Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Version 5
Module I
Introduction to Ethical
Hacking
Scenario
Jeffery came across some books that were related to hacking. He was
curious to know about hacking public and private networks. He
bought a book related to it from the nearby bookstore.
Amazed to learn new techniques about hacking, Jeffrey wanted to get
hands on. He visited a local library and plugged his laptop to its
network in the pretext of searching the database of books. Jeffrey
wanted to find the vulnerability present in the librarys network and
then show the report to the concerned authorities.
Jeffrey launched the tools from a CD that was offered with the book
and discovered lot of loopholes in the network!
What is wrong with Jeffreys act?
Is his action justified?
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Security News
Source Courtesy : http://www.securitypark.co.uk/article.asp?articleid=25511&CategoryID=49
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Objective
This module will familiarize you with the following:
~
Elements of security
Hacktivism
Ethical Hacking
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Flow
EC-Council
Importance of security
Ethical Hacking
Elements of security
vulnerability research
and tools
Phases to perform
malicious hacking
Computer crimes
and implications
Hacktivism
Legal perspective
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Evolution of technology
focused on ease of use
~Decreasing
~Increased
network
environment and network
based applications
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
~Increasing
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Essential Terminologies
~
Exploit A
defined way to
breach the
security of an IT
system through
vulnerability
EC-Council
Elements of Security
~
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Security
EC-Council
~Moving
Ease of Use
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Case Study
~Alan
~He
~All
EC-Council
http://www.cnn.com/2003/TECH/internet/01/25/internet.attack/
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Active/passive
~Scanning
~Gaining
Reconnaissance
access
Operating system
level/application level
Network level
Denial of service
~Maintaining
access
Uploading/altering/
downloading programs
or data
~Clearing
EC-Council
tracks
Clearing
Tracks
Maintaining
Access
Scanning
Gaining
Access
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Phase 1 - Reconnaissance
~
Could be future point of return when noted for ease of entry for an
attack when more about the target is known on a broad scale
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Reconnaissance Types
Passive reconnaissance involves
acquiring information without
directly interacting with the
target
For example, searching public
records or news releases
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Phase 2 - Scanning
~
Scanning refers to the pre-attack phase when the hacker scans the
network for specific information on the basis of information
gathered during reconnaissance
NMAP Scanner
Front End
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Gaining Access refers to the penetration phase. The hacker exploits the
vulnerability in the system
The exploit can occur over a LAN, the Internet, or as a deception or theft.
Examples include buffer overflows, denial of service, session hijacking, and
password cracking
Business Risk: Highest The hacker can gain access at the operating system
level, application level, or network level
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Hackers may harden the system from other hackers as well (to own
the system) by securing their exclusive access with Backdoors,
RootKits, or Trojans
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
1.
2. Application-level attacks
3. Shrink Wrap code attacks
4. Misconfiguration attacks
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Source: http://www.vnunet.com/vnunet/news/2164855/atm-passwords-found-online
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
4. Misconfiguration Attacks
~ Systems
~ Systems
~ Most
~ In
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Hacktivism
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Hacker Classes
Black Hats
Individuals with extraordinary
computing skills, resorting to
malicious or destructive
activities. Also known as
crackers
Gray Hats
Individuals who work both
offensively and defensively at
various times
EC-Council
White Hats
Individuals professing hacker
skills and using them for
defensive purposes. Also known
as security analysts
Suicide Hackers
Individuals who will aim to bring
down critical infrastructure for a
"cause" and not worry about facing
30 years in jail for their actions
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Black Hats
Reformed crackers
First-hand experience
Lesser credibility perceived
~White
Hats
Independent security
consultants (may be groups as
well)
Claim to be knowledgeable
about black hat activities
~Consulting
Firms
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
an
ethical hacker asks the organization
what it is trying to protect, against
whom, and what resources it is willing
to expend in order to gain protection
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
~ Should
~ Should
~ Should
~ Should
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
~
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Secunia (secunia.com/product/)
Secunia monitors vulnerabilities in more than 9,500 products
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Hackerstorm
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
HackerWatch
www.hackerwatch.org
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
HackerWatch
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Zone-h.org Screenshot 1
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Zone-h.org Screenshot 2
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
MILWORM
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
~Step
~Step
testing
~Step
~Step
~Step
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Conduct In this
phase, the evaluation
technical report is
prepared based on
testing potential
vulnerabilities
Conclusion In this
phase, the results of
the evaluation are
communicated to
the organization or
sponsors and
corrective action is
taken if needed
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
~Stolen
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Legal Perspective
(U.S. Federal Law)
