4.hacking (Autosaved)

•
identifying and exploiting vulnerabilities in computer and network

systems to gain access
• Fraudulent act.
Hacking
• Hacking is the process of gaining unauthorised access to data that's
held on a computer, system or network.
• Hackers, or those who practice hacking, will access systems in a way
that the creator or holder did not intend
Phases in hacking
[Source: Phases of Hacking | Ethical Hacking (greycampus.com)/
Ethical Hacking Basic Concepts (linuxhint.com)
• There are mainly 5 phases in hacking.

• Not necessarily a hacker has to follow these 5 steps in a sequential
manner.
• It’s a stepwise process and when followed yields a better result.
Categories of Hackers
1. White Hat: Ethical Hackers
2. Black Hat: Crackers-personal gain
3. Grey Hat: Grey Hat hackers are at the borderline between White
Hat and Black Hat hackers. break into computer or network systems
without authorization to identify vulnerabilities, but presents these
weaknesses to the owner of the system.
4. Script Newbies: new programmers or non-skilled personnel who
use various hacking tools made by other hackers
From Security in Computing, Fifth Edition, by Charles P.

Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by 4
Pearson Education, Inc. All rights reserved.
5. Hacking Activists (“Hacktivists”): “Hacktivist” hackers might have a
social, political, or religious agenda as their justification for hacking
websites or other systems.
6. Phreakers: hackers who exploit telephones, rather than exploiting
computer or network systems.

Rules for Ethical Hacking
• Before hacking the network or computer system, first, you must

receive written permission from the system owner.
• Place top priority on protecting the privacy of the owner of the
hacked system.
• Report all the revealed vulnerabilities in a transparent way to the
owner of the hacked system.
• Software and Hardware vendors using that system or product must
also be informed about the system’s vulnerabilities.

Tools for ethical hacking
• John the Ripper-John the Ripper can work with many hash types.
• John the Ripper contains many scripts for various purposes, such as
unafs (warning about weak passwords), unshadows (passwords and
shadows files combined)
• Medusa- Brute-force login tool with a very fast, reliable, and modular
design. Medusa supports many services that allow remote
authentication.
• Hydra: password attack tool, can obtain unauthorized remote access to
a system. Hydra works with Cisco AAA, Cisco authorization, FTP, HTTPS
GET/POST/PROXY, IMAP, MySQL, MSSQL, Oracle, POP3, SMTP, and many
more.
• Metasploit Framework (MSF)-Metasploit Framework is a penetration testing
tool that can exploit and validate vulnerabilities. MSF is updated on a regular
basis; new exploits are updated as soon as they are published.
• Ettercap- Ettercap is a comprehensive toolkit for “man in the middle” attacks.
It supports sniffing of live connections, filtering out content on-the-fly.
Ettercap can dissect various protocols both actively and passively, and
includes many different options for network analysis, as well as host analysis.
• Wireshark -Wireshark was previously known as Ethereal. This tool is widely
used by industries, as well as educational institutes. Wireshark contains a
“live capturing” ability for packet investigation. For Network monitoring.

• Nmap (Network Mapper) Nmap is used by Pen testers and other
security professionals to discover devices running in their networks.
This tool also displays the services and ports of every host machine,
exposing potential threats. For Network Scanning
• Autopsy-Autopsy is an all-in-one forensic utility for fast data recovery
and hash filtering.

Phases of Hacking
• 1. Reconnaissance:
• It is also called as Footprinting and information gathering Phase.
• This is the preparatory phase where attacker collects as much
information as possible about the target ( information about 3 groups
collected)
• Network
• Host
• People involved
• There are two types of Footprinting:
• Active: Directly interacting with the target to gather information about the target.
Eg Using Nmap tool to scan the target
• Passive: Trying to collect the information about the target without directly
accessing the target (information from social media, public websites etc).
•
2. Scanning:
• Three types of scanning are involved:

