Scribd Logo
Upload

Welcome to Scribd!

  • Ethical Hacking

    Uploaded by

    Devika Dakhore
    100 views70 pages
    tybcs

    Original Title

    ETHICAL HACKING

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    tybcs

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    100 views70 pages

    Ethical Hacking

    Uploaded by

    Devika Dakhore
    tybcs

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 70
    Dear Students om eee any rn the eof hal af Jou oe ide Be te ino al carters 2 het he os on be rege on understood prep. The topes win te enter hove been eranged no prope sauce ene smo foe te sade "27 thonkfl oS, Soca Shah forthe encurgeren nd sport ht hey hove ended ‘46 10m ako than to he ta members of Tech Neo Pubeatins ond thr forthe effets tome {hls book os goad a Is. We hove omy made every posse efor tenia athe eo i te ‘book: However you find om eos etme nom, becouse the wl hes mee ingrove futher 1.0m bo thnkfl toy family members ond ens ote gotence and encuropement SYLLABUS ; ees} Unie Lunrrs | ‘* Chapter 1: Information Security: Attacks and Vulnerabilities. ‘% Chapter 2: Ethical Hacking ~ 1 (introduction & Pre-Attack) ‘* Chapter 9: Ethical Hacking : Enterprise Securt.... ‘> LAB MANUAL... organ Cane, Ba aot Span Topi: itn in ft a a ‘ane En tee St Ta eas otin a = ve como DOL 1.4 Introduction to Information RAM in of enti. The Rank teller aks © see 6 po ID, #0 e hots the elle his Pan Cart-Te bank ter cbeck the Pa Crd oma sare bias RAM prin on i and compares the ogaph oe he Pan Card apn the pe lang tobe RAM. ef, ois i cl autoiaton, ‘tabu Tope: CUA ee | ~ Coney sa et of les tat erie access 1 tomato, imepey is asurce that te | — ‘nfrmatom scurte and wordy. and alah a parte of saben sce Ie tomato by storing Hig LL: CUA Teint 14 Confgentaity = Contdeiy hing bt privacy. = Integrity is assures that the dita or infomation system can be tse ~ Ris ensces that ted by ony authorized persons ‘a rersins in is iia ate when ares. ~ Dats encryption Standard and hashing algortims cry processes that proving integrity 3. Avalabty ‘Tee Dat and information sytem are avaiable whenever eqied = Mordware mintenance, software upgrading ‘aching and network optimization ensures wala, Tess — Pe an read to stem resources incising es, computer programs, services, dt nd aplicaon festrs = Avtorzaion ie he process of amiag or denying sets 10-8 network resource wich 1 lavolves ening, assesing, and teaing ris to) the confiensalty, epi, and ‘vale of an crganiztons sss, 1 Stages of Rak Management 1 Ris entation = ssc teaying postive & ase ik that ffs to prsculrobjec. We cam Henfy sk read Ass, reds, ‘ners an coal, Syabus Tope Valneroity © Diss denal-erice (ODS) stacks Softwar that already need wih views Missing dt encryption SOL injection Baller overiow Misingstorzaton Use of broke algorithm —______. Tyne Tons Seut Fonsonaiy-ase of _—_—_$—=—- e112: Sety Peco fe Tog = When we plement any higher level of ecu t fs going impact facionaty and ease of ~ So whenever we develop any appiaon with secuy Keping ia mind as 2 being sewiy project mane, ect test engineer o seaiy evloper we need 10 make sue dt we have | elaced al ese re tings, = Soif wee aying w make any sppicaton eyo J of scuity Weakness cours = Fer Exige Web Login in plications we an ute OTP or Secure ake Sylobue Topi Types of Malware DH 1.2 Types of Malware 2 Vinwes 4 Spyware setive on an nected yen, = Woms were spread tough infos’ sorge Examples of Worme 1. mal worms a = Anema woms uses aPC ema cleat spend | ~ Kink win te ema da, licked, wil inet the compere it wl stent ae go computers weedvie in 200, 2. Anernet Worme Aw Inerset worms ae completely autonomost programs ois a ifcted machine oan the Intermet footer anerae maces. = So when 8 vloerable machine i lst, the worm wl infect it an bein the proces spin. Jes Re Fie bak a ‘Sylabas Topi Trojan ate Terie Tren ‘These actions can inte + Deleting. daa, ‘Blocking data, Modifying dt, Copying tn = Dining the performance of computes oF compe networks Tr sitanee Tepe: Soper ‘online Behaviour withoat your Knowle or perision = Wis Kind of matcous software tat secretly | hers informatio about psc o orpnizaon ~ oes your introet conetion to rly persona ~ Roothit detection is ficult because it intereerts ‘pezating system calls by antivirus and rears ® ‘infomation such s sere, adres, interest, ‘Te Palit — Ps ti ip ia ric cing MU Comp Som) Seeity Project (OWASP) is an inematons! ton gott organization dedieted to web appion secur, 10, Using components with known valneites 1. Insti Logging and meiing oS Sylabus Tonic ~ A Crsesite seiping(XS9) wei cour When web pplcatns allow wes Include scoping wrod HTTP ree as well ss validing aod sung wer generied ‘yt Topo; Gross Se Roques Forgery (Gonrnsne) 1.32 cross site Request Forgery (CSR /xsRF) = The CrossSie Request Forgery (CSRF) it an acer that fret an we vated ~ Since the acer bs no way tose the eapase tbe fake eqs \ a cue 9 = "SELECT * FROM ee, WHER srremgaPaemciC i) + tn socond scenario, an eppication' ‘ers WHERE uD=" + rues geParanster 27) = tna above cases furan value it ter owsEr (0 send: o¢ 11 For example itpsexamplecomapphsersView id — 1 | Syawes rept ange Parameter Manipulation lax 13.4 Input Parameter Manipulation The input Parameter manipulation attack i isl parameters exchanged stack ~ For sbove pen css toe kes Web a Pros proxy are mostly used ivilepes asthe tacked user. ont pect sensive dit = Tnyeb application, developers soo tke ce crsr it hy et cee ee seve a Caching meas empory t ‘data for re-use. rey song Syabos Topic: AML External Enon 1.3.7 XML External Entities = XML Escemal Eats is a ack apuat 2 wed ee Pane ew ages re E15 _wtratenSoarty