0% found this document useful (0 votes)
112 views22 pagesEthical Hacking Ch1 Part 2
Uploaded by
JamesCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0% found this document useful (0 votes)
112 views22 pagesEthical Hacking Ch1 Part 2
Uploaded by
JamesCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
/ 22
Hacking (MU - B.Sc, Sem Vi) _1-31 Info. Sec.: Attacks & Vulnerabilities
Once
the vietim tries to login or enters some data, the hacker gets that private information
of the target victim using the trojan running on the fake site. Phishing via iCloud and
Gmail account was the attack route taken by hackers who targeted the “Fappening” leak,
which involved numerous Hollywood female celebrities,
Phishing Attack
4. Send stolen credentials
i Acco
3H Phishing Site
5. Harvest new
credentials 3.Visit phishing page|
_ 2. Send phishing email
Attacker
Fig. 1.16.6: Phishing attack
Vietim
= Even just for fun, a hacker can use software to fake a wireless access point. This WAP
connects to the official public place WAP. Once you get connected the fake WAP. a
hacker can access your data, just like in the above case.
~ I's one of the easier hacks to accomplish and one just needs a simple software and
wireless network. Anyone can name their WAP as some legit name like “XYZ. company
Wii” or “Your WiFi” and start spying on you. One of the best ways to protect yourself
from such attacks is using a quality VPN service.
Syllabus Topic : Eavesdroppi
Unlike other attacks which are active in nature, using a passive attack, a hacker just
‘monitors the computer systems and networks to gain some unwanted information.
~ The motive behind eavesdropping is not to harm the system but to get some information
Without being identified. These types of hackers can target email, instant messaging
Services, phone calls, web browsing, and other methods of communication. Those who
indulge in such activities are generally black hat hackers, government agencies, etc.
B.So - Comp: Sem VI
Attacker
Rg. 1.16.7: Eavesdropping
Syllabus Topic : Man-in-the-Middle
1.16.7 Man-in-the-middie
A man-in-the-middie attack is a type of cyber attack where a malicious actor inserts
him/herself into a conversation between two parties, impersonates both parties and gains
‘access to information that the two parties were trying to send to each other.
A man-in-the-middle attack allows a malicious actor to intercept, send and receive dats
meant for someone else, or not meant to be sent at all, without either outside party
Knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways.
including MITM, MitM, MiM or MIM.
Key concepts of a Man-in-the-Middle attack
Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor
inserts himself as a relay/proxy into a communication session between people or systems.
A MITM attack exploits the real-time processing of transactions, conversations or transfer
of other data.
Man-in-the-middle attacks allow attackers to intercept, send and receive data never mean
to be for them without either outside party knowing until it is too late.
—— ©.
7) ethical Hacking (MU - B.Sc.
‘Original Connection
sme
User Web Application
New Connection
Man in the Middle
Fig. 1.16.8 : Man-in-the-middle
—
Syllabus Topic : Session Hijacking
1.16.8 Session Hijacking
116.8 What is Session Hijacking ? Explain. (Ref. Sec. 1.14
— The Session Hijacking attack consists of the exploitation of the web session control
mechanism, which is normally managed for a session token.
— Because http communication uses many different TCP connections, the web server needs
a method to recognize every user’s connections.
— The most useful method depends on a token that the Web Server sends to the client
browser after a successful client authentication. A session token is normally composed of
a string of variable width and it could be used in different ways, like in the URL, in the
header of the http requisition as a cookie, in other parts of the header of the http request, or
yet in the body of the http requisition.
— The Session Hijacking attack compromises the session token by stealing or predicting a
valid session token to gain unauthorized access to the Web Server.
~The session token could be compromised in different ways; the most common are :
© Predictable session token;
© Session Sniffing;
© Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc);
© Man-in-the-middle attack;
© Man-in-the-browser attack.