• Port scanning: This phase involves scanning the target for the information like open ports, Live
systems, various services running on the host.
• Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be
exploited. Usually done with help of automated tools(OpenVas, BurpSuite, Nmap,Nexpose etc)
• Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host
information and drawing a network diagram with the available information.
3. Gaining Access:
• This phase is where an attacker breaks into the system/network using

various tools or methods.
• After entering into a system, he has to increase his privilege to
administrator level so he can install an application he needs or modify
data or hide data.
4. Maintaining Access:
• Hacker may just hack the system to show it was vulnerable or he can
be so mischievous that he wants to maintain or persist the connection
in the background without the knowledge of the user.
• This can be done using Trojans, Rootkits or other malicious files. The
aim is to maintain the access to the target until he finishes the tasks
he planned to accomplish in that target.
5. Clearing Track:
• An intelligent hacker always clears all evidence so that in the later

point of time, no one will find any traces leading to him.
• This involves modifying/corrupting/deleting the values of Logs,
modifying registry values and uninstalling all applications he used and
deleting all folders he created.
Phishing
• Phishing attacks are the practice of sending fraudulent
communications that appear to come from a reputable source.
• In a phishing attack, the email message tries to trick the recipient into
disclosing private data or taking another unsafe action.
• Phishing email messages purport to be from reliable companies such
as banks or other financial institutions, popular web site companies
(such as Facebook, Hotmail, or Yahoo), or consumer products
companies.
• The goal is to steal sensitive data like credit card and login
information, or to install malware on the victim's machine.
Phishing
• Social Engineering
• Fake Website
• Infect system
• General Phishing
• Spear Phishing
[Source:What is a phishing attack? | Cloudflare]
Types:
• General Phishing
• Phishing attacks prioritize quantity. The messaging in phishing emails, texts
or phone calls are generic and sent to a large group of individuals or
organizations in hopes of increasing the chance of “catching” a victim.
• Phishing attacks via phone calls are often called vishing for voice-phishing.
Attacks via text messages are known as smishing for SMS-phishing
Types:
• Spear phishing
• Spear-phishing is a type of phishing attack that targets specific individuals
or organizations typically through malicious emails.
• The goal of spear phishing is to steal sensitive information such as login
credentials or infect the targets’ device with malware.
• Spear phishers carefully research their targets, so the attack appears to be
from trusted senders in the targets’ life.
• A spear phishing email uses social engineering techniques to urge the
victim to click on a malicious link or attachment.
• Once the victim completes the intended action, the attacker can steal the
credentials of a targeted legitimate user and enter a network undetected
Phishing
Spear Phishing
How a Spear-Phishing Attack Works
• The personalized nature of spear phishing attacks is what makes them dangerous
and easy to fall for. Hackers use reconnaissance methods in their research so they
can increase the likelihood of a successful attack.
• Spear phishers frequent social media sites like Facebook and LinkedIn to gather
personal information about their target.
• They can also map out their target’s network of personal contacts, which gives
them more context to crafting a trustworthy message.
• More sophisticated attackers may also use machine learning algorithms to scan
through massive amounts of data and identify high level individuals they most
want to target.
How a Spear-Phishing Attack Works
• Being equipped with your personal data, spear phishers can then craft a seemingly
legitimate email that grabs their target’s attention.
• Many people let their guard down because of the personalized messages and don’t
think twice before clicking on a link or downloading an attachment.
• However, this mistake can lead to serious consequences such as stolen personal
information or a malware infection.
Type: Whaling
• A whaling attack prioritizes C-level targets. Whaling uses the same
personalized strategy of spear-phishing attacks, except attackers
specifically target higher level management to expose financial and
confidential information.
• Whaling attacks hope to extract more valuable, classified information by
taking down big targets, which can magnify the damage inflicted upon an
organization.
Whaling
• Smishing
• Smishing is an attack that uses text messaging or short message
service (SMS) to execute the attack.
• A common smishing technique is to deliver a message to a cell phone
through SMS that contains a clickable link or a return phone number.
• Vishing
• Vishing has the same purpose as other types of phishing attacks.
• The attackers are still after your sensitive personal or corporate
information.
• This attack is accomplished through a voice call. Hence the “v” rather
than the “ph” in the name.
Brute force attacks (exhaustive search)
Brute force attacks are usually used to obtain personal information

