Hacking
Hacking
Hacking
CSE
Acknowledgement
I am highly greatful to Er. Gurjot Singh, Assistant Proff. CSE Department, SUSCET Tangori, for providing this opportunity to carry out the one month institutional training. I would like to express my gratitude to my guide Er. Aditi Sharma, CSE Department, SUSCET for providing academic inputs, guidance, encouragement throughout my training period. Finally I expess my my indebtness to my parents and all those who have directly or indirectly contributed to the successful completition of my training.
Ruchika Gupta
100690309909
Summer Training-2011
CSE
Declaration
I hereby declare that the project entitled HACKING submitted for the B.Tech CSE degree of Punjab Technical University is my original work and the project has not formed the basis for the another degree or any other similar typings.
Ruchika Gupta
100690309909
Summer Training-2011
CSE
CONTENTS
1. Introduction 1.1 1.2 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 Defination Hackers And Crackers 1960s - The Dawn of Hacking 1970s - Phone Phreaks and Cap'n Crunch 1980 - Hacker Message Boards and Groups 1983 - Kids' Games 1984 - Hacker 'Zines 1986 - Use a Computer, Go to Jail 1988 - The Morris Worm 1989 - The Germans and the KGB 1990 - Operation Sundevil
2 Hacking History
2.10 1993 - Why Buy a Car When You Can Hack One? 2.11 1994 - Hacking Tools R Us 2.12 1995 - The Mitnick Takedown 2.13 1997 - Hacking AOL 2.14 1998 - The Cult of Hacking and the Israeli Connection 2.15 1999 - Software Security Goes Mainstream 2.16 2000 - Service Denied 2.17 2001 - DNS Attack 3 Types Of Hacking 3.1 Website Hacking 3.1.1 Issues 3.1.2 Preventions 3.2 E-Mail Hacking 3.2.1 If You Have Physical Access: 3.2.2 If You Don't Have Physical Access: 3.2.3 Prevention against Phishing: 3.2.4 Securing your Email Account: 3.3 Network Hacking 3.4 Password Hacking
Ruchika Gupta
100690309909
Summer Training-2011 3.5 Online Banking Hacking 3.6 Computer Hacking 4 Hacking Tricks 5 Famous Hackers 6 Advantages Of Hacking 7 Ways To Prevent Hacking 8 Future Scope Of Hacking
CSE
Ruchika Gupta
100690309909
Summer Training-2011
CSE
Chapter 1 Introduction
1.1 Definition
Hacking refers to breaking into computer systems. The person who is invovlved in hacking is called a Hacker. Hacker is a term used by some to mean "a clever programmer" and by others, especially those in popular media, to mean "someone who tries to break into computer systems." A hacker is someone who gains unauthorized access to a computer system. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. Typically, this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system. Hacker is A person who enjoys learning details of a programming language or system A person who enjoys actually doing the programming rather than just theorizing about it.
A person capable of appreciating someone else's hacking A person who picks up programming quickly A person who is an expert at a particular programming language or system.
Ruchika Gupta
100690309909
Summer Training-2011
CSE
In other words hacker is "A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Also note that not all hackers are humans. You also get computerized hackers, but they are developed by humans of course.
Ruchika Gupta
100690309909
Summer Training-2011
CSE
From phone phreaks to Web attacks, hacking has been a part of computing for 50 years. Hacking has been around pretty much since the development of the first electronic computers. Here are some of the key events in the last five decades of hacking
2.1
The first computer hackers emerge at MIT. They borrow their name from a term to describe members of a model train group at the school who "hack" the electric trains, tracks, and switches to make them perform faster and differently. A few of the members transfer their curiosity and rigging skills to the new mainframe computing systems being studied and developed on campus.
2.2
Phone hackers (phreaks) break into regional and international phone networks to make free calls. One phreak, John Draper (aka Cap'n Crunch), learns that a toy whistle given away inside Cap'n Crunch cereal generates a 2600-hertz signal, the same high-pitched tone that accesses AT&T's long-distance switching system.Draper builds a "blue box" that, when used in conjunction with the whistle and sounded into a phone receiver, allows phreaks to make free calls.Shortly thereafter, Esquire magazine publishes "Secrets of the Little Blue Box" with instructions for making a blue box, and wire fraud in the United States escalates. Among the perpetrators: college kids Steve Wozniak and Steve Jobs, future founders of Apple Computer, who launch a home industry making and selling blue boxes.
Ruchika Gupta
100690309909
Summer Training-2011
CSE
Ruchika Gupta
100690309909
Summer Training-2011
CSE
on the hacker issues of the day. Today, copies of 2600 are sold at most large retail bookstores.
Ruchika Gupta
100690309909
Summer Training-2011
CSE
comes to be known as the Hacker's Manifesto. The piece, a defense of hacker antics, begins, "My crime is that of curiosity... I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all."
2.10 1993 - Why Buy a Car When You Can Hack One?
During radio station call-in contests, hacker-fugitive Kevin Poulsen and two friends rig the stations' phone systems to let only their calls through, and "win" two Porsches, vacation trips, and $20,000.Poulsen, already wanted for breaking into phone- company systems, serves five years in prison for computer and wire fraud. (Since his release in 1996, he has worked as a freelance journalist covering computer crime.)The first Def Con hacking conference takes place in Las Vegas. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering is so popular it becomes an annual event.
Ruchika Gupta
10
100690309909
Summer Training-2011
CSE
The Internet begins to take off as a new browser, Netscape Navigator, makes information on the Web more accessible. Hackers take to the new venue quickly, moving all their how-to information and hacking programs from the old BBSs to new hacker Web sites.As information and easy-to-use tools become available to anyone with Net access, the face of hacking begins to change.
Ruchika Gupta
11
100690309909
Summer Training-2011
CSE
Ruchika Gupta
12
100690309909
Summer Training-2011
CSE
oppression in Kashmir and Palestine.Hackers break into Microsoft's corporate network and access source code for the latest versions of Windows and Office.
2.17
Microsoft becomes the prominent victim of a new type of hack that attacks the domain name server. In these denial-of-service attacks, the DNS paths that take users to Microsoft's Web sites are corrupted. The hack is detected within a few hours, but prevents millions of users from reaching Microsoft Web pages for two days.