At an Warrior but web applstion develop og OWASP Mane don’t always have the patched or mostreceat 1 oe Syrabus Toples Security Meconiguration Status Tope: Securty Mecontowenen Security Misconfiguration Inproper Porm Urge Insecure Dt Storage 2 3. Insecure Commusiation 4. scour Autentcation 5. Insufiient Cyptoeraphy 6. Ince Authoration 7. Cleat Cote Quay Code Tanpering 9. Revere ngieeing 10, Exaneous Functionality 1. Improper Platform Usage ‘Syiabus Tope Broken Access Control ‘Sylabue Topie Using W138 Broken Access Control ms % 1.3.10 Using Components with Sylabus Topic OWASP Moble Top 10 DH 1.4 OWASP Mobile Top 10 ~ Many serves ssid aboraon tokens when ‘ergs in, = beer prveped request hawer makes wil ~The Componeat developers often offers sist! Patches and updites to plug yp i009 Tot Pl oe aig 1 ai asics rocedue and dats tres, they rarely bother to in proper mation. it eorypcing data in tant Jie app evice tke «router, @ maiiows software on | ~ deve e = you ot use encryption snd open your mobile ‘9p tat can aly expoiahevalneraility which At ead to dt os and bears sever impact on ~The est way to prt dt is encryption and horough verison of dan aio OWASP is ‘© py ations enrypion tothe data before seeding. {4 Insecure Authentication = Tasecureaubeniction encompasses both pp eatily and submit request Authentication schemes foe mobile apps ae rch leaner than for tepuar web applications. Since delete data, cise commands tothe app oto the This may lead to severe technical and business impact. business impact because i results in perpetrate obtinng decrypted information from # metile device, ~ Depending onthe applications, extremely person) information can be compromised, which leas ‘wer backlash and even potential a ~The best way to avoid insuiient cryptography 8 ‘0 follow the best practices and standards use cenptonsphy a Sc SV ~ These vulesbilies epading authencaton, ~ Insecure authorization it extemely common snd rind prominence in eyber secu landscape as oft, am be bard to detect, wile lo posing a severe business input ‘This swt they gained an sitions prominence | ~ {both OWASP Web Appiction and Mobile ‘Top 10. - ~The best way to protect these ims isto make ce that ser rghs are always checked server ide and als verify any requests fom a ctiet | — inkpendemly server-side, making sue that they beloog ote auboiadwer, S Clint Code Quay tint code eategory focuses on vulnerbies ® Code Tampering = Code tnpesing category covers say ‘moifcaions tht adversary cap perform on the 7p Tere ae 3 many of ways to do ‘mebodtass booking. dynanie ng an add malware 10 the app via det changes tothe binaries, ro resource, Azation app is then ssibated via thi pery —_—__———__ ‘Sylabus Topic: Bod Rabo erties aboe 169 Bad RaDdit = On Octber 2017, in Europe & 26H manne ‘ansomware campaign ply spread bbe Bad RADA reply infects medi outlets, te Intex news agency, sat Footanka confi te malware hit them, ~The Odes Interanal Alport has reece on of Rusian eberseciiy TASS press agoacy tht the work has en he Bad Rabie campaign was at t 10 the USA and other Westra ours but sccording to antivirus frm Ava feat ss also been detected in the USA [ccringsomputercom reper, Theoretically, if 8 US. organization had infected partners in the teased regions and were onthe same WAN wid Sa er sect, Bat Rabbi could tne span yoke congue cad a he USA ~ Be USCERT sho vam of lag eapetad od spared sa, as ty puted ‘scaly airy te Bad Rat carpe ~The US-CERT pubis let ue US CERT bas rectved mule eps of ramomne OmpUe aod resis wa ces he nace ‘macine wil a rao is pid a ses rm ig eam i os — sing te aa Many epers poined ut tt he Bad Ratt ‘aesom wate is Reyer ae Ops Of the soue cade With NePepe ‘raed he exec fas pes eee Hackers dems 008 Bsn rao (= $20 ot ine of te atk rom vin elk tie ‘Te Bad Rati ansomave yea vis dveby ovoid acts We stacks a wing ae Ade Fash plane isle tick vc in Chapter End aoa Ethical Hacking « (Introduction & Pre-Attac k) 10.2219 Wits « sot Not on Cann wi 4 Sylaon Tole :Ruges og. nae Setup SectyVertisntonSndde.211 | 2211 Rous sa aan m 223 Setup Secrty Teng Pan — Won Wich | eae a S/R 88 en feewlrcltan 1V0,223 Wit shot ote on Secty Tet tery Oates ar wg Pets, ng on | 2232 | I k “tmnt torn |e SC na = | ee ta | Coco nn 7 surtout owt wat | 288 Copland Rapitny Coen? | te 23 | sou Top : Bak bx iB Be | 21 Matte Geyteinte2 |e seen | 7 epaatgn:tiealaanghthe ca | 818 aber Wimbotrconneontl | 212 Ethical hacking needed? 24 | ¢ Syilubue Tople : Vulnerability assessment ot | © S7abue Tel: owe Eel hacking deren rom | Paitin Test nn a) | eon autieg an ge oni? nn.28 | 21.7 Vulpebity Assessment and Pere How Ez! Hacking Der tom Sooty Tost. nae | Aosting re Ona Forensics? 24 | UO.2.1.10 Define the Term : a. Penetration Testing | Mpnaunhaldainaeeenss 2. Veit Toto EES —-2# 2 EON ans [4 Sn Tae + Arman = Pr! | ee ee ioe oe cross ae rc © Hacking ~ Hacking is very broad scipline tat covers # wie range of topics, which hasbeen 2 pat of computing for Ist five decades, rework which either to harm the systems or 9 sta seat information available on the compu. ‘esting pupse. This sont of hacking is which eda Ethel Hacking ~ Bs esd wo improve he seca ofthe tems ‘nd nctwork by fixing the vulnerbtty foun | ~ while sing ——— Fab Topic: Bick Hat v. Grey Hal va, White Sytones Ton temic hacking “| a3 ata Black Hat vs. Grey Hat vs = Hacker is a computer expert who does the st of hacking. Hackers are those who try to obtain knowledge, © understand how systems operate, how they ae designed, and then stempt to play with tse le improves the security posture of a the permission ofthe authorized person ‘The main purpose of ethical hacking sto imfro™® the security and to defend