A Short Introductory Slide show on what is ethical hacking. Fundamental terms and descriptions are dealt with.

2. Submitted to
Mr Purushottam Das
Presented By
Punit Goswami
CSE 3rd Sem

3. Ethical Hacking
Offense as the best
defense

4. What is hacking ?
A little clarification…

5. ▪ Hacking is any curiosity driven approach to finding weakness
in a system.
▪ Exploiting these weaknesses depends on the purpose of
breaching.
▪ Commonly misunderstood as a cracker.
▪ Cracker is somebody who uses the breaches and exploits in a
system only for malicious usage.
▪ Hacking is about making things do what they were not made
to do.
▪ A person who uses breaches and exploits for increasing
knowledge or breaches them for security auditing is a Hacker.

6. Kinds of hackers…
Because hackers too occur of kinds…

7. Hackers too come in types…
▪ Script Kiddie:
Knows how to use tools or methods made by experienced hackers.
Does not necessarily know or understand the background working of the tools or
methods.
Is just curious or wants to show off.

8. Hackers too come in types…
▪ White Hat Hackers:
Do hacking for research and defensive purposes.
Try to improve the robustness of a system by finding flaws in a security system and
fixing them.
Mostly work for or in an organization or individually.

9. Hackers too come in types…
▪ Black Hat Hacker:
Hackers with malicious intents while breaking into a system.
Cyber criminals who steal money, passwords, infect systems.
Practically everything that media shows about hacking and its illegal strings.

10. Hackers too come in types…
▪ GreyHat Hackers:
Are neither purely malicious nor completely defensive.
Their nature depends on the situation.
May not have malicious intents but would still like to break into the systems that
they are not authorized to.

11. Hackers too come in types…
▪ Hacktivist:
A new genre of hackers.
Use their collective knowledge and potential to protest against politically or
religiously sensitive issues.
Have become the most popular category of hackers being talked about nowadays.

12. The C-I-A Triad
Basic security concepts…

13. Basic Security Concepts
▪ Confidentiality
When information is compromised by someone not authorized to do so it is a loss of
confidentiality.
Is an important attribute.
Requires internal cohesiveness of set of data.
Research papers
Insurance records
New product Specifications
Private Information of People

14. Basic Security Concepts
▪ Integrity
For an information which is very sensitive, its corruption can be disastrous.
If this information is kept on an unsecured network, chances of it being corrupted,
modified or changed increases.
This loss of integrity indicates that unauthorised changes have been made to the
information.
Electronics fund transfer, Air traffic controlling, Financial accounting

15. Basic Security Concepts
▪ Availability
This is often the most important criteria in service oriented businesses.
When information is erased or becomes inaccessible to an authorised entity, it is loss of
availability.

16. Phases of
Hacking
oInformation Gathering
oScanning
oGaining Access
oReporting Vulnerability
oMaintaining Access
oCovering Tracks

17. InformationGathering

18. Scanning

19. GainingAccess

20. Reporting Vulnerability

21. MaintainingAccess

22. Covering Tracks

23. History of Hacking
Tracing the roots…

24. ▪ Early 1970s: John Draper made a long distance call for free by
blowing a precise tone into a telephone that told the phone system
to open the line.
▪ Early 1980s: Milwaukee based 414s charged of 60 computer break-
ins from Memorial Sloan Kettering Cancer Centre to the Los
Alamos National Laboratory.
▪ Late 1980s: 25 year old Kevin Mitnick secretly monitors the emails
of MCI and Digital Equipment security officials.

25. ▪ Early 1990s: AT&T long distance service made to crash on Martin Luther
King Jr. Day.
Security breach into Griffith Air Force Base Station, pewit
computers at NASA and the Korean Atomic Research Institute.
▪ Michael Shim
E-bay
Amazon
and Yahoo.
15 years old.

26. Methods toHacking
The different ways and paths taken during a hacking process…

27. System Hacking
oPassword Cracking
Use probabilities of password guesses to match with the
original passwords.
Brute Forcing
Matching all possible key combinations.
Dictionary Attacks
Using dictionary words to crack passwords.
Key logging
Tracking and spying on the inputs done on a system
through the keyboard.

28. System Hacking
oRootkits and RATs
Use malwares or spywares to observe and steal files containing
passwords or their hashes.
1. Application Level Rootkits
2. Kernel Level Rootkits
3. Hardware Level Rootkits
4. Boot loader Level Rootkits

29. SQL Injection
oSimple SQL Injection
Practical approach of bypassing login form using malicious
SQL entries.
Example:
If you put
‘or’1’=‘1
in both username and password fields of a login form
vulnerable to SQL injection, then it bypasses the login form.

30. SQL Injection
oUnion SQL Injection
The union operation of the SQL databases is used to find the
vulnerable column of entries.
This vulnerable column can be further used to rig out meta data
about the database.

31. SQL Injection
oBlind SQL Injection
It asks the database “True OR False” based questions and
determines the answer based on the applications response.

32. SQL Injection
oAdvanced SQL Injection
Error messages are used to extract information.
Example:
Warning: mysql_fetch_array():supplied
argument is not valid MySQL result resource
in
D:Inetpubvhostskpccvicharvibhag.orghttpdo
csadminclassesclsCollection.php on line
124
Above is a generic error message through which we can extract a
lot of information about the database.

33. SQL Injection
oAdvanced SQL Injection
1. Message says that the back-end is running on MySQl
2. Path stated starts with D:inetpubvhosts…
this means the Operating System is Windows based
and the web server being used is IIS.