Course

Name: Ethical Hacking

Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic

Lecture 1: IntroducDon to Ethical Hacking


q  What is ethical hacking?

q  Penetra1on tes1ng

q  Role of the ethical hacker

What is Ethical Hacking?

•  It refers to the act of loca1ng weaknesses and vulnerabili1es of computer and

informa1on systems by replica1ng the intent and ac1ons of malicious hackers.
•  It is also known as penetra'on tes'ng, intrusion tes'ng or red teaming.

3
IntroducDon to Ethical Hacking

•  Ethical Hackers
•  Employed by companies to perform penetra1on test.

•  PenetraDon Test
•  Legal aCempt to break into the company’s network to find the weak links.
•  Tester only report findings, does not provide solu1ons.

•  Security Test
•  Also includes analyzing company’s security policy and procedures.
•  Tester offers solu1ons to secure or protect the network.

4
Some Terminologies

•  Hacking - showing computer exper1se.

•  Cracking - breaching security on soMware or systems.
•  Spoofing - faking the origina1ng IP address in a datagram.
•  Denial of Service (DoS) - flooding a host with sufficient network traffic so that
it cannot respond anymore.
•  Port Scanning - searching for vulnerabili1es.

5
 Gaining access
•  Front door •  SoMware vulnerability exploitaDon
•  Password guessing •  OMen adver1sed on the OEMs web site
•  Password/key stealing along with security patches.
•  Back doors •  Fer1le ground for script kiddies looking for
something to do.
•  OMen leM by original developers as debug
and/or diagnos1c tools.
•  Trojan Horses
•  Usually hidden inside of soMware that we
download and install from the net.
•  Many install backdoors.

6
Once inside, the hacker can...
•  Modify logs
•  To cover their tracks.
•  Steal files
•  Some1mes destroy aMer stealing.
•  An expert hacker would steal and cover their tracks to remain undetected.
•  Modify files
•  To let you know they were there.
•  To cause mischief.
•  Install back doors
•  So they can get in again.
•  ACack other systems

7
The Role of Security and PenetraDon Testers

•  Script kiddies or packet monkeys

•  Young or inexperienced hackers.
•  Copy codes and techniques from knowledgeable hackers.

•  Experienced penetra1on testers write programs or scripts using

•  Perl, C, C++, Python, JavaScript, Visual Basic, SQL, and many others.

8
PenetraDon-TesDng Methodologies

•  Tiger box
•  Collec1on of OSs and hacking tools.
•  Usually on a laptop.
•  Helps penetra1on testers and security testers conduct vulnerabili1es assessments and
aCacks.

•  White box model

•  Tester is told everything about the network topology and technology.
•  Tester is authorized to interview IT personnel and company employees.
•  Makes tester’s job a liCle easier.

9
•  Black box model
•  Tester is not given details about the network.
•  Burden is on the tester to find the details.

•  Gray box model

•  Hybrid of the white and black box models.
•  Company gives tester par1al informa1on.

10
What You Can Do Legally

•  Laws involving technology change as rapidly as technology itself.

•  Find what is legal for you locally.
•  Laws change from place to place.
•  Be aware of what is allowed and what is not allowed.

11
Laws of the Land

•  Tools on your computer might be illegal to possess.

•  Contact local law enforcement agencies before installing hacking tools.
•  WriCen words are open to interpreta1on.
•  Governments are gehng more serious about punishment for cybercrimes.

12
What You Cannot Do Legally

•  Accessing a computer without permission is illegal.

•  Other illegal ac1ons:
•  Installing worms or viruses
•  Denial of Service aCacks
•  Denying users access to network resources
•  Be careful your ac1ons do not prevent customers from doing their jobs.

13
Ethical Hacking in a Nutshell

•  What it takes to be a security tester?

•  Knowledge of network and computer technology.
•  Ability to communicate with management and IT personnel.
•  Understanding of the laws.
•  Ability to use necessary tools.

14
In this course, we shall cover:

•  Relevant networking technologies

•  Basic cryptographic concepts
•  Case studies of secure applica1ons
•  Unconven1onal aCacks
•  Tools demonstra1on

15
16
 Course Name: Ethical Hacking
Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic

Lecture 2: Basic Concepts of Networking (Part I)


q  Types of computer networks

q  Circuit switching and packet switching

q  Virtual circuits

Networking: Basic Concepts

•  Computer Network
•  A communica;on system for connec;ng computers / hosts

•  Why?
•  Be@er connec;vity
•  Be@er communica;on
•  Be@er sharing of resources
•  Bring people together

3
Types of Computer Networks

•  Local Area Network (LAN)

•  Connects hosts within a rela;vely small geographical area Faster
v Same room Cheaper
v Same building
v Same campus

•  Wide Area Network (WAN)

Slower
•  Hosts may be widely dispersed
v Across campuses Expensive
v Across ci;es / countries/ con;nents

4
Data CommunicaLon over a Network

•  Broadly two approaches:

a)  Circuit switching
b)  Packet switching

B D F
A
C E G H

5
Circuit Switching

•  A dedicated communica;on path is established between two sta;ons.

