basic knowhow hacking - Presentation Transcript
Work Shop on Hacking
Understand The difference
Hacking
&
Cracking
Understand The difference
hackers build things,
crackers break them
Literal Definitions
Cracker : some one who destructs things.
Hacker : Someone who uses hacks.
Hacks : A different approach with some significant advantage over the current approach.
Some more definitions
Phreakers : phone System Manipulators
Script kiddies : those who are slaves of tools for each and every work they do, but think of themselves as true hackers.
Reasons behind cracking
Just for fun
Show off
crack other systems secretly
Notify many people their thought
Steal important information
Destroy enemy’s computer network during the war
Security
With Hacking and cracking comes the concept of Security.
So what do you think is the :
“ MOST SECURED SYSTEM” By : Linux Academy
“ Most Secured System”
A system with power cable removed and sealed inside a many inch thick wall is also not a complete secure system
This whole concept of secured system in itself is a flawed concept. By : Linux Academy
Common Causes of cracking attempts
Ignorance
Ignorance
Ignorance
Ignorance
Ignorance
Ignorance By : Linux Academy
Social enginnering
Pretexting
Phishing
Dumpster diving By : Linux Academy
Pretexting
Pretexting is the act of creating and using an invented scenario to persuade a target to release information (e.g. date of birth, Social Security Number, last bill amt.)
In Pretexting an individual lies about his identity or purpose to obtain privileged data about another individual. A pretexter may then use this data to engage in identity theft or corporate espionage .
Pretexting may be employed by telephone or email, through customer service instant messaging or a company Web site .
Phishing
Phishing is an e-mail fraud method in which the perpetrator sends out email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites.
Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details
ebay and paypal are two of the most targeted companies, and online banks are also common targets
Dumpster diving
Dumpster diving, also known as trashing , is another popular method of social engineering. A huge amount of information can be collected through company dumpsters.
Potential security leaks items are commonly “company phone books, organizational charts, memos, company policy manuals, calendars of meetings, events and vacations, system manuals, printouts of sensitive data or login names and passwords, printouts of source code, disks and tapes, company letterhead and memo forms, and outdated hardware.”
Targets of social enginnering
Unaware of info value — receptionist
Special privileges — helpdesk tech support
Manufacturer/vendor — vendors
Specific departments — accounting, HR
Port
A Port is a virtual data connection that can be used by programs to exchange data directly, instead of going through a file or other temporary storage location. The most common of these are TCP and UDP ports which are used to exchange data between computers on the Internet .
A 'port' is a point of contact between a process and a connection.
Types Of Attack
DOS (Denial of Service)
In computer security , a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. An attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.) or other services that rely on the affected computer.
DoS attacks have two general forms:
Force the victim computer(s) to reset or consume its resources such that it can no longer provide its intended service.
Obstruct the communication media between the intended users and the victim so that they can no longer communicate adequately.
PoD (Ping of Death)
A ping of death ("POD") is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 64 bytes in size; many computer systems cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes. Sending a ping of this size often crashes the target computer.
DDoS (Distributed denial-of-service)
In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses , an attacker could take control of your computer. Attacker could force your computer to send huge amounts of data to a web site or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, to launch the denial-of-service attack.
SYN flood
In which an attacker sends a succession of SYN ( synchronize ) requests to a target's system.
When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages.
UDP
(User Datagram Protocol) is a stateless and connectionless protocol that runs on top of IP networks.
UDP flood attack can be initiated by sending a large number of UDP packets to random ports on the victim system. As a result it will determine what application is waiting on the destination port,
it will generate an ICMP packet of destination unreachable to the source address. Large number of such UDP packets will result in degraded service or a complete shutdown.
ICMP floods/Smurf
An assault on a network Attacks that floods it with excessive messages in order to impede normal traffic. It is accomplished by sending ping requests (ICMP echo requests) to a broadcast address on the target network or an intermediate network.
Teardrop Attack
It involves sending IP fragments with overlapping oversized payloads to the target machine. A bug in the TCP/IP fragmentation re-assembly code caused the fragments to be improperly handled, crashing the operating system as a result of this
Sql Injection
Now a days
this
attack method is
HOT
Reason
increase in the use of database.
A lot more increase in ignorant and novice programmers.
How to secure your self
Primary work to beef up your security.
A good antivirus (AVG free / NOD32 trial)
A good firewall (Sygate personal)
A good spy ware / Trojan buster.
Use of genuine software.
Avoid ignoring even the simplest of things
OR,
Start using
LINUX
How open Source model HELP
With open source software comes the concept of publicly viewable codes
Which on one hand increases the chance of cracking attempt also on the other hand increases the chance of hacking.
Google hacking
Google is the best tools now a days to access a site.
This game of using google to hack around is called
GOOGLE - HACKING
Google hacking : EXAMPLE
Sony camera’s online
http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Asnc-rz30+inurl%3Ahome%2F+&btnG=Search
How to become a hacker
The best approach is to gain as much knowledge about stuff as you can.
good command over C / C++ / Perl will definetely help.
But above all you need a good logical brain.
Some reference’s for you
Hackthissite.org
Hellboundhackers.org
Hackquest.de
Hackits.de
http://johnny.ihackstuff.com
Question’s Linux Academy +91 755 4270644 27, Noble Plaza, zone-II MP Nagar, Bhopal http://www.academylinux.com
No comments:
Post a Comment