Internet hacking
1 / 45

Internet Hacking - PowerPoint PPT Presentation

  • Uploaded on

Internet Hacking. Presentation prepared by: Alex Epstein Asif Hussain Genci Seseri. Group 2. Internet Hacking. The Presentation talks about: Hacking History and General Information.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Internet Hacking' - stewart-velazquez

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Internet hacking
Internet Hacking

Presentation prepared by:

Alex Epstein

Asif Hussain

Genci Seseri

Group 2

Internet hacking1
Internet Hacking

The Presentation talks about:

  • Hacking History and General Information.

  • Various techniques that hackers use to crack the networks and websites and measures vital for survival against such attacks.

  • Port Scanning using PortQry.exe

Hacking history
Hacking History

  • 1878 – “practical jokers” at Bell Telephone Co.

  • Early 1960s – MIT geeks created “hacks”, programming shortcuts to speed up tasks

  • 1969 – best hack. 2 Bell Labs employees created UNIX, a open machine run rules set.

  • 1971 – using free whistle as a phone tone

  • 1978 – 1st bulletin board

Hacking history cont
Hacking History (Cont.)

  • 1984 – the great hacking war begins. Legion Of Doom vs. Masters Of Deception. The war especially escalated in 1990-91.

  • 1986 – Federal Computer Fraud And Abuse Act is passed. Numerous arrests follow.

  • 2000 – “denial of service” attacks.

Selected lingo
Selected Lingo

  • Cracker: a malicious system security breaker.

  • Hacker: a person enjoying exploring the systems and stretching their capabilities; programmer enthusiast; good fast programmer; expert in a specific field

  • KISS Principle: “Keep It Simple, Stupid”

  • Trojan Horse: a malicious security breaking program disguised as something benign

  • Wetware: humans and our nervous system compared to software and/or hardware

Hacker psych 101
Hacker Psych 101

  • Robin Hood Syndrome – misconstruing consequences of one’s own behavior as beneficial for society

  • Hacker Categories:

    • Old School : hacking = honor. Interested in code, but not with criminal intent; little concern for privacy and property of information. Internet is an open system.

      2. Script Kiddies/ Cyber Punks: common “hackers”. Arrested often, because brag online. D/load code and hack it out of boredom. Avg.: white male 12-30 years old with high school education.

Hacker psych 101 cont
Hacker Psych 101(Cont.)

  • Hacker Categories (cont.):

    3. Professional criminals/Crackers: make living by breaking into system. May be hired for espionage or linked to criminal groups. Crack because of inferiority. Cracking a site gives them power. Refuge in computers to avoid real world relations.

    4. Coders and Virus Writers: the least studied; see themselves as “elite”. Own test networks (“Zoos”). Vast, programming skills, but, not use code. Let others introduce it into the Internet (“The Wild”).

Hacker attitude
Hacker Attitude

  • The world is full of fascinating unsolved problems

  • No problem should have to be solved twice

  • Boredom and drudgery are evil

  • Freedom is good

  • Attitude is no substitute for competence

Hacking skills
Hacking Skills

  • Programming skills

  • Running open source UNIX code

  • Using WWW and writing HTML

  • Functional English skills

Hackers respect
Hackers’ Respect

  • To be respected by hackers you can…:

    • Write open source software

    • Help test and/or debug open source software

    • Publish useful information

    • Maintain the working infrastructure

    • Serve the hacker culture

    • Do off-computer work:

      • Learn to write in native language

      • Read science fiction

      • Study Zen and/or take on martial arts

      • Analyze music

      • Appreciate puns and wordplay

Hackers disrespect
Hackers’ Disrespect

  • As a hacker, you should not:

    • Use silly grandiose user ID or screen name

    • Get in flame wars on Usenet or anywhere else

    • Call yourself cyberpunk or waste your time on such people

    • Write e-mails or other posting full of misspellings or bad grammar

Hackers hall of fame
Hackers Hall Of Fame

  • Richard Stallman: A hacker of the old school, he got a job at MIT's Artificial Intelligence Lab off the street in 1971

  • Dennis Ritchie and Ken Thompson:The founders of Bell Labs‘ legendary CS operating group, which created UNIX.