the systems fo ‘wack by malicious users. L There are many companies that ire ethisal ‘5 Hackors are classified into thre categorios Black Hat Hacker Black Hat hacker lo known crackers. ‘They nok inorder w gain unauthorized accesso White Hat hackers ae alo known a tical Hackers, ‘They never iment to harm a system, instead they try to find out weaknesses ina computer o & network system as pat of penetration testing and ‘ulperbilty assessments, hacks for penetration ting an vueratiliy (Grey Hat Hacker (Grey ha hackers are a end of bth white hat and back hathackrs, = Me runs pull with red teamiag secuity Judgment intsion esting and vlnebiliy. ~ Some important pints that wil telp us ‘vodertand more about ees! hacking and its ecest, ‘While hacking a computer sytem an tial hacker usually teads play the le of & security exper. They penetrate no system a order to eects and egal acces ofthe system. They consanty bane © face 140 ‘Tae min objecsve of etl hacking sto Promise fey ie wiles infrastructure Itch contintes mott of cient snes companies aims ~ Tocaes on vlnerabiesthat an be exploited. = This Hacking valida that security contol do est rae infect es It canbe beh icy technical and nontechnical and although 204 cn se a fomal methology which end to ea — a ene See rhical Hacking » | Seven Things Should Consider Bator | ~ Signing {Look for broad and vague lnguage When analysing NDA, make sure that the | ~ Aefintons of propery and confidential information ae thorough defied (© Publly avaiable information (© What (pe of information is you pecibied | from dicloing? © How long afer your deyaruse ate you ‘expected to kop the infomation private? ‘The consequences of breaching t Be careful of unusually exteme or fir | ~ nish for reaching th NDA. Be dubious of oad and vague Igange tht [NDA afer sting your job. You may be ented toed coesierstion ~ Aer commencing work, n employe is ask 0 sgn an NDA as your sates ae new and es ~ As you sr rsh consderton may come in he feem of romoton, a tows, ational action ay, or varons ote employe ene. 5 Ligudated damages taning«Iqudate daages provision ent your employer speifled amount of damages cave handout your employer an automatic | ~ covery for srmeting you may ot bave 8 6 Youcan negotiate = Don't te afiad to ask to masify or alter {G0 with your gut someting in NDA seems suspicious, you seem like an inconvenience aving a lower check over a faction of cost = A few amouns now could sve you years of ach, ess anderen lawsuit Ther is sohing wrong with scrapping the NDA aliogeier and walking ava, ifthe NDA. seems covey oppresive or spices, = NDA ate esenl for any employer ooking to Protect heir propery and confidential infomation, ee ‘Sylabus Tople Compliance and Regulatory ‘Concer ee 2.1.5 Compliance and Regulatory yom and it da Tpese repulaions pot a responsibilty oq pares o ptt hemes 0m ace veut Dora reglacons also cover PAPE records ig sinter manne tiga reco. seni give tring to employees to we the company’ yber security structures snd. guidelines and are relevant for neatly all ‘companies handing data ‘The Payment Cand ee ——e ees ‘Syllabus Topi; Vulerabity assessment and Bxample + by input to check and verily oops 1 | Types of Black Box ‘Testing: “Types of White Box ‘Testing: = Pat Testing, = Loop Tsing, = Conttoneing Penatraton Teving ee 21.7 Vulnerability Assessment and ly aang =: Diternce benten Prt, = Penetration testing replies the actions of an intemal! abd extra cyber stacks hat is Intended to trek the information security and ack the vahable data or inept tbe nomad functioning of he rpaiation. tool nd ecriques, = Vulnerabity Assessment weaknesses reduce below the rk evel = The following diagam summarizes te wulerbily assessment ——~—~{ 2 = oech - Panning /Threet Sybase ee DH 2.2. Approach - Planning / Threat —Trean be done at aay sage of development bu it done at the beginning it will help in exty Germination of treats that can be distibated propery. = The purpose of Threat modelling isto identi, communicate, and understand threats an | Sleviton to te organization's stakeholders carly as possible = Docunmetation from this process provide system analyst and defenders with complete analysis of probable atackers profile, the most likely atack estos, and the assets most desired by the | attacker “Thre modeling helps o achive following methodology developed by Microof fo threat modelling ~ Ik provides « mnemonic for security threats i categories 1. Spoofing : An adversary posing as 29008 ser, component, or other system that bas # ‘denty in system being modelo. 2 Tampering : Modification of data wii ac To system to achieve malicious goal. = 3% Repudiston : Abiliy of an aivenny w eay performing some malicions sty in shsence of efficient prot. 4 Information Disdesure Expose of Protected dats to 8 wer ta isnot ebervne | Mlowed aces that dt. S. Denial of Service + 1 Occux when an ‘very set illegtime mets to ium trust evel than he cuentas with tere privileges. FD = This the input ofthis approach and each node of ‘he DED is appli w the sytem, ~The posible mumber of scary teats wil be enti swells feasible mitigation. DREAD Tk was proposed for test modeling but dv to Inconsistent ratings i was dropped by Microsoht in 2008 ~ DREAD is curently used by OpenSuck snd many ter corporations. Ik provides & memonie for risk ting secrty | ~ ‘treats sing five categorie. ~The categris ae: 4. Damage Potential : I ranks the extat of mage tat would oscar i valerabily is exploited 2 Reproductitty: I ranks bow easy it is © reproduce an atk 3. Explotabilly +1 signs « number © de ot equiv to lavach the tack, 4. Astected Uses: A vale charctrzng how ‘many people wil be impacted if an exploit become widely avaiable, 11 measures te Hkehood ‘how easy itso dscover the thet. ‘TaN Pa —Wiow drip ete The fk canbe calcul in DREAD mode by taking average of 5 catepories ik = Dana Padi Repay Haha Adee + Dace.) 4 PASTA ~ Fin, appropriate secsriy conte can be emamented which Nlps developer to develop sectcensic mitiguion strategy ty ansing stacker cea view of piston, STK Ws focus is in wing teat models as isk management ta = Thret moses ae based on reguirement mode, 0 he rurements model etablihes the stakcolder defied. sccepuble level of isk ssgned occ set la Alyse of requirements model yielés a test model from which thea are Mente’ and sgn is ve = Toe competed test mel i ted to ail ik model oa the bass of se, roles ations, and called rik expose. 