•  The path follows a fixed sequence of intermediate links.
•  A logical channel gets defined on each physical link.
v Dedicated to the connec;on.

B D F
A
C E G H

6
Circuit Switching (contd.)

•  Three steps are required for communica;on:

a)  ConnecLon establishment
•  Required before data transmission.

b)  Data transfer

•  Can proceed at maximum speed.

c)  ConnecLon terminaLon

•  Required aUer data transmission is over.
•  For dealloca;on of network resources.

7
Circuit Switching (contd.)

•  Drawbacks:
•  Channel capacity is dedicated during the en;re dura;on of communica;on.
v Acceptable for voice communica;on.
v Very inefficient for bursty traffic like data.

•  There is an ini;al delay.

v For connec;on establishment.

8
Packet Switching

•  Modern form of long-distance data communica;on.

•  Network resources are not dedicated.
•  A link can be shared.

•  The basic technology has evolved over ;me.

•  Basic concept has remained the same.

9
Packet Switching (contd.)

•  Data are transmi@ed in short packets (~ Kbytes).

•  A longer message is broken up into smaller chunks.
•  The chunks are called packets.
Message
•  Every packet contains a header.
v Relevant informa;on for rou;ng, etc.

H H H
PACKETS

10
Packet Switching (contd.)

•  Packet switching is based on store-and-forward concept.

•  Each intermediate network node receives a whole packet.
•  Decides the route.
•  Forwards the packet along the selected route.

•  Each intermediate node (router) maintains a rou.ng table.

11
Packet Switching (contd.)

•  Advantages:
•  Links can be shared; so link u;liza;on is be@er.
•  Suitable for computer-generated (bursty) traffic.
•  Buffering and data rate conversion can be performed easily.
•  Some packets may be given priority over others, if desired.

12
Packet Switching (contd.)

•  How are packets transmi@ed?

•  Two alterna;ve approaches:
a)  Virtual Circuits
b)  Datagram

•  The abstract network model:

B D F
A
C E G H

13
(a) Virtual Circuit Approach

•  Similar in concept to circuit switching.

•  A route is established before packet transmission starts.
•  All packets follow the same path.
•  The links comprising the path are not dedicated.
v Different from circuit switching in this respect.

•  Analogy:
•  Telephone system.

14
(a) Virtual Circuit Approach (contd.)

•  How it works?
•  Route is established a priori.
•  Packet forwarded from one node to the next using store-and-forward scheme.
•  Only the virtual circuit number need to be carried by a packet.
v Each intermediate node maintains a table.
v Created during route establishment.
v Used for packet forwarding.
•  No dynamic rou;ng decision is taken by the intermediate nodes.

15
16
 Course Name: Ethical Hacking
Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic

Lecture 3: Basic Concepts of Networking (Part II)


q  Datagrams

q  Layered network architecture

(b) Datagram Approach

•  Basic concept:
•  No route is established beforehand.
•  Each packet is transmi>ed as an independent en?ty.
•  Does not maintain any history.

•  Analogy:
•  Postal system.

3
Datagram Approach (contd.)

•  Every intermediate node has to take rou?ng decisions dynamically.

•  Makes use of a rou$ng table.
•  Every packet must contain source and des$na$on addresses.
•  Problems:
•  Packets may be delivered out of order.
•  If a node crashes momentarily, all of its queued packets are lost.
•  Duplicate packets may also be generated.

4
 Datagram Approach (contd.)
•  Advantages:
•  Faster than virtual circuit for smaller number of packets.
v No route establishment and termina?on.
•  More flexible.
•  Packets between two hosts may follow different paths.
v Can handle conges?on/failed link.

B D F
A
C E G H

5
ComparaJve Study

•  Three types of delays must be considered:

a)  Propaga?on Delay
•  Time taken by a data signal to propagate from one node to the next.
b)  Transmission Time
•  Time taken to send out a packet by the transmi>er.
c)  Processing Delay
•  Time taken by a node to process a packet.

6
Circuit Switching

•  AUer ini?al circuit establishment, data bits sent con?nuously without any delay.

7
Virtual Circuit Packet Switching

•  The Call Request packet sent from source to des?na?on.

•  The Call Accept packet returns back.
•  Packets sent sequen?ally in a pipelined fashion.
•  Store-and-forward approach.