such as passwords, passphrases, usernames and Personal
Identification Numbers (PINS), and use a script, hacking application, or
similar process to carry out a string of continuous attempts to get the
information required.
• Attackers use applications and scripts as brute force tools to bypass
authentication processes.
• Attackers try to access web applications by searching for the right
session ID.
• Attacker motivation may include stealing information, infecting sites
with malware, or disrupting service.
• Bots systematically attack websites and try these lists of credentials,
and notify the attacker when they gain access.
Types of Brute Force Attacks [source:
What is a Brute Force | Common Tools & Attack Prevention | Imperva]
Types of Brute Force Attacks [source:
What is a Brute Force | Common Tools & Attack Prevention | Imperva]
• Simple brute force attack—uses a systematic approach to ‘guess’ that doesn’t rely on outside logic.
• Hybrid brute force attacks—starts from external logic to determine which password variation may be
most likely to succeed, and then continues with the simple approach to try many possible variations.
• Dictionary attacks—guesses usernames or passwords using a dictionary of possible strings or phrases.
• Rainbow table attacks—a rainbow table is a precomputed table for reversing cryptographic hash
functions. It can be used to guess a function up to a certain length consisting of a limited set of
characters.
• Reverse brute force attack—uses a common password or collection of passwords against many
possible usernames. Targets a network of users for which the attackers have previously obtained data.
• Credential stuffing—uses previously-known password-username pairs, trying them against multiple
websites. Exploits the fact that many users have the same username and password across different
systems.
Brute Force Attacks (Contd..)
Why Do Brute Force Attacks Occur?
• Hackers want to get into other people’s systems for many reasons.
• Although sometimes their intentions can be unknown or personal, from
general assumptions.
Here are a few common reasons why a brute force attack occurs.
1. Exploit Activity Data for Financial Gains
• Hackers mostly invade systems or websites to gain financial benefits.
Usually, hackers profit from advertising commissions by placing spam ads on
websites.
• Whenever a user clicks an ad, the revenue goes to the hacker. Also, they sell
victims’ activity data at times.
2. Gain Access to Personal Data
• Hackers may launch a brute force attack to spoof a person’s identity.
They may use personal accounts to get user’s information, including
their medical records and financial details, which are exploited further
to launch wider attacks.
3. Spreading Malware
• Hackers can launch a brute force attack by spreading malware in the
target’s system.
• This helps the attackers access other connected systems and networks
and launch a wider attack against the target.
• Sometimes, the brute force attacks aren’t personal, as hackers may want
to showcase their hacking skills and try to play around with them.
4. Damage a Company’s Reputation
• Hackers also launch brute attacks to damage a company’s reputation by
stealing their confidential data or altering information.
• They do this in such a way that it goes against the company’s core
values.
values.
values.
How to
Prevent
Brute Force
Attacks
How to Prevent Brute Force Attacks
• Password Length
• The first step towards brute force attack prevention should be a longer
password length.
• Nowadays, many websites and platforms force their users to create a password
of a certain length (8 – 16 characters) so that it’s not easily guessed.
• Password Complexity
• Another important thing is to create a complex password to minify
vulnerabilities.
• Don’t use passwords like “ilovemycountry” or “password123456”; instead,
your password should have a combination of UPPERCASE & lowercase
alphabets and also use numbers and special characters to become more
complex.
• The complexity of the password delays the cracking process.
• Limit Login Attempts
• Limiting the login attempts on your WordPress admin or any other
admin panel also helps solidify your site’s security against brute force
attacks.
• Modifying the .htaccess file
• Adding a few rules in the .htaccess file further hardens your site’s
security.
• The objective is to allow access to wp-admin to only specific IP
addresses listed in the .htaccess file.
• For example, if your website receives five failed login attempts, it
should block that IP for a certain period to stop further attempts.
• Using Captcha
• Captchas are commonly used on websites to prevent bots from executing
automated scripts mainly used in brute force attacks.
• Two-Factor Authentication
• Two Factor Authentication is an extra layer of defense that decreases the
chances of brute force attacks.
• Cloudflare
• Cloudflare is a renowned service for WordPress that usually deals with
CDN and caching.
• Also, it offers a protective shield against Brute Force Attacks.
• It lets users set rules for accessing login pages and set browser integrity
checks.
Popular tools
• Hydra, john the ripper, Hashcat, Ncrack etc.
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks :
• A DoS (Denial of Service) attack aims at preventing, for legitimate users, authorized
access to a system resource .
The attacker uses specialized software to send a flood of data packets
to the target computer with the aim of overloading its resources
• DDoS ( distributed Denial of Service attacks)
• A denial-of-service attack in which the attacker gains illegal administrative access
to as many computers on the Internet as possible and uses the multiple computers
to send a flood of data packets to the target computer
• Attacks are called “distributed” when the attack traffic originates from multiple
hosts.
DOS attack
• Volumetric attacks: the entire bandwidth of a network is consumed
so the authorized clients will not be able to get the resources.
• Flooding the network devices like hubs or switches with numerous
Internet Control Message Protocol (ICMP) echo request/reply packets,
entire bandwidth is consumed, and no other clients are able to
connect with the target network.
Syn flooding:
• Is another attack where an attacker compromises multiple zombies and
simultaneously floods the target with multiple SYN packets. The target
will be overwhelmed by the SYN requests, either it goes down or its
performance is reduced drastically.
Fragmentation attacks
• Fights against the reassembling ability of the target.
• Numerous fragmented packets are sent to the target, making it
difficult for the target to reassemble them & denying access to the
valid clients.
DDoS attack
49/42
• DDoS attacks originate from Internet-connected PCs that are
compromised by malware. These PCs are called “bots” and are
typically under the control of a command-and-control (C&C) server
operated by the attacker or “botmaster”
• “Botnets” are a set of computers controlled by a C&C computer to
execute commands as directed.
• Computers become bots when attackers illicitly install malware that
secretly connects the computer to a botnet; attackers then perform
tasks such as sending spam, hosting or distributing malware, or
attacking other computers.
• Computers in a botnet are often called nodes or zombies.
• The DDoS attacks work in phases. In the first phase, the attacker
compromises the weak machines in the network from around the
world.
• In the second phase, a set of tools (also called malware) is installed on
the compromised systems to attack the victims by controlling them
from a C&C server.
Types of DDoS Attacks
• Flood or volumetric attacks— consumes all the available bandwidth

