Scribd Logo
Upload

Welcome to Scribd!

  • Ethical Hacking Ch1 Part 2

    Uploaded by

    James
    40 views22 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    40 views22 pages

    Ethical Hacking Ch1 Part 2

    Uploaded by

    James

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 22
    Hacking (MU - B.Sc, Sem Vi) _1-31 Info. Sec.: Attacks & Vulnerabilities Once the vietim tries to login or enters some data, the hacker gets that private information of the target victim using the trojan running on the fake site. Phishing via iCloud and Gmail account was the attack route taken by hackers who targeted the “Fappening” leak, which involved numerous Hollywood female celebrities, Phishing Attack 4. Send stolen credentials i Acco 3H Phishing Site 5. Harvest new credentials 3.Visit phishing page| _ 2. Send phishing email Attacker Fig. 1.16.6: Phishing attack Vietim = Even just for fun, a hacker can use software to fake a wireless access point. This WAP connects to the official public place WAP. Once you get connected the fake WAP. a hacker can access your data, just like in the above case. ~ I's one of the easier hacks to accomplish and one just needs a simple software and wireless network. Anyone can name their WAP as some legit name like “XYZ. company Wii” or “Your WiFi” and start spying on you. One of the best ways to protect yourself from such attacks is using a quality VPN service. Syllabus Topic : Eavesdroppi Unlike other attacks which are active in nature, using a passive attack, a hacker just ‘monitors the computer systems and networks to gain some unwanted information. ~ The motive behind eavesdropping is not to harm the system but to get some information Without being identified. These types of hackers can target email, instant messaging Services, phone calls, web browsing, and other methods of communication. Those who indulge in such activities are generally black hat hackers, government agencies, etc. B.So - Comp: Sem VI Attacker Rg. 1.16.7: Eavesdropping Syllabus Topic : Man-in-the-Middle 1.16.7 Man-in-the-middie A man-in-the-middie attack is a type of cyber attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains ‘access to information that the two parties were trying to send to each other. A man-in-the-middle attack allows a malicious actor to intercept, send and receive dats meant for someone else, or not meant to be sent at all, without either outside party Knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways. including MITM, MitM, MiM or MIM. Key concepts of a Man-in-the-Middle attack Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems. A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data. Man-in-the-middle attacks allow attackers to intercept, send and receive data never mean to be for them without either outside party knowing until it is too late. —— ©. 7) ethical Hacking (MU - B.Sc. ‘Original Connection sme User Web Application New Connection Man in the Middle Fig. 1.16.8 : Man-in-the-middle — Syllabus Topic : Session Hijacking 1.16.8 Session Hijacking 116.8 What is Session Hijacking ? Explain. (Ref. Sec. 1.14 — The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. — Because http communication uses many different TCP connections, the web server needs a method to recognize every user’s connections. — The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition. — The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server. ~The session token could be compromised in different ways; the most common are : © Predictable session token; © Session Sniffing; © Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc); © Man-in-the-middle attack; © Man-in-the-browser attack. Ethical Hacking (MU - B.Sc. -Comp. Sem VI) 1-34 Info. Sec.: Attacks g Vulnora, a Authentic Request a S Session Hijacking Innocent User Server B impersonate Request Attacker Fig. 1.16.9 : Session Hijacking Syllabus Topic : Clickjacking a 1.16.9 Clickjacking ~ Click Jacking is also known by a different name, UI Redress. In this attack, the hacker hides the actual UI where the victim is supposed to click. ~ This behaviour is very common in app download, movie streaming, and torrent websites, While they mostly employ this technique to earn advertising dollars, others can use it to steal your personal information. Ee RUMOR eT Like OMG! Youjust won a L000 dollar Walmart cardi Dont worry, allwe wantis for youto click out annoying, seizure-making adsowe can destroy your ‘computer with allour viruses and stuff and get your personalinfo! Fig. 1.16.10 : Clickjacking ~ In another word, in this type of hacking, the attacker hijacks the clicks of the victim that aren’t meant for the exact page, but for a page where the hacker wants you to be. It works by fooling an internet user into performing an undesired action by clicking on hidden link P) Ethical Hacking (MU -B.Sc.