HACKING

Information about HACKING

Published on February 25, 2009

Author: useful

Source: authorstream.com

Content

HACKING : HACKING Don’t Learn to Hack – Hack to Learn Outline : Outline Brief History What do hackers do? Hacker’s techniques System Hacking Who is a “hacker”? : Who is a “hacker”? There are at least two common interpretations: Someone who bypasses the system’s access controls by taking advantage of security weaknesses left in the system by developers Someone who is both knowledgeable and skilled at computer programming, and who is a member of the hacker subculture, one with it’s own philosophy and code of ethics A Brief History of Hacking : A Brief History of Hacking 1960s MIT AI Lab Ken Thompson invented UNIX Positive Meaning 1970s Dennis Ritchie invented C Phreaking : John Draper Phreaking : YIPL/TAP Phreaking : Blue boxes A Brief History of Hacking : A Brief History of Hacking 1980s Cyberspace coined 414s arrested Two hacker groups formed 2600 published 1990s National Crackdown on hackers Kevin Mitnick arrested Microsoft’s NT operating system pierced National infrastructure protection center unveiled A Brief History of Hacking : A Brief History of Hacking 2000 In one of the biggest denial-of-service attacks , hackers launch attacks against eBay, Yahoo!, CNN.com., Amazon and others. What Do Hackers Do? : What Do Hackers Do? System Access confidential information Threaten someone from YOUR computer Broadcast your confidential letters or materials Store illegal or espionage material What Do Hackers Do? : What Do Hackers Do? Network Eavesdrop and replay Imposer: server / client Modify data / stream Denial-of-Service Hacker’s techniques : Hacker’s techniques System hacking Network hacking Software hacking System Hacking : System Hacking Footprinting Scanning Enumeration Gaining access Escalating privilege Covering tracks Creating backdoors Denial of service Footprinting : Footprinting Objective To learn as much as you can about target system, it's remote access capabilities, its ports and services, and the aspects of its security. Techniques Open source search Whois Web interface to whois ARIN whois PING : PING whois microsoft.com : whois microsoft.com Web interface to whois : Web interface to whois Output of: whois [email protected] : Output of: whois [email protected] ARIN whois : ARIN whois Scanning : Scanning Objective Bulk target assessment and identification of listing services focuses the attention on the most promising avenues of entry Techniques Ping sweep TCP/UDP port scan OS Detection Port numbers and description : Port numbers and description Enumeration : Enumeration Objective More intrusive probing now begins as attackers begin identifying valid user accounts or poorly protected resource shares Techniques List user accounts List file shares Identify applications Gaining Access : Gaining Access Objective Enough data has been gathered at this point to make an informed attempt to access the target Techniques File share brute forcing Password file grab Buffer overflows Password eavesdropping NETBRUTE FORCE : NETBRUTE FORCE PASSWORD FILE GRABBER : PASSWORD FILE GRABBER Escalating Privileges : Escalating Privileges Objective If only user level access was obtained in the last step, the attacker will now seek to gain the complete control of the system Techniques Password cracking Known exploits Covering Tracks : Covering Tracks Objective Once total ownership of the target is secured, hiding this from system administrators become paramount ,lest they quickly end the romp. Techniques Clear logs Hide tools Creating Back Doors : Creating Back Doors Objective Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim if the intruder Techniques Create rogue user accounts Schedule batch jobs Infect startup files Plant remote control services Install monitoring mechanisms Replace apps with trojans Denial of Service : Denial of Service Objective If an attacker is unsuccessful in gaining access ,they may use readily available exploit code to disable a target as a last resort. Techniques SYN flood Identical SYN requests Overlapping fragment/offset bugs DDOS NORMAL SYN FLOOD : NORMAL SYN FLOOD

Related presentations


Other presentations created by useful

SQL INJECTION
25. 02. 2009
0 views

SQL INJECTION