Ruchika Gupta
13
100690309909
Summer Training-2011
CSE
Chapter 3
Types
of Hacking
Website hacking has been around ever since w3 were introduced to the public in the 80s. While there may have been a time, at least in the early days, where hacking was rather simplistic and was comprised of little more than getting someones password and creating virtual Graffiti on their site, todays hackers are much more sophisticated. More advanced techniques were introduced, which are dangerous and unpredictable, of course. Its important, first of all, to understand some statistics about website hacking. Around two thirds of website hacking is done not for ideological purposes or even graffiti, but rather for profit. People hack websites today in order to gather information they intend to use for nefarious purposes and for their own financial gain. Strangely enough, then, just under half of all website hacking incidents occurred with non-commercial sites like governmental or educational sites. This may be, at least partially, because these types of organizations are more likely to report a website hacking attack, although that is not always the case. When it comes to commercial sites, Internet-related companies tend to be top targets. This includes e-commerce sites, media sites, search engines, and even search providers. Part of the reason these companies are such a huge target is the fact that they often have databases full of all sorts of personal information that can generate billions of profits.
Ruchika Gupta 14 100690309909
Summer Training-2011
CSE
3.1.1 Issues There are few issues when it comes to hacking; here we have highlighted some of those which provoked the hackers to do so: 1. The biggest issue when it comes to website hacking is the issue of personal information. Some websites store a large amount of personal data, from name and address information to credit card information and probably purchase history on the site. A website hacker can use this kind of information to steal the identity of the customers. 2. National security is another concern when it comes to website hacking. Some statistics suggest that as many as two thirds of hacking attempts aimed at the U.S. Department of Defense each year are successful. If this statistic is true, website hacking poses a very real and present danger, not only in the U.S. but in countries around the globe. Website hacking, then, is not only an issue of financial concern for some companies and for some individuals, but of safety and security of people around the globe. 3. Another important issue in this area is the source of website hacking. While outside attacks do make up a good percentage of website hacking incidents, many incidents are also caused from within. Whether its a disgruntled employee, an employee who is out for her own financial gain or a person who has been unwittingly recruited by a third party, a companys personnel are at least an equal risk as those outside the company when it comes to website hacking. 4. Complicating the issue is the public image of the hacker. The stereotypical hacker is a computer geek who sits at home and breaks into secure websites just for fun. Unfortunately, this public image rarely matches the reality. Like we said before, most website hacking incidents arent about curiosity; theyre a dedicated effort to make money. Website hackers generally arent young kids experimenting theyre often individuals with criminal purposes. Its easy to commit crime and
Ruchika Gupta
15
100690309909
Summer Training-2011
CSE
just escape using the internet. In most cases, theyre not acting as a robin hood of sorts, either. They are out to benefit themselves, and only themselves. Above all, its worth mentioning that website hacking is illegal, regardless of who does it and for what purpose. Penalties can be severe, often very severe, for people who are caught website hacking. 3.1.2 Prevention Preventing website hacking can be a challenge, especially if your company or organization doesnt have expendable resources that can be invested in specialized security equipment or staff. Still, there are some important things you can do to prevent website hacking, or at least minimize your risk. 1. A company mush train their employees well when it comes to hacking. This occurs on two levels. Firstly, a company must let its employees know that hacking their website will be dealt harshly. If a company is willing to press charges against a hacking employee, say so. This may prevent an employee who is thinking about website hacking from ever doing it in the first place. Obviously, this doesnt protect against outside threats, but it may help reduce the risk of internal threats. 2. The other type of training a company needs has to do with their IT department. Yes, your IT security engineer needs to be up to speed on the latest security techniques. However, your website programmers need to have a solid base of security knowledge, as well. There are some instances in which simply configuring a website a certain way can reduce the risks of website hacking, and your team needs to know how. 3. Its also important that you keep your website scripts up to date. Use the latest and most stable version of the web software youre using, so that potential security holes are closed. While new holes are often discovered, staying up to date helps reduce the number of potential successful website hacking scenarios. The same
Ruchika Gupta
16
100690309909
Summer Training-2011
CSE
holds true for the operating system running on your web server, as well as any firmware running on your network equipment or your firewall and content filter. 4. Physical security of your systems is important, as well. Its a lot easier for someone to walk up to your web server and make hacking changes than it is for them to invent some sort of SQL injection that will make those changes. Physical access to your servers and to systems that have access to your servers is key. 5. How you configure your website applications and permissions are key in preventing website hacking, as well. For example, if you use MySQL, set your usernames and passwords up in a way that you dont allow maximum global permission to scripted users. Making sure your user groups have exactly the right permissions not only helps to grant users the tools they need, it also helps to reduce the risk of website hacking. 6. As with just about any type of computer security, its important to use strong passwords for administrative accounts. You should make sure those passwords are changed at regular intervals, as well. A well-developed password policy that is enforced systematically greatly reduces a number of IT security risks. 7. Keeping a strong firewall system in place is important in preventing website hacking, too. If you can use a filtering system that has access to a blacklist of potential hacking sources, you can reduce some of your website hacking risk. In addition, firewalls protect other systems that may be vulnerable to hacking or to other attacks.
None of these prevention methods are foolproof, of course. However, if you are diligent about them and able to implement them, you will greatly reduce the risk that a hacker will be able to attack your companys website.
Ruchika Gupta
17
100690309909
Summer Training-2011
CSE
The following are the only 2 working and foolproof methods for email hacking...
Ruchika Gupta
18
100690309909
Summer Training-2011
CSE
Another option you have if you have physical access is to execute a RAT (Remote Administration Tool, you may know these programs as trojans as i mention in my computer Torjan post) server on the computer. Of course, you do not have to have physical access to go this route, but it helps. What you must understand is that these tools are known threats, and the popular ones are quickly detected by antivirus software, and thusly taken care of.