Ethical Hacking (MU - B.Sc. -Comp. Sem VI) 1-34
Info. Sec.: Attacks g Vulnora,
a
Authentic Request a S
Session Hijacking
Innocent User Server
B impersonate Request
Attacker
Fig. 1.16.9 : Session Hijacking
Syllabus Topic : Clickjacking a
1.16.9 Clickjacking
~ Click Jacking is also known by a different name, UI Redress. In this attack, the hacker
hides the actual UI where the victim is supposed to click.
~ This behaviour is very common in app download, movie streaming, and torrent websites,
While they mostly employ this technique to earn advertising dollars, others can use it to
steal your personal information.
Ee RUMOR eT
Like OMG! Youjust won a L000 dollar Walmart cardi
Dont worry, allwe wantis for youto click out
annoying, seizure-making adsowe can destroy your
‘computer with allour viruses and stuff and get your
personalinfo!
Fig. 1.16.10 : Clickjacking
~ In another word, in this type of hacking, the attacker hijacks the clicks of the victim that
aren’t meant for the exact page, but for a page where the hacker wants you to be. It works
by fooling an internet user into performing an undesired action by clicking on hidden link
P) Ethical Hacking (MU -B.Sc.- Comp. Sem VI) _1-35 Info, Sec.: Attacks & Vulnerabilities
Syllabus Topic : Cookie Theft
1.16.10 Cookie Theft
10 What is Cookie Theft ? (Ref. Sec.
= The cookies of a browser keep our personal data such as browsing history, username, and
passwords for different sites that we access. Once the hacker gets the access to your
cookie, he can even authenticate himself as you on a browser.
- A popular method to carry out this attack is to encourage a user’s IP packets to pass
through attacker’s machine.
| [Bevel [Bowser]
Fig. 1.16.11: Cookie Theft
Also known as SideJacking or Session Hijacking, this attack is easy to carry out if the user
is not using SSL (https) for the complete session. On the websites where you enter your
password and banking details, it’s of utmost importance for them to make their
connections encrypted.
Syllabus Topic : URL Obfuscation
1.16.11 URL Obfuscation
~ An obfuscated URL is a web address that has been obscured or concealed and has been
made to imitate the original URL of a legitimate website. It is done to make users access a
spoof website rather than the intended destination.
~ Obfuscated URLs are one of the many phishing attacks that can fool Internet users. The
spoof site is often an identical clone of the original one in order to fool users into
divulging login and other personal information.
1-36
(MU - B.Sc. - Comp.- Sem VI) Info. Sec.: Attacks § y
An obfuscated URL is also called a hyperlink trick.
Fig. 1.16.12 : URL Obfuscation
Anackers usually use a common misspelling technique where they misspell a dom:
Same to trick users into visiting. These obfuscated URLs can be a cause of malwan
‘entering 2 user’s computer system.
URLs are strings of text that identify web resources such as websites or any kind
Intemet server, so an obfuscated URL shows up as a meaningless query string to users.
‘This hides the real address of the linked site when the user hovers over the link. URL
obfuscation is not always used for phishing or cross-site scripting, but it is also used b’
legitimate websites to hide the truc URLs of certain pages so that they cannot be access¢!
directly by the users or allow certain procedures to be bypassed.
At is also used as an anti-hacking procedure. This is termed as security through obscurity
af 2 ee. ae
wg Ethical Hacking (MU -B.Se.- Comp Som Vi)_1-7 Info. Sec.: Attacks & Vulnerabilities
Syllabus Topic : Buffer Overflow
4.16.12 Buffer Overflow
[GEES What is tor overiow ? (Ret. Seo. 1.16.12) Marka]
— A buffer overflow condition exists when a program attempts (o put more data in a buffer
than it can hold or when a program attempts to put data in a memory area past a buffer. In
sa sequential section of memory allocated to contain anything from a
this case, a buffer i
character string to an array of integers.
Writing outside the bounds of a block of allocated memory can corrupt data, crash the
program, or cause the execution of malicious code,
Fig. 1.16.13 : Buffer Overflow
————
Syllabus Topic : DNS Poisoning
1.16.13 DNS Poisoning
~ DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits
aeabiliies in the domain name system (DNS) to divert Internet traffic away from
legitimate servers and towards fake ones.