  • John Draper: Figured out the whistle tone “trick”

  • Kevin Mitnick: The first hacker to have his face immortalized on an FBI "Most Wanted" poster

  • Vladimir Levin: Allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million.

  • Linus Torvalds:Was a CS student at University of Helsinki when he wrote Linux in 1991

Cracker exploits and battle plans

This part of the Presentation talks about:

  • Various techniques that hackers use to crack the networks and websites.

  • Measures vital for survival against such attacks.

Ip spoofing
IP Spoofing

  • IP spoofing is when an attacker captures the routing packets to redirect a file or transmission to a different destination.

  • The technique is also effective in disguising an attacker's identity.

  • Protocols that deal with inter-computer communication are most susceptible to spoofing,e.g., ICMP, IGMP and UDP.

  • Solution is securing transmission packets and establishing screening policies, point to point encryption, configuring network to reject packets that claim to originate from a local address.

Ftp attacks
FTP Attacks

  • One of the most common FTP attacks is a buffer overflow caused by a malformed command.

  • A successful attack could either drop the attacker in a command shell or cause a denial of service.

  • Failure to apply the frequently released system upgrades and patches is the most common cause of FTP vulnerabilities.

  • FTP exploits are also useful in password guessing , FTP bounce attacks, and mining information (such as the machine's registry).

Unix finger exploits
Unix Finger Exploits

  • The Unix OS finger utility was used as an efficient way to share user information in the early days of the Internet.

  • To an attacker, the Finger utility can yield valuable information, including user names, logons and contact information.

  • It also provides a pretty good indication of users' activities like how many times they are logged on.

  • The personal information it reveals can provide an attacker with enough of a framework to trick legitimate users into revealing passwords and access codes.

Flooding and broadcasting
Flooding and Broadcasting

  • An attacker can significantly reduce the processing capacity of a network by sending more information requests than it can handle-a classic denial of service.

  • Sending a large amount of requests to a single port is Flooding. When the requests are sent to all network stations, it's called broadcasting.

  • Attackers will often use flood attacks to gain access to a system for use against other networks in distributed denial-of-service (DDoS) campaigns.

  • DDoS attacks are harder to stop because they come from multiple IP addresses simultaneously. The only solution is to trace the packets back to their source and shutdown the transmitting networks.

Fragmented packet attacks
Fragmented Packet Attacks

  • Internet messages transmitted via TCP/IP can be divided into packets in such a way that only the first packet contains the TCP segment header information.

  • Some firewalls will allow the processing of subsequent packets that do not contain the same source address information as the first packet, which can cause any type of system to crash.

  • Fragmented packets can also create a flood-like situation because they are stored in the Kernel. The server will crash if the kernel memory absorbs too many fragmented packets.

  • Solution : Firewall Filters

Email exploits
Email Exploits

  • E-mail exploits come in five forms: mail floods, command manipulations, transport-level attacks, malicious code insertion and social engineering.

  • Mail-flood attacks occur when so much mail is sent to a target that communication programs destabilize and crash the system.

  • Command-manipulation attacks can cause a system to crash by subverting the mail transfer agent with a buffer overflow caused by entering a malformed command.

Email exploits contd
Email Exploits (Contd…)

  • Transport-level attacks exploit the SMTP. An attacker can cause a temporary error condition in the target system by overloading an SMTP buffer with more data than it can handle.

  • Malicious content is often propagated through e-mail systems. Some viruses and worms will be carried into a system appearing as a legitimate attachment

  • Social engineering e-mails are an attacker's attempt to trick a legitimate user into revealing sensitive information or executing a task.E.g., posing as a network administrator to get your password for system upgrades.

Password attacks
Password Attacks

  • The most common password attacks are guessing, brute force, cracking and sniffing.

  • Password guessing involves entering common passwords either manually or through programmed scripts.

  • Brute-force logon attacks follow the same basic logic as password guessing, but are faster and more powerful.

  • Password cracking is a method for defeating the protection of encrypted passwords stored in a system's admin files.

