Hacking

Submitted to: Mr. Abhishek dixit Submitted by: Aman B-Tech(H) M-tech cse Section-144 Roll no-54 Reg. no-7050070092

Hacking
Submitted to: Mr. Abhishek dixit Submitted by: Aman B-Tech(H) M-tech cse Section-144 Roll no-54 Reg. no-7050070092

Hacking Everything & Everyone

What is Hacking ?
The act of gaining unauthorized access to computer systems for the purpose of stealing and corrupting data. Types Of Hackers: Black Hats - Malicious hackers White Hats - Ethical hackers Grey Hats Ambiguous

Search Engines Efficient ( Google most effective) Around 12 Billion Pages Starting point of many hacking activities. .. Can you believe it? Infact, One of the most interesting uses of Google

Hacking your Home.

What is in your castle?

SSN Card? Financial Records? Medical records? Checkbook? Additional ID? Physical Security is more important than ever! Locks, Alarms, Safes, Dogs, Lasers!

Hacking your person Wallets and purses Check books $10,000 Bills Theft, duplication Phone,Cameras. Keep your stuff on you Hide your card with your body....

Hacking your network

Hacking your network

Internet Connection Wireless Worms Uninvited guests Wrong network?? Dont make your Laptop be an AP (No Ad-Hoc!) Secure your wireless Encrypt! Address Filter! Make sure youre on the right network!

Hacking your PC

Whats on it? Banking, Taxes, Medical Records Cookies! Browser History! Password file?? How do they get in? Viruses/Trojans Spyware Keyloggers Remote Control

Discussion on Hacking
Web hacking..

Google hacking

HaX0rz Toolkit
Complicated sploits that need a

Bachelors degree to understand and Use Scripts in various languages and syntaxes like C, PERL, gtk and bash Automated scanning tools like nmap and nessus A web browser

Web hacking
A Web surfing.. 1. Is easy to do, 2. Is Operating System independent, 3. Doesnt require intimate knowledge of the system, 4. Provides access to vast amounts of data

and information, 5. and topped off with all kinds of data mining tools

Web Features
Reverse phone number searches Detailed address topological maps Satellite photography of target area Resumes Phone and Email lists Likely targets described in detail Exploit information easy to obtain

Data aggregation makes it more serious

What Well Learn

Methods of Reconnaissance The level of sensitive detail companies and organizations leave exposed to the Internet The level of detail about specific people on the Internet The effect of data aggregation on

privacy

More Web Hacking

Search engines are a treasure trove of information Weve looked at general web search engines, but lets now look at more information specific sites

Administrative web servers Reconnaissance from the sky Proxies

Final Thoughts

We have shown a few ways that a web browser can be used to gather huge amounts of target information, and a few ways the web browser can be used to exploit trivial vulnerabilities There are many more online services like the ones pointed out in this presentation It is easy to collect and analyze this information to produce thorough profiles

GOOGLE HACKING !!

Introduction What is Google Hacking/GHDB ? GHDB Johnny Long How it works ? Possible Reasons Approaches to AVOID/RESOLVE Googles Response (GHH) SPI Labs Solution

Google Hacking
Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.. The whole Idea !! Web pages are: http://www.networkworld.com/news /2005/090505-google-hacking.html Crawled/Indexed (typically, once 2 weeks) Cached Hackers query this information (Reconnaissance) - inurl and allintitle - Once Indexed Its cached a) Contact Google (http://www.google.com/remove.html) b) Contact Other Search engines - Google performs the dirty work (password embedded urls)

From the Google Hacking Database: Error messages that contain too much information. Password Files and Sensitive directories Pages containing logon portals. Pages containing network or vulnerability data such as firewall logs.

PRIMARY REASONS
People Negligence Called GoogleDorks Increase in number of Remote administrative

tools Security holes in the Networks Poor site configuration e.g. Securing admin panel - .htaccess procedure (passowrd protection on HTML documents)

Probable Solutions : Avoid/Resolve ?? Google Hack Honeypot ( GHH) - reconaissance against attackers

Automatic Scanners:

Web Vulnerability Scanners : Scan the website and point out potential security issues. - Need to be Configured properly. - Not 100% efficient Examples : Nikto, Paros Proxy, WebScarab, WebInspect SPIDYNAMICS (Web Inspect): Pick a Scanning Tool (possibly executing Java Script/Submit Forms) Appropriately Configure the Tool and Kick it off Sort the Results Use a Scanner to run Queries Scan the SiteTree (WebInspect displays the SiteTree in a explorer view) Check for /admin folders Check for passwords kind of files Scan the Content of the results

GENERAL RULES to AVOID HACKING

Best Practices: Security - development stage Access Controls Maintenance: Run Scanners Use Robots.txt carefully Change default error messages. Password Protection to critical data

Password Encryption

References:
www.google.com http://searchsecurity.techtarget.com/sDefinition/0,,sid14

_gci1151189,00.html http://www.castlecops.com/article-6466-nested-00.html http://ghh.sourceforge.net/ http://www.honeynet.org/papers/honeynet/