.
,
rolee ; from py
server to DNS server, In 2010, a DNS poisoning event resulted in the Great Fin,
China temporarily escaping China's national borders, censoring the Internet in te tg,
‘until the problem was fixed, ‘
A DNS cache can become poisoned if it contains an incorrect entry. For example
attacker gets control of a DNS server and changes some of the information on it.
For example, they could say that google.com actually points to an IP address the aay
‘owns that DNS server would tell its users to look for Google.com at the wrong adn,
‘The attacker's address could contain some sort of malicious phishing website
DNS poisoning like this can also spread. For example, if various Internet seri,
Providers are getting their DNS information from the compromised server, the poison:
DNS entry will spread to the Intemet service providers and be cached there. It will.
spread to home routers and the DNS caches on computers as they look up the DNS ean
Teceive the incorrect response, and store it.
f
Fig. 1.16.14 : DNS Poisoning
——
Syllabus Topic ARP Poisoning
1.16.14 ARP Poisoning
«@
Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which ®
attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN
by changing the target computer's ARP cache with a forged ARP request and pl
packets.
gi Ethical Hacking (MU - B.Sc. - Comp Sem Vi) _1-39 Info. Sec.: Attacks & Vulnerabilities
= This modifies the layer -Ethernet MAC address into the hacker's known MAC address to
monitor it. Because the ARP replies are forged, the target computer unintentionally sends
the frames to the hacker's computer first instead of sending it to the original destination.
As a result, both the user's data and privacy are compromised. An effective ARP
poisoning attempt is undetectable to the user.
| = _ ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR).
= ARP poisoning is very effective against both wireless and wired local networks. By
triggering an ARP poisoning attack, hackers can steal sensitive data from the targeted
computers, eavesdrop by means of man-in-the-middle techniques, and cause a denial of
service on the targeted computer. In addition, if the hacker modifies the MAC address of a
computer that enables Internet connection to the network, access to Internet and external
networks may be disabled.
- For smaller networks, using static ARP tables and static IP addresses is an effective
solution against ARP poisoning. Another effective method for all kinds of networks is
implementing an ARP monitoring tool.
Attacker
IP: 172.15.1.11
MAC :B
User
IP: 172.15.1.10 ae
MAC: A
Fig. 1.16.15 : ARP poisoning
ee
‘Syllabus Topic : Identity Theft
1.16.15 Identity Theft
The information can be used to obtain credit, merchandise and services in the name of the
Victim, or to provide the thief with false credentials. In addition to running up debt, in rare
cases, an imposter might provide false identification to police, creating a criminal record or
leaving outstanding arrest warrants for the person whose identity has been stolen.
i lll—~“—t‘“C:*é
(uu -Bs6. sem Vf) 1-40 Info. Sec. Attacks 8 Vulnarabig,
+ Types and exampies of identity theft
~ Identity theft is categorized two ways: true name and account takeover. True-name
identity theft means the thief uses personal information to open new accounts. The thier
might open a new credit card account, establish cellular phone service or open a ney
checking account in order to obtain blank checks.
= Account-takeover identity theft means the imposter uses personal information to gain
‘access to the person's existing accounts. Typically, the thief will change the mailing
address on an account and run up a huge bill before the person whose identity has been
stolen realizes there is a problem. The internet has made it easier for an identity thief to
use the information they've stolen, because transactions can be made without any persona}
‘= There are many different examples of identity theft, such as :
- Tax-related identity theft, where a thief files a false tax return with the Internal Revenue
Service (IRS) using a stolen Social Security number.
- Medical identity theft, where a thief steals information, including health insurance
member numbers, to receive medical services. The victim's health insurance provider may
get the fraudulent bills, which will be reflected in the victim's account as services they
received.
= ‘Child identity theft, where a child's Social Security number is misused to apply for
government benefits, open bank accounts and other services. Children's information is
often sought after by criminals, as the damage may go unnoticed for a long time.
