Title: Nitin Pandey at SUDO CON Colombo Sri Lanka 2019
1 ???????? ???????????
2 WHO AM I
Nitin Pandey
- A Cyber Security Professional
- Chairman of National Information Security Council
- Founder of Hackers Day
- Chair Member of National Cyber Safety Security
Standards - Technical Head of Digital 4n6 Journal
- Former Head of DEF CON OWASP Lucknow
3 The Next Dimension Of National Security Cyber
Security
4CYBER SPACE
5SOME FACTS!
- Privacy is a big challenge!
- WhatsApp Web Case study Husband Wife!
- Giant companies have Data which is so much
precious. - Over 2 Trillion Searches on Google per year!
- Do we pay for using services of Google, Facebook
etc? - Then how they earn money? They sell our Data!!
- Is it legal?
- 150 Billion emails are being send everyday!
- Gmail case study Boy emailed his mother!
- I have broken up with my girlfriend I am very
depressed - --gtKeywords, Filters monitoring!
- Google is tracking our location which is called
Big Data Analysis!
6Introduction to Hacking
Hacking is the art of exploiting computers,
networks, mobile devices etc. to get access to
otherwise unauthorized information. It is done by
identifying weakness in computer systems or
networks to exploit its weaknesses to gain access.
7Introduction to Ethical Hacking
- Ethical Hacking is identifying weakness/vulnerabil
ities in computer systems and/or computer
networks and coming with countermeasures that
protect the weaknesses. Ethical hackers must
abide by the following rules. - Get written permission from the owner of the
computer system authorities and/or computer
network before hacking. - Protect the privacy of the organization been
hacked. - Transparently report all the identified
weaknesses in the system to the organization. - Inform hardware and software vendors of
the identified weaknesses.
8Why Ethical Hacking?
- Information (Data) is one of the most valuable
assets of an organization. Keeping information
secure can protect an organizations image and
help to save a lot of money. - Hacking can lead to loss of business for
organizations that deal in finance such as
PayPal. Ethical hacking puts them a step ahead of
the cyber criminals who would otherwise lead to
loss of business. - Whole world is moving into Digital world,
therefore keeping this digital world safe is very
important.
9Types of Hackers
- WHITE HAT HACKERS Ethical Hackers are White Hat
Hackers. They gain access to systems with an
intention to fix the identified vulnerabilities.
They may also perform Penetration Testing and
Vulnerability Assessments (VAPT). - BLACK HAT HACKERS A hacker who gains
unauthorized access to systems for personal gain.
The intent is usually to steal sensitive data,
violate privacy rights, transfer funds from bank
accounts etc. - GREY HAT HACKERS A hacker who is in between
ethical and black hat hackers. They break into
computer systems without authority with a view to
identify weaknesses and reveal them to the system
owner or sell them. - HACKTIVIST A hacker who use hacking to send
social, religious, and political, etc. messages.
This is usually done by hijacking defacing
websites and leaving the message on that website.
10Basics
SERVER A server is a computer that serves many
kinds of information to user or client machines.
Usually a server will only do a few things for
many clients. Every type of thing a server does
is called a service. Services are used by other
computers that are called clients. The
relationship between client and server is called
a client-server relationship. For example,
HackersDay has web servers which have a service
for sending web pages over the Internet. Our
client computer talks to HackersDay's web page
service to get web pages for us.
11Basics
- TYPES OF SERVERS
- Application Server
- Proxy Server
- Mail Server
- Virtual Server
- File Server
12Basics
IP ADDRESS The Internet Protocol (IP) is the
method or protocol by which data is sent from one
computer to another on the Internet. Each
computer (known as a host) on the Internet has at
least one IP address that uniquely identifies it
from all other computers on the Internet.
13IP ADDRESS The Internet Protocol (IP) is being
allotted by an authority named as IANA (Internet
Assigned Numbers Authority) to ISPs. Static
IPs Never changes Dynamic IPs Periodically
changes
14Case Study on IP Address
- A terrorist attack was happened in 2008 in Mumbai
remembered as 26/11. - The terrorist organization took the
responsibility via an Email - Police traced the email to know its IP Address
- Police requested Google to give the information
of IP Address - Google asks time in GMT (Greenwich Mean Time)
- Our great Investigators gave time in IST (Indian
Standard Time) - They arrested an innocent engineer in Bengaluru.
15DoS Attack
Denial of Service (DoS) Attack is a malicious
attempt by a person or a group of people to cause
the victim, site or node to deny service to its
customers. DoS when a single host attacks DDoS
when multiple hosts attack simultaneously Purpose
Purpose is to shutdown a site. Purpose may be
extortion, demand of ransom or social action
including terrorism. Revenge/Hacktivism or Just
for fun!
16History
- Morris Worm (Nov 2, 1988)
- First Denial of Service (DoS) Attack to cripple
large amount of network infrastructure. - It took around 3 days to come under control.
- Ultimately infected around 10 of Internet
Computers.
17Denial of Service Attack
18Distributed Denial of Service (DDoS) Attack
A distributed denial-of-service (DDoS) attack is
an attack in which multiple computer systems
attack a target, such as a server, website or
other network resource, and cause a denial of
service for users of the targeted resource.
19Distributed Denial of Service (DDoS) Attack
20DDoS Attack Demo using HOIC
As you can see, DDoS Attack is running on
targeted website.
21DDoS Attack Demo using HOIC
Now you can see the targeted website is down
because of DDoS Attack.
22Precautions to prevent DDos attack
- Use CloudFlare
- Use a good Firewall
- Always upgrade your servers operating system
- Upgrade the firmware of routers similar devices
- Update programs used on server
- Monitor your Network traffic continuously
- Identify the Attackers IP address block it
23Mobile Hacking Security
MOBILE TECHNOLOGY Mobile Technology is a
technology used for cellular communication.
24Mobile Hacking Security
- MOBILE TECHNOLOGY
- Who are the top contenders in the global mobile
OS market? - Android 84.1
- IOS - 14.8
- Microsoft 0.7
- RIM 0.2
- (Statistics source statista.com)
- According to Google, over 1.4 billion people
across the globe are using Android devices.
25Mobile Hacking Security
- APK
- Android Application Package File (APK) is the
file format used to distribute install
application software onto Googles Android OS. - An APK file contains all of that programs code
(such as .dex files), resources, assets,
certificates etc. - APK files are ZIP file formatted packages based
on the JAR file format, with .apk file
extensions.
26Mobile Hacking Security
27Mobile Hacking Security
- Mobile Hacking Tools
- cSpoit
- Hackode
- zANTI
- AndroRAT
- FaceNiff
- Shark for Root
- Droidsheep
- DroidBox
- Nmap
- xNore
28Unwanted Permissions Data Privacy
29Mobile Hacking Security
30What can we do to protect ourselves?
- Keep your OS up to date
- Keep your Applications up to date
- Never install untrusted apps
- Always lock your phone with a strong Password/Pin
- Never give your phone to untrusted person
- Do not root your phone
- Turn off external communication when not in use
ex Bluetooth, Hotspot - Make sure Verify Apps option is turned-on
- Do not allow USB Debugging unless needed
- Keep an eye on Permissions apps are asking for
- Install Antivirus
- Backup your Data
31 SOCIAL ENGINEERING Art of Human Hacking
We Humans are the most vulnerable thing in
this world. We trust easily, we make friends
easily, we share our Information publicly. By
doing this, we allow Social Engineers to exploit
our Brains vulnerability Social Engineering is
the art of manipulating people to gain their
confidential information. Phishing is the most
common type of Social Engineering.
32PHISHING
Phishing is the Most Effective attack, even
Today! Phishing is a type of social engineering
attack often used to steal user data, including
usernames, passwords and credit/debit card
details. It occurs when an attacker, pretends as
a trusted entity, dupes a victim into opening a
link, email, instant message, app or text
message.
33PHISHING
- Common misconceptions are
- I have Nextgen firewall
- My content gateway is good
- Our e-mail protection will take care of it
- Endpoint will make sure, phish does not cause
damage.
34PHISHING
- The fact is
- Despite all protection, phish mails get through
- Most people still can not recognize sophisticated
phish - Employees have a tendency of clicking on urgent
stuff - Phishing is still one of the most successful
attack vector
35PHISHING
36PHISHING
Fake Login Page
37PHISHING
Fake Login Page DEMO
38PHISHING
Source Codes
39CLICKJACKING
Clickjacking (classified as a User Interface
redress attack or UI redressing) is a malicious
technique of tricking a user into clicking on
something different from what the user perceives,
thus potentially revealing confidential
information or allowing others to take control of
their computer while clicking on seemingly
innocuous objects, including web pages. A
clickjack takes the form of embedded code or a
script that can execute without the user's
knowledge, such as clicking on a button that
appears to perform another function.
40CLICKJACKING ATTACK EXAMPLE
- The attacker creates an attractive page which
promises to give the user a free trip to England. - In the background the attacker checks if the user
is logged into his banking site and if so, loads
the screen that enables transfer of funds, using
query parameters to insert the attackers bank
details into the form. - The bank transfer page is displayed in an
invisible iframe above the free gift page, with
the Confirm Transfer button exactly aligned
over the Receive Gift button visible to the
user. - The user visits the page and clicks the Book My
Free Trip button. - In reality the user is clicking on the invisible
iframe, and has clicked the Confirm Transfer
button. Funds are transferred to the attacker. - The user is redirected to a page with information
about the free gift (not knowing what happened in
the background).
41CLICKJACKING
42CLICKJACKING TEST- Is your site vulnerable?
- A basic way to test if your site is vulnerable to
Clickjacking is to create an HTML page and
attempt to include a sensitive page from your
website in an iframe. - View the HTML page in a browser and evaluate the
page as follows - If the text Website is vulnerable to
clickjacking appears and below it you see the
content of your sensitive page, the page is
vulnerable to clickjacking. - If only the text Website is vulnerable to
clickjacking appears, and you do not see the
content of your sensitive page, the page is not
vulnerable to the simplest form of clickjacking.
43SOCIAL ENGINEERING SPAMMING/SPOOFING
Spamming is when one person or company sends an
unwanted email to another person. Spam emails are
the computer version of unwanted "junk mail" that
arrives in a mailbox, such as advertising
pamphlets and brochures. But Attackers use
spamming as a strong weapon against victims by
sending fake emails (Email Spoofing) which could
be a phishing site, CSRF Form, Cookie stealing
etc.
44EMAIL SPOOFING EXAMPLE
Fake Email
45EMAIL SPOOFING EXAMPLE
Fake Email Received
46PROXY SERVERS
A proxy server, also known as a "proxy" or
"application-level gateway", is a computer that
acts as a gateway between a local network (e.g.,
all the computers at one company or in one
building) and a larger-scale network such as the
internet. Proxy servers provide increased
performance and security. Public Proxy Servers
helps you to protect your identity and bypass
surfing restrictions. It can be used for
Anonymous Surfing.
47How Proxy Servers Work?
48VIRTUAL PRIVATE NETWORK (VPN)
A virtual private network (VPN) is a technology
that creates a safe and encrypted connection over
a less secure network, such as the internet.
Virtual Private Networks, like proxies, make your
traffic appear as if it comes from a remote IP
address. But thats where the similarities end.
VPNs are set up at the operating system level,
and the VPN connection captures the entire
network connection of the device it is configured
on. This means that unlike a proxy server, which
simply acts as a man-in-the-middle server for a
single application (like your web browser or
BitTorrent client). Where proxies only secure
your web browser, VPNs secure and encrypt your
entire online network.
49How VPN Works?
50WORLD WIDE WEB
The World Wide Web (WWW), also called the Web, is
an information space where documents and other
web resources are identified by Uniform Resource
Locators (URLs), interlinked by hypertext links,
and accessible via the Internet.
51TYPES OF WEB
- SURFACE WEB
- DEEP WEB
- DARK WEB
- (Anonymous)
52SURFACE WEB
The Surface Web (also called the Visible Web,
Indexed Web, Indexable Web or Lightnet) is the
portion of the World Wide Web that is readily
available to the general public and searchable
with standard web search engines.
53DEEP WEB
The deep web, invisible web, or hidden web are
parts of the World Wide Web whose contents are
not indexed by standard web search engines for
any reason. The content of the deep web is hidden
behind HTTP forms, and includes many very common
uses such as web mail, online banking, etc.
Content of the deep web can be located and
accessed by a direct URL or IP address.
54DARK WEB (Anonymous)
The dark web is the World Wide Web content that
exists on darknets, overlay networks that use the
Internet but require specific software,
configurations or authorization to access.
Darknet websites are accessible only through
networks such as Tor ("The Onion Routing"
project) and I2P ("Invisible Internet Project").
Tor browser and Tor-accessible sites are widely
used among the darknet users and can be
identified by the domain ".onion".
55TOR
Tor is free software and an open network for
enabling anonymous communication. Tor was
originally called "The Onion Router" because it
uses a technique called onion routing to conceal
information about user activity. TOR Browser is
mainly used to access Dark Web.
56CASE STUDY Disclaimer DO NOT ENTER INTO DARK WEB
WITHOUT HAVING GOOD KNOWLEDGE OF IT IT COULD PUT
YOU IN TROUBLE
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
- Google or YouTube Christchurch Mosque Attack
Full Video - Look at Search Results
- You wont find the video of the Attack (except
some clips) because it has been removed from
Surface Web.
57CASE STUDY
58CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
Now I will open Tor Browser and enter this url
http//hss3uro2hsxfogfq.onion/ (not Evil)
59CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
60CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
61CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
62CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
63RED ROOM DEEP WEB Disclaimer
I do not encourage accessing the Red room in any
way. Its just an educational guide to enlighten
you on the facts about the Red room.
64RED ROOM DEEP WEB
Red Room is such type sites which deliver
streaming live shows, these live shows have mind
disturbing contents like as previously define
Murder, rape, tortures, snuff and so on, here
site admin sale shows access in very high Bitcoin
price. These access plans have specific on demand
features, like as client can request for any type
actions like slapping, killing, fighting, cutting
any body part or anything else.
65RED ROOM DEEP WEB
66PASSWORD ATTACKS
- What is Password?
- String of characters for authentication and log
on computer, web application, software, files,
mobile phones etc. - Password Cracking Concept
- Guessing or recovering a password
- Unauthorized access
- To recover a forgotten password
67TYPES OF PASSWORD ATTACKS
- Dictionary Attack
- Brute Force Attack
- Keylogger Attack
- Phishing
- Password Guessing
- Rainbow Table Attack
68GUESSING TECHNIQUE
In this attack, attacker guesses all the possible
passwords of the victim such as victims DOB,
Mobile number, Fav. Celebritys name, default
login credentials such as (usernameadmin
passwordpassword), qwerty, 123456 etc. Almost
65 passwords all around the globe are easy to
guess because they are very simple common
passwords.
69PHISHING TECHNIQUE
In this attack, attacker tries to manipulate
victim to browse his malicious link which looks
like original. Once the victim enters his/her
login credentials and pressed Enter or Login, the
malicious script will capture his/her username
password send it to attackers server in plain
text format.
70DICTIONARY ATTACKS
Dictionary attacks work on the assumption that
most passwords consist of whole words, dates, or
numbers taken from a dictionary. Dictionary
attack tools require a dictionary input list.
71BRUTE FORCE ATTACK
A brute-force attack consists of an attacker
submitting many passwords or passphrases with the
hope of eventually guessing correctly. The
attacker systematically checks all possible
passwords and passphrases until the correct one
is found.
72RAINBOW TABLE ATTACK
A rainbow table attack is a type of hacking
wherein the attacker tries to use a rainbow hash
table to crack the passwords stored in a database
system. A rainbow table is a hash function used
in cryptography for storing important data such
as passwords in a database.
73DEMO Using Cain Abel
- Dictionary attack using MD5 (Message-Digest
algorithm) hashes - Brute force attack using MD5 hashes
- Windows Password using NTLM (NT LAN Manager)
hashes
74WEB APPLICATION PENETRATION TESTING
Web application security is a branch of
information security that deals specifically with
security of websites, web applications and web
services. At a high level, web application
security draws on the principles of application
security but applies them specifically to
internet and web systems.
- VISIT www.owasp.org and learn OWASP TOP 10.
- OWASP Testing Guide
- Tools for Practice such as DVWA
- Bug Hunting
75OWASP TOP 10
76Most common Web App Vulnerabilities
- Command Injection An attack in which the goal is
execution of arbitrary commands on the host OS
via a vulnerable application. - SQLi (Structured Query Language Injection) An
injection attack wherein an attacker can execute
malicious SQL statements (also commonly referred
to as a malicious payload) that control a web
application's database server. - CSRF (Cross-Site Request Forgery) An attack that
forces an end user to execute unwanted actions on
a web app in which they're currently
authenticated. - XSS Cross Site Scripting is a type of computer
security vulnerability typically found in web
apps. It enables attackers to inject client-side
scripts into web pages viewed by other users. A
XSS vulnerability may be used by attackers to
bypass access controls such as the same-origin
policy. - XSS reflected It involves the reflecting of a
malicious script off of a web app, onto a users
browser. The script is embedded into a link, and
is only activated once that link is clicked on. - XSS stored It is also known as persistent XSS,
is the more damaging of the two. It occurs when a
malicious script is injected directly into a
vulnerable web application.
77Web App Pentesting using DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web
application that is damn vulnerable. Its main
goals are to be an aid for security professionals
to test their skills and tools in a legal
environment, help web developers better
understand the processes of securing web
applications and aid teachers/students to
teach/learn web application security in a class
room environment.
78Install XAMPP Server
XAMPP is a free open-source cross-platform web
server solution stack package developed by Apache
Friends, consisting mainly of the Apache HTTP
Server, MariaDB database, and interpreters for
scripts written in the PHP and Perl programming
languages.
79DEMO
- Command Injection
- SQLi
- CSRF
- XSS reflected
- XSS stored
80WEB APP SEC BUG BOUNTY
- STEP 1) Start Reading OWASP TOP 10, OWASP Testing
Guide v4! - STEP 2) Practice what you are learning!
- STEP 3) Read technical write-ups POCs from
other hunters watch tutorials on YouTube! - STEP 4) Join bug bounty communities!
- STEP 5) Start reporting bugs!
- STEP 6) Keep trying harder!
81BUG BOUNTY PLATFORMS
- Bugcrowd
- Synack
- Intigriti
- HackerOne
- HackTrophy
- PlugBounty
- HackenProof
- Bounty Factory
- BountyGraph
- Open Bug Bounty
82MALWARE
- MALWARE Malware, or malicious software, is any
program or file that is harmful to a computer
user. Malware includes computer viruses, worms,
Trojan horses and spyware. - VIRUS A computer virus is a type of malicious
software that, when executed, replicates itself
by modifying other computer programs and
inserting its own code. - WORM A computer worm is a standalone malware
computer program that replicates itself in order
to spread to other computers. - TROJAN A Trojan horse or Trojan is a type of
malware that is often disguised as legitimate
software. Trojans can be employed by
cyber-thieves and hackers trying to gain access
to users' systems. Users are typically tricked by
some form of social engineering into loading and
executing Trojans on their systems.
83SAUDI ARABIA SUFFERED One of WORLDS BIGGEST
CYBER ATTACK IN 2012
- The Shamoon virus operates like a time bomb. It
was used in the huge cyberattack in August 2012
on Saudi Aramco, the world's biggest oil company. - Within a matter of hours, 35,000 computers were
partially wiped or totally destroyed in that
attack. It forced one of the most valuable
companies on earth back into 1970s technology,
using typewriters and faxes. - Not just once but Shamoon came back again in
November 2016 as Shamoon 2. Impact was similar.
Then 3rd wave of attack happened in January 2017
of Shamoon 2 Virus.
84(No Transcript)
85What is Ransomware?
It is a type of malicious software that threatens
to publish the victim's data or block access to
it unless a ransom is paid. A more advanced
malware uses a technique called cryptoviral
extortion, in which it encrypts the victim's
files, making them inaccessible, and demands a
ransom payment to decrypt them.
Expose Data Threatens to publish the Sensitive
Data online.
Block Access to Data Prevents the user from
accessing the Data Stored.
Demand Ransom Compels the user to pay ransom to
retrieve the Data.
86Mode of Infection How does your system get
infected?
Ransomware kits on the deep web have allowed
cybercriminals even with no technical background
to purchase inexpensive Ransomware programs and
launch attacks with very little effort. Attackers
may use one of several different approaches to
extort digital currency from their victims.
87Why do they target Businesses?
88Because thats where the money is Careless on
Security and Face the Facts!
- Because a successful infection can cause major
business disruptions, which will increase their
chances of getting paid. - Because small businesses are often unprepared to
deal with cyber attacks.
High Chance Chances of getting paid is high
?
?
No report and Fear Damage Businesses would rather
not report an infection for fear or legal
consequences and brand damage
Higher Complexity Higher Vulnerability Computer
systems in companies are often complex and prone
to vulnerabilities
89Cases of Ransomware Around the World
90R
Ukrainian Central Bank
91WannaCry Ransomware
92(No Transcript)
93What is wannacry ransomware?
- A tool first uncovered by NSA (National Security
Agency) and then released by hackers on the
internet became one of the most prolific cyber
attacks ever happened around the globe. - WannaCry Ransomware Cryptoworm, which targeted
systems by encrypting data and demand ransom in
the Bitcoin. - More than 2.5 lac computers in 150 countries
have been affected, with victims including
hospitals, banks, telecommunications companies
and warehouses - A Kill Switch" was found and could be used to
shut down the software. - Russia was the most affected Nation. More than
1000 computers at the Russian Interior Ministry
got affected by WannaCry. A telecom giant Megafon
had also been targeted in Russia.
94KASPERSKY LAB Report
95Not-Petya Ransomware
96(No Transcript)
97Not-Petya ransomware
- Many organizations in Europe and the US have been
crippled by Petya attack. - Its the second major global ransomware attack in
the past six months. - Petya checks for a read-only file and if it
finds it, it wont run the encryption. - Majority of infections have occurred in Ukraine
and Russia, but some big names in the West have
also suffered. - The attack appears to have been seeded through a
software update mechanism built into an
accounting program that companies working with
the Ukrainian government need to use.
98(No Transcript)
99Locky Ransomware
100(No Transcript)
101Bad Rabbit Ransomware
102(No Transcript)
103QUESTION RAISED!
104- If National Security Agency (NSA) is incapable
to secure its tools then why do they make such
dangerous tools which could make the whole world
in trouble. Their tools are getting leaked one by
one, still why they are incapable to secure them?
105CYBER EXTORTION
- Cyber extortion is a crime involving an attack,
threat of attack, blackmailing coupled with a
demand for money to stop the attack or for
various reasons in other cases. It can take many
forms. Originally, denial of service (DoS)
attacks against corporate websites were the most
common method of cyber extortion. But nowadays
cyber criminals are using so many tactics. For
example they may use Ransomware" to encrypt your
data, which means you can't read your data
without the encryption key and the
cybercriminal will ask you to pay a ransom to get
decryption key in form of Digital currency
(Bitcoins).
106METHODS USED FOR CYBER EXTORTION
107VAPT
- VAPT is a step by step process. Vulnerability
Assessment is the process of scanning the system
or software or a network to find out the weakness
loophole in that. Penetration Testing is the
process of launching real world, secure attacks
on systems help to identify the extent of
exposures without causing any harm to existing
data systems. - VAPT PROCESS
- FOOTPRINTING INFORMATION GATHERING
- (Whois lookup, Extracting info from DNS, e-mail
servers, Social Engineering) - SCANNING
- (Pings, Port Scanning, Vuln. Scanning)
- EXPLOITATION
- (Metasploit, Password Cracking, Sniffing network
traffic, Interrogating web serversNIKTO,
Spidering targets website) - MAINTAINING ACCESS
- (Netcat, Netbus, Rootkits)
108PHASE 1 FOOTPRINTING INFORMATION GATHERING
- Footprinting Information Gathering refers to
uncovering collecting as much Info as possible
about the target network. -
109FOOTPRINTING INFO GATHERING METHODOLOGY
- Searching for the target company in a search
engine such as Google. -
110FOOTPRINTING INFORMATION GATHERING
- Locating Internal URLs
- Internal URLs provide an insight into different
departments business units in an organization. - You may find an internal companys URL
- Tools to search internal URLs
- Google Dork
- https//news.netcraft.com
- https//www.webmaster-a.com/link-extractor-interna
l.php -
111FOOTPRINTING INFORMATION GATHERING
112FOOTPRINTING INFORMATION GATHERING
113- Mirroring Entire Website
- Web mirroring tools allows us to download a
website to a local directory, building
recursively all directories, html files, images,
videos other files from server to our computer.
FOOTPRINTING INFORMATION GATHERING
114- Scanning refers to a set of procedures for
identifying hosts, ports services in a network. - Scanning is one of the components of intelligence
gathering for an attacker to create a profile of
the target organization.
PHASE 2 SCANNING
115TYPES OF SCANNING
116Nmap
- Nmap is a free open source tool for network
exploration. - It is designed to rapidly scan large networks.
117Nmap Scan Options
118Nessus
- Nessus is a client server-based, open source
vulnerability scanner. - It will scan a target computer for open ports
known vulnerabilities report any found issues.
119PHASE 3 GAINING ACCESS
- Gaining access refers to penetration phase. The
attacker exploits the vulnerability in the
system. - The exploit can occur over a LAN, the internet,
or as a deception, or theft. Examples include
Buffer Overflow, DoS, Session hijacking
Password cracking. - The attacker can gain access at the operating
system level, application level or network level.
120PHASE 4 MAINTAINING ACCESS
- Maintaining access refers to the phase when the
attacker tries to retain his/her ownership of the
system. - The attacker has compromised the system.
- Attacker may harden the system from other hackers
as well by securing their exclusive access with
Backdoors, RootKits or Trojans. - Attacker may upload, download or manipulate data,
applications and configurations on the owned
system.
121PHASE 5 COVERING TRACKS
- Covering tracks refer to the activities that the
attacker does to hide his misdeeds. - Reasons include the need for prolonged stay,
continued use of resources, removing evidence of
hacking or avoiding legal actions. - Examples include altering the log files.
122 123SYSTEM HACKING METHODOLOGY
124TO LEARN MORE
PLEASE DONT HACK ME!! VISIT THIS
SITE https//please.dont-hack.me/books/hacking/
125INDIA LOVE SRI LANKA
126THANK YOU !
NITIN PANDEY Contact 91 8922929191 Email
initinpandey_at_gmail.com Facebook
facebook.com/initinpandey LinkedIn
linkedin.com/in/initinpandey1 Twitter
_at_initinpandey