8
Datagram Packet Switching

•  No ini?al delay.
•  The packets are sent out independently.
•  May follow different paths.
•  Also follows store-and-forward approach.

9
Layered Network Architecture

•  Open systems interconnec?on (OSI) reference model.

•  Seven layer model.
•  Communica?on func?ons are par??oned into a hierarchical set of layers.

•  Objec?ve:
•  Systema?c approach to design.
•  Changes in one layer should not require changes in other layers.

10
The 7-layer OSI Model
ApplicaJon

PresentaJon
Host-to-host
Session

Transport

Network

Datalink Point-to-point

Physical

11
 ApplicaJon
Layer FuncJons PresentaJon

Session
•  Physical
Transport
•  Transmit raw bit stream over a physical medium.
•  Data Link Network

•  Reliable transfer of frames over a point-to-point link (flow control, error Datalink
control).
Physical
•  Network
•  Establishing, maintaining and termina?ng connec?ons.
•  Routes packets through point-to-point links.

12
 ApplicaJon
Layer FuncJons (contd.) PresentaJon

Session
•  Transport
Transport
•  End-to-end reliable data transfer, with error recovery and flow
control. Network

•  Session Datalink
•  Manages sessions.
Physical
•  PresentaJon
•  Provides data independence.
•  ApplicaJon
•  Interface point for user applica?ons.

13
 How Data Flows
APPLICATION APPLICATION

PRESENTATION PRESENTATION

SESSION SESSION

TRANSPORT TRANSPORT
NETWORK N N NETWORK

DATA LINK DL DL DATA LINK

PHYSICAL P P PHYSICAL

S A B D

14
Internetworking Devices

•  Hub
•  Extends the span of a single LAN.
•  Bridge / Layer-2 Switch
•  Connects two or more LANs together.
•  Works at data link layer level.
•  Router / Layer-3 Switch
•  Connects any combina?on of LANs and WANs.
•  Works at network layer level.

15
Typical Internetworking Structure

16
17
 Course Name: Ethical Hacking
Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic

Lecture 4: TCP/IP Protocol Stack (Part I)


q  TCP/IP protocol stack

q  Basic func5ons of TCP, UDP and IP

q  Data encapsula5on
IntroducGon

•  TCP/IP is the most fundamental protocol used in the Internet.

•  Allows computers to communicate / share resources.
•  Used as a standard.
•  To bridge the gap between non-compa5ble plaCorms.

•  Work on TCP/IP started in the 1970s.

•  Funded by US Military.
•  Advanced Research Project Agency (ARPA).

3
Network Layering in TCP/IP

•  In 1978, Interna5onal Standards Organiza5on (ISO) proposed the 7-layer OSI

reference model for network services and protocols.
•  TCP/IP does not strictly follow the OSI model.
•  It follows a simplified 4-layer model.

4
The 7-layer OSI Model The 4-layer TCP/IP Model
ApplicaGon
ApplicaGon Runs on top of layers 1,2,3
PresentaGon
Host-to-host
Transport End-to-end message
Session
transfer
Transport
Network Packet delivery across Internet
Network

Datalink Point-to-point Datalink Frame transmission over link

Physical

5
Data Flow in 4-layer Model
ApplicaGon ApplicaGon

Transport Transport

Network Network Network

Datalink Datalink Datalink

A B C

6
TCP/IP Protocol Suite

•  Refers to a family of protocols.

•  The protocols are built on top of connec5onless technology (datagrams).
•  Data sent from one node to another as a sequence of datagrams.
•  Each datagram is sent independently.
•  The datagrams corresponding to the same message may follow different routes.
v Variable delay, arrival order at des5na5on.

7
 TCP/IP Family Members (ParGal List)

User
FTP TFTP SMTP SNMP DNS Process

Transmission Control Protocol (TCP) User Datagram Protocol (UDP)

Internet Protocol (IP) ICMP IGMP ARP RARP

Datalink and Hardware Layer (e.g., Ethernet)

8
•  Address ResoluGon Protocol (ARP)
•  Map IP addresses to hardware (MAC) addresses.

•  Reverse Address ResoluGon Protocol (RARP)

•  Map hardware addresses to IP addresses.

•  Internet Control Message Protocol (ICMP)

•  A network device can send error messages and other informa5on.

•  Internet Group Management Protocol (IGMP)

•  A node can send its mul5cast group membership to adjacent routers.

9
Typical Scenario
User Process User Process

TCP UDP

IP

Datalink and Hardware Layer (e.g., Ethernet)

10
What does IP do?

•  IP transports datagrams (packets) from a source node to a des5na5on node.

