Why - Ethical Hacking: Social Engineering Automated Attacks Protection From Possible External Attacks
Why - Ethical Hacking: Social Engineering Automated Attacks Protection From Possible External Attacks
Why - Ethical Hacking: Social Engineering Automated Attacks Protection From Possible External Attacks
Restricted
Data
Accidental
Breaches in
Security Denial of
Viruses, Trojan Service (DoS)
Horses,
and Worms
1
!@ #
Ethical Hacking - Process
1. Preparation
2. Footprinting
3. Enumeration & Fingerprinting
4. Identification of Vulnerabilities
5. Attack – Exploit the Vulnerabilities
2
!@ #
Preparation
Identification of Targets – company websites,
mail servers, extranets, etc.
Signing of Contract
Agreement on protection against any legal issues
Contracts to clearly specifies the limits and dangers of
the test
Specifics on Denial of Service Tests, Social Engineering,
etc.
Time window for Attacks
Total time for the
testing
Prior Knowledge of the
systems
Key people who are
!@ #
3
Methods
Banner grabbing
Responses to various protocol (ICMP &TCP) commands
Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc.
Tools
Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh,
telnet, SNMP Scanner
!@ #
5
Identification of Vulnerabilities
Vulnerabilities
Insecure Configuration
Weak passwords
Unpatched vulnerabilities in services, Operating
systems, applications
Possible Vulnerabilities in Services, Operating
Systems
Insecure programming
Weak Access Control
!@ #
6
Identification of Vulnerabilities
Methods
Unpatched / Possible Vulnerabilities – Tools,
Vulnerability information Websites
Weak Passwords – Default Passwords, Brute
force, Social Engineering, Listening to
Traffic
Insecure Programming – SQL Injection, Listening
to Traffic
Weak Access Control – Using the Application
Logic, SQL Injection
!@ #
7
Identification of Vulnerabilities
Tools
Vulnerability Scanners - Nessus, ISS, SARA, SAINT
Listening to Traffic – Ethercap, tcpdump
Password Crackers – John the ripper, LC4, Pwdump
Intercepting Web Traffic – Achilles, Whisker,
Legion
Websites
Common Vulnerabilities & Exposures –
http://cve.mitre.org Bugtraq – www.securityfocus.com
Other Vendor Websites
!@ #
8
Attack – Exploit the vulnerabilities
Obtain as much information (trophies) from
the Target Asset
Gaining Normal Access
Escalation of privileges
Obtaining access to other connected systems
!@ #
9
Attack – Exploit the vulnerabilities
Network Infrastructure Attacks
Connecting to the network through modem
Weaknesses in TCP / IP, NetBIOS
Flooding the network to cause DOS
!@ #
10
Attack – Exploit the vulnerabilities
Application Specific Attacks
Exploiting implementations of HTTP, SMTP
protocols
Gaining access to application Databases
SQL Injection
Spamming
!@ #
11
Attack – Exploit the vulnerabilities
Exploits
Free exploits from Hacker Websites Customised free
exploits
Internally Developed
!@ #
12
Reporting
Methodology
Exploited Conditions & Vulnerabilities that
could not be exploited
Proof for Exploits - Trophies
Practical Security solutions
!@ #
13
Ethical Hacking - Commandments
Working Ethically
Trustworthiness
Misuse for personal gain
Respecting Privacy
Not Crashing the Systems
!@ #
14