3.2.2 If You Don't Have Physical Access: I think most of you waiting for this part of e-mail hacking I think this on of the interesting section. there still are ways you can gain access into the desired email account without having to have any sort of physical access. You can do this by one of famous attack "Phishing" What is Phishing? Phishing is a way of deceiving your victim by making him login through one of your webpages which is a clone of the original one.Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. eBay, PayPal and other online banks are common targets. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques. Recent phishing attempts have targeted the customers of banks and online payment services. This is used for criminal activities for stealing Credits Cards and So.And that is the exact reason why i DO NOT want you to use this for fraud.
3.2.3 Prevention against Phishing: 1. Read all the Email Carefully and Check if the Sender is Original Watch the Link Carefully before Clicking 2. Always check the URL in the Browser before Signing IN to your Account Ruchika Gupta 19 100690309909
Summer Training-2011
CSE
3. Always Login to Your Accounts after opening the Trusted Websites, not by Clicking in any other Website or Email.
3.2.4 Securing your Email Account: 1. Always configure a Secondary Email Address for the recovery purpose 2. Properly configure the Security Question and Answer in the Email Account 3. 4. 5. Do Do Not Take Not Use any Care Open others of Emails computer the to from check Phishing your strangers Email Links
Ruchika Gupta
20
100690309909
Summer Training-2011 c:\windows>net view \\255.255.255.255 if the output is like this: Sharedresourcesat\\255.255.255.255 ComputerNameGoesHere Sharename Type Used as Comment CDISK Disk xxxxx xxxxx The command completed successfully. DISK shows that the victim is sharing a Disk named as CDISK Step 4 type down: you can replace x: by any letter you want but not the letter of your own drive. CDISK is the name of the shared harddrive. c:\windows>net use x: \\255.255.255.255\CDISK If the command is successful you are a small time hacker.
CSE
Now open windows explorer or just double click on the My Computer icon on your desktop and you will see a new network drive X:. Note to newbies: This hack will only work if you have the ip of someone on your network. It will not work if the ip of the person you want to hack is not on your network. Tip: If you can only access your targets shared folder put a batch file in their shared folder with the command C=C if they open it,it will share their hardrive.
Expert Advice on Keeping Your Network Safe by Blocking Dangerous Hacker Attacks The stories go on and on about another individual having their personal information stolen from their computer by some hacker. While it is true that hackers do get people's information, and they will keep on getting that information, it is also true that having intrusion detection software can help. And even better, to be hacker safe intrusion prevention system is by the same software.
Ruchika Gupta
21
100690309909
CSE
Doors can be opened to hackers in varied ways. Two of the most common ways by which they can gain access to your computer is simply through emails, or Web pages that you visit that have spyware, or trojans (a file which looks innocent, but actually will later open doors to a hacker) attached to them. Other ways are robot spiders sent out over the Internet to find unprotected computers, and open doors. Some say that every computer attached to the Internet may be attacked by such a spider as many as 50 times each day. So, if you do not have an intrusion prevention system in place, up-to-date, then you may have regular unexpected visitors - and you may not even know it. Others say that 9 out of 10 computers have some sort of spyware, or malware on them. Could you be one of them? This article will show you what is available on the market for your protection - and much of it can be obtained for free.The spider robots work automatically - looking for and identifying computers on the Internet that have doors, or ports, open to them. This information is then reported back to the hacker - knowing which computers to target - and which port to use. For this reason, every now and then, Microsoft will come out with a new patch for Windows, in order to close some faulty door that hackers have discovered and been using. What Is Intrusion Detection? Network Intrusion detection software is a must-have these days. Each company's software will vary somewhat (for copyright and originality purposes), but you do need one for your own network, or home computer. It differs from a firewall in that the purpose of a firewall is to stop unauthorized external contacts with your system. These offer hacker prevention largely for contacts from outside the network. Most of these will now notify the owner or network controller of intrusion attempts. Network intrusion detection systems, on the other hand, will give you warnings about events that take place within the network itself. 3.4 Password Hacking What are some password basics? Most accounts on a computer system usually have some method of restricting access to that account, usually in the form of a password. When accessing the system, the user has to present a valid ID to use the system, followed by a
Ruchika Gupta
22
100690309909
Summer Training-2011
CSE
password to use the account. Most systems either do not echo the password back on the screen as it is typed, or they print an asterisk in place of the real character. On most systems,the password is typically ran through some type of algorithm to generate a hash. The hash is usually more than just a scrambled version of the original text that made up the password, it is usually a one-way hash. The one-way hash is a string of characters that cannot be reversed into its original text. You see, most systems do not decrypt the stored password during authentication, they store the one-way hash. During the login process, you supply an account and password. The password is ran through an algorithm that generates a one-way hash. This hash is compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied. Cryptographically speaking, some algorithms are better than others at generating a one-way hash. The main operating systems we are covering here NT, Netware, and Unix all use an algorithm that has been made publically available and has been scrutinized to some degree. To crack a password requires getting a copy of the one-way hash stored on the server, and then using the algorithm generate your own hash until you get a match. When you get a match, whatever word you used to generate your hash will allow you to log into that system. Since this can be rather timeconsuming, automation is typically used. There are freeware password crackers available for NT, Netware, and Unix. Why protect the hashes? If the one-way hashes are not the password itself but a mathematical derivative, why should they be protected? Well, since the algorithm is already known, a password cracker could be used to simply encrypt the possible passwords and compare the one-way hashes until you get a match. There are two types of approaches to this dictionary and brute force. Usually the hashes are stored in a part of the system that has extra security to limit access from potential crackers. Ruchika Gupta 23 100690309909
CSE
A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password. Some of these dictionary crackers can manipulate each word in the wordlist by using filters. These rules/filters allow you to change idiot to 1d10t and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT. If your dictionary cracker does not have manipulation rules, you can pretreat the wordlist. There are plenty of wordlist manipulation tools that allow all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thorough list for dictionary crackers without those fancy wordmanipulations built in.
What is a brute force password cracker? A brute force cracker simply tries all possible passwords until it gets the password. From a cracker perspective, this is usually very time consuming. However, given enough time and CPU power, the password eventually gets cracked. Most modern brute force crackers allow a number of options to be specified, such as maximum password length or characters to brute force with.
