Docstoc

Hacking - PowerPoint

Document Sample
Hacking - PowerPoint Powered By Docstoc
					Hacking
  Hacking
Submitted to:        Submitted by:
Mr. Abhishek dixit     Aman
                     B-Tech(H) M-tech cse
                     Section-144
                     Roll no-54
                      Reg. no-7050070092
Hacking
Everything
&
Everyone
What is Hacking ?
The act of gaining unauthorized access to
computer systems for the purpose of
stealing and corrupting data.

Types Of Hackers:
 Black Hats - Malicious hackers
 White Hats - Ethical hackers
 Grey Hats – Ambiguous

Search Engines
  Efficient ( Google – most
effective)
  Around 12 Billion Pages
  Starting point of many hacking
activities. .. Can you believe it?
  Infact, One of the most
interesting uses of Google
Hacking your Home….

 What is in your castle?
 – SSN Card?
 – Financial Records?
 – Medical records?
 – Checkbook?
 – Additional ID?
    • Physical Security is more important than
  ever!
    • Locks, Alarms, Safes, Dogs, Lasers!
Hacking your person…

• Wallets and purses…
• Check books
• $10,000 Bills
• Theft, duplication
• Phone,Cameras.
• Keep your stuff on you
• Hide your card with your
body....
Hacking your network…
Hacking your network…

 Internet Connection
 • Wireless
 • Worms
 • Uninvited guests
 • Wrong network??
 • Don’t make your Laptop be an AP (No Ad-Hoc!)
 • Secure your wireless – Encrypt! Address Filter!
 • Make sure you’re on the right network!
Hacking your PC…

   What’s on it?
   • Banking, Taxes, Medical
   Records
   • Cookies! Browser History!
   • Password file??
   How do they get in?
   • Viruses/Trojans
   • Spyware
   • Keyloggers
   • Remote Control
Discussion on Hacking

 Web hacking……..




 Google hacking………
HaX0rz Toolkit

 Complicated ‘sploits that need a
Bachelor’s degree to understand and
Use
 Scripts in various languages and
syntaxes like C, PERL, gtk and bash
 Automated scanning tools like nmap
and nessus
A web browser
Web hacking

 A Web surfing…..
1. Is easy to do,
2. Is Operating System independent,
3. Doesn’t require intimate knowledge of
   “the system”,
4. Provides access to vast amounts of data
   and information,
5. and topped off with all kinds of data
    mining tools
Web Features

 Reverse phone number searches
 Detailed address topological maps
 Satellite photography of target area
 Resumes
 Phone and Email lists
 Likely targets described in detail
 Exploit information easy to obtain
 Data aggregation makes it more serious
What We’ll Learn

 Methods of Reconnaissance
 The level of sensitive detail
 companies and organizations leave
 exposed to the Internet
 The level of detail about specific
 people on the Internet
 The effect of data aggregation on
 privacy
More Web Hacking

 Search engines are a treasure trove
 of information
 We’ve looked at general web search
 engines, but let’s now look at more
 information specific sites
  • Administrative web servers
  • Reconnaissance from the sky
  • Proxies
Final Thoughts

    We have shown a few ways that a web
   browser can be used to gather huge
   amounts of target information, and a few
   ways the web browser can be used to
   exploit trivial vulnerabilities
    There are many more online services like
   the ones pointed out in this presentation
    It is easy to collect and analyze this
   information to produce thorough profiles
GOOGLE HACKING !!

   Introduction
   What is Google
   Hacking/GHDB ?
    GHDB – Johnny Long
    How it works ?
    Possible Reasons
    Approaches to
   AVOID/RESOLVE
    Google’s Response
   (GHH)
    SPI Labs Solution
Google Hacking
 Google hacking is a term that
refers to the art of creating complex
search engine queries in order to filter
through large amounts of search results
for information related to computer security..
 The whole Idea !!
 Web pages are: http://www.networkworld.com/news
 /2005/090505-google-hacking.html
      Crawled/Indexed (typically, once 2 weeks)
      Cached
      Hackers query this information (Reconnaissance)
 - “inurl” and “allintitle”
 - Once Indexed Its cached
 a) Contact Google (http://www.google.com/remove.html)
 b) Contact Other Search engines
 - Google performs the dirty work (password embedded urls)
   From the Google Hacking Database:
   • Error messages that contain too much information.
   • Password Files and Sensitive directories
   • Pages containing logon portals.
   • Pages containing network or vulnerability data such as firewall
    logs.
PRIMARY REASONS

 People Negligence – Called GoogleDorks
 Increase in number of Remote administrative
  tools
 Security holes in the Networks
 Poor site configuration
  e.g. Securing admin panel - .htaccess
  procedure
(passowrd protection on HTML documents)
Probable Solutions :
 Avoid/Resolve ??
Google Hack Honeypot ( GHH)
- reconaissance against
attackers
Automatic Scanners:
  Web Vulnerability Scanners : Scan the website and point out potential
  security issues.
  - Need to be Configured properly.
  - Not 100% efficient
    Examples : Nikto, Paros Proxy, WebScarab, WebInspect
SPIDYNAMICS (Web Inspect):
 Pick a Scanning Tool (possibly executing Java Script/Submit Forms)
    Appropriately Configure the Tool and Kick it off
    Sort the Results
    Use a Scanner to run Queries
    Scan the “SiteTree” (WebInspect displays the SiteTree in a explorer
 view)
    Check for “/admin” folders
    Check for “passwords” kind of files
    Scan the Content of the results
GENERAL RULES to AVOID
HACKING
 Best Practices:
 Security - development stage
 Access Controls
 Maintenance: Run Scanners
 Use “Robots.txt” carefully
 Change default error messages.
 Password Protection to critical data
 Password Encryption
References:

 www.google.com
 http://searchsecurity.techtarget.com/sDefinition/0,,sid14
  _gci1151189,00.html
 http://www.castlecops.com/article-6466-nested-0-
  0.html
 http://ghh.sourceforge.net/
 http://www.honeynet.org/papers/honeynet/

				
DOCUMENT INFO