INFORMATION SECURITY & ETHICAL HACKING How secure are you……?
Agenda •
Network’s Exposure to Security Threats
•
What is Information Security And Ethical Hacking
•
Two Major Aspects - Desktop & Internet Security
•
Live Demonstrations of Attacks
Network’s Exposures To Threats
“By the end of 2013, 95% of enterprises will be infected with undetected, financially motivated, targeted threats that evaded their traditional perimeter and host defenses”- By Gartner, Top Ten Key Predictions, 2012
security predictions in 2012
Two Major Aspects Of Security
Desktop and internet security
Cracking Login Password
•
The Passwords are stored in SAM file
Cracking Tools : ERD Commander PH Crack and many more…
SAM = Security Account
OR we can Change the Password…
C:\> net user username password You need the admin rights ! But you can change Passwords of Other Admin Users !
That’s easy… but admin rights… hm…
Virus & Worms
Trojan Horse
Keylogger
The three major threats to computer world‌!!
Symptom s
• The system might start hanging. • Softwares and applications often starts crashing • System may become unpredictable.
A N D
• Worms… These generally don’t perform any malicious activity. •
They reside in the system and make copies of itself
• These eat up the system resources
• In some extreme cases OS may also crash.
Today almost 87% of all viruses/worms are spread through the
Lets Code a Virus ! Is it difficult ?
!
Trojan Horse
A Trojan is an infection that steals information.
It then sends the information to a specified location over the internet. It makes the computer prone to hackers by making Backdoors.
Attacker
Trojan… is a fatal gift !
Victim
KEYLOGGER
They log all the keys that you type. This runs in the background and is totally invisible. Trojans often have the keyloggers with them and they mail the log to their masters.
Watch your key strokes…!
Windows Registry All initialization and configuration information used by windows are stored in the registry.
Know how change in registries effects your system……!
Network Scanners Network Scanners used to find all the live systems present in the network with the Information about IP Address, Port Number, Services running on that ports, Vulnerabilities, installed applications etc. Some Tools: Angry IP Scanner GFI LAN Guard Look At LAN
Finding live Hosts…!
Sniffers Sniffers used to Capture the data packet from the network by applying some Poisoning such as ARP Poisoning. Some Tools: Cain and abel Ettercap
hmmmmmmmmmm…!
Cryptography Art of Secret writing to convert plaintext(Readable format) into cipher text(NonReadable format) by using some algorithms with the help of a Key.
Encrypters…!
Stagenography Art of Secret writing to Hide one file behind the other file. Example a text message can be bind behind the image or video file.
Hiding……..
How Do I Protect My Data ? Click icon to add clip art
•Use Antiviruses with Updated Signatures •Use Firewalls •Do not open Untrusted executables •Use Cryptography Techniques
I will mess it up…!
Lets move to internet‌ World Wide Web‌
Web Developer’s Nightmare Remote System Scanning
Google Hacking
DNS Spoofing
SQL Injection DOS Attack
Website Exploits…
Google Cracking Using Google Google is more than just a Search Engine. Special keywords can perform better Searches.
<Google Commands> site, intitle, filetype, allintitle, inurl
Google crawls the web …!
Click icon to add clip art
Database Cracking
Hmmmmmmmmmmmâ&#x20AC;Ś..
Advance Googling
Filetype:xls hry.nic.in
Password Cracking
Intitle:index .of master.passwd
Camera Cracking
Inurl:indexframe.shtml axis
Backend SQL string
SQL attack…
Select * from table where user= ‘ " & TextBox1.Text & “ ’ AND pass= '" & TextBox2.Text & “’;
' OR '1'='1 ●●●●●●●●●●●
String after SQL Injection Select * from table where user= ‘ ‘ OR ‘1’=‘1 ’ AND pass= ‘ ‘ OR ‘1’=‘1 ’;
Lets see how is this done…!
We Know that… is always True…! user= ‘ ‘
OR
‘1’=‘1 ’ AND pass= ‘ ‘
OR
‘1’=‘1 ’;
Lets see how a simple SQL injection works…
Uptu vice chancellor deskâ&#x20AC;Ś.
Jetking Super Admin Sectionâ&#x20AC;Ś..
Surfing Onlineâ&#x20AC;Ś Browser Hacking Phishing
Fake Emails
Social Networking Abuse
Dangers for Internet Usersâ&#x20AC;Ś
Browser Cracking •
Use scripts links to run in Browser.
•
These scripts change the behavior of Browser.
•
Example:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin (R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0) javascript:b=[]; a=document.images; for(wt=0; wt<a.length; wt++){a[wt].style.position='relative'; b[b.length]=a[wt]}; j=0; setInterval('j++; for(wt=0; wt<b.length; wt++) {b[wt].style.left=Math.sin((6.28/a.length)*wt+j/10)*10}; void(0)',1); void(0);
Lets Do It.........
Blast Virus <html> <body> <script language="javascript"> while(1) { w1=window.open(); w1.document.write("<center><font color=red size=5> blaaaast!!</font></center>"); } </script> </body> </html>
Lets Do It.........
Fake Emails Sending Fake mails with Fake headers E-mails can be sent to anyone from any Id It is used also in Spamming Click icon to add clip art
Lets Send a Fake Email !
Its bush@georgebush.com ...
How to Catch Fake Emailers Analyze the headers Use sites like “ whatismyipaddress.com ” to trace the IP address of fake mail
Click icon to add clip art
Go to “Regional Internet Registries” like Apnic, Afrinic, etc. Get the email of ISP of attacker & lodge the complaint.
Catch me if u can…
Phishing Attack E-mail: “There’s a problem with your Gmail account” Password sent Password?
User thinks it’s Gmail.com (But its
Gmail.org)
Lets make a fake page…
Preventing Phishing
Read the URL carefully…
Keep a suspicious eye over info demanding E-mails.
Anti-phishing Tools can be effective…
Use your Brain…
Thank You For anY querY and assisTance, kindlY conTacT: appin TechnologY lab
This is just a Trailer movie is about to Beginâ&#x20AC;Ś