6 vast VAST ie Stands for View, Ag, and Simple ‘Threat modeling a eG ad provides acne ouput 1 nas sakes Te testing web application echnical secur conto, rifeaion application technical security controls and any technical security contosin the eevronment that = Tecan be sed to elisha level of conidece in ‘the sacunty of Web applications. ~The requirements were developed. with the developers with a tit of |. following objectives in mind ‘Yeh Plan — le tenn te ii eS cia ning nrouiton 8 Prat Tye as a metric = H Provide aplication | pplication ODES With | developers and ssi with whch 16 ase De dere of trust tbat can be placed in their Wet procurement Provide a bass ing appliction ecwiyvericaton Security Testing is defined asa type of Soft Testing that ensues software systems ant pplication re fee fom any vulneabiiy, ss threats that may cause a big Iss, rsnization. ~ is pli to entity the dats in the system 24 ‘measure it poteaal_vulnerabilies, 50 sy oes not stop functioning ort expeited. = “Types of Secunty Testing ~ There ae seven types of sec testing as per pen Source Security Testing mbedcogy anual 1. Valnerabity Ssanning 2. Seca Ssaning 3. Peoewatontentag 4. Risk Assesment 5. Security Aviiog 6, Bical backing 1._Postue Astesoment 1 Valnerabity Scaning + is done dcogh | sutomated software 9 scan a sytem aginst ‘pown vulneabily signances. 2 Security Scanning : Secuity Sannng involves enifying network and sytem weakness tod later proves solutions fr reducing these rise. | ~ ‘This seaming can be performed for both Mans caning and Automated scanig. Penetration testing : This is kind of testing Silas a stack from a malicioos baker, PT lnvolves analysis ofa partslr sytem to check for pote vulnerabilities oan external hacking stem, 4 Risk Assessment: I invoves analysis of secu risks obeered in the organization. Risks ae claified as Low, Mediom and High It recommends contol and measures to edie the Fisk, Security Auditing I antral inspection of Applications and OS for security Naw. 6 ibial hacking + I i backing Organization Software systems. I+ ineston is 10 expose security Naws inthe sytem. ‘Tek Ne Pla — le dnp tie —____ Syl Tope: Undertanding Fonconaly, Bia Grey Wit, Understanding Functionality, = Wisalsoknown as Peo Tesig. ‘© Typos of Penetration Testing Following ar the imponant pes of en sing 1, Blak Box Penetration Testing 2. White Boe Penetration esting 3. Grey Box Penerion Testing e221: Pnaren Tetn 4, Black Box Penetration Testing = Tester bas no idea about the systems tat be is going t ein Blackbox penewaton testing a ~ Tester doesnot examine any popramming coves. ‘Advantages of Black Box Penetration Testing = Tester necd not be an exper at it doce aot demand knowledge about specifi language Tester verifies comtadiction inthe actual system and the specifications = Test is generally conducted with the wer penpective no the designer *¥ Disadvantages of Black Box Penetration Testing ‘ange of infomation about the systems and ‘setwork suchas Source code, Schema, OS deal, adress, = Wis considered ier source, ~ Wis abo known as stuctural, glass box, open bon, and clearbox tng. ~ This esting examines the code coverage and does et flow sing. pat esting lop testing, ee. ‘Advantages of White Box Penetration Testing ~ Eusres tat ll independent paths of « module Ive heen exerci. Te hance nine Discovers the typographical emors and dog, syntax checking = Finds the design errs that may have occureg because f the diference Between logical flow og the program and the acral execution, 3. Grey Box Penetration Testing =A tester usualy provides patil oF timigg {information about the internal details of ie progam of a system in Grey Box Penetration tesing ~ I considered as an attack by an externa hacker who ad gained egal access a9 organization network infrastcture documents, | Advantages of Grey Box Penetration Testing ~ Teisnom-inmusive and unbiased a the tester ees ot equi the acest of sourcecode. ~ Thetis lest isk of personal conflict as there is lear ference between a developer ada este, ~ Not ned to provide the internal information abut the program function and ober operations 1 | ‘Syllabus Tople Authenticated va, Unauthenticated —__$_==x ___ tion fan tack by an | aca sa am a5 Htiten & Peau) ‘5 Extemal Penetration Testing ~ feo sets tte eter cng. roe | ~ A are usa accessible vate imme ~ Mean highligh pence sect gaps, as wn limitations. = Remember, orc sro = Unto ‘= Authenticated Penetration Testing is on examination of an act fom the Denpestve ofan atacker who has managed te ‘xin enry, whether with compromised pe, dental, or a malicious employee wit acces righ. ~ Me involves examining an asst with login redeatials or aces ight in onde to deeming how much mancuverbliy someone hat once inside. Shearwater recommends you undergo an complete pictre of what damage a8 intuder ould once theyre on the inside ~ Conducting his Texting offers deperawarcess | ~ ito pote ids thom a broader ange of ed Penetration Test as for a more | - ~ Some examples may ictde cai, websies or Sie sharing platforas Intemat Penetration Testing retest ascs hat re inteallyfcng ~ Accessible ftom within an orgnizaions ~ For example a setwork or see cy] ~ Pevsoting oe wheter youtave acces creat ‘oth Extra sad Intetal ait canbe tte in 0 Unutheniced ora Auteacatd way, _Sylabua Topic infomation Gating a Recitation ening = lefomation gathering is also known, as fot Priming an eanizaion, 1 besins by determining the tage gtem, spplicoa,o physic! cain ofthe wget. Once tis information & known then specific {afomation aboot the organization is gathered sing nonitrsive mets, = For example, the orgnizaons oxm web page may provide a personel dietary or ais of employee bios which may prove weil if te ker nest we a Sci engineering ack to reach be objective, | Information guberng can be broken int seven opel pe asia ~ Report Preparation - The tester prepares a fia repor that describes everthing about the sytem ‘Sylabus Topic: Perform Manual and Aviometed (Toole Webinepecd Guna Neasun Meteo) Vaan eS 2.28 Perform ‘Automated (Tools : WebInspect/ Qualys, Nessus, Proxies, Metasploit) VA ‘Manual penewation testing is categorized in ™° following ways asc ST Kis only done by human experts who examine ‘ven domains ~ Compressive Mansa Penetaion Testing Rb Groveh testing of whole sytem | ‘onecid with each orto identify all ora ofr can bring more vulnerable stack scenario, et, "= Automated penetration testing swomated perevation testing a Opens, Mesplot, backact, (eis 3), ~ These ae very efficient tols that hangs dhe efficiency and meaning of pencratn esting. Tools 1. Nese ~ Nessus is teeware network vulnerability scant hich has more han 1,00 plugins available ~ Tinclues a cient = server archiectre with & (GTK graphical interface remota local secuity ‘checks and an embedded seriging language for wring own plug-ins or understanding exiting spoliction vulnerabilities witin ihe | — |W fetares more than $00 verb ck as ellasaninfeeac-bted scanning eapioe 3 Metaspot Framework ‘This isan opensource software pau ssed to "25 develop and use exon, ~llerence beween Manual Peoticns Teng Automated Peseration Tsing ‘Se. | Manual Penetration | Avtomatad Testing Preeti —___—_ ‘ylabus Tople How Webinapect/ Qvale fooe| wrk a a 7%. 2.2.9 How WebInspect/Qualys tools x Adie = nstatation of WebInspect eguiceneat befor install Weblspect ~ They report their resus to security engine which evaluate the ess, = ewses Audi engines to atack the application and deerme the vulnerable, Welcome to HP ASC Ucensing ——— Sal aoe Gaia) = Two things that Weblnspec wll do fr you: Crawl and Audit Te i er ip ag nd ofthe Scan you can generte reper, | meability Assessment Report Which called Vi on Lig aC Tar tw window where yu Dee 0 em Seq ieee ‘ype of Scan (Standard Scan, List-Driven Scan, sr 2% me Site also ro es | Pace tenens SE ——— wy | <= ssa] | Femmatmiaean — [——— J ug | ‘ = tne boom ef hand side, here ia Settings Default) button which isthe heart of Weblnspect. ~ Using is you congue the san and tel Webaspct what you wat fom it Click on Stings (Deft ad Default Sexings window wll open. “Ta-Ns Pliine—— e a apr vtine Comoe {nd Thoroughness. : Secep s+ Click on meat Dette! xan cofguation window oP examination ofthe Urea cept the ecoomeniin- Oo | eet tm mt | pirer emerson Joa Pb Pl pgs if ecesary it recommend you ota anges. You may oF may et ae | os san btn. Sean wil inate ce clicking the seam — nds on size ofthe application, sled policy and other > Step: Once he scan gets completed, ee aay te esa lint thease positives nd eevee report fr valid igs Teast be learn the Defal san ings ly cri olin cpimzing the ess. = Disadvantages ime when dealing with lage eerie | 1, shad for ny to ingen! avs, weak copopapic sorge, sve of he discon the anack, shows sults and peers |__ formation you with comprehensive view 2. There could be fae positives among sed 2 Not dependent on the une langue. veils ——a— Manager or Unit Manes: Makes your cout ifoematon 1. Open browser and gow te pao URL wh ‘your account i Tsted Pese sfer © 3 email conning yor pies URL ‘Select VM fom he plian picker, Goto Sam > Apinces Select New > Scaner Appliance sot ete activation code fer the apie (spear in {@e ACTIVATION CODE screen in your Appliance’ wer ines, fow mists Tor Sear ny et satan 92. COME Een May, | sagt Sar Nn ot at 988 he OOM oH Ua ‘ReS0OT ero SORES And en rae er wn REALY REBOOT SYSTEM? ep mall addresses from Intemet can wie Note: The scan cates ony wie pce {6 Select an att sro tat you Wat 1 wi he Scanner Appice (Ut Marae caly fom he AG © mess This Wil mike te Ayling value ower in buses ui 7. lick Active Then Scans Aplaase, {0 og into he Qualys Cloud Pan, Tb Nein Rh spies ~ Awe spider separate websites eal ~ The web spider uses syntax such asthe @ 9% {© lsate email addresses thea copies te” te ~ These adtesses are then added 10 sani ‘may be used later to send unrequested eal ~ They canbe use to locate all kinds of ilo onthe et - You neat « 4 team of scarity experts 0 itn comprebensive esting regimen from P= L__- Sa sac sui Vo technige views employes at your defense system. ental psychology leveraged in social engineering. = Reciprcaton, authority, and scarcity are just tome of the motivators socal engines #86 © trick people into dangerous actions. The cose | _ pen texters come to mimicking social enisering. the biter they'l beat reveling an oresizaton's eve weaknesses. ~ From there they can recommend seu) | mechanisms and educational practices that minimize the sks. ~The goal te srhing pay dat by any means ecesury. The lop data in your prnter may seem trv, but might