of or to a data center or a network, such as User Datagram Protocol
(UDP) floods, Internet Control Message Protocol (ICMP) floods and
Domain Name System (DNS) reflection.
• As a result, the legitimate user is no longer able to connect or access
the desired servers or applications.
• Connection state attacks—All network devices or systems (such as
firewalls, webservers and application servers) have internal tables
with some limited resource/capacity that are used to track the active
connections or disconnected connections.
• With this type of attack, the table is filled with many connections, so
the new user cannot make a connection.
• Sometimes these attacks cause device failures that result in all active
users losing connection.
• Application-layer attacks— application servers are overloaded with
so many requests for resources that all available resources are
consumed.
• Examples of these types of attacks include memory, processors,
malformed HTTP, HTTP get/post floods and DNS cache poisoning.
DNS poisoning
• Denial-of-service doesn’t provide direct benefits for attackers.
• For some of them, it’s enough to have the satisfaction of service denial.
• Another purpose of a DoS attack can be to take a system offline so that a
different kind of attack can be launched. One common example is session
hijacking,
Session Hijacking
• In this type of MitM attack, an attacker hijacks a session between a trusted client
and network server.
• The attacking computer substitutes its IP address for the trusted client while the
server continues the session, believing it is communicating with the client.
Botnets
• Botnets are the millions of systems infected with malware under
hacker control in order to carry out DDoS attacks.
• These bots or zombie systems are used to carry out attacks against
the target systems, often overwhelming the target system’s
bandwidth and processing capabilities.
• These DDoS attacks are difficult to trace because botnets are located
in differing geographic locations.
Mitigation
• RFC3704 filtering, which will deny traffic from spoofed addresses and help ensure
that traffic is traceable to its correct source network. For example, RFC3704
filtering will drop packets from bogon list addresses.
• Black hole filtering, which drops undesirable traffic before it enters a protected
network. When a DDoS attack is detected, the BGP (Border Gateway Protocol)
host should send routing updates to ISP routers so that they redirect all traffic
heading to victim servers.
Single Sign-On