Which method is best for cracking? It really depends on your goal, the cracking software you have, and the operating system you are trying to crack. Lets go through several scenarios. If you remotely retrieved the password file through some system bug, your goal may be to simply get logged into that system. With the password file, Ruchika Gupta 24 100690309909
Summer Training-2011
CSE
you now have the user accounts and the hashes. A dictionary attack seems like the quickest method, as you may simply want access to the box. This is typical if you have a method of leveraging basic access to gain god status. If you already have basic access and used this access to get the password file, maybe you have a particular account you wish to crack. While a couple of swipes with a dictionary cracker might help, brute force may be the way to go. If your cracking software does both dictionary and brute force, and both are quite slow, you may just wish to kick off a brute force attack and then go about your day. By all means, we recommend a dictionary attack with a pretreated wordlist first, followed up by brute force only on the accounts you really want the password to. You should pre-treat your wordlists if the machine you are going to be cracking from bottlenecks more at the CPU than at the disk controller. For example, some slower computers with extremely fast drives make good candidates for large pre-treated wordlists, but if you have the CPU cycles to spare you might want to let the cracking programs manipulation filters do their thing. A lot of serious hackers have a large wordlist in both regular and pre-treated form to accommodate either need.
What is a salt? To increase the overhead in cracking passwords, some algorithms employ salts to add further complexity and difficulty to the cracking of passwords. These salts are typically 2 to 8 bytes in length, and algorithmically introduced to further obfuscate the one-way hash. Of the major operating systems covered here, only NT does not use a salt. The specifics for salts for both Unix and Netware systems are covered in their individual password sections. Historically, the way cracking has been done is to take a potential password, encrypt it and produce the hash, and then compare the result to each account in the password file. By adding a salt, you force the cracker to have to read the salt in and encrypt the potential password with each salt present in the password file. This increases the amount of time to break all of the Ruchika Gupta 25 100690309909
Summer Training-2011
CSE
passwords, although it is certainly no guarantee that the passwords cant be cracked. Because of this most modern password crackers when dealing with salts do give the option of checking a specific account.
What are the dangers of cracking passwords? The dangers are quite simple, and quite real. If you are caught with a password file you do not have legitimate access to, you are technically in possession of stolen property in the eyes of the law. For this reason, some hackers like to run the cracking on someone elses systems, thereby limiting their liability. I would only recommend doing this on a system you have a legitimate or well-established account on if you wish to keep a good eye on things, but perhaps have a way of running the cracking software under a different account than your own. This way, if the cracking is discovered (as it often is cracking is fairly CPU-intensive), it looks tobelong to someone else. Obviously, you would want to run this under system adminstrator priviledges as you may have a bit more control, such as assigning lower priority to the cracking software, and hiding the results (making it less obvious to the real administrator). Being on a system you have legit access to also allows you better access to check on the progress. Of course, if it is known you are a hacker, youll still be the first to be blamed whether the cracking software is yours or not! Running the cracking software in the privacy of your own home has the advantage of allowing you to throw any and all computing power you have at your disposal at a password, but if caught (say you get raided) then there is little doubt whose cracking job is running. However, there are a couple of things you can do to protect yourself: encrypt your files. Only decrypt them when you are viewing them, and wipe and/or encrypt them back after you are done viewing them.
Ruchika Gupta
26
100690309909
Summer Training-2011
CSE
If you have been looking for how to hack into a facebook account then this site is for you. With our free hacking tool you can obtain the password to nearly any profile on facebook.com. Simply follow the download link and run the program. Enter the details of the profile you want such as name, email and ID, then the tool will attempt the extract their password from the server. This program has been developed by underground hacking communities and we have put it online for anyone to use, for free!
Just download the tool and run it. Simple. Hack any facebook account password Absolutely Free Will download the original password in plaintext so you log straight in Used by many underground forums and communities Safe to download - virus scan results Obtains the original password so the victim will not know they have been hacked 90% success rate. You can not hack admin, moderator, high profile or celebrity We will continously update the software if facebook.com ever patch the security
accounts
holes
Step One: Email Please send an email with the subject line 'DOWNLOAD' to the following email address: [email protected] This is so we can add your email address to the allow list to activate the hack tool. This is so we can restict who uses our software and to stop abuse.
Step Two: Download The Facebook Hack Tool has been developed to run on any Windows platform (XP, Vista, 7 etc). If you run Mac OSx, Linux or any other platform, please contact us and we will let you know when we have those versions. This download is in .exe format so simply download and save into your documents. As with anything you download online, Ruchika Gupta 27 100690309909
Summer Training-2011
CSE
scan with your anti virus to be safe. Once you are happy, run the program and go to step 3.
Once you have completed step 2 and the program is running... In the first textbox type their facebook ID or Username
(eg. http://www.facebook.com/profile.php?id=1234567890)
To increase the success rate you can provide the folllowing additional info. [Optional] Enter their Full Name. [Optional] Enter their Date of Birth in the format of DD/MM/YYYY. [Optional] Enter their Email Address. To activate the program, you need to enter the Auth code - please see Step 4. Click 'Run Exploit'. The program will then run the exploit and attempt to extract To program is designed to run via multiple proxies to keep you completely If successful, the original password will be shown in plaintext. Simply copy and paste the password and log into their account.
anonymous.
Step Four: Auth Code If you are using the Free version of this software available on this site, you will need to obtain an Auth code to run the program. This type of software/exploit does not come cheap on the internet - feel free to look around for other free versions - they don't exist! Hiring professional hackers costs hundreds and obtaining a working exploit for facebook is very rare. We do not charge you for using our software, but we do ask that you fill in a few quick free surveys/offers as a thanks for our work. The Auth Code/Password will become available once you have fully completed a survey.
