hack the hack
Post on 12-Apr-2017
Embed Size (px)
Team Presentation By:
What is Hacking?Hacking
Just like burglars break into houses, hackers break into computers. Do you ever wonder how hackers get inside your computer? How can you stop them?
Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.
Types of hackersProfessional hackersBlack Hats the Bad GuysWhite Hats Professional Security ExpertsScript kiddiesMostly kids/studentsUser tools created by black hats,To get free stuffImpress their peersNot get caughtUnderemployed Adult Hackers Former Script KiddiesCant get employment in the fieldWant recognition in hacker communityBig in eastern european countriesIdeological Hackershack as a mechanism to promote some political or ideological purposeUsually coincide with political events
Hacker TermsHacking - showing computer expertiseCracking - breaching security on software or systemsPhreaking - cracking telecom networksSpoofing - faking the originating IP address in a datagramDenial of Service (DoS) - flooding a host with sufficient network traffic so that it cant respond anymorePort Scanning - searching for vulnerabilities
Basic Hacking SkillsLearn how to program.
This, of course, is the fundamental hacking skill. If you don't know any computer languages, you cant do hacking.
Get one of the open-source Unix's and learn to use and run it
The single most important step any newbie can take towards acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixs, install it on a personal machine, and run it.
Learn how to use the World Wide Web and write HTML.
To be worthwhile, your page must have content -- it must be interesting and/or useful to other hackers.
General Hacking MethodsA typical attacker works in the following manner:
Identify the target system.
Gathering Information on the target system.
Finding a possible loophole in the target system.
Exploiting this loophole using exploit code.
Removing all traces from the log files and escaping without a trace.
IP AddressesEvery system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network.
An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 220.127.116.11
All data sent or received by a system will be addressed from or to the system.
An attackers first step is to find out the IP Address of the target system.
IP Addresses: Finding out an IP AddressA remote IP Address can easily be found out by any of the following methods:
Through Instant Messaging Software
Through Internet Relay Chat
Through Your website
Through Email Headers
Finding an IP Address via Instant MessengersCase: If you are chatting on messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friends system:
Your System------Chat Server---- Friends System
Friends System---------Chat Server------- Your System
Thus in this case, you first have to establish a direct connection with your friends computer by either sending him a file or by using the call feature. Then, goto MSDOS or the command line and type:
This command will give you the IP Address of your friends computer.
Finding an IP Address via Email HeadersHotmail.com along with numerous other Email Service Providers, add the IP Address of the sender to each outgoing email.
A Typical excerpt of such a Header of an email sent from a Hotmail account is:
Return-Path: Received: from hotmail.com by sbcglobal.net (8.9.1/18.104.22.168/13Oct08-0620AM)id TAA0000032714; Sun, 12 OCT 2008 19:02:21 +0530 (CST)Message-ID: Received: from 22.214.171.124 by www.hotmail.com with HTTP;Sun, Sun, 12 OCT 2008 05:30:14 PSTX-Originating-IP: [202.xx.109.174]
IP Addresses: Dangers & ConcernsDangers & Concerns
DOS AttacksDisconnect from the InternetTrojans ExploitationGeographical InformationFile Sharing Exploits
Various Types of Attacks There are an endless number of attacks, which a system administrator has to protect his system from. However, the most common ones are:
Denial of Services attacks (DOS Attacks)Threat from Sniffing and Key LoggingTrojan AttacksIP SpoofingBuffer OverflowsAll other types of Attacks
THREAT TO INDIADays after the international hacker group Anonymous brought down Reliance's internet services, the Computer Emergency Response Team India (CERT-In) has warned that websites of reputed government and private organisations are under threat
"It is observed that some hacker groups are launching Distributed Denial of Service (DDoS) attacks on websites of government and private organisations in India.In a recent written reply in the Lok Sabha, Minister of State for Communications and IT Sachin Pilot said 112 government websites, including that of Bharat Sanchar Nigam Ltd (BSNL), were hacked in just three months
"These attacks are being launched through popular DDoS tools and can consume bandwidth requiring appropriate proactive actions in coordination with service providers,"
Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system.
In other words, a DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users.
There are numerous types of Denial of Services Attacks or DOS Attacks.
DOS Attacks: Ping of Death AttackThe maximum packet size allowed to be transmitted by TCP\IP on a network is 65 536 bytes.
In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCP\IP, is sent to the target system.
As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs.
This attack can easily be executed by the ping command as follows:
ping -l 65540 hostname
Threats from Sniffers and Key LoggersSniffers: capture all data packets being sent across the network in the raw form.
Commonly Used for:
Traffic MonitoringNetwork Trouble shootingGathering Information on Attacker.For stealing company Secrets and sensitive data.
Commonly Available Sniffers
tcpdump Ethereal Dsniff
Overview of Internet Security
A Typical HackFirewallFirewallLevel IV Data
UIC Education Center
Attacking other users: XSSReflected XSSUser-input is reflected to web pageCommon vulnerability is reflection of input for an error messageExploitation:
Attacking other users: XSSStored XSS Vulnerability
VulnerabilityWhat is a vulnerability?
Todays computer software is very complex, comprised of thousands of lines of code. Since software is written by humans, its hardly surprising that they contain programming mistakes, known as vulnerabilities. These loopholes are used by hackers to break into systems; they are also used by authors of malicious code to launch their programs automatically on your computer.
Ethical HackingIndependent computer security Professionals breaking into the computer systems. Neither damage the target systems nor steal information. Evaluate target systems security and report back to owners about the vulnerabilities found.
Ethical Hackers but not Criminal HackersCompletely trustworthy.Strong programming and computer networking skills.Learn about the system and trying to find its weaknesses.Techniques of Criminal hackers-Detection-Prevention.Published research papers or released security software.No Ex-hackers.
Being PreparedWhat can an intruder see on the target systems? What can an intruder do with that information? Does anyone at the target notice the intruder's attempts or successes?
What are you trying to protect? Who are you trying to protect against? How much time, effort, and money are you willing to expend to obtain adequate protection?
Hands-On Ethical Hacking and Network Defense*Ethical hackersEmployed by companies to perform penetration testsPenetration testLegal attempt to break into a companys network to find its weakest linkTester only reports findings, does not solve problemsSecurity testMore than an attempt to break in; also includes analyzing companys security policy and procedures Tester offers solutions to secure or protect the network
Hands-On Ethical Hacking and Network Defense*HackersAccess computer system or network without authorizationBreaks the law; can go to prisonCrackersBreak into systems to steal or destroy dataU.S. Department of Justice calls both hackersEthical hackerPerforms most of the same activities but with owners permission
Computer CrimesFinancial FraudCredit Card TheftIdentity TheftComputer specific crimesDenial-of-serviceDenial of access to informationViruses Melissa virus cost New Jersey man 20 months in jailMelissa caused in excess of $80 MillionIntellectual Property OffensesInformation theftTrafficking in pirated informationStoring pirated informationCompromising informationDestroying informationContent related OffensesHate crimesHarrassmentCyber-stalkingChild privacy
Question and Answer
UIC Education Center
UIC Education Center