Access Control

Access Policies
• Goals:
• Check every access
• Enforce least privilege
• Verify acceptable usage
• Track users’ access
• Enforce at appropriate granularity
• Use audit logging to track accesses

Implementing Access Control
• Reference monitor
• Access control directory
• Access control matrix
• Access control list
• Privilege list
• Capability
• Procedure-oriented access control
• Role-based access control
Reference Monitor

Access Control Directory

Access Control Matrix

Access Control List

Problems Addressed by Encryption
• Suppose a sender wants to send a message to a recipient. An attacker
may attempt to
• Block the message
• Intercept the message
• Modify the message
• Fabricate an authentic-looking alternate message

Encryption Terminology
• Sender
• Recipient
• Transmission medium
• Interceptor/intruder
• Encrypt, encode, or encipher
• Decrypt, decode, or decipher
• Cryptosystem
• Plaintext
• Ciphertext
Encryption/Decryption Process

Symmetric vs. Asymmetric

Stream Ciphers

Block Ciphers

Stream vs. Block
Stream Block
Advantages  Sp eed of  High d iffu s ion
t ra n s fo r m a t ion  Im m u n it y t o
 Low err or in s ert ion of
p r o p a ga t ion s ym b o l
Disadvantages  Low d iffu s ion  Slown es s o f

 Su s cep t ibilit y t o en cryp t ion
m a liciou s  Pa d d in g
in s ert ion s a n d  Er r or
m od ifica t ion s p r o p a ga t ion
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All 76
rights reserved.
DES: The Data Encryption Standard
• Symmetric block cipher
• Developed in 1976 by IBM for the US National
Institute of Standards and Technology (NIST)

AES: Advanced Encryption System
• Symmetric block cipher
• Developed in 1999 by
independent Dutch
cryptographers
• Still in common use

DES vs. AES

Public Key (Asymmetric) Cryptography
• Instead of two users sharing one secret key, each user has
two keys: one public and one private
• Messages encrypted using the user’s public key can only be
decrypted using the user’s private key, and vice versa

Secret Key vs. Public Key Encryption

Public Key to Exchange Secret Keys

Key Exchange Man in the Middle

Error Detecting Codes
• Demonstrates that a block of data has been modified
• Simple error detecting codes:
• Parity checks
• Cyclic redundancy checks
• Cryptographic error detecting codes:
• One-way hash functions
• Cryptographic checksums
• Digital signatures

Parity Check
85
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
One-Way Hash Function
86
Digital Signature
87
Certificates: Trustable Identities and Public
Keys
• A certificate is a public key and an identity
bound together and signed by a certificate
authority.
• A certificate authority is an authority that users
trust to accurately verify identities before
generating certificates that bind those
identities to keys.
88
Certificate Signing and Hierarchy
89
Cryptographic Tool Summary
90
Summary
• Users can authenticate using something they know, something they
are, or something they have
• Systems may use a variety of mechanisms to implement access
control
• Encryption helps prevent attackers from revealing, modifying, or
fabricating messages
• Symmetric and asymmetric encryption have complementary strengths
and weaknesses
• Certificates bind identities to digital signatures
91

4.hacking (Autosaved)

Uploaded by

Copyright:

Available Formats

4.hacking (Autosaved)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4.hacking (Autosaved)

Uploaded by

Copyright:

Available Formats

•

identifying and exploiting vulnerabilities in computer and network

• There are mainly 5 phases in hacking.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

• Before hacking the network or computer system, first, you must

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

• Three types of scanning are involved:

• This phase is where an attacker breaks into the system/network using

• An intelligent hacker always clears all evidence so that in the later

Brute force attacks are usually used to obtain personal information

• Flood or volumetric attacks— consumes all the available bandwidth

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

Disadvantages  Low d iffu s ion  Slown es s o f

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

From Security in Computing, Fifth Edition, by Charles P.

You might also like