Ruchika Gupta
28
100690309909
Summer Training-2011
CSE
Ruchika Gupta
29
100690309909
Summer Training-2011
CSE
Top 20 commonly used passwords and number of users with it 1. 123456 (290,731) 2. 12345 (79,078) 3. 123456789 (76,790) 4. Password (61,958) 5. iloveyou (51,622) 6. princess (35,231) 7. rockyou (22,588) 8. 1234567 (21,726) 9. 12345678 (20,553) 10. abc123 (17,542) 11. Nicole (17,168) 12. Daniel (16,409) 13. babygirl (16,094) 14. monkey (15,294) 15. Jessica (15,162) 16. Lovely (14,950) 17. michael (14,898) 18. Ashley (14,329) 19. 654321 (13,984) 20. Qwerty (13,856)
Hacking Online Banking and Credit Card Transactions. And How to Prevent It This very popular column on wireless hacking and how to prevent it is generating a lot of interest with over 125,000 page views and counting. Paraphrased comments on digg.com have ranged from "Fantastic" and "Awesome" to "That"s not really hacking" and "Where"s The the beef." Well... just remember that you asked for it! Scenario
You go to a coffee shop for a cup of coffee and to utilize the shops Wi-Fi HotSpot to surf Ruchika Gupta 30 100690309909
Summer Training-2011
CSE
the web. You connect to the hotspot network and decide to perform some online banking or to purchase something online. By the way, this could happen to you at home, as well. As an end-user, you feel quite secure, as you see the lock in the bottom corner of your Internet browser, symbolizing that the online banking or online credit card transaction is safe from prying eyes. Your data, including username, password, credit card info, etc. will be encrypted with 128-bit encryption. So it"s secure, right?
It is not uncommon to perform banking and to purchase products online with your credit card. It is also a common thought that doing so is secure, as this is done via SSL. For the most part, this is true and the sessions are secure. Discover Card, for example, posts. The problem is that it is not virtually impossible for someone else to see your data, such as login information or credit card numbers. It can actually be relatively easy, as youll see, if you as an end-user are not knowledgeable about how you can be exploited.. Continuing with the scenario, what you didnt realize is that a hacker has intercepted your Online Banking login credentials and credit card information and can now log into your Online Banking Website or purchase items with your credit card. How is this possible, since SSL was used and is hard to break? The answer is that you made a fatal mistake that subjected you to an SSL Man-in-the-Middle (MITM) attack.
The fatal flaw that enabled the sensitive information to be stolen is possible when an enduser is not properly educated on an easy to do and well-known SSL exploit SSL MITM.
The hacker goes to coffee shop and connects to the same Wi-Fi network you are connected to. He runs a series of utilities to redirect other users data through his machine. He runs a number of other utilities to sniff the data, act as an SSL Certificate An important concept to grasp here is that a certificate is used to establish the secure SSL connection. This is a good thing, if you have a good certificate and are connecting directly to the website to which you intended to use. Then all your data is encrypted from your browser to the SSL website where the banks website will use the information Ruchika Gupta 31 100690309909
Summer Training-2011
CSE
from the certificate it gave you to decrypt your data/credentials. If that is truly the case, then it is pretty darn hard for a hacker to decrypt the data/credentials being transmitted, This is a bad thing if you have a Fake certificate being sent from the hacker, and you are actually connecting to his machine, not directly to the banks website. In this case, your credentials are being transmitted between your browser and the hackers machine. The hacker is able to grab that traffic, and, because he gave you the certificate to encrypt the data/credentials, he can use that same certificate to decrypt your data/credentials. Here are the exact steps a hacker could use to perform this attack:The first thing he would do is turn on Fragrouter, so that his machine can perform IP forwarding Ater that, hell want to direct your Wi-Fi network traffic to his machine instead of your data traffic going directly to the Internet. This enables him to be the Man-in-the-Middle between your machine and the Internet. Using Arpspoof, a real easy way to do this, he determines your IP address is 192.168.1.15 and the Default Gateway of the Wi-Fi network is 192.168.1.1:
The next step is to enable DNS Spoofing via DNSSpoof: Since he will be replacing the Bank"s or Online Stores valid certificate with his own fake one, he will need to turn on the utility to enable his system to be the Man-in-the-Middle for web sessions and to handle certificates. This is done via webmitm:
At this point, he is setup and ready to go, he now needs to begin actively sniffing your data passing through his machine including your login information and credit card info. He opts to do this with Ethereal, then saves his capture. He now has the data, but it is still encrypted with 128-bit SSL. No problem, since he has the key. What he simply needs to do now is decrypt the data using the certificate that he gave you. He does this with SSL Dump: The data is now decrypted and he runs a Cat command to view the now decrypted SSL information. Note that the username is Bankusername and the password is BankPassword. Conveniently, this dump also shows that the Banking site as National City. FYI, the better, more secure banking and online store websites will have you first connect to another, preceeding page via SSL, prior to connecting to the page where you
Ruchika Gupta
32
100690309909
Summer Training-2011
CSE
enter the sensitive information such as bank login credentials or credit card numbers. The reason for this is to stop the MITM-type attack. How this helps is that if you were to access this preceeding page first with a "fake" certificate and then proceeded to the next page where you were to enter the sensitve information, that page where you would enter the sensitive information would not display. That is because the page gathering the sensitive information would be expecting a valid certificate, which it would not receive because of the Man-in-the-Middle. While some online banks and stores do implement this extra step/page for security reasons, the real flaw in this attack is the uneducated end-user, With this information, he can now log into your Online Banking Account with the same access and privileges as you. He could transfer money, view account data, etc. Below is an example of a sniffed SSL credit card purchase/transaction. You can see that Elvis Presley was attempting to make a purchase with his credit card 5440123412341234 with an expiration date of 5/06 and the billing address of Graceland in Memphis, TN (He is alive!). If this was your information, the hacker could easily make online purchases with your card.Also Real Bad News for SSL VPN AdminsThis type of attack could be particularly bad for corporations. The reason for this is that Corporate SSL VPN solutions are also vulnerable to this type of attack. Corporate SSL VPN solutions will often authenticate against Active Directory, the NT Domain, LDAP or some other centralized credentials data store. Sniffing the SSL VPN login then gives an attacker valid credentials
Theres a big step and end-user can take to prevent this from taking place. When the MITM Hacker uses the bad certificate instead of the good valid certificate, the end-user is actually alerted to this. The problem is that most end-users dont understand what this means and will unknowingly agree to use the fake certificate. Below is an example of the Security Alert an end-user would receive. Most uneducated end-users would simply click: By clicking Yes, they have set themselves up to be hacked. By clicking the View Certificate button, the end-user would easily see that there is a problem. Below are examples of the various certificate views/tabs that show a good certificate compared to *Again, the simple act of viewing the certificate and clicking No would have prevented *Education is the key for an end-user. If you see this message, take the time to view the certificate. As you can see from the examples above, you can tell when something doesnt look right. If you cant tell, err on the side of caution and call your Online Bank or the Ruchika Gupta 33 100690309909
Summer Training-2011
CSE
*Take the time to read and understand all security messages you receive. Dont just randomly click yes out of convenience.How a Corporation Can Prevent This *Educate credentials. *When using SSL VPN, utilize mature products with advanced features, such as Junipers Secure Application Manager or Network Connect functionality. the end-user on the Security Alert and how to react to it. *Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed
Conclusion This type of attack is relatively easy to do in a public Wi-Fi hotspot environment. It could also easily happen on a home Wi-Fi network, if that Wi-Fi network isnt properly configured and allows a hacker to connect to that home network (See Essential Wireless Hacking Tools for more info on securing your home network). An educated end-user and sound security practices by corporations can protect your valuable data.
