Beruflich Dokumente
Kultur Dokumente
Hacking refers to an array of activities which are done to intrude someone else personal information so as to use it for unwanted purpose. Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured network.
PROTECTING
HACKING
1. 2. 3. 4. 5.
Preparation Footprinting Enumeration & Fingerprinting Identification of Vulnerabilities Attack Exploit the Vulnerabilites
Identification of Targets company websites, mail servers, extranets, etc. Signing of Contract
Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing
Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Forums Databases whois, ripe, arin, apnic Tools PING, whois, Traceroute, DIG, nslookup, sam spade
Specific targets determined Identification of Services / open ports Operating System Enumeration
Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans TCP Connect, TCP SYN, TCP FIN, etc.
Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
Vulnerabilities
Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control
Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS
Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security
There are mainly three types of hackers White hat Black hat Gray hat
These are good hackers . Have genuine license to hack. Have registered police records Evolves themselves in good works Generally owned by companies for security designing Have high pay scales.
very
dangerous persons. Always have motive to earn huge profit. Highly paid persons. Evolves themselves mostly in criminal activities.
Also known as red hats. Perform both tasks fair as well as unfair. Generally these are admins. Have little high pay than white hats. Generally not so dangerous, but sometimes could be.
Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network. An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12 All data sent or received by a system will be addressed from or to the system. An attackers first step is to find out the IP Address of the target system.
Linux Windows
Honeypot Virtual
package
PC or VMware
By using the above process we can do the hacking process. But in real world if we use hacking process illegally, then it is a crime so we should not encourage hacking of any systems.