We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCole Yellott
Modified about 1 year ago
Computer Security Fundamentals by Chuck Easttom Chapter 6 Techniques Used by Hackers
© 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 2 Chapter 6 Objectives Understand the basic methodology used by hackers Be familiar with some of the basic tools Understand the hacking mentality
© 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 3 Introduction Basic Terminology Reconnaissance Passive Scanning
Netcraft.com © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 4
Archive.org © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 5
6 Port Scanning NMap
NMAP Flags -O detects operating system -sP is a ping scan -sT TCP connect scan -sS SYN scan -sF FIN scan -sX XMAS Tree scan -sN NULL scan -sU UDP scan -sO Protocol scan -sA ACK Scan -sW Windows scan -sR RPC scan -sL List/DNS scan -sI Idle scan -Po Don’t ping -PT TCP ping -PS SYN ping -PI ICMP ping -PB TCP and ICMP ping -PM ICMP netmask -oN Normal output -oX XML output -oG Greppable output -oA all output -T timing -T0 paranoid -T 1 Sneaking -T 2 Polite -T 3 Normal -T 4 Aggressive -T 5 Insane © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 7
Ping Scan The ping scan sends a single ICMP echo request from the source to the destination device. A response from an active device returns an ICMP echo reply, unless the IP address is not available on the network or the ICMP protocol is filtered. © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 8
Connect Scan Fully connect to the target ip address and port. Does a complete TCP handshake. This is the most reliable but will absolutely be detected. © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 9
Syn Scan Sends syn (synchronize) requests to the target to gather information about open ports without completing the TCP handshake process. When an open port is identified, the TCP handshake is reset before it can be completed. This technique is sometimes called to as "half open" scanning. © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 10
Fin Scan Sends a FIN (or finish) packet to target. If that port is not listening, no response. If it is listening an error response is received. © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 11
Enumeration Sid2User Cheops (Linux only) UserInfo UserDump DumpSec Netcat NBTDump © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 12
Cain and Abel © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 13
SQL Injection One of the most common attacks Depends on knowledge of SQL Basics are easy Versatile and can do a lot more than many realize © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 14
What Is SQL? A relational database contains one or more tables identified each by a name. Tables contain records (rows) with data. For example, the following table is called "users" and contains data distributed in rows and columns: SQL (Structured Query Language) uses commands like such as SELECT, UPDATE, DELETE, INSERT, WHERE, and others. Example: SELECT * FROM tblUsers WHERE USERNAME = ‘admin’ © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 15
More on SQL Web sites are written in some programming language such as PHP, ASP, JSP, ASP.net. Those programming languages have their own syntax (NOT SQL). So programmers put the SQL into their code in strings. So lets say you type your username into a text field called txtUsername and your password into a text field called txtPassword. The code in their program has to put SQL statements into a string and append whatever you entered in those two text fields. It will look something like this: string sSQLstatement; sSQLstatement = “SELECT * FROM tblUSERS WHERE UserName = ‘ “ + txtUsername.Text +’” + “ AND Password = ‘” + txtPassword.Text +”’”; so the string will contain ‘SELECT * FROM tblUSERS WHERE UserName =‘admin’ AND Password = ‘password’’; However whatever you type in, gets put into the text field. © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 16
SQL Script Injection Single quote added to password: Add the following to the username box and the password: ' or ‘1' =‘1 OR ' or 'a' ='a Also try password’ or (1=1) Or people try anything' OR 'x'='x or people try password:’1=1- - Try using double quote (") if single quote (') is not working © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 17
What Does This Cause? Well you would have had ‘SELECT * FROM tblUSERS WHERE UserName =‘admin’ AND Password = ‘password’’; Instead you have ‘SELECT * FROM tblUSERS WHERE UserName =‘' or ‘1' =‘1 ’ AND Password = ‘' or ‘1' =‘1 ’’; So now it says to get all entries from table = tblUsers if the username is ‘’ (blank) OR IF 1 =1. And if password = ‘’ (blank) OR IF 1=1! © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 18
OphCrack- How It Works Download OphCrack and burn the image to a CD. Put the CD in the target computer and boot through CD. It boots as Linux, grabs the Windows password file, and then uses cracking tools to crack that file and produces a text file with username and passwords. You cannot even consider yourself a hacker without this tool in your toolkit. © 2012 Pearson, Inc. Chapter 6 Techniques Used by Hackers 20
NMAP Scanning Options. EC-Council NMAP Nmap is the most popular scanning tool used on the Internet. Cretead by Fyodar (http://www.insecure.org), it.
NMAP Ana Chanaba Robert Huylo. nmap “network mapper” Security tool Security tool - What does your system look like to someone who is trying to break in.
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.
Penetration Testing Training Day Capture the Flag Training.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last revised
PHP is a server scripting language, and a powerful tool for making dynamic and interactive Web pages. PHP is a widely-used, free, and efficient alternative.
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF Lisa Bock Pennsylvania College of Technology Monday October 5, :00am - 12:15am.
Scanning. Determining If The System Is Alive Network Ping Sweeps Ping is traditionally used to send ICMP ECHO (Type 8) packets to a target system Response.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.
By Brian Vees. SQL Injection Username Enumeration Cross Site Scripting (XSS) Remote Code Execution String Formatting Vulnerabilities.
Port Scanning The process of examining a range of IP addresses to determine what services are running on a network. Finds open ports on a computer and.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
Dynamic policies o Change as system security state/load changes o GAA architecture Extended access control lists Pre-, mid- and post-conditions,
IP Network Scanning. 2 Outline What is IP network scanning? What is IP network scanning? Concepts, motivation Concepts, motivation Example Tool Example.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Yvan Cartwright, Web Security Introduction The concept of “SQL Injection” Commands susceptible to injection attacks Some.
Scanning CS391. Overview The TCP protocol: quick overview Scanning Fingerprinting OS Detection.
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource Page on which a link is.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
1 Working with MS SQL Server Textbook Chapter 14.
DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Penetration Testing. What is Penetration Testing? AKA “Pentesting” An attack on a computer system with the intention of finding security weaknesses. Performed.
Computer Security and Penetration Testing Chapter 3 Scanning Tools.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Database-Driven Web Sites, Second Edition1 Chapter 1 INTRODUCTION TO WEB DATABASE PROGRAMMING.
Cosc 5/4765 Database security. Database Databases have moved from internal use only to externally accessible. –Organizations store vast quantities of.
© 2017 SlidePlayer.com Inc. All rights reserved.