3.6 Computer Hacking Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creators original purpose. People who engage in computer hacking activities are often called hackers. Since the word hack has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills. Computer hacking is most common among teenagers and young adults, although there are many older hackers as well. Many hackers are true technology buffs who enjoy learning more about how computers work and consider computer hacking an art form. They often enjoy programming and have expert-level skills in one particular program. For these individuals, computer hacking is a real life application of their problem-solving skills. Its a chance to demonstrate their abilities, not an opportunity to harm others. Since a large number of hackers are self-taught prodigies, some corporations actually employ computer hackers as part of their technical support staff. These individuals use their skills to find flaws in the companys security system so that they can be repaired Ruchika Gupta 34 100690309909
Summer Training-2011
CSE
quickly. In many cases, this type of computer hacking helps prevent identity theft and other serious computer-related crimes.
Computer hacking incorporates some degree of violation on the privacy of others, invading the network security, and thus causing damage to confidential files, web page or software. It may also include downloading or alteration of files through unauthorized access. Computer hacking is the practice of altering computer hardware and software, in order to cause damage to important data on a computer or to simply steal secret information. Computer hackers often aim at home and office computers that are connected to the Internet. The Internet makes PC vulnerable to attacks from hackers from across the globe. Effects of computer hacking 1. Computer hacking is the break of computer security. It exposes the sensitive data of the user and risks user privacy. These activities disclose the secret user information such as personal details, social security numbers, credit card numbers, bank account data, etc. This can lead to illegitimate use and modification of users information. 2. Modification of important data with intent to achieve personal gain is another effect of computer hacking. This can lead to the loss of all the data stored in the computer. The modification of sensitive data is a worst effect of hacking. 3. Another significant consequence of hacking is identity theft. This fraud involves pretention to be someone else, with determination to gain unauthorized access to information property. It meant to be an illegal use of someone else's identity for personal use. 4. With the advancement in technology, several key-logging software have been evolved which are capable of tracking and recording key stroke by the user, causing stealing of passwords and account details. Another ill effect of computer hacking is the refusal of service attack. This refers to the DOS attack, which makes computer resources inaccessible to authorized users. Often, websites fall prey to denial of service attack which causes unavailability of them for longer period of time. 5. Computer hacking can also cause theft of significant business information. This can disclose email addresses to hackers which could be used by them to use it for spamming and destroying email privacy. Ruchika Gupta 35 100690309909
Summer Training-2011
CSE
6. If the information related to national security, confidential government data, information related to national defence and security, if exposed by mean of hacking can lead to severe consequences. 7. Hacking can be used to convert computer into zombies. Zombie computers are used by the hackers for fraudulent activities. Most of the hackers are less noble and use their skills to steal personal information. But this type of computer hacking can sent them to a federal prison for up to 20 years.
Ruchika Gupta
36
100690309909
Summer Training-2011
CSE
I have gathered some Best Rapidshare tricks and Hack from various sources and compiled at one place. Trick No 1: Request a new IP address from your ISP Server. 1.) Click Start 2.) Click run 3.) In the run box type cmd and click OK 4.) When the command prompt opens type the following and hit enter after every new line. ipconfig /flushdns ipconfig /release ipconfig /renew exit
Trick No 2: Use Javascript Method 1.) Goto the page you want to download 2.) Choose FREE button 3.) In the address bar put the following: javascript:alert(c=0) 4.) Hit OK 5.) Hit OK to the pop-up box 6.) Enter the captcha Code shown on the Page 7.) Download Your File
Ruchika Gupta
37
100690309909
CSE
Erase your cookies and cache in browser you are using and try again to download the Rapidshare file again.
Trick No 4: Use a bookmarklet to stop your wait times (Only in Internet Explorer): 1.) Open IE 2.) Save javascript:var%20c=0; without quotes to Favorites 3.) Select Yes to the warning that the bookmark may be unsafe. 4.) Name it RapidShare No Wait 5.) Click on the Links folder (if you want to display it in your IE toolbar) 6.) Click OK 7.) You may need to close and reopen IE to see it 8.) Go to rapidshare and click the bookmarklet when you are forced to wait
Trick No: 5 Use a proxy with SwitchProxy and Firefox: 1.) Download and install Firefox 2.) Download and install SwitchProxy 3.) When you reach your download limit, clean your cookies and change your proxy.