- Comp. Sem VI) _1-35 Info, Sec.: Attacks & Vulnerabilities Syllabus Topic : Cookie Theft 1.16.10 Cookie Theft 10 What is Cookie Theft ? (Ref. Sec. = The cookies of a browser keep our personal data such as browsing history, username, and passwords for different sites that we access. Once the hacker gets the access to your cookie, he can even authenticate himself as you on a browser. - A popular method to carry out this attack is to encourage a user’s IP packets to pass through attacker’s machine. | [Bevel [Bowser] Fig. 1.16.11: Cookie Theft Also known as SideJacking or Session Hijacking, this attack is easy to carry out if the user is not using SSL (https) for the complete session. On the websites where you enter your password and banking details, it’s of utmost importance for them to make their connections encrypted. Syllabus Topic : URL Obfuscation 1.16.11 URL Obfuscation ~ An obfuscated URL is a web address that has been obscured or concealed and has been made to imitate the original URL of a legitimate website. It is done to make users access a spoof website rather than the intended destination. ~ Obfuscated URLs are one of the many phishing attacks that can fool Internet users. The spoof site is often an identical clone of the original one in order to fool users into divulging login and other personal information. 1-36 (MU - B.Sc. - Comp.- Sem VI) Info. Sec.: Attacks § y An obfuscated URL is also called a hyperlink trick. Fig. 1.16.12 : URL Obfuscation Anackers usually use a common misspelling technique where they misspell a dom: Same to trick users into visiting. These obfuscated URLs can be a cause of malwan ‘entering 2 user’s computer system. URLs are strings of text that identify web resources such as websites or any kind Intemet server, so an obfuscated URL shows up as a meaningless query string to users. ‘This hides the real address of the linked site when the user hovers over the link. URL obfuscation is not always used for phishing or cross-site scripting, but it is also used b’ legitimate websites to hide the truc URLs of certain pages so that they cannot be access¢! directly by the users or allow certain procedures to be bypassed. At is also used as an anti-hacking procedure. This is termed as security through obscurity af 2 ee. ae wg Ethical Hacking (MU -B.Se.- Comp Som Vi)_1-7 Info. Sec.: Attacks & Vulnerabilities Syllabus Topic : Buffer Overflow 4.16.12 Buffer Overflow [GEES What is tor overiow ? (Ret. Seo. 1.16.12) Marka] — A buffer overflow condition exists when a program attempts (o put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In sa sequential section of memory allocated to contain anything from a this case, a buffer i character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code, Fig. 1.16.13 : Buffer Overflow ———— Syllabus Topic : DNS Poisoning 1.16.13 DNS Poisoning ~ DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits aeabiliies in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. . , rolee ; from py server to DNS server, In 2010, a DNS poisoning event resulted in the Great Fin, China temporarily escaping China's national borders, censoring the Internet in te tg, ‘until the problem was fixed, ‘ A DNS cache can become poisoned if it contains an incorrect entry. For example attacker gets control of a DNS server and changes some of the information on it. For example, they could say that google.com actually points to an IP address the aay ‘owns that DNS server would tell its users to look for Google.com at the wrong adn, ‘The attacker's address could contain some sort of malicious phishing website DNS poisoning like this can also spread. For example, if various Internet seri, Providers are getting their DNS information from the compromised server, the poison: DNS entry will spread to the Intemet service providers and be cached there. It will. spread to home routers and the DNS caches on computers as they look up the DNS ean Teceive the incorrect response, and store it. f Fig. 1.16.14 : DNS Poisoning —— Syllabus Topic ARP Poisoning 1.16.14 ARP Poisoning «@ Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which ® attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and pl packets. gi Ethical Hacking (MU - B.Sc. - Comp Sem Vi) _1-39 Info. Sec.: Attacks & Vulnerabilities = This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user. | = _ ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR). = ARP poisoning is very effective against both wireless and wired local networks. By triggering an ARP poisoning attack, hackers can steal sensitive data from the targeted computers, eavesdrop by means of man-in-the-middle techniques, and cause a denial of service on the targeted computer. In addition, if the hacker modifies the MAC address of a computer that enables Internet connection to the network, access to Internet and external networks may be disabled. - For smaller networks, using static ARP tables and static IP addresses is an effective solution against ARP poisoning. Another effective method for all kinds of networks is implementing an ARP monitoring tool. Attacker IP: 172.15.1.11 MAC :B User IP: 172.15.1.10 ae MAC: A Fig. 1.16.15 : ARP poisoning ee ‘Syllabus Topic : Identity Theft 1.16.15 Identity Theft The information can be used to obtain credit, merchandise and services in the name of the Victim, or to provide the thief with false credentials. In addition to running up debt, in rare cases, an imposter might provide false identification to police, creating a criminal record or leaving outstanding arrest warrants for the person whose identity has been stolen. i lll—~“—t‘“C:*é (uu -Bs6. sem Vf) 1-40 Info. Sec. Attacks 8 Vulnarabig, + Types and exampies of identity theft ~ Identity theft is categorized two ways: true name and account takeover. True-name identity theft means the thief uses personal information to open new accounts. The thier might open a new credit card account, establish cellular phone service or open a ney checking account in order to obtain blank checks. = Account-takeover identity theft means the imposter uses personal information to gain ‘access to the person's existing accounts. Typically, the thief will change the mailing address on an account and run up a huge bill before the person whose identity has been stolen realizes there is a problem. The internet has made it easier for an identity thief to use the information they've stolen, because transactions can be made without any persona} ‘= There are many different examples of identity theft, such as : - Tax-related identity theft, where a thief files a false tax return with the Internal Revenue Service (IRS) using a stolen Social Security number. - Medical identity theft, where a thief steals information, including health insurance member numbers, to receive medical services. The victim's health insurance provider may get the fraudulent bills, which will be reflected in the victim's account as services they received. = ‘Child identity theft, where a child's Social Security number is misused to apply for government benefits, open bank accounts and other services. Children's information is often sought after by criminals, as the damage may go unnoticed for a long time. ~ Senior identity theft, where a senior is the target of an identity thief. Seniors are often in contact with medical professionals and insurance providers, and may be used to giving out their personal information. They may also not be as aware of the scamming methods thieves use to steal their information. Syllabus Topic : oT Attacks 1.16.16 {oT Attacks Internet of Things (IoT) delivers substantial benefits to end users. However, it also brings unprecedented security challenges. A part of the central security issue is that connected devices share implicit trust. Info. Sec.: Attacks & Vulnerabilities ‘This shared trust between connected devices means that the devices automatically transmit heir data to cach other immediately upon recognition without first running any malware detection tests. The worst-case scenarios of these IoT security dangers result in physical harm or even the loss of life. Syllabus Topic : BOTs and BOTNETS Bots are computer programs or software applications designed to execute a series of operations automatically. There are several useful bots (good bots) that crawl websites and ‘create visibility on search engines and social media channels. ‘There are several bots executed for general information collection, like weather reports ‘over several locations across the globe, football scores and team performances over time, ‘and so on. Bots are employed for these activities because they're either mundane or too repetitive for humans to perform. ‘There are bots (bad bots) created to cause harm to websites and online businesses. Bots ‘are created to illegally scrape content from websites and post them elsewhere. ‘Competitors employ third-party scrapers to gather information and content, so that they ‘can fine tune their business strategies to overtake the competition, unethically. Millions of bots sent from single or multiple IPs can cause Denial of Service (DoS) attacks, stifle bandwidth and severely impact user experience. Having said that, the hackers creating bots, targeting online businesses, seem to be ‘moving to sophisticated methods to get around the security mechanism in place. Real-time bot prevention solutions that constantly learn and update bot signatures and patterns will provide continuous protection to websites. BOTNETs Was computers get infected with malware bots, they could be included to a network of infected computers, forming botnets, These botnets will be orchestrated by a command and control center that instructs them on specific malicious actions. A computer infected with a malware bot or virus can spread the same in their intranet, Saad massive botnets. In most cases, the users of these computers are not aware that theirs is a part of a botnet, performing malicious activities. #7 Ethical MU - B.Sc, - Comp.- Sem V1) Info. Sec.: Attacks & vy Botnets are created to perform malicious activities such as Distributed Denial of (DoS) attacks, phishing scams, spam emails, ransomware, click fraud and a lot mop, i ~ In most cases, computers become infected and turn into botnets because of a Weak Point security system. This can be taken care of by having the virus and Maly Programs and definitions updated and patched. ~ Also, users of these computers should be educated on the perils of opening tnkyo, attachments and clicking on suspicious executables. Syllabus Topic : Case-studies : Recent Attacks - Yahoo , Adult Friend Finder, Bay, Equifax, WannaCry, Target Stores, Uber, JP Morgan Chase, Bad Rabbit 1.17 Case Studies 1.17.1 Case Study Attack on Yahoo - = Sais a vac 25 Sa re ets a 2013 data bread was affected in the cyber attack. — A data breach is the release of secure or private/confidential information to an untrust environment intentionally or unintentionally. - The company said new intelligence