sare credentials with abases tat howe customer informatio, credit card umber of ter semtive data = When it comes to atc vectors, peneaton aus eave no sone wturned. Lat the Data Be Your Guide = Following a sucessful cyber scunty beach, row invective effora can be uaced wa targeted data et. = tate process of inking ike an anacer testers eed to ety he data ark, determine where tess, ad igre ot How areal rina could ssl get heir hands oni ~ Be it intlecual propery, customer daa, or busines plans, having he most sensitive data wilalvays lead pe esters in he right direction. CChooae Your Pen Test Wisely While ere ae sever pes 10 choose from, peverion testing # manly clasifed in wo ‘catego backborandwhitebox. = loa whitebor scenario, the leer has intimate Anowledge of oF ace to the tes subject. Due © (be up cose snd personal nature, his type of text, isideal or imernl applications or inside heats In a blackbox scenario, the tester hat m0 were Thee are advantages and Guat: 16 oP penetration testing seatcgy The mem tht he ume Ps Performing & new testing engagement to ensure cure eu of he most cut envitoament, = This dcminaion ould te made afer 4 risk soaysis of ow mich change has cccured ince tbe naling was cone ~ Moreover, in specif condton, he tapped secriy problem may irae a base aw open enionen or spaica Tob Ne Fil — Ph sg ——— sean ntetton 8 Pret esas, stem Fetes ig Pine 1 Passe and Active Reconsian = Phe 2 Scanning = Phase: Gang Aces = Piste «Maintaining Aces = Pac 5 Conenne Tracks “Grasoon Tops Rocommonsonea OO Tepe: Reconnatanca Foorrang) EEE 23.1 Reconnaissance/ Foot Printing/ Enumeration "© Reconnalasance ‘There are two kind of recom = 1 Pave reontaiaasce = Socal engineering and dumpster diving are ako comsikred passive information- gathering ‘methods. passive reconnaissance means Sniffing the network which can yicld useful information ‘ech as naming conventions, IP address range, Indden servers or nctwork, and other available services onthe system or network ~ Sniffing network trafic is means 10 building ‘monitoring: A backer watches flow of data to see ‘what time cerain transactions take place and het this aici going. 2 Active reonnalsance ~M livolves probing the network to discover individual boss IP addresses, and services on the network, ~ Atv reconnisance usally involves more Hist Cf Seton han passive reconnsissance and i ‘ho call rating the door, Sgt BE a hacker an ladon of scuiy nim lace but a process also increases the on Sf Ming caughe or at least rising Both pss ‘conan cag omntisance and activ ance can NN Pa a pe og enemas een ete ‘nforion wa ASN Sl eto {formation gathering, = Ie begins by determining urgetsysem, ns own web page may provide & irctory or list of employee bios Which may prove useful ifthe hacker needs f0 use social engineering attack to reach objective, search engine of Google can be wsed in creative | _ way perform information gathering ~ To retrieve information has been termed Google sw hve the ~ The ftowing commands ean te wet oe 8 Google search engine perform Google basking: | ~The objecuve of enumeration i to ently the aching Woals are designed for scanning IP eens. SS ——_— we = Tools hat a asker may fie dng be sxaing ne can case por cater, er eth agers, sweeper, an Suneraiy seater ~ Mache ae seeing any iaformace that can lp | ~ Gem peperae stack sh a IP ast computer nes, and se aunt = The Racker comics 6 gader infomation rc ns MIME A Png ‘Types of Seannieg rer exning #H SETAE CEN POR Ang this tool identifies port 80 a open indstes a wed server i running on that system. repsring the network ant 18 indi box | ~ systems dung scan = Daa sch as IP adder, OS, sence, and inwalodapplaations can help te hcker desde | ~ ‘whch ype of apa toe hacking astm ~ Wis te proces of cans ses ha weave at resqutng oe he aetwor. ~ Bical ache wet en tare systems IP sirens ~ Scanning is performed ser te stve sn psine eoananunce suger of rem taking hie ten compl “e ~ Tes wed determine wheter «yc io ti eter and aaa Scamig tl a wed pater raion fem sh Be operate un, | = denies, ant services rating “ Nig ob Ge tye tis procedure for identifying ative hosts ona ewer, cider to attack them of as necwork secuniy assesment, Hoss ae ientiied by their individual IP ess, ~ This tools atempe to identify all a lve o > Then, the ‘espeding oss on the network and theit cuesponding Padiesses. Valor scanning a ion nub inservice packs that may be installed Yulneabilty scanner idetifis ‘estnese or vulneabilies in the OS, Dain tele at tae nega ICE phase, «hacker can uli® weaknesses in eee AMES in order to gain acess 19 BE ————— ‘Sylabus Topic. Phases - Seating et sotng 3 Sniffing traffic on the network and be a packet capturing o& frame = Some sophisticated sniffers interpret packets and | ~ ‘an feassemble packet stream ito the original sniffer is used and the security measures in place. There are several hacking atacks and varius hacking tools require the use ofa sate obtain important information set from age system, Snifer software works by capturing packes oot estned for the systeras MAC adress but rater or a targets destination MAC addres. This i known as promiscuous mode. = Asgystem on the network reads and responds only i sent relly to its MAC address ~The system reads all walfic and sends itt the sniffer for processing in promiscuous mose ~ This mode is enabled on » network card with the instalation of special river softwar. ~. Many of the backing tools used for sing include a promiscuous-mode diver 10 faciltate this process. = Any protocols that don't encrypt sta ae Simple Network Management Protocol, POPS, and FTP are most commonly captured using & fer and viewed by hacker to gather