – Ethical HackingJune 01, 2004 to Dec.31, 2004

Domains No of Defacements

.com 922

.gov.in 24

.org 53

.net 39

.biz 12

.co.in 48

.ac.in 13

.info 3

.nic.in 2

.edu 2

other 13

Total 1131

Source: CERT-India

January - 2005

Defacement Statistics for Indian Websites

Why – Ethical Hacking

Source: CERT/CCTotal Number of Incidents Incidents

Why – Ethical Hacking

Source: US - CERT

Why – Ethical Hacking

Viruses, Trojan Horses,

and Worms

SocialEngineering

AutomatedAttacks

Accidental Breaches in

Security Denial ofService (DoS)

OrganizationalAttacks

RestrictedData

Protection from possible External Attacks

Ethical Hacking - Process1. Preparation2. Footprinting3. Enumeration & Fingerprinting4. Identification of Vulnerabilities5. Attack – Exploit the Vulnerabilities

PreparationIdentification of Targets – company websites,

mail servers, extranets, etc.Signing of Contract

Agreement on protection against any legal issuesContracts to clearly specifies the limits and dangers of

the testSpecifics on Denial of Service Tests, Social Engineering,

etc.Time window for AttacksTotal time for the testingPrior Knowledge of the systemsKey people who are made aware of the testing

FootprintingCollecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators

Information SourcesSearch enginesForumsDatabases – whois, ripe, arin, apnicTools – PING, whois, Traceroute, DIG, nslookup, sam spade

Enumeration & FingerprintingSpecific targets determined Identification of Services / open portsOperating System Enumeration

Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN,

etc.

ToolsNmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh,

telnet, SNMP Scanner

Identification of VulnerabilitiesVulnerabilities

Insecure ConfigurationWeak passwordsUnpatched vulnerabilities in services, Operating

systems, applicationsPossible Vulnerabilities in Services, Operating

SystemsInsecure programmingWeak Access Control

Identification of VulnerabilitiesMethodsUnpatched / Possible Vulnerabilities – Tools,

Vulnerability information WebsitesWeak Passwords – Default Passwords, Brute

force, Social Engineering, Listening to TrafficInsecure Programming – SQL Injection, Listening

to TrafficWeak Access Control – Using the Application

Logic, SQL Injection

Identification of VulnerabilitiesToolsVulnerability Scanners - Nessus, ISS, SARA, SAINTListening to Traffic – Ethercap, tcpdumpPassword Crackers – John the ripper, LC4, PwdumpIntercepting Web Traffic – Achilles, Whisker, Legion

Websites Common Vulnerabilities & Exposures – http://cve.mitre.org Bugtraq – www.securityfocus.com Other Vendor Websites

Attack – Exploit the vulnerabilitiesObtain as much information (trophies) from the

Target AssetGaining Normal AccessEscalation of privilegesObtaining access to other connected systems

Last Ditch Effort – Denial of Service

Attack – Exploit the vulnerabilitiesNetwork Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS

Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security

Attack – Exploit the vulnerabilitiesApplication Specific Attacks

Exploiting implementations of HTTP, SMTP protocols

Gaining access to application DatabasesSQL InjectionSpamming

Attack – Exploit the vulnerabilitiesExploits Free exploits from Hacker Websites Customised free exploits Internally Developed

Tools – Nessus, Metasploit Framework,

ReportingMethodologyExploited Conditions & Vulnerabilities that

could not be exploitedProof for Exploits - TrophiesPractical Security solutions

Ethical Hacking - CommandmentsWorking Ethically

TrustworthinessMisuse for personal gain

Respecting PrivacyNot Crashing the Systems

QUESTIONS ???