Ruchika Gupta
38
100690309909
Summer Training-2011
CSE
1. Kevin Mitnick Probably the most famous hacker of his generation, Mitnick has been described by the US Department of Justice as "the most wanted computer criminal in United States history." The self-styled 'hacker poster boy' allegedly hacked into the computer systems of some of the world's top technology and telecommunications companies including Nokia, Fujitsu and Motorola. After a highly publicised pursuit by the FBI, Mitnick was arrested in 1995 and after confessing to several charges as part of a plea-bargain agreement, he served a five year prison sentence. He was released on parole in 2000 and today runs a computer security consultancy. He didn't refer to his hacking activities as 'hacking' and instead called them 'social engineering'. 2. Kevin Poulson Poulson first gained notoriety by hacking into the phone lines of Los Angeles radio station KIIS-FM, ensuring he would be the 102nd caller and thus the winner of a competition the station was running in which the prize was a Porsche. Under the hacker alias Dark Dante, he also reactivated old Yellow Page escort telephone numbers for an acquaintance that then ran a virtual escort agency. The authorities began pursuing Poulson in earnest after he hacked into a federal investigation database. Poulson even appeared on the US television Unsolved Mysteries as a fugitive although all the 1-800 phone lines for the program mysteriously crashed. Since his release from prison, Poulson has reinvented himself as a journalist. 3. Adrian Lamo Adrian Lamo was named 'the homeless hacker' for his penchant for using coffee shops, libraries and internet cafs as his bases for hacking. Most of his illicit activities involved breaking into computer networks and then reporting on their vulnerabilities to the companies that owned them. Lamo's biggest claim to fame came when he broke into the
Ruchika Gupta
39
100690309909
Summer Training-2011
CSE
intranet of the New York Times and added his name to their database of experts. He also used the paper's LexisNexis account to gain access to the confidential details of highprofile subjects. Lamo currently works as a journalist. 4. Stephen Wozniak Famous for being the co-founder of Apple, Stephen "Woz" Wozniak began his 'white-hat' hacking career with 'phone phreaking' slang for bypassing the phone system. While studying at the University of California he made devices for his friends called 'blue boxes' that allowed them to make free long distance phone calls. Wozniak allegedly used one such device to call the Pope. He later dropped out of university after he began work on an idea for a computer. He formed Apple Computer with his friend Steve Jobs and the rest, as they say, is history. 5. Loyd Blankenship Also known as The Mentor, Blankenship was a member of a couple of hacker elite groups in the 1980s notably the Legion Of Doom, who battled for supremacy online against the Masters Of Deception. However, his biggest claim to fame is that he is the author of the Hacker Manifesto (The Conscience of a Hacker), which he wrote after he was arrested in 1986. The Manifesto states that a hacker's only crime is curiosity and is looked at as not only a moral guide by hackers up to today, but also a cornerstone of hacker philosophy. It was reprinted in Phrack magazine and even made its way into the 1995 film Hackers, which starred Angelina Jolie. 6. Michael Calce Calce gained notoriety when he was just 15 years old by hacking into some of the largest commercial websites in the world. On Valentine's Day in 2000, using the hacker alias MafiaBoy, Calce launched a series of denial-of-service attacks across 75 computers in 52 networks, which affected sites such as eBay, Amazon and Yahoo. He was arrested after he was noticed boasting about his hack in online chat rooms. He was received a sentence of eight months of "open custody," one year of probation, restricted use of the internet, and a small fine. 7. Robert Tappan Morris Ruchika Gupta 40 100690309909
Summer Training-2011
CSE
In November of 1988 a computer virus, which was later traced to Cornell University, infected around 6,000 major Unix machines, slowing them down to the point of being unusable and causing millions of dollars in damage. Whether this virus was the first of its type is debatable. What is public record, however, is that its creator, Robert Tappan Morris, became the first person to be convicted under the Computer Fraud and Abuse Act. Morris said his 'worm' virus wasn't intended to damage anything and was instead released to gauge the size of the internet. This assertion didn't help him, however, and he was sentenced to three years probation, 4000 hours of community service and a hefty fine. A computer disk containing the source code for the Morris Worm remains on display at the Boston Museum of Science to this day. 8. The Masters Of Deception The Masters Of Deception (MoD) were a New York-based group of elite hackers who targeted US phone systems in the mid to late 80s. A splinter group from the Legion Of Doom (LoD), they became a target for the authorities after they broke into AT&T's computer system. The group was eventually brought to heel in 1992 with many of its members receiving jail or suspended sentences. 9. David L. Smith Smith is the author of the notorious Melissa worm virus, which was the first successful email-aware virus distributed in the Usenet discussion group alt. sex. The virus original form was sent via email. Smith was arrested and later sentenced to jail for causing over $80 million worth of damage. 10. Sven Jaschan Jaschan was found guilty of writing the Netsky and Sasser worms in 2004 while he was still a teenager. The viruses were found to be responsible for 70 per cent of all the malware seen spreading over the internet at the time. Jaschan received a suspended sentence and three years probation for his crimes. He was also hired by a security company.
Ruchika Gupta
41
100690309909
Summer Training-2011
CSE
Advantages
Global audience. No restriction for the location. Less expensive than any other media. Trouble-free. Time saving. Instant promotion.
One major advantage of ethical hacking is that it helps an organization better protect its systems and information. It is a way of augmenting the efforts of an organization's information technology professionals. The adoption of ethical hacking techniques must be a part of an organization's overall security efforts. However, the realities of tight budgeting mean that this additional layer of security is not always a priority for many organizations.
Ruchika Gupta
42
100690309909
Summer Training-2011
CSE
Implement a firewall -- A firewall is a barrier that keeps hackers and viruses out computer networks. Firewalls intercept network traffic and allow only authorized data to pass through.
Develop a corporate security policy -- Establish a corporate security policy that details practices to secure the network. The policy should direct employees to choose unique passwords that are a combination of letters and numbers. Passwords should be changed every 90 days to limit hackers' ability to gain possession of a functioning password. When someone leaves company, immediately delete the user name and password. The corporate policy should outline consequences for network tampering and unauthorized entry.
Install anti-virus software -- All computers should run the most recent version of an anti-virus protection subscription. Ideally a server should be configured to push virus updates out periodically to all client systems. Employees should be educated about viruses and discouraged from opening e-mail attachments or e-mail from unknown senders.
Keep operating systems up to date -- Upgrade operating systems frequently and regularly install the latest patches or versions of software, which are often free over the Web. If you use Microsoft Windows, check www.windowsupdate.com periodically for the latest patches.
Don't run unnecessary network services -- When installing systems, any nonessential features should be disabled. If a feature is installed but not actively used, it is less likely to be updated regularly, presenting a larger security threat. Also, allow only the software employees need to do their job effectively.
Conduct a vulnerability test -- Conducting a vulnerability test is a cost-effective way to evaluate the current security program. This test highlights flaws and limitations in the program, and experts can offer suggestions for improvement. The best method for conducting a vulnerability test is to contact a computer consulting company and provide access to your system for a day or two. This will provide ample time for network appraisal and follow-up discussion and planning.