  • Because an attacker needs a significant level of access to launch this kind of attack, the best defense is restricting and monitoring access privileges.

Selective program insertions
Selective Program Insertions

  • A selective program insertion is when an attacker places a destructive program—a virus, worm or Trojan horse--on a target system.

  • Some network administrators are augmenting their malware defenses with alternative technologies such as behavior blockers, which stop suspicious code based on behavior patterns, not signatures.

  • A time bomb, sometimes called a logic bomb, is an inserted program that executes its malicious payload on a predetermined time or date.

Port scanning and polling
Port Scanning and Polling

  • Through port scanning and polling, an attacker can observe the functions and defenses of various system ports.

  • For example, scanning could be used to determine whether default SNMP community strings are open to the public, meaning information can be extracted for use in a remote command attack.

Tcp ip sequence stealing packet interception
TCP/IP Sequence Stealing & Packet Interception

  • TCP/IP sequence stealing is the capturing of sequence numbers, which can be used to make an attacker's packets appear legitimate.

  • A successful TCP/IP attack could allow an attacker to intercept transactions between two organizations, providing an opportunity for a man-in-the-middle attack.

  • In some versions of Secured Shell Service Daemon (SSHD), only the public key is used for authentication. If an attacker learns the public key, he could create and insert forged packets.

Observations and suggestions
Observations and Suggestions

Various firms

  • Install firewall, but never upgrade them.

  • Do massive Website improvements without making parallel security improvements.

  • The best way to safeguard a website from attack is to approach security as the ongoing challenge rather than a one time effort.

Port scanning using portqry
Port Scanning Using PortQry

  • What is port scanning?

  • Using PortQry (the Portqry.exe command-line utility)

What is port scanning
What Is Port Scanning?

  • Network applications use TCP/UDP ports

  • Clients connect to applications using ports

  • Port scanning is the process of checking whether a port is open

Tcp and udp in tcp ip protocol architecture
TCP and UDP in TCP/IP protocol architecture

Port numbers
Port Numbers

  • The Well Known Ports are those from 0 through 1023.

  • The Registered Ports are those from 1024 through 49151.

  • The Dynamic and/or Private Ports are those from 49152 through 65535.

Well know tcp udp ports

UDP Port Number


TCP Port Number


Domain Name System (DNS) Name Queries



FTP (Data Channel)


Trivial File Transfer Protocol (TFTP)


FTP (Control Channel)


NetBIOS name service




NetBIOS datagram service


HyperText Transfer Protocol (HTTP) used for the World Wide Web


Simple Network Management Protocol (SNMP)


NetBIOS session service

Well-know TCP / UDP ports

Port scanning for tcp
Port Scanning for TCP

  • TCP ports use "three-way handshake"

  • Successful handshake means port is listening

  • TCP Reset packet means port is not listening

  • No response means port is filtered

Port scanning for udp
Port Scanning for UDP

  • UDP ports do not use "three-way handshake"

  • Send UDP packet to port and wait for response

  • Most applications will not respond to zero-length packets

  • Formatted packet is necessary to get a response

  • Most port scanners do not scan UDP ports

What is port scanning used for
What Is Port Scanning used for?

Use port scanning to:

  • Test connectivity

  • Test security

Using portqry
Using PortQry

  • PortQry is designed as an application layer port scanner

  • It checks whether TCP and UDP ports are open, closed, or filtered

  • It determines if UDP ports are open using packets formatted for well known services

Portqry is available for download on the Microsoft Web site at:


Portqry supports
PortQry Supports:

  • LDAP

  • RPC

  • DNS

  • SMTP

  • POP3

  • IMAP4

  • FTP

  • NetBIOS Name Service

Status of a tcp ip port
Status of a TCP/IP port

  • Listening

    • A process is listening on the port on the computer you choose. Portqry.exe received a response from the port.

  • Not Listening

    • No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) "Destination Unreachable - Port Unreachable" message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the Reset flag set.

  • Filtered

    • The port on the computer you chose is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times and UDP ports are queried once before a report indicates that the port is filtered.