~ Senior identity theft, where a senior is the target of an identity thief. Seniors are often in
contact with medical professionals and insurance providers, and may be used to giving out
their personal information. They may also not be as aware of the scamming methods
thieves use to steal their information.
Syllabus Topic : oT Attacks
1.16.16 {oT Attacks
Internet of Things (IoT) delivers substantial benefits to end users. However, it also brings
unprecedented security challenges. A part of the central security issue is that connected
devices share implicit trust.
Info. Sec.: Attacks & Vulnerabilities
‘This shared trust between connected devices means that the devices automatically transmit
heir data to cach other immediately upon recognition without first running any malware
detection tests. The worst-case scenarios of these IoT security dangers result in physical
harm or even the loss of life.
Syllabus Topic : BOTs and BOTNETS
Bots are computer programs or software applications designed to execute a series of
operations automatically. There are several useful bots (good bots) that crawl websites and
‘create visibility on search engines and social media channels.
‘There are several bots executed for general information collection, like weather reports
‘over several locations across the globe, football scores and team performances over time,
‘and so on. Bots are employed for these activities because they're either mundane or too
repetitive for humans to perform.
‘There are bots (bad bots) created to cause harm to websites and online businesses. Bots
‘are created to illegally scrape content from websites and post them elsewhere.
‘Competitors employ third-party scrapers to gather information and content, so that they
‘can fine tune their business strategies to overtake the competition, unethically. Millions of
bots sent from single or multiple IPs can cause Denial of Service (DoS) attacks, stifle
bandwidth and severely impact user experience.
Having said that, the hackers creating bots, targeting online businesses, seem to be
‘moving to sophisticated methods to get around the security mechanism in place. Real-time
bot prevention solutions that constantly learn and update bot signatures and patterns will
provide continuous protection to websites.
BOTNETs
Was computers get infected with malware bots, they could be included to a network of
infected computers, forming botnets, These botnets will be orchestrated by a command
and control center that instructs them on specific malicious actions.
A computer infected with a malware bot or virus can spread the same in their intranet,
Saad massive botnets. In most cases, the users of these computers are not aware that
theirs is a part of a botnet, performing malicious activities.
#7
Ethical MU - B.Sc, - Comp.- Sem V1) Info. Sec.: Attacks & vy
Botnets are created to perform malicious activities such as Distributed Denial of
(DoS) attacks, phishing scams, spam emails, ransomware, click fraud and a lot mop, i
~ In most cases, computers become infected and turn into botnets because of a Weak
Point security system. This can be taken care of by having the virus and Maly
Programs and definitions updated and patched.
~ Also, users of these computers should be educated on the perils of opening tnkyo,
attachments and clicking on suspicious executables.
Syllabus Topic : Case-studies : Recent Attacks - Yahoo , Adult Friend Finder, Bay,
Equifax, WannaCry, Target Stores, Uber, JP Morgan Chase, Bad Rabbit
1.17 Case Studies
1.17.1 Case Study Attack on Yahoo -
= Sais a vac 25 Sa re ets a 2013 data bread
was affected in the cyber attack.
— A data breach is the release of secure or private/confidential information to an untrust
environment intentionally or unintentionally.
- The company said new intelligence suggests as many as 3 billion accounts we:
compromised in the attack.
— Ithad previously admitted around 1 billion accounts were affected.
— “Based on an analysis of the information with the assistance of outside forensic expert
Yahoo has determined that all accounts that existed at the time of the August 2013 the
were likely affected,” it said.
- The breach saw email addresses, passwords, telephone numbers and birth dates at risk
having been taken.
— However, the stolen information did not include payment or bank account details.
— Atthe time, Yahoo had urged all its users to change its passwords, though had specifics!
notified the | billion user accounts it thought were compromised,
- Yahoo has now sent emails to the additional 2 billion users believed to be affected.
Ethical Hacking (MU
Comp.- Sem Vi) 1-43 Info. Sec.: Attacks & Vulnerabilities
- The news of the breach last December followed its warning just months earlier that it had
been hit by a "state-sponsored attack" in 2014, in which it lost the details of at least half a
billion users, including eight million from the UK.