suggests as many as 3 billion accounts we: compromised in the attack. — Ithad previously admitted around 1 billion accounts were affected. — “Based on an analysis of the information with the assistance of outside forensic expert Yahoo has determined that all accounts that existed at the time of the August 2013 the were likely affected,” it said. - The breach saw email addresses, passwords, telephone numbers and birth dates at risk having been taken. — However, the stolen information did not include payment or bank account details. — Atthe time, Yahoo had urged all its users to change its passwords, though had specifics! notified the | billion user accounts it thought were compromised, - Yahoo has now sent emails to the additional 2 billion users believed to be affected. Ethical Hacking (MU Comp.- Sem Vi) 1-43 Info. Sec.: Attacks & Vulnerabilities - The news of the breach last December followed its warning just months earlier that it had been hit by a "state-sponsored attack" in 2014, in which it lost the details of at least half a billion users, including eight million from the UK. = Yahoo said forensic experts discovered the new information relating to the hack after it was folded into the AOL brand, under the new name Oath. = Verizon decided to merge the two businesses after its purchase of Yahoo's mail service, news and finance service, and the Flickr and Tumblr social networks completed in June. = The price Verizon paid for the Yahoo businesses was cut by $350m after both the 2013 and 2014 data breaches were revealed. = The remainder of Yahoo, which Verizon did not buy, comprised of stakes in the Chinese retailer Alibaba and Yahoo Japan, and was renamed Altbaba. 1.17.2 Case Study Attack on Adult Friend Finder [[0.1.17.2 Write a case study attack on Adult Friend Finder. (Ref, Seo. 1.17.2) _ (6 Marks)] " — A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts. - The news was made public by LeakedSource, who said that the hackers targeted Friend Finder Network Inc, the parent company of AdultFriendFinder, in October 2016 and stole data that stretched back over the last 20 years. - Affected sites include not just AdultFriendFinder but also adult webcam sites Cams.com, iCams.com, and Stripshow.com, as well as Penthouse.com. — At the time of writing, AdultFriendFinder has not published any statement on its website about the security breach. - The AdultFriendFinder website appears to have been hacked, exposing the personal information of hundreds of millions of user accounts. ~ The attack happened at around the same time as one security researcher, known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. 1.17.3 Case Study Attack on eBay ~ Cyber Attack on eBay in 2014. We will study what are the parameter and reasons for cyber attack. vA Bay has been described as the “golden goose” ‘The some information is address, Physical address, Not encrypted like Customer ni Phone number, Date of birth, It's Shocking that Bay would choose not to encry; ame Encrypted Passyon Between mid of month May and July 2017 hackers accessed ~ Through a publicised data held by Equifax. vulnerability in a web application, for which there was a well-known Patch available. — Apparently six weeks made by Equifax. may be that Equifex knew about the breach for more than six weeks. Visa and MasterCard also sent confidently alerts to financial institutions across the United States, parning them about more than 200,000 credit cards that were stolen in the epic daa breach. elapsed between them the breach was discovered and noticaon being 1.17.5 Case Study Attack on WannaCry ~ It was a cyber attack conducted on a large scale, targeting only the Microsoft Windows operating systems. Bh eric rinsong ome B.Sc.- Comp Vy) 1-45 Info. Sec.: Attacks & Vulnerabilities = In this attack, the ransom ware would encrypt all the files in your computer. To remove such encryption, one was asked to pay approximately $300 worth in bit coins, with a Geadline = The main victims of each cybercrime were Windows 8, 2003 and XP users, because the Jast released security update for XP was in April 2014, and many did not install the newer ‘update as of March that year - Microsoft had stopped supporting these versions of windows, but an emergency update was released for them to fight this cyber attack. — ‘There were many using an unlicensed windows software. This makes them all the more vulnerable. — The attack is believed to have been carried out using tools that were stolen from the US security agency NSA, which had been stockpiling on a number of vulnerabilities around ‘Windows OS, MacOS, etc. — The WannaCry ransomware attack had exploited vulnerability in Windows OS called EtemalBlue. = ‘This attack impacted a number of businesses, institutions and hospitals all over the world. — Businesses like Nissan and Renault had to pause their activities after some of their ‘computers were affected. = In hospitals, computer systems used for various purposes were affected, like MRI scanners ‘and computers. 4 ‘L176 Case Study Attack on Target Stores ~ In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. ~ Target shoppers got an unwelcome holiday surprise in December 2013 when the news came out 40 million Target credit cards had been stolen. ena

    You might also like