1. Trang chủ
  2. » Công Nghệ Thông Tin

Ethical hacking and computer securities for beginners

64 54 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 64
Dung lượng 6,9 MB

Nội dung

Contents Foreword About the Author Chapter : What is Ethical Hacking? Chapter : Finding Informations 2.2 WHOIS Access information at www.internic.net/whois.html Access information at www.whois.net Installing and Accessing Information from SAM 2.3 Nslookup 2.4 ARIN 2.5 Neo Trace 2.6 VisualRoute Chapter : Identifying Weakness 3.2 NMAP 3.3 NetScan 3.4 Webcruiser 3.5 GFI LandGuard 3.6 What is Wireshark and Ethereal? Chapter : Performing Attacks 4.2 Denial of Service 4.3 Password Cracking 4.4 Perform Phishing Attacks 4.7 Buffer Overflow Chapter : Ethical Hackers Important Tasks 5.1 Incident Forms 5.2 Computer Security Reports Foreword This book is written based on practical usage and research on computer security and networks Basically everyone has strong concern about computer security networks where by it can sabotage the business and operations It will be worse if the entire business operations are running on the website or web hosting company This book covers practical approach on software tools for ethical hacking Some of the software tools covered are SQL Injection, Password Cracking, port scanning, packet sniffing and etc Performing ethical hacking requires certain steps and procedures to be followed properly A good ethical hacker will find information, identify weakness and finally perform some attacks on the target machine Then the most crucial part would be to produce a good security audit report for the clients to understand their computer network conditions This book also explains and demonstrates step by step most of the software security tools for any beginners in the computer security field Some of the software tools have been selected and utilized in computer security trainings and workshops About The Author Mr Elaiya Iswera Lallan has been in the IT Industry for the past 12 years He is the Managing Director of Blue Micro Solutions, which is based in SIRIM Bhd (Governmnet agency) Mr Lallan has extensive experience in the IT industry He has recieved an award as a Federal Territory Entrepreneur After obtaining his Bachelor Degree in Computers and Electronics Engineering from Kolej Bandar Utama (twinning program with University of Nottingham) in year 2001, he joined the company called MIR as a Information Technology Consultant He was performing computer programming tasks, and then joined as a software engineer in a new company called Neural Manufacturing Sdn Bhd He had his best of experiences here when he was creating software technologies for the company’s flagship product called e-Jari, which is a biometric security device He created an enterprise time attendance system for this device that can be used by other companies ranging from SMEs to government offices Some of the companies using this time attendance system are PejabatTanah & Galian in Kuala Lumpur, Koperasi Malaysia, Bernama and ITIS He also created a Guard Patrol and Intruder Detection System using the e-Jari, and was involved in the ISO9000:2001 certification for the company.With his extensive working experience and good track record of able to handle mega IT projects in government sector, Mr Lallan managed to join the incubatorship program under SIRIM Bhd in February 2010 With this Mr Lallan moved Blue Micro Solutions’ operations into the SIRIM building He obtained certification from Ministry of Finance in Malaysia in the software fields where he can participate in tenders for government IT projects He also started employing staffs to IT projects and ventured into IT trainings in private corporations, government institutions and polytechnics, such as SKALI Bhd, Kolej Komuniti in Klang, Politeknik Ungku Omar in Ipoh and Politeknik Kuching in Sarawak He has made Blue Micro Solutions to be a certified Human Resource Development Funds (HRDF) training provider to companies in Malaysia With his proven track record in both the industrial and education worlds in IT, Mr Lallan has been awarded collaboration with Open University Malaysia (OUM) to offer affordable IT degree program to the public recently Currently Mr Lallan is pursuing MSC status for his company Blue Micro Solutions With his company Blue Micro Solutions growing in the right directions, Mr Lallan began to explore his opportunities to grow his business in overseas as well Venturing into Canada, he successfully opened a branch called Blue Micro Canada Incorporated He also successfully registered the company with the Canadian government in Toronto, whereby he received invitations to participate in the government tenders for IT projects He also saw the opportunity to conduct IT trainings over the internet through webinars He obtained license from Adobe USA to use its tool Adobe Connect to conduct webinars in Canada and United States of America 1.0 What is Ethical Hacking? Ethical Hacking is an act of performing and testing security on IT infrastructure with proper authorization from a company or organization A person performing ethical hacking is known as ethical hacker or computer security expert An ethical hacker will use latest hacking tools and social engineering techniques to identify vulnerabilities on IT infrastructure Overall the ethical hacking provides risk assessment about the security of IT infrastructure for a company or organization information systems These risk assessment information will provide the level of security that can be exploited by a hacker On the other hand, hacker is a person who breaks into IT infrastructure or computer networks without any authorization Hackers mostly hack for profit or motivated by challenge These exploitation can cause financial lost, legal impart and trust towards the organization 1.1 Why IT Security is so Important? Nowadays all the companies or organizations are using and depending on IT infrastructure, computer networks and computer systems to operate their core businesses Most companies store their client informations in the server in database systems A good hacker will easily break into customer database if weak passwords are utilized on the server Definitely this will cause heavy financial losses to the company Mostly these hacked incidents will not be reported in the media in detail because it will spoil the company’s reputation Moreover shopping and bill payments are performed online these days Therefore client’s credit