= Yahoo said forensic experts discovered the new information relating to the hack after it
was folded into the AOL brand, under the new name Oath.
= Verizon decided to merge the two businesses after its purchase of Yahoo's mail service,
news and finance service, and the Flickr and Tumblr social networks completed in June.
= The price Verizon paid for the Yahoo businesses was cut by $350m after both the 2013
and 2014 data breaches were revealed.
= The remainder of Yahoo, which Verizon did not buy, comprised of stakes in the Chinese
retailer Alibaba and Yahoo Japan, and was renamed Altbaba.
1.17.2 Case Study Attack on Adult Friend Finder
[[0.1.17.2 Write a case study attack on Adult Friend Finder. (Ref, Seo. 1.17.2) _
(6 Marks)]
" — A massive data breach targeting adult dating and entertainment company Friend Finder
Network has exposed more than 412 million accounts.
- The news was made public by LeakedSource, who said that the hackers targeted Friend
Finder Network Inc, the parent company of AdultFriendFinder, in October 2016 and stole
data that stretched back over the last 20 years.
- Affected sites include not just AdultFriendFinder but also adult webcam sites Cams.com,
iCams.com, and Stripshow.com, as well as Penthouse.com.
— At the time of writing, AdultFriendFinder has not published any statement on its website
about the security breach.
- The AdultFriendFinder website appears to have been hacked, exposing the personal
information of hundreds of millions of user accounts.
~ The attack happened at around the same time as one security researcher, known as
Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which if
successfully exploited could allow an attacker to remotely run malicious code on the web
server.
1.17.3 Case Study Attack on eBay
~ Cyber Attack on eBay in 2014. We will study what are the parameter and reasons for
cyber attack.
vA
Bay has been described as the “golden goose”
‘The some information is
address, Physical address,
Not encrypted like Customer ni
Phone number, Date of birth,
It's Shocking that Bay would choose not to encry;
ame Encrypted Passyon
Between mid of month May and July 2017 hackers accessed
~ Through a publicised
data held by Equifax.
vulnerability in a web application, for which there was a well-known
Patch available.
— Apparently six weeks
made by Equifax.
may be that Equifex knew about the breach for more than six weeks. Visa and
MasterCard also sent confidently alerts to financial institutions across the United States,
parning them about more than 200,000 credit cards that were stolen in the epic daa
breach.
elapsed between them the breach was discovered and noticaon being
1.17.5 Case Study Attack on WannaCry
~ It was a cyber attack conducted on a large scale, targeting only the Microsoft Windows
operating systems.
Bh eric rinsong ome B.Sc.- Comp Vy) 1-45 Info. Sec.: Attacks & Vulnerabilities
= In this attack, the ransom ware would encrypt all the files in your computer. To remove
such encryption, one was asked to pay approximately $300 worth in bit coins, with a
Geadline
= The main victims of each cybercrime were Windows 8, 2003 and XP users, because the
Jast released security update for XP was in April 2014, and many did not install the newer
‘update as of March that year
- Microsoft had stopped supporting these versions of windows, but an emergency update
was released for them to fight this cyber attack.
— ‘There were many using an unlicensed windows software. This makes them all the more
vulnerable.
— The attack is believed to have been carried out using tools that were stolen from the US
security agency NSA, which had been stockpiling on a number of vulnerabilities around
‘Windows OS, MacOS, etc.
— The WannaCry ransomware attack had exploited vulnerability in Windows OS called
EtemalBlue.
= ‘This attack impacted a number of businesses, institutions and hospitals all over the world.
— Businesses like Nissan and Renault had to pause their activities after some of their
‘computers were affected.
= In hospitals, computer systems used for various purposes were affected, like MRI scanners
‘and computers. 4
‘L176 Case Study Attack on Target Stores
~ In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores
by accessing data on point of sale (POS) systems.
~ Target shoppers got an unwelcome holiday surprise in December 2013 when the news
came out 40 million Target credit cards had been stolen.
ena