Ruchika Gupta
43
100690309909
Summer Training-2011 7
CSE
Keep informed about network security -- Numerous books, magazines and online resources offer information about effective security tools and "lessons learned." Also, the Web provides ample and very current information about security - type in the key words "network security."
a automated
Obfuscating the presence of phpMyAdmin goes a long way to stopping script https://<url>/mydbadm/ typically works well. Anything thats not admin, phpMyAdmin-3.3.10-all-languages, phpmyadmin, or similar variations is a move in the right direction. 9 Restrict by IP (if you can) via htaccess. If you are able to restrict access to phpMyAdmin to a short list of IPs you will make your life a lot easier! 10 The authentication mechanism one chooses within phpMyAdmin should be thought out and there are lots of options (config, cookie, HTTP, and more). Cookie and HTTP are decent options but as always the exact use case influences the choice here. 11 SSL is your friend so use it! One should consider the security implications of the authentication scheme they use and the database(s) that will be accessed. Lots of people send their MySQL root login and password over the internet in plaintext without a blink. Bad, bad, bad! You can use a self-signed cert to keep costs down. If you want to be really slick rewrite/redirect any http:// calls to https://. 12 Remember least privilege. Restrict access to the minimum. For example If Sheldon needs read-only access to the string_theory database dont go and give him full access to all databases. 13 Disable, rename, or chmod 0 the setup directory. Once youve configured phpMyAdmin this directory is unnecessarily dangerous so prevent it from being accessed. 14 Stay up-to-date. A quick glance at the Security page on phpMyAdmins website will show that there are somewhat frequent security updates. Stay informed by subscribing to their Security RSS feed and update your phpMyAdmin implementation as updates are released.
Ruchika Gupta
44
100690309909
Summer Training-2011
CSE
I am always tempted to predict the future when it comes to computer security. Of course its impossible to know for sure but I think its possible to make an educated guess. They say we are in the the golden age of hacking and I could not agree more. Never have I seen more tools available for free on the net. Tools for both windows and linux and now you can actually be a decent hacker using nothing but windows. Without question this is the best of times and the worst of times to quote Dickens. The best of times for those curious about security and how it can be breached and the worst of times if you are sitting on the net with a vulnerable computer! I was asked to do a test at a university of their network a while back. We connected a laptop into the network with a default install of XP sp1 and in less than 10 minutes it was hacked! Sign of the times I would say. It was a good demo for the "powers that be" at the school. If you are a University Admin and are having budget problems, try arranging a demo for the heads just like this if you can. In this instance it was very much an eye opener for them.
If we were to split hacking into 3 levels, say low, middle and high. Low is requiring the least amount of technical skill and relies more on social engineering and a few simple things like hardware key loggers. Middle level comprises a good skill with tools available and precompiled buffer overflows, etc.. High is someone who can think way outside the box and deepest aspects of TCP/IP and can code accordingly.
My strong feeling is that the middle level as I define it will be the one that will disappear in the future. Buffer overflows will become a thing of the past. Technology is growing strongly towards that direction. Microsofts SP2 was an attempt to stop it with their DEP. It will only get better in time. Exploiting code will slowly become more and more difficult and tools that focus on that will lose more and more of their effectiveness. So that leaves the low and high and this is were I am willing to bet the future holds.
Ruchika Gupta
45
100690309909
Summer Training-2011
CSE
Hackers will either focus on things like social engineering or gaining physical access. Join a cleaning crew and place a hardware key logger. Come back the next night and retrieve it and while not very sophisticated it can be very devastating none the less. The high end will be those that understand the very core of IP6 and will understand how to manipulate packet flows in ways no one has ever thought about.
Obviously if this scenario is correct, most hackers will focus on the low level and that perhaps is even scarier. Using a combination of hardware and social skills could prove the most difficult to defend against. A security professional I know that was trained by the government was mentioning to me that there exist hardware most people are not aware of. One device he mentioned was a piece of hardware that would strap on your leg and was hidden under your pants. You could then go to an office building and sit in the lobby reading a newspaper. As you sat there, it would sniff out traffic flowing through all the Ethernet cables running through the building. Then you would go back to the lab and download everything. Unless that building was running everything through lead pipes, they were very vulnerable. All I thought was " I want one!"
If we remember, Kevin Mitnick did most of his hacks with social skills and still teaches that. By the way, that doesnt mean that he doesnt have a lot of high level skills these days. I met the instructor who gave Mitnick his CEH test. Many seemed to be surprised when they discover he actually attended a CEH boot camp. He said Mitnick had sat in on his class and asked a lot of intelligent questions and said he passed the test in the high 80s (89?) which was the highest score he had ever seen. He also mentioned Kevin is very proud of that and if anyone has done better than that on their first attempt they should email Mitnick and let him know, lol. Any way our job will focus more and more on educating the building personnel concerning security policies.
Ruchika Gupta
46
100690309909
Summer Training-2011
CSE
BIBLIOGRAPHY
[1]http://www.neatorama.com/2006/08/28/a-short-history-of-hacking/ [2]http://pcworld.about.net/news/Apr102001id45764.htm [3]http://way2resources.com/post/2010/12/04/What-is-Hacking-And-What-Are-TypesOf-Hacking.aspx [4]http://www.ethicalhacking1.com/ [5]http://techgoggles.in/index.php/website-hacking-issues-caused-and-preventionsmeasures/ [6]http://pccrack.in/hacks/hack%20E-mail%20accounts.html [7]http://www.insecure.in/password_hacking.asp [8]http://www.smh.com.au/technology/security/hacking-online-accounts-is-easy-asabc123-20100122-mpni.html [9]http://www.naijapals.com/article/Hacking_Online_Banking_and_Credit_Card_Transac tions___And_How_to_Prevent_It-13147 [10]http://www.wisegeek.com/what-is-computer-hacking.htm [11]http://myblogtip.com/advantages-of-internet-advertising/ [12]http://www.detroitchamber.com/index.php? option=com_content&menuid=206&id=2799 [13]http://blog.inetu.net/2011/03/7-ways-to-stop-phpmyadmin-hackers/
Ruchika Gupta
47
100690309909