card information must be protected at all cost One of the most famous method to gain client’s credit card information is by performing spoofing Objective of spoofing is to fool the user into thinking that they are connected to the trusted website Most attacks are implemented utilizing emails these days A good example whould be the LoveLetter worm attacks performed during year 2000 Millions of computers have been attacked and made changes to the users’ system itself The LoveLetter worms are received using email attachments IT security is crucial to the organization and individual computer users Individual computer users must make sure they have installed the latest antivirus and antispyware in their computers Whereas companies must ensure they have engaged a computer security expert or consultant to look into their computer network security issues 1.2 Ethical Hacking Procedures and Strategies The first step in performing ethical hacking is to understand a hacker’s process There are basically main steps and processes of hacking: Step : Gaining targeted information Step : Probing vulnerabilities for exploitation Step : Gaining access to the targeted system Step : Maintaining access on targeted system Step : Covering the tracks on targeted system The targeted system is mostly referring to the machine to be hacked It can represent a server or computer or any electronic devices The hacker will perform the steps mentioned above to gain control or steal information or stop the machine services Each steps above may take a few months to acheive the desired goal An ethical hacker will perform the same steps above to further understand the weaknesses of the targeted system Once the weaknesses are identified, the ethical hacker will take steps for countermeasure to avoid further exploitation on the targeted system 2.0 Finding Information In this process, the hacker will gather as much information about the target system before launching an attack This allows the hacker to learn and strategize his or her attacks on the system Basically there are ways of gaining information : Passive Methods of gaining information on the targeted system Active Methods of gaining information on the targeted system Passive methods involve acquiring information without direct interaction with the targeted system One of the few ways of passive methods are acquiring publicly available information, social engineering and dumpster diving Dumpster diving is a process of looking for information in an organization’s trash for discarded information Social engineering is a another process by making friends or smooth talk with staffs in the organization to reveal server passwords, security codes and etc Whereas active methods are utilizing tools to detect open ports, types of operating systems installed on target system and purpose of applications and services available on the targeted system Social engineering is the most deadly and effective way of gaining information on targeted system Most previous employees that dislike the company management are potential threat for social engineering 2.1 Software Tools for Gaining Targeted Information As mentioned previously, using software tools to gain targeted information is categorized as Active Method The most common and popular tools used for gaining targeted informations are as below: WHOIS Nslookup ARIN Neo Trace VisualRoute Trace Email Tracker Pro 2.2 WHOIS WHOIS is a query and response protocol for querying databases that store the registered users or assignees of an Internet resource Information that can be acquired are domain name, IP address block, autonomous system, and etc The WHOIS protocol stores and provides database content in a human readable format The websites and software tool providing WHOIS informations are : http://internic.net/whois.html http://www.whois.net SAM SPADE 1.14 Just change the Loop Sending option to for a infinite loop which will cause a denial of service attack to the host Some firewalls are able to detect and block denial of service attacks It would be good to shutdown the personal firewall for experimental and learning purposes Plus type taskmgr at command prompt and click at the performance tab to observe the computer resources while network packets are sent over the network When the cpu usage has reached 100%, then Colasoft Packet Builder has successfully performed a denial of service 4.3 Cain and Abel One of the most interesting tools to explore would be Cain and Abel This software tool can crack almost any type of encryption proctection Cain and Abel tool is always useful for password recovery task The most popular encryptions are : MD4 hashes MD5 hashes SHA-1 hashes SHA-2 hashes MSSQL hashes MySQL hashes WEP (Wireless Encryption Protocol) Let take an example of cracking a MD5 hash using Cain and Abel software tool to reveal the actual information Normally MD5 data can be obtain in any MySQL databases which is used to concile user passwords Step 1: Click on the Cracker Tab Step : Select MD5 Hashes in sidebar Step : Right click on the blank sheet and select "add to list" option Step : A pop-up box will appear and copy and paste the hash code in that box and hit ok button For instance, let us take this hash code c3ea886e7d47f5c49a7d092fadf0c03b Step : Right click on the hash code and select the Method Select Brute Force Attack Step : The final would to Click "Start" button below to start the cracking of passwords When the MD5 hash has been succesfully cracked then results will be shown as below 4.4 L0phtCrack L0phtCrack is mainly use for cracking windows user account passwords Normally for windows xp, the user account informations are stored at this location c:\windows\system32\configure\sam SAM (Security Accounts Manager) which is database for windows user account L0phtCrack simplifies the task by automatically locating the SAM files in the Windows OS It will display all the user accounts including the Windows Administrator details Below is simple screenshot of L0phtCrack tool: For beginners it is better to use brute force attack to crack the passwords What is Brute Force Attacks? In cryptography, a brute force attack or exhaustive key search is a strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his task easier From wikipedia.org What is Dictionary Attacks? An attempt to gain illicit access to a computer system by using a very large set of words to generate potential passwords From wikipedia.org 4.5 Webcopier Webcopier is a fantastic tool to copy any websites offline and store the website files in the laptop Webcopier even copies website with javascript and supports proxy servers and HTTP authorization.The copied website files can be use for phishing activities to perform an attack All the files copied can be hosted on another webhosting server with similar domain names End user will not be able to recognize the domain names quickly but recognized the websites design immediately Eventually the end user will provide the particulars like username, passwords, credit card details and etc Finally the attacker can exploit the end user with these details from the actual websites or domains What is Phishing? Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public From wikipedia.org Below is an hands on example of Webcopier tool: Screenshot shows the website files being copied to the local computer and upon completion the results shows as below: Webcopier also allows to browse the website files as shown above and have preview of the html content 4.6 HTTrack Another software tool that performs like Webcopier is HTTrack This tool is absolutely free and it is GPL license HTTrack has more features than Webcopier and it is able to handle websites with huge files Plus it also allows to control the amount and the type of website files to be downloaded This is recommended for an intermediate end user and below shows the screenshots for HTTrack for download files from the targeted website: Basic concept to use HTTrack: Choose your project to organize the downloads Drag and drop several websites for downloading Precisely choose the options for downloading For example, filters is a powerful way to select or refuse selective links Start to download the website files 4.7 Buffer Overflow Buffer Overflow is a common error programming mistakes in a software application Therefore proper auditing should be performed on any software application in an organization Before explaining into details about Buffer Overflow, the concept of Buffer Overflow should be defined properly A buffer is a memory allocated to contain anything from a character string to an array of integers A buffer overflow occurs when more data is assigned into a fixed-length buffer than the buffer is able to handle When the buffer is not able to handle the data supplied then the adjacent memory space becomes overwritten and finally get corrupted This is will lead to a situation where by the system will crash Mostly C/C++ applications are frequent targets of buffer overflow attacks C/C++ applications have no mechanism to check for buffer overflows C/C++ developers should avoid standard library functions which have no checks for functions like scanf and strcpy Below is sample C/C++ programming code for Buffer Overflow exploitation #include #include int main(void) { char buff[15]; int pass = 0; printf("\n Enter the password : \n"); gets(buff); if(strcmp(buff, "thegeekstuff")) { printf ("\n Wrong Password \n"); } else { printf ("\n Correct Password \n"); pass = 1; } if(pass) { /* Now Give root or admin rights to user*/ printf ("\n Root privileges given to the user \n"); } return 0; } When the end user runs the program from the previous page, the end user receives the expected results below This time the end user runs the program with entering a wrong password and the program has responded wrong password but given the rights for Root user privileges Example above is a very strange situation where by even with wrong password the program has given Root privileges The logic behind this situation is the end user has supplied the input length greater than the buffer size and the buffer overflow took place over writing the memory of pass integer value Therefore pass integer value has non-zero value which fulfills the condition to grant Root privileges 5.0 Ethical Hackers Important Tasks So far the earlier chapters have given a basic exposure of the security tools that can be use for understanding computer securities However there are certain tasks and responsibilities for ethical hackers to perform on their daily job activities These tasks are not mandatory but important for their career as stated below: 1) Join Ethical Hacking groups 2) Upgrade and select the right software tools 3) Attend seminars about Cyber-Law 4) Create incident forms and prepare reports for security audits Among the tasks above, the most important one is to get trained for cyberlaw and prepare reports for security audits Practically the Ethical Hacker or Security Engineers need to understand the cyber-law before they can even advise their clients Sometimes it is best to team up with lawyers with cyberlaw experience 5.1 Incident Forms When the security audit is performed at client’s location, it is best practice for the clients to report the incident by filling up the incident form provided by the security engineers Following page is a sample incident form: The incident form will provide the Ethical Hackers to focus on particular incident that the client or end user has experienced in their work environment 5.2 Computer Security Reports The security reports are the most crucial part of the task for Ethical Hackers Based on the reports, the client will have to make decision to purchase any security software tools to avoid any securities vulnerabilities Therefore report has to be comprehensive enough to convince the clients about the computer security situations Below is simple format or outline that a report should contain: Executive Summary Hacking Activities Summary of Website or Software Application Audit Vulnebrality Findings Security Recommendations Graphs and Tables For illustration, the ‘Summary of Website or Software Application Audit’ screenshot sample is as below: The samples provided are just a basic guidelines and there are plenty of report templates can be acquired over the Internet ... sniffing and etc Performing ethical hacking requires certain steps and procedures to be followed properly A good ethical hacker will find information, identify weakness and finally perform some... company or organization A person performing ethical hacking is known as ethical hacker or computer security expert An ethical hacker will use latest hacking tools and social engineering techniques... engaged a computer security expert or consultant to look into their computer network security issues 1.2 Ethical Hacking Procedures and Strategies The first step in performing ethical hacking is

Ngày đăng: 04/03/2019, 11:51

w