Hands-On Ethical Hacking. By- Shehab.najjar Shehab.firstname.lastname@example.org. HIGHLIGHTS . What is hacking? E-mail Hacking Desktop phishing Trojans & viruses System Hacking Case study Security Flashback. Ethical Hacking is testing the resources for a good cause and for the
What is hacking?
Trojans & viruses
What is Ethical Hacking??
NOT AT ALL…….
Hacking is NOT a
someone who likes to play with
Software or Electronic Systems.
Hackers enjoy Exploring and
Learning how Computer systems
operate. They love discovering new
new meaning — someone who
maliciously breaks into systems for
personal gain. Technically, these
criminals & are known as Crackers.
HACKING WITH MALICIOUS INTENTION IS CRACKING
The basic difference is hackers do not do anything disastrous.
Cracking yield more devastating results.
Cracking is crime.
Cyber crime are the results of cracking ,not hacking
Famous hackers all over D world
Nahshon Even-Chaim (born May 1971), was the first major computer hacker
Stewert Nelson from America followed Nehshon in 1972
Ankit Phadia from India is also a well known name in hackers history
Abdur zahir from Pakistan has also a good name in this world
It is Legal
Permission is obtained from the target
Part of an overall security program
Identify vulnerabilities visible from Internet at
particular point of time
Ethical hackers possesses same skills, mindset
and tools of a hacker but the attacks are done in
a non-destructive manner
Distinction on the basis of knowladge
Distinction on the basis of LEGALITY
Have full knowladge.
They know what exactly they are doing
Well aware about the different codes
Have complete idea what is going beyond coding.
H4ck3r at work
Knows what they are doing.
They don’t have idea that what exactly going beyond codes.
Result oriented persons
They are not so harmful.
Script kiddies or packet monkeys
Young in-experienced hackers
Copy codes and techniques from knowledgeable hackers .
Don’t know what’s going beyond the coding.
Use techniques for fun purpose.
Sometimes could be very dangerous for the system,
These are good hackers .
Have genuine license to hack.
Have registered police records
Evolves themselves in good works
Generally owned by companies for security designing
Have high pay scales.
Generally these are coders
Also known as red hats.
Perform both tasks fair as well as unfair.
Generally these are admins.
Have little high pay than white hats.
Generally not so dangerous, but sometimes could be.
very dangerous persons.
Always have motive to earn huge profit.
Highly paid persons.
Evolves themselves mostly in criminal activities.
These could be coders, admins as well as script kiddies
CAN BE DONE BY TWO WAYS:
Open Relay Server
An Open Mail Relay is an SMTP (Simple Mail Transfer Protocol)
server configured in such a way that it allows anyone on the
Internet to send Email through it, not just mail destined ‘To’ or
‘Originating’ from known users.
An Attacker can connect the Open Relay Server via Telnet and
instruct the server to send the Email.
Open Relay Email Server requires no password to send the
Some of Free Anonymous Email Websites are:
Mail.Anonymizer.name (Send attachments as well)
Some codes are used by the user to program a page that has same features.
Commonly .php is used to code the page.
Self needed items could be imparted
Fake page is created by the user.
The page looks like same as original page.
When user log-ins on that page , automatically as per coding the password of victim comes on attackers mail-id.
After that the original page is opened as fake page is linked with the original one.
Very useful for password cracking
Can be send via mail to the victim.
These are programs that are used to infect the other programs.
A virus can easily penetrate in any program & could destroy it.
A virus can be send to the victim by fake mail.
Some common known viruses are
These area special type of program.
Generally could be termed as virus but actually they are not.
These are used to get external command over victims computer.
Once installed on a system, the
program then has system-level access
on the target system, where it can be
destructive and insidious.
They provide remote access of victims computer.
After installation of Trojan horse into computer any information can be obtained also any file could be deleted.
One of the commonly known Trojan horse is BEAST
These are special type of viruses.
They don’t infect files.
They immediately delete those file which they do not understand.
If coding of particular file is into list then it will delete it.
Windows User Account Architecture
User account passwords are contained in the SAM in the
Hexadecimal Format called Hashes.
Cracking admin password:
Passwords may be cracked Manually or with Automated tools
such as a Brute-force method or the Rainbow Table attack.
For the 2nd time remove the password by using following command
net user username *
Then type your own password.
44% of UK businesses suffered at least one malicious security breach in 2008.
The average cost was £30,000
Several cost more than £500,000.
Loss per year
H4cking prone areas
H4cking growth rate
It is clear from the graph it is increasing day by day.
Use of anti-viruses.
Proper logout after use of mail id.
Manual opening browser
don't open spam.
Password protected admin account.
HACKING IS USING AN AUTHORISE THING IN A UN AUTHORISED MANNER
HACKIING IS ILLEGAL BUT NOT A CRIME.
TYPES OF HACKERS.
VIRUSES ,WORMS & TROJANS.
ADMIN PASSWORD HACKING
KYRION DIGITAL SECURITIES