Federal Criminal Code Related to Computer Crime:
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Section 1029
Subsection (a) Whoever (1) knowingly and with intent to defraud produces, uses, or traffics in
one or more counterfeit access devices;
(2) knowingly and with intent to defraud traffics in or uses one or
more unauthorized access devices during any one-year period, and
by such conduct obtains anything of value aggregating $1,000 or
more during that period;
(3) knowingly and with intent to defraud possesses fifteen or more
devices which are counterfeit or unauthorized access devices;
(4) knowingly, and with intent to defraud, produces, traffics in, has
control or custody of, or possesses device-making equipment;
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
(7) knowingly and with intent to defraud uses, produces, traffics in,
has control or custody of, or possesses a telecommunications
instrument that has been modified or altered to obtain
unauthorized use of telecommunications services;
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Penalties
(A) in the case of an offense that does not occur after a conviction for
another offense under this section- (i) if the offense is under paragraph (1), (2), (3), (6), (7), or (10) of
subsection (a), a fine under this title or imprisonment for not more than
10 years, or both; and
(ii) if the offense is under paragraph (4), (5), (8), or (9) of subsection (a),
a fine under this title or imprisonment for not more than 15 years, or
both;
(B) in the case of an offense that occurs after a conviction for another
offense under this section, a fine under this title or imprisonment for
not more than 20 years, or both; and
(C) in either case, forfeiture to the United States of any personal
property used or intended to be used to commit the offense
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
(7) with intent to extort from any person any money or other thing of
value, transmits in interstate or foreign commerce any
communication containing any threat to cause damage to a
protected computer;
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Penalties
(1)(A) a fine under this title or imprisonment for not more than ten years, or
both, in the case of an offense under subsection (a)(1) of this section which
does not occur after a conviction for another offense under this section, or
an attempt to commit an offense punishable under this subparagraph; and
(B) a fine under this title or imprisonment for not more than twenty years, or
both, in the case of an offense under subsection (a)(1) of this section which
occurs after a conviction for another offense under this section, or an
attempt to commit an offense punishable under this subparagraph;
(2)(A) except as provided in subparagraph (B), a fine under this title or
imprisonment for not more than one year, or both, in the case of an
offense under subsection (a)(2), (a)(3), (a)(5)(A)(iii), or (a)(6) of this
section which does not occur after a conviction for another offense under
this section, or an attempt to commit an offense punishable under this
subparagraph;
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Penalties (contd)
~
(B) a fine under this title or imprisonment for not more than 5 years,
or both, in the case of an offense under subsection (a)(2), or an
attempt to commit an offense punishable under this subparagraph, if (i) the offense was committed for purposes of commercial advantage or
private financial gain;
(ii) the offense was committed in furtherance of any criminal or tortuous
act in violation of the Constitution or laws of the United States or of any
State; or
(iii) the value of the information obtained exceeds $5,000;
(C) a fine under this title or imprisonment for not more than ten
years, or both, in the case of an offense under subsection (a)(2), (a)(3)
or (a)(6) of this section which occurs after a conviction for another
offense under this section, or an attempt to commit an offense
punishable under this subparagraph;
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Penalties (contd)
(3)(A) a fine under this title or imprisonment for not more than five
years, or both, in the case of an offense under subsection (a)(4) or
(a)(7) of this section which does not occur after a conviction for
another offense under this section, or an attempt to commit an
offense punishable under this subparagraph; and
(3)(B) a fine under this title or imprisonment for not more than ten
years, or both, in the case of an offense under subsection (a)(4),
(a)(5)(A)(iii), or (a)(7) of this section which occurs after a
conviction for another offense under this section, or an attempt to
commit an offense punishable under this subparagraph; and
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Penalties (contd)
(4)(A) a fine under this title, imprisonment for not more than 10
years, or both, in the case of an offense under subsection
(a)(5)(A)(i), or an attempt to commit an offense punishable under
that subsection;
(4)(B) a fine under this title, imprisonment for not more than 5 years,
or both, in the case of an offense under subsection (a)(5)(A)(ii), or
an attempt to commit an offense punishable under that subsection;
(4)(C) a fine under this title, imprisonment for not more than 20
years, or both, in the case of an offense under subsection
(a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt to commit an offense
punishable under either subsection, that occurs after a conviction
for another offense under this section
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
(2) The intent a person has to have to commit an offense under this
section need not to be directed at:
(a) any particular program or data,
(b) a program or data of any particular kind, or
(c) a program or data held in any particular computer
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
(9) A person is guilty of an offense if (a) he does any act which causes an unauthorized modification of the
contents of any computer; and (b) at the time when he does the act he has the requisite intent and the
requisite knowledge.
(10) For the purposes of subsection (1)(b) above the requisite intent is an
intent to cause a modification of the contents of any and by so doing (a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any
computer; or
(c) to impair the operation of any such program or the reliability of
any such data
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Summary
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited