Hacking

Contents
->History Of hacking
->What is hacking?
->Types of hacking
->Website Hacking
->Network hacking
->Ethical hacking
->Pros-Cons and Safety
measurement for hacking
->Conclusion
 What’s hacking?
▶In the cyber security world, the person who’s able to
discover a weakness in the system and manages to exploit
it to accomplish his goal, is referred as a hacker and the
process is known as hacking.
▶Nowadays, people think hacking is only hijacking
Facebook account. Hacking is practice of modifying the
features of a system or finding a loophole, in order to
accomplish a goal outside creator’s original purpose.
▶Due to the mass attention given to the so called “black-
hats” or “crackers” from the media, the reputation of all
the hackers even the good ones is damaged.
▶Hacking is always viewed as something illegal and shrewd.
▶A few bad guy doing a few bad things has put a bad
name for an entire community. This doesn’t have to be so.
Let’s talk about some
famous type of Hacks!
 EAVESDROPPING
ATTACK

▶ Eavesdropping is the process of gathering

information from a network by snooping on
transmitted data.
▶ To eavesdrop is to secretly overhear a private
conversation over a confidential
communication in a not legally authorized way.
▶ The information remains intact , but its privacy is
compromised.
 EAVESDROPPING OVER WIRED AND
WIRELESS NETWORKS
Over WIRED Over WIRELESS
▶ Here, eavesdropping is more ▶ Here, eavesdropping can be
difficult. achieved easily.
▶ Done by using a network tap ▶ Done by a computer with wireless
which is a hardware device that network adapter working on.
provides access to data flowing
▶ To be in the area of wireless
across the network.
network coverage.
▶ Can’t be achieved unless
▶ Need one of the particular
eavesdropper is in touch with
software tools that allows the
wire of the network which is
eavesdropping over Wi-fi.
difficult and sometimes
impossible.
 What we need to eavesdrop?

 1. HARDWARE TOOLS :
o High power antennas can be used to provide intercepting
wireless traffic from miles away.

 2.SOFTWARE TOOLS :
o Any wireless packet sniffer can be used.
o Widely available for sale and even free over internet.
 LEGALITY OF EAVESDROPPING
DEVICES
▶ Beware of the legal issues before you buy
eavesdropping devices.
▶ It is a crime in most countries to eavesdrop on
someone’s privacy.
▶ But as network administrator need to analyze traffic on
their network(debug network , find illegitimately installed
access points) they may need eavesdropping devices.
Man in the Middle Attack
● A man-in-the-middle (MITM) attack is a form of
eavesdropping where communication between two
users is monitored and modified by an unauthorized
party.

● The attacker actively eavesdrops by intercepting a

public key message exchange and retransmits the
message while replacing the requested key with his
own.

● MITM attack exploits the real-time processing of

transactions, conversations or transfer of other data.
Basic Illustration
Typical Defences
● On the server side:
○ Have strong encryption protocols between the client and the server
○ Read certificates carefully before connecting. File-Encrypt file you
don’t want intercepted
○ SSL connections may prevent you from connecting through the
MITM
● On the client side:
○ Do not connect to open wireless routers
○ Use browser plugins like HTTPS, Force-TLS to force secured
connections on sites
 DDoS Attack ( LOIC and
HOIC)
DoS attack is a series of attacks. In this attack an adversary
tires to misuse the legitimate services. Several networking tools
are available for troubleshooting. An attacker uses these tools
for evil purpose. For example ping command is used to test the
connectivity between two hosts. An adversary can use this
command to continuously ping a host with oversized packets. In
such a situation target host will be too busy in replying (of ping)
that it will not be able run other services.
 </SQL Injection>
It is something that is injected by any third party into the
main frame of the website through the URL of the website.
SQL injection is the most common forms of injection attack
that involves entering SQL codes into the forms or via URL
in order to attack and manoeuvre the SQL database. The
hackers can delete, retrieve, alter and update the
information present over the database.
 { Cross Site Scripting }
Cross Site Scripting or XSS is one of the main
vulnerabilities which mainly attack the users of MySpace,
Google and Microsoft. It is all about entrenching the
JavaScript into the hyperlink and the script starts hijacking
sessions, ads and pilfer the vital information. The main
difference between a hyperlink and a scripted link is that it
will be showing a surplus code at the end.
 Website Misuse and Accidental Hacking

There is no established limit on how one misuse a website and not every hacker is pro.
You may have come across a number of ways to misuse a website either accidentally
or incidentally. Sometimes accidentally clicking on the buttons when you are not
supposed to do so or performing something more than ordinary can cause problems on
the websites that are not properly programmed. If the users are misusing a website
intentionally or accidentally, thereby generating some errors can render the website
useless.
So, if you want to own a safe and secure website, then you out to work on the website
security and protect the same from these probable kinds of hacking.
Malware Attacks
● Adware
● Bot
● Bug
● Ransomware
● Rootkit
● Spyware
● Trojan Horse
● Virus
● Worm
Malware Symptoms
● Increased CPU usage
● Slow computer or web browser speeds
● Problems connecting to networks
● Freezing or crashing
● Modified or deleted files
● Appearance of strange files, programs, or desktop icons
● Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn
off antivirus and firewall programs)
● Strange computer behavior
● Emails/messages being sent automatically and without user’s knowledge (a friend receives a
strange email from you that you did not send)
Prevention and Removal

● Install and run anti-malware and firewall software.

● Keep software and operating systems up to date with current vulnerability
patches.
● Be vigilant when downloading files, programs, attachments, etc.
Downloads that seem strange or are from an unfamiliar source often
contain malware.
 Phishing Attack
Phishing attack is gaining popularity from last couple of years.
In this attack an adversary creates fake email address or
website which looks like a reputed mail address or popular site.
Later attacker sends email using their name. These emails
contain convincing message, some time with a link that leads to
a fake site. This fake site looks exactly same as original site.
Without knowing the truth user tries to log on with their account
information, hacker records this authentication information and
uses it on real site.
ETHICAL HACKING
 Ethical Hacking
-> Ethical hacking is where a
person hacks to find weaknesses in
a system and then usually patches
them.
 *&^%$Cryptography(*^*&(%
Cryptography prior to the modern age was effectively
synonymous with encryption, the conversion of information from
a readable state to apparent nonsense.
In symmetric cryptography, both the sender and receiver share the key.
The sender uses the key in a certain way to hide the message. Then, the
receiver will use the same key in the opposite way to reveal the message.
Most types of cryptography are symmetric. Advanced Encryption
Standard is a widely used one.
 Defining Exploits
1.a flaw in hardware or software that is vulnerable to hacking or other
cyberattacks.
2.a piece of software that takes advantage of such a flaw to
compromise a computer system or network.
3. (in a video game) the use of a bug or flaw in game design to a
player’s advantage or to the disadvantage of other players.
Required Skills for Ethical Hackers
As an ethical hacker, you will need to understand various hacking
techniques such as −
Password guessing and cracking
Session hijacking
Session spoofing
Network traffic sniffing
Denial of Service attacks
Exploiting buffer overflow vulnerabilities
SQL injection
What should do after hacked?
➢ Shutdown the system
− Or turn off the system

➢ Separate the system from network

➢ Restore the system with the backup
− Or reinstall all programs

➢Connect the system to the network

➢ It can be good to call the police
Advantages of hacking
▶Can be used to recover lost information
where the computer password has been
lost.
▶Teaches you that no technology is 100%
secure.
▶To test how good security is on your own
network.
▶They call it white hat computer hacking.
Disadvantages of Hacking

▶Criminals can use it to their

advantage.
▶It can harm someone's privacy
▶It's Illegal
 Conclusion
➢Keep your password protected. Write your
password should be with combination of
characters, digits, special symbols. Do not
respond to feck on fishing email. when you are
doing any online transection always keep watch
on site whether the protocol of site is https &
whether there is a lock symbol .
 GROUP
MEMBERS
-> Akshit Goel
-> Amit Sikarwar
-> Harimangal Pandey
-> Maruti Nandan Singh
-> Riya Gupta
-> Saurabh Singh Kakran
Thank You