•  Responsible for rou5ng the packets.
•  Breaks a packet into smaller packets, if required.
•  Unreliable service.
v A packet may be lost in transit.
v Packets may arrive out of order.
v Duplicate packets may be generated.

11
What does TCP do?

•  TCP provides a connec5on-oriented, reliable service for sending messages.

•  Split a message into packets.
•  Reassemble packets at des5na5on.
•  Resend packets that were lost in transit.

•  Interface with IP:

•  Each packet forwarded to IP for delivery.
•  Error control is done by TCP.

12
What does UDP do?

•  UDP provides a connec5onless, unreliable service for sending datagrams (packets).

•  Messages small enough to fit in a packet (e.g., DNS query).
•  Simpler (and faster) than TCP.
•  Never split data into mul5ple packets.
•  Does not care about error control.
•  Interface with IP:
•  Each UDP packet sent to IP for delivery.

13
Addresses in TCP/IP
User Process User Process

Port Address
TCP UDP
(16 bits)

IP Address
IP
(32 bits)

Physical Address
Datalink and Hardware Layer (e.g., Ethernet) (48 bits)

14
 EncapsulaGon

•  Basic concept:
•  As data flows down the protocol hierarchy, headers (and trailers) get appended to it.
•  As data moves up the hierarchy, headers (and trailers) get stripped off.

•  An example to illustrate: TFTP client TFTP server

•  Trivial file transfer protocol (TFTP). UDP UDP

•  TFTP client transfers 200 bytes of data.
IP IP
•  4 bytes of TFTP header gets added.
Ethernet Ethernet

15
 EncapsulaGon in TFTP
Data

H-TFTP Data TFTP message

H-UDP H-TFTP Data UDP packet

H-IP H-UDP H-TFTP Data IP packet

H-Eth H-IP H-UDP H-TFTP Data T-Eth Ethernet frame

14 20 8 4 200 4

16
17
 Course Name: Ethical Hacking
Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering

Topic

Lecture 5: TCP/IP Protocol Stack (Part II)


q  IP Datagrams

q  IP Header fields
IP Datagrams
The IP Layer

•  IP layer provides a connec7onless, unreliable delivery system for packets.

•  Each packet is independent of one another.
•  IP layer need not maintain any history.
•  Each IP packet must contain the source and des7na7on addresses.
•  IP layer does not guarantee delivery of packets.
•  IP layer encapsula7on
•  Receives a data chunk from the higher layer (TCP or UDP).
•  Prepends a header of minimum 20 bytes.
v Containing relevant informa7on for handling rou7ng and flow control.

4
IllustraGon

Data

20 bytes IP header Data

5
 Format of IP Datagram
0 4 8 15 16 31
VER HLEN Service type Total Length

--------- HEADER --------

IdenGficaGon Flags Fragment Offset

Time to Live Protocol Header Checksum

Source IP Address

DesGnaGon IP Address

OpGons

DATA

6
IP Header Fields

•  VER (4 bits)
•  Version of the IP protocol in use (typically 4).
•  HLEN (4 bits)
•  Length of the header, expressed as the number of 32-bit words.
•  Minimum size is 5, and maximum 15.
•  Total Length (16 bits)
•  Length in bytes of the datagram, including headers.
•  Maximum datagram size :: 216 = 65536 bytes.

7
IP Header Fields (contd.)

•  Service Type (8 bits)

•  Allows packet to be assigned a priority.
•  Router can use this field to route packets.
•  Time to Live (8 bits)
•  Prevents a packet from traveling in a loop.
•  Senders sets a value, that is decremented at each hop. If it reaches zero, packet is
discarded.

•  Protocol (8 bits)
•  Iden7fies the higher layer protocol being used.

8
IP Header Fields (contd.)

•  Source IP address (32 bits)

•  Internet address of the sender.

•  DesGnaGon IP address (32 bits)

•  Internet address of the des7na7on.

•  IdenGficaGon, Flags, Fragment Offset

•  Used for handling fragmenta7on.

•  OpGons (variable width)

•  Can be given provided router supports.
•  Source rou7ng, for example.

9
IP Header Fields (contd.)

•  Header Checksum (16 bits)

•  Covers only the IP header.
•  How computed?
v Header treated as a sequence of 16-bit integers.
v The integers are all added using ones complement arithme7c.
v Ones complement of the final sum is taken as the checksum.
•  A mismatch in checksum causes the datagram to be discarded.

10
Viewing IP Packets

•  We can use packet sniffers to view IP packets.

•  Some popular packet sniffers:
•  Wireshark
•  Windump
•  tcpdump
•  Tshark
•  SolarWinds
•  …. and many more

11
Wireshark …

12
13