valuable Passive sfing st detectable Active sing Ik involves launching an Address Resolution Protec (ARP) spoofing of tafic-looding attack agains wich inorder wo capture tafe = Active sing is detectable = All hosts on the nerwork can sce all uafic in networks Ghat use bubs of wireless media 0 connect systems, therefore the passive packet snifer can capure waffic going wo and from all ose connected via bb, [A switched network operates diferenty. The wich looks at data sent to it and wes te forward pockets to their intended recipients based on MAC sires. = The swich mainuins the MAC tble of all the susceptible to sniffing. Protocols such as HTTP, Peele to siting, rooeols sa I'L systems and the port numbers to which they are connected ‘This enables the switch to Segment the neework tafe and send tfc only to correct destination MAC addresses. [A swich network has greatly improved throughput and is more secure than the sized ecwork connected via hubs Chapter Ee gaa Ethical Hacking : Enterprise Security —_——_——_—namnenns “Sylabos Tople: Phases m3 Phases : Gaining and Matncaining Access ning Acces = tn Gaining Access phase, te rel aching takes place. = Vulmenbiives discovered during the | — reccomassine and scanning phase are 20% sized opin acess phase = The hacker we meta of connection for a0 expt can be # iteret, foal area network | ~ (LAN, citer wired or wireless) local sees to a ) Foor offing, ~ Examples inclu denial service (DoS), stacks ‘red ttle overflows, and session icing. =n de hacker word, gaining access is known as coin these. 7 Malrtatning Access ~ Once 8 hacker as ined access, they want 10 cep at acess for future anacks and cegoiaion ~ Hacker clot e system trom other backers o¢ iy Penne by securing their exclusive Acces with Trojans, ook, and back © One te backer owns he system, they can we ‘sem a abuse auch addtional nach, = tis sono, be be one system in ered toss azombesyiem, Tet Plies iv Fle agi eee ne “anon Tope Systems hacking, 8 the different softwar sch a8 desks, This defined as the compromise of computer systems and software to in 3cce88 10 the age computer and theft or misuse their sensitive information. ‘Here the malicious hacker Uses the Weaknesses ia a computer vantage oft system because the hacker knows the actual wrk systems and software which is For such atacks, a hacker has information abot the systems, networking and knowledge of ott reas related to compate science. = Anyone whois using a computer and is connect to the intemet is vulnerable to the threats of malicious hackers ~ These online stackers generally use viru js, mae worm ping i ‘email spamming, social engineering, ¢x#% Sreing system vlna, o ulnerabiies to get access to any viet en = When victim's Pe ite 's PC gets connected to the tte hacker may execute malware on victim's © | 20d guely wants the personal, foal sent information without victims know conse. _ cae = Then these hackers can blackmail the vic tim for stealing that se Es the world of Hacking means nothing is 100% secured, = Hackers usually use the following techniques to hack the Lina sytem, 1. Wack Linas wsing SHADOW fe 2. To bypass the user password option in Linux, 3. Detects the err or tugs on Linux iuinbution and resto ake advantage fit. 5 Windows System Hacking = The wer's paseword of Windows OS. which appears ser the Windows stats logging in lets vers prouct compuler from getting ‘vnaoried access. = Always choosing strong password of more than ip digi an excellent practice = However, we can protect our files and folders {rom he hand of malicious users. = There are several wicks and techniques wed 10 crack a windows pasword, Bot, a per the ‘Sylabue Topic Windows and Linux Metaapoit fend Kall Unt, computer open, you can easily modify the existing password and gave anew password which will be tuware of the victim oF the owner of the computer —_____—_- “Syitan Tope: Metasplo and Kall Linu ren Tonle Me *™ Linux System Hacking = Limux is an Operating System (05) asembled ‘ser the model of opensource svar evelopment and distribution and is based ot | ‘Unix OS created by Linus Torvalds. = We have to know the baie ile stuctre of Linas | " ye and ge Meuspoit is one of the most powerful utlized tool = Metasploit comes in two versions ~ commercial and foe eon. . i a ee = Explolts of Metasploit = We found that the Linux machine that we have fr testis vulnerable Yo FTP sere from Vulnerability The commu! is- we “explo ph” Scanner. Now use the exploit hat can work For = The screen . tes you have to et in der fo mae it = Then ype mf sow opin command inks 0 anctignal, As shoven inthe flowing age. we YE nc Wahine ere ee ee ee ei Hacing MLB SESSEES ————— Syllabus Topi: Key Logging —S hs e = Keystoke loggers = - ‘implemented either ee) ca (J ‘sig sofa otra, TN i Arta | Hardware key loggers ! is soa hardware devices that cm! Aeyboard to the PC and save every ler Sle erin the memary ofthe bara ‘hacker must have physical acces © ‘in onder to installa hardware key 10Be™ weit Tes pices of steain software tht Sg! *eyboard hardware and the 08, 8° 1 ve ey keystroke, wt? be deployed on a system _g =a | nae Eticl Wicking MU8.SeConp sem) ——Sylebus Tope: Butter Overioms ate Overtiows = The buffer overflow tack sends too much information to field variable in an application, hich can create an application err. Most of times, the application does’t aware what action to perform next because it's been ‘overwritten with the overflow dat. = So it can either executes the command in the ‘overflow data or drops outa command prompt to allow the user to enter the next command, ~ The command prompt is the Key fora hacker and itean be used to execute other applications eee ‘Syllabus Topi : Privilege Escalation 3.2.6 Privilege Escalation 3:7 Explain” Priviege Escala @ Escalating is the tind step in the hacking cycle, ~ Privileges Escalating basically means ating more Fights or permissions oa utr account ~ Pavileges Escalating makes a regular user account {nto an administrator account. Administrator accounts have stronger password requirement, and ther passwords are more closely guarded. Iit isnot possible to find a usemame and pasword ‘with Adminstrator privileges account then hacker may choose to use with lower privege account ~ In thie scenario, the hacker must en scale that sccount’s privileges. This is accomplished by frst "To es Pelicans Wow dhe ip non fining access using a non admin wser account ‘ypically by gathering te username and password ‘trough one of the previously discussed methods ~ As hacker has a valid wser account and password ‘the next step is to execute applications wiry escalating privileges is Se important. Inthe following sections, we'll see ‘what hackers can do with your system once they have Adninisuator privileges, ~ For example : GetAdmin exe isa small program that adds @ user wo the Joel administrators group. ‘This tool uses a low-level NT Keel routine to Allowing acces to any running proc = Alogon to the server console is the program. GetAdmin exe is run either from the command Ineo fom a browser, Te works only with Wi 3, The Hexe wilty Loca} Procedare Call flaw in Windows 5m admin user can be escalated othe administrators group sing this too 4.0 Service Pack Syllabus Topic Network Hocking DH 3.2. Network Hacking Le ~ Address Resclution Protos network 10 wane IP adeses nto MAC sarees, communicate with anober, it meets te M adeess or hardware acess of te ost mich eying to reach Fray i oks ints ARP cachet see whee i then i broadcass an ARP request Ins the Padres Lam looking foe" =e bos that has that IP aes looking in the [ARP query, Bost responds with is ova MAC cress, and a convertion can begin aking ‘Tepnr. ~ ARP poisoning sa echoique tht is ud tata an Btbemet ata frames on switched LAN or sop the talc together. = ARP poisoning uses ARP spoofing where the purpose is 10 send fe, or spoofed, ARP messages to an Ethernet LAN, = These frames conan wrong MAC adteses hat confse network devices such a neta |~ switches ~ Asa res frames intended for oe machine san te minukenl seo ante orto an ustadtt ot, Fes Pntee ie ep Wo hap oT - To pov = This can wed (0 prevent from a hacker sooofing, WE hae rity adhe MAC address ofthe permanently 28 ten odie ARPcxbe on aster opening the gtenay’s TP and MAC ae, rmaoge in 2 lage environment because of umber of systems | ~Poe-bsed security can be enabled in an etic | cavicoen on switch tallow only om Ma | sess perswich pot | ‘Syllabus Topic : Password Cracking | | and hat let an atacker sift | ack passwords, Passwords are the key of information needs!” feces asym, | ‘When user creates passwords, he often s0** | stor tae prone to being cracked: NA "ase pessnrds or choose one that is sels ™ | ‘2°name” to lp them remember it. | ~ Resse of tis most password casi? ‘cf 1» cack passwords, it can aa? | aac 8 , = Pasewords may Be cncted manly gr sig ‘automated tools lke & dictionary oe tp mebod to og on with diferent passwords ‘They create alist of posible passwords 3. They rank the passwords fom hgh w tow | ~ probability 4. Key incach password 5. They ty again and agin wil x accent ~ Amore efficient way of cracking a passed i 10 ‘ain access to the password fle on # syst passwords stored inthe fl. ~ A hacker can attempt to gain access 10 the ‘nerypting algorithm stor onthe sever ists of tying to guess or otherwise identity Oe password, “Tele Pe i it asword cracking involves atcoping "The take is ssc then hey can decrypt ‘he psswords stared on he serve, ——_—_— ~ There are to methods exist for suthenicating Wiles LAN cles tan access point cpen onestion 10 the network, Shard key: Its thcascatin bis he wiles lent hash rng of hllenge ex wit the WEP key taut to be sewer Wired Buivaeat Privacy (WEP) was the fst seca opin fr $02.11 WLANS. Tis wed oeneypt dt on the WLAN and can with shared ey by which RCE ass IVs is the veal rskness of WEP which allows a hacker to crack the WEP Ley, I — ~The PMS atack isthe method output byes to determine the mst ‘3 Ei = In this trans onal mode both TKIP ang apy be used to encrypt data. a and WPA2 | — WPA Persona Peso both, pasraeto authentication WLAN clin, = Although a hacker ean aempe to crack WEP BY brute force stack and the most common estise = WPA Externe and WPA2 Enterprise i sutbencte WLAN users via. RADIUS any vsing the S02IX/Extensible Auten, ‘Protocol (EAP) standards, = SILI and WPA2 both use the same encypie| ua enrypton ad ete WPA Fesonl x WPA Enterprise for authentication ~ WPA Penonal wes an ASCIT puspiae fr futhenicaon and WPA. Enleprie sit 4 RADIUS server to autem wes ~ WPA Enterprise i more secure robs secuy pon than WPA Pesoaal but it recs on he teation and more complex seup of « RADIUS | ~ WPA2 doesn't require vendors to implen | ‘reauthorization, Table summarizes the authentication i ‘2crypton options for WLANs. and authentication mechanisms as WPA2. bi! _ is of 4 ne rion = The MAC address tha is hard coded on a awork | ~ Windows, by using the SMAC uility or any other | ~ However MAC addces based acess conto a another layer of protection and better than nothing al | ~ Thacker spoofs one of your MAC adresses he ‘only way to discover malicious behaviour is through contextual awareness by sposing the same MAC address being wsed in two oF me | _ Places onthe WLAN, which in be dificult smeod used to change the factoryasigned MAG “50 Film — oe i

    You might also like