Portqry usage
PortQry Usage

portqry -n server [-p protocol] [-e || -r || -o endpoint(s)] [-l logfile] [-s] [-q]


-n [server] IP address or name of server to query

-p [protocol] TCP or UDP or BOTH (default is TCP)

-e [endpoint] single port to query (valid range: 1-65535)

-r [end point range] range of ports to query (start:end)

-o [end point order] range of ports to query in an order (x,y,z)

-l [logfile] name of log file to create

-s 'slow link delay' waits longer for UDP replies from remote systems

-q 'quiet' operation runs with no output

returns 0 if port is listening

returns 1 if port is not listening

returns 2 if port is listening or filtered

Portqry n myserver p udp e 389
portqry -n myserver -p UDP -e 389

Returns LDAP base query information

UDP port 389 (unknown service): LISTENING or FILTERED

Sending LDAP query to UDP port 389...

LDAP query response:

currentdate: 09/03/2001 05:42:40 (unadjusted GMT)

subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com

dsServiceName: CN=NTDS Settings,CN=RED-DC-11,CN=Servers,CN=NA-WA-RED,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com

namingContexts: DC=redmond,DC=eu,DC=reskit,DC=com

defaultNamingContext: DC=redmond,DC=eu,DC=reskit,DC=com

schemaNamingContext: CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com

configurationNamingContext: CN=Configuration,DC=eu,DC=reskit,DC=com

rootDomainNamingContext: DC=eu,DC=reskit,DC=com

supportedControl: 1.2.840.113556.1.4.319

supportedLDAPVersion: 3

supportedLDAPPolicies: MaxPoolThreads

highestCommittedUSN: 4259431

supportedSASLMechanisms: GSSAPI


ldapServiceName:[email protected]

serverName: CN=MYSERVER,CN=Servers,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com

supportedCapabilities: 1.2.840.113556.1.4.800

isSynchronized: TRUE

isGlobalCatalogReady: TRUE

======== End of LDAP query response ========

UDP port 389 is LISTENING

Portqry n myserver p udp e 135
portqry -n myserver -p UDP -e 135

Dumps RPC EndPoint Mapper database

UDP port 135 (epmap service): LISTENING or FILTERED

Querying Endpoint Mapper Database...

Server's response:

UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076


UUID: ecec0d70-a603-11d0-96b1-00a0c91ece30 NTDS Backup Interface


UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface


UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface


UUID: 12345678-1234-abcd-ef00-01234567cffb


UUID: 12345678-1234-abcd-ef00-01234567cffb


Total endpoints found: 6

==== End of RPC Endpoint Mapper query response ====

UDP port 135 is LISTENING

Portqry n myserver p udp e 53
portqry -n myserver -p UDP -e 53

  • Verifies DNS query and response operation

    UDP port 53 (domain service): LISTENING or FILTERED

    Sending DNS query to UDP port 53...

    UDP port 53 (domain service): LISTENING

Portqry n mymailserver p tcp e 25
portqry -n MyMailServer -p TCP -e 25

  • Returns SMTP, POP3, IMAP4 status messages

    TCP port 25 (SMTP service): LISTENING

    Data returned from the port:

    220 Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Sun, 2 Sep 2001 23:24:30 -0700

Portqry n myftpserver p tcp e 21
portqry -n MyFtpServer -p TCP -e 21

  • Returns FTP status message and tests for anonymous account access

    220 MyFtpServer Microsoft FTP Service (Version 5.0).

    331 Anonymous access allowed, send identity (e-mail name) as password.

Portqry n myserver p udp e 137
portqry -n myserver -p UDP -e 137

  • Verifies NetBIOS Name Service functionality and returns MAC address

    UDP port 137 (netbios-ns service): LISTENING or FILTERED

    Attempting NETBIOS adapter status query to UDP port 137...

    Server's response: MAC address 00c04f7946f0


Query behavior configurable using local service file
Query behavior configurable using local service file

  • Located in%systemroot%/system32/drivers/etc/service

  • Resolves service name using this file

  • Decides what type of query to send to port using this file







  • Tim Rains • Technical Lead • Networking Team

  • Q310099, "Description of the Portqry.exe Command-Line Utility"