Hacking
Submitted to: Mr. Abhishek dixit Submitted by: Aman B-Tech(H) M-tech cse Section-144 Roll no-54 Reg. no-7050070092
�Hacking
Submitted to: Mr. Abhishek dixit Submitted by: Aman B-Tech(H) M-tech cse Section-144 Roll no-54 Reg. no-7050070092
�Hacking Everything & Everyone
�What is Hacking ?
The act of gaining unauthorized access to computer systems for the purpose of stealing and corrupting data. Types Of Hackers: Black Hats - Malicious hackers White Hats - Ethical hackers Grey Hats Ambiguous
Search Engines Efficient ( Google most effective) Around 12 Billion Pages Starting point of many hacking activities. .. Can you believe it? Infact, One of the most interesting uses of Google
�Hacking your Home.
What is in your castle?
SSN Card? Financial Records? Medical records? Checkbook? Additional ID? Physical Security is more important than ever! Locks, Alarms, Safes, Dogs, Lasers!
�Hacking your person Wallets and purses Check books $10,000 Bills Theft, duplication Phone,Cameras. Keep your stuff on you Hide your card with your body....
�Hacking your network
�Hacking your network
Internet Connection Wireless Worms Uninvited guests Wrong network?? Dont make your Laptop be an AP (No Ad-Hoc!) Secure your wireless Encrypt! Address Filter! Make sure youre on the right network!
�Hacking your PC
Whats on it? Banking, Taxes, Medical Records Cookies! Browser History! Password file?? How do they get in? Viruses/Trojans Spyware Keyloggers Remote Control
�Discussion on Hacking
Web hacking..
Google hacking
�HaX0rz Toolkit
Complicated sploits that need a
Bachelors degree to understand and Use Scripts in various languages and syntaxes like C, PERL, gtk and bash Automated scanning tools like nmap and nessus A web browser
�Web hacking
A Web surfing.. 1. Is easy to do, 2. Is Operating System independent, 3. Doesnt require intimate knowledge of the system, 4. Provides access to vast amounts of data
and information, 5. and topped off with all kinds of data mining tools
�Web Features
Reverse phone number searches Detailed address topological maps Satellite photography of target area Resumes Phone and Email lists Likely targets described in detail Exploit information easy to obtain
Data aggregation makes it more serious
�What Well Learn
Methods of Reconnaissance The level of sensitive detail companies and organizations leave exposed to the Internet The level of detail about specific people on the Internet The effect of data aggregation on
privacy
�More Web Hacking
Search engines are a treasure trove of information Weve looked at general web search engines, but lets now look at more information specific sites
Administrative web servers Reconnaissance from the sky Proxies
�Final Thoughts
We have shown a few ways that a web browser can be used to gather huge amounts of target information, and a few ways the web browser can be used to exploit trivial vulnerabilities There are many more online services like the ones pointed out in this presentation It is easy to collect and analyze this information to produce thorough profiles
�GOOGLE HACKING !!
Introduction What is Google Hacking/GHDB ? GHDB Johnny Long How it works ? Possible Reasons Approaches to AVOID/RESOLVE Googles Response (GHH) SPI Labs Solution
�Google Hacking
Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.. The whole Idea !! Web pages are: [Link] /2005/[Link] Crawled/Indexed (typically, once 2 weeks) Cached Hackers query this information (Reconnaissance) - inurl and allintitle - Once Indexed Its cached a) Contact Google ([Link] b) Contact Other Search engines - Google performs the dirty work (password embedded urls)
From the Google Hacking Database: Error messages that contain too much information. Password Files and Sensitive directories Pages containing logon portals. Pages containing network or vulnerability data such as firewall logs.
�PRIMARY REASONS
People Negligence Called GoogleDorks Increase in number of Remote administrative
tools Security holes in the Networks Poor site configuration e.g. Securing admin panel - .htaccess procedure (passowrd protection on HTML documents)
�Probable Solutions : Avoid/Resolve ?? Google Hack Honeypot ( GHH) - reconaissance against attackers
�Automatic Scanners:
Web Vulnerability Scanners : Scan the website and point out potential security issues. - Need to be Configured properly. - Not 100% efficient Examples : Nikto, Paros Proxy, WebScarab, WebInspect SPIDYNAMICS (Web Inspect): Pick a Scanning Tool (possibly executing Java Script/Submit Forms) Appropriately Configure the Tool and Kick it off Sort the Results Use a Scanner to run Queries Scan the SiteTree (WebInspect displays the SiteTree in a explorer view) Check for /admin folders Check for passwords kind of files Scan the Content of the results
�GENERAL RULES to AVOID HACKING
Best Practices: Security - development stage Access Controls Maintenance: Run Scanners Use [Link] carefully Change default error messages. Password Protection to critical data
Password Encryption
�References:
[Link] [Link]
_gci1151189